last executing test programs:

20m24.635952118s ago: executing program 32 (id=72):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
getpgrp(0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x141)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x2)
ioctl$TCXONC(r2, 0x540a, 0x1)
mq_open(&(0x7f0000000800)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18J\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00\";a~\n\x15\xaf.\x82\xe4\xefa\\\xdd\x93\x81G\xb4\x1d_\xb7b\xb8\x06`\xcf\xefci#zd\x01\xb2j\x05\x13\x8f\x92\x01\x8aB\xc3\xf1\x9d\xc2\xee\xd3\xad\x84\xb5\x1e[R\xff\b\x86NC\xff\xc5\xd8 \xa8 \f`\xa4\x8a\xc1b\xc9q\xe8\xb0\tZ\x00\x00\x00', 0x42, 0x1f0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
syslog(0x2, 0x0, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/27, 0x1b)
setxattr$incfs_size(0x0, &(0x7f0000000300), &(0x7f0000000340)=0xcff5, 0x8, 0x3)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
syz_emit_ethernet(0x16, &(0x7f0000000000)={@broadcast, @empty, @void, {@llc={0x4, {@snap={0x0, 0x0, "e3", "ff782c"}}}}}, 0x0)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x30, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x4}, @NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0x8]}]}]}, 0x30}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000080)=0x2)
socket$key(0xf, 0x3, 0x2)

16m23.859746322s ago: executing program 33 (id=432):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x409c884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @local}, 0x1c)
sendto$inet6(r1, &(0x7f0000000780), 0x0, 0x6d91fb6102d8d9cc, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
creat(0x0, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
semget$private(0x0, 0x6, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000300)=0xfffffffc, 0x0, 0x4)
sendmsg$nl_route(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x412000}, 0xc, &(0x7f0000000180)={&(0x7f0000000400)=@ipv6_newrule={0x44, 0x20, 0x10, 0x70bd2a, 0x25dfdbfc, {0xa, 0x20, 0x14, 0xfa, 0x6, 0x0, 0x0, 0x7, 0x10000}, [@FRA_SRC={0x14, 0x2, @mcast1}, @FRA_DST={0x14, 0x1, @mcast1}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000800}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47bc, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0)
ioctl$PTP_SYS_OFFSET(0xffffffffffffffff, 0xc0403d08, 0xffffffffffffffff)
write(r0, &(0x7f0000000340)="41000000010007", 0x7)

10m32.724109025s ago: executing program 4 (id=960):
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x40800)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000800000000000000000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r1 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x400000000001, 0x180, 0x20ff, 0x6, 0x89, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x1}}, {0x0, 0x13}}}, 0xa0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
sendfile(r1, r1, &(0x7f0000000080), 0x7f03)

10m30.313540331s ago: executing program 4 (id=964):
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x1c, 0x1, 0x4, 0x801, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x240000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x54)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000340)={r5, 0x0, 0x0, 0x0, 0x1, [<r6=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
unshare(0x22020600)
r7 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
r8 = fsmount(r7, 0x0, 0x4)
r9 = openat$cgroup_ro(r8, &(0x7f00000000c0)='cgroup.controllers\x00', 0x5000000, 0x0)
readv(r9, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/4096, 0x1000}], 0x1)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
r10 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0)
ioctl$IMDELTIMER(r10, 0x80044941, &(0x7f0000000040)=0x1)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080)={r6, 0x0, <r11=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r11, 0xc00c642e, &(0x7f0000000180))

10m27.699271682s ago: executing program 4 (id=968):
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x1c, 0x1, 0x4, 0x801, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x240000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x54)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000340)={r5, 0x0, 0x0, 0x0, 0x1, [<r6=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
unshare(0x22020600)
r7 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
fsmount(r7, 0x0, 0x4)
readv(0xffffffffffffffff, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/4096, 0x1000}], 0x1)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
r8 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0)
ioctl$IMDELTIMER(r8, 0x80044941, &(0x7f0000000040)=0x1)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080)={r6, 0x0, <r9=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r9, 0xc00c642e, &(0x7f0000000180))

10m23.948257446s ago: executing program 4 (id=972):
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x398, 0x198, 0x4c, 0x1a, 0x198, 0x73, 0x2c8, 0x258, 0x258, 0x2c8, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0x168, 0x198, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x0, 0x0, 0xc}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00', @dev, [], [0x0, 0x0, 0xffffff00]}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x0, 0x0, 0x7}}}}, {{@uncond, 0x0, 0xf8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@icmp6={{0x28}, {0x0, "e1f6"}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3f8)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
syz_open_dev$loop(0x0, 0x81, 0x2a82)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
fsopen(&(0x7f0000000240)='vfat\x00', 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r2, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10)
writev(r2, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
timer_settime(0x0, 0x0, 0x0, 0x0)
shutdown(r2, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)

10m15.030181255s ago: executing program 4 (id=983):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000240)=[@mss={0x2, 0x8}, @window={0x3, 0x15f, 0xfffd}, @mss={0x2, 0x8}, @sack_perm, @window={0x3, 0x0, 0x7fe}, @window={0x3, 0x5, 0xfffc}, @timestamp, @timestamp], 0x8)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x2, 0x4, 0x5c0, 0xffffffff, 0x2e8, 0xc8, 0x0, 0xfeffffff, 0xffffffff, 0x4f8, 0x4f8, 0x4f8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @mcast1, [], [0x0, 0x0, 0xff, 0xffffff00], 'macsec0\x00', 'rose0\x00'}, 0x2f2, 0xa4, 0xc8}, @REJECT={0x24}}, {{@uncond, 0x0, 0x1fc, 0x220, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x4000000000004, 0x0, 0x40, 0x0, 0x0, 0xf8e74ba, 0xfe8c, 0x0, 0xb440adbb44d53f72}, {0x40}}}]}, @common=@unspec=@CONNSECMARK={0x24}}, {{@uncond, 0x0, 0x1dc, 0x210, 0x0, {}, [@common=@rt={{0x138}, {0x6, [], 0x0, 0x0, 0x0, [@local, @remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, @private1, @empty, @mcast1, @mcast1, @ipv4={'\x00', '\xff\xff', @broadcast}, @remote, @local, @remote, @private1={0xfc, 0x1, '\x00', 0x1}, @private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2]}}]}, @common=@inet=@SET3={0x34}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x61c)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400448c0}, 0x0)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
unshare(0x8000080)

10m11.323698153s ago: executing program 4 (id=986):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x3, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCPKT(r2, 0x5420, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, 0xffffffffffffffff, 0x2c9ab000)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r3, &(0x7f0000001180)={0x23d, 0x7d, 0x0, {{0x500, 0xfc, 0x0, 0xfffffffa, {}, 0x1bac0000, 0x0, 0x0, 0x0, 0x25, '\x04no\xc8f\xc9}`\x99\x06\x00\x00\x00\x00\x00\x00\x00\x90\x00\x00\x1d\xf6\xdb\x00\x00\x00\x00\x00\x00=\xd3\x00\x00\x00\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x17, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x0fX\x05\x02\xb6n\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x05\x00\x00\x00\x00\x00\x00\x00\xc2g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x23d)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
msgget$private(0x0, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x3)
syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00')
preadv(r1, &(0x7f0000000040), 0x0, 0x0, 0x0)
fsopen(0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r5 = socket(0x29, 0xa, 0x7ffffffe)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, 0x0, &(0x7f0000000140))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r6, 0x84, 0x82, &(0x7f0000000200), 0x8)
ftruncate(r4, 0x2007ff3)
copy_file_range(r4, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffa003e459, 0x700000000000000)

9m54.959028663s ago: executing program 34 (id=986):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x3, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCPKT(r2, 0x5420, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, 0xffffffffffffffff, 0x2c9ab000)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r3, &(0x7f0000001180)={0x23d, 0x7d, 0x0, {{0x500, 0xfc, 0x0, 0xfffffffa, {}, 0x1bac0000, 0x0, 0x0, 0x0, 0x25, '\x04no\xc8f\xc9}`\x99\x06\x00\x00\x00\x00\x00\x00\x00\x90\x00\x00\x1d\xf6\xdb\x00\x00\x00\x00\x00\x00=\xd3\x00\x00\x00\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x17, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x0fX\x05\x02\xb6n\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x05\x00\x00\x00\x00\x00\x00\x00\xc2g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x23d)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
msgget$private(0x0, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x3)
syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00')
preadv(r1, &(0x7f0000000040), 0x0, 0x0, 0x0)
fsopen(0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r5 = socket(0x29, 0xa, 0x7ffffffe)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, 0x0, &(0x7f0000000140))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r6, 0x84, 0x82, &(0x7f0000000200), 0x8)
ftruncate(r4, 0x2007ff3)
copy_file_range(r4, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffa003e459, 0x700000000000000)

9m14.153657163s ago: executing program 2 (id=1060):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb0100180000000000000030000000300000000a0000000e000000000000101000000005000000000000020000bd6fb98a0f08249c6a6e2c8df7f915f10000060000000118ffff74690000010000002f15000081000000005f005f2e002e2e5f00"], &(0x7f0000000140)=""/162, 0x52, 0xa2, 0x0, 0x4}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94)
close(0xffffffffffffffff)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110e22fff6)
ioprio_get$pid(0x3, r1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

9m10.440528135s ago: executing program 2 (id=1065):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000000)='.\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000080009efff000000100000000000000041e5ebcc54f30dbcf9c9e1d8258e54d96aceba50007d210ff9e5d5788bd927b132a311efbb8c724a9636b8b4893ef9cfbdfff4ebe5b7441b85f2d271ff7bb3fe6d86cf5b894f530d105c11445f99c9a5371a09bfd86a4d873560d2eb8cd523447baaef8363dfb2a070"], 0x24, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000002000010329bd7000100000000200000403000007020000001400110069616376746170300000000000000000080006002503"], 0x38}, 0x1, 0x0, 0x0, 0x240480c4}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="3800000010003704feffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="8b040400000000001800128008000100736974000c00028008000300ff"], 0x38}, 0x1, 0x0, 0x0, 0x4c050}, 0x20000000)

9m4.685839866s ago: executing program 2 (id=1069):
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x1c, 0x1, 0x4, 0x801, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x240000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x54)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000340)={r5, 0x0, 0x0, 0x0, 0x1, [<r6=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
r7 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0x4)
r9 = openat$cgroup_ro(r8, &(0x7f00000000c0)='cgroup.controllers\x00', 0x5000000, 0x0)
readv(r9, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/4096, 0x1000}], 0x1)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
r10 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0)
ioctl$IMDELTIMER(r10, 0x80044941, &(0x7f0000000040)=0x1)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080)={r6, 0x0, <r11=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r11, 0xc00c642e, &(0x7f0000000180))

9m2.648806356s ago: executing program 2 (id=1074):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb0100180000000000000030000000300000000a0000000e000000000000101000000005000000000000020000bd6fb98a0f08249c6a6e2c8df7f915f10000060000000118ffff74690000010000002f15000081000000005f005f2e002e2e5f00"], &(0x7f0000000140)=""/162, 0x52, 0xa2, 0x0, 0x4}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94)
close(0xffffffffffffffff)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110e22fff6)
ioprio_get$pid(0x3, r1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

8m58.606152359s ago: executing program 2 (id=1079):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
socket$qrtr(0x2a, 0x2, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$l2tp(0x2, 0x2, 0x73)
r3 = socket(0x15, 0x5, 0x0)
getsockopt(r3, 0x200000000114, 0x2714, 0x0, &(0x7f0000000000))
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, 0x0, &(0x7f0000000040))
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)

