last executing test programs:

13m25.879791327s ago: executing program 32 (id=35):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x41)
close(r1)
r2 = getpid()
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r3, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x2008803, &(0x7f0000000080), 0x1, 0x648, &(0x7f0000000100)="$eJzs3c9vFNcdAPDvrNe/aW1Q1ZYeiqWqAqnFxgYqVFUq3BGiP27txcUGUQxG2FVjhISRyCVSbjkg5ZRDyH+RIHHlH8ghUpRTFAlFhEOIUNhoZnfs8XrXv3fXrD8fabLvzXjnvXH4+r15+95sAAfWWESMR8TRiLidRIwUjpWz/5ayH0p/7uWLe1fSLYlK5R/fJnHvfrJcPFdSex2uvfnHkequIz3ry11Yuntjem5u9k4tP7F48/bEwtLdk9dvTl+bvTZ7a+pPU+fOnjl7bvLUrq7vcCF98eF//z/y3qV/ffzh62Tyky8uJXE+vbpMel317+3fVcnp72wsKlWvivvT3+u5XZ57v/h+JP93siqp38G+lsZAb0T8Kkaip/B/cyTe/VtHKwa0VCWJvI0CDpxkR/E/sPcVAdos7wfk9/aN7oMbaHBHD7xtnl+oDkhVY783IvL4L2djfhED2djA0MtkzThPEhG7G5mrSst49vTSw3SLJuNwQGssP8hHuevb/ySLzdEYyHJDL0tr4r9U2NL9f99OoX2rybG6Q+If2mf5QUT8utb+98V24r8chfj/zw7Lz+L/0IuVmxHxDwAAAAAAADv35EJE/LHR/L9SjGXLggayj+ur838+7c3fNxwR5/eg/M0//y/lS/SSPSgOKHh+IeIvDef/5mEXoz213M+y+QC9ydXrc7OnIuLnEXEievvT/GTdeUuF9Mn3jzxqVn5x/l+6peU/e1qcXlz6ply3EHdmenHaXwPYvecPIn6Tzf89Vtuzdv5P2v4nDeb/pvF9e4tlHPn948vFfKVSuZ+nG8d/dS4w0FqVjyKON2z/VxvYZOPnc0xk/YGJvFew3m9fFxYa1RH/0Dlp+z/UPP5Xet4rz+tZ2N75+yLi9FK5WfhvIf4b9//7kn/2RGEpwTvTi4t3JiP6kovr909tr87QrfJ4yOMljf8Tv2s6/re2/1+Iw8GIWN5imb98M/xVs2Paf+icNP5nNu7/jya19j+y9n+lI7DlxNTj0c+yMzV4LtzlLbX/Z7I2/URtTzb+B9SU1u3ZaoB2pLoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8JYrRcShSErjK+lSaXw8YjgifhFDpbn5hcU/XJ3/362Z9Fj2/f+l/Jt+R6r5JP/+/9FCfqoufzoiDkfEBz2DWX78yvzcTKcvHgAAAAAAAAAAAAAAAAAAAPaJ4WzNf6W/fv1/6uueTtcOaLly7XWTeB9oR12A9irv+J2V/j2tCNB2O49/4G239fjvbWk9gPZrHv+vXlcyeT5Jike/a3G9gNbT/4eDa/P4H2y008eD0AUaxP9YJ+oBtNuGY3qPVlI+/Yeu5P4fAAAAAAC6yuFjTz5PImL5z4PZluqrHTPZH7pbqe4VODjM4YWDqzzf6RoAneIeH1hd1/9DpdHx5rP/k9ZUCAAAAAAAAAAAAABY5/hR6//hoNp43b+5/dDNNlj/3yj4PS4Aukjzr/7Q9kO3c48PbNbaW/8PAAAAAAAAAAAAAPvAwN0b03Nzs3cWlnaZiIgvK0nEbs/TJPHvBof+2qKyWppYnt4X1djTxJvWnLk3IvbHBbY7kT+Co4PV6PDfJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMVPAQAA//+2/DDv")
wait4(0x0, 0x0, 0x80000000, 0x0)
r4 = syz_pidfd_open(r2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r4}})
connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)
set_mempolicy_home_node(&(0x7f0000417000/0x2000)=nil, 0x2000, 0x0, 0x0)

13m22.375176851s ago: executing program 33 (id=53):
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x4, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x40f00, 0x41, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xc769}, 0x94)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x10008)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000004c0)={0x18}, 0x18)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000200)={0x50, 0x0, r4, {0x7, 0x29, 0x20200}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x4000, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}]}})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)

13m22.143922349s ago: executing program 34 (id=56):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0040, &(0x7f0000002a00)={[{@noblock_validity}, {@resgid={'resgid', 0x3d, 0xee00}}, {@acl}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0x8}}, {@nodiscard}]}, 0xfe, 0x472, &(0x7f0000000940)="$eJzs3MtvG8UfAPDvOk6a9PFLf6U8WloIFETFI2nSBz1wAYHEAQQSHIo4BSetSt0GNUGiVQSBQxDigCpxRxyR+As4wQUBJySucEeVEMqlhZPRenfTxLVDHk6c4s9H2nZmd92Z786OPTtjN4CuNZT+kUTsjohfI2Iwyy4/YSj76+bCbOWvhdlKErXaa38m9fNuLMxW8n9i8XW7sh21Wp7f0aTc+TcjxqvVyct5fmTm4jsj01euPnX+4vi5yXOTl8ZOnz5x/HDfqbGTbYkzjevGwfenDh148Y1rL1fOXHvrx6/T+u7OjxdxtNNQdnWberTdhXXYniXppNzBirAmabulzdVb7/+D0RMDi8cG44WPOlo5YFPVarVas8/n3FwN+A9LotM1ADqj+KBPn3+LbYuGHtvCH89mD0Bp3DfzLTtSjlJ+Tm/D82079UfEmbm/v0i32KR5CACApb5Nxz9PNhv/leKeJef9L19D2RsR/4+IfRFxV0Tsj4i7I+rn3hsR962x/MYVktvHP6Xr6wpsldLx3zP52tby8V8x+ou9PXluTz3+3uTs+erksfyaHI3eHWl+dNlLlvvu+V8+a9z3aT7NPrRk/JduafnFWDCvx/VywwTdxPjMeFuCT+P/MOJguVn8SRTLOElEHIiIg+ss4/zjXx1qdezf419BG9aZal9GPJa1/1w0xF9IWq5Pjj59auzkSH9UJ4+NFHfF7X76ef7VVuVvKP42SNt/Z9P7P4s/fUZM+iOmr1y9UF+vnV57GfO/fVxJWhzbv877vy95vZ7uy/e9Nz4zc3k0oi95Kc0OLNs/duu1Rb44P43/6JHm/X9f9nhWvxL3R0R6Ex+OiAci4sG87R6KiIcj4sgK8f/w3CNvtzrWuv1XmJVvozT+iRXaP33LS1O32n/tiZ4L33/Tqvzaqtr/RD11NN+zmve/1VZwI9cOAAAA7hSl+nfgk9LwYrpUGh7OvsO/P3aWqlPTM0+cnXr30kT2Xfm90VsqZroGl8yHjuZzw0V+rCF/PJ83/rxnoJ4frkxVJzodPHS5XS36f+r3nk7XDth0fq8F3Uv/h+6l/0P30v+he+n/0KX6mu/+YKvrAXTE2j//+zelHsDWM/6H7qX/Q/fS/6ErtfxtfGlDP/m/UxPl7VGNpomB7VGNIhGlbVGN9iVe+STrEtulPkWivOr/zGKdiR1ND3X6nQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA9/gkAAP//Uo/mdg==")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x44, 0x86}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000240)=ANY=[@ANYBLOB="000000004c900200000000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000ffffffff"])

12m51.368851894s ago: executing program 6 (id=205):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x10, 0x0, &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x70, 0x103301)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)

12m50.849286574s ago: executing program 6 (id=207):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300001d000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
move_pages(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0)

12m50.504588571s ago: executing program 6 (id=212):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000003580)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0xffffffffffffffff}], 0x9, 0x0)

12m50.117298866s ago: executing program 6 (id=214):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000), 0x13f}}, 0x20)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb"], &(0x7f0000000100)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
close(r0)

12m49.907226977s ago: executing program 6 (id=217):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001280)={&(0x7f00000010c0)=@l2tp6={0xa, 0x0, 0x4, @mcast1, 0x5, 0x4}, 0x80, 0x0}, 0xc810)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00'})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$bt_hci(r0, 0x84, 0x75, &(0x7f00000010c0)=""/4111, &(0x7f0000000000)=0x100f)

12m49.707288846s ago: executing program 6 (id=219):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
move_pages(0x0, 0x1ffffffffffffc17, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32, @ANYBLOB="01000000010000001c0012000c0001006272696467"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)

12m34.648010158s ago: executing program 35 (id=219):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
move_pages(0x0, 0x1ffffffffffffc17, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32, @ANYBLOB="01000000010000001c0012000c0001006272696467"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)

10m26.648489301s ago: executing program 7 (id=1259):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, 0x0, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="01000000220900"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001"], 0x80}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="01000000000200"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008046"], 0x48}}, 0x0)

10m26.466527373s ago: executing program 7 (id=1261):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5e8, &(0x7f0000001200)="$eJzs3c9vFdUeAPDv3P6gpbzXQl7ee7iQJsZAorS0gCHGBWwNafBH3Lix0oJIgYbWaNGEkuDGxLgxxsSVC/G/UCJbVrpy4caVISFqWJp4zdzOlP6Y2x+X207T+XySS2fOmeGc4fLtOXPuOXMDqKzB9I9axMGImE4i+pP5xbzOyDIHF4579OdH59NXEvX6a78nkWRp+fFJ9rMvO7knIn78IYkDHavLnZm7cXl8amryerY/PHtlenhm7sbRS1fGL05enLw6+sLoqZMnTp4aOdbSdd0sSDt7+933+z8Ze/Obr/5KRr79ZSyJ0/FyduDS62iXwRhs/Jskq7P6TrW7sJJ0ZP9Plr7FSWeJFWJT8vevKyL+F/3REY/fvP74+JVSKwdsqXoSUQcqKhH/UFF5PyC/t195H1wrpVcCbIeHZxYGAFbHf+fC2GD0NMYG9j5KYumwThIRrY3MLbcvIu7fG7t94d7Y7diicTig2PytiPh/UfwnjfgfiJ4YaMR/bVn8p/2Cc9nPNP3VFstfOVQs/mH7LMR/z5rxH03i/60l8f92i+UPPt58p3dZ/Pe2ekkAAAAAAABQWXfPRMTzRZ//1xbn/0TB/J++iDjdhvIHV+yv/vy/9qANxQAFHp6JeKlw/m8tn/070JFt/asxH6AruXBpavJYRPw7Io5E1550f2SNMo5+euDLZnmD2fy//JWWfz+bC5jV40HnnuXnTIzPjj/pdQMRD29FPFU4/zdZbP+TgvY//X0wvcEyDjx751yzvPXjH9gq9a8jDhe2/4+fWpGs/XyO4UZ/YDjvFaz29Ieffdes/Fbj3yMm4Mml7f/eteN/IFn6vJ6ZzZdxfK6z3iyv1f5/d/J645Ez3VnaB+Ozs9dHIrqTsx1p6rL00c3XGXajPB7yeEnj/8gza4//FfX/eyNifsXfnfyxfE1x7r9/9/3arD76/1CeNP4nNtX+b35j9M7A983K31j7f6LR1h/JUoz/wYIv8jDtXp5eEI6dRVnbXV8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2A1qEbEvktrQ4natNjQU0RcR/4m9talrM7PPXbj23tWJNK/x/f+1/Jt++xf2k/z7/weW7I+u2D8eEfsj4vOO3sb+0PlrUxNlXzwAAAAAAAAAAAAAAAAAAADsEH1N1v+nfusou3bAlussuwJAaQri/6cy6gFsP+0/VJf4h+oS/1Bd4h+qq8X472p3PYDtp/2H6hL/UF3iHwAAAAAAdpX9h+7+nETE/Iu9jVeqO8szvwd2t1rZFQBK4xE/UF2m/kB1uccHknXye5qetN6Za5k+/wQnAwAAAAAAAAAAAEDlHD5o/T9UlfX/UF3W/0N15ev/D5VcD2D7uccHYp2V/IXr/9c9CwAAAAAAAAAAAABop5m5G5fHp6Ymr9t4Y2dUox0b6Tu7kYPr9frNxrEtlbVnB1zpjtrIp8LvlPqs2MjX+m3srNJ+JQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACv8EwAA//8IGSKz")
r0 = openat(0xffffffffffffff9c, 0x0, 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)

10m26.151473382s ago: executing program 7 (id=1267):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
ioctl$KDGKBMODE(r0, 0x4b44, &(0x7f0000000000))

10m25.80640689s ago: executing program 7 (id=1272):
r0 = openat$misdntimer(0xffffffffffffff9c, 0x0, 0x20280, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000080)=0x14)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ec0)={&(0x7f00000003c0)='ext4_es_lookup_extent_exit\x00', r1, 0x0, 0xfffffffffffffff4}, 0x18)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1e, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x48)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x808003, &(0x7f0000000000), 0x3, 0x4fc, &(0x7f0000001500)="$eJzs3c9vG1kdAPDvOHFIdlOSBQ7LSuxGiFV3BbWTDbuNOLRFQnCqBJR7CIkTRXHiKHbaJqpQKs4ICSFAcIETFyT+ACTUPwEhVYJ7hRCogrYcOBSMxh63wdhJqtpx6nw+0uu8efPj+32uPPabmXgCOLdmIuJaRIxExPsRMZW157ISB82Srvf40Z3ltCRRr9/4exJJ1tbaV5JNX882G4+Ib34t4jtJ0mw4pLq3v7FULpd2svlibXO7WN3bv7S+ubRWWittzc/PfbRweeHDhdme9fXKV/7y4x/86qtXfveFWw8W//bed9N8J7Nlh/vRS83XJN94LVpGI2KnH8EGYCTrT/4kKyf9zwcAgKOl3/E/ERGfjYgnPxt0NgAAAEA/1K9OxtMkog4AAAAMrVzjHtgkV8juBZiMXK5QaN7D+6m4GuVKtfb51cru1krzXtnpyOdW18ul2exe4enIJ+n8XKP+fP6Dtvn5iHgjIn40NdGYLyxXyiuDPvkBAAAA50Q6zp/MNevp5J9TzfE/AAAAMGSmB50AAAAA0HfG/wAAADD8/n/8P9OcJKOnnwwAAADQa1+/fj0t9dbzr1du7u1uVG5eWilVNwqbu8uF5crOdmGtUllr/Gbf5nH7K1cq21+Mrd3bxVqpWitW9/YXNyu7W7XFxnO9F0snek40AAAA0FNvvHPvT0lEHHxpolFSY9kyY3UYbrkXWz3pVx7A6RsZdALAwLjBF84v73/guIH9+CnlAQAA9M/FTz+7/j8Rh67/X3jg+j8Muxe8/g8MEdf/4fxqu/73ixNt9LTen2SAU2WMDxx3HqDr9f/f9z4XAACgPyYbJckVsjHAZORyhULEhcZjAfLJ6nq5NBsRH4+IP07lP5bOzw06aQAAAAAAAAAAAAAAAAAAAAAAAAB4xdTrSdQBAACAoRaR+2sSEUmMR0x9brL9/MBY8q+pxjQibv38xk9uL9VqO3Np+z+etdd+mrV/MIgzGAAAAEC71ji9NY4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF56/OjOcqscan6333EffjkipjvFH43xxnQ88hHx2pMkRg9tl0TESA/iH9yNiDc7xU/StGI6y6I9fi4iJgYc//UexIfz7F56/LnW6f2Xi5nGtPP7bzQrL+vhTLfjX+7Z8W+ky/HvwjH7Hsumb93/TbFr/LsRb412Pv604o+95PH329/a3++2rP7LiIsdP3+S/4lVrG1uF6t7+5fWN5fWSmulrfn5uY8WLi98uDBbXF0vl7J/O8b44Wd++5+j+v9al/jTWf+T9v4nzZzq9c77fKdt/t/3bz/6ZKcVk4iH38/qHf7/3+wWP3vt380+B9LlF1v1g2b9sLd//Ye3j+r/Spf+jx8RP217r9tO27z/je/9uVnLn3ALAKCfqnv7G0vlcmnnVa+knTkDafSwMnM20hj2SmsUdVbyOSuVwR6XAACA3nv+pX/QmQAAAAAAAAAAAAAAAAAAAMD51fr7/9ZvOffj58QOxxtvVZLk1PsKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCU/wYAAP//VsvQDw==")
writev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000a0c100000000000244e0000", 0x58}], 0x1)
r2 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$binfmt_register(r2, &(0x7f0000000000)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x7, 0x3a, 'M', 0x3a, 'M', 0x3a, './file2', 0x3a, [0x46]}, 0x2a)

10m25.415479414s ago: executing program 7 (id=1278):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
pipe2$watch_queue(&(0x7f0000000200), 0x80)
eventfd2(0x5, 0x800)
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb77, &(0x7f0000000c40)="$eJzs3c9vFFUcAPDvzG5LKWgX40GMCTUeIDFsW0BB4gE8Gg8mkqAnXPuDNCxgaE0sIbHcTLyowZMnT2qiR6+GGPXkweiJ/8CQEFP4A2pmdnZZ6W5LYcuQ8vkks/vePJb3nSbffW86bzoBPLHGs5c0Ym9EfJ5EjBX704gYzksjEcutf3dn5cp0tiWxuvrOv0kkEXF75cp0+/9Kivdd2Us1/2T89UvEM5W1/S4sXT7XaDZnLxX1icXzH04sLF0+OH++cXb27OyFQ69OHp567cixV44M7FiXjqaf/fnmG99dO/P1Hz8ee+HTJE7E7qKt+zgGZTzGOz+TbtWIeG/QnZWkUhxPr+MEAODxk3bN4fbGWFTyUstY1OdLDQ4AAAAYiE8iYhUAAADY5hLn/wAAALDNtdcB3F65Mt3eyl2RADwqt05GRK2V/+37+1st1VjO30diKCJG7yRddwa17veuDaD/8Yj44auj+7Ittug+fKC35asR8Vyv8T/J87+W/xWPtfmfRsTkAPofv6cu/+HReZj8PzGA/uU/AAAAAAAADM71k60L+Wuv/6Wd9T/R4/pfpce1uwex8fW/9OYAugF6uHUy4vWuZ/vc6cr/Qq1S1J7K1wMMJXPzzdnJiHg6Ig7E0I6sPrVOH9/+dPzvfm3d6/+yLeu/vRawiONmdcf/PzPTWGw8zDEDLbeuRjxf7ZX/SWf8T/qs/337Pvv47fTPc/3aNs5/YKusfhOxv+f4f/eJbsn6z+ebyOcDE+1ZwVqnX/z1+379y38oTzb+j66f/7Wk+3mdC5vvY3L04Nl+bQ86/x9OTuVPFR0u9n3cWFy8NBUxnLy1dv+hzccM21E7H9r5kuX/gZd6n/+vN//Pkuz94lsijYhG8Z7VP7inzx1nfv+iXzzGfyhPlv8zmxr/N1/48t2VU/36v7/x/0g+ph8o9vj9H6zvfhO07DgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgcZJGxO5I0nqnnKb1esSuiHg2RtPmxYXFl+cufnRhJmuLqMVQOjffnJ2MiLFWPcnqU3n5bv3QPfXDEbEnIq6N7czr9emLzZmyDx4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICOXRGxO5K0HhFpXk7Ter3V9s9Y2dEBAAAAA1MrOwAAAABgyzn/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAh7dl3/UYSEcvHd+ZbZrhoGyo1MmCrpWUHAJSmUnYAQGmqZQcAlMY5PpBs0D7St8UMAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBJsn/v9RtJRCwf35lvmeGibajUyICtlpYdAFCaStkBAKWplh0AUBrn+ECyQftI3xYzCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAnycLS5XONZnP2koKCgkKnUPY3EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvZfwEAAP//vlL7zw==")
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20004801}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa0}, 0x1, 0x0, 0x0, 0x24000850}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="40000000210a010900000000000000000a0000010900020073797a31000000000900010073797a31"], 0x40}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)

10m25.006350828s ago: executing program 7 (id=1286):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='cdg\x00', 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r1}, &(0x7f0000000380), &(0x7f00000003c0)=r2}, 0x20)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='dctcp\x00', 0x6)

10m24.635810318s ago: executing program 36 (id=1286):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='cdg\x00', 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r1}, &(0x7f0000000380), &(0x7f00000003c0)=r2}, 0x20)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='dctcp\x00', 0x6)

9m30.253710142s ago: executing program 8 (id=1580):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @empty, 'veth0_to_hsr\x00'}}, 0x1e)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r1 = socket$pppoe(0x18, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$cgroup_subtree(r2, 0x0, 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f00000001c0)=0x4)
connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0x15, @local, 'bond0\x00'}}, 0x1e)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r3, &(0x7f0000000400)={0x18, 0x0, {0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 'veth0_to_hsr\x00'}}, 0x1e)
connect$pppoe(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x0, {0x15, @local, 'bond0\x00'}}, 0x1e)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0)
ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000040)=0x1)

9m29.859124467s ago: executing program 8 (id=1582):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x1, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {0x0, 0x0, 0x0, 0x1}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "a5976ac6acd41fd8"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="01000000220900"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB='\x00\x00\x00'], 0x80}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="01000000000200"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008046"], 0x48}}, 0x0)

9m29.635280906s ago: executing program 8 (id=1583):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000180)={0x0, 0x5}, 0x8)

9m28.727009541s ago: executing program 8 (id=1588):
socket$nl_generic(0x10, 0x3, 0x10)
landlock_create_ruleset(&(0x7f0000000500)={0x21c1, 0x3, 0x3}, 0x18, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x8000)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000006300)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0x24, 0x0, 0x0)
syz_fuse_handle_req(r1, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080)
ioctl$LOOP_SET_FD(r5, 0x4c00, r4)
ioctl$LOOP_SET_FD(r5, 0x4c00, r5)
dup2(r4, r1)
socket$inet6(0xa, 0x80002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
write$dsp(0xffffffffffffffff, 0x0, 0x0)
ioctl$UI_GET_SYSNAME(r4, 0x8040552c, &(0x7f0000000180))
ioctl$SNDCTL_DSP_SUBDIVIDE(0xffffffffffffffff, 0xc0045009, &(0x7f0000000100)=0xfffffff7)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r6, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x3, 0xfd}, 0x8)
ioctl$SYNC_IOC_FILE_INFO(r4, 0xc0383e04, &(0x7f0000000200)={""/32, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000540)=[{}, {}, {}, {}, {}, {}, {}]})

9m28.451790674s ago: executing program 8 (id=1592):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @empty, 'veth0_to_hsr\x00'}}, 0x1e)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r1 = socket$pppoe(0x18, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$cgroup_subtree(r2, 0x0, 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f00000001c0)=0x4)
connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0x15, @local, 'bond0\x00'}}, 0x1e)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r3, &(0x7f0000000400)={0x18, 0x0, {0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 'veth0_to_hsr\x00'}}, 0x1e)
connect$pppoe(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x0, {0x15, @local, 'bond0\x00'}}, 0x1e)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0)
ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000040)=0x1)

9m28.123446178s ago: executing program 8 (id=1593):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x1, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {0x0, 0x0, 0x0, 0x1}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "a5976ac6acd41fd8"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="01000000220900"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB='\x00\x00\x00'], 0x80}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="01000000000200"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008046"], 0x48}}, 0x0)

9m27.796651151s ago: executing program 37 (id=1593):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x1, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {0x0, 0x0, 0x0, 0x1}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "a5976ac6acd41fd8"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="01000000220900"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB='\x00\x00\x00'], 0x80}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="01000000000200"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008046"], 0x48}}, 0x0)

7m18.670131757s ago: executing program 5 (id=2066):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x33, 0x0, 0x802e2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}})
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x20801, 0x0)
write$rfkill(r0, 0x0, 0x0)
add_key$user(&(0x7f00000001c0), &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000100)="d8", 0x1, 0x0)
request_key(&(0x7f0000000400)='user\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0)

7m18.458587869s ago: executing program 5 (id=2069):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000400000004"], 0x48)
syz_io_uring_setup(0xbaf, &(0x7f0000000080)={0x0, 0xf04f, 0x80, 0x0, 0x195}, &(0x7f0000000140), 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001340)={{0x14, 0x10, 0x1, 0x0, 0x6000, {0x5}}, [@NFT_MSG_NEWSET={0x2d4, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_DESC={0x264, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x401}, @NFTA_SET_DESC_CONCAT={0x18, 0x2, 0x0, 0x1, [{0x4}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}, {0x4}]}, @NFTA_SET_DESC_CONCAT={0x180, 0x2, 0x0, 0x1, [{0x44, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x81}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1520}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}]}, {0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xab}]}, {0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x684e}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1ff}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80000001}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x44, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff01}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x42}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfffffff6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80}]}]}, @NFTA_SET_DESC_CONCAT={0xa8, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5b5}]}, {0x3c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfffffff9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80000000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x9}]}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x1}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_FLAGS={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x102, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x33c}}, 0x40)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$TCSETS2(r1, 0x402c542b, &(0x7f0000000280)={0x4c, 0x5f, 0x6, 0x3, 0x7, "00da900eaf7919c635d4a15ac41e3100", 0x80000000, 0x7fe})
r2 = dup(r1)
r3 = open(&(0x7f00000000c0)='.\x00', 0x800, 0xd0)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(r3, 0x4c45, 0xb494, 0x21, 0x0, 0x50)
creat(&(0x7f0000000180)='./file0\x00', 0x10)
mount(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380)='devtmpfs\x00', 0x4000, 0x0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x3200890, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x262)
write$UHID_INPUT(r2, &(0x7f0000000300)={0xd, {"a2e3ad21ed0d09f91b3d090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f35006c090890e0878f0e1ac6e7049b336d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc10700000032d0ad7bc946813591bd8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)

7m17.302428547s ago: executing program 5 (id=2073):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x141a82, 0x0)
sendfile(r5, r5, 0x0, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x1c, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x401}, 0x10}, 0x94)
bpf$MAP_LOOKUP_BATCH(0x1b, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[], 0x4c}}, 0x0)
openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
io_submit(0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x105042, 0x1ff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)={0x28, r1, 0xc4fc9e906872338b, 0x70bd2a, 0x0, {{0x15}, {@val={0x8}, @val={0xc, 0x99, {0xc7, 0x3a}}}}}, 0x28}}, 0x8800)

7m15.290939506s ago: executing program 5 (id=2078):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r0 = socket$pppoe(0x18, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$cgroup_subtree(r1, 0x0, 0x32600)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x15, @local, 'bond0\x00'}}, 0x1e)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x0, {0x15, @local, 'bond0\x00'}}, 0x1e)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0)
ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000040)=0x1)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x1)

7m15.140201697s ago: executing program 5 (id=2081):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="18020000040000000000000000000000850000004100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000180000850000008200000095"], &(0x7f0000000280)='syzkaller\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000680)="467493524638ba42699d55ec121d", 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

7m14.843327398s ago: executing program 5 (id=2085):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x20000000}, 0x8}, 0x94)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, 0x0, 0x0)
setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, 0x0, 0x0)
setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, &(0x7f0000000180)={@private=0xa010102, @multicast2, 0x0, "941621a61c5815f4678d8fd403f2f30229a88d74d71fd55708016d20fd419884", 0x0, 0x1}, 0x3c)
syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff)
setsockopt$MRT_FLUSH(r1, 0x0, 0xd4, &(0x7f00000003c0)=0xa, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x40050)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000480)={0x88, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bridge0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_team\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x88}}, 0x20000000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x203b}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x20048054}, 0x8000)
bind$llc(0xffffffffffffffff, 0x0, 0x0)

6m59.443222613s ago: executing program 38 (id=2085):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x20000000}, 0x8}, 0x94)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, 0x0, 0x0)
setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, 0x0, 0x0)
setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, &(0x7f0000000180)={@private=0xa010102, @multicast2, 0x0, "941621a61c5815f4678d8fd403f2f30229a88d74d71fd55708016d20fd419884", 0x0, 0x1}, 0x3c)
syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff)
setsockopt$MRT_FLUSH(r1, 0x0, 0xd4, &(0x7f00000003c0)=0xa, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x40050)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000480)={0x88, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bridge0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_team\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x88}}, 0x20000000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x203b}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x20048054}, 0x8000)
bind$llc(0xffffffffffffffff, 0x0, 0x0)

4m50.057317385s ago: executing program 9 (id=2536):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@getlink={0x28, 0x12, 0x200, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x2e82, 0x2}, [@IFLA_MASTER={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x240008c4}, 0x40054)
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000000000)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71036000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x2004c000}, 0x4000)
r1 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e23, 0x8, @local, 0x2}, 0x1c)
connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e24, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xabb7}, 0x1c)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
r3 = add_key$keyring(0x0, &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x80000000005, 0x100000001000087}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$dh_compute(0x17, &(0x7f0000000400), 0x0, 0x0, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r5, &(0x7f0000000180)={0xa, 0x4e21, 0x4, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x8000d}, 0x1c)
setsockopt$SO_TIMESTAMP(r5, 0x1, 0x1d, 0x0, 0x0)
request_key(&(0x7f00000000c0)='logon\x00', &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)='-#\x00', r3)
bind$can_raw(r2, 0x0, 0x0)
setsockopt$CAN_RAW_ERR_FILTER(r2, 0x65, 0x2, &(0x7f0000000200)=0x7, 0x4)
setsockopt$CAN_RAW_ERR_FILTER(r2, 0x65, 0x2, &(0x7f0000000000), 0x4)
syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902d90400000000000000000000000d00000524060001082400a9b309240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c0900030424020204240200"], 0x0)
syz_usb_connect(0x3, 0xf5, 0x0, 0x0)

4m47.038045241s ago: executing program 9 (id=2543):
socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000480)={<r0=>0xffffffffffffffff})
vmsplice(r0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xe, 0x4, 0x8, 0x1}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r5}, &(0x7f0000000240), &(0x7f00000006c0)=r1}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r6, r3, 0x25, 0x2, @val=@tcx}, 0x1c)
syz_emit_ethernet(0x16, &(0x7f0000000000)={@remote, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@llc={0x4, {@snap={0x1, 0xaa, "ce", "285b94", 0xf5}}}}}, 0x0)

4m46.615493936s ago: executing program 9 (id=2544):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r4, 0xc0384707, &(0x7f0000000040)={0x2, 0x2, 0x0, 0x820000, 0x3, "3eccd8f9d20000000000001000000200000500"})
close_range(r0, 0xffffffffffffffff, 0x0)

4m44.996483963s ago: executing program 9 (id=2549):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$inet6(r1, &(0x7f0000003b80)=[{{0x0, 0x0, &(0x7f00000003c0)=[{0x0}], 0x1, 0x0, 0x0, 0x7000000}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000440)='&', 0x1}], 0x1}, 0xff03}], 0x2, 0x8000)
sendmsg$can_bcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x2, 0x0, 0x0, 0x40084}, 0x8d0)

4m44.382903995s ago: executing program 9 (id=2550):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000180))
r1 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000040))
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)

4m41.210509454s ago: executing program 9 (id=2563):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0xffff60bb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x6}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x4, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0xbacf, 0x0, 0x0, 0x0, 0x3}, [@generic={0x91, 0x1, 0x1, 0xb}]}, &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x0, 0x0, 0x0)
rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
unshare(0x42000000)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x2}}, 0x2e)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r4, {}, 0x2, 0x4}}, 0x26)
ioctl$PPPIOCGL2TPSTATS(r4, 0x8004745a, &(0x7f0000000ac0))
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x81, 0xfffff034}, {0x20, 0x1, 0x0, 0xfffff024}, {0x6}]}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x4000190, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r5, 0x800448d2, &(0x7f0000000080)={0x0, 0x0})

4m25.767062506s ago: executing program 39 (id=2563):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0xffff60bb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x6}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x4, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0xbacf, 0x0, 0x0, 0x0, 0x3}, [@generic={0x91, 0x1, 0x1, 0xb}]}, &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x0, 0x0, 0x0)
rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
unshare(0x42000000)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x2}}, 0x2e)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r4, {}, 0x2, 0x4}}, 0x26)
ioctl$PPPIOCGL2TPSTATS(r4, 0x8004745a, &(0x7f0000000ac0))
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x81, 0xfffff034}, {0x20, 0x1, 0x0, 0xfffff024}, {0x6}]}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x4000190, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r5, 0x800448d2, &(0x7f0000000080)={0x0, 0x0})

26.441199777s ago: executing program 0 (id=3283):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe)
listen(r4, 0x1)
accept4$bt_l2cap(r4, 0x0, 0x0, 0x800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
read$msr(0xffffffffffffffff, &(0x7f0000032680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000002a00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fanotify_init(0x200, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0x1}, 0x6)
write$bt_hci(r5, &(0x7f0000000000)={0x1, @read_link_policy={{0x80c, 0x1}, {0xc9}}}, 0x6)

19.353569756s ago: executing program 0 (id=3295):
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c63616368657461673da32c63616368653d665363"])
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = syz_usbip_server_init(0x4)
syz_usb_connect(0x1, 0x2d, &(0x7f0000000100)=ANY=[], 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001000010700000000e9ffffff0a0000000c0002006e6c3830323131"], 0x20}, 0x1, 0x0, 0x0, 0x4046014}, 0x400c0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$usbip_server(r1, &(0x7f0000000440)=@ret_submit={{0x3, 0x1, 0x0, 0x1, 0x8}, 0xfff, 0x0, 0x34, 0x6c, 0x1000, 0x0, "", [{0x9, 0x10000, 0x8, 0x2}, {0x8000, 0x3, 0x200, 0x3}, {0x5, 0xe8, 0x6, 0xc7}, {0x4565, 0x40, 0x80000000, 0x7}, {0x1, 0x4, 0xff, 0x1}, {0x2, 0x6, 0x4, 0x6}, {0x1, 0xf17, 0x8, 0x4696}, {0x2, 0xb, 0x2, 0x1}, {0x9, 0x1, 0x8105, 0x3}, {0xe1, 0x7, 0x4, 0x8}, {0x3, 0x1, 0x270, 0xfffffff7}, {0x9, 0x4005, 0x1, 0xeab}, {0x81, 0x1, 0x2, 0xfffffff9}, {0x0, 0x0, 0x7, 0x9}, {0x7ff, 0x7, 0x8, 0x200}, {0x4, 0xf65, 0x4, 0x80000000}, {0x7ff, 0x45f8, 0xfffffff7, 0x2}, {0x429d, 0x2, 0x6, 0x4}, {0xa, 0x3, 0x3ff, 0x3}, {0xa, 0x7, 0x5, 0x47df}, {0x4, 0x6, 0x0, 0x1ff}, {0x6, 0x5, 0x100, 0xafb4}, {0x6b6, 0xd, 0x531a893b, 0x92c}, {0x5, 0x101, 0x6, 0x6}, {0x8d, 0x7, 0xfb5, 0xfffffffa}, {0x8000, 0x600, 0x7, 0x806f}, {0x3, 0x101, 0x2, 0xfffffc01}, {0x2, 0x8d, 0x7, 0x6000}, {0x6, 0x7, 0x8000, 0x7}, {0x5, 0x15431115, 0x3, 0x1}, {0x0, 0x3, 0xc}, {0x2, 0x7f, 0xfffffffb, 0x3}, {0x1ff, 0x4, 0x101, 0x2}, {0x5, 0x5, 0xffff, 0x3}, {0x2, 0x4, 0x200, 0x4}, {0x2, 0xffffffff, 0x4, 0x6}, {0x100000, 0x7ff, 0x3, 0x76f9}, {0xffff, 0x5, 0x2, 0x9}, {0x2, 0xf, 0x3, 0x1}, {0x6, 0x4, 0x2, 0xe}, {0x6, 0x6, 0xffffffff, 0x6}, {0x1, 0x401, 0xfffffffb, 0x9}, {0x6, 0x80000000, 0x7, 0xffff0db2}, {0x400, 0x6, 0x6, 0xfff}, {0x6, 0x3e39, 0x8f22, 0x540783d7}, {0x7, 0x2, 0x0, 0x7ff}, {0x3, 0x2, 0x5, 0x40}, {0x6, 0x7, 0x4, 0x9}, {0x6, 0x81, 0x4, 0xbad}, {0xc, 0xd, 0x1, 0x4}, {0x7fffffff, 0x4db7, 0x7fff, 0x6}, {0x2, 0x5, 0x3, 0xa}, {0xc, 0x200, 0x6, 0x4}, {0x400, 0x1, 0x7f, 0x200}, {0x3, 0xffffff31, 0xe, 0x7}, {0x7fffffff, 0x9, 0x9, 0x2}, {0x1, 0x4, 0x67c7, 0x400}, {0x6, 0x7fffffff, 0x5, 0x80000001}, {0xe235, 0x2, 0x6, 0x7fff}, {0x8, 0xfffffff9, 0xfffffc1f, 0x2}, {0x3, 0x7, 0xf251, 0x4}, {0x3, 0x40, 0x18, 0x6}, {0x80, 0x40000, 0x1, 0x91be}, {0x8, 0x9, 0x1, 0x83a}, {0x9, 0xc6c9, 0x6, 0xf}, {0x100, 0x6, 0x7, 0x1}, {0x60cf, 0x400, 0x4, 0x1000}, {0x80000001, 0x6, 0x9, 0x200}, {0x0, 0xfffffff5, 0x49a1}, {0x9, 0xf, 0xfffeffff, 0x8}, {0x10000, 0x6, 0x1}, {0x401, 0x1, 0x2, 0xe}, {0x9a, 0x250, 0x7, 0x8}, {0xa8, 0x9, 0x2, 0x9}, {0x5, 0xfff, 0x6, 0x7}, {0x6, 0x0, 0x8000, 0x2}, {0x8, 0x8, 0x2, 0x6}, {0x6, 0x7, 0x3, 0x80000000}, {0x5, 0x2, 0xb44, 0x80000000}, {0xfffffffb, 0x401, 0x9, 0x7fffffff}, {0x2440, 0x4, 0xff, 0x1}, {0x7fffffff, 0x6, 0x5, 0x4}, {0x6865, 0x7, 0x5, 0x3}, {0x5, 0x4, 0x8, 0x2}, {0x5, 0x4, 0x2, 0x80000001}, {0xffffffff, 0x5, 0x6, 0xf}, {0x2, 0x3, 0x10000, 0x4}, {0x100, 0x1, 0x8001, 0xfffffffd}, {0x6, 0x8001, 0x4, 0x1}, {0x1, 0x7, 0xffffffff}, {0x5, 0x9, 0x0, 0x2}, {0xffffffff, 0x2, 0x1, 0x3e}, {0x4, 0x80, 0x14000, 0xc}, {0x4, 0x100, 0xfff, 0x3}, {0xc2ca, 0x400, 0x2c9, 0xfffffffe}, {0x4, 0x400, 0xc, 0x3}, {0x100, 0x4, 0x8, 0x3}, {0x7ff, 0x1, 0x1, 0x83}, {0x5, 0x401, 0x81, 0xc000000}, {0x8, 0x7fff, 0xa3f, 0x9}, {0x2, 0x841, 0x7, 0x3}, {0x2, 0x7, 0x1, 0x2}, {0x0, 0x6, 0x2, 0x6}, {0x3, 0x5, 0x6, 0x2}, {0x7, 0xc, 0x3, 0x7}, {0x6, 0x9, 0xcd2, 0x6}, {0xa2, 0x1, 0xae, 0xa}, {0x2, 0x8, 0x24000, 0xfffffbff}]}, 0x6f0)

19.079346375s ago: executing program 1 (id=3297):
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
pipe(&(0x7f00000001c0))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r1, 0x0, r3, 0x0, 0xf3a, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f00000034c0)={0x2020}, 0xcac)
getpgid(0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x12, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
syz_pidfd_open(0x0, 0x0)
write$cgroup_pid(r3, &(0x7f0000000000), 0xffffff98)
splice(r2, 0x0, r1, 0x0, 0x100000004, 0x0)
write(r0, 0x0, 0x0)
setuid(0xee00)
clock_settime(0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xa, 0xb, 0x42, 0x2, 0x42, 0xffffffffffffffff, 0x10000}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000280), 0xffff, r5}, 0x38)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000880), 0x1006, r5, 0x0, 0xd88d02a0}, 0x38)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0d00000002000000040000000240000002"], 0x50)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0)

16.046911433s ago: executing program 0 (id=3306):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe)
listen(r4, 0x1)
accept4$bt_l2cap(r4, 0x0, 0x0, 0x800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
read$msr(0xffffffffffffffff, &(0x7f0000032680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000002a00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fanotify_init(0x200, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0x1}, 0x6)
write$bt_hci(r5, &(0x7f0000000000)={0x1, @read_link_policy={{0x80c, 0x1}, {0xc9}}}, 0x6)

10.387322479s ago: executing program 1 (id=3321):
prctl$PR_SET_MM(0x23, 0xf, &(0x7f0000ffc000/0x2000)=nil)
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000b40)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0})

7.595767634s ago: executing program 4 (id=3324):
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000280)={0x1, 0x1, 0xb8, 0x403})
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000180)={0x2, 0x1, 0x400000200, 0x2})
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f00000002c0)=0x2, 0xb, 0x2, &(0x7f0000000300)={0x77359400}, &(0x7f00000004c0)=0x1, 0x2)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000100)=0xcf5)
syz_open_pts(r2, 0x121500)
sendto$inet(0xffffffffffffffff, &(0x7f0000000580)="e1", 0xfffffffffffffef1, 0x40000, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r0, @ANYRES32, @ANYBLOB="05"], 0x10)

6.597262812s ago: executing program 4 (id=3325):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
r0 = open(&(0x7f0000000200)='./file0\x00', 0x200081, 0x4c)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000380)='./file2\x00')
link(&(0x7f0000000000)='./file1\x00', 0x0)

6.12919282s ago: executing program 4 (id=3328):
r0 = syz_open_dev$sndctrl(&(0x7f00000001c0), 0xa2a, 0x2100)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000200)=0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
mremap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
socket(0x2, 0x800, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
accept4(r1, &(0x7f0000000000)=@in={0x2, 0x0, @initdev}, &(0x7f0000000080)=0x80, 0xe44813d4cba48a7d)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000480)={'wlan0\x00'})
sendmsg$NL80211_CMD_UPDATE_FT_IES(r1, &(0x7f0000000580)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="010025bd7000ffdbdf2560000000", @ANYBLOB="cd42d2427624ed69158bb508ea0dc63ef3d7e472edbccb085484483a170bb150e6c27e99665efb9fa0f73e42778415a2a0a4a40c9983918b8ad034b88b04224ac31d840bcb66e0e706a3965608962aa9d40cf769fd0f5fb6c17a3609431e8116f0197e7f727094405a8aa3fb1aa8ecdcd3712401c34284aa4954261fb2fc8bab22a0cdb3ba3959559d8f56681e62d49c895a9bb6c477b78e"], 0x1c}, 0x1, 0x0, 0x0, 0x5000}, 0x4048044)

5.466399177s ago: executing program 3 (id=3329):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000014d564b0000000001"])
ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead)

5.404573546s ago: executing program 1 (id=3330):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@ipv6_getaddrlabel={0x24, 0x1a, 0x1, 0xfffffffd, 0x3, {0x2, 0x0, 0x78}, [@IFAL_LABEL={0x8, 0x2, 0x3}]}, 0x24}}, 0x8810)

5.403391536s ago: executing program 0 (id=3331):
openat$tun(0xffffffffffffff9c, 0x0, 0x4082c1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x40881)
recvmmsg(r3, &(0x7f0000006fc0)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x1, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000000340)="1400000016001963d25a80648c", 0xd}], 0x1}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$netlink(r4, &(0x7f0000003f40)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001840)={0x10, 0x1000}, 0x10}], 0x1}, 0x10)

5.281822589s ago: executing program 3 (id=3333):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x842, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = timerfd_create(0x0, 0x80800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xfff7fffffffffff5}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x6, 'dvmrp1\x00'})
readv(r1, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000100)=""/202, 0xca}, {&(0x7f0000000200)=""/68, 0x44}], 0x3)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0xffffffffffffff61, 0x0, 0x0})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)

5.162738417s ago: executing program 1 (id=3334):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0x14, &(0x7f0000000000), 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpeername$qrtr(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0xffffffff}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x20000080)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x2c, &(0x7f0000000200), 0x8)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20000000)
openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0)
socket(0x2, 0x80805, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f00000047c0)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)={0x18, 0x7a, 0x601, 0x0, 0x1, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x00\x00\x00'}]}, 0x18}], 0x1}, 0x0)

5.092447643s ago: executing program 4 (id=3335):
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000280)={0x1, 0x1, 0xb8, 0x403})
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000180)={0x2, 0x1, 0x400000200, 0x2})
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f00000002c0)=0x2, 0xb, 0x2, &(0x7f0000000300)={0x77359400}, &(0x7f00000004c0)=0x1, 0x2)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000100)=0xcf5)
syz_open_pts(r2, 0x121500)
sendto$inet(0xffffffffffffffff, &(0x7f0000000580)="e1", 0xfffffffffffffef1, 0x40000, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r0, @ANYRES32, @ANYBLOB="05"], 0x10)

4.287444414s ago: executing program 3 (id=3336):
shmctl$SHM_STAT_ANY(0x0, 0xf, &(0x7f0000000240)=""/107)

3.543352546s ago: executing program 3 (id=3337):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1c1}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
ioctl$EVIOCGRAB(r4, 0x40044590, &(0x7f0000000140)=0x3)

2.310304917s ago: executing program 2 (id=3338):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
write$RDMA_USER_CM_CMD_INIT_QP_ATTR(0xffffffffffffffff, &(0x7f00000001c0)={0xb, 0x10, 0xfa00, {&(0x7f00000002c0), 0xffffffffffffffff, 0x2}}, 0x18)
write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e21, 0x2, @loopback, 0xddc1}}}, 0x30)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='dctcp\x00', 0x6)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000100))
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000047}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'})
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$search(0xa, r2, 0x0, &(0x7f0000000180)={'syz', 0x0}, 0xfffffffffffffffd)
unshare(0x22020600)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'veth1_to_bridge\x00', <r4=>0x0})
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000100)={@local, 0x0, r4})
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_SIOCADDRT(r6, 0x890b, &(0x7f0000000140)={@mcast2, @mcast1, @private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0022})
ioctl$sock_inet6_SIOCADDRT(r6, 0x890b, &(0x7f0000000240)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, @dev={0xfe, 0x80, '\x00', 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r4})
socket$inet6_mptcp(0xa, 0x1, 0x106)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCADDRT(r7, 0x890b, &(0x7f0000000540)={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x0, 0x6})
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000000100)={'veth1_to_bridge\x00'})
syz_open_dev$loop(0x0, 0xffffffff00000001, 0x22a82)

1.94753181s ago: executing program 4 (id=3339):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b707000008000000850000"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000000)={0xc, r4})
ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r0, 0x3b72, &(0x7f0000000440)=ANY=[@ANYBLOB="1800007f000000000020"])

1.787433054s ago: executing program 0 (id=3340):
socket$alg(0x26, 0x5, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60})
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000380)={0x10000000})
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xc570, 0x8, 0x1, 0x40000332}, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0xfffffffffffffd11)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)

1.587179494s ago: executing program 3 (id=3341):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0)
lseek(r0, 0x7fffffffffffffff, 0x0)
fcntl$lock(r0, 0x25, &(0x7f0000000080)={0x0, 0x1, 0x10, 0x7fffffffffffffff})

1.537625464s ago: executing program 3 (id=3342):
mkdir(&(0x7f0000000380)='./file0\x00', 0x100)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x54c, 0xdf2, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0xc, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x9, 0x71, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xff}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000f00)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000000c0)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x0})
socket$inet_sctp(0x2, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

1.467676341s ago: executing program 2 (id=3343):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000014d564b0000000001"])
ioctl$KVM_KVMCLOCK_CTRL(r1, 0xaead)

1.36529239s ago: executing program 1 (id=3344):
pipe2(&(0x7f0000001040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
write$P9_RGETLOCK(r1, &(0x7f00000000c0)=ANY=[], 0xffffff6a)
pipe2(&(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
tee(r0, r3, 0xfffffffffffffc01, 0x0)
tee(r0, r3, 0x60000000000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
r4 = memfd_create(0x0, 0x2)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r4, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000190001090000000000000000021800000002fd010000000055f5722598a7e508000100ac1414000800"], 0x44}}, 0x0)
syz_init_net_socket$ax25(0x3, 0x5, 0xc5)

1.361176494s ago: executing program 2 (id=3345):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x24, 0x1, 0x1, 0x101, 0x0, 0x0, {0xa, 0x0, 0x93}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x8}]}, @CTA_TUPLE_REPLY={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x40040)

1.278222762s ago: executing program 2 (id=3346):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x8, 0xc, 0x3, 0x1}, 0x50)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
syz_io_uring_setup(0x497, 0x0, &(0x7f00000004c0), &(0x7f0000000280))
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x8002, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x2)
ioctl$RTC_SET_TIME(r1, 0x4024700a, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x5, r0, 0x4}, 0x38)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0x48, 0xd7, &(0x7f0000000180)="67bbee141baccbe6e3c8702c735ee80f725947997c7c199208c5d0925714a1b9a1f400aaae096017a250d337ba7c2ed203fe9aaeb722349b99557050adf6bcc2a03548b94467f7ab", &(0x7f0000000280)=""/215, 0x401, 0x0, 0x88, 0x2d, &(0x7f00000004c0)="1c10a13d661ce520c5b5726e65e9ec48ea7e5c224c0e0754f5346ff6cffad0314daa04fb6bd748cbbfed5b73555dea83b65dadd0eee3c5188a15216d9aac589e3be82fc92525db1392ac6f8865d27cdb33d8be1e086cee660b8cfa1cefd0853a51f7cfc257a9f360c750ea1ba16d550073834385076c75b3db41c584abfb8991ddc4824e007a3ad1", &(0x7f0000000080)="e2bac659470500d090c2db043c1a222b23010f1e141ca2a6239005d702b6ba66e1d07a987235ec1925e0449623", 0x4, 0x0, 0x80000000}, 0x50)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
getsockname$llc(r4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x4058534c, &(0x7f0000000000)={0x80, 0x8, 0x2, 0xe05, 0xe7, 0x4})
mount$nfs(&(0x7f0000000040)='\x00', &(0x7f0000000400)='./cgroup\x00', &(0x7f0000000480), 0x400, 0x0)
ioctl$SNDCTL_SEQ_SYNC(0xffffffffffffffff, 0x5100)

1.167040469s ago: executing program 2 (id=3347):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000140)='attr/prev\x00')
read$FUSE(r2, 0x0, 0x0)
setresuid(0x0, 0xee00, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = syz_io_uring_setup(0x290, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x2000000, 0x3a6}, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r3, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001"], 0x18}, 0x0, 0x40000, 0x1})
io_uring_enter(r4, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$SNDRV_CTL_IOCTL_PVERSION(r2, 0x80045500, &(0x7f0000000180))
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$VIDIOC_ENUMSTD(r1, 0xc0485619, &(0x7f00000000c0)={0xe7, 0x20, "94da23c6bb3dc1946f19f99f838cbeecefdffad6262a9d96", {0x9, 0x2}, 0xdbf9})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYRES16=r8, @ANYBLOB="010000000000000000001d00000020000180140002006e657464657673696d30000000000000080003"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x403, 0x0, 0xfffffd, {0x0, 0x0, 0x3, 0x0, 0x0, 0x40}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0x4040}]}, 0x3c}}, 0x0)

821.177837ms ago: executing program 4 (id=3348):
inotify_add_watch(0xffffffffffffffff, 0x0, 0x2800047e)
socket$kcm(0x10, 0x7, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x3}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xf, 0x0, 0x0)
close(r2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_GET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100b11b700000feffff1a000000180001801400020064756d6d7930"], 0x2c}}, 0x20040040)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)

410.25885ms ago: executing program 0 (id=3349):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x24)
ioctl$KVM_CAP_DIRTY_LOG_RING(r3, 0x4068aea3, &(0x7f0000000680))
openat$audio(0xffffff9c, 0x0, 0x1052c0, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x4000000000002fe, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r6 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r7, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000440)={r8, 0x0, 0x0, 0x0, 0x0, [<r9=>0x0], [0x7, 0x0, 0x0, 0x80]})
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x7f, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000080)={r9, 0x0, <r11=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000200)={r8, 0x0, 0x0, 0x0, 0x0, [<r12=>0x0]})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r11})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r11, 0xc04064a0, &(0x7f00000004c0)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0], 0x8, 0xa, 0x2, 0x4})
ioctl$DRM_IOCTL_MODE_ATOMIC(r6, 0xc03864bc, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r6, 0xc00c642d, &(0x7f0000000040)={r12})
close_range(r0, 0xffffffffffffffff, 0x0)

381.914968ms ago: executing program 1 (id=3350):
r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x1)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
socket$igmp6(0xa, 0x3, 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r6, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x408, 0x3}, 0x0)
r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r7, 0xc100565c, &(0x7f00000013c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x20363159, [0x0, 0x8000000], [0x8200, 0x1]}}})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r10 = socket(0x1e, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r10, 0x8933, &(0x7f0000000040))
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r11, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000580)={0x4c, r12, 0x1, 0x200000, 0x25dfdbfe, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_RINGS_RX={0x8, 0x6, 0x800}, @ETHTOOL_A_RINGS_RX_MINI={0x8}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x7}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4080001}, 0x4048806)
sendmsg$BATADV_CMD_SET_MESH(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000000f00000008000300", @ANYBLOB='\b\x002\x00\x00\x00'], 0x2c}}, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050000000000000000004400000008000300", @ANYRES32, @ANYBLOB="08002c090f00"], 0x30}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x28, r2, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0x810c}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)

0s ago: executing program 2 (id=3351):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b00)={<r0=>0xffffffffffffffff})
bind$unix(r0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0x1}, 0x18)
r2 = creat(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = pidfd_getfd(r2, 0xffffffffffffffff, 0x0)
sendmmsg(r6, &(0x7f00000002c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=[{0x110, 0x10f, 0x7, "d32690a20ef0aaa7256bd5ab52aadb5c6c79db7c1267b90c92bcc56b28420c20219c53f1c4574c9d0003ce690a3767642fa880f30760fc737ff318842e5077338a770bb70ac0fe7fb1d2f9b3871e25abc1468e91bb228a7e1a01bb6196e3817f56552393a48649e7aa86e1258f70e8836b33d1d03593aed22a0d45b9a06b61a0cc197c90d256b0d87fea3d64f695a2ed5b98f04228eb1a17237d37bbde95a3297b3e43e81c61681eca189a04830c87b1596fa5c46bf1d4ad76f9e19c94ea0f2581ebe657b640e2476fe5a21eac2bf4ccb828470fc79c91f7f7298d8a7bba0ba06cf0674729eea8eb980cd79ad9ef65465878c83323b674d902"}, {0xb8, 0x103, 0x9, "b0716dca88e49ab070da46a96d6d20e362fa2e4b08dfac36805de24f36b87826c60d140fb33078803e1b0f34d979ddb60aae81baea63f87a3a0386358a7e80b39e78266ed4729eadcd667eb70c0885b8d38ee74ed28ba88c5190afa26b9e4f14deb1ca4e84efa53560e37ee6baf1534bbb3c59bca5bf83edffd4b5c49d753caa881e30eeb78298fe5fe7ee2c2b16e180837bec99b3db323601adf8d618fce256a4caa5fe23f676"}, {0x10, 0x10d, 0x5}, {0x28, 0x201, 0x2, "c974881b7aae703c52e1ada001f611622b42"}], 0x200}}], 0x1, 0x20004000)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
openat$vsock(0xffffffffffffff9c, 0x0, 0x10000, 0x0)
mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil)
prctl$PR_SET_IO_FLUSHER(0x41, 0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
open_tree(0xffffffffffffff9c, 0x0, 0x800)
r7 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r7, 0x84, 0x23, &(0x7f0000000240)={0x0, 0x2}, 0x8)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000100)={0x2, @vbi={0x9, 0xff2, 0x7ffffffd, 0x4f565559, [0x1000, 0x1000007], [0x9, 0xffb], 0x108}})
listen(r0, 0x3841b273)

kernel console output (not intermixed with test programs):

][T11462] infiniband s
z1: Couldn't create ib_mad CQ
[  384.315415][T11462] infiniband s
z1: Couldn't open port 1
[  384.327492][T10443] lo speed is unknown, defaulting to 1000
[  384.352500][T11462] RDS/IB: s
z1: added
[  384.356702][T11462] smc: adding ib device s
z1 with port count 1
[  384.362899][T11462] smc:    ib device s
z1 port 1 has no pnetid
[  384.372469][T11462] lo speed is unknown, defaulting to 1000
[  384.610639][T11462] lo speed is unknown, defaulting to 1000
[  385.229571][T10443] lo speed is unknown, defaulting to 1000
[  385.527739][T11462] lo speed is unknown, defaulting to 1000
[  385.680038][T11462] lo speed is unknown, defaulting to 1000
[  385.835423][T11462] lo speed is unknown, defaulting to 1000
[  386.354964][T11485] binder: 11478:11485 ioctl c0306201 0 returned -14
[  387.073636][T11500] loop9: detected capacity change from 0 to 512
[  387.123551][T11500] EXT4-fs error (device loop9): ext4_orphan_get:1392: inode #15: comm syz.9.1771: casefold flag without casefold feature
[  387.142527][T11500] EXT4-fs error (device loop9): ext4_orphan_get:1397: comm syz.9.1771: couldn't read orphan inode 15 (err -117)
[  387.158938][T11500] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  387.271835][T11508] netlink: 'syz.2.1773': attribute type 10 has an invalid length.
[  387.280064][T11508] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1773'.
[  387.295568][T11508] dummy0: entered promiscuous mode
[  387.309645][T11508] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  387.710376][   T30] audit: type=1326 audit(1757193764.275:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11496 comm="syz.9.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  387.816070][   T30] audit: type=1326 audit(1757193764.275:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11496 comm="syz.9.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  387.887402][T10038] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  387.930480][   T30] audit: type=1326 audit(1757193764.275:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11496 comm="syz.9.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  388.001051][   T30] audit: type=1326 audit(1757193764.275:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11496 comm="syz.9.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  388.049751][   T30] audit: type=1326 audit(1757193764.275:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11496 comm="syz.9.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  388.118459][T11520] tipc: Started in network mode
[  388.136052][T11520] tipc: Node identity 2a9ee5f27a7d, cluster identity 4711
[  388.150850][T11525] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1778'.
[  388.196272][   T30] audit: type=1326 audit(1757193764.285:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11496 comm="syz.9.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  388.219805][T11520] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  388.227157][T11530] syzkaller0: entered promiscuous mode
[  388.239791][T11530] syzkaller0: entered allmulticast mode
[  388.246864][T11529] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1779'.
[  388.359340][   T30] audit: type=1326 audit(1757193764.285:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11496 comm="syz.9.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  388.390943][T11530] tipc: Resetting bearer <eth:syzkaller0>
[  388.400266][T11519] tipc: Resetting bearer <eth:syzkaller0>
[  388.521079][T11519] tipc: Disabling bearer <eth:syzkaller0>
[  388.539940][   T30] audit: type=1326 audit(1757193764.285:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11496 comm="syz.9.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  389.452584][T11541] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1782'.
[  392.142897][T10443] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  392.189936][T10443] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  394.105322][T11612] tipc: Started in network mode
[  394.125666][T11612] tipc: Node identity 2a180646f4db, cluster identity 4711
[  394.198356][T11612] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  394.454096][T11614] syzkaller0: entered promiscuous mode
[  394.460898][T11614] syzkaller0: entered allmulticast mode
[  395.332182][ T5957] tipc: Node number set to 3737323078
[  395.344964][T11614] tipc: Resetting bearer <eth:syzkaller0>
[  395.454345][T11611] tipc: Resetting bearer <eth:syzkaller0>
[  395.739232][T11611] tipc: Disabling bearer <eth:syzkaller0>
[  400.245327][   T30] audit: type=1326 audit(1757193776.735:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11666 comm="syz.5.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce7258ebe9 code=0x7ffc0000
[  400.410990][   T30] audit: type=1326 audit(1757193776.735:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11666 comm="syz.5.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce7258ebe9 code=0x7ffc0000
[  400.454794][   T30] audit: type=1326 audit(1757193776.735:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11666 comm="syz.5.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fce7258ebe9 code=0x7ffc0000
[  400.771118][T11680] netlink: 'syz.2.1826': attribute type 4 has an invalid length.
[  400.859609][T11681] netlink: 'syz.2.1826': attribute type 4 has an invalid length.
[  401.167383][   T30] audit: type=1326 audit(1757193776.735:1466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11666 comm="syz.5.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce7258ebe9 code=0x7ffc0000
[  401.249071][   T30] audit: type=1326 audit(1757193776.735:1467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11666 comm="syz.5.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fce7258ebe9 code=0x7ffc0000
[  401.272253][   T30] audit: type=1326 audit(1757193776.735:1468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11666 comm="syz.5.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce7258ebe9 code=0x7ffc0000
[  401.296341][   T30] audit: type=1326 audit(1757193776.735:1469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11666 comm="syz.5.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fce7258ebe9 code=0x7ffc0000
[  401.423532][   T30] audit: type=1326 audit(1757193776.745:1470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11666 comm="syz.5.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce7258ebe9 code=0x7ffc0000
[  401.642670][   T30] audit: type=1326 audit(1757193776.745:1471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11666 comm="syz.5.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fce7258ebe9 code=0x7ffc0000
[  401.868912][   T30] audit: type=1326 audit(1757193776.745:1472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11666 comm="syz.5.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce7258ebe9 code=0x7ffc0000
[  403.621273][T11720] block device autoloading is deprecated and will be removed.
[  403.934336][T11717] delete_channel: no stack
[  405.378312][T11737] random: crng reseeded on system resumption
[  406.732265][T11751] block nbd1: Send control failed (result -32)
[  406.761130][T11751] block nbd1: Request send failed, requeueing
[  406.777492][   T56] block nbd1: Dead connection, failed to find a fallback
[  406.785995][   T56] block nbd1: shutting down sockets
[  406.792635][   T56] I/O error, dev nbd1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  406.815185][T11751] I/O error, dev nbd1, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  406.837941][T11751] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  406.851850][T11751] I/O error, dev nbd1, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  406.861430][T11751] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  406.873825][T11751] I/O error, dev nbd1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  406.883648][T11751] I/O error, dev nbd1, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  406.893130][T11751] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  406.926458][T11757] loop9: detected capacity change from 0 to 512
[  406.984997][T11751] I/O error, dev nbd1, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  406.997349][T11751] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  407.007772][T11757] EXT4-fs error (device loop9): ext4_orphan_get:1392: inode #15: comm syz.9.1844: casefold flag without casefold feature
[  407.133345][T11757] EXT4-fs error (device loop9): ext4_orphan_get:1397: comm syz.9.1844: couldn't read orphan inode 15 (err -117)
[  407.135927][T11751] I/O error, dev nbd1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  407.429337][T11757] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  407.535900][T11751] I/O error, dev nbd1, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  407.549051][T11751] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  408.184881][   T30] kauditd_printk_skb: 45 callbacks suppressed
[  408.184902][   T30] audit: type=1326 audit(1757193784.755:1518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11756 comm="syz.9.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  408.217726][T11751] I/O error, dev nbd1, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  408.228262][   T30] audit: type=1326 audit(1757193784.755:1519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11756 comm="syz.9.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  408.262253][T11751] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  408.281355][   T30] audit: type=1326 audit(1757193784.775:1520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11756 comm="syz.9.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  408.315035][   T30] audit: type=1326 audit(1757193784.775:1521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11756 comm="syz.9.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  408.343654][T11751] I/O error, dev nbd1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  408.379798][T11751] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  408.389953][   T30] audit: type=1326 audit(1757193784.775:1522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11756 comm="syz.9.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  408.436210][T11751] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  408.446008][T11751] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  408.456427][   T30] audit: type=1326 audit(1757193784.775:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11756 comm="syz.9.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  408.516686][T10038] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  408.576817][   T30] audit: type=1326 audit(1757193784.775:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11756 comm="syz.9.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  408.668334][   T30] audit: type=1326 audit(1757193784.775:1525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11756 comm="syz.9.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  408.871302][   T30] audit: type=1326 audit(1757193784.775:1526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11756 comm="syz.9.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  409.043904][T11787] netlink: 'syz.1.1850': attribute type 1 has an invalid length.
[  409.052005][T11787] netlink: 'syz.1.1850': attribute type 2 has an invalid length.
[  409.858859][    T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  410.404419][    T9] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  410.420674][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  410.445106][    T9] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  410.457790][    T9] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  410.466090][    T9] usb 4-1: Product: syz
[  410.472657][    T9] usb 4-1: Manufacturer: syz
[  410.479303][    T9] usb 4-1: SerialNumber: syz
[  410.490341][    T9] usb 4-1: config 0 descriptor??
[  410.807353][    T9] usb 4-1: selecting invalid altsetting 0
[  411.254789][    T9] usb 4-1: USB disconnect, device number 3
[  411.504132][T11806] syzkaller0: entered promiscuous mode
[  411.518950][T11806] syzkaller0: entered allmulticast mode
[  411.926644][T10443] usb 10-1: new full-speed USB device number 2 using dummy_hcd
[  412.005653][T11830] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1867'.
[  412.062596][T11831] ªªªªªª: renamed from wg2 (while UP)
[  413.851738][T10443] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  413.878874][T10443] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  413.906679][T10443] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  414.060106][T10443] usb 10-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  414.077099][T10443] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.091110][T10443] usb 10-1: Product: syz
[  414.837677][T10443] usb 10-1: Manufacturer: syz
[  414.849050][T10443] usb 10-1: SerialNumber: syz
[  414.902323][T10443] usb 10-1: config 0 descriptor??
[  414.910390][T10443] usb 10-1: can't set config #0, error -71
[  414.968389][T10443] usb 10-1: USB disconnect, device number 2
[  416.282495][T11857] raw_sendmsg: syz.9.1875 forgot to set AF_INET. Fix it!
[  417.152978][T11878] geneve2: entered promiscuous mode
[  417.161992][T11878] geneve2: entered allmulticast mode
[  419.731573][T11899] fuse: Bad value for 'user_id'
[  419.764985][T11899] fuse: Bad value for 'user_id'
[  421.574453][T11920] lo speed is unknown, defaulting to 1000
[  421.581627][T11920] lo speed is unknown, defaulting to 1000
[  421.589561][T11920] lo speed is unknown, defaulting to 1000
[  423.943309][T11947] netlink: 188 bytes leftover after parsing attributes in process `syz.5.1903'.
[  424.066144][T11948] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  426.367869][T10442] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  426.534964][T10442] usb 10-1: Using ep0 maxpacket: 8
[  426.564019][T10442] usb 10-1: config index 0 descriptor too short (expected 301, got 45)
[  426.574783][T10442] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  426.625264][T10442] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  426.681127][T10442] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  426.712477][T10442] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  426.769622][T10442] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  426.798757][T10442] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.230485][T10442] usb 10-1: GET_CAPABILITIES returned 0
[  427.236114][T10442] usbtmc 10-1:16.0: can't read capabilities
[  428.726627][T10420] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  428.881399][T10420] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  428.895503][T10420] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  428.907073][T10420] usb 3-1: config 0 interface 0 has no altsetting 0
[  428.913803][T10420] usb 3-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.00
[  428.924855][T10420] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.947979][T10420] usb 3-1: config 0 descriptor??
[  429.171659][ T5976] usb 10-1: USB disconnect, device number 3
[  429.560931][T10420] hid (null): report_id 0 is invalid
[  429.633686][T10420] lenovo 0003:17EF:60EE.0007: report_id 0 is invalid
[  429.640600][T10420] lenovo 0003:17EF:60EE.0007: item 0 0 1 8 parsing failed
[  429.648619][T10420] lenovo 0003:17EF:60EE.0007: hid_parse failed
[  429.655030][T10420] lenovo 0003:17EF:60EE.0007: probe with driver lenovo failed with error -22
[  429.819349][T10420] usb 3-1: USB disconnect, device number 7
[  431.316355][T12004] netlink: 596 bytes leftover after parsing attributes in process `syz.9.1925'.
[  439.622862][T12102] gtp0: entered promiscuous mode
[  440.766668][T12114] random: crng reseeded on system resumption
[  443.175752][T12128] kvm: MWAIT instruction emulated as NOP!
[  444.578494][T12144] IPVS: lc: FWM 3 0x00000003 - no destination available
[  445.466369][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  445.472978][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  445.753533][T12148] gtp1: entered promiscuous mode
[  449.490792][T12178] IPVS: lc: FWM 3 0x00000003 - no destination available
[  452.300704][T10442] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  453.034936][T10442] usb 6-1: Using ep0 maxpacket: 8
[  453.107197][T10442] usb 6-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d
[  453.121335][T10442] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.361848][T10442] usb 6-1: Product: syz
[  453.373480][T10442] usb 6-1: Manufacturer: syz
[  453.434400][T10442] usb 6-1: SerialNumber: syz
[  453.467816][T10442] usb 6-1: config 0 descriptor??
[  453.489460][T10442] gspca_main: sonixj-2.14.0 probing 0c45:614a
[  453.566616][T10443] IPVS: starting estimator thread 0...
[  453.687253][T12234] IPVS: using max 22 ests per chain, 52800 per kthread
[  454.051136][T10442] gspca_sonixj: reg_w1 err -110
[  454.136116][T10442] sonixj 6-1:0.0: probe with driver sonixj failed with error -110
[  454.287548][T10442] usb 6-1: USB disconnect, device number 7
[  461.135175][T12300] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  461.510667][T12319] fuse: Bad value for 'fd'
[  461.534895][T12319] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  461.534895][T12319]    program syz.5.2026 not setting count and/or reply_len properly
[  463.135992][T12328] nfs: Deprecated parameter 'nointr'
[  463.166774][T12328] netlink: 60 bytes leftover after parsing attributes in process `syz.9.2034'.
[  464.953145][T12346] syz.1.2041 (12346): drop_caches: 4
[  466.298617][T12362] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  467.645275][T12364] lo speed is unknown, defaulting to 1000
[  467.658858][T12364] lo speed is unknown, defaulting to 1000
[  467.673826][T12364] lo speed is unknown, defaulting to 1000
[  469.595036][T12380] nfs: Deprecated parameter 'nointr'
[  469.856958][T12379] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2050'.
[  471.193074][T12402] IPVS: lc: FWM 3 0x00000003 - no destination available
[  472.201352][T12416] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  472.633077][T12430] nfs: Deprecated parameter 'nointr'
[  472.666565][T12430] netlink: 60 bytes leftover after parsing attributes in process `syz.9.2063'.
[  473.276617][T10420] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  473.431335][T10420] usb 3-1: config 0 interface 0 has no altsetting 0
[  473.442753][T10420] usb 3-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  473.529303][ T5957] rtc_cmos 00:00: Alarms can be up to one day in the future
[  473.551206][T12446] nfs: Bad value for 'source'
[  473.589080][T10420] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.643811][ T5957] rtc_cmos 00:00: Alarms can be up to one day in the future
[  473.754752][ T5957] rtc_cmos 00:00: Alarms can be up to one day in the future
[  473.853960][ T5957] rtc_cmos 00:00: Alarms can be up to one day in the future
[  473.958771][T10420] usb 3-1: config 0 descriptor??
[  473.979636][ T5957] rtc rtc0: __rtc_set_alarm: err=-22
[  474.469036][T12454] IPVS: lc: FWM 3 0x00000003 - no destination available
[  474.617697][T10420] input: THQ uDraw Game Tablet for PS3 Joypad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:20D6:CB17.0008/input/input6
[  475.688873][T10420] input: THQ uDraw Game Tablet for PS3 Touchpad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:20D6:CB17.0008/input/input7
[  475.930030][T10420] input: THQ uDraw Game Tablet for PS3 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:20D6:CB17.0008/input/input8
[  476.417471][T10420] input: THQ uDraw Game Tablet for PS3 Accelerometer as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:20D6:CB17.0008/input/input9
[  476.576839][T10420] hid-udraw 0003:20D6:CB17.0008: hidraw0: USB HID v8.80 Device [HID 20d6:cb17] on usb-dummy_hcd.2-1/input0
[  476.647125][T10420] usb 3-1: USB disconnect, device number 8
[  476.673229][T12476] netlink: 'syz.3.2080': attribute type 13 has an invalid length.
[  476.932313][T12484] nfs: Bad value for 'source'
[  477.699422][T12490] lo speed is unknown, defaulting to 1000
[  477.714430][T12490] lo speed is unknown, defaulting to 1000
[  477.733784][T12490] lo speed is unknown, defaulting to 1000
[  477.916344][T12494] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  477.975233][T10442] lo speed is unknown, defaulting to 1000
[  477.988116][T12499] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2088'.
[  481.104252][T12490] infiniband syz0: set active
[  481.110478][T10442] lo speed is unknown, defaulting to 1000
[  481.134526][T12490] infiniband syz0: added lo
[  481.258192][T12490] syz0: rxe_create_cq: returned err = -12
[  481.294517][T12490] infiniband syz0: Couldn't create ib_mad CQ
[  481.301082][T12490] infiniband syz0: Couldn't open port 1
[  481.483027][T12537] nfs: Bad value for 'source'
[  482.270763][T12490] RDS/IB: syz0: added
[  482.274816][T12490] smc: adding ib device syz0 with port count 1
[  482.300618][T12490] smc:    ib device syz0 port 1 has no pnetid
[  482.306916][    T9] lo speed is unknown, defaulting to 1000
[  482.317842][T12490] lo speed is unknown, defaulting to 1000
[  482.607388][T12490] lo speed is unknown, defaulting to 1000
[  482.610849][T12542] uprobe: syz.1.2099:12542 failed to unregister, leaking uprobe
[  482.646806][T12545] ucma_write: process 445 (syz.9.2101) changed security contexts after opening file descriptor, this is not allowed.
[  483.681068][T12561] loop9: detected capacity change from 0 to 512
[  483.777263][T12490] lo speed is unknown, defaulting to 1000
[  483.810321][T12561] EXT4-fs error (device loop9): ext4_orphan_get:1392: inode #15: comm syz.9.2107: casefold flag without casefold feature
[  484.580878][T12561] EXT4-fs error (device loop9): ext4_orphan_get:1397: comm syz.9.2107: couldn't read orphan inode 15 (err -117)
[  484.643832][T12561] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  485.821637][   T30] audit: type=1326 audit(1757193862.375:1527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12560 comm="syz.9.2107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  485.905172][T12576] random: crng reseeded on system resumption
[  486.626013][T12578] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2112'.
[  486.665759][T10038] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  486.666649][   T30] audit: type=1326 audit(1757193862.375:1528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12560 comm="syz.9.2107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  486.716599][   T30] audit: type=1326 audit(1757193862.375:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12560 comm="syz.9.2107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  486.844340][   T30] audit: type=1326 audit(1757193862.375:1530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12560 comm="syz.9.2107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  486.866843][    C0] vkms_vblank_simulate: vblank timer overrun
[  486.936550][   T30] audit: type=1326 audit(1757193862.375:1531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12560 comm="syz.9.2107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  486.959326][   T30] audit: type=1326 audit(1757193862.375:1532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12560 comm="syz.9.2107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  486.981864][    C0] vkms_vblank_simulate: vblank timer overrun
[  486.991239][   T30] audit: type=1326 audit(1757193862.375:1533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12560 comm="syz.9.2107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  487.026773][   T30] audit: type=1326 audit(1757193862.375:1534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12560 comm="syz.9.2107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f045838ebe9 code=0x7ffc0000
[  487.032766][T12490] lo speed is unknown, defaulting to 1000
[  487.049331][    C0] vkms_vblank_simulate: vblank timer overrun
[  487.203493][T12590] netlink: 104 bytes leftover after parsing attributes in process `syz.9.2118'.
[  491.701296][T12635] netlink: 'syz.3.2132': attribute type 25 has an invalid length.
[  492.375742][T12490] lo speed is unknown, defaulting to 1000
[  493.887800][T12630] lo speed is unknown, defaulting to 1000
[  493.895518][T12630] lo speed is unknown, defaulting to 1000
[  493.931158][T12630] lo speed is unknown, defaulting to 1000
[  494.018174][T12650] syzkaller0: entered promiscuous mode
[  494.023712][T12650] syzkaller0: entered allmulticast mode
[  494.196216][ T5873] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  494.242218][ T5873] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  494.251122][ T5873] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  494.261081][ T5873] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  494.273135][ T5873] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  494.309526][   T52] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  494.317076][   T52] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  494.326323][   T52] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  494.337819][   T52] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  494.347147][   T52] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  494.459559][T12661] nfs: Bad value for 'source'
[  496.182341][T12630] lo speed is unknown, defaulting to 1000
[  496.416619][ T5873] Bluetooth: hci5: command tx timeout
[  496.460313][T12675] IPVS: lc: FWM 3 0x00000003 - no destination available
[  496.815434][   T13] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  496.908272][T12654] lo speed is unknown, defaulting to 1000
[  496.916586][T12654] lo speed is unknown, defaulting to 1000
[  496.926043][T12654] lo speed is unknown, defaulting to 1000
[  497.793931][   T13] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  497.834741][T12654] lo speed is unknown, defaulting to 1000
[  498.091317][T12683] siw: device registration error -23
[  498.268637][   T13] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.430628][T12700] nfs: Bad value for 'source'
[  498.505740][ T5873] Bluetooth: hci5: command tx timeout
[  499.270430][   T13] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  499.602338][T12706] /dev/sg0: Can't lookup blockdev
[  500.576765][ T5873] Bluetooth: hci5: command tx timeout
[  500.824882][T12654] chnl_net:caif_netlink_parms(): no params data found
[  502.291457][   T13] bridge_slave_1: left allmulticast mode
[  502.717827][ T5873] Bluetooth: hci5: command tx timeout
[  502.999335][   T13] bridge_slave_1: left promiscuous mode
[  503.005159][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  503.060186][   T13] bridge_slave_0: left allmulticast mode
[  503.076874][   T13] bridge_slave_0: left promiscuous mode
[  503.086883][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  503.110091][T12727] Bluetooth: MGMT ver 1.23
[  503.371037][T12735] siw: device registration error -23
[  503.615596][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  503.629521][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  503.640299][   T13] bond0 (unregistering): Released all slaves
[  503.767075][   T13] tipc: Disabling bearer <udp:syz2>
[  503.777063][   T13] tipc: Left network mode
[  503.883369][T12654] bridge0: port 1(bridge_slave_0) entered blocking state
[  503.940664][T12654] bridge0: port 1(bridge_slave_0) entered disabled state
[  503.960385][T12740] nfs: Bad value for 'source'
[  504.024126][T12654] bridge_slave_0: entered allmulticast mode
[  504.167454][T12654] bridge_slave_0: entered promiscuous mode
[  504.374350][T12654] bridge0: port 2(bridge_slave_1) entered blocking state
[  504.439623][T12654] bridge0: port 2(bridge_slave_1) entered disabled state
[  504.522300][T12654] bridge_slave_1: entered allmulticast mode
[  504.636765][T12654] bridge_slave_1: entered promiscuous mode
[  504.899689][T12654] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  504.958104][T12654] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  505.162347][T12750] nfs: Deprecated parameter 'nointr'
[  505.203460][T12750] netlink: 60 bytes leftover after parsing attributes in process `syz.9.2168'.
[  505.604029][T12654] team0: Port device team_slave_0 added
[  505.651091][T12654] team0: Port device team_slave_1 added
[  505.785979][T12654] batman_adv: batadv0: Adding interface: batadv_slave_0
[  505.803797][T12654] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  505.866500][T12654] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  505.899280][T12654] batman_adv: batadv0: Adding interface: batadv_slave_1
[  505.998844][T12654] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  506.086957][T12654] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  506.741271][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  506.747792][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  507.567057][T12654] hsr_slave_0: entered promiscuous mode
[  507.577782][T12654] hsr_slave_1: entered promiscuous mode
[  507.680902][T12775] nfs: Bad value for 'source'
[  507.688123][T12654] debugfs: 'hsr0' already exists in 'hsr'
[  508.431252][T12654] Cannot create hsr debugfs directory
[  508.522522][T12776] siw: device registration error -23
[  508.749891][T12780] random: crng reseeded on system resumption
[  512.763226][   T13] hsr_slave_0: left promiscuous mode
[  512.909407][   T13] hsr_slave_1: left promiscuous mode
[  512.928375][T12810] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2181'.
[  513.233396][   T13] veth1_macvtap: left promiscuous mode
[  513.249449][   T13] veth0_macvtap: left promiscuous mode
[  513.416827][   T13] veth1_vlan: left allmulticast mode
[  513.427221][   T13] veth1_vlan: left promiscuous mode
[  513.442908][   T13] veth0_vlan: left promiscuous mode
[  515.204855][   T13] team0 (unregistering): Port device team_slave_1 removed
[  515.499734][   T13] team0 (unregistering): Port device team_slave_0 removed
[  517.384884][   T36] smc: removing ib device syz0
[  517.588044][T10420] lo speed is unknown, defaulting to 1000
[  517.626326][T10420] syz0: Port: 1 Link DOWN
[  517.712579][T12849] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  517.723098][T12850] syzkaller0: entered promiscuous mode
[  517.729083][T12850] syzkaller0: entered allmulticast mode
[  518.010426][T12858] tipc: Resetting bearer <eth:syzkaller0>
[  518.107798][T12858] tipc: Disabling bearer <eth:syzkaller0>
[  518.199886][T12869] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  518.602003][T10441] usb 3-1: new low-speed USB device number 9 using dummy_hcd
[  518.920691][T10441] usb 3-1: unable to get BOS descriptor or descriptor too short
[  519.052865][T10441] usb 3-1: config 64 has an invalid interface number: 227 but max is 0
[  519.074459][T10441] usb 3-1: config 64 has no interface number 0
[  519.143251][T10441] usb 3-1: config 64 interface 227 altsetting 9 endpoint 0x4 is Bulk; changing to Interrupt
[  519.185903][T10441] usb 3-1: config 64 interface 227 has no altsetting 0
[  519.199618][T10441] usb 3-1: string descriptor 0 read error: -22
[  519.216331][T10441] usb 3-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=cc.bf
[  519.232019][T10441] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.336025][T12879] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  519.416779][T10441] imon_raw 3-1:64.227: IR endpoint missing
[  519.630319][T12896] IPVS: lc: FWM 3 0x00000003 - no destination available
[  519.633808][T10441] usb 3-1: USB disconnect, device number 9
[  519.652548][T12894] random: crng reseeded on system resumption
[  521.103157][T12907] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  521.122895][T12907] syzkaller0: entered promiscuous mode
[  521.129227][T12907] syzkaller0: entered allmulticast mode
[  521.324797][T12913] tipc: Resetting bearer <eth:syzkaller0>
[  521.356900][T12913] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  521.407192][T12906] tipc: Resetting bearer <eth:syzkaller0>
[  521.467454][T12906] tipc: Disabling bearer <eth:syzkaller0>
[  521.676138][T12654] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  521.705019][T12654] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  521.732561][T12654] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  521.758788][   T13] IPVS: stop unused estimator thread 0...
[  521.770436][T12654] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  522.192765][T12654] 8021q: adding VLAN 0 to HW filter on device bond0
[  523.029257][T12654] 8021q: adding VLAN 0 to HW filter on device team0
[  523.094143][ T7837] bridge0: port 1(bridge_slave_0) entered blocking state
[  523.101339][ T7837] bridge0: port 1(bridge_slave_0) entered forwarding state
[  523.199242][T12936] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  523.228209][ T7837] bridge0: port 2(bridge_slave_1) entered blocking state
[  523.235430][ T7837] bridge0: port 2(bridge_slave_1) entered forwarding state
[  523.412149][T12942] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2217'.
[  524.467866][T12958] random: crng reseeded on system resumption
[  524.513515][T12960] 9pnet_fd: Insufficient options for proto=fd
[  524.537797][T12956] siw: device registration error -23
[  524.560013][T12960] xt_time: invalid argument - start or stop time greater than 23:59:59
[  524.801410][T12654] 8021q: adding VLAN 0 to HW filter on device batadv0
[  526.332405][T12654] veth0_vlan: entered promiscuous mode
[  526.355524][T12654] veth1_vlan: entered promiscuous mode
[  527.289913][T12654] veth0_macvtap: entered promiscuous mode
[  527.310056][T12654] veth1_macvtap: entered promiscuous mode
[  527.518638][T12654] batman_adv: batadv0: Interface activated: batadv_slave_0
[  527.523485][T12978] netlink: 40 bytes leftover after parsing attributes in process `syz.9.2225'.
[  527.535282][T12978] netlink: 40 bytes leftover after parsing attributes in process `syz.9.2225'.
[  527.554596][T12654] batman_adv: batadv0: Interface activated: batadv_slave_1
[  527.836389][T11708] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  527.973052][T11705] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  528.310278][T11705] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  528.333128][T11705] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  528.388828][T12985] netlink: 'syz.1.2227': attribute type 10 has an invalid length.
[  528.536887][T12989] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  528.558645][T12988] nfs: Deprecated parameter 'nointr'
[  528.566789][T12988] netlink: 60 bytes leftover after parsing attributes in process `syz.9.2228'.
[  528.589903][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  528.620189][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  528.881578][T12991] siw: device registration error -23
[  529.754062][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  529.769825][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  529.990858][T13008] random: crng reseeded on system resumption
[  530.490203][T13022] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  531.974292][T13034] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  535.121021][T13055] nfs: Deprecated parameter 'nointr'
[  535.127840][T13055] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2242'.
[  535.225780][T13064] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  535.687582][T13075] tipc: Enabled bearer <eth:vlan0>, priority 10
[  535.705828][T13075] lo speed is unknown, defaulting to 1000
[  535.712161][T13075] lo speed is unknown, defaulting to 1000
[  535.723702][T13075] lo speed is unknown, defaulting to 1000
[  535.871357][T13075] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  536.067492][T13075] lo speed is unknown, defaulting to 1000
[  536.090092][T13075] lo speed is unknown, defaulting to 1000
[  536.111053][T13075] lo speed is unknown, defaulting to 1000
[  536.131590][T13075] lo speed is unknown, defaulting to 1000
[  536.152588][T13075] lo speed is unknown, defaulting to 1000
[  536.977918][T13086] random: crng reseeded on system resumption
[  539.130911][T13101] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  539.162057][T13101] syzkaller0: entered promiscuous mode
[  539.226618][T13101] syzkaller0: entered allmulticast mode
[  539.549260][T13101] tipc: Resetting bearer <eth:syzkaller0>
[  539.555210][T13101] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  539.686686][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  539.723800][T13099] tipc: Resetting bearer <eth:syzkaller0>
[  540.146705][T13099] tipc: Disabling bearer <eth:syzkaller0>
[  540.209145][T13119] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.2259'.
[  540.363317][T13119] workqueue: name exceeds WQ_NAME_LEN. Truncating to: Ç`]Š•Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`
[  540.457944][T13121] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2258'.
[  540.474085][T13121] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2258'.
[  540.484745][T13121] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2258'.
[  540.496721][T13121] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2258'.
[  543.181436][T13138] random: crng reseeded on system resumption
[  543.346880][T13136] fuse: Unknown parameter 'grou00000000000000000000'
[  545.966861][T10420] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  546.978033][T10420] usb 10-1: Using ep0 maxpacket: 8
[  547.214113][T10420] usb 10-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice=f0.21
[  547.232959][T10420] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  547.405155][T10420] usb 10-1: Product: syz
[  547.419868][T10420] usb 10-1: Manufacturer: syz
[  547.424642][T10420] usb 10-1: SerialNumber: syz
[  547.445319][T10420] usb 10-1: config 0 descriptor??
[  547.573080][T10420] pcwd_usb: The device isn't a Human Interface Device
[  547.736485][T10442] usb 10-1: USB disconnect, device number 4
[  548.794438][T13201] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  551.042732][T13237] nfs: Bad value for 'source'
[  551.575693][T13229] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  551.652894][T13229] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  551.912210][T13243] fuse: Unknown parameter 'group_i00000000000000000000'
[  552.012936][T13248] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2301'.
[  552.056718][T11708] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  552.065434][T13248] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2301'.
[  552.075907][T11708] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  552.112402][T11708] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  552.150945][T11708] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  553.110242][T13264] netlink: 83 bytes leftover after parsing attributes in process `syz.0.2306'.
[  555.316452][T13276] nfs: Bad value for 'source'
[  556.113224][T13274] IPVS: lc: FWM 3 0x00000003 - no destination available
[  557.107497][T13284] fuse: Unknown parameter 'group_i00000000000000000000'
[  558.602059][T13297] nfs: Deprecated parameter 'nointr'
[  558.630484][T13297] ntfs3(loop2): try to read out of volume at offset 0x0
[  558.950241][T13299] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2316'.
[  559.050345][T13301] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2316'.
[  559.647986][T13305] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.2320'.
[  559.657459][T13305] openvswitch: netlink: Message has 512 unknown bytes.
[  560.019198][T13314] nfs: Bad value for 'source'
[  562.887391][T13338] nfs: Deprecated parameter 'nointr'
[  562.920294][T13338] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2329'.
[  563.600507][ T5957] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  564.701536][ T5957] usb 1-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  564.726644][ T5957] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  564.841787][ T5957] usb 1-1: Product: syz
[  564.851942][ T5957] usb 1-1: Manufacturer: syz
[  564.863121][ T5957] usb 1-1: SerialNumber: syz
[  564.907194][T13354] nfs: Bad value for 'source'
[  565.506244][ T5957] usb 1-1: config 0 descriptor??
[  565.746539][T10441] usb 10-1: new low-speed USB device number 5 using dummy_hcd
[  565.765132][ T5957] usb 1-1: USB disconnect, device number 2
[  565.843270][T13362] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  565.954079][T10441] usb 10-1: config 0 has an invalid interface number: 55 but max is 0
[  566.004664][T10441] usb 10-1: config 0 has no interface number 0
[  566.032349][T10441] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  566.078102][T10441] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  566.484481][ T5957] kernel write not supported for file /cpu/0/msr (pid: 5957 comm: kworker/0:7)
[  566.506875][T10441] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  566.546496][T10441] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  566.619453][T13373] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  566.629700][T13373] block device autoloading is deprecated and will be removed.
[  566.806757][T10441] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  566.869235][T10441] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  566.936577][T10441] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  566.945895][T10441] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  567.012732][T10441] usb 10-1: config 0 descriptor??
[  567.054251][T13355] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[  567.069669][T13355] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[  567.122920][T10441] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  567.295613][T10420] usb 10-1: USB disconnect, device number 5
[  567.330800][T10420] ldusb 10-1:0.55: LD USB Device #0 now disconnected
[  568.298082][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  568.306558][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  570.196832][T13409] nfs: Bad value for 'source'
[  570.492803][T13417] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  570.545810][T13417] tipc: Resetting bearer <eth:syzkaller0>
[  571.196322][T13414] tipc: Disabling bearer <eth:syzkaller0>
[  572.128434][T10441] tipc: Node number set to 1357112818
[  573.499069][   T30] audit: type=1800 audit(1757193950.045:1535): pid=13443 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2360" name="bus" dev="ramfs" ino=40039 res=0 errno=0
[  574.747666][T13454] nfs: Bad value for 'source'
[  577.437110][T13470] fuse: Bad value for 'fd'
[  579.469123][T13480] 9pnet: Could not find request transport: fd0xffffffffffffffff
[  581.565162][T13498] nfs: Deprecated parameter 'nointr'
[  581.571555][T13498] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2377'.
[  584.641964][T13528] comedi: valid board names for 8255 driver are:
[  584.649051][T13528]  8255
[  584.651980][T13528] comedi: valid board names for vmk80xx driver are:
[  584.658816][T13528]  vmk80xx
[  584.661922][T13528] comedi: valid board names for usbduxsigma driver are:
[  584.668987][T13528]  usbduxsigma
[  584.672453][T13528] comedi: valid board names for usbduxfast driver are:
[  584.679474][T13528]  usbduxfast
[  584.682824][T13528] comedi: valid board names for usbdux driver are:
[  584.689896][T13528]  usbdux
[  584.692929][T13528] comedi: valid board names for ni6501 driver are:
[  584.699667][T13528]  ni6501
[  584.702660][T13528] comedi: valid board names for dt9812 driver are:
[  584.709316][T13528]  dt9812
[  584.712404][T13528] comedi: valid board names for ni_labpc_cs driver are:
[  584.719543][T13528]  ni_labpc_cs
[  584.722988][T13528] comedi: valid board names for ni_daq_700 driver are:
[  584.730000][T13528]  ni_daq_700
[  584.733364][T13528] comedi: valid board names for labpc_pci driver are:
[  584.740503][T13528]  labpc_pci
[  584.743786][T13528] comedi: valid board names for adl_pci9118 driver are:
[  584.750842][T13528]  pci9118dg
[  584.754101][T13528]  pci9118hg
[  584.757394][T13528]  pci9118hr
[  584.760671][T13528] comedi: valid board names for 8255_pci driver are:
[  584.767513][T13528]  8255_pci
[  584.770693][T13528] comedi: valid board names for s526 driver are:
[  584.777693][T13528]  s526
[  584.780535][T13528] comedi: valid board names for multiq3 driver are:
[  584.787588][T13528]  multiq3
[  584.790703][T13528] comedi: valid board names for pcmuio driver are:
[  584.797321][T13528]  pcmuio48
[  584.800514][T13528]  pcmuio96
[  584.803867][T13528] comedi: valid board names for pcmmio driver are:
[  584.810620][T13528]  pcmmio
[  584.813637][T13528] comedi: valid board names for pcmda12 driver are:
[  584.821070][T13528]  pcmda12
[  584.824357][T13528] comedi: valid board names for pcmad driver are:
[  584.830941][T13528]  pcmad12
[  584.834054][T13528]  pcmad16
[  584.837161][T13528] comedi: valid board names for ni_labpc driver are:
[  584.843963][T13528]  lab-pc-1200
[  584.847461][T13528]  lab-pc-1200ai
[  584.851077][T13528]  lab-pc+
[  584.854162][T13528] comedi: valid board names for atmio16 driver are:
[  584.861027][T13528]  atmio16
[  584.864581][T13528]  atmio16d
[  584.867808][T13528] comedi: valid board names for ni_at_ao driver are:
[  584.874625][T13528]  at-ao-6
[  584.877750][T13528]  at-ao-10
[  584.880931][T13528] comedi: valid board names for ni_at_a2150 driver are:
[  584.888308][T13528]  ni_at_a2150
[  584.891781][T13528] comedi: valid board names for adq12b driver are:
[  584.898878][T13528]  adq12b
[  584.902133][T13528] comedi: valid board names for mpc624 driver are:
[  584.908797][T13528]  mpc624
[  584.911879][T13528] comedi: valid board names for c6xdigio driver are:
[  584.918721][T13528]  c6xdigio
[  584.921928][T13528] comedi: valid board names for aio_iiro_16 driver are:
[  584.929325][T13528]  aio_iiro_16
[  584.932843][T13528] comedi: valid board names for aio_aio12_8 driver are:
[  584.940001][T13528]  aio_aio12_8
[  584.944798][T13528]  aio_ai12_8
[  584.948761][T13528]  aio_ao12_4
[  584.952375][T13528] comedi: valid board names for fl512 driver are:
[  584.959107][T13528]  fl512
[  584.962205][T13528] comedi: valid board names for dmm32at driver are:
[  584.969289][T13528]  dmm32at
[  584.975308][T13528] comedi: valid board names for dt282x driver are:
[  584.983084][T13528]  dt2821
[  584.986600][T13528]  dt2821-f
[  584.992680][T13528]  dt2821-g
[  584.999694][T13528]  dt2823
[  585.016477][T13528]  dt2824-pgh
[  585.021429][T13528]  dt2824-pgl
[  585.030575][T13528]  dt2825
[  585.033573][T13528]  dt2827
[  585.036595][T13528]  dt2828
[  585.039616][T13528]  dt2829
[  585.053553][T13528]  dt21-ez
[  585.054619][T13525] nfs: Bad value for 'source'
[  585.066477][T13528]  dt23-ez
[  585.074270][T13528]  dt24-ez
[  585.079562][T13528]  dt24-ez-pgl
[  585.086491][T13528] comedi: valid board names for dt2817 driver are:
[  585.099501][T13528]  dt2817
[  585.116574][T13528] comedi: valid board names for dt2815 driver are:
[  585.126126][T13528]  dt2815
[  585.129274][T13528] comedi: valid board names for dt2814 driver are:
[  585.143160][T13528]  dt2814
[  585.150028][T13528] comedi: valid board names for dt2811 driver are:
[  585.164116][T13528]  dt2811-pgh
[  585.178727][T13528]  dt2811-pgl
[  585.186456][T13528] comedi: valid board names for dt2801 driver are:
[  585.195035][T13528]  dt2801
[  585.206905][T13528] comedi: valid board names for das6402 driver are:
[  585.234278][T13528]  das6402-12
[  585.237757][T13528]  das6402-16
[  585.241135][T13528] comedi: valid board names for das1800 driver are:
[  585.248080][T13528]  das-1701st
[  585.251473][T13528]  das-1701st-da
[  585.255088][T13528]  das-1702st
[  585.258498][T13528]  das-1702st-da
[  585.262109][T13528]  das-1702hr
[  585.265466][T13528]  das-1702hr-da
[  585.269124][T13528]  das-1701ao
[  585.272504][T13528]  das-1702ao
[  585.275846][T13528]  das-1801st
[  585.279292][T13528]  das-1801st-da
[  585.282918][T13528]  das-1802st
[  585.286295][T13528]  das-1802st-da
[  585.289976][T13528]  das-1802hr
[  585.293435][T13528]  das-1802hr-da
[  585.297094][T13528]  das-1801hc
[  585.300799][T13528]  das-1802hc
[  585.304161][T13528]  das-1801ao
[  585.307577][T13528]  das-1802ao
[  585.310931][T13528] comedi: valid board names for das800 driver are:
[  585.317660][T13528]  das-800
[  585.320776][T13528]  cio-das800
[  585.324260][T13528]  das-801
[  585.327398][T13528]  cio-das801
[  585.330756][T13528]  das-802
[  585.333839][T13528]  cio-das802
[  585.337303][T13528]  cio-das802/16
[  585.340942][T13528] comedi: valid board names for isa-das08 driver are:
[  585.347879][T13528]  isa-das08
[  585.351175][T13528]  das08-pgm
[  585.354466][T13528]  das08-pgh
[  585.357801][T13528]  das08-pgl
[  585.361165][T13528]  das08-aoh
[  585.364426][T13528]  das08-aol
[  585.367723][T13528]  das08-aom
[  585.371110][T13528]  das08/jr-ao
[  585.374671][T13528]  das08jr-16-ao
[  585.378484][T13528]  pc104-das08
[  585.381931][T13528]  das08jr/16
[  585.385287][T13528] comedi: valid board names for das16m1 driver are:
[  585.392003][T13528]  das16m1
[  585.395116][T13528] comedi: valid board names for dac02 driver are:
[  585.402023][T13528]  dac02
[  585.405136][T13528] comedi: valid board names for rti802 driver are:
[  585.411840][T13528]  rti802
[  585.414940][T13528] comedi: valid board names for rti800 driver are:
[  585.421590][T13528]  rti800
[  585.424627][T13528]  rti815
[  585.427653][T13528] comedi: valid board names for pcm3724 driver are:
[  585.434359][T13528]  pcm3724
[  585.437495][T13528] comedi: valid board names for pcl818 driver are:
[  585.444140][T13528]  pcl818l
[  585.447598][T13528]  pcl818h
[  585.450708][T13528]  pcl818hd
[  585.453899][T13528]  pcl818hg
[  585.457142][T13528]  pcl818
[  585.460164][T13528]  pcl718
[  585.463170][T13528]  pcm3718
[  585.466281][T13528] comedi: valid board names for pcl816 driver are:
[  585.472931][T13528]  pcl816
[  585.475940][T13528]  pcl814b
[  585.479057][T13528] comedi: valid board names for pcl812 driver are:
[  585.485675][T13528]  pcl812
[  585.488751][T13528]  pcl812pg
[  585.491939][T13528]  acl8112pg
[  585.495220][T13528]  acl8112dg
[  585.498569][T13528]  acl8112hg
[  585.501837][T13528]  a821pgl
[  585.505350][T13528]  a821pglnda
[  585.508822][T13528]  a821pgh
[  585.511917][T13528]  a822pgl
[  585.515029][T13528]  a822pgh
[  585.518182][T13528]  a823pgl
[  585.521300][T13528]  a823pgh
[  585.524425][T13528]  pcl813
[  585.527504][T13528]  pcl813b
[  585.530698][T13528]  acl8113
[  585.533788][T13528]  iso813
[  585.536987][T13528]  acl8216
[  585.540113][T13528]  a826pg
[  585.543121][T13528] comedi: valid board names for pcl730 driver are:
[  585.549737][T13528]  pcl730
[  585.552744][T13528]  iso730
[  585.555845][T13528]  acl7130
[  585.558954][T13528]  pcm3730
[  585.562052][T13528]  pcl725
[  585.565058][T13528]  p8r8dio
[  585.568264][T13528]  acl7225b
[  585.571448][T13528]  p16r16dio
[  585.574724][T13528]  pcl733
[  585.577772][T13528]  pcl734
[  585.580772][T13528]  opmm-1616-xt
[  585.584305][T13528]  pearl-mm-p
[  585.587697][T13528]  ir104-pbf
[  585.590981][T13528] comedi: valid board names for pcl726 driver are:
[  585.597632][T13528]  pcl726
[  585.600655][T13528]  pcl727
[  585.603647][T13528]  pcl728
[  585.606885][T13528]  acl6126
[  585.609942][T13528]  acl6128
[  585.612993][T13528] comedi: valid board names for pcl724 driver are:
[  585.619567][T13528]  pcl724
[  585.622548][T13528]  pcl722
[  585.625523][T13528]  pcl731
[  585.628501][T13528]  acl7122
[  585.631563][T13528]  acl7124
[  585.634611][T13528]  pet48dio
[  585.637783][T13528]  pcmio48
[  585.640848][T13528]  onyx-mm-dio
[  585.644254][T13528] comedi: valid board names for pcl711 driver are:
[  585.650838][T13528]  pcl711
[  585.653808][T13528]  pcl711b
[  585.656955][T13528]  acl8112hg
[  585.660275][T13528]  acl8112dg
[  585.663530][T13528] comedi: valid board names for amplc_pc263 driver are:
[  585.670594][T13528]  pc263
[  585.673512][T13528] comedi: valid board names for amplc_pc236 driver are:
[  585.680566][T13528]  pc36at
[  585.683559][T13528] comedi: valid board names for amplc_dio200 driver are:
[  585.690680][T13528]  pc212e
[  585.693703][T13528]  pc214e
[  585.696710][T13528]  pc215e
[  585.699688][T13528]  pc218e
[  585.702652][T13528]  pc272e
[  585.705633][T13528] comedi: valid board names for comedi_parport driver are:
[  585.713319][T13528]  comedi_parport
[  585.717036][T13528] comedi: valid board names for comedi_test driver are:
[  585.724046][T13528]  comedi_test
[  585.727477][T13528] comedi: valid board names for comedi_bond driver are:
[  585.734459][T13528]  comedi_bond
[  585.876517][ T5976] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  585.906521][T13541] comedi comedi3: multiq3: a I/O base address must be specified
[  586.124421][ T5976] usb 4-1: not running at top speed; connect to a high speed hub
[  586.148412][ T5976] usb 4-1: config 95 has an invalid interface number: 1 but max is 0
[  586.166221][ T5976] usb 4-1: config 95 has no interface number 0
[  586.340212][ T5976] usb 4-1: config 95 interface 1 has no altsetting 0
[  586.423082][ T5976] usb 4-1: New USB device found, idVendor=0763, idProduct=2031, bcdDevice=ad.3f
[  586.498394][ T5976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  586.604379][ T5976] usb 4-1: Product: syz
[  586.667416][ T5976] usb 4-1: Manufacturer: syz
[  586.986575][T10441] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  587.020632][ T5976] usb 4-1: SerialNumber: syz
[  587.348772][T10441] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  587.363477][ T5976] usb 4-1: can't set config #95, error -71
[  587.379299][ T5976] usb 4-1: USB disconnect, device number 4
[  587.385348][T10441] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  588.021296][T10441] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  588.054047][T10441] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.341955][T10441] usb 3-1: usb_control_msg returned -32
[  588.360160][T10441] usbtmc 3-1:16.0: can't read capabilities
[  588.559784][T13568] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2402'.
[  588.625865][T13570] IPVS: lc: FWM 3 0x00000003 - no destination available
[  589.871187][    T9] usb 3-1: USB disconnect, device number 10
[  590.893741][T13597] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2414'.
[  591.854811][T13604] netlink: 'syz.0.2415': attribute type 5 has an invalid length.
[  593.563485][T13634] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check.
[  593.574663][T13636] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2427'.
[  594.230706][T13650] (syz.3.2429,13650,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  594.240102][T13650] (syz.3.2429,13650,1):ocfs2_fill_super:1177 ERROR: status = -22
[  594.267203][T13650] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  595.291297][T13655] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2436'.
[  595.759246][T13667] random: crng reseeded on system resumption
[  598.252888][   T30] audit: type=1326 audit(1757193974.825:1536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13678 comm="syz.9.2443" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f045838ebe9 code=0x0
[  600.496966][T13689] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2443'.
[  602.109796][T10420] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  602.341431][T10420] usb 2-1: Using ep0 maxpacket: 8
[  602.348946][T10420] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  602.357288][T10420] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  602.367181][T10420] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  602.377035][T10420] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  602.394369][T10420] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  602.451988][T10420] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  602.543453][T10420] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  602.803556][T10420] usb 2-1: GET_CAPABILITIES returned 0
[  602.834297][T10420] usbtmc 2-1:16.0: can't read capabilities
[  604.528121][ T5957] usb 2-1: USB disconnect, device number 9
[  605.693916][T13760] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  605.730796][T13760] tipc: Resetting bearer <eth:syzkaller0>
[  605.775276][T13759] tipc: Disabling bearer <eth:syzkaller0>
[  605.835075][T13762] siw: device registration error -23
[  607.454599][T13784] syzkaller0: entered promiscuous mode
[  607.460354][T13784] syzkaller0: entered allmulticast mode
[  607.608282][T13789] fuse: Invalid rootmode
[  607.779582][ T1167] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  608.756770][T13803] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  608.797975][T13801] tipc: Resetting bearer <eth:syzkaller0>
[  609.067566][T13800] tipc: Disabling bearer <eth:syzkaller0>
[  610.068751][T13810] netlink: 'syz.0.2483': attribute type 5 has an invalid length.
[  610.191282][T13813] siw: device registration error -23
[  610.760522][T13820] trusted_key: encrypted_key: key user:syz not found
[  611.271721][T13833] nfs: Deprecated parameter 'nointr'
[  611.287263][T13833] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2491'.
[  611.339606][T13831] syzkaller0: entered promiscuous mode
[  611.345211][T13831] syzkaller0: entered allmulticast mode
[  611.808705][T13837] netlink: 'syz.1.2494': attribute type 1 has an invalid length.
[  611.816907][T13837] netlink: 'syz.1.2494': attribute type 2 has an invalid length.
[  616.780818][T13886] syzkaller0: entered promiscuous mode
[  616.792889][T13886] syzkaller0: entered allmulticast mode
[  617.029054][T13889] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2511'.
[  618.744103][T13908] nfs: Deprecated parameter 'nointr'
[  618.772579][T13908] ntfs3(loop3): try to read out of volume at offset 0x0
[  619.124245][T13910] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2518'.
[  620.534011][T13931] IPVS: lc: FWM 3 0x00000003 - no destination available
[  622.172010][T13951] nfs: Bad value for 'source'
[  626.178472][T13984] nfs: Bad value for 'source'
[  627.180616][T13989] tipc: New replicast peer: 255.255.255.255
[  627.190498][T13989] tipc: Enabled bearer <udp:syz2>, priority 10
[  628.306744][ T5957] tipc: Node number set to 2291894406
[  629.180614][T14012] ubi31: attaching mtd0
[  629.233279][T14012] ubi31: scanning is finished
[  629.238908][T14012] ubi31: empty MTD device detected
[  629.816211][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  629.822986][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  629.985451][T14012] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  630.250419][T14023] nfs: Bad value for 'source'
[  631.674608][T14001] bridge0: port 2(bridge_slave_1) entered disabled state
[  631.683750][T14001] bridge0: port 1(bridge_slave_0) entered disabled state
[  634.461851][T14001] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  634.505533][T14001] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  634.581244][T14055] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.2566'.
[  634.591222][T14055] openvswitch: netlink: Message has 512 unknown bytes.
[  636.127573][   T66] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  636.221068][   T66] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  636.243007][   T66] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  636.292174][   T66] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  636.510520][T14078] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2569'.
[  637.825992][T14087] nfs: Bad value for 'source'
[  638.248450][T14029] lo speed is unknown, defaulting to 1000
[  638.265911][T14029] lo speed is unknown, defaulting to 1000
[  640.141114][T14029] lo speed is unknown, defaulting to 1000
[  645.435380][T14134] fuse: Unknown parameter 'user_i00000000000000000000'
[  649.172447][   T30] audit: type=1800 audit(1757194025.125:1537): pid=14163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2594" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  649.210352][T14164] nfs: Bad value for 'source'
[  651.153251][T14168] siw: device registration error -23
[  651.299838][   T52] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  651.320727][   T52] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  651.329523][   T52] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  651.341018][   T52] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  651.358632][   T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  651.380529][ T5873] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  651.418378][ T5873] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  651.429591][ T5873] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  651.440165][ T5873] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  651.451707][ T5873] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  652.135802][T14170] lo speed is unknown, defaulting to 1000
[  652.170912][T14170] lo speed is unknown, defaulting to 1000
[  653.536556][   T52] Bluetooth: hci2: command tx timeout
[  653.547537][T14188] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  653.557474][T14170] lo speed is unknown, defaulting to 1000
[  653.864772][T14194] tipc: Resetting bearer <eth:syzkaller0>
[  654.125399][T14187] tipc: Disabling bearer <eth:syzkaller0>
[  654.333848][T14200] nfs: Bad value for 'source'
[  655.617855][   T52] Bluetooth: hci2: command tx timeout
[  656.675852][T14170] chnl_net:caif_netlink_parms(): no params data found
[  657.697304][   T52] Bluetooth: hci2: command tx timeout
[  658.488100][T14170] bridge0: port 1(bridge_slave_0) entered blocking state
[  658.530976][T14170] bridge0: port 1(bridge_slave_0) entered disabled state
[  658.576870][T14170] bridge_slave_0: entered allmulticast mode
[  658.605380][T14170] bridge_slave_0: entered promiscuous mode
[  658.630465][T14170] bridge0: port 2(bridge_slave_1) entered blocking state
[  658.655291][T14170] bridge0: port 2(bridge_slave_1) entered disabled state
[  658.673295][T14170] bridge_slave_1: entered allmulticast mode
[  658.688607][T14170] bridge_slave_1: entered promiscuous mode
[  658.768215][T14236] random: crng reseeded on system resumption
[  659.808791][   T52] Bluetooth: hci2: command tx timeout
[  659.817455][T14247] nfs: Bad value for 'source'
[  659.881924][T14170] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  659.967886][T14170] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  660.147115][T14251] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2621'.
[  660.178789][   T66] bridge_slave_1: left allmulticast mode
[  660.184594][   T66] bridge_slave_1: left promiscuous mode
[  660.208547][   T66] bridge0: port 2(bridge_slave_1) entered disabled state
[  660.236148][   T66] bridge_slave_0: left allmulticast mode
[  660.247318][   T66] bridge_slave_0: left promiscuous mode
[  660.262288][   T66] bridge0: port 1(bridge_slave_0) entered disabled state
[  660.440438][T14266] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2624'.
[  661.312902][   T66] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  661.328034][   T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  661.338483][   T66] bond0 (unregistering): Released all slaves
[  661.358557][T14170] team0: Port device team_slave_0 added
[  661.382497][T14170] team0: Port device team_slave_1 added
[  661.660058][   T66] tipc: Left network mode
[  662.496327][T14170] batman_adv: batadv0: Adding interface: batadv_slave_0
[  662.515356][T14170] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  662.770799][T14170] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  663.801290][T14170] batman_adv: batadv0: Adding interface: batadv_slave_1
[  663.810670][T14170] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  663.874885][T14170] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  663.902518][T14293] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2629'.
[  663.919357][T14293] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2629'.
[  664.002712][T14293] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2629'.
[  664.003457][   T36] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  664.015262][T14293] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2629'.
[  664.434243][   T36] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  664.451642][   T36] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  664.634111][T14301] fuse: Unknown parameter 'user_i00000000000000000000'
[  664.839103][T14170] hsr_slave_0: entered promiscuous mode
[  664.864877][T14170] hsr_slave_1: entered promiscuous mode
[  664.877737][   T36] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  664.903851][T14308] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2635'.
[  665.150098][T14309] syzkaller0: entered promiscuous mode
[  665.155769][T14309] syzkaller0: entered allmulticast mode
[  665.574378][T14321] fuse: Bad value for 'fd'
[  665.581001][T14321] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  665.581001][T14321]    program syz.0.2633 not setting count and/or reply_len properly
[  665.734618][   T66] hsr_slave_0: left promiscuous mode
[  665.755355][   T66] hsr_slave_1: left promiscuous mode
[  666.126849][   T66] batman_adv: batadv0: Removing interface: batadv_slave_0
[  666.136181][   T66] batman_adv: batadv0: Removing interface: batadv_slave_1
[  667.589355][T14336] siw: device registration error -23
[  667.974521][T14340] nfs: Deprecated parameter 'nointr'
[  668.026869][T14340] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2642'.
[  668.727231][   T66] team0 (unregistering): Port device team_slave_1 removed
[  668.832772][   T66] team0 (unregistering): Port device team_slave_0 removed
[  669.751962][T14348] fuse: Unknown parameter 'user_i00000000000000000000'
[  669.852368][T14350] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2646'.
[  670.379392][T14353] syzkaller0: entered promiscuous mode
[  670.393068][T14353] syzkaller0: entered allmulticast mode
[  671.712615][T14376] fuse: Unknown parameter 'user_id00000000000000000000'
[  673.470652][T14395] nfs: Deprecated parameter 'nointr'
[  673.489193][   T66] IPVS: stop unused estimator thread 0...
[  673.644123][T14395] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2659'.
[  674.020996][T14394] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2660'.
[  674.032084][T14394] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2660'.
[  674.215801][ T1167] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  674.225866][ T1167] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  674.244178][T14394] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2660'.
[  674.252915][ T1167] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  674.266457][T14394] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2660'.
[  674.275550][ T1167] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  675.471233][T14414] fuse: Unknown parameter 'user_id00000000000000000000'
[  675.563264][T14411] syzkaller0: entered promiscuous mode
[  675.579190][T14411] syzkaller0: entered allmulticast mode
[  675.593557][T14170] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  675.644152][T14170] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  675.669110][T14170] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  675.754477][T14170] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  675.790925][T14424] netlink: 'syz.0.2671': attribute type 12 has an invalid length.
[  676.625695][T14438] nfs: Deprecated parameter 'nointr'
[  676.645222][T14438] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2672'.
[  677.093686][T14439] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2673'.
[  677.127685][T14439] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2673'.
[  677.761997][T14439] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2673'.
[  677.774691][T14439] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2673'.
[  678.159654][T14170] 8021q: adding VLAN 0 to HW filter on device bond0
[  678.162856][T14451] fuse: Unknown parameter 'user_id00000000000000000000'
[  678.220979][T14170] 8021q: adding VLAN 0 to HW filter on device team0
[  678.234479][ T1108] bridge0: port 1(bridge_slave_0) entered blocking state
[  678.241900][ T1108] bridge0: port 1(bridge_slave_0) entered forwarding state
[  678.425300][ T1108] bridge0: port 2(bridge_slave_1) entered blocking state
[  678.432640][ T1108] bridge0: port 2(bridge_slave_1) entered forwarding state
[  679.948825][T14170] 8021q: adding VLAN 0 to HW filter on device batadv0
[  680.385844][T14480] syzkaller0: entered promiscuous mode
[  680.394306][T14480] syzkaller0: entered allmulticast mode
[  681.527434][T14170] veth0_vlan: entered promiscuous mode
[  681.573593][T14170] veth1_vlan: entered promiscuous mode
[  681.619618][T14495] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2687'.
[  681.664114][T14495] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2687'.
[  681.709497][T14495] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2687'.
[  681.726563][T14497] fuse: Bad value for 'fd'
[  681.740941][T14495] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2687'.
[  681.806437][T14170] veth0_macvtap: entered promiscuous mode
[  681.836285][T14170] veth1_macvtap: entered promiscuous mode
[  681.892760][T14170] batman_adv: batadv0: Interface activated: batadv_slave_0
[  682.127397][T14170] batman_adv: batadv0: Interface activated: batadv_slave_1
[  682.441579][   T66] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  682.456254][   T66] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  682.495729][   T66] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  682.511547][   T66] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  682.525267][T14502] syzkaller0: entered promiscuous mode
[  682.533583][T14502] syzkaller0: entered allmulticast mode
[  682.837820][ T7837] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  682.858584][ T7837] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  682.901030][ T7837] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  682.912357][ T7837] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  682.985163][T14511] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2692'.
[  684.390311][T14531] fuse: Bad value for 'fd'
[  684.879322][T14538] syzkaller0: entered promiscuous mode
[  684.899040][T14538] syzkaller0: entered allmulticast mode
[  685.624735][T14546] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2704'.
[  689.244004][T14572] fuse: Bad value for 'fd'
[  689.618709][T14576] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2714'.
[  689.639353][T14576] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2714'.
[  689.721780][T14576] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2714'.
[  689.736783][T14576] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2714'.
[  689.746553][   T13] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  689.808482][   T13] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  689.817580][   T13] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  689.827239][   T13] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  690.962882][T14584] syzkaller0: entered promiscuous mode
[  690.968601][T14584] syzkaller0: entered allmulticast mode
[  691.106158][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  691.113131][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  691.282694][T14589] syzkaller0: entered promiscuous mode
[  691.302648][T14589] syzkaller0: entered allmulticast mode
[  691.326836][T14591] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2718'.
[  696.088669][T14635] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2732'.
[  697.764232][T14650] syzkaller0: entered promiscuous mode
[  697.868115][T14650] syzkaller0: entered allmulticast mode
[  698.642464][T14664] syzkaller0: entered promiscuous mode
[  698.652697][T14664] syzkaller0: entered allmulticast mode
[  701.806783][T14702] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2754'.
[  701.846809][T14702] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2754'.
[  701.889425][T14703] siw: device registration error -23
[  701.895987][T14702] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2754'.
[  701.955189][T14702] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2754'.
[  702.277567][T14709] syzkaller0: entered promiscuous mode
[  702.313985][T14709] syzkaller0: entered allmulticast mode
[  703.095019][T14722] nfs: Bad value for 'source'
[  704.072206][ T5873] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  704.088678][ T5873] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  704.140058][ T5873] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  704.159619][ T5873] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  704.168584][ T5873] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  705.097752][T14731] syzkaller0: entered promiscuous mode
[  705.104363][T14731] syzkaller0: entered allmulticast mode
[  705.203634][   T12] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  705.266768][   T12] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  705.500892][   T12] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  705.516804][   T12] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  705.697867][   T12] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  705.730470][   T12] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  705.843834][   T12] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  705.869178][   T12] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  705.995285][T14742] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2769'.
[  706.007413][T14742] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2769'.
[  706.026525][T14742] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2769'.
[  706.036342][T14742] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2769'.
[  706.170811][T14723] lo speed is unknown, defaulting to 1000
[  706.180175][T14746] syzkaller0: entered promiscuous mode
[  706.185792][T14746] syzkaller0: entered allmulticast mode
[  706.259132][   T52] Bluetooth: hci1: command tx timeout
[  706.451008][T14723] lo speed is unknown, defaulting to 1000
[  706.626228][T14753] nfs: Bad value for 'source'
[  707.800841][T14760] random: crng reseeded on system resumption
[  708.394899][   T52] Bluetooth: hci1: command tx timeout
[  710.417110][   T52] Bluetooth: hci1: command tx timeout
[  710.687314][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  710.703203][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  710.714185][   T12] bond0 (unregistering): Released all slaves
[  710.761568][   T66] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  710.821768][T14723] lo speed is unknown, defaulting to 1000
[  710.867987][T14792] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2782'.
[  710.883392][T14792] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2782'.
[  710.910813][T14792] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2782'.
[  710.933453][T14792] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2782'.
[  711.051481][   T12] tipc: Disabling bearer <udp:syz2>
[  711.065101][   T12] tipc: Left network mode
[  711.285341][T14805] nfs: Bad value for 'source'
[  712.354408][T14810] random: crng reseeded on system resumption
[  712.861994][   T52] Bluetooth: hci1: command tx timeout
[  713.803312][T14723] chnl_net:caif_netlink_parms(): no params data found
[  714.323411][T14830] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2793'.
[  714.352436][T14830] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2793'.
[  714.492178][T14830] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2793'.
[  714.553962][  T154] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  714.567352][T14830] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2793'.
[  714.593815][ T1167] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  714.814973][ T1167] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  714.846003][ T1167] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  714.985677][T14723] bridge0: port 1(bridge_slave_0) entered blocking state
[  715.002800][T14723] bridge0: port 1(bridge_slave_0) entered disabled state
[  715.012005][T14723] bridge_slave_0: entered allmulticast mode
[  715.040280][T14723] bridge_slave_0: entered promiscuous mode
[  715.064324][   T12] hsr_slave_0: left promiscuous mode
[  715.076861][   T12] hsr_slave_1: left promiscuous mode
[  715.125273][   T12] veth1_macvtap: left promiscuous mode
[  715.131875][   T12] veth0_macvtap: left promiscuous mode
[  715.138269][   T12] veth1_vlan: left promiscuous mode
[  715.145514][   T12] veth0_vlan: left promiscuous mode
[  716.011075][T14850] nfs: Bad value for 'source'
[  717.187910][T14865] nfs: Deprecated parameter 'nointr'
[  717.243195][T14865] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2797'.
[  717.773988][   T12] team0 (unregistering): Port device team_slave_1 removed
[  717.870864][   T12] team0 (unregistering): Port device team_slave_0 removed
[  718.709625][T14723] bridge0: port 2(bridge_slave_1) entered blocking state
[  718.719779][T14723] bridge0: port 2(bridge_slave_1) entered disabled state
[  718.728950][T14723] bridge_slave_1: entered allmulticast mode
[  718.754882][T14723] bridge_slave_1: entered promiscuous mode
[  718.769153][T14837] syzkaller0: entered promiscuous mode
[  718.786585][T14837] syzkaller0: entered allmulticast mode
[  718.926634][T14846] syzkaller0: entered promiscuous mode
[  718.932760][T14846] syzkaller0: entered allmulticast mode
[  719.111440][T14723] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  719.572316][T14723] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  720.244230][T14879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2803'.
[  720.258448][T14723] team0: Port device team_slave_0 added
[  720.264880][T14879] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2803'.
[  720.282838][T14723] team0: Port device team_slave_1 added
[  720.337699][T14879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2803'.
[  720.350058][   T12] IPVS: stop unused estimator thread 0...
[  720.361212][T14879] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2803'.
[  720.454307][T14723] batman_adv: batadv0: Adding interface: batadv_slave_0
[  720.533816][T14723] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  720.663675][T14723] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  720.851477][T14723] batman_adv: batadv0: Adding interface: batadv_slave_1
[  720.889279][T14723] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  720.999049][T14723] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  721.360799][T14723] hsr_slave_0: entered promiscuous mode
[  721.384128][T14723] hsr_slave_1: entered promiscuous mode
[  721.409725][T14723] debugfs: 'hsr0' already exists in 'hsr'
[  721.456534][T14723] Cannot create hsr debugfs directory
[  724.422673][T14723] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  724.641023][T14723] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  724.782197][T14906] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2810'.
[  724.787914][T14723] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  725.018974][T14723] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  725.075338][T14910] syzkaller0: entered promiscuous mode
[  725.091047][T14910] syzkaller0: entered allmulticast mode
[  725.259137][T14918] syzkaller0: entered promiscuous mode
[  725.270830][T14918] syzkaller0: entered allmulticast mode
[  726.361371][T14723] 8021q: adding VLAN 0 to HW filter on device bond0
[  726.418097][T14723] 8021q: adding VLAN 0 to HW filter on device team0
[  726.447124][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[  726.454336][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  726.475862][  T154] bridge0: port 2(bridge_slave_1) entered blocking state
[  726.483139][  T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[  727.885643][T14948] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2822'.
[  727.987525][T14948] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2822'.
[  728.008371][T14948] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2822'.
[  728.023892][T14949] nfs: Deprecated parameter 'nointr'
[  728.090188][T14949] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2821'.
[  728.255076][T14948] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2822'.
[  728.908852][T14723] 8021q: adding VLAN 0 to HW filter on device batadv0
[  729.097526][T14723] veth0_vlan: entered promiscuous mode
[  729.153526][T14723] veth1_vlan: entered promiscuous mode
[  729.289293][T14723] veth0_macvtap: entered promiscuous mode
[  729.334148][T14723] veth1_macvtap: entered promiscuous mode
[  729.453470][T14723] batman_adv: batadv0: Interface activated: batadv_slave_0
[  729.471330][T14723] batman_adv: batadv0: Interface activated: batadv_slave_1
[  729.514953][  T154] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  729.529806][  T154] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  729.581757][  T154] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  729.613587][  T154] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  729.809938][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  729.848417][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  729.966534][ T1159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  729.992941][ T1159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  731.493468][   T66] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  731.639299][   T66] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  732.809067][T14986] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2833'.
[  732.825319][T14986] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2833'.
[  732.842652][ T5873] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  732.843216][T14986] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2833'.
[  732.864581][T14986] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2833'.
[  732.865734][ T5873] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  732.882425][   T66] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  732.956781][ T5873] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  732.967873][ T5873] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  732.978898][ T5873] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  733.024999][   T66] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  733.441901][   T66] bridge_slave_1: left allmulticast mode
[  733.464743][   T66] bridge_slave_1: left promiscuous mode
[  733.490936][   T66] bridge0: port 2(bridge_slave_1) entered disabled state
[  733.532601][   T66] bridge_slave_0: left allmulticast mode
[  733.562733][   T66] bridge_slave_0: left promiscuous mode
[  733.595565][   T66] bridge0: port 1(bridge_slave_0) entered disabled state
[  735.070875][ T5873] Bluetooth: hci0: command tx timeout
[  735.532160][   T66] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  735.587210][   T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  735.604833][   T66] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  735.616168][   T66] bond0 (unregistering): Released all slaves
[  735.653279][T14990] lo speed is unknown, defaulting to 1000
[  735.660112][T15010] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2839'.
[  735.689909][T14990] lo speed is unknown, defaulting to 1000
[  735.715009][T15017] syzkaller0: entered promiscuous mode
[  735.745653][T15017] syzkaller0: entered allmulticast mode
[  735.843518][   T66] tipc: Disabling bearer <udp:syz2>
[  735.855667][   T66] tipc: Left network mode
[  736.629564][T15026] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  737.056130][T14990] lo speed is unknown, defaulting to 1000
[  737.141136][ T5873] Bluetooth: hci0: command tx timeout
[  738.237616][   T66] hsr_slave_0: left promiscuous mode
[  738.275534][   T66] hsr_slave_1: left promiscuous mode
[  738.282081][   T66] batman_adv: batadv0: Removing interface: batadv_slave_0
[  738.297198][   T66] batman_adv: batadv0: Removing interface: batadv_slave_1
[  739.226581][ T5873] Bluetooth: hci0: command tx timeout
[  740.000432][   T66] team0 (unregistering): Port device team_slave_1 removed
[  740.119156][   T66] team0 (unregistering): Port device team_slave_0 removed
[  740.132228][  T154] smc: removing ib device syz!
[  741.296647][ T5873] Bluetooth: hci0: command tx timeout
[  741.354647][T14990] chnl_net:caif_netlink_parms(): no params data found
[  742.922531][T15084] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2858'.
[  744.097557][T15084] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2858'.
[  744.185083][T15084] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2858'.
[  744.295654][T15084] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2858'.
[  744.597204][T14990] bridge0: port 1(bridge_slave_0) entered blocking state
[  744.638414][T14990] bridge0: port 1(bridge_slave_0) entered disabled state
[  744.661724][T14990] bridge_slave_0: entered allmulticast mode
[  744.680246][T14990] bridge_slave_0: entered promiscuous mode
[  744.727640][T14990] bridge0: port 2(bridge_slave_1) entered blocking state
[  744.751453][T14990] bridge0: port 2(bridge_slave_1) entered disabled state
[  744.778384][T14990] bridge_slave_1: entered allmulticast mode
[  744.887044][T14990] bridge_slave_1: entered promiscuous mode
[  746.525926][T14990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  746.568678][T14990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  746.820726][T15115] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  746.932056][T15116] syzkaller0: entered promiscuous mode
[  746.976647][T15116] syzkaller0: entered allmulticast mode
[  747.044381][T14990] team0: Port device team_slave_0 added
[  747.151890][T14990] team0: Port device team_slave_1 added
[  747.204759][T15118] syzkaller0: entered promiscuous mode
[  747.218927][T15118] syzkaller0: entered allmulticast mode
[  747.500083][   T66] IPVS: stop unused estimator thread 0...
[  747.639708][T14990] batman_adv: batadv0: Adding interface: batadv_slave_0
[  747.676255][T14990] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  747.705755][T14990] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  747.832981][T15128] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2870'.
[  747.942452][T14990] batman_adv: batadv0: Adding interface: batadv_slave_1
[  747.987435][T14990] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  748.113761][T14990] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  748.393004][T14990] hsr_slave_0: entered promiscuous mode
[  748.428446][T14990] hsr_slave_1: entered promiscuous mode
[  748.462928][T14990] debugfs: 'hsr0' already exists in 'hsr'
[  748.480055][T14990] Cannot create hsr debugfs directory
[  748.513181][T15135] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2873'.
[  748.526958][T15135] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2873'.
[  748.598717][T15135] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2873'.
[  748.615980][T15135] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2873'.
[  748.680835][   T12] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  748.836579][   T12] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  748.859821][   T12] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  748.908121][T15142] fuse: Bad value for 'fd'
[  748.937696][T15142] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  748.937696][T15142]    program syz.4.2874 not setting count and/or reply_len properly
[  748.986070][ T7837] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  750.919810][T15152] random: crng reseeded on system resumption
[  751.806006][T14990] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  751.819472][T14990] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  751.841151][T15155] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  751.865595][T14990] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  751.905684][T15155] syzkaller0: entered promiscuous mode
[  751.926292][T15155] syzkaller0: entered allmulticast mode
[  751.970621][T14990] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  752.429324][T15170] delete_channel: no stack
[  752.531809][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  752.539619][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  753.097709][T14990] 8021q: adding VLAN 0 to HW filter on device bond0
[  753.124017][T14990] 8021q: adding VLAN 0 to HW filter on device team0
[  753.187576][ T7837] bridge0: port 1(bridge_slave_0) entered blocking state
[  753.194826][ T7837] bridge0: port 1(bridge_slave_0) entered forwarding state
[  753.310105][T15178] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2883'.
[  753.398011][ T7837] bridge0: port 2(bridge_slave_1) entered blocking state
[  753.405876][ T7837] bridge0: port 2(bridge_slave_1) entered forwarding state
[  753.600865][T15185] overlayfs: missing 'lowerdir'
[  754.948474][T14990] 8021q: adding VLAN 0 to HW filter on device batadv0
[  755.131913][T14990] veth0_vlan: entered promiscuous mode
[  755.324644][T14990] veth1_vlan: entered promiscuous mode
[  755.411730][T15201] random: crng reseeded on system resumption
[  756.425935][T14990] veth0_macvtap: entered promiscuous mode
[  756.453291][T14990] veth1_macvtap: entered promiscuous mode
[  756.539931][T14990] batman_adv: batadv0: Interface activated: batadv_slave_0
[  756.592145][T14990] batman_adv: batadv0: Interface activated: batadv_slave_1
[  756.674756][ T7837] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  756.710630][   T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  756.746505][   T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  756.769463][   T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  756.935001][T15211] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2892'.
[  757.002739][T15211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2892'.
[  757.013056][T15211] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2892'.
[  757.023165][T15211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2892'.
[  757.063165][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  757.084011][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  757.188669][ T7837] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  757.219478][ T7837] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  757.235479][T15212] fuse: Bad value for 'fd'
[  757.252592][T15212] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  757.252592][T15212]    program syz.3.2890 not setting count and/or reply_len properly
[  757.503147][T15219] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2894'.
[  760.138450][T15243] random: crng reseeded on system resumption
[  761.172251][T15246] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2903'.
[  762.658310][T15262] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2907'.
[  763.399391][T15269] netlink: 'syz.2.2910': attribute type 5 has an invalid length.
[  764.456794][T15277] nfs: Bad value for 'source'
[  764.647725][T15280] syzkaller0: entered promiscuous mode
[  764.653267][T15280] syzkaller0: entered allmulticast mode
[  764.939981][T15288] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2916'.
[  765.646075][T15298] fuse: Bad value for 'fd'
[  765.660729][T15298] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  765.660729][T15298]    program syz.0.2917 not setting count and/or reply_len properly
[  766.047319][T15303] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2921'.
[  766.598781][T15316] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2924'.
[  767.970659][T15322] nfs: Bad value for 'source'
[  768.094947][T15324] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  768.251254][T15326] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2930'.
[  768.260367][T15326] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2930'.
[  768.273997][T15326] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2930'.
[  768.283401][T15326] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2930'.
[  768.297417][T15324] syzkaller0: entered promiscuous mode
[  768.302946][T15324] syzkaller0: entered allmulticast mode
[  768.875285][T15340] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2934'.
[  769.081552][T15332] bridge0: port 2(bridge_slave_1) entered disabled state
[  769.089298][T15332] bridge0: port 1(bridge_slave_0) entered disabled state
[  769.518754][T15332] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  769.579698][T15332] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  769.591983][T15351] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  769.686622][T15351] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  769.949374][T15355] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  769.949374][T15355]    program syz.2.2938 not setting count and/or reply_len properly
[  769.998456][T15357] nfs: Bad value for 'source'
[  770.732964][   T36] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  770.745345][   T36] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  770.786551][   T36] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  770.818904][   T36] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  770.836940][ T1159] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  770.880682][ T1159] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  770.942110][ T1159] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  770.986534][ T1159] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  772.475559][T15370] syzkaller0: entered promiscuous mode
[  772.511124][T15370] syzkaller0: entered allmulticast mode
[  772.542458][T15374] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2944'.
[  772.600857][T15374] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2944'.
[  772.671113][T15374] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2944'.
[  772.731527][T15374] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2944'.
[  772.924811][T15385] netlink: 'syz.0.2948': attribute type 5 has an invalid length.
[  773.108025][T15383] nfs: Bad value for 'source'
[  773.396619][T15390] gtp0: entered promiscuous mode
[  773.503128][T15393] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  773.503211][T15393] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  773.643060][T15398] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2954'.
[  774.251096][T15407] nfs: Deprecated parameter 'nointr'
[  774.280105][T15407] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2956'.
[  774.836141][T15414] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  774.836141][T15414]    program syz.0.2953 not setting count and/or reply_len properly
[  775.188221][ T5873] Bluetooth: hci2: command 0x0406 tx timeout
[  775.673680][T15421] syzkaller0: entered promiscuous mode
[  775.679809][T15421] syzkaller0: entered allmulticast mode
[  776.095496][T15425] nfs: Bad value for 'source'
[  776.163660][T15427] gtp0: entered promiscuous mode
[  776.263926][T15429] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  776.379651][T15429] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  776.889184][T15434] netlink: 'syz.4.2966': attribute type 5 has an invalid length.
[  778.466012][T15448] nfs: Deprecated parameter 'nointr'
[  778.509233][T15448] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2970'.
[  778.968253][T15449] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  779.297551][T15456] nfs: Bad value for 'source'
[  780.074656][T15463] overlayfs: missing 'lowerdir'
[  780.204396][T15468] netlink: 'syz.2.2979': attribute type 5 has an invalid length.
[  781.335971][T15478] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  781.335971][T15478]    program syz.0.2977 not setting count and/or reply_len properly
[  783.125765][T15498] nfs: Bad value for 'source'
[  783.171168][T15500] gtp0: entered promiscuous mode
[  783.347027][T15503] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  783.407545][T15503] syzkaller0: entered promiscuous mode
[  783.413711][T15503] syzkaller0: entered allmulticast mode
[  783.534420][T15507] overlayfs: missing 'lowerdir'
[  784.735212][T15521] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  784.747258][T15521] syzkaller0: entered promiscuous mode
[  784.747282][T15521] syzkaller0: entered allmulticast mode
[  785.109947][T15529] nfs: Bad value for 'source'
[  785.404953][T15538] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  785.440788][T15538] syzkaller0: entered promiscuous mode
[  785.446519][T15538] syzkaller0: entered allmulticast mode
[  785.824546][T15549] fuse: Bad value for 'fd'
[  785.837929][T15549] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  785.837929][T15549]    program syz.2.3004 not setting count and/or reply_len properly
[  787.408282][T15565] nfs: Deprecated parameter 'nointr'
[  787.435908][T15565] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3012'.
[  789.622289][T15587] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  789.669996][T15587] syzkaller0: entered promiscuous mode
[  789.703689][T15587] syzkaller0: entered allmulticast mode
[  790.587986][T15601] dlm: non-version read from control device 126
[  790.682104][T15601] dlm: non-version read from control device 126
[  790.717900][T15601] dlm: non-version read from control device 126
[  790.742719][T15601] dlm: non-version read from control device 126
[  790.768131][T15601] dlm: non-version read from control device 126
[  790.808621][T15601] dlm: non-version read from control device 126
[  790.834567][T15601] dlm: non-version read from control device 126
[  790.887349][T15601] dlm: non-version read from control device 126
[  790.917092][T15601] dlm: non-version read from control device 126
[  790.923811][T15601] dlm: non-version read from control device 126
[  790.940912][T15601] dlm: non-version read from control device 126
[  790.955188][T15601] dlm: non-version read from control device 126
[  790.971522][T15601] dlm: non-version read from control device 126
[  790.989170][T15601] dlm: non-version read from control device 126
[  791.003109][T15601] dlm: non-version read from control device 126
[  791.013932][T15601] dlm: non-version read from control device 126
[  791.021818][T15601] dlm: non-version read from control device 126
[  791.037081][T15609] overlayfs: missing 'workdir'
[  791.040780][T15601] dlm: non-version read from control device 126
[  791.049187][T15601] dlm: non-version read from control device 126
[  791.055632][T15601] dlm: non-version read from control device 126
[  791.067550][T15601] dlm: non-version read from control device 126
[  791.074143][T15601] dlm: non-version read from control device 126
[  791.088734][T15601] dlm: non-version read from control device 126
[  791.095172][T15601] dlm: non-version read from control device 126
[  791.106074][T15601] dlm: non-version read from control device 126
[  791.295922][T15601] dlm: non-version read from control device 126
[  791.363978][T15601] dlm: non-version read from control device 126
[  791.370617][T15601] dlm: non-version read from control device 126
[  791.378383][T15601] dlm: non-version read from control device 126
[  791.404942][T15601] dlm: non-version read from control device 126
[  791.597755][T15601] dlm: non-version read from control device 126
[  791.807557][T15601] dlm: non-version read from control device 126
[  791.966408][T15601] dlm: non-version read from control device 126
[  791.987493][T15614] netlink: 'syz.1.3029': attribute type 10 has an invalid length.
[  792.028607][T15614] team0: Device hsr_slave_0 failed to register rx_handler
[  792.239648][T15624] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  792.249949][T15624] syzkaller0: entered promiscuous mode
[  792.255535][T15624] syzkaller0: entered allmulticast mode
[  792.441076][T15621] netlink: 'syz.3.3032': attribute type 5 has an invalid length.
[  792.818187][   T30] audit: type=1326 audit(1757194169.395:1538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15613 comm="syz.1.3029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2ccb8ebe9 code=0x7fc00000
[  793.320541][T15635] gtp0: entered promiscuous mode
[  793.360633][T15638] overlayfs: missing 'workdir'
[  795.227848][T10420] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  795.260841][T15670] overlayfs: missing 'workdir'
[  795.536472][T10420] usb 2-1: Using ep0 maxpacket: 32
[  795.544432][T10420] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  795.581031][T10420] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  795.603320][T10420] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  795.619579][T10420] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  795.649851][T10420] usb 2-1: config 0 interface 0 has no altsetting 0
[  795.659508][T10420] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  795.671071][T10420] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  795.684083][T10420] usb 2-1: Product: syz
[  795.691753][T10420] usb 2-1: Manufacturer: syz
[  795.708400][T10420] usb 2-1: SerialNumber: syz
[  795.761215][T10420] usb 2-1: config 0 descriptor??
[  795.918229][T10420] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  796.840051][T10420] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  798.176737][T10441] usb 2-1: USB disconnect, device number 10
[  798.199775][T10441] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  803.658294][T15739] nfs: Bad value for 'source'
[  804.063138][T15743] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3071'.
[  805.308101][T15751] ieee802154 phy0 wpan0: encryption failed: -22
[  808.539113][T15777] nfs: Bad value for 'source'
[  808.614840][T15778] netlink: 256 bytes leftover after parsing attributes in process `syz.1.3078'.
[  809.365030][T15786] 8021q: adding VLAN 0 to HW filter on device bond0
[  809.384975][T15786] 8021q: adding VLAN 0 to HW filter on device team0
[  809.805844][T15788] nfs: Deprecated parameter 'nointr'
[  809.833023][T15788] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3083'.
[  810.245727][T15786] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  811.162765][T15798] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  812.975657][T15815] lo speed is unknown, defaulting to 1000
[  813.686084][T15815] lo speed is unknown, defaulting to 1000
[  813.966913][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  813.973294][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  814.981451][T15832] random: crng reseeded on system resumption
[  816.835666][T15836] nfs: Deprecated parameter 'nointr'
[  816.881312][T15836] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3097'.
[  819.391532][T15856] syzkaller0: entered promiscuous mode
[  819.480399][T15856] syzkaller0: entered allmulticast mode
[  819.704825][T15864] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3108'.
[  819.870430][T15867] syzkaller0: entered promiscuous mode
[  819.886274][T15867] syzkaller0: entered allmulticast mode
[  822.615273][T15903] binder: 15897:15903 ioctl c0306201 200000000080 returned -14
[  823.492390][T15909] syzkaller0: entered promiscuous mode
[  823.500610][T15909] syzkaller0: entered allmulticast mode
[  825.456950][T15907] Bluetooth: hci0: command 0x0405 tx timeout
[  828.926487][T15940] nfs: Deprecated parameter 'nointr'
[  828.953875][T15940] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3133'.
[  830.508788][T15951] loop6: detected capacity change from 0 to 63
[  830.559841][T15951] Buffer I/O error on dev loop6, logical block 0, async page read
[  830.613839][T15951] Buffer I/O error on dev loop6, logical block 0, async page read
[  830.734962][T15953] syzkaller0: entered promiscuous mode
[  830.771265][T15953] syzkaller0: entered allmulticast mode
[  831.155762][T15959] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3140'.
[  831.218713][T15959] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3140'.
[  831.376749][T15907] Bluetooth: hci1: command 0x0406 tx timeout
[  832.509194][T15976] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  832.516607][T15976] overlayfs: failed to set xattr on upper
[  832.522410][T15976] overlayfs: ...falling back to redirect_dir=nofollow.
[  832.529388][T15976] overlayfs: ...falling back to index=off.
[  832.535364][T15976] overlayfs: ...falling back to uuid=null.
[  832.607288][T15977] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  835.715068][   T52] Bluetooth: hci2: Invalid handle: 0x6ec9 > 0x0eff
[  837.206479][ T5957] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  837.438649][ T5957] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  837.451294][ T5957] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  837.470347][ T5957] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  837.497150][ T5957] usb 1-1: config 0 descriptor??
[  837.874057][ T5976] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  838.852911][ T5957] keytouch 0003:0926:3333.0009: fixing up Keytouch IEC report descriptor
[  838.870241][T16022] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  838.891463][ T5957] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0009/input/input10
[  838.897436][ T5976] usb 3-1: Using ep0 maxpacket: 8
[  838.903705][T16022] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  838.963516][ T5976] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  839.032270][ T5976] usb 3-1: config 6 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  839.100332][ T5957] keytouch 0003:0926:3333.0009: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[  839.110189][ T5976] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  839.139619][ T5976] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  839.166445][ T5976] usb 3-1: Product: syz
[  839.183958][ T5976] usb 3-1: Manufacturer: syz
[  839.203031][ T5976] usb 3-1: SerialNumber: syz
[  839.210257][T16028] syzkaller0: entered promiscuous mode
[  839.216207][T16028] syzkaller0: entered allmulticast mode
[  839.248865][ T5976] hso 3-1:6.0: Can't find BULK IN endpoint
[  839.287091][ T5957] usb 1-1: USB disconnect, device number 3
[  839.451292][T16015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  839.491001][T16015] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  839.571359][ T5976] usb 3-1: USB disconnect, device number 11
[  840.743592][T16038] nfs: Deprecated parameter 'nointr'
[  841.009990][T16034] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3166'.
[  843.749982][T16059] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3171'.
[  846.797944][T16093] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3182'.
[  849.490592][T16121] ubi31: attaching mtd0
[  849.498553][T16121] ubi31: scanning is finished
[  850.120931][T16121] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  851.443943][T16142] netlink: 'syz.0.3195': attribute type 5 has an invalid length.
[  853.017107][T16152] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3196'.
[  853.516688][T10442] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  853.713747][T10442] usb 2-1: config 0 has no interfaces?
[  854.155304][T10442] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  854.186557][T10442] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  854.201274][T10442] usb 2-1: Product: syz
[  854.209630][T10442] usb 2-1: Manufacturer: syz
[  854.269202][T10442] usb 2-1: SerialNumber: syz
[  854.310892][T10442] usb 2-1: config 0 descriptor??
[  854.496527][T15907] Bluetooth: hci1: command 0x0406 tx timeout
[  854.714929][T16163] binder: 16159:16163 ioctl c0306201 200000000080 returned -14
[  855.340035][T16154] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3198'.
[  855.558591][T14045] usb 2-1: USB disconnect, device number 11
[  856.152121][T16181] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3207'.
[  857.226488][T15907] Bluetooth: hci0: command 0x0405 tx timeout
[  858.800504][T16208] binder: 16197:16208 ioctl c0306201 200000000080 returned -14
[  859.808095][T16212] netlink: 'syz.3.3216': attribute type 1 has an invalid length.
[  861.008906][T16224] netlink: 172 bytes leftover after parsing attributes in process `syz.0.3218'.
[  861.039985][T16224] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3218'.
[  861.062978][T16224] netlink: 172 bytes leftover after parsing attributes in process `syz.0.3218'.
[  861.072282][T16224] netlink: 100 bytes leftover after parsing attributes in process `syz.0.3218'.
[  861.081985][T16224] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3218'.
[  864.049342][T16247] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3228'.
[  864.144982][T16250] random: crng reseeded on system resumption
[  864.959810][T16256] binder: 16254:16256 ioctl c0306201 200000000080 returned -14
[  865.940182][T16261] lo speed is unknown, defaulting to 1000
[  866.079974][T16261] lo speed is unknown, defaulting to 1000
[  868.025917][T16284] ubi31: attaching mtd0
[  868.044767][T16284] ubi31: scanning is finished
[  868.711243][T16284] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  868.718983][T16284] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  868.726511][T16284] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  868.733712][T16284] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  868.742071][T16284] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  868.749006][T16284] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  868.757149][T16284] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 368508073
[  868.767350][T16284] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  868.779354][T16287] ubi31: background thread "ubi_bgt31d" started, PID 16287
[  873.602882][T16323] tipc: Started in network mode
[  873.611400][T16323] tipc: Node identity b6ef40f39f45, cluster identity 4711
[  873.622022][T16323] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  873.820183][T16323] tipc: Resetting bearer <eth:syzkaller0>
[  874.008135][T16322] tipc: Disabling bearer <eth:syzkaller0>
[  875.399962][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  875.406949][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  877.466136][T16365] gfs2: not a GFS2 filesystem
[  878.076264][T16359] pim6reg: entered allmulticast mode
[  878.096709][T16359] pim6reg: left allmulticast mode
[  878.133031][   T30] audit: type=1326 audit(1757194254.575:1539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16349 comm="syz.3.3256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc74db8ebe9 code=0x7ffc0000
[  878.220800][   T30] audit: type=1326 audit(1757194254.575:1540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16349 comm="syz.3.3256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc74db8ebe9 code=0x7ffc0000
[  878.338792][T16371] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3260'.
[  878.480960][T16371] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3260'.
[  879.044645][T16384] netlink: 'syz.0.3265': attribute type 10 has an invalid length.
[  879.052830][T16384] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3265'.
[  879.062387][T16384] dummy0: entered promiscuous mode
[  879.073049][T16384] bridge0: port 3(dummy0) entered blocking state
[  879.081672][T16384] bridge0: port 3(dummy0) entered disabled state
[  879.092569][T16384] dummy0: entered allmulticast mode
[  879.121832][T16384] bridge0: port 3(dummy0) entered blocking state
[  879.128932][T16384] bridge0: port 3(dummy0) entered forwarding state
[  882.169845][   T52] Bluetooth: hci1: command 0x0406 tx timeout
[  883.712772][T16420] syzkaller0: entered promiscuous mode
[  883.723672][T16420] syzkaller0: entered allmulticast mode
[  885.775137][   T30] audit: type=1800 audit(1757194262.285:1541): pid=16447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3281" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  889.389988][   T52] Bluetooth: hci1: command 0x0406 tx timeout
[  892.576243][T16488] 9pnet_fd: Insufficient options for proto=fd
[  892.590811][T16488] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  892.597389][T16488] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  892.606057][T16488] vhci_hcd vhci_hcd.0: Device attached
[  892.786523][T14508] vhci_hcd: vhci_device speed not set
[  892.947966][T10420] usb 1-1: new low-speed USB device number 4 using dummy_hcd
[  892.961065][T14508] usb 33-1: new full-speed USB device number 2 using vhci_hcd
[  893.106568][T10420] usb 1-1: device descriptor read/64, error -71
[  893.376461][T10420] usb 1-1: new low-speed USB device number 5 using dummy_hcd
[  893.526552][T10420] usb 1-1: device descriptor read/64, error -71
[  893.662614][T10420] usb usb1-port1: attempt power cycle
[  894.207726][T10420] usb 1-1: new low-speed USB device number 6 using dummy_hcd
[  894.260520][T10420] usb 1-1: device descriptor read/8, error -71
[  894.542863][T10420] usb 1-1: new low-speed USB device number 7 using dummy_hcd
[  894.604383][T10420] usb 1-1: device descriptor read/8, error -71
[  894.737119][T10420] usb usb1-port1: unable to enumerate USB device
[  894.830733][T16513] block nbd3: shutting down sockets
[  895.228818][T16517] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3302'.
[  895.744861][T16491] vhci_hcd: connection reset by peer
[  895.850145][  T154] vhci_hcd: stop threads
[  895.873154][  T154] vhci_hcd: release socket
[  896.687147][  T154] vhci_hcd: disconnect device
[  896.727119][T16523] hub 9-0:1.0: USB hub found
[  896.732184][T16523] hub 9-0:1.0: 1 port detected
[  898.621219][T14508] vhci_hcd: vhci_device speed not set
[  902.040185][   T52] Bluetooth: hci1: command 0x0406 tx timeout
[  902.676967][T10442] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  902.712971][T16580] binder: 16575:16580 ioctl c0306201 200000000080 returned -14
[  903.548661][T10442] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  904.052522][T10442] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  904.065843][T10442] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  904.094648][T10442] usb 2-1: config 0 descriptor??
[  904.115879][T10442] pwc: Askey VC010 type 2 USB webcam detected.
[  904.565022][T10442] pwc: recv_control_msg error -32 req 02 val 2b00
[  904.575176][T10442] pwc: recv_control_msg error -32 req 02 val 2700
[  904.601713][T10442] pwc: recv_control_msg error -32 req 02 val 2c00
[  904.632590][T10442] pwc: recv_control_msg error -32 req 04 val 1000
[  904.691018][T10442] pwc: recv_control_msg error -32 req 04 val 1300
[  904.727683][T10442] pwc: recv_control_msg error -32 req 04 val 1400
[  904.741223][T10442] pwc: recv_control_msg error -32 req 02 val 2000
[  905.018205][T10442] pwc: recv_control_msg error -32 req 02 val 2100
[  905.029848][T10442] pwc: recv_control_msg error -32 req 04 val 1500
[  905.271026][T10442] pwc: recv_control_msg error -71 req 02 val 2400
[  905.321836][T10442] pwc: recv_control_msg error -71 req 02 val 2600
[  905.332382][T10442] pwc: recv_control_msg error -71 req 02 val 2900
[  905.356919][T10442] pwc: recv_control_msg error -71 req 02 val 2800
[  905.387272][T10442] pwc: recv_control_msg error -71 req 04 val 1100
[  905.394602][T10442] pwc: recv_control_msg error -71 req 04 val 1200
[  905.440466][T10442] pwc: Registered as video103.
[  905.621782][T10442] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input11
[  905.652580][T10442] usb 2-1: USB disconnect, device number 12
[  906.898569][T16627] binder: 16613:16627 ioctl c0306201 200000000080 returned -14
[  909.944492][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  910.536518][T10420] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  910.570452][T16661] nfs: Bad value for 'source'
[  910.737535][T10420] usb 4-1: Using ep0 maxpacket: 16
[  910.809934][T10420] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  910.946744][T16663] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3344'.
[  911.033689][T10420] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  911.143034][T10420] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice= 0.00
[  911.292870][T10420] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  911.341141][T10420] usb 4-1: config 0 descriptor??
[  911.849355][T16675] ==================================================================
[  911.858393][T16675] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0
[  911.867641][T16675] Read of size 8 at addr ffff888077c45670 by task syz.0.3349/16675
[  911.875550][T16675] 
[  911.877903][T16675] CPU: 0 UID: 0 PID: 16675 Comm: syz.0.3349 Not tainted syzkaller #0 PREEMPT(full) 
[  911.877926][T16675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  911.877945][T16675] Call Trace:
[  911.877955][T16675]  <TASK>
[  911.877966][T16675]  dump_stack_lvl+0x189/0x250
[  911.877993][T16675]  ? __kasan_check_byte+0x12/0x40
[  911.878022][T16675]  ? __pfx_dump_stack_lvl+0x10/0x10
[  911.878048][T16675]  ? lock_release+0x4b/0x3e0
[  911.878077][T16675]  ? __virt_addr_valid+0x4a5/0x5c0
[  911.878099][T16675]  print_report+0xca/0x240
[  911.878117][T16675]  ? change_page_attr_set_clr+0x625/0xfc0
[  911.878142][T16675]  kasan_report+0x118/0x150
[  911.878170][T16675]  ? change_page_attr_set_clr+0x625/0xfc0
[  911.878200][T16675]  change_page_attr_set_clr+0x625/0xfc0
[  911.878229][T16675]  ? preempt_schedule_irq+0xde/0x150
[  911.878246][T16675]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[  911.878277][T16675]  ? irqentry_exit+0x74/0x90
[  911.878295][T16675]  ? lockdep_hardirqs_on+0x9c/0x150
[  911.878321][T16675]  _set_pages_array+0x145/0x270
[  911.878352][T16675]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[  911.878375][T16675]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  911.878393][T16675]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[  911.878421][T16675]  drm_gem_shmem_pin_locked+0x22c/0x460
[  911.878445][T16675]  ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10
[  911.878466][T16675]  ? __pfx_drm_gem_shmem_object_pin+0x10/0x10
[  911.878490][T16675]  ? drm_gem_shmem_object_pin+0xd/0x20
[  911.878517][T16675]  drm_gem_map_attach+0x19c/0x1f0
[  911.878541][T16675]  dma_buf_dynamic_attach+0x1ea/0x3d0
[  911.878570][T16675]  ? __fget_files+0x3a0/0x420
[  911.878597][T16675]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  911.878622][T16675]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[  911.878647][T16675]  ? drm_gem_prime_fd_to_handle+0x185/0x4d0
[  911.878669][T16675]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  911.878694][T16675]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[  911.878720][T16675]  drm_ioctl_kernel+0x2cc/0x390
[  911.878738][T16675]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  911.878761][T16675]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  911.878784][T16675]  drm_ioctl+0x67f/0xb10
[  911.878805][T16675]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  911.878830][T16675]  ? __pfx_drm_ioctl+0x10/0x10
[  911.878854][T16675]  ? __fget_files+0x3a0/0x420
[  911.878879][T16675]  ? __fget_files+0x2a/0x420
[  911.878906][T16675]  ? bpf_lsm_file_ioctl+0x9/0x20
[  911.878928][T16675]  ? __pfx_drm_ioctl+0x10/0x10
[  911.878945][T16675]  __se_sys_ioctl+0xf9/0x170
[  911.878966][T16675]  do_syscall_64+0xfa/0xfa0
[  911.878984][T16675]  ? lockdep_hardirqs_on+0x9c/0x150
[  911.879000][T16675]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  911.879018][T16675]  ? clear_bhb_loop+0x60/0xb0
[  911.879043][T16675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  911.879066][T16675] RIP: 0033:0x7ff041f8ebe9
[  911.879086][T16675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  911.879103][T16675] RSP: 002b:00007ff0401f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  911.879122][T16675] RAX: ffffffffffffffda RBX: 00007ff0421c6180 RCX: 00007ff041f8ebe9
[  911.879136][T16675] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000008
[  911.879148][T16675] RBP: 00007ff042011e19 R08: 0000000000000000 R09: 0000000000000000
[  911.879160][T16675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  911.879171][T16675] R13: 00007ff0421c6218 R14: 00007ff0421c6180 R15: 00007ffcd6bed568
[  911.879192][T16675]  </TASK>
[  911.879199][T16675] 
[  912.229672][T16675] Allocated by task 16675:
[  912.234094][T16675]  kasan_save_track+0x3e/0x80
[  912.238787][T16675]  __kasan_kmalloc+0x93/0xb0
[  912.243398][T16675]  __kvmalloc_node_noprof+0x5cd/0x910
[  912.248805][T16675]  drm_gem_get_pages+0x166/0xa20
[  912.253760][T16675]  drm_gem_shmem_get_pages_locked+0x201/0x440
[  912.259842][T16675]  drm_gem_shmem_pin_locked+0x22c/0x460
[  912.265406][T16675]  drm_gem_map_attach+0x19c/0x1f0
[  912.270455][T16675]  dma_buf_dynamic_attach+0x1ea/0x3d0
[  912.275845][T16675]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[  912.282532][T16675]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[  912.288267][T16675]  drm_ioctl_kernel+0x2cc/0x390
[  912.293217][T16675]  drm_ioctl+0x67f/0xb10
[  912.297595][T16675]  __se_sys_ioctl+0xf9/0x170
[  912.302717][T16675]  do_syscall_64+0xfa/0xfa0
[  912.307231][T16675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  912.313135][T16675] 
[  912.315474][T16675] The buggy address belongs to the object at ffff888077c44000
[  912.315474][T16675]  which belongs to the cache kmalloc-8k of size 8192
[  912.329533][T16675] The buggy address is located 0 bytes to the right of
[  912.329533][T16675]  allocated 5744-byte region [ffff888077c44000, ffff888077c45670)
[  912.344122][T16675] 
[  912.346454][T16675] The buggy address belongs to the physical page:
[  912.352881][T16675] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77c40
[  912.361650][T16675] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  912.370512][T16675] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  912.378066][T16675] page_type: f5(slab)
[  912.382057][T16675] raw: 00fff00000000040 ffff88801a842280 ffffea0001f63c00 dead000000000004
[  912.390645][T16675] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  912.399238][T16675] head: 00fff00000000040 ffff88801a842280 ffffea0001f63c00 dead000000000004
[  912.407915][T16675] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  912.416610][T16675] head: 00fff00000000003 ffffea0001df1001 00000000ffffffff 00000000ffffffff
[  912.425290][T16675] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  912.433958][T16675] page dumped because: kasan: bad access detected
[  912.440385][T16675] page_owner tracks the page as allocated
[  912.446099][T16675] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 5871, tgid 5871 (syz-executor), ts 98511696794, free_ts 98501807173
[  912.465823][T16675]  post_alloc_hook+0x240/0x2a0
[  912.470647][T16675]  get_page_from_freelist+0x21e4/0x22c0
[  912.476224][T16675]  __alloc_frozen_pages_noprof+0x181/0x370
[  912.482068][T16675]  alloc_pages_mpol+0x232/0x4a0
[  912.486946][T16675]  allocate_slab+0x8a/0x330
[  912.491464][T16675]  ___slab_alloc+0xbd1/0x13f0
[  912.496160][T16675]  __slab_alloc+0x55/0xa0
[  912.500495][T16675]  __kvmalloc_node_noprof+0x6ba/0x910
[  912.505983][T16675]  pfifo_fast_init+0x372/0x6c0
[  912.510758][T16675]  qdisc_create_dflt+0x13b/0x4e0
[  912.515699][T16675]  dev_activate+0x378/0x1150
[  912.520297][T16675]  __dev_open+0x69c/0x880
[  912.524641][T16675]  __dev_change_flags+0x1ea/0x6d0
[  912.531494][T16675]  netif_change_flags+0x88/0x1a0
[  912.536969][T16675]  do_setlink+0xc55/0x41c0
[  912.541424][T16675]  rtnl_newlink+0x160b/0x1c70
[  912.546111][T16675] page last free pid 5960 tgid 5960 stack trace:
[  912.552440][T16675]  __free_frozen_pages+0xbc4/0xd30
[  912.557564][T16675]  __put_partials+0x146/0x170
[  912.562244][T16675]  put_cpu_partial+0x17c/0x250
[  912.567017][T16675]  __slab_free+0x2b9/0x390
[  912.571441][T16675]  qlist_free_all+0x97/0x140
[  912.576044][T16675]  kasan_quarantine_reduce+0x148/0x160
[  912.581520][T16675]  __kasan_slab_alloc+0x22/0x80
[  912.586385][T16675]  kmem_cache_alloc_noprof+0x367/0x6e0
[  912.591886][T16675]  getname_flags+0xb8/0x540
[  912.596410][T16675]  vfs_fstatat+0x43/0x170
[  912.600756][T16675]  __x64_sys_newfstatat+0x116/0x190
[  912.605957][T16675]  do_syscall_64+0xfa/0xfa0
[  912.610469][T16675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  912.616373][T16675] 
[  912.618700][T16675] Memory state around the buggy address:
[  912.624345][T16675]  ffff888077c45500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  912.632413][T16675]  ffff888077c45580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  912.640481][T16675] >ffff888077c45600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[  912.648546][T16675]                                                              ^
[  912.656265][T16675]  ffff888077c45680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  912.664334][T16675]  ffff888077c45700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  912.672406][T16675] ==================================================================
[  912.744070][T16675] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  912.751524][T16675] CPU: 0 UID: 0 PID: 16675 Comm: syz.0.3349 Not tainted syzkaller #0 PREEMPT(full) 
[  912.761264][T16675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  912.771332][T16675] Call Trace:
[  912.774621][T16675]  <TASK>
[  912.777580][T16675]  dump_stack_lvl+0x99/0x250
[  912.782203][T16675]  ? __asan_memcpy+0x40/0x70
[  912.786806][T16675]  ? __pfx_dump_stack_lvl+0x10/0x10
[  912.797027][T16675]  ? __pfx__printk+0x10/0x10
[  912.801659][T16675]  vpanic+0x237/0x6d0
[  912.805664][T16675]  ? __pfx_vpanic+0x10/0x10
[  912.810179][T16675]  ? preempt_schedule+0xae/0xc0
[  912.815036][T16675]  ? __pfx_preempt_schedule+0x10/0x10
[  912.820432][T16675]  panic+0xb9/0xc0
[  912.824169][T16675]  ? __pfx_panic+0x10/0x10
[  912.828602][T16675]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  912.834535][T16675]  ? change_page_attr_set_clr+0x625/0xfc0
[  912.840271][T16675]  check_panic_on_warn+0x89/0xb0
[  912.845229][T16675]  ? change_page_attr_set_clr+0x625/0xfc0
[  912.851144][T16675]  end_report+0x78/0x160
[  912.855455][T16675]  kasan_report+0x129/0x150
[  912.859981][T16675]  ? change_page_attr_set_clr+0x625/0xfc0
[  912.865726][T16675]  change_page_attr_set_clr+0x625/0xfc0
[  912.871292][T16675]  ? preempt_schedule_irq+0xde/0x150
[  912.876591][T16675]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[  912.882870][T16675]  ? irqentry_exit+0x74/0x90
[  912.887539][T16675]  ? lockdep_hardirqs_on+0x9c/0x150
[  912.892754][T16675]  _set_pages_array+0x145/0x270
[  912.898062][T16675]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[  912.904148][T16675]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  912.909877][T16675]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[  912.916488][T16675]  drm_gem_shmem_pin_locked+0x22c/0x460
[  912.922047][T16675]  ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10
[  912.928129][T16675]  ? __pfx_drm_gem_shmem_object_pin+0x10/0x10
[  912.934325][T16675]  ? drm_gem_shmem_object_pin+0xd/0x20
[  912.939815][T16675]  drm_gem_map_attach+0x19c/0x1f0
[  912.944871][T16675]  dma_buf_dynamic_attach+0x1ea/0x3d0
[  912.950269][T16675]  ? __fget_files+0x3a0/0x420
[  912.954974][T16675]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  912.961836][T16675]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[  912.968098][T16675]  ? drm_gem_prime_fd_to_handle+0x185/0x4d0
[  912.974017][T16675]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  912.980881][T16675]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[  912.986616][T16675]  drm_ioctl_kernel+0x2cc/0x390
[  912.991481][T16675]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  912.997906][T16675]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  913.003302][T16675]  drm_ioctl+0x67f/0xb10
[  913.007560][T16675]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  913.013991][T16675]  ? __pfx_drm_ioctl+0x10/0x10
[  913.018783][T16675]  ? __fget_files+0x3a0/0x420
[  913.023484][T16675]  ? __fget_files+0x2a/0x420
[  913.028092][T16675]  ? bpf_lsm_file_ioctl+0x9/0x20
[  913.033042][T16675]  ? __pfx_drm_ioctl+0x10/0x10
[  913.037817][T16675]  __se_sys_ioctl+0xf9/0x170
[  913.042421][T16675]  do_syscall_64+0xfa/0xfa0
[  913.046935][T16675]  ? lockdep_hardirqs_on+0x9c/0x150
[  913.052147][T16675]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  913.058228][T16675]  ? clear_bhb_loop+0x60/0xb0
[  913.063201][T16675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  913.069114][T16675] RIP: 0033:0x7ff041f8ebe9
[  913.073551][T16675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  913.093168][T16675] RSP: 002b:00007ff0401f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  913.101615][T16675] RAX: ffffffffffffffda RBX: 00007ff0421c6180 RCX: 00007ff041f8ebe9
[  913.109597][T16675] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000008
[  913.117579][T16675] RBP: 00007ff042011e19 R08: 0000000000000000 R09: 0000000000000000
[  913.125557][T16675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  913.133532][T16675] R13: 00007ff0421c6218 R14: 00007ff0421c6180 R15: 00007ffcd6bed568
[  913.141523][T16675]  </TASK>
[  913.144703][T16675] Kernel Offset: disabled
[  913.149031][T16675] Rebooting in 86400 seconds..