last executing test programs:

2m20.743260507s ago: executing program 0 (id=7):
r0 = socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
r4 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001600)=""/4086, 0xff6}], 0x1}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000007dc0)={0x0, 0x0, &(0x7f0000007d80)={0x0}, 0x1, 0x0, 0x0, 0x4000094}, 0x4)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
r7 = socket$kcm(0x1e, 0x1, 0x0)
sendmsg$kcm(r7, &(0x7f0000000540)={&(0x7f0000000280)=@nl=@proc={0x10, 0x0, 0x25dfdbfb, 0x100000}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000040)="e2f1ea6e80a69d00d1912eac89f84968ef945741de0eaa8e4118be00", 0x1c}], 0x1}, 0x10)
recvmmsg(r7, &(0x7f0000005240)=[{{0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000000780)=""/180, 0xb4}], 0x1, &(0x7f0000000ac0)=""/23, 0x17}, 0xe}], 0x1, 0x40002080, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000000)={'wpan1\x00'})

2m18.910007775s ago: executing program 0 (id=8):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001280)=@newtaction={0x18, 0x30, 0x9, 0x70bd24, 0x25dfdbfe, {}, [{0x4}]}, 0x18}}, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000300)={0x90000011})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$SNDCTL_SEQ_NRSYNTHS(0xffffffffffffffff, 0x8004510a, 0x0)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x28}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x90)
readv(r0, &(0x7f0000000540)=[{&(0x7f0000000400)=""/159, 0x9f}, {&(0x7f0000000180)=""/100, 0x64}, {&(0x7f00000004c0)=""/37, 0x25}, {&(0x7f0000000500)=""/51, 0x33}], 0x4)
setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='system.posix_acl_access\x00', 0x0, 0x0, 0x2)

2m17.411490725s ago: executing program 0 (id=9):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045)
r2 = io_uring_setup(0x1b7b, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x40004)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x492492492492846, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='illinois', 0x8)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

2m14.73085893s ago: executing program 0 (id=14):
syz_emit_ethernet(0x2a, &(0x7f0000000140)={@local, @random="ce3500590a7f", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e23, 0x0, 0x8}}}}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = socket$kcm(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
pipe2(0x0, 0x0)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x0, 0x1)
prlimit64(0x0, 0xe, 0x0, 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='cifs\x00', 0x0, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
ioctl$sock_qrtr_SIOCGIFADDR(0xffffffffffffffff, 0x8915, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
close(r3)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x44, r8, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x44}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)

2m10.704636589s ago: executing program 0 (id=19):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045)
r2 = io_uring_setup(0x1b7b, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x40004)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x492492492492846, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='illinois', 0x8)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

2m6.151047749s ago: executing program 0 (id=26):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x50, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4000}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x50}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)

1m49.396060887s ago: executing program 32 (id=26):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x50, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4000}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x50}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)

1m7.768315801s ago: executing program 2 (id=114):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x20, 0x20, 0x5, [@enum={0x3, 0x1, 0x0, 0xf, 0x4000000, [{0x7}]}, @struct]}, {0x0, [0x0, 0x0, 0x2e]}}, 0x0, 0x3d, 0x0, 0x1}, 0x28)

1m2.801081763s ago: executing program 2 (id=122):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='illinois', 0x8)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

1m1.157153285s ago: executing program 2 (id=124):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="ad56f171c3860fbe2ade86d3075d3282ea54c7beef915d56868a8f501fb15de0", 0x20)
r4 = accept4(r0, 0x0, 0x0, 0x80800)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0xc050)
recvmsg$can_raw(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000ac0)=""/4096, 0x1000}], 0x1}, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000030000008500000043000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
socket$vsock_stream(0x28, 0x1, 0x0)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001640), r5)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0900000000000000000003000000140001800500020001"], 0x28}}, 0x0)

59.830799696s ago: executing program 2 (id=126):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x6)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
keyctl$clear(0x3, 0xfffffffffffffffd)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000440), 0x8, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@index_off}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000013000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="0f08b9820400000f32b805000000b9050000000f01d966ba410066ed0fa80f01c40fc72a36f4c4e2fd40db66ba6100b83e9f0000ef", 0x35}], 0x0, 0x2c, 0x0, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)

58.521161115s ago: executing program 2 (id=127):
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x2, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000180)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x4, 0x2, 0x6, 0x0, 0x2, 0x3, 0x1, 0x6, 0x7fffffff})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000840)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="180000000114fbdb"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x40014)
symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')

50.79788194s ago: executing program 2 (id=138):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8041, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x48e02, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',grou', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000010300)={0x2020}, 0x2074)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
pwritev2(r1, 0x0, 0x0, 0x5415, 0x0, 0x2)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB="8510000004000020950000000000000018000000000000000000000000000000950000000000000085100000fcffffff9500000000"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ustat(0x801, &(0x7f0000000300))
listen(0xffffffffffffffff, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c900"], 0x16)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)

34.824598324s ago: executing program 33 (id=138):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8041, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x48e02, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',grou', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000010300)={0x2020}, 0x2074)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
pwritev2(r1, 0x0, 0x0, 0x5415, 0x0, 0x2)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB="8510000004000020950000000000000018000000000000000000000000000000950000000000000085100000fcffffff9500000000"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ustat(0x801, &(0x7f0000000300))
listen(0xffffffffffffffff, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c900"], 0x16)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)

17.052239363s ago: executing program 4 (id=184):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = add_key$user(&(0x7f0000000000), &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000480)="d25a9850a9a91163f76c5357f3bbadf2656e10d77f85d1028e60ab4e45b931e71645d3d636e82cfdeaadb674e1693d4a7de63820fefc4f787e272b122ebbff6884b3de82f8a3df9a2d0b67e46c349917110300b94240185146e52ac1540130161b6534e99e466173af4c775f238fae344b198915446b576be4", 0x79, 0xfffffffffffffffe)
r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r3, r4, r3}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)

15.502019844s ago: executing program 4 (id=186):
r0 = socket(0x40000000015, 0x5, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000000))
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYRES32=r1, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000c4d618f300b3ffc0000007b8af8ff00000000bfa2000000000000070200009875b347d8250c474af8ffffffb703000008000000b70400000000000285"], 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000040)='source', &(0x7f0000002280)='//\xf2b\x06\b\xba\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\\\\\\x00\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x97\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8DD\x9bp\x01\xcc:\xa6\xc5n\x9f\xfb\x81 \x10\x0fQ\x90}Zd\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3V\x9c\x8c\xf8\xf7\xe2\xd5\x8bE\xee5\x00\xaa\xd5\xfc\x1b$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\xec\xac\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xec\x9es\xee\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\x00\x00\x00\x00\x00\x00\x00\x00_\tN\xfd\xa2\xc2SPu\xe7\xc0+SL\xa1', 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000080)={@private2, <r5=>0x0}, &(0x7f0000000180)=0x14)
r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x602, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102)
ioctl$int_in(r7, 0x5452, &(0x7f0000001840)=0x5d4)
write$P9_RAUTH(r7, &(0x7f0000000040)={0x14, 0x67, 0x1}, 0x14)
r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x0, &(0x7f0000000440), &(0x7f0000000000)='syzkaller\x00', 0xaff, 0x0, 0x0, 0x41000, 0x0, '\x00', r5, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000500)={0x3, 0x7, 0x2, 0x3}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680), 0x10, 0x4}, 0x94)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r4, <r9=>0xffffffffffffffff}, 0x4)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x20, &(0x7f0000000540)=@ringbuf={{}, {}, {}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r9}}, @ringbuf_query], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r10, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

14.707588021s ago: executing program 4 (id=189):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="ad56f171c3860fbe2ade86d3075d3282ea54c7beef915d56868a8f501fb15de0", 0x20)
r4 = accept4(r0, 0x0, 0x0, 0x80800)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0xc050)
recvmsg$can_raw(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000ac0)=""/4096, 0x1000}], 0x1}, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000030000008500000043000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
socket$vsock_stream(0x28, 0x1, 0x0)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001640), r5)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0900000000000000000003000000140001800500020001"], 0x28}}, 0x0)

9.265236351s ago: executing program 4 (id=195):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x6)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, 0x0)
getpgrp(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
request_key(&(0x7f0000000340)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0)

8.932587344s ago: executing program 3 (id=198):
r0 = openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000180), 0x0, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x3c, r6, 0x1, 0x0, 0x0, {0x35}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x73, 0x1}}}]}, 0x3c}}, 0x20000000)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000040)={0x14, 0x2, 0x0, "11010000001400000100b64c0000005c4b7c1500", 0x30314442})
readv(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x802)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
read$msr(0xffffffffffffffff, 0x0, 0x0)
write(r7, &(0x7f0000000140), 0x0)

7.471815578s ago: executing program 3 (id=199):
r0 = socket(0x40000000015, 0x5, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000000))
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYRES32=r1, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000c4d618f300b3ffc0000007b8af8ff00000000bfa2000000000000070200009875b347d8250c474af8ffffffb703000008000000b70400000000000285"], 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000040)='source', &(0x7f0000002280)='//\xf2b\x06\b\xba\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\\\\\\x00\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x97\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8DD\x9bp\x01\xcc:\xa6\xc5n\x9f\xfb\x81 \x10\x0fQ\x90}Zd\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3V\x9c\x8c\xf8\xf7\xe2\xd5\x8bE\xee5\x00\xaa\xd5\xfc\x1b$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\xec\xac\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xec\x9es\xee\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\x00\x00\x00\x00\x00\x00\x00\x00_\tN\xfd\xa2\xc2SPu\xe7\xc0+SL\xa1', 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000080)={@private2}, &(0x7f0000000180)=0x14)
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x602, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102)
ioctl$int_in(r6, 0x5452, &(0x7f0000001840)=0x5d4)
write$P9_RAUTH(r6, &(0x7f0000000040)={0x14, 0x67, 0x1}, 0x14)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r4, <r8=>0xffffffffffffffff}, 0x4)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x20, &(0x7f0000000540)=@ringbuf={{}, {}, {}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r8}}, @ringbuf_query], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r9, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

6.877033401s ago: executing program 4 (id=200):
socket$inet(0x2, 0x1, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sysfs$2(0x2, 0x19, &(0x7f0000000080)=""/101)

6.761404028s ago: executing program 3 (id=201):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='illinois', 0x8)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

6.621161011s ago: executing program 3 (id=202):
socket$nl_rdma(0x10, 0x3, 0x14)
openat$sndseq(0xffffffffffffff9c, 0x0, 0xe0c81)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0x40}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x4000000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x1042, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58)
prctl$PR_SET_SECUREBITS(0x1c, 0x2c)
rt_sigtimedwait(&(0x7f0000000240)={[0xffffffffffffffff]}, 0x0, 0x0, 0x8)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00')
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/slabinfo\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x2020)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x2200cd0, 0x0)
read$FUSE(r3, &(0x7f00000061c0)={0x2020}, 0x2020)

5.43717274s ago: executing program 3 (id=203):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="ad56f171c3860fbe2ade86d3075d3282ea54c7beef915d56868a8f501fb15de0", 0x20)
r4 = accept4(r0, 0x0, 0x0, 0x80800)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0xc050)
recvmsg$can_raw(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000ac0)=""/4096, 0x1000}], 0x1}, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000030000008500000043000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
socket$vsock_stream(0x28, 0x1, 0x0)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001640), r5)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0900000000000000000003000000140001800500020001"], 0x28}}, 0x0)

5.434575059s ago: executing program 1 (id=204):
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8000}, 0x8)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x50}]}, &(0x7f0000000080)='syzkaller\x00', 0x4}, 0x94)
sendto$inet6(r0, &(0x7f0000005280)='_', 0x1, 0x20044040, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @private2={0xfc, 0x2, '\x00', 0xfc}, 0x5}, 0x1c)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000080)={0x209d, 0x0, 0x4, 0xfffffff9}, 0x10)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ff0000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
shutdown(r0, 0x1)
getsockopt$bt_hci(r0, 0x84, 0x7f, 0x0, &(0x7f0000001180))
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000005300), 0x8000, 0x0)
ioctl$IOMMU_GET_HW_INFO(r4, 0x3b8a, 0x0)
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x40)
rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)

4.108989701s ago: executing program 1 (id=205):
fanotify_init(0x20, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000000000009500"], &(0x7f00000003c0)='GPL\x00'}, 0x94)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r1, &(0x7f0000000580)='1\x00', 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
write$sysctl(r1, &(0x7f00000000c0)='2\x00', 0x2)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
pipe2$9p(&(0x7f0000000000), 0x0)
r3 = creat(&(0x7f0000000040)='./file0\x00', 0xecf86c37d53049e4)
write$binfmt_script(r3, &(0x7f0000004000)={'#! ', './file0'}, 0xb)
close(r3)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
mount$afs(0x0, 0x0, &(0x7f0000000200), 0x4080, &(0x7f00000000c0)={[{@dyn}, {@flock_write}]})
read$FUSE(r4, &(0x7f0000000340)={0x2020}, 0xcb0a)

3.311482296s ago: executing program 1 (id=206):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0700000004000000000100000400"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x9, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000010000000850000001b000000b700000000000000850000002300000095"], &(0x7f0000000780)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x10, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000028000000bca31000000000002403000040feffff720af0ff0000000071a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000e61143800000000001d430000000000007a0a00fe0000001f6114140000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b6"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2}, 0x48)

3.075746572s ago: executing program 1 (id=207):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = add_key$user(&(0x7f0000000000), &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000480)="d25a9850a9a91163f76c5357f3bbadf2656e10d77f85d1028e60ab4e45b931e71645d3d636e82cfdeaadb674e1693d4a7de63820fefc4f787e272b122ebbff6884b3de82f8a3df9a2d0b67e46c349917110300b94240185146e52ac1540130161b6534e99e466173af4c775f238fae344b198915446b576be455f251e7", 0x7d, 0xfffffffffffffffe)
r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r3, r4, r3}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)

2.021093614s ago: executing program 1 (id=208):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x6)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
request_key(&(0x7f0000000340)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0)

880.944991ms ago: executing program 1 (id=209):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
writev(0xffffffffffffffff, &(0x7f0000000140), 0x0)
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67db3e6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b19abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f0000000000f8e10238d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0de"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e}, 0x94)
socket$inet6_sctp(0xa, 0x5, 0x84)

286.763093ms ago: executing program 3 (id=210):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000100)={0x0, 0x40000105, 0x0, 0x0})
r3 = getpgrp(0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000002000)=""/102400, 0x19000)
keyctl$clear(0x3, 0xfffffffffffffffd)
request_key(&(0x7f0000000340)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x2}, &(0x7f0000000480)=')\x80\xab}\xd3\xed\x02\x9d!z\xc6\xb9\xa8\x9d\x82\nc\xa9\x02\xc5\x94\xe1\xdc\xdbd\x04\x836\xe8\x9f\xfc[\x05\xe0\xc6\x89\x83rh\xb2\xbf\xa2\x9d_\x91\xb1\xc8\xe9\x99', 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r7 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0x0)
fchdir(r8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000013000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="0f08b9820400000f32b805000000b9050000000f01d966ba410066ed0fa80f01c40fc72a36f4c4e2fd40db66ba6100b83e9f0000ef", 0x35}], 0x0, 0x2c, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

0s ago: executing program 4 (id=211):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x50, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4000}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x50}}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f00000500070084000000060005"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.84' (ED25519) to the list of known hosts.
[   78.615498][ T5784] cgroup: Unknown subsys name 'net'
[   78.855230][ T5784] cgroup: Unknown subsys name 'cpuset'
[   78.911134][ T5784] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   80.505937][ T5784] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   82.752961][ T5807] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   82.776127][ T5816] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   82.777714][ T5816] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   82.778718][ T5816] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   82.783345][ T5817] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   82.791865][ T5817] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   82.793378][ T5817] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   82.794153][ T5817] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   82.795025][ T5817] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   82.796209][ T5816] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   82.798444][ T5117] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   82.800130][ T5117] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   82.811750][ T5818] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   82.812445][ T5818] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   82.818527][ T5818] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   82.821054][ T5117] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   82.821580][ T5819] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   82.821898][ T5816] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   82.822889][ T5819] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   82.825895][ T5819] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   82.830154][ T5807] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   82.831042][ T5807] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   82.837595][ T5811] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   82.843301][ T5811] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   82.843826][   T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   83.788067][ T5799] chnl_net:caif_netlink_parms(): no params data found
[   83.809179][ T5795] chnl_net:caif_netlink_parms(): no params data found
[   84.011788][ T5797] chnl_net:caif_netlink_parms(): no params data found
[   84.071562][ T5798] chnl_net:caif_netlink_parms(): no params data found
[   84.127305][ T5796] chnl_net:caif_netlink_parms(): no params data found
[   84.789232][ T5799] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.790192][ T5799] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.791543][ T5799] bridge_slave_0: entered allmulticast mode
[   84.794158][ T5799] bridge_slave_0: entered promiscuous mode
[   84.824069][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.824168][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.824280][ T5795] bridge_slave_0: entered allmulticast mode
[   84.825935][ T5795] bridge_slave_0: entered promiscuous mode
[   84.840671][ T5799] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.840826][ T5799] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.842146][ T5799] bridge_slave_1: entered allmulticast mode
[   84.844640][ T5799] bridge_slave_1: entered promiscuous mode
[   84.903477][   T61] Bluetooth: hci4: command tx timeout
[   84.903566][ T5815] Bluetooth: hci0: command tx timeout
[   84.903673][ T5811] Bluetooth: hci2: command tx timeout
[   84.947579][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.947678][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.947796][ T5795] bridge_slave_1: entered allmulticast mode
[   84.949203][ T5795] bridge_slave_1: entered promiscuous mode
[   84.980609][ T5811] Bluetooth: hci3: command tx timeout
[   84.980619][ T5815] Bluetooth: hci1: command tx timeout
[   85.391556][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.391783][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.392016][ T5797] bridge_slave_0: entered allmulticast mode
[   85.393629][ T5797] bridge_slave_0: entered promiscuous mode
[   85.531461][ T5798] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.531578][ T5798] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.531753][ T5798] bridge_slave_0: entered allmulticast mode
[   85.533475][ T5798] bridge_slave_0: entered promiscuous mode
[   85.539250][ T5799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   85.539474][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.539615][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.539831][ T5797] bridge_slave_1: entered allmulticast mode
[   85.543499][ T5797] bridge_slave_1: entered promiscuous mode
[   85.654989][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   85.655817][ T5798] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.655935][ T5798] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.656096][ T5798] bridge_slave_1: entered allmulticast mode
[   85.657944][ T5798] bridge_slave_1: entered promiscuous mode
[   85.662578][ T5799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   85.741384][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.741515][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.741637][ T5796] bridge_slave_0: entered allmulticast mode
[   85.743702][ T5796] bridge_slave_0: entered promiscuous mode
[   85.747593][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   85.951908][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.952022][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.952199][ T5796] bridge_slave_1: entered allmulticast mode
[   85.953854][ T5796] bridge_slave_1: entered promiscuous mode
[   86.335785][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.475039][ T5798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.477320][ T5799] team0: Port device team_slave_0 added
[   86.479684][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.553441][ T5795] team0: Port device team_slave_0 added
[   86.556011][ T5798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.558104][ T5799] team0: Port device team_slave_1 added
[   86.614075][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.616145][ T5795] team0: Port device team_slave_1 added
[   86.804948][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.833672][   T44] cfg80211: failed to load regulatory.db
[   86.982170][ T5815] Bluetooth: hci0: command tx timeout
[   86.982217][ T5815] Bluetooth: hci4: command tx timeout
[   86.982279][ T5811] Bluetooth: hci2: command tx timeout
[   87.043567][ T5797] team0: Port device team_slave_0 added
[   87.060691][ T5811] Bluetooth: hci3: command tx timeout
[   87.060704][ T5815] Bluetooth: hci1: command tx timeout
[   87.173478][ T5798] team0: Port device team_slave_0 added
[   87.174702][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.174713][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   87.174727][ T5799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.178499][ T5797] team0: Port device team_slave_1 added
[   87.522511][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.522526][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   87.522539][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.524684][ T5798] team0: Port device team_slave_1 added
[   87.525315][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.525326][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   87.525340][ T5799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.633258][ T5796] team0: Port device team_slave_0 added
[   87.634171][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.634185][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   87.634208][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.730170][ T5796] team0: Port device team_slave_1 added
[   87.922176][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.922188][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   87.922202][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.924040][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.924055][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   87.924071][ T5798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.052029][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.052045][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   88.052064][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.053203][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.053216][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   88.053234][ T5798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.171961][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.171972][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   88.171986][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.362214][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.362231][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   88.362254][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.477962][ T5799] hsr_slave_0: entered promiscuous mode
[   88.479281][ T5799] hsr_slave_1: entered promiscuous mode
[   88.506883][ T5795] hsr_slave_0: entered promiscuous mode
[   88.507682][ T5795] hsr_slave_1: entered promiscuous mode
[   88.508353][ T5795] debugfs: 'hsr0' already exists in 'hsr'
[   88.508439][ T5795] Cannot create hsr debugfs directory
[   88.895908][ T5797] hsr_slave_0: entered promiscuous mode
[   88.896694][ T5797] hsr_slave_1: entered promiscuous mode
[   88.897242][ T5797] debugfs: 'hsr0' already exists in 'hsr'
[   88.897259][ T5797] Cannot create hsr debugfs directory
[   88.989398][ T5798] hsr_slave_0: entered promiscuous mode
[   88.990161][ T5798] hsr_slave_1: entered promiscuous mode
[   89.002122][ T5798] debugfs: 'hsr0' already exists in 'hsr'
[   89.002138][ T5798] Cannot create hsr debugfs directory
[   89.060853][ T5815] Bluetooth: hci4: command tx timeout
[   89.060879][   T61] Bluetooth: hci0: command tx timeout
[   89.060951][ T5811] Bluetooth: hci2: command tx timeout
[   89.140888][   T61] Bluetooth: hci1: command tx timeout
[   89.140991][ T5811] Bluetooth: hci3: command tx timeout
[   89.206277][ T5796] hsr_slave_0: entered promiscuous mode
[   89.207260][ T5796] hsr_slave_1: entered promiscuous mode
[   89.207766][ T5796] debugfs: 'hsr0' already exists in 'hsr'
[   89.207784][ T5796] Cannot create hsr debugfs directory
[   90.592006][ T5799] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   90.629763][ T5799] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   90.665382][ T5799] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   90.718014][ T5799] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   90.832665][ T5797] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   90.876397][ T5797] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   90.910630][ T5797] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   90.965617][ T5797] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   91.069514][ T5798] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   91.106771][ T5798] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   91.140805][   T61] Bluetooth: hci0: command tx timeout
[   91.140838][   T61] Bluetooth: hci4: command tx timeout
[   91.140880][ T5811] Bluetooth: hci2: command tx timeout
[   91.147087][ T5798] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   91.204370][ T5798] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   91.220599][ T5811] Bluetooth: hci1: command tx timeout
[   91.220646][ T5815] Bluetooth: hci3: command tx timeout
[   91.346817][ T5795] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   91.369104][ T5795] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   91.418707][ T5795] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   91.444133][ T5795] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   91.556408][ T5799] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.593466][ T5796] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   91.632663][ T5796] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   91.668440][ T5796] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   91.712433][ T5796] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   91.771961][ T5799] 8021q: adding VLAN 0 to HW filter on device team0
[   91.807075][ T1399] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.808037][ T1399] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.863220][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.863312][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.889496][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.972712][ T5797] 8021q: adding VLAN 0 to HW filter on device team0
[   91.996625][ T5798] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.018907][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.019059][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.053406][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.053503][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.095095][ T5798] 8021q: adding VLAN 0 to HW filter on device team0
[   92.105827][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.138189][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.138400][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.189734][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.189847][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.227700][ T5795] 8021q: adding VLAN 0 to HW filter on device team0
[   92.269524][  T998] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.271727][  T998] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.306144][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.329508][  T998] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.329682][  T998] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.440365][ T5796] 8021q: adding VLAN 0 to HW filter on device team0
[   92.506443][ T1366] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.506568][ T1366] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.548997][ T1399] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.549163][ T1399] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.603204][ T5799] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.814559][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.134755][ T5797] veth0_vlan: entered promiscuous mode
[   93.215221][ T5797] veth1_vlan: entered promiscuous mode
[   93.238340][ T5798] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.271832][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.396722][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.399255][ T5797] veth0_macvtap: entered promiscuous mode
[   93.440117][ T5797] veth1_macvtap: entered promiscuous mode
[   93.458270][ T5798] veth0_vlan: entered promiscuous mode
[   93.460120][ T5799] veth0_vlan: entered promiscuous mode
[   93.506081][ T5795] veth0_vlan: entered promiscuous mode
[   93.524982][ T5798] veth1_vlan: entered promiscuous mode
[   93.529328][ T5799] veth1_vlan: entered promiscuous mode
[   93.562790][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.580383][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.590074][ T5795] veth1_vlan: entered promiscuous mode
[   93.625972][   T58] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.650360][   T58] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.662558][   T58] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.668319][   T58] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.673592][ T5796] veth0_vlan: entered promiscuous mode
[   93.811639][ T5796] veth1_vlan: entered promiscuous mode
[   93.837512][ T5799] veth0_macvtap: entered promiscuous mode
[   93.909872][ T5798] veth0_macvtap: entered promiscuous mode
[   93.927629][ T5795] veth0_macvtap: entered promiscuous mode
[   93.938858][ T5799] veth1_macvtap: entered promiscuous mode
[   93.958426][ T5798] veth1_macvtap: entered promiscuous mode
[   93.990890][ T5795] veth1_macvtap: entered promiscuous mode
[   94.032423][ T1382] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.032449][ T1382] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.104558][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.106163][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.138493][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.149780][ T1382] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.149799][ T1382] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.155279][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.159347][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.195851][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.204354][ T5796] veth0_macvtap: entered promiscuous mode
[   94.250294][ T1474] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.259937][ T1474] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.266566][ T5796] veth1_macvtap: entered promiscuous mode
[   94.281678][ T1474] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.301285][ T1474] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.317962][ T1399] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.332538][ T1399] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.386864][ T1399] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.440816][ T1399] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.481224][ T1399] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.486579][ T1399] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.542034][ T1399] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.643479][ T1399] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.763236][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.015135][ T5922] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[   95.015184][ T5922] CIFS mount error: No usable UNC path provided in device string!
[   95.015184][ T5922] 
[   95.015391][ T5922] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[   95.675107][ T5925] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   95.752868][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.840530][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   95.845485][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   95.850493][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   95.860496][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   95.870491][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   95.880507][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   95.890512][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   95.900555][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   95.910503][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   95.920517][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   97.689754][ T3445] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.701236][ T3445] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.707971][ T3445] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.801842][ T3445] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.835134][ T1382] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.835155][ T1382] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.001334][ T1416] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.001354][ T1416] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.139897][ T1399] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.139916][ T1399] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.251820][ T1366] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.251842][ T1366] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.410066][ T1474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.410086][ T1474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.562705][ T1382] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.562728][ T1382] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.078845][ T5938] Zero length message leads to an empty skb
[   99.651916][ T1366] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.651937][ T1366] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.267826][ T1382] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.267846][ T1382] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.908572][ T5982] CIFS mount error: No usable UNC path provided in device string!
[  104.908572][ T5982] 
[  104.908606][ T5982] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  106.462646][ T5990] CIFS mount error: No usable UNC path provided in device string!
[  106.462646][ T5990] 
[  106.462668][ T5990] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  108.891926][ T5878] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  108.910571][   T31] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  109.046369][ T6010] CIFS mount error: No usable UNC path provided in device string!
[  109.046369][ T6010] 
[  109.046432][ T6010] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  109.933008][ T5878] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  109.933034][ T5878] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  109.966628][ T5878] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  109.966656][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  109.966674][ T5878] usb 4-1: SerialNumber: syz
[  110.042070][   T31] usb 5-1: device descriptor read/all, error -71
[  110.575601][ T6022] 9p: Bad value for 'source'
[  110.605738][ T6022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.23'.
[  110.605853][ T6022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.23'.
[  111.327474][ T5878] usb 4-1: 0:2 : does not exist
[  111.377975][ T5878] usb 4-1: 0:0: failed to get current value for ch 0 (-22)
[  111.891780][ T6029] =======================================================
[  111.891780][ T6029] WARNING: The mand mount option has been deprecated and
[  111.891780][ T6029]          and is ignored by this kernel. Remove the mand
[  111.891780][ T6029]          option from the mount to silence this warning.
[  111.891780][ T6029] =======================================================
[  112.616621][ T5878] usb 4-1: USB disconnect, device number 2
[  112.838726][ T6018] udevd[6018]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  113.032835][ T6039] CIFS mount error: No usable UNC path provided in device string!
[  113.032835][ T6039] 
[  113.032856][ T6039] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  116.064723][ T6064] CIFS mount error: No usable UNC path provided in device string!
[  116.064723][ T6064] 
[  116.064790][ T6064] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  123.893515][ T6118] netlink: 4 bytes leftover after parsing attributes in process `syz.4.48'.
[  124.120615][ T5930] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  125.563748][ T5930] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  125.563773][ T5930] usb 2-1: config 0 has no interface number 0
[  125.723069][ T5930] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  125.723100][ T5930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.723119][ T5930] usb 2-1: Product: syz
[  125.723132][ T5930] usb 2-1: Manufacturer: syz
[  125.723145][ T5930] usb 2-1: SerialNumber: syz
[  125.756755][ T5930] usb 2-1: config 0 descriptor??
[  126.151135][ T5930] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  126.226429][ T5930] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  126.226843][ T5930] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  126.226924][ T5930] usb 2-1: media controller created
[  126.525167][ T5930] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  126.721842][ T5930] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[  127.232038][ T5930] usb 2-1: USB disconnect, device number 2
[  128.193102][ T6144] CIFS mount error: No usable UNC path provided in device string!
[  128.193102][ T6144] 
[  128.193123][ T6144] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  129.596861][ T6152] CIFS mount error: No usable UNC path provided in device string!
[  129.596861][ T6152] 
[  129.596882][ T6152] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  130.536244][ T5811] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  130.538290][ T5811] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  130.541916][ T5811] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  130.546593][ T5811] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  130.547919][ T5811] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  131.444754][ T6169] capability: warning: `syz.1.63' uses deprecated v2 capabilities in a way that may be insecure
[  132.885186][ T5815] Bluetooth: hci5: command tx timeout
[  132.945387][ T1318] ieee802154 phy0 wpan0: encryption failed: -22
[  132.945493][ T1318] ieee802154 phy1 wpan1: encryption failed: -22
[  134.339650][ T6153] chnl_net:caif_netlink_parms(): no params data found
[  134.902721][ T5815] Bluetooth: hci5: command tx timeout
[  136.546425][ T6199] CIFS mount error: No usable UNC path provided in device string!
[  136.546425][ T6199] 
[  136.546497][ T6199] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  137.220513][ T5815] Bluetooth: hci5: command tx timeout
[  137.436852][ T6153] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.438297][ T6153] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.438536][ T6153] bridge_slave_0: entered allmulticast mode
[  137.496979][ T6153] bridge_slave_0: entered promiscuous mode
[  137.573878][ T6203] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  139.328696][ T5815] Bluetooth: hci5: command tx timeout
[  140.041240][ T6153] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.041354][ T6153] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.041566][ T6153] bridge_slave_1: entered allmulticast mode
[  140.210623][ T6153] bridge_slave_1: entered promiscuous mode
[  142.701262][ T6153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  143.638983][ T6231] CIFS mount error: No usable UNC path provided in device string!
[  143.638983][ T6231] 
[  143.639049][ T6231] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  144.487320][ T6111] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.705270][ T6153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  147.390309][ T6111] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.126264][  T841] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  149.551257][  T841] usb 2-1: too many configurations: 9, using maximum allowed: 8
[  149.552939][  T841] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  149.553042][  T841] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  149.553068][  T841] usb 2-1: config 0 interface 0 has no altsetting 0
[  149.557317][  T841] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  149.557373][  T841] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  149.557399][  T841] usb 2-1: config 0 interface 0 has no altsetting 0
[  149.558827][  T841] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  149.558879][  T841] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  149.558905][  T841] usb 2-1: config 0 interface 0 has no altsetting 0
[  149.560291][  T841] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  149.560343][  T841] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  149.560369][  T841] usb 2-1: config 0 interface 0 has no altsetting 0
[  149.561883][  T841] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  149.563974][  T841] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  149.564003][  T841] usb 2-1: config 0 interface 0 has no altsetting 0
[  149.568246][  T841] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  149.984993][  T841] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  149.985014][  T841] usb 2-1: config 0 interface 0 has no altsetting 0
[  149.989264][  T841] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  149.989297][  T841] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  149.989311][  T841] usb 2-1: config 0 interface 0 has no altsetting 0
[  150.007797][ T6153] team0: Port device team_slave_0 added
[  150.088869][ T6273] CIFS mount error: No usable UNC path provided in device string!
[  150.088869][ T6273] 
[  150.088939][ T6273] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  151.195278][  T841] usb 2-1: unable to read config index 7 descriptor/all
[  151.195323][  T841] usb 2-1: can't read configurations, error -71
[  151.316059][ T6111] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.203722][ T6287] CIFS mount error: No usable UNC path provided in device string!
[  152.203722][ T6287] 
[  152.203743][ T6287] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  153.307936][ T6153] team0: Port device team_slave_1 added
[  154.424598][ T6301] CIFS mount error: No usable UNC path provided in device string!
[  154.424598][ T6301] 
[  154.424619][ T6301] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  154.533699][    C1] wlan0: beacon TX faster than countdown (channel/color switch) completion
[  156.294095][ T6111] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.551407][ T6153] batman_adv: batadv0: Adding interface: batadv_slave_0
[  156.551424][ T6153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  156.551449][ T6153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  156.575832][ T6153] batman_adv: batadv0: Adding interface: batadv_slave_1
[  156.575848][ T6153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  156.575873][ T6153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  160.842567][ T6153] hsr_slave_0: entered promiscuous mode
[  160.843831][ T6153] hsr_slave_1: entered promiscuous mode
[  160.844542][ T6153] debugfs: 'hsr0' already exists in 'hsr'
[  160.844561][ T6153] Cannot create hsr debugfs directory
[  167.421844][ T6111] bridge_slave_1: left allmulticast mode
[  167.422007][ T6111] bridge_slave_1: left promiscuous mode
[  167.513656][ T6361] CIFS mount error: No usable UNC path provided in device string!
[  167.513656][ T6361] 
[  167.513721][ T6361] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  167.791768][ T6111] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.281156][ T6111] bridge_slave_0: left allmulticast mode
[  168.281200][ T6111] bridge_slave_0: left promiscuous mode
[  168.281436][ T6111] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.542836][ T6374] CIFS mount error: No usable UNC path provided in device string!
[  169.542836][ T6374] 
[  169.542858][ T6374] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  170.555188][ T6379] netlink: 8 bytes leftover after parsing attributes in process `syz.3.112'.
[  170.555275][ T6379] netlink: 8 bytes leftover after parsing attributes in process `syz.3.112'.
[  172.855831][ T6390] netlink: 4 bytes leftover after parsing attributes in process `syz.1.116'.
[  173.611615][ T6111] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  173.651260][ T6111] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  173.685147][ T6111] bond0 (unregistering): Released all slaves
[  174.405670][ T6397] fuse: Unknown parameter '0x0000000000000005'
[  176.223785][ T5815] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  176.223832][ T5815] CPU: 0 UID: 0 PID: 5815 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  176.223856][ T5815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  176.223871][ T5815] Workqueue: hci1 hci_rx_work
[  176.223918][ T5815] Call Trace:
[  176.223929][ T5815]  <TASK>
[  176.223939][ T5815]  dump_stack_lvl+0xe8/0x150
[  176.223970][ T5815]  sysfs_create_dir_ns+0x259/0x280
[  176.223998][ T5815]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  176.224027][ T5815]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  176.224058][ T5815]  ? rt_spin_unlock+0x161/0x200
[  176.224085][ T5815]  kobject_add_internal+0x6b1/0xcd0
[  176.224117][ T5815]  kobject_add+0x155/0x220
[  176.224177][ T5815]  ? __pfx_kobject_add+0x10/0x10
[  176.224207][ T5815]  ? get_device_parent+0x370/0x3a0
[  176.224233][ T5815]  device_add+0x408/0xb80
[  176.224259][ T5815]  hci_conn_add_sysfs+0xd5/0x210
[  176.224291][ T5815]  le_conn_complete_evt+0xf1d/0x1420
[  176.224325][ T5815]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  176.224348][ T5815]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  176.224367][ T5815]  ? lockdep_hardirqs_on+0x7b/0x110
[  176.224388][ T5815]  ? skb_pull_data+0xfb/0x200
[  176.224421][ T5815]  hci_le_conn_complete_evt+0x187/0x480
[  176.224451][ T5815]  hci_event_packet+0x78f/0x1260
[  176.224484][ T5815]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  176.224509][ T5815]  ? __pfx_hci_event_packet+0x10/0x10
[  176.224535][ T5815]  ? rt_spin_unlock+0x150/0x200
[  176.224569][ T5815]  ? hci_send_to_monitor+0xe2/0x590
[  176.224597][ T5815]  hci_rx_work+0x3ee/0x1060
[  176.224623][ T5815]  ? process_scheduled_works+0x9ef/0x1770
[  176.224647][ T5815]  process_scheduled_works+0xad1/0x1770
[  176.224698][ T5815]  ? __pfx_process_scheduled_works+0x10/0x10
[  176.224718][ T5815]  ? do_raw_spin_lock+0x121/0x290
[  176.224757][ T5815]  worker_thread+0x8a0/0xda0
[  176.224792][ T5815]  ? __kthread_parkme+0x7b/0x200
[  176.224827][ T5815]  kthread+0x711/0x8a0
[  176.224855][ T5815]  ? __pfx_worker_thread+0x10/0x10
[  176.224875][ T5815]  ? __pfx_kthread+0x10/0x10
[  176.224898][ T5815]  ? rt_spin_unlock+0x150/0x200
[  176.224927][ T5815]  ? rt_spin_unlock+0x161/0x200
[  176.224948][ T5815]  ? __pfx_kthread+0x10/0x10
[  176.224975][ T5815]  ret_from_fork+0x510/0xa50
[  176.224999][ T5815]  ? __pfx_ret_from_fork+0x10/0x10
[  176.225015][ T5815]  ? __switch_to+0xc9e/0x1480
[  176.225047][ T5815]  ? __pfx_kthread+0x10/0x10
[  176.225073][ T5815]  ret_from_fork_asm+0x1a/0x30
[  176.225118][ T5815]  </TASK>
[  176.225272][ T5815] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  176.225314][ T5815] Bluetooth: hci1: failed to register connection device
[  176.449811][ T6424] CIFS mount error: No usable UNC path provided in device string!
[  176.449811][ T6424] 
[  176.449875][ T6424] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  178.482859][ T6433] netlink: 8 bytes leftover after parsing attributes in process `syz.2.124'.
[  178.482885][ T6433] netlink: 8 bytes leftover after parsing attributes in process `syz.2.124'.
[  178.523807][ T5815] Bluetooth: hci1: command 0x2016 tx timeout
[  178.766886][ T6153] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  180.183149][ T6153] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  180.341424][ T6153] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  180.580936][ T5815] Bluetooth: hci1: command 0x2016 tx timeout
[  180.872077][ T6153] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  181.875434][ T6111] hsr_slave_0: left promiscuous mode
[  181.890562][ T6111] hsr_slave_1: left promiscuous mode
[  181.897851][ T6111] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  181.898009][ T6111] batman_adv: batadv0: Removing interface: batadv_slave_0
[  182.021009][ T6111] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  182.021038][ T6111] batman_adv: batadv0: Removing interface: batadv_slave_1
[  184.133467][ T6111] veth1_macvtap: left promiscuous mode
[  184.133768][ T6111] veth0_macvtap: left promiscuous mode
[  184.134202][ T6111] veth1_vlan: left promiscuous mode
[  184.134662][ T6111] veth0_vlan: left promiscuous mode
[  189.159967][ T6512] fuse: Unknown parameter '0x0000000000000005'
[  190.372134][ T5811] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  190.372160][ T5811] CPU: 0 UID: 0 PID: 5811 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  190.372183][ T5811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  190.372196][ T5811] Workqueue: hci0 hci_rx_work
[  190.372218][ T5811] Call Trace:
[  190.372226][ T5811]  <TASK>
[  190.372235][ T5811]  dump_stack_lvl+0xe8/0x150
[  190.372266][ T5811]  sysfs_create_dir_ns+0x259/0x280
[  190.372293][ T5811]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  190.372320][ T5811]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  190.372351][ T5811]  ? rt_spin_unlock+0x161/0x200
[  190.372379][ T5811]  kobject_add_internal+0x6b1/0xcd0
[  190.372420][ T5811]  kobject_add+0x155/0x220
[  190.372448][ T5811]  ? __pfx_kobject_add+0x10/0x10
[  190.372477][ T5811]  ? get_device_parent+0x370/0x3a0
[  190.372503][ T5811]  device_add+0x408/0xb80
[  190.372528][ T5811]  hci_conn_add_sysfs+0xd5/0x210
[  190.372559][ T5811]  le_conn_complete_evt+0xf1d/0x1420
[  190.372593][ T5811]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  190.372617][ T5811]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  190.372636][ T5811]  ? lockdep_hardirqs_on+0x7b/0x110
[  190.372656][ T5811]  ? skb_pull_data+0xfb/0x200
[  190.372688][ T5811]  hci_le_conn_complete_evt+0x187/0x480
[  190.372718][ T5811]  hci_event_packet+0x78f/0x1260
[  190.372750][ T5811]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  190.372775][ T5811]  ? __pfx_hci_event_packet+0x10/0x10
[  190.372801][ T5811]  ? rt_spin_unlock+0x150/0x200
[  190.372835][ T5811]  ? hci_send_to_monitor+0xe2/0x590
[  190.372862][ T5811]  hci_rx_work+0x3ee/0x1060
[  190.372889][ T5811]  ? process_scheduled_works+0x9ef/0x1770
[  190.372913][ T5811]  process_scheduled_works+0xad1/0x1770
[  190.372965][ T5811]  ? __pfx_process_scheduled_works+0x10/0x10
[  190.372984][ T5811]  ? do_raw_spin_lock+0x121/0x290
[  190.373024][ T5811]  worker_thread+0x8a0/0xda0
[  190.373060][ T5811]  ? __kthread_parkme+0x7b/0x200
[  190.373093][ T5811]  kthread+0x711/0x8a0
[  190.373122][ T5811]  ? __pfx_worker_thread+0x10/0x10
[  190.373143][ T5811]  ? __pfx_kthread+0x10/0x10
[  190.373165][ T5811]  ? rt_spin_unlock+0x150/0x200
[  190.373193][ T5811]  ? rt_spin_unlock+0x161/0x200
[  190.373215][ T5811]  ? __pfx_kthread+0x10/0x10
[  190.373241][ T5811]  ret_from_fork+0x510/0xa50
[  190.373265][ T5811]  ? __pfx_ret_from_fork+0x10/0x10
[  190.373284][ T5811]  ? __switch_to+0xc9e/0x1480
[  190.373316][ T5811]  ? __pfx_kthread+0x10/0x10
[  190.373343][ T5811]  ret_from_fork_asm+0x1a/0x30
[  190.373388][ T5811]  </TASK>
[  190.373422][ T5811] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  190.373461][ T5811] Bluetooth: hci0: failed to register connection device
[  191.667334][   T61] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  191.700874][   T61] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  191.708199][   T61] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  191.709172][   T61] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  191.709865][   T61] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  193.122324][   T61] Bluetooth: hci0: command 0x2016 tx timeout
[  193.780646][   T61] Bluetooth: hci3: command tx timeout
[  194.601467][ T1318] ieee802154 phy0 wpan0: encryption failed: -22
[  194.601535][ T1318] ieee802154 phy1 wpan1: encryption failed: -22
[  194.847242][ T6540] fuse: Unknown parameter '0x0000000000000005'
[  195.217095][   T61] Bluetooth: hci0: command 0x2016 tx timeout
[  196.877687][   T61] Bluetooth: hci3: command tx timeout
[  196.935856][ T5815] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  196.935879][ T5815] CPU: 1 UID: 0 PID: 5815 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  196.935903][ T5815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  196.935916][ T5815] Workqueue: hci4 hci_rx_work
[  196.935939][ T5815] Call Trace:
[  196.935946][ T5815]  <TASK>
[  196.935954][ T5815]  dump_stack_lvl+0xe8/0x150
[  196.935985][ T5815]  sysfs_create_dir_ns+0x259/0x280
[  196.936013][ T5815]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  196.936039][ T5815]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  196.936069][ T5815]  ? rt_spin_unlock+0x161/0x200
[  196.936096][ T5815]  kobject_add_internal+0x6b1/0xcd0
[  196.936126][ T5815]  kobject_add+0x155/0x220
[  196.936153][ T5815]  ? __pfx_kobject_add+0x10/0x10
[  196.936182][ T5815]  ? get_device_parent+0x370/0x3a0
[  196.936205][ T5815]  device_add+0x408/0xb80
[  196.936228][ T5815]  hci_conn_add_sysfs+0xd5/0x210
[  196.936258][ T5815]  le_conn_complete_evt+0xf1d/0x1420
[  196.936290][ T5815]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  196.936313][ T5815]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  196.936330][ T5815]  ? lockdep_hardirqs_on+0x7b/0x110
[  196.936349][ T5815]  ? skb_pull_data+0xfb/0x200
[  196.936380][ T5815]  hci_le_conn_complete_evt+0x187/0x480
[  196.936409][ T5815]  hci_event_packet+0x78f/0x1260
[  196.936438][ T5815]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  196.936460][ T5815]  ? __pfx_hci_event_packet+0x10/0x10
[  196.936485][ T5815]  ? rt_spin_unlock+0x150/0x200
[  196.936515][ T5815]  ? hci_send_to_monitor+0xe2/0x590
[  196.936540][ T5815]  hci_rx_work+0x3ee/0x1060
[  196.936559][ T5815]  ? preempt_schedule_thunk+0x16/0x30
[  196.936581][ T5815]  ? process_scheduled_works+0x9ef/0x1770
[  196.936604][ T5815]  process_scheduled_works+0xad1/0x1770
[  196.936654][ T5815]  ? __pfx_process_scheduled_works+0x10/0x10
[  196.936680][ T5815]  ? do_raw_spin_lock+0x121/0x290
[  196.936718][ T5815]  worker_thread+0x8a0/0xda0
[  196.936753][ T5815]  ? __kthread_parkme+0x7b/0x200
[  196.936783][ T5815]  kthread+0x711/0x8a0
[  196.936809][ T5815]  ? __pfx_worker_thread+0x10/0x10
[  196.936828][ T5815]  ? __pfx_kthread+0x10/0x10
[  196.936849][ T5815]  ? rt_spin_unlock+0x150/0x200
[  196.936876][ T5815]  ? rt_spin_unlock+0x161/0x200
[  196.936896][ T5815]  ? __pfx_kthread+0x10/0x10
[  196.936921][ T5815]  ret_from_fork+0x510/0xa50
[  196.936945][ T5815]  ? __pfx_ret_from_fork+0x10/0x10
[  196.936962][ T5815]  ? __switch_to+0xc9e/0x1480
[  196.936989][ T5815]  ? __pfx_kthread+0x10/0x10
[  196.937015][ T5815]  ret_from_fork_asm+0x1a/0x30
[  196.937057][ T5815]  </TASK>
[  196.937082][ T5815] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  196.937115][ T5815] Bluetooth: hci4: failed to register connection device
[  199.106763][ T5811] Bluetooth: hci3: command tx timeout
[  199.110805][   T61] Bluetooth: hci4: command 0x2016 tx timeout
[  200.461621][ T6111] team0 (unregistering): Port device team_slave_1 removed
[  200.761233][ T6111] team0 (unregistering): Port device team_slave_0 removed
[  201.226051][ T5811] Bluetooth: hci3: command tx timeout
[  201.301070][ T5815] Bluetooth: hci4: command 0x2016 tx timeout
[  206.122154][ T5819] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  206.209018][ T5819] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  206.227221][ T5819] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  206.229354][ T5819] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  206.230298][ T5819] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  206.692159][ T5815] Bluetooth: hci4: command 0x2016 tx timeout
[  206.694720][ T5117] Bluetooth: hci1: command 0x2016 tx timeout
[  206.694878][ T5816] Bluetooth: hci2: command 0x0406 tx timeout
[  206.696562][ T5819] Bluetooth: hci0: command 0x2016 tx timeout
[  208.372907][ T5804] Bluetooth: hci6: command tx timeout
[  210.421650][ T5804] Bluetooth: hci6: command tx timeout
[  212.500611][ T5804] Bluetooth: hci6: command tx timeout
[  214.732485][ T5804] Bluetooth: hci6: command tx timeout
[  217.539975][ T6588] chnl_net:caif_netlink_parms(): no params data found
[  223.048710][ T6523] chnl_net:caif_netlink_parms(): no params data found
[  223.923323][ T6732] trusted_key: encrypted_key: insufficient parameters specified
[  224.535955][ T6736] fuse: Unknown parameter '0xffffffffffffffff'
[  225.023561][ T5804] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  225.023615][ T5804] CPU: 1 UID: 0 PID: 5804 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  225.023641][ T5804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  225.023655][ T5804] Workqueue: hci2 hci_rx_work
[  225.023678][ T5804] Call Trace:
[  225.023687][ T5804]  <TASK>
[  225.023697][ T5804]  dump_stack_lvl+0xe8/0x150
[  225.023727][ T5804]  sysfs_create_dir_ns+0x259/0x280
[  225.023756][ T5804]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  225.023789][ T5804]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  225.023827][ T5804]  ? rt_spin_unlock+0x161/0x200
[  225.023855][ T5804]  kobject_add_internal+0x6b1/0xcd0
[  225.023892][ T5804]  kobject_add+0x155/0x220
[  225.023920][ T5804]  ? __pfx_kobject_add+0x10/0x10
[  225.023952][ T5804]  ? get_device_parent+0x370/0x3a0
[  225.023978][ T5804]  device_add+0x408/0xb80
[  225.024004][ T5804]  hci_conn_add_sysfs+0xd5/0x210
[  225.024035][ T5804]  le_conn_complete_evt+0xf1d/0x1420
[  225.024069][ T5804]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  225.024091][ T5804]  ? lockdep_hardirqs_on+0x7b/0x110
[  225.024110][ T5804]  ? irqentry_exit+0x5e8/0x670
[  225.024126][ T5804]  ? rcu_is_watching+0x15/0xb0
[  225.024149][ T5804]  ? skb_pull_data+0xfb/0x200
[  225.024181][ T5804]  hci_le_conn_complete_evt+0x187/0x480
[  225.024212][ T5804]  hci_event_packet+0x78f/0x1260
[  225.024244][ T5804]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  225.024269][ T5804]  ? __pfx_hci_event_packet+0x10/0x10
[  225.024298][ T5804]  ? preempt_schedule_common+0x83/0xd0
[  225.024327][ T5804]  ? preempt_schedule_thunk+0x16/0x30
[  225.024354][ T5804]  ? hci_send_to_monitor+0xe2/0x590
[  225.024382][ T5804]  hci_rx_work+0x3ee/0x1060
[  225.024402][ T5804]  ? preempt_schedule_thunk+0x16/0x30
[  225.024426][ T5804]  ? process_scheduled_works+0x9ef/0x1770
[  225.024450][ T5804]  process_scheduled_works+0xad1/0x1770
[  225.024503][ T5804]  ? __pfx_process_scheduled_works+0x10/0x10
[  225.024523][ T5804]  ? do_raw_spin_lock+0x121/0x290
[  225.024563][ T5804]  worker_thread+0x8a0/0xda0
[  225.024599][ T5804]  ? __kthread_parkme+0x7b/0x200
[  225.024633][ T5804]  kthread+0x711/0x8a0
[  225.024662][ T5804]  ? __pfx_worker_thread+0x10/0x10
[  225.024683][ T5804]  ? __pfx_kthread+0x10/0x10
[  225.024706][ T5804]  ? rt_spin_unlock+0x150/0x200
[  225.024735][ T5804]  ? rt_spin_unlock+0x161/0x200
[  225.024757][ T5804]  ? __pfx_kthread+0x10/0x10
[  225.024784][ T5804]  ret_from_fork+0x510/0xa50
[  225.024808][ T5804]  ? __pfx_ret_from_fork+0x10/0x10
[  225.024832][ T5804]  ? __switch_to+0xc9e/0x1480
[  225.024864][ T5804]  ? __pfx_kthread+0x10/0x10
[  225.024891][ T5804]  ret_from_fork_asm+0x1a/0x30
[  225.024938][ T5804]  </TASK>
[  225.025261][ T5804] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  225.025529][ T5804] Bluetooth: hci2: failed to register connection device
[  225.868063][ T6744] netlink: 8 bytes leftover after parsing attributes in process `syz.4.189'.
[  225.868088][ T6744] netlink: 8 bytes leftover after parsing attributes in process `syz.4.189'.
[  227.797993][ T5807] Bluetooth: hci2: command 0x0406 tx timeout
[  229.605227][ T6588] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.608370][ T6588] bridge0: port 1(bridge_slave_0) entered disabled state
[  229.608552][ T6588] bridge_slave_0: entered allmulticast mode
[  229.641072][ T6588] bridge_slave_0: entered promiscuous mode
[  229.696729][ T6588] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.696852][ T6588] bridge0: port 2(bridge_slave_1) entered disabled state
[  229.697053][ T6588] bridge_slave_1: entered allmulticast mode
[  229.699477][ T6588] bridge_slave_1: entered promiscuous mode
[  229.860927][ T5804] Bluetooth: hci2: command 0x0406 tx timeout
[  232.922780][ T6588] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  233.096080][ T6588] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  233.127300][ T6523] bridge0: port 1(bridge_slave_0) entered blocking state
[  233.131727][ T6523] bridge0: port 1(bridge_slave_0) entered disabled state
[  233.131981][ T6523] bridge_slave_0: entered allmulticast mode
[  233.161071][ T6523] bridge_slave_0: entered promiscuous mode
[  233.552194][ T6523] bridge0: port 2(bridge_slave_1) entered blocking state
[  233.552319][ T6523] bridge0: port 2(bridge_slave_1) entered disabled state
[  233.552514][ T6523] bridge_slave_1: entered allmulticast mode
[  233.562649][ T6523] bridge_slave_1: entered promiscuous mode
[  234.220079][ T6801] netlink: 8 bytes leftover after parsing attributes in process `syz.3.203'.
[  234.220105][ T6801] netlink: 8 bytes leftover after parsing attributes in process `syz.3.203'.
[  235.242524][ T6588] team0: Port device team_slave_0 added
[  235.406788][ T6588] team0: Port device team_slave_1 added
[  235.429917][ T6523] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  236.541802][ T6523] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  239.508990][ T6588] batman_adv: batadv0: Adding interface: batadv_slave_0
[  239.509002][ T6588] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  239.509015][ T6588] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  239.623483][ T5805] ------------[ cut here ]------------
[  239.623493][ T5805] faux_driver vkms: [drm] vblank wait timed out on crtc 0
[  239.623508][ T5805] WARNING: drivers/gpu/drm/drm_vblank.c:1318 at drm_wait_one_vblank+0x39a/0x5c0, CPU#0: kworker/0:3/5805
[  239.623531][ T5805] Modules linked in:
[  239.623545][ T5805] CPU: 0 UID: 0 PID: 5805 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  239.623568][ T5805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  239.623584][ T5805] Workqueue: events drm_fb_helper_damage_work
[  239.623598][ T5805] RIP: 0010:drm_wait_one_vblank+0x587/0x5c0
[  239.623609][ T5805] Code: 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 ba d4 f6 fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 8b 4c 24 04 <67> 48 0f b9 3a e9 d5 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f
[  239.623618][ T5805] RSP: 0000:ffffc90004cbf860 EFLAGS: 00010246
[  239.623626][ T5805] RAX: 1ffff110047f8200 RBX: ffffffff8ee5b070 RCX: 0000000000000000
[  239.623634][ T5805] RDX: ffffffff8b569b80 RSI: ffffffff8b584ca0 RDI: ffffffff8ee5b070
[  239.623641][ T5805] RBP: ffffc90004cbf948 R08: 0000000000000000 R09: 0000000000000000
[  239.623647][ T5805] R10: dffffc0000000000 R11: fffffbfff1db66ef R12: ffffffff8b584ca0
[  239.623655][ T5805] R13: ffff888023fc1000 R14: 1ffff92000997f10 R15: ffffffff8b569b80
[  239.623662][ T5805] FS:  0000000000000000(0000) GS:ffff888126cef000(0000) knlGS:0000000000000000
[  239.623670][ T5805] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  239.623677][ T5805] CR2: 0000000000000000 CR3: 0000000031350000 CR4: 00000000003526f0
[  239.623686][ T5805] Call Trace:
[  239.623691][ T5805]  <TASK>
[  239.623698][ T5805]  ? __pfx_drm_wait_one_vblank+0x10/0x10
[  239.623709][ T5805]  ? rt_spin_unlock+0x150/0x200
[  239.623723][ T5805]  ? __pfx_autoremove_wake_function+0x10/0x10
[  239.623738][ T5805]  ? rt_spin_unlock+0x161/0x200
[  239.623753][ T5805]  ? drm_vblank_get+0x147/0x260
[  239.623765][ T5805]  drm_client_modeset_wait_for_vblank+0xc5/0xf0
[  239.623782][ T5805]  drm_fb_helper_damage_work+0xc9/0x650
[  239.623795][ T5805]  ? process_scheduled_works+0x9ef/0x1770
[  239.623809][ T5805]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  239.623823][ T5805]  ? process_scheduled_works+0x9ef/0x1770
[  239.623833][ T5805]  ? process_scheduled_works+0x9ef/0x1770
[  239.623845][ T5805]  process_scheduled_works+0xad1/0x1770
[  239.623872][ T5805]  ? __pfx_process_scheduled_works+0x10/0x10
[  239.623882][ T5805]  ? do_raw_spin_lock+0x121/0x290
[  239.623902][ T5805]  worker_thread+0x8a0/0xda0
[  239.623921][ T5805]  ? __kthread_parkme+0x7b/0x200
[  239.623938][ T5805]  kthread+0x711/0x8a0
[  239.623954][ T5805]  ? __pfx_worker_thread+0x10/0x10
[  239.623965][ T5805]  ? __pfx_kthread+0x10/0x10
[  239.623978][ T5805]  ? rt_spin_unlock+0x150/0x200
[  239.623993][ T5805]  ? rt_spin_unlock+0x161/0x200
[  239.624005][ T5805]  ? __pfx_kthread+0x10/0x10
[  239.624019][ T5805]  ret_from_fork+0x510/0xa50
[  239.624032][ T5805]  ? __pfx_ret_from_fork+0x10/0x10
[  239.624042][ T5805]  ? __switch_to+0xc9e/0x1480
[  239.624060][ T5805]  ? __pfx_kthread+0x10/0x10
[  239.624074][ T5805]  ret_from_fork_asm+0x1a/0x30
[  239.624099][ T5805]  </TASK>
[  239.624109][ T5805] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  239.624117][ T5805] CPU: 0 UID: 0 PID: 5805 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  239.624128][ T5805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  239.624134][ T5805] Workqueue: events drm_fb_helper_damage_work
[  239.624144][ T5805] Call Trace:
[  239.624148][ T5805]  <TASK>
[  239.624152][ T5805]  vpanic+0x1e0/0x670
[  239.624169][ T5805]  panic+0xb9/0xc0
[  239.624183][ T5805]  ? __pfx_panic+0x10/0x10
[  239.624208][ T5805]  ? ret_from_fork_asm+0x1a/0x30
[  239.624225][ T5805]  __warn+0x317/0x4b0
[  239.624238][ T5805]  ? drm_wait_one_vblank+0x39a/0x5c0
[  239.624250][ T5805]  ? drm_wait_one_vblank+0x39a/0x5c0
[  239.624261][ T5805]  __report_bug+0x288/0x500
[  239.624278][ T5805]  ? drm_wait_one_vblank+0x39a/0x5c0
[  239.624292][ T5805]  ? __pfx___report_bug+0x10/0x10
[  239.624318][ T5805]  report_bug_entry+0x19a/0x290
[  239.624333][ T5805]  ? drm_wait_one_vblank+0x587/0x5c0
[  239.624343][ T5805]  ? drm_wait_one_vblank+0x58c/0x5c0
[  239.624360][ T5805]  handle_bug+0xca/0x200
[  239.624372][ T5805]  exc_invalid_op+0x1a/0x50
[  239.624383][ T5805]  asm_exc_invalid_op+0x1a/0x20
[  239.624393][ T5805] RIP: 0010:drm_wait_one_vblank+0x587/0x5c0
[  239.624404][ T5805] Code: 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 ba d4 f6 fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 8b 4c 24 04 <67> 48 0f b9 3a e9 d5 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f
[  239.624412][ T5805] RSP: 0000:ffffc90004cbf860 EFLAGS: 00010246
[  239.624420][ T5805] RAX: 1ffff110047f8200 RBX: ffffffff8ee5b070 RCX: 0000000000000000
[  239.624427][ T5805] RDX: ffffffff8b569b80 RSI: ffffffff8b584ca0 RDI: ffffffff8ee5b070
[  239.624434][ T5805] RBP: ffffc90004cbf948 R08: 0000000000000000 R09: 0000000000000000
[  239.624441][ T5805] R10: dffffc0000000000 R11: fffffbfff1db66ef R12: ffffffff8b584ca0
[  239.624448][ T5805] R13: ffff888023fc1000 R14: 1ffff92000997f10 R15: ffffffff8b569b80
[  239.624466][ T5805]  ? __pfx_drm_wait_one_vblank+0x10/0x10
[  239.624476][ T5805]  ? rt_spin_unlock+0x150/0x200
[  239.624489][ T5805]  ? __pfx_autoremove_wake_function+0x10/0x10
[  239.624503][ T5805]  ? rt_spin_unlock+0x161/0x200
[  239.624517][ T5805]  ? drm_vblank_get+0x147/0x260
[  239.624529][ T5805]  drm_client_modeset_wait_for_vblank+0xc5/0xf0
[  239.624546][ T5805]  drm_fb_helper_damage_work+0xc9/0x650
[  239.624558][ T5805]  ? process_scheduled_works+0x9ef/0x1770
[  239.624572][ T5805]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  239.624591][ T5805]  ? process_scheduled_works+0x9ef/0x1770
[  239.624601][ T5805]  ? process_scheduled_works+0x9ef/0x1770
[  239.624613][ T5805]  process_scheduled_works+0xad1/0x1770
[  239.624639][ T5805]  ? __pfx_process_scheduled_works+0x10/0x10
[  239.624649][ T5805]  ? do_raw_spin_lock+0x121/0x290
[  239.624668][ T5805]  worker_thread+0x8a0/0xda0
[  239.624686][ T5805]  ? __kthread_parkme+0x7b/0x200
[  239.624703][ T5805]  kthread+0x711/0x8a0
[  239.624719][ T5805]  ? __pfx_worker_thread+0x10/0x10
[  239.624730][ T5805]  ? __pfx_kthread+0x10/0x10
[  239.624743][ T5805]  ? rt_spin_unlock+0x150/0x200
[  239.624758][ T5805]  ? rt_spin_unlock+0x161/0x200
[  239.624770][ T5805]  ? __pfx_kthread+0x10/0x10
[  239.624784][ T5805]  ret_from_fork+0x510/0xa50
[  239.624796][ T5805]  ? __pfx_ret_from_fork+0x10/0x10
[  239.624806][ T5805]  ? __switch_to+0xc9e/0x1480
[  239.624824][ T5805]  ? __pfx_kthread+0x10/0x10
[  239.624838][ T5805]  ret_from_fork_asm+0x1a/0x30
[  239.624861][ T5805]  </TASK>
[  239.625364][ T5805] Kernel Offset: disabled