8m51.119519018s ago: executing program 2 (id=1083):
r0 = openat$binder_debug(0xffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000f00000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
mkdir(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = dup(0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0xfffffffffffffeeb}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
write$binfmt_script(r2, &(0x7f0000000400)={'#! ', './file0', [{}]}, 0xc)
connect$inet(r6, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x1, 0x0, 0x2}, 0x10}, 0x94)
syz_io_uring_setup(0x6d19, &(0x7f0000000180)={0x0, 0x8dc7, 0x4, 0x0, 0x8e, 0x0, r2}, &(0x7f0000000280), &(0x7f00000003c0))
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="48000000100039042cbd7000eaffff", @ANYRES32, @ANYBLOB="83000400cb1507002800128008000100736974001c000280080014000400000008000300ac14141005000900ff"], 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x4000040)
r8 = io_uring_setup(0xf0b, &(0x7f000000c480)={0x0, 0x4e3f, 0x1000, 0x1ffff, 0x373})
r9 = io_uring_setup(0x7625, &(0x7f0000000600)={0x0, 0x608b, 0x0, 0x0, 0x28b, 0x0, r8})
io_uring_register$IORING_REGISTER_FILES(r9, 0x1e, &(0x7f0000000000)=[r8], 0x1)
shutdown(r6, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf6700000000000036000b000fff52004507000015300000d60600000ee60000bf050000000000003d63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070000000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f26cac1c7b21bde7d1a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387d8a1bc8eb71fbe11b2216cc8d1f0160c237d929b49d828724b95555b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f4240713a4c0cdc9d7820c4eb67cc0f8b5fe9258eeacb5776aebbab3d5c55020000006082778366dadfc36029633e0514cbcee1f3928970bde148c940434f33acd377cbad17673b2d30b6339255c98eba97efb4e9ac1f11be815dd6045592edcbee7f253ec74c7c1313505bd7ff8fd58b3a6569c91dbdef1df585aeaea7346a2a65caee5c85f9eddeeeee3c8a2e523c864ac430eb47cb4d0c8767b9d4125661b5a1a170c04b64da3a99ddb93bf14fae3ca2d1e882375b8dbac83978e136c34f90b33cc0eeb57debcfe26589efc08125d5d62a7e593c9738a50171adf051ea4f07e7e7e770c2016eeacbe8511afffffbea75759a1ea5404f5453c0b5c46c9700808c096cf8cf5223f341cbea3841b5cd224c1b381d56afebe9f99a00e3cd94dc0bb7af9e8709db487cc4d9b3b96723d69d512ddd57b0dee9b9f6ae80a502cce352098603e77f9ecced07fa25e99e9e415414c91f8bfd1c150570512f26c4ee34a64c131dce3800000000000000006c86287945bd8d258442870e000000000000000000000000f7e6a10de4bf7369b0d5b5373829b09bf5b7b34099b27ac7770fca449d4c4ca15f88b588b2429af2e1d1a4e1fa44cb80fcfae6e50d7e5b4675d7e0be706224f34e6eed553b40e2b897e73752fc7d1e4b0f4c5967eefd7448d5fde5841fa464a67267c631052bd7333769a4b8d19d4794357edce762e8136ab9d7ed34a72baffd849b90579b96b3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x94)

8m32.957972181s ago: executing program 35 (id=1083):
r0 = openat$binder_debug(0xffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000f00000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
mkdir(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = dup(0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0xfffffffffffffeeb}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
write$binfmt_script(r2, &(0x7f0000000400)={'#! ', './file0', [{}]}, 0xc)
connect$inet(r6, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x1, 0x0, 0x2}, 0x10}, 0x94)
syz_io_uring_setup(0x6d19, &(0x7f0000000180)={0x0, 0x8dc7, 0x4, 0x0, 0x8e, 0x0, r2}, &(0x7f0000000280), &(0x7f00000003c0))
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="48000000100039042cbd7000eaffff", @ANYRES32, @ANYBLOB="83000400cb1507002800128008000100736974001c000280080014000400000008000300ac14141005000900ff"], 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x4000040)
r8 = io_uring_setup(0xf0b, &(0x7f000000c480)={0x0, 0x4e3f, 0x1000, 0x1ffff, 0x373})
r9 = io_uring_setup(0x7625, &(0x7f0000000600)={0x0, 0x608b, 0x0, 0x0, 0x28b, 0x0, r8})
io_uring_register$IORING_REGISTER_FILES(r9, 0x1e, &(0x7f0000000000)=[r8], 0x1)
shutdown(r6, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf6700000000000036000b000fff52004507000015300000d60600000ee60000bf050000000000003d63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070000000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f26cac1c7b21bde7d1a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387d8a1bc8eb71fbe11b2216cc8d1f0160c237d929b49d828724b95555b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f4240713a4c0cdc9d7820c4eb67cc0f8b5fe9258eeacb5776aebbab3d5c55020000006082778366dadfc36029633e0514cbcee1f3928970bde148c940434f33acd377cbad17673b2d30b6339255c98eba97efb4e9ac1f11be815dd6045592edcbee7f253ec74c7c1313505bd7ff8fd58b3a6569c91dbdef1df585aeaea7346a2a65caee5c85f9eddeeeee3c8a2e523c864ac430eb47cb4d0c8767b9d4125661b5a1a170c04b64da3a99ddb93bf14fae3ca2d1e882375b8dbac83978e136c34f90b33cc0eeb57debcfe26589efc08125d5d62a7e593c9738a50171adf051ea4f07e7e7e770c2016eeacbe8511afffffbea75759a1ea5404f5453c0b5c46c9700808c096cf8cf5223f341cbea3841b5cd224c1b381d56afebe9f99a00e3cd94dc0bb7af9e8709db487cc4d9b3b96723d69d512ddd57b0dee9b9f6ae80a502cce352098603e77f9ecced07fa25e99e9e415414c91f8bfd1c150570512f26c4ee34a64c131dce3800000000000000006c86287945bd8d258442870e000000000000000000000000f7e6a10de4bf7369b0d5b5373829b09bf5b7b34099b27ac7770fca449d4c4ca15f88b588b2429af2e1d1a4e1fa44cb80fcfae6e50d7e5b4675d7e0be706224f34e6eed553b40e2b897e73752fc7d1e4b0f4c5967eefd7448d5fde5841fa464a67267c631052bd7333769a4b8d19d4794357edce762e8136ab9d7ed34a72baffd849b90579b96b3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x94)

7m29.698372688s ago: executing program 8 (id=1189):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@private0, 0x0, 0x0, 0xff, 0x1, 0x0, 0x2}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r3, &(0x7f0000000180)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8)

7m28.008680287s ago: executing program 8 (id=1190):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, 0x0, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
r3 = open(&(0x7f00000000c0)='.\x00', 0x101800, 0x0)
symlinkat(&(0x7f00000000c0)='./file1\x00', r3, &(0x7f0000000100)='./file0\x00')

7m26.417183752s ago: executing program 8 (id=1194):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x400000001fc, 0x301)
ioctl$USBDEVFS_REAPURB(r1, 0x4008550c, &(0x7f0000000180))
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0x0, 0x40, &(0x7f0000000000)={0x4b5a9da54893e123, 0x14, 0x8, 0x2}, 0x8, 0x7, 0x200, 0x0, 0x0, 0x20000, 0x0})

7m24.014080451s ago: executing program 8 (id=1201):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setsig(r4, 0xa, 0x1d)
pipe(&(0x7f0000000440)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000280), 0xffffffffffffffff)
splice(r5, 0x0, 0xffffffffffffffff, 0x0, 0x25a5, 0xa)
sendmmsg$unix(r3, &(0x7f00000001c0), 0x0, 0x40015)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000040))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

7m21.475071181s ago: executing program 8 (id=1202):
socket(0x10, 0x80002, 0x0)
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000440)=ANY=[@ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="05000000"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000700)=r3}, 0x20)
sendmsg$inet(r2, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)

7m16.033198512s ago: executing program 8 (id=1211):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffef}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
syz_usb_connect(0x2, 0x2d, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
setsockopt$sock_int(r4, 0x1, 0x12, &(0x7f0000000000)=0x14000, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8991, &(0x7f0000000200)={'bridge_slave_0\x00', @dev})
ioctl$EXT4_IOC_GETSTATE(0xffffffffffffffff, 0x40046629, &(0x7f0000000400))

7m0.457798961s ago: executing program 36 (id=1211):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffef}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
syz_usb_connect(0x2, 0x2d, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
setsockopt$sock_int(r4, 0x1, 0x12, &(0x7f0000000000)=0x14000, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8991, &(0x7f0000000200)={'bridge_slave_0\x00', @dev})
ioctl$EXT4_IOC_GETSTATE(0xffffffffffffffff, 0x40046629, &(0x7f0000000400))

5m33.909452781s ago: executing program 7 (id=1347):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000140))
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socket$nl_crypto(0x10, 0x3, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x64, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x30, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_GRE_REMOTE={0x14, 0x7, @private2}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x64}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$6lowpan_enable(r4, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x20100, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_io_uring_setup(0x49a, &(0x7f0000000240)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x400000000000, 0x9, 0x0, 0xf, 0x80000002, 0x2}, 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
close_range(r0, 0xffffffffffffffff, 0x0)

5m28.656817342s ago: executing program 7 (id=1352):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x620000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet(0x2, 0x2, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r8, 0x0)
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x5, 0x6], 0x0, 0xa340})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x2c)
writev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000300)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001300034700bb5be1c3fbfeff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000500)={0x28, 0x6, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})

5m27.241000199s ago: executing program 7 (id=1354):
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x40800)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000800000000000000000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(0x0)
r1 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x400000000001, 0x180, 0x20ff, 0x6, 0x89, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x1}}, {0x0, 0x13}}}, 0xa0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
sendfile(r1, r1, &(0x7f0000000080), 0x7f03)

5m25.873894661s ago: executing program 7 (id=1356):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0xffff, 0x0)
socket(0x200000100000011, 0x3, 0x3)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sysvipc/shm\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000002480)={0x2020}, 0x2020)
syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x121041)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000000c0)={0x0, 0x0, 0x0, {0x0, 0x100000000000001}, {0x74, 0x2}})
lseek(r4, 0xfffffffffffffff5, 0x1)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r5, &(0x7f00000001c0)={0x1f, @none, 0x1}, 0xa)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

5m21.458144248s ago: executing program 7 (id=1361):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0xffff, 0x0)
socket(0x200000100000011, 0x3, 0x3)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sysvipc/shm\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000002480)={0x2020}, 0x2020)
syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x121041)
syz_open_dev$tty1(0xc, 0x4, 0x1)
lseek(r4, 0xfffffffffffffff5, 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)

5m19.069598856s ago: executing program 7 (id=1363):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400448c0}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
unshare(0x8000080)

5m3.838146396s ago: executing program 37 (id=1363):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400448c0}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
unshare(0x8000080)

4m31.124476236s ago: executing program 5 (id=1426):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0xffff, 0x0)
socket(0x200000100000011, 0x3, 0x3)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sysvipc/shm\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000002480)={0x2020}, 0x2020)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000000c0)={0x0, 0x0, 0x0, {0x0, 0x100000000000001}, {0x74, 0x2}})
lseek(r4, 0xfffffffffffffff5, 0x1)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r5, &(0x7f00000001c0)={0x1f, @none, 0x1}, 0xa)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

4m28.521096342s ago: executing program 5 (id=1428):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x620000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet(0x2, 0x2, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r7, 0x0)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x5, 0x6], 0x0, 0xa340})
r8 = socket$netlink(0x10, 0x3, 0x0)
writev(r8, &(0x7f0000000440)=[{&(0x7f0000000300)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r8, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001300034700bb5be1c3fbfeff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000500)={0x28, 0x6, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})

4m25.252513696s ago: executing program 5 (id=1432):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000f80)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r4, 0x0, 0x0)
write$FUSE_DIRENTPLUS(r4, 0x0, 0xb0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
sendto$inet(r5, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)

4m23.247938813s ago: executing program 5 (id=1434):
r0 = socket(0x10, 0x3, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x68}, 0x8080)
socket(0x10, 0x40000, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10137, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x6, 0x142)
ioctl$USBDEVFS_CLAIM_PORT(r4, 0x80045518, &(0x7f0000000240)=0x8)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r3, 0x80489439, &(0x7f00000001c0))
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffff7fffffffe, 0x0, 0x2}, 0x0)
r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r5, &(0x7f0000000280)=ANY=[@ANYRESDEC=r1, @ANYRES16=0x0, @ANYRES32=r0, @ANYRES16=r0, @ANYRESOCT], 0xcd)
r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r6, r5, 0x0)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$inet6_int(r7, 0x29, 0x46, 0x0, &(0x7f0000000040))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280), 0x17)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x6, &(0x7f0000000640)=@framed={{}, [@map_fd={0x18, 0x0, 0x2, 0x0, r8}, @ldst={0x1, 0x2, 0x3, 0x0, 0x5, 0xffffffffffffffff}]}, &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
r9 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r9, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))

4m18.704153316s ago: executing program 5 (id=1439):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000340)=[{0x28}, {0x6, 0x0, 0x0, 0xfffffffe}]}, 0x10)
sendmmsg(r1, &(0x7f0000001c00), 0x400000000000159, 0x40840)

4m15.688572806s ago: executing program 5 (id=1443):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400448c0}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
unshare(0x8000080)

3m59.640180112s ago: executing program 38 (id=1443):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400448c0}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
unshare(0x8000080)

30.934607736s ago: executing program 6 (id=1702):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000040000000071114200000000008500008500000004000000545e42ede1abd3c0000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x28031, 0xffffffffffffffff, 0x8000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000500)=0xf)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x4, &(0x7f0000000a40)=0x4, 0x4)

26.41634807s ago: executing program 3 (id=1709):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x4042090)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)

23.185725826s ago: executing program 3 (id=1713):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r1, @ANYBLOB="2b000e0080000000fffffffeffff080211000000ffffffffffff00000000000000000000ff070100030103000600910032680000080026006c09000008000c00640000"], 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

23.184736024s ago: executing program 0 (id=1714):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000f80)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r3, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)

21.614014999s ago: executing program 3 (id=1716):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x620000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet(0x2, 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r6, 0x0)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x5, 0x6], 0x0, 0xa340})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
writev(r7, &(0x7f0000000440)=[{&(0x7f0000000300)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r7, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001300034700bb5be1c3fbfeff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000500)={0x28, 0x6, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})

21.225077511s ago: executing program 0 (id=1718):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xc8c7, 0x0, 0xfffffffd, 0x2}, 0x0, 0x0)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)

21.191682868s ago: executing program 6 (id=1719):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x18, 0x30, 0x1, 0x0, 0x80000000, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r6, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r5, 0x4010744d, &(0x7f0000000180))
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), r7)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r7, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x30, r8, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0xc4}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x48004)

21.190431715s ago: executing program 9 (id=1720):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
sendmsg$NFT_BATCH(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x120, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_EXPR={0x3c, 0x11, 0x0, 0x1, @objref={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_OBJREF_IMM_TYPE={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_OBJREF_SET_ID={0x8}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x12}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x9c, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x50, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff7f}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFTA_SET_DESC_CONCAT={0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80000000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8c}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x40}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffefc5}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}, @NFTA_SET_EXPR={0xc, 0x11, 0x0, 0x1, @cmp={{0x8}, @void}}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x164}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

20.02169793s ago: executing program 3 (id=1721):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
memfd_create(&(0x7f0000000000)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\', 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x349, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000040)='T', 0x1, 0x8910, 0x0, 0x0)
r4 = socket$inet(0x2, 0x3, 0x732f7435)
setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000280)={@local, @local, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0xfffffffffffffe17)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r5)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[], 0x58}}, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f00000002c0)={&(0x7f0000000140), 0xc, &(0x7f0000000200)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x4001)
sendmsg$key(r6, 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r7, 0xc0045627, &(0x7f00000000c0)=0x3)
ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r7, 0x80845663, &(0x7f0000000600))

17.98698322s ago: executing program 9 (id=1723):
syz_io_uring_setup(0x57a0, 0x0, &(0x7f0000000100), &(0x7f0000000140))
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
prctl$PR_SET_MM_AUXV(0x23, 0xc, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0xa0, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8e, 0x2, 0x1, 0x6, 0x0, 0xf5, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x400}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x4e, 0x663, 0x8}, {0x6, 0x24, 0x1a, 0x3, 0x1a}, [@mdlm={0x15, 0x24, 0x12, 0x6}, @mbim={0xc, 0x24, 0x1b, 0x3, 0x3, 0x81, 0x3, 0x1, 0x7}, @mbim={0xc, 0x24, 0x1b, 0x6, 0x7, 0x8, 0xd, 0x5, 0x7f}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x8}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xdc, 0x1, 0xf}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x20, 0x3, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x0, 0x2, 0x10}}}}}}}]}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00')
read$FUSE(r3, &(0x7f00000007c0)={0x2020}, 0x2020)

17.955903937s ago: executing program 0 (id=1724):
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00"], 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
add_key$user(0x0, 0x0, &(0x7f0000000080), 0x0, 0xfffffffffffffffb)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1e4011, 0x0)

17.77084738s ago: executing program 6 (id=1725):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffef}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
setsockopt$sock_int(r4, 0x1, 0x12, &(0x7f0000000000)=0x14000, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8991, &(0x7f0000000200)={'bridge_slave_0\x00', @dev})
ioctl$EXT4_IOC_GETSTATE(0xffffffffffffffff, 0x40046629, &(0x7f0000000400))

13.523643835s ago: executing program 0 (id=1728):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000f80)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r3, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)

13.442342155s ago: executing program 6 (id=1729):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000040000000071114200000000008500008500000004000000545e42ede1abd3c0000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x28031, 0xffffffffffffffff, 0x8000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000500)=0xf)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x4, &(0x7f0000000a40)=0x4, 0x4)

12.333876589s ago: executing program 0 (id=1731):
syz_io_uring_setup(0x57a0, &(0x7f0000000080)={0x0, 0xd498, 0x40, 0x1, 0x348}, 0x0, &(0x7f0000000140))
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
prctl$PR_SET_MM_AUXV(0x23, 0xc, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0xa0, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8e, 0x2, 0x1, 0x6, 0x0, 0xf5, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x400}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x4e, 0x663, 0x8}, {0x6, 0x24, 0x1a, 0x3, 0x1a}, [@mdlm={0x15, 0x24, 0x12, 0x6}, @mbim={0xc, 0x24, 0x1b, 0x3, 0x3, 0x81, 0x3, 0x1, 0x7}, @mbim={0xc, 0x24, 0x1b, 0x6, 0x7, 0x8, 0xd, 0x5, 0x7f}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x8}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xdc, 0x1, 0xf}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x20, 0x3, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x0, 0x2, 0x10}}}}}}}]}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00')
read$FUSE(r3, &(0x7f00000007c0)={0x2020}, 0x2020)

11.000936172s ago: executing program 9 (id=1733):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000000)='.\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000080009efff000000100000000000000041e5ebcc54f30dbcf9c9e1d8258e54d96aceba50007d210ff9e5d5788bd927b132a311efbb8c724a9636b8b4893ef9cfbdfff4ebe5b7441b85f2d271ff7bb3fe6d86cf5b894f530d105c11445f99c9a5371a09bfd86a4d873560d2eb8cd523447b"], 0x24, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000002000010329bd7000100000000200000403000007020000001400110069616376746170300000000000000000080006002503"], 0x38}, 0x1, 0x0, 0x0, 0x240480c4}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="3800000010003704feffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="8b040400000000001800128008000100736974000c00028008000300ff"], 0x38}, 0x1, 0x0, 0x0, 0x4c050}, 0x20000000)

9.631741266s ago: executing program 9 (id=1734):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
sendmsg$NFT_BATCH(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x120, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_EXPR={0x3c, 0x11, 0x0, 0x1, @objref={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_OBJREF_IMM_TYPE={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_OBJREF_SET_ID={0x8}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x12}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x9c, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x50, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff7f}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFTA_SET_DESC_CONCAT={0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80000000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8c}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x40}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffefc5}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}, @NFTA_SET_EXPR={0xc, 0x11, 0x0, 0x1, @cmp={{0x8}, @void}}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x164}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

8.486834973s ago: executing program 1 (id=1735):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
vmsplice(r3, &(0x7f00000000c0)=[{0x0}], 0x1, 0x1)

8.459688427s ago: executing program 9 (id=1736):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, 0x0, &(0x7f0000000b00))
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)
sendto$inet(r4, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)

8.403938509s ago: executing program 3 (id=1737):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
chdir(&(0x7f00000003c0)='./bus\x00')
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078)

6.095778158s ago: executing program 1 (id=1738):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x620000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r7, 0x0)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x5, 0x6], 0x0, 0xa340})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x2c)
r8 = socket$netlink(0x10, 0x3, 0x0)
writev(r8, &(0x7f0000000440)=[{&(0x7f0000000300)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r8, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001300034700bb5be1c3fbfeff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000500)={0x28, 0x6, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})

5.916110975s ago: executing program 9 (id=1739):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000004540)=[@pktinfo={{0x24, 0x29, 0x32, {@loopback}}}], 0x28}, 0x40)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x56, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x9c}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x2}, 0x94)
syz_usb_connect(0x0, 0x4e, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x82, 0x61, 0xb5, 0x10, 0x499, 0x105c, 0xc5ad, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3c, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xd5, 0x0, 0x1, 0xb0, 0x20, 0x80, 0x0, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x6, 0x5, 0x5, 0x7}, {0x6, 0x24, 0x1a, 0x3, 0x10}, [@acm={0x4, 0x24, 0x2, 0xf}]}], [{{0x9, 0x5, 0x82, 0x2, 0x450}}]}}]}}]}}, 0x0)

4.78993473s ago: executing program 3 (id=1740):
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r3 = socket(0x848000000015, 0x805, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @private2, 0x3ff}, 0x1c)
write$UHID_CREATE2(r2, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0)
bind$xdp(r1, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000881000/0x3000)=nil, 0x3000, 0x2000001, 0x10, 0xffffffffffffffff, 0x8000000)
ioctl$mixer_OSS_GETVERSION(r0, 0x40086602, &(0x7f0000000000))

3.83700231s ago: executing program 1 (id=1741):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000f80)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r4, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)

3.014193694s ago: executing program 6 (id=1742):
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000020000000000000f9ffff0b85000000070000008500000007000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x90)
close_range(r0, 0xffffffffffffffff, 0x0)

2.954067026s ago: executing program 6 (id=1743):
r0 = openat$binder_debug(0xffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000f00000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
mkdir(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = dup(0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0xfffffffffffffeeb}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
write$binfmt_script(r2, &(0x7f0000000400)={'#! ', './file0', [{}]}, 0xc)
connect$inet(r6, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x1, 0x0, 0x2}, 0x10}, 0x94)
syz_io_uring_setup(0x6d19, &(0x7f0000000180)={0x0, 0x8dc7, 0x4, 0x0, 0x8e, 0x0, r2}, &(0x7f0000000280), &(0x7f00000003c0))
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="48000000100039042cbd7000eaffffff000003", @ANYRES32, @ANYBLOB="83000400cb1507002800128008000100736974001c000280080014000400000008000300ac14141005000900ff"], 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x4000040)
r8 = io_uring_setup(0xf0b, &(0x7f000000c480)={0x0, 0x4e3f, 0x1000, 0x1ffff, 0x373})
r9 = io_uring_setup(0x7625, &(0x7f0000000600)={0x0, 0x608b, 0x0, 0x0, 0x28b, 0x0, r8})
io_uring_register$IORING_REGISTER_FILES(r9, 0x1e, &(0x7f0000000000), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf6700000000000036000b000fff52004507000015300000d60600000ee60000bf050000000000003d63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070000000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f26cac1c7b21bde7d1a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387d8a1bc8eb71fbe11b2216cc8d1f0160c237d929b49d828724b95555b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f4240713a4c0cdc9d7820c4eb67cc0f8b5fe9258eeacb5776aebbab3d5c55020000006082778366dadfc36029633e0514cbcee1f3928970bde148c940434f33acd377cbad17673b2d30b6339255c98eba97efb4e9ac1f11be815dd6045592edcbee7f253ec74c7c1313505bd7ff8fd58b3a6569c91dbdef1df585aeaea7346a2a65caee5c85f9eddeeeee3c8a2e523c864ac430eb47cb4d0c8767b9d4125661b5a1a170c04b64da3a99ddb93bf14fae3ca2d1e882375b8dbac83978e136c34f90b33cc0eeb57debcfe26589efc08125d5d62a7e593c9738a50171adf051ea4f07e7e7e770c2016eeacbe8511afffffbea75759a1ea5404f5453c0b5c46c9700808c096cf8cf5223f341cbea3841b5cd224c1b381d56afebe9f99a00e3cd94dc0bb7af9e8709db487cc4d9b3b96723d69d512ddd57b0dee9b9f6ae80a502cce352098603e77f9ecced07fa25e99e9e415414c91f8bfd1c150570512f26c4ee34a64c131dce3800000000000000006c86287945bd8d258442870e000000000000000000000000f7e6a10de4bf7369b0d5b5373829b09bf5b7b34099b27ac7770fca449d4c4ca15f88b588b2429af2e1d1a4e1fa44cb80fcfae6e50d7e5b4675d7e0be706224f34e6eed553b40e2b897e73752fc7d1e4b0f4c5967eefd7448d5fde5841fa464a67267c631052bd7333769a4b8d19d4794357edce762e8136ab9d7ed34a72baffd849b90579b96b3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x94)

2.577044702s ago: executing program 1 (id=1744):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$RTC_AIE_ON(0xffffffffffffffff, 0x7001)
sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, 0x0, 0x20000014)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x10008095, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x30, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x12, 0x1, 0x0, 0x0, {0x5}}}, 0x58}, 0x1, 0x0, 0x0, 0x840}, 0x0)

2.297215594s ago: executing program 0 (id=1745):
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x398, 0x198, 0x4c, 0x1a, 0x198, 0x73, 0x2c8, 0x258, 0x258, 0x2c8, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0x168, 0x198, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x0, 0x0, 0xc}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00', @dev, [], [0x0, 0x0, 0xffffff00]}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x0, 0x0, 0x7}}}}, {{@uncond, 0x0, 0xf8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@icmp6={{0x28}, {0x0, "e1f6"}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3f8)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'bond0\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
syz_init_net_socket$rose(0xb, 0x5, 0x0)
fsopen(&(0x7f0000000240)='vfat\x00', 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
ioctl$RTC_ALM_READ(0xffffffffffffffff, 0x80247008, 0x0)
connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10)
writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
timer_settime(0x0, 0x0, 0x0, 0x0)
shutdown(r1, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)

2.122062915s ago: executing program 1 (id=1746):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x804e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@private0, 0x0, 0x0, 0xff, 0x1, 0x0, 0x2}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r3, &(0x7f0000000180)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8)

0s ago: executing program 1 (id=1747):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_sock_diag(0x10, 0x3, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

kernel console output (not intermixed with test programs):

=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.820" name="bus" dev="overlay" ino=1008 res=0 errno=0
[  657.913394][ T9576] Process accounting resumed
[  658.539141][ T9594] netlink: 24 bytes leftover after parsing attributes in process `syz.2.823'.
[  661.970352][ T5138] block nbd2: Receive control failed (result -32)
[  662.064410][ T9623] hub 8-0:1.0: USB hub found
[  662.074705][ T9623] hub 8-0:1.0: 1 port detected
[  666.714624][   T30] audit: type=1800 audit(1750957828.722:16): pid=9633 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.834" name="bus" dev="overlay" ino=1027 res=0 errno=0
[  670.325259][ T9663] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  672.664089][ T9662] netlink: 4 bytes leftover after parsing attributes in process `syz.2.842'.
[  679.383475][ T5893] libceph: connect (1)[c::]:6789 error -101
[  679.393029][ T5893] libceph: mon0 (1)[c::]:6789 connect error
[  679.415163][ T9713] ceph: No mds server is up or the cluster is laggy
[  681.094573][ T9163] Bluetooth: hci4: command 0x0405 tx timeout
[  686.115185][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  686.121583][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  686.644957][ T5893] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  687.608427][ T5925] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  687.684436][ T5893] usb 2-1: Using ep0 maxpacket: 16
[  687.709980][ T5893] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  687.768933][ T5893] usb 2-1: config 0 interface 0 has no altsetting 0
[  687.784535][ T5925] usb 6-1: Using ep0 maxpacket: 16
[  687.796917][ T5925] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  687.814434][ T5893] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  687.824002][ T5893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  687.844442][ T5925] usb 6-1: config 0 interface 0 has no altsetting 0
[  687.884637][ T5925] usb 6-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  687.918624][ T5893] usb 2-1: config 0 descriptor??
[  687.922884][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  687.959589][ T5925] usb 6-1: config 0 descriptor??
[  688.389675][ T9760] hub 8-0:1.0: USB hub found
[  688.396795][ T9760] hub 8-0:1.0: 1 port detected
[  689.351016][ T5893] usbhid 2-1:0.0: can't add hid device: -71
[  689.357994][ T5893] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  689.436716][ T5893] usb 2-1: USB disconnect, device number 4
[  689.958732][ T8393] libceph: connect (1)[c::]:6789 error -101
[  690.519200][ T8393] libceph: mon0 (1)[c::]:6789 connect error
[  690.525436][ T5925] usbhid 6-1:0.0: can't add hid device: -71
[  690.541174][ T5925] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  690.551862][ T5925] usb 6-1: USB disconnect, device number 5
[  690.586552][ T9765] ceph: No mds server is up or the cluster is laggy
[  694.178238][ T9796] Invalid ELF header type: 3 != 1
[  694.192095][ T9796] kernel read not supported for file / 
œ7³ÏüâW)ës“§Ç!Q�öì¥fsõl{T‡rÒ)r§ÖOš˜õ2:"ôÀT+ÍŸv|�Õ²DvcŽ“ØÖ Å6Òxãc: (pid: 9796 comm: syz.4.876)
[  694.207587][   T30] audit: type=1800 audit(1750957856.392:17): pid=9796 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.876" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=11260 res=0 errno=0
[  698.543965][ T9810] fuse: Bad value for 'group_id'
[  698.549141][ T9810] fuse: Bad value for 'group_id'
[  700.646004][ T9826] hub 8-0:1.0: USB hub found
[  700.652156][ T9826] hub 8-0:1.0: 1 port detected
[  702.998394][  T977] libceph: connect (1)[c::]:6789 error -101
[  703.073642][  T977] libceph: mon0 (1)[c::]:6789 connect error
[  703.644138][ T9863] ceph: No mds server is up or the cluster is laggy
[  704.234462][ T5152] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  707.350650][ T5152] usb 3-1: device descriptor read/all, error -71
[  708.079856][ T9890] fuse: Bad value for 'group_id'
[  708.084975][ T9890] fuse: Bad value for 'group_id'
[  708.429683][ T8393] libceph: connect (1)[c::]:6789 error -101
[  708.445955][ T8393] libceph: mon0 (1)[c::]:6789 connect error
[  708.755937][ T8393] libceph: connect (1)[c::]:6789 error -101
[  708.855053][ T8393] libceph: mon0 (1)[c::]:6789 connect error
[  709.426373][ T8393] libceph: connect (1)[c::]:6789 error -101
[  709.549266][ T8393] libceph: mon0 (1)[c::]:6789 connect error
[  709.782192][ T9891] ceph: No mds server is up or the cluster is laggy
[  710.925845][ T9914] ALSA: mixer_oss: invalid OSS volume '00000000000000000004'
[  713.704661][ T5138] Bluetooth: hci4: command 0x0405 tx timeout
[  717.552816][ T9914] syz.6.900 (9914): drop_caches: 2
[  717.842469][   T30] audit: type=1800 audit(1750957880.012:18): pid=9942 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.911" name="bus" dev="overlay" ino=131 res=0 errno=0
[  717.862031][    C1] vkms_vblank_simulate: vblank timer overrun
[  718.126203][ T9948] input: syz0 as /devices/virtual/input/input14
[  718.353769][ T9949] batadv0: entered promiscuous mode
[  720.184971][ T9949] batadv0: left promiscuous mode
[  722.783407][ T9967] hub 8-0:1.0: USB hub found
[  722.804124][ T9967] hub 8-0:1.0: 1 port detected
[  727.064593][ T5878] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  729.627990][ T5878] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  730.637302][ T5878] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  730.719167][ T5878] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  730.729105][ T5878] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  730.888595][ T5878] usb 6-1: can't set config #27, error -71
[  730.896225][ T5878] usb 6-1: USB disconnect, device number 6
[  731.196854][T10019] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  739.746186][T10074] hub 8-0:1.0: USB hub found
[  740.069604][T10074] hub 8-0:1.0: 1 port detected
[  742.384997][   T10] libceph: connect (1)[c::]:6789 error -101
[  742.449639][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  743.459182][ T5923] libceph: connect (1)[c::]:6789 error -101
[  743.465375][ T5923] libceph: mon0 (1)[c::]:6789 connect error
[  743.630081][T10078] ceph: No mds server is up or the cluster is laggy
[  747.420433][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  747.441645][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  751.096894][T10140] hub 8-0:1.0: USB hub found
[  751.103795][T10140] hub 8-0:1.0: 1 port detected
[  751.908157][T10143] overlayfs: failed to resolve './file0': -2
[  758.461375][T10182] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  758.473235][T10182] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  766.965716][ T5138] Bluetooth: hci4: command 0x0405 tx timeout
[  767.744734][T10223] batadv0: entered promiscuous mode
[  768.057055][T10223] batadv0: left promiscuous mode
[  768.802903][T10213] kexec: Could not allocate control_code_buffer
[  772.817064][   T30] audit: type=1800 audit(1750957934.972:19): pid=10244 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.987" name="bus" dev="overlay" ino=1299 res=0 errno=0
[  777.894522][   T10] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  778.904551][   T10] usb 3-1: Using ep0 maxpacket: 8
[  778.931203][   T10] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  778.944578][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  778.952637][   T10] usb 3-1: Product: syz
[  779.174352][   T10] usb 3-1: Manufacturer: syz
[  779.179031][   T10] usb 3-1: SerialNumber: syz
[  779.947496][   T10] usb 3-1: config 0 descriptor??
[  779.971100][   T10] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  779.984815][   T10] usb 3-1: setting power ON
[  779.990838][   T10] dvb-usb: bulk message failed: -22 (2/0)
[  780.021097][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  781.082475][   T10] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  781.094620][   T10] usb 3-1: media controller created
[  781.132459][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  781.203444][   T10] usb 3-1: selecting invalid altsetting 6
[  781.226832][   T10] usb 3-1: digital interface selection failed (-22)
[  781.234428][   T10] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  781.254473][   T10] usb 3-1: setting power OFF
[  781.260249][   T10] dvb-usb: bulk message failed: -22 (2/0)
[  781.274361][   T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  781.298380][   T10] (NULL device *): no alternate interface
[  781.574084][T10290] fuse: Unknown parameter 'grou00000000000000000000'
[  782.726892][   T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  782.741875][   T10] usb 3-1: USB disconnect, device number 6
[  789.568581][T10329] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1012'.
[  792.351101][T10340] batadv0: entered promiscuous mode
[  792.400808][T10340] batadv0: left promiscuous mode
[  792.653525][ T5138] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  792.670966][ T5138] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  792.688160][ T5138] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  792.718989][ T5138] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  792.822563][ T5138] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  795.095295][ T5138] Bluetooth: hci0: command tx timeout
[  797.325791][ T5138] Bluetooth: hci0: command tx timeout
[  798.288034][T10355] kexec: Could not allocate control_code_buffer
[  798.681258][T10368] Invalid ELF header type: 3 != 1
[  798.708208][T10368] kernel read not supported for file / 
œ7³ÏüâW)ës“§Ç!Q�öì¥fsõl{T‡rÒ)r§ÖOš˜õ2:"ôÀT+ÍŸv|�Õ²DvcŽ“ØÖ Å6Òxãc: (pid: 10368 comm: syz.2.1020)
[  798.727053][   T30] audit: type=1800 audit(1750957960.912:20): pid=10368 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.1020" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=23128 res=0 errno=0
[  799.414804][ T5138] Bluetooth: hci0: command tx timeout
[  801.318399][T10342] chnl_net:caif_netlink_parms(): no params data found
[  801.524549][ T5138] Bluetooth: hci0: command tx timeout
[  802.527958][T10342] bridge0: port 1(bridge_slave_0) entered blocking state
[  802.540002][T10342] bridge0: port 1(bridge_slave_0) entered disabled state
[  802.565018][T10342] bridge_slave_0: entered allmulticast mode
[  802.573147][T10342] bridge_slave_0: entered promiscuous mode
[  802.612902][T10342] bridge0: port 2(bridge_slave_1) entered blocking state
[  802.630076][T10342] bridge0: port 2(bridge_slave_1) entered disabled state
[  802.815122][T10392] hub 8-0:1.0: USB hub found
[  802.824569][T10392] hub 8-0:1.0: 1 port detected
[  803.536435][T10342] bridge_slave_1: entered allmulticast mode
[  803.546566][T10342] bridge_slave_1: entered promiscuous mode
[  803.741484][T10342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  803.836183][T10342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  805.278610][T10342] team0: Port device team_slave_0 added
[  805.336045][T10342] team0: Port device team_slave_1 added
[  805.497227][T10342] batman_adv: batadv0: Adding interface: batadv_slave_0
[  805.504242][T10342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  805.568131][T10342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  805.588136][T10342] batman_adv: batadv0: Adding interface: batadv_slave_1
[  805.602531][T10342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  806.665835][T10342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  807.442467][T10409] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  807.452260][T10409] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  807.461904][T10409] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  807.554370][ T5923] libceph: connect (1)[c::]:6789 error -101
[  807.560786][ T5923] libceph: mon0 (1)[c::]:6789 connect error
[  807.864615][ T5923] libceph: connect (1)[c::]:6789 error -101
[  807.984982][ T5923] libceph: mon0 (1)[c::]:6789 connect error
[  808.587468][T10342] hsr_slave_0: entered promiscuous mode
[  808.754125][ T5885] libceph: connect (1)[c::]:6789 error -101
[  808.794587][ T5885] libceph: mon0 (1)[c::]:6789 connect error
[  808.805708][T10342] hsr_slave_1: entered promiscuous mode
[  808.812285][T10342] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  808.832829][T10342] Cannot create hsr debugfs directory
[  808.860590][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  808.877580][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  809.305401][T10414] ceph: No mds server is up or the cluster is laggy
[  810.005886][T10430] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1035'.
[  810.049218][T10342] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  810.062850][T10342] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  810.384614][T10342] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  810.785306][T10342] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  811.323188][T10436] batadv0: entered promiscuous mode
[  812.250119][T10436] batadv0: left promiscuous mode
[  812.904474][T10211] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  813.128972][T10211] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  814.172671][T10211] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  814.196626][T10211] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  814.206248][T10211] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  814.220107][T10211] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  814.391207][T10342] 8021q: adding VLAN 0 to HW filter on device bond0
[  814.401612][T10211] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  814.411535][T10211] usb 7-1: Product: syz
[  814.431011][T10211] usb 7-1: Manufacturer: syz
[  815.019507][T10211] cdc_wdm 7-1:1.0: skipping garbage
[  815.194833][T10211] cdc_wdm 7-1:1.0: skipping garbage
[  815.252653][ T5923] libceph: connect (1)[c::]:6789 error -101
[  815.345753][ T5923] libceph: mon0 (1)[c::]:6789 connect error
[  815.450009][T10342] 8021q: adding VLAN 0 to HW filter on device team0
[  815.601151][ T5996] bridge0: port 1(bridge_slave_0) entered blocking state
[  815.608407][ T5996] bridge0: port 1(bridge_slave_0) entered forwarding state
[  815.621147][ T5885] libceph: connect (1)[c::]:6789 error -101
[  815.654876][ T5885] libceph: mon0 (1)[c::]:6789 connect error
[  815.923891][T10211] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  815.931751][T10211] cdc_wdm 7-1:1.0: Unknown control protocol
[  815.947846][T10465] ceph: No mds server is up or the cluster is laggy
[  815.974893][T10211] usb 7-1: USB disconnect, device number 2
[  815.983201][ T5996] bridge0: port 2(bridge_slave_1) entered blocking state
[  815.990488][ T5996] bridge0: port 2(bridge_slave_1) entered forwarding state
[  816.068731][T10471] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1043'.
[  817.370677][T10342] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  817.494546][ T9163] Bluetooth: hci0: command 0x0405 tx timeout
[  819.580161][T10499] hub 8-0:1.0: USB hub found
[  819.586306][T10499] hub 8-0:1.0: 1 port detected
[  820.669204][T10342] 8021q: adding VLAN 0 to HW filter on device batadv0
[  821.851137][T10510] hub 8-0:1.0: USB hub found
[  821.857264][T10510] hub 8-0:1.0: 1 port detected
[  823.707784][T10526] hub 8-0:1.0: USB hub found
[  823.714634][T10526] hub 8-0:1.0: 1 port detected
[  827.608241][T10544] hub 8-0:1.0: USB hub found
[  827.644586][T10544] hub 8-0:1.0: 1 port detected
[  828.790339][T10342] veth0_vlan: entered promiscuous mode
[  828.806131][T10342] veth1_vlan: entered promiscuous mode
[  828.844442][ T8393] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  829.113535][T10342] veth0_macvtap: entered promiscuous mode
[  829.124897][T10342] veth1_macvtap: entered promiscuous mode
[  829.147665][T10342] batman_adv: batadv0: Interface activated: batadv_slave_0
[  830.186528][ T8393] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  830.504656][ T8393] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  830.589310][T10342] batman_adv: batadv0: Interface activated: batadv_slave_1
[  830.594554][ T8393] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  830.614371][ T8393] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  832.209464][ T8393] usb 2-1: can't set config #27, error -71
[  832.233011][ T8393] usb 2-1: USB disconnect, device number 5
[  832.596149][T10342] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  832.684559][T10342] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  832.693333][T10342] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  832.763480][T10342] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  837.443890][ T3937] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  838.190774][ T3937] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  839.827870][ T6000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  840.104627][ T6000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  842.528642][T10620] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  842.540547][T10620] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  844.770418][T10635] syz.6.1077: attempt to access beyond end of device
[  844.770418][T10635] nbd6: rw=0, sector=0, nr_sectors = 1 limit=0
[  851.966719][ T5923] libceph: connect (1)[c::]:6789 error -101
[  852.639742][ T5923] libceph: mon0 (1)[c::]:6789 connect error
[  852.868387][T10647] ceph: No mds server is up or the cluster is laggy
[  853.033911][ T5923] libceph: connect (1)[c::]:6789 error -101
[  853.040709][ T5923] libceph: mon0 (1)[c::]:6789 connect error
[  857.968432][T10677] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  859.894558][ T8816] Bluetooth: hci0: command 0x0405 tx timeout
[  860.659214][T10694] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  860.670953][T10694] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  861.534374][T10697] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  861.554503][T10697] netlink: 'syz.6.1091': attribute type 4 has an invalid length.
[  861.603867][T10697] netlink: 'syz.6.1091': attribute type 4 has an invalid length.
[  862.812202][T10706] netlink: 'syz.5.1092': attribute type 4 has an invalid length.
[  862.833400][T10706] netlink: 'syz.5.1092': attribute type 4 has an invalid length.
[  864.662624][ T5925] libceph: connect (1)[c::]:6789 error -101
[  865.144804][ T5925] libceph: mon0 (1)[c::]:6789 connect error
[  865.875971][T10736] netlink: 'syz.7.1099': attribute type 4 has an invalid length.
[  865.897224][T10736] netlink: 'syz.7.1099': attribute type 4 has an invalid length.
[  866.341427][ T5925] libceph: connect (1)[c::]:6789 error -101
[  866.362758][ T5925] libceph: mon0 (1)[c::]:6789 connect error
[  866.812792][T10721] ceph: No mds server is up or the cluster is laggy
[  866.874848][   T10] libceph: connect (1)[c::]:6789 error -101
[  866.881090][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  870.300379][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  870.306890][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  873.085411][T10758] netlink: 'syz.7.1107': attribute type 4 has an invalid length.
[  874.235373][T10758] netlink: 'syz.7.1107': attribute type 4 has an invalid length.
[  876.105169][ T8816] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  876.118236][ T8816] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  876.126636][ T8816] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  876.136380][ T8816] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  876.144553][ T8816] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  878.215801][ T5138] Bluetooth: hci1: command tx timeout
[  880.294389][ T5138] Bluetooth: hci1: command tx timeout
[  882.437064][ T5138] Bluetooth: hci1: command tx timeout
[  884.459363][T10781] chnl_net:caif_netlink_parms(): no params data found
[  884.483433][ T5138] Bluetooth: hci1: command tx timeout
[  884.758458][T10825] overlayfs: missing 'lowerdir'
[  886.774677][ T5138] Bluetooth: hci1: command 0x0405 tx timeout
[  887.320076][T10781] bridge0: port 1(bridge_slave_0) entered blocking state
[  887.374999][T10781] bridge0: port 1(bridge_slave_0) entered disabled state
[  887.382495][T10781] bridge_slave_0: entered allmulticast mode
[  887.392243][T10781] bridge_slave_0: entered promiscuous mode
[  887.408307][T10781] bridge0: port 2(bridge_slave_1) entered blocking state
[  887.415977][T10781] bridge0: port 2(bridge_slave_1) entered disabled state
[  887.425509][T10781] bridge_slave_1: entered allmulticast mode
[  887.434034][T10781] bridge_slave_1: entered promiscuous mode
[  889.179764][T10848] hub 8-0:1.0: USB hub found
[  889.222397][T10848] hub 8-0:1.0: 1 port detected
[  889.528919][T10781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  889.550057][T10781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  890.897947][T10781] team0: Port device team_slave_0 added
[  890.945825][T10781] team0: Port device team_slave_1 added
[  893.410205][T10869] batadv0: entered promiscuous mode
[  893.424132][T10869] batadv0: left promiscuous mode
[  893.547854][T10781] batman_adv: batadv0: Adding interface: batadv_slave_0
[  893.561870][T10781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  893.621363][T10781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  894.329151][T10781] batman_adv: batadv0: Adding interface: batadv_slave_1
[  894.554326][T10781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  895.645688][ T5138] Bluetooth: hci1: command 0x0405 tx timeout
[  895.651988][T10781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  897.113619][T10781] hsr_slave_0: entered promiscuous mode
[  897.120674][T10781] hsr_slave_1: entered promiscuous mode
[  897.216267][T10894] fuse: Bad value for 'fd'
[  898.088223][T10781] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  898.104340][T10781] Cannot create hsr debugfs directory
[  898.811419][ T5878] libceph: connect (1)[c::]:6789 error -101
[  898.929035][ T5878] libceph: mon0 (1)[c::]:6789 connect error
[  898.965122][T10897] ceph: No mds server is up or the cluster is laggy
[  901.370852][ T5885] libceph: connect (1)[c::]:6789 error -101
[  901.384363][ T5885] libceph: mon0 (1)[c::]:6789 connect error
[  901.430579][T10912] ceph: No mds server is up or the cluster is laggy
[  901.437518][T10781] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  902.548503][T10781] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  902.640064][T10781] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  902.721312][T10781] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  903.932369][T10781] 8021q: adding VLAN 0 to HW filter on device bond0
[  903.956067][T10781] 8021q: adding VLAN 0 to HW filter on device team0
[  903.977620][ T3937] bridge0: port 1(bridge_slave_0) entered blocking state
[  903.984933][ T3937] bridge0: port 1(bridge_slave_0) entered forwarding state
[  904.033547][ T3937] bridge0: port 2(bridge_slave_1) entered blocking state
[  904.040850][ T3937] bridge0: port 2(bridge_slave_1) entered forwarding state
[  905.054094][T10945] hub 8-0:1.0: USB hub found
[  905.059283][T10945] hub 8-0:1.0: 1 port detected
[  905.458224][T10949] fuse: Bad value for 'fd'
[  907.260600][T10966] netlink: 'syz.6.1151': attribute type 4 has an invalid length.
[  907.279042][T10966] netlink: 'syz.6.1151': attribute type 4 has an invalid length.
[  909.152988][T10977] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  909.281431][T10975] netlink: 'syz.5.1152': attribute type 4 has an invalid length.
[  909.363194][T10973] netlink: 'syz.5.1152': attribute type 4 has an invalid length.
[  909.439595][T10781] 8021q: adding VLAN 0 to HW filter on device batadv0
[  912.148052][T11007] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  912.223115][T11007] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  913.238589][T11011] fuse: Bad value for 'fd'
[  915.830608][T10781] veth0_vlan: entered promiscuous mode
[  916.768044][T10781] veth1_vlan: entered promiscuous mode
[  918.864350][ T5138] Bluetooth: hci0: command 0x0405 tx timeout
[  918.941900][T10781] veth0_macvtap: entered promiscuous mode
[  919.068300][T10781] veth1_macvtap: entered promiscuous mode
[  919.104931][T10781] batman_adv: batadv0: Interface activated: batadv_slave_0
[  919.121417][T10781] batman_adv: batadv0: Interface activated: batadv_slave_1
[  919.153132][T10781] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  919.277623][T11048] hub 8-0:1.0: USB hub found
[  919.282931][T11048] hub 8-0:1.0: 1 port detected
[  919.632667][T11055] netlink: 'syz.5.1169': attribute type 4 has an invalid length.
[  919.690615][T11056] netlink: 'syz.5.1169': attribute type 4 has an invalid length.
[  919.954904][T10781] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  919.973592][T10781] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  920.807208][T10781] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  921.484056][T11067] hub 8-0:1.0: USB hub found
[  921.489983][T11067] hub 8-0:1.0: 1 port detected
[  923.237457][ T6000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  923.245473][ T6000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  923.253069][ T6000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  923.353442][ T6000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  927.186398][T11100] netlink: 'syz.6.1179': attribute type 4 has an invalid length.
[  931.857572][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  931.863959][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  937.968365][T11167] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  938.660183][T11169] Invalid ELF header type: 3 != 1
[  938.672255][T11169] kernel read not supported for file / 
œ7³ÏüâW)ës“§Ç!Q�öì¥fsõl{T‡rÒ)r§ÖOš˜õ2:"ôÀT+ÍŸv|�Õ²DvcŽ“ØÖ Å6Òxãc: (pid: 11169 comm: syz.7.1196)
[  938.901830][   T30] audit: type=1800 audit(1750958100.872:21): pid=11169 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.7.1196" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=27774 res=0 errno=0
[  941.568616][T11184] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  943.574340][T11039] Bluetooth: hci1: command 0x0405 tx timeout
[  945.994595][T10581] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  946.152862][T11218] ALSA: mixer_oss: invalid OSS volume '00000000000000000004'
[  947.047153][T10581] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  947.193742][T10581] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  947.234520][T10581] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  947.269931][T10581] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  947.470641][T11223] netlink: 44 bytes leftover after parsing attributes in process `syz.7.1210'.
[  947.691380][T11227] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1211'.
[  947.697018][T11210] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  947.740105][T10581] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  948.044098][T11234] hub 8-0:1.0: USB hub found
[  948.054560][T11234] hub 8-0:1.0: 1 port detected
[  949.176397][T10581] usb 2-1: USB disconnect, device number 6
[  952.544773][T11039] Bluetooth: hci1: command 0x0405 tx timeout
[  954.217747][T11222] syz.5.1208 (11222): drop_caches: 2
[  959.914091][T11302] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  959.974790][T11302] netlink: 'syz.1.1230': attribute type 4 has an invalid length.
[  961.583377][T11307] netlink: 4768 bytes leftover after parsing attributes in process `syz.6.1232'.
[  962.039744][T11316] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  962.059243][T11316] netlink: 'syz.7.1233': attribute type 4 has an invalid length.
[  964.362318][T11327] batadv0: entered promiscuous mode
[  964.663986][T11327] batadv0: left promiscuous mode
[  967.448605][T11334] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  967.466694][T11334] netlink: 'syz.5.1239': attribute type 4 has an invalid length.
[  968.214786][T11339] fuse: Unknown parameter '00000000000000000000'
[  969.153993][ T8816] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  969.470337][ T8816] Bluetooth: hci0: command 0x0405 tx timeout
[  969.477938][ T9163] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  969.488227][ T9163] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  969.497590][ T9163] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  969.505607][ T9163] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  972.542072][ T9163] Bluetooth: hci1: command tx timeout
[  973.380126][T11367] hub 8-0:1.0: USB hub found
[  973.386324][T11367] hub 8-0:1.0: 1 port detected
[  975.212554][T11373] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1246'.
[  975.217806][ T9163] Bluetooth: hci1: command tx timeout
[  975.371417][ T5989] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  976.591835][ T5989] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  977.738790][T11039] Bluetooth: hci1: command tx timeout
[  978.124903][ T5989] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  979.522601][ T5989] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  979.894556][T11039] Bluetooth: hci1: command 0x0419 tx timeout
[  981.974626][ T9163] Bluetooth: hci1: command 0x0419 tx timeout
[  982.236396][T11345] chnl_net:caif_netlink_parms(): no params data found
[  983.430114][ T5989] bridge_slave_1: left allmulticast mode
[  983.463047][ T5989] bridge_slave_1: left promiscuous mode
[  983.538700][ T5989] bridge0: port 2(bridge_slave_1) entered disabled state
[  983.787418][ T5989] bridge_slave_0: left allmulticast mode
[  983.855225][ T5989] bridge_slave_0: left promiscuous mode
[  983.942954][ T5989] bridge0: port 1(bridge_slave_0) entered disabled state
[  984.200213][T11427] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  989.777343][ T5989] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  989.800413][ T5989] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  989.833250][ T5989] bond0 (unregistering): Released all slaves
[  989.925712][T11345] bridge0: port 1(bridge_slave_0) entered blocking state
[  989.933060][T11345] bridge0: port 1(bridge_slave_0) entered disabled state
[  989.941006][T11345] bridge_slave_0: entered allmulticast mode
[  989.948737][T11345] bridge_slave_0: entered promiscuous mode
[  990.570616][T11435] batadv0: entered promiscuous mode
[  990.708018][T11435] batadv0: left promiscuous mode
[  990.784412][T11039] Bluetooth: hci1: command 0x0419 tx timeout
[  990.831822][T11345] bridge0: port 2(bridge_slave_1) entered blocking state
[  990.857633][T11345] bridge0: port 2(bridge_slave_1) entered disabled state
[  990.945475][T11345] bridge_slave_1: entered allmulticast mode
[  990.953580][T11345] bridge_slave_1: entered promiscuous mode
[  991.750349][T11467] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  991.824029][T11469] netlink: 'syz.6.1269': attribute type 4 has an invalid length.
[  992.526373][T11474] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  992.559271][T11474] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  993.194832][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  993.201407][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  994.521287][T11345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  995.072124][T11494] ptrace attach of "./syz-executor exec"[5823] was attempted by "./syz-executor exec"[11494]
[  995.695398][T11345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  995.745609][T11495] overlayfs: missing 'lowerdir'
[  996.214490][T11500] netlink: 4768 bytes leftover after parsing attributes in process `syz.6.1277'.
[  998.307257][ T5989] hsr_slave_0: left promiscuous mode
[  998.313673][ T5989] hsr_slave_1: left promiscuous mode
[  998.335136][ T5989] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  998.342624][ T5989] batman_adv: batadv0: Removing interface: batadv_slave_0
[  998.686538][ T5989] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  998.714391][ T5989] batman_adv: batadv0: Removing interface: batadv_slave_1
[  998.826946][ T5989] veth1_macvtap: left promiscuous mode
[  998.858748][ T5989] veth0_macvtap: left promiscuous mode
[  998.895717][ T5989] veth1_vlan: left promiscuous mode
[  998.901368][ T5989] veth0_vlan: left promiscuous mode
[  999.489883][T11528] netlink: 'syz.6.1282': attribute type 4 has an invalid length.
[ 1001.289813][T11533] input: syz0 as /devices/virtual/input/input15
[ 1001.751839][ T5989] team0 (unregistering): Port device team_slave_1 removed
[ 1002.397438][ T5989] team0 (unregistering): Port device team_slave_0 removed
[ 1002.646358][T11540] overlayfs: missing 'lowerdir'
[ 1003.614518][T10581] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[ 1003.804484][T10581] usb 2-1: Using ep0 maxpacket: 16
[ 1003.877348][T10581] usb 2-1: config 0 has an invalid interface number: 213 but max is 0
[ 1003.917468][T10581] usb 2-1: config 0 has no interface number 0
[ 1003.972418][T10581] usb 2-1: config 0 interface 213 altsetting 0 endpoint 0x82 has invalid maxpacket 1104, setting to 1024
[ 1004.027422][T10581] usb 2-1: config 0 interface 213 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1004.056628][T10581] usb 2-1: New USB device found, idVendor=0499, idProduct=105c, bcdDevice=c5.ad
[ 1004.065933][T10581] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1004.073996][T10581] usb 2-1: Product: syz
[ 1004.079705][T10581] usb 2-1: Manufacturer: syz
[ 1004.084715][T10581] usb 2-1: SerialNumber: syz
[ 1004.092533][T10581] usb 2-1: config 0 descriptor??
[ 1004.102460][T11544] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1004.108619][T11345] team0: Port device team_slave_0 added
[ 1004.407611][T11345] team0: Port device team_slave_1 added
[ 1004.734057][T11345] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1004.751285][T11345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1004.802420][T11345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1004.930927][T10211] libceph: connect (1)[c::]:6789 error -101
[ 1004.945734][T10211] libceph: mon0 (1)[c::]:6789 connect error
[ 1004.952800][T11345] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1004.962546][T11345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1004.988604][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1005.082533][T11345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1005.221239][ T5894] libceph: connect (1)[c::]:6789 error -101
[ 1005.530376][ T5894] libceph: mon0 (1)[c::]:6789 connect error
[ 1005.604350][T11550] ceph: No mds server is up or the cluster is laggy
[ 1006.027299][T10581] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1006.727584][T10581] usb 2-1: USB disconnect, device number 7
[ 1006.899396][T11345] hsr_slave_0: entered promiscuous mode
[ 1006.912304][T11345] hsr_slave_1: entered promiscuous mode
[ 1006.935694][T11345] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1006.943324][T11345] Cannot create hsr debugfs directory
[ 1007.199594][T11569] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1293'.
[ 1012.184014][T11589] overlayfs: missing 'lowerdir'
[ 1012.317024][T11345] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1013.138096][T11345] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1013.297451][T11345] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1013.613787][T11345] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1013.797417][T11602] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1015.662290][T11345] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1015.958634][T11345] 8021q: adding VLAN 0 to HW filter on device team0
[ 1015.981008][ T6000] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1015.988267][ T6000] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1016.775690][ T5989] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1016.782925][ T5989] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1019.600728][T11630] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1025.363406][T11655] batadv0: entered promiscuous mode
[ 1025.407982][T11655] batadv0: left promiscuous mode
[ 1029.427426][T11039] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1029.437113][T11039] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1029.446241][T11039] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1029.460273][T11661] fuse: Unknown parameter 'fd0x0000000000000009'
[ 1029.475345][T11039] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1029.502614][T11039] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1031.844888][T11039] Bluetooth: hci1: command tx timeout
[ 1033.954672][T11039] Bluetooth: hci1: command tx timeout
[ 1034.081152][T11687] ptrace attach of "./syz-executor exec"[6390] was attempted by ""[11687]
[ 1036.200251][ T9163] Bluetooth: hci1: command tx timeout
[ 1036.954000][T11710] hub 8-0:1.0: USB hub found
[ 1036.961419][T11710] hub 8-0:1.0: 1 port detected
[ 1037.762735][T11714] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1329'.
[ 1038.004560][T11666] chnl_net:caif_netlink_parms(): no params data found
[ 1038.215285][T11039] Bluetooth: hci1: command tx timeout
[ 1038.467633][   T13] bridge_slave_1: left allmulticast mode
[ 1038.473358][   T13] bridge_slave_1: left promiscuous mode
[ 1038.479945][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1038.591696][   T13] bridge_slave_0: left allmulticast mode
[ 1038.598833][   T13] bridge_slave_0: left promiscuous mode
[ 1038.629802][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1039.935034][T11731] [U] 
[ 1039.938063][T11731] [U] 
[ 1039.940804][T11731] [U] 
[ 1039.943532][T11731] [U] 
[ 1040.014486][T11731] [U] 
[ 1040.017282][T11731] [U] 
[ 1040.020015][T11731] [U] 
[ 1040.022793][T11731] [U] 
[ 1041.567892][T11730] [U] 
[ 1043.627519][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1043.678794][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1043.691229][   T13] bond0 (unregistering): Released all slaves
[ 1044.068642][T11762] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1044.101201][T11762] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1044.854932][   T13] hsr_slave_0: left promiscuous mode
[ 1044.888858][   T13] hsr_slave_1: left promiscuous mode
[ 1044.905191][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1044.958104][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1047.128039][T11776] ALSA: mixer_oss: invalid OSS volume '00000000000000000004'
[ 1048.597131][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 1048.871219][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 1048.939565][T11776] syz.1.1344 (11776): drop_caches: 2
[ 1050.389286][T11794] overlayfs: missing 'lowerdir'
[ 1050.452054][T11795] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[ 1052.508859][T11798] hub 8-0:1.0: USB hub found
[ 1052.663591][T11798] hub 8-0:1.0: 1 port detected
[ 1054.730618][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.737213][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.747232][T11666] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1055.833702][T11666] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1055.864595][T11666] bridge_slave_0: entered allmulticast mode
[ 1055.894841][T11666] bridge_slave_0: entered promiscuous mode
[ 1055.936448][T11666] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1055.961168][T11666] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1057.094415][T11666] bridge_slave_1: entered allmulticast mode
[ 1057.102579][T11666] bridge_slave_1: entered promiscuous mode
[ 1060.373323][T10009] libceph: connect (1)[c::]:6789 error -101
[ 1060.390143][T10009] libceph: mon0 (1)[c::]:6789 connect error
[ 1060.437001][T11840] ceph: No mds server is up or the cluster is laggy
[ 1060.437788][T11838] ceph: No mds server is up or the cluster is laggy
[ 1060.458871][T11666] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1060.474106][T10009] libceph: connect (1)[c::]:6789 error -101
[ 1060.481104][T10009] libceph: mon0 (1)[c::]:6789 connect error
[ 1060.509074][T11666] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1060.667028][ T5878] libceph: connect (1)[c::]:6789 error -101
[ 1061.190379][ T5878] libceph: mon0 (1)[c::]:6789 connect error
[ 1061.210026][T10009] libceph: connect (1)[c::]:6789 error -101
[ 1061.285766][T10009] libceph: mon0 (1)[c::]:6789 connect error
[ 1061.678849][T11666] team0: Port device team_slave_0 added
[ 1061.763261][T11666] team0: Port device team_slave_1 added
[ 1061.864242][ T9163] Bluetooth: hci1: command 0x0405 tx timeout
[ 1063.322472][T11865] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1064.305873][T11666] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1064.334995][T11666] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1064.361964][T11666] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1064.375527][T11666] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1064.382574][T11666] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1064.408845][T11666] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1065.039940][T11874] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1065.055298][T11874] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1065.490202][T11883] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1365'.
[ 1065.510701][T11666] hsr_slave_0: entered promiscuous mode
[ 1065.578278][T11666] hsr_slave_1: entered promiscuous mode
[ 1065.602682][T11666] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1065.620798][T11666] Cannot create hsr debugfs directory
[ 1067.852446][T11898] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1067.869405][T11898] netlink: 'syz.5.1368': attribute type 4 has an invalid length.
[ 1067.930136][T11900] netlink: 'syz.5.1368': attribute type 4 has an invalid length.
[ 1068.482793][T11906] batadv0: entered promiscuous mode
[ 1070.259991][T11906] batadv0: left promiscuous mode
[ 1070.735324][T11908] Can't find ip_set type hish:ip,mark
[ 1071.946665][T11917] overlayfs: missing 'lowerdir'
[ 1072.059173][T11918] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[ 1073.002052][T11666] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1073.058285][T11666] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1073.080233][T11666] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1073.111027][T11666] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1073.793679][T11666] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1073.833947][T11666] 8021q: adding VLAN 0 to HW filter on device team0
[ 1073.877886][ T5994] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1073.885200][ T5994] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1074.158087][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1074.165326][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1075.183710][T11953] batadv0: entered promiscuous mode
[ 1075.211134][T11953] batadv0: left promiscuous mode
[ 1078.873706][ T5878] libceph: connect (1)[c::]:6789 error -101
[ 1078.880076][ T5878] libceph: mon0 (1)[c::]:6789 connect error
[ 1079.139591][T11963] ceph: No mds server is up or the cluster is laggy
[ 1079.154932][T10009] libceph: connect (1)[c::]:6789 error -101
[ 1079.161075][T10009] libceph: mon0 (1)[c::]:6789 connect error
[ 1079.530693][T11666] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1082.256938][T12006] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1083.330824][T11039] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1083.342025][T11039] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1083.408306][T12024] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1083.440222][T12024] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1083.492249][T11039] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1083.515818][T11039] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1083.530632][T11039] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1086.470094][T11039] Bluetooth: hci3: command tx timeout
[ 1088.497808][T12018] chnl_net:caif_netlink_parms(): no params data found
[ 1088.580870][T11039] Bluetooth: hci3: command tx timeout
[ 1089.088917][ T9163] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1089.253550][T12064] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1089.783195][ T9163] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1089.806528][ T9163] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1089.824495][ T9163] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1089.835726][ T9163] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1090.835562][T11039] Bluetooth: hci3: command tx timeout
[ 1091.894925][T11039] Bluetooth: hci1: command tx timeout
[ 1092.056595][T12018] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1092.070704][T12018] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1092.084434][T12018] bridge_slave_0: entered allmulticast mode
[ 1092.092954][T12018] bridge_slave_0: entered promiscuous mode
[ 1092.245095][T12079] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1092.862347][T11039] Bluetooth: hci3: command tx timeout
[ 1092.961238][T12085] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1405'.
[ 1093.056492][T12018] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1093.064400][T12018] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1093.071746][T12018] bridge_slave_1: entered allmulticast mode
[ 1093.079951][T12018] bridge_slave_1: entered promiscuous mode
[ 1094.115157][T11039] Bluetooth: hci1: command tx timeout
[ 1094.298969][T12018] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1094.951240][T12099] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1096.134591][ T9163] Bluetooth: hci1: command tx timeout
[ 1096.518393][T12096] ceph: No mds server is up or the cluster is laggy
[ 1096.560909][ T5878] libceph: connect (1)[c::]:6789 error -101
[ 1096.570595][ T5878] libceph: mon0 (1)[c::]:6789 connect error
[ 1096.586967][T12018] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1096.904972][T12108] syz.6.1408: attempt to access beyond end of device
[ 1096.904972][T12108] nbd6: rw=0, sector=64, nr_sectors = 8 limit=0
[ 1096.919987][T12108] syz.6.1408: attempt to access beyond end of device
[ 1096.919987][T12108] nbd6: rw=0, sector=120, nr_sectors = 8 limit=0
[ 1096.933526][T12108] Mount JFS Failure: -5
[ 1096.937917][T12108] jfs_mount failed w/return code = -5
[ 1098.435238][ T9163] Bluetooth: hci1: command 0x0419 tx timeout
[ 1098.610953][T12117] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1099.144914][T12018] team0: Port device team_slave_0 added
[ 1099.154759][T12018] team0: Port device team_slave_1 added
[ 1100.454290][ T9163] Bluetooth: hci1: command 0x0419 tx timeout
[ 1101.147873][T12018] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1101.176106][T12018] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1101.361996][T12018] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1101.389062][T12018] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1101.396535][T12018] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1101.424009][T12018] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1102.752149][T12131] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1102.766910][T12131] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1104.460644][T12018] hsr_slave_0: entered promiscuous mode
[ 1104.476432][T12018] hsr_slave_1: entered promiscuous mode
[ 1104.482954][T12018] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1104.496045][T12018] Cannot create hsr debugfs directory
[ 1104.661986][T12143] fuse: Unknown parameter '00000000000000000000'
[ 1104.908010][T12149] syz.1.1418: attempt to access beyond end of device
[ 1104.908010][T12149] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[ 1104.922077][T12149] syz.1.1418: attempt to access beyond end of device
[ 1104.922077][T12149] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0
[ 1104.940196][T12149] Mount JFS Failure: -5
[ 1104.944631][T12149] jfs_mount failed w/return code = -5
[ 1107.624455][T11983] bridge_slave_1: left allmulticast mode
[ 1107.654605][T11983] bridge_slave_1: left promiscuous mode
[ 1107.689239][T11983] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1107.734671][T12155] [U] 
[ 1107.737461][T12155] [U] 
[ 1107.740171][T12155] [U] 
[ 1107.742857][T12155] [U] 
[ 1107.764342][T12155] [U] 
[ 1107.767102][T12155] [U] 
[ 1107.769789][T12155] [U] 
[ 1107.772540][T12155] [U] 
[ 1107.785690][T11983] bridge_slave_0: left allmulticast mode
[ 1107.804249][T11983] bridge_slave_0: left promiscuous mode
[ 1107.810027][T11983] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1107.824367][T12155] [U] 
[ 1107.827139][T12155] [U] 
[ 1107.829868][T12155] [U] 
[ 1107.832604][T12155] [U] 
[ 1107.871835][T12155] [U] 
[ 1107.874596][T12155] [U] 
[ 1107.877289][T12155] [U] 
[ 1107.879974][T12155] [U] 
[ 1107.958649][T12155] [U] 
[ 1107.961432][T12155] [U] 
[ 1107.964295][T12155] [U] 
[ 1107.967132][T12155] [U] 
[ 1108.044043][T12155] [U] 
[ 1108.046819][T12155] [U] 
[ 1108.049543][T12155] [U] 
[ 1108.052255][T12155] [U] 
[ 1108.105230][T12155] [U] 
[ 1108.108018][T12155] [U] 
[ 1108.110747][T12155] [U] 
[ 1108.113469][T12155] [U] 
[ 1108.546335][T12158] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1421'.
[ 1108.743171][T12154] [U] 
[ 1109.320164][ T5894] libceph: connect (1)[c::]:6789 error -101
[ 1109.331008][ T5894] libceph: mon0 (1)[c::]:6789 connect error
[ 1109.507922][T11983] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1110.364952][ T5893] libceph: connect (1)[c::]:6789 error -101
[ 1110.594602][ T5893] libceph: mon0 (1)[c::]:6789 connect error
[ 1110.642551][T11983] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1110.809770][T11983] bond0 (unregistering): Released all slaves
[ 1111.178192][T10009] libceph: connect (1)[c::]:6789 error -101
[ 1111.726916][T10009] libceph: mon0 (1)[c::]:6789 connect error
[ 1112.021031][T12164] ceph: No mds server is up or the cluster is laggy
[ 1112.030490][T11983] hsr_slave_0: left promiscuous mode
[ 1112.041967][T11983] hsr_slave_1: left promiscuous mode
[ 1112.320863][T11983] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1112.345515][T11983] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1114.287483][ T5885] libceph: connect (1)[c::]:6789 error -101
[ 1114.326937][ T5885] libceph: mon0 (1)[c::]:6789 connect error
[ 1114.444940][T12185] ceph: No mds server is up or the cluster is laggy
[ 1115.108275][T12197] netlink: 'syz.5.1428': attribute type 4 has an invalid length.
[ 1115.165755][T12198] netlink: 'syz.5.1428': attribute type 4 has an invalid length.
[ 1116.066323][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.072908][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.213806][T11983] team0 (unregistering): Port device team_slave_1 removed
[ 1116.280185][T11983] team0 (unregistering): Port device team_slave_0 removed
[ 1117.238596][T12207] ptrace attach of "./syz-executor exec"[9155] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[ 1117.838310][T12200] batadv0: entered promiscuous mode
[ 1118.124842][T12200] batadv0: left promiscuous mode
[ 1120.033160][T12225] ALSA: mixer_oss: invalid OSS volume '00000000000000000004'
[ 1120.361203][T12225] syz.5.1434 (12225): drop_caches: 2
[ 1121.571191][   T10] libceph: connect (1)[c::]:6789 error -101
[ 1121.594467][   T10] libceph: mon0 (1)[c::]:6789 connect error
[ 1121.601915][T12230] ceph: No mds server is up or the cluster is laggy
[ 1121.944027][T12062] chnl_net:caif_netlink_parms(): no params data found
[ 1126.043625][T12254] vivid-000: kernel_thread() failed
[ 1126.700240][T12259] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1127.207490][T12259] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1127.527286][T12266] Invalid ELF header magic: != ELF
[ 1127.553902][T12266] kernel read not supported for file / 
œ7³ÏüâW)ës“§Ç!Q�öì¥fsõl{T‡rÒ)r§ÖOš˜õ2:"ôÀT+ÍŸv|�Õ²DvcŽ“ØÖ Å6Òxãc: (pid: 12266 comm: syz.6.1442)
[ 1128.467232][   T30] audit: type=1800 audit(1750958289.752:22): pid=12266 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.1442" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=32955 res=0 errno=0
[ 1129.227280][T12274] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1129.545453][T12062] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1129.552874][T12062] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1129.564736][T12062] bridge_slave_0: entered allmulticast mode
[ 1129.676892][T12062] bridge_slave_0: entered promiscuous mode
[ 1129.686287][T12062] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1129.693474][T12062] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1129.710081][T12062] bridge_slave_1: entered allmulticast mode
[ 1129.718483][T12062] bridge_slave_1: entered promiscuous mode
[ 1129.951563][T12062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1129.983613][T12062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1130.947942][T12062] team0: Port device team_slave_0 added
[ 1130.971401][T12062] team0: Port device team_slave_1 added
[ 1131.321794][T12285] netlink: 'syz.1.1447': attribute type 4 has an invalid length.
[ 1131.379536][T12286] netlink: 'syz.1.1447': attribute type 4 has an invalid length.
[ 1131.933227][T12062] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1131.941355][T12062] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1132.140199][T12062] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1132.197062][T12018] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1132.234979][T12018] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1132.437932][T12062] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1132.454468][T12062] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1133.106738][T12062] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1133.323551][T12018] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1133.588774][T12018] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1134.548040][T12062] hsr_slave_0: entered promiscuous mode
[ 1134.584664][T12062] hsr_slave_1: entered promiscuous mode
[ 1134.602861][T12062] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1134.630747][T12062] Cannot create hsr debugfs directory
[ 1135.666002][T12306] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[ 1136.948381][T12018] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1137.010103][T12018] 8021q: adding VLAN 0 to HW filter on device team0
[ 1137.032305][ T5994] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1137.039603][ T5994] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1137.102008][ T5994] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1137.109306][ T5994] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1137.734525][T12328] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1454'.
[ 1137.744685][T12328] 8021q: VLANs not supported on ip6gre0
[ 1140.293818][ T5894] libceph: connect (1)[c::]:6789 error -101
[ 1140.301101][ T5894] libceph: mon0 (1)[c::]:6789 connect error
[ 1140.421511][T12335] ceph: No mds server is up or the cluster is laggy
[ 1140.990162][T12062] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1141.202228][T12062] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1141.437670][T12062] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1141.824875][T11039] Bluetooth: hci1: command 0x0419 tx timeout
[ 1142.080764][T12062] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1144.791573][T11349] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1144.801232][T11349] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1144.817835][T11349] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1144.831600][T11349] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1144.841355][T11349] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1147.126194][T11349] Bluetooth: hci3: command tx timeout
[ 1148.907839][ T5878] libceph: connect (1)[c::]:6789 error -101
[ 1148.914009][ T5878] libceph: mon0 (1)[c::]:6789 connect error
[ 1148.965270][T12386] ceph: No mds server is up or the cluster is laggy
[ 1149.416642][ T9163] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1150.194443][ T9163] Bluetooth: hci3: command tx timeout
[ 1150.212457][T11039] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1150.404865][T11039] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1150.428956][T11039] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1150.437952][T11039] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1150.826041][T11349] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1150.841418][T11349] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1150.980775][T11349] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1150.997123][T11349] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1151.008044][T11349] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1151.975183][T12371] chnl_net:caif_netlink_parms(): no params data found
[ 1152.214420][T11349] Bluetooth: hci3: command tx timeout
[ 1152.535042][T11349] Bluetooth: hci6: command tx timeout
[ 1152.731412][T12418] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1469'.
[ 1153.209549][T11349] Bluetooth: hci7: command tx timeout
[ 1154.170841][ T5885] libceph: connect (1)[c::]:6789 error -101
[ 1154.192781][ T5885] libceph: mon0 (1)[c::]:6789 connect error
[ 1154.294301][T11349] Bluetooth: hci3: command tx timeout
[ 1154.614358][T11349] Bluetooth: hci6: command tx timeout
[ 1154.614903][ T5885] libceph: connect (1)[c::]:6789 error -101
[ 1154.646429][ T5885] libceph: mon0 (1)[c::]:6789 connect error
[ 1155.164790][ T5885] libceph: connect (1)[c::]:6789 error -101
[ 1155.173558][ T5885] libceph: mon0 (1)[c::]:6789 connect error
[ 1155.185927][T12431] ceph: No mds server is up or the cluster is laggy
[ 1155.223393][T12371] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1155.248510][T12371] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1155.264392][T11349] Bluetooth: hci7: command tx timeout
[ 1155.284718][T12371] bridge_slave_0: entered allmulticast mode
[ 1155.305332][T12371] bridge_slave_0: entered promiscuous mode
[ 1155.385518][T12396] chnl_net:caif_netlink_parms(): no params data found
[ 1155.543985][T12444] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1473'.
[ 1155.563185][T12371] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1155.591667][T12371] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1155.643443][T12371] bridge_slave_1: entered allmulticast mode
[ 1155.745340][T12371] bridge_slave_1: entered promiscuous mode
[ 1156.325168][T11988] bridge_slave_1: left allmulticast mode
[ 1156.330912][T11988] bridge_slave_1: left promiscuous mode
[ 1156.348574][T11988] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1156.404558][T11988] bridge_slave_0: left allmulticast mode
[ 1156.414699][T11988] bridge_slave_0: left promiscuous mode
[ 1156.429807][T11988] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1156.700446][T11349] Bluetooth: hci6: command tx timeout
[ 1156.993868][T11988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1157.007204][T11988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1157.023297][T11988] bond0 (unregistering): Released all slaves
[ 1157.169078][T12371] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1157.335508][T11349] Bluetooth: hci7: command tx timeout
[ 1158.379455][T11988] hsr_slave_0: left promiscuous mode
[ 1158.605635][T11988] hsr_slave_1: left promiscuous mode
[ 1158.624520][T11988] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1158.636095][T11988] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1158.776614][T11349] Bluetooth: hci6: command tx timeout
[ 1159.414348][T11349] Bluetooth: hci7: command tx timeout
[ 1161.222288][T11988] team0 (unregistering): Port device team_slave_1 removed
[ 1161.312346][T11988] team0 (unregistering): Port device team_slave_0 removed
[ 1164.195205][T12474] fuse: Unknown parameter '00000000000000000000'
[ 1166.620594][T12371] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1169.458902][T12371] team0: Port device team_slave_0 added
[ 1169.612869][T12371] team0: Port device team_slave_1 added
[ 1170.186121][T12514] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1170.202828][T12514] netlink: 'syz.6.1487': attribute type 4 has an invalid length.
[ 1170.261503][T12516] netlink: 'syz.6.1487': attribute type 4 has an invalid length.
[ 1170.908374][T12371] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1170.924415][T12371] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1171.005253][T12371] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1171.061288][T12371] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1171.089400][T12371] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1171.169665][T12371] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1171.336205][T12396] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1171.343470][T12396] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1171.371063][T12396] bridge_slave_0: entered allmulticast mode
[ 1171.380819][T12396] bridge_slave_0: entered promiscuous mode
[ 1171.389664][T12410] chnl_net:caif_netlink_parms(): no params data found
[ 1171.591056][T12396] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1171.604794][T12396] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1171.612163][T12396] bridge_slave_1: entered allmulticast mode
[ 1172.380987][T12396] bridge_slave_1: entered promiscuous mode
[ 1173.632619][T12371] hsr_slave_0: entered promiscuous mode
[ 1173.656168][T12371] hsr_slave_1: entered promiscuous mode
[ 1173.662808][T12371] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1173.679249][T12371] Cannot create hsr debugfs directory
[ 1173.879090][T12396] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1173.908758][T12396] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1174.001522][T11988] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1175.040946][T11988] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1175.193308][T12410] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1175.201113][T12410] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1175.208811][T12410] bridge_slave_0: entered allmulticast mode
[ 1175.217855][T12410] bridge_slave_0: entered promiscuous mode
[ 1175.227177][T12410] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1175.235413][T12410] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1175.243637][T12410] bridge_slave_1: entered allmulticast mode
[ 1175.263248][T12410] bridge_slave_1: entered promiscuous mode
[ 1175.283625][T12396] team0: Port device team_slave_0 added
[ 1177.554723][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.561125][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.579648][T11988] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1178.585825][T12396] team0: Port device team_slave_1 added
[ 1178.640827][T12410] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1178.765700][T11988] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1178.799850][T12410] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1178.963293][T12396] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1178.975354][T12396] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1179.059203][T12396] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1179.236769][T12560] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1179.251464][T12560] netlink: 'syz.6.1496': attribute type 4 has an invalid length.
[ 1179.311211][T12562] netlink: 'syz.6.1496': attribute type 4 has an invalid length.
[ 1179.477324][T12396] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1179.582353][T12396] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1179.695593][T12396] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1179.732770][T12410] team0: Port device team_slave_0 added
[ 1179.790904][T12410] team0: Port device team_slave_1 added
[ 1179.799416][T12565] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1497'.
[ 1179.889895][T12410] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1179.902160][T12410] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1179.954369][T12410] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1180.040845][T12410] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1180.070583][T12410] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1180.174846][T12410] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1180.888689][T12396] hsr_slave_0: entered promiscuous mode
[ 1180.905618][T12396] hsr_slave_1: entered promiscuous mode
[ 1180.912272][T12396] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1180.931604][T12396] Cannot create hsr debugfs directory
[ 1180.960861][T12410] hsr_slave_0: entered promiscuous mode
[ 1180.978169][T12410] hsr_slave_1: entered promiscuous mode
[ 1180.994840][T12410] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1181.012696][T12410] Cannot create hsr debugfs directory
[ 1182.780208][T11988] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1183.003578][T11988] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1183.211081][T11988] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1183.337331][T11988] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1183.789532][T12371] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1184.781638][T12593] Can't find ip_set type hish:ip,mark
[ 1184.982349][T12371] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1184.990611][T12596] [U] 
[ 1184.993376][T12596] [U] 
[ 1184.996117][T12596] [U] 
[ 1184.998851][T12596] [U] 
[ 1185.004337][T12596] [U] 
[ 1185.007088][T12596] [U] 
[ 1185.009815][T12596] [U] 
[ 1185.012548][T12596] [U] 
[ 1185.016603][T12596] [U] 
[ 1185.019347][T12596] [U] 
[ 1185.022076][T12596] [U] 
[ 1185.024975][T12596] [U] 
[ 1185.028532][T12596] [U] 
[ 1185.031386][T12596] [U] 
[ 1185.034116][T12596] [U] 
[ 1185.036844][T12596] [U] 
[ 1185.040561][T12596] [U] 
[ 1185.043304][T12596] [U] 
[ 1185.046032][T12596] [U] 
[ 1185.048759][T12596] [U] 
[ 1185.056344][T12596] [U] 
[ 1185.059106][T12596] [U] 
[ 1185.061836][T12596] [U] 
[ 1185.064580][T12596] [U] 
[ 1185.088824][T12596] [U] 
[ 1185.091611][T12596] [U] 
[ 1185.094341][T12596] [U] 
[ 1185.097068][T12596] [U] 
[ 1185.173902][T12595] [U] 
[ 1185.274562][T12371] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1186.317932][T12371] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1187.397245][T11988] bridge_slave_1: left allmulticast mode
[ 1187.403739][T11988] bridge_slave_1: left promiscuous mode
[ 1187.410474][T11988] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1187.422090][T11988] bridge_slave_0: left allmulticast mode
[ 1187.430765][T11988] bridge_slave_0: left promiscuous mode
[ 1187.464512][T11988] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1187.493732][T11988] bridge_slave_1: left allmulticast mode
[ 1187.523524][T11988] bridge_slave_1: left promiscuous mode
[ 1187.543393][T11988] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1187.563462][T11988] bridge_slave_0: left allmulticast mode
[ 1187.572645][T11988] bridge_slave_0: left promiscuous mode
[ 1187.584375][T11988] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1187.608423][T11988] bridge_slave_1: left allmulticast mode
[ 1187.618504][T11988] bridge_slave_1: left promiscuous mode
[ 1187.628526][T11988] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1187.650558][T11988] bridge_slave_0: left allmulticast mode
[ 1187.661220][T11988] bridge_slave_0: left promiscuous mode
[ 1187.668549][T11988] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1189.324738][T12632] [U] 
[ 1189.327522][T12632] [U] 
[ 1189.330262][T12632] [U] 
[ 1189.332991][T12632] [U] 
[ 1189.337823][T12632] [U] 
[ 1189.340577][T12632] [U] 
[ 1189.343308][T12632] [U] 
[ 1189.346043][T12632] [U] 
[ 1189.349833][T12632] [U] 
[ 1189.352557][T12632] [U] 
[ 1189.355271][T12632] [U] 
[ 1189.358008][T12632] [U] 
[ 1189.362649][T12632] [U] 
[ 1189.365394][T12632] [U] 
[ 1189.368557][T12632] [U] 
[ 1189.371283][T12632] [U] 
[ 1189.377627][T12632] [U] 
[ 1189.380392][T12632] [U] 
[ 1189.383132][T12632] [U] 
[ 1189.385866][T12632] [U] 
[ 1189.400929][T12632] [U] 
[ 1189.403688][T12632] [U] 
[ 1189.406421][T12632] [U] 
[ 1189.409151][T12632] [U] 
[ 1189.447577][T12632] [U] 
[ 1189.450360][T12632] [U] 
[ 1189.453083][T12632] [U] 
[ 1189.455835][T12632] [U] 
[ 1189.466830][T11988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1189.492396][T11988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1189.514058][T11988] bond0 (unregistering): Released all slaves
[ 1189.553779][T12631] [U] 
[ 1190.345821][T11988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1190.440823][T11988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1190.460197][T12641] hub 8-0:1.0: USB hub found
[ 1190.467794][T12641] hub 8-0:1.0: 1 port detected
[ 1190.578288][T11988] bond0 (unregistering): Released all slaves
[ 1191.441353][T11988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1191.454004][T11988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1191.465467][T11988] bond0 (unregistering): Released all slaves
[ 1192.650830][T12371] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1192.801922][T12371] 8021q: adding VLAN 0 to HW filter on device team0
[ 1192.907208][T11983] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1192.914468][T11983] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1193.874316][T12654] Can't find ip_set type hish:ip,mark
[ 1194.689356][T12662] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1518'.
[ 1195.359505][T12666] syz.6.1519 (12666): drop_caches: 2
[ 1195.387903][ T5997] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1195.395173][ T5997] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1196.515705][T12396] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1196.570531][T12396] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1196.595984][T12396] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1196.720255][T12396] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1197.563627][T11988] hsr_slave_0: left promiscuous mode
[ 1197.578458][T11988] hsr_slave_1: left promiscuous mode
[ 1197.594693][T11988] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1197.602234][T11988] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1197.613110][T11988] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1197.629603][T11988] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1197.668058][T11988] hsr_slave_0: left promiscuous mode
[ 1197.694884][T11988] hsr_slave_1: left promiscuous mode
[ 1197.707417][T11988] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1197.728260][T11988] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1197.883240][T11988] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1197.891421][T11988] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1197.944795][T11988] hsr_slave_0: left promiscuous mode
[ 1197.950683][T11988] hsr_slave_1: left promiscuous mode
[ 1197.960089][T11988] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1197.969439][T11988] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1197.999765][T11988] veth1_macvtap: left promiscuous mode
[ 1198.011602][T11988] veth0_macvtap: left promiscuous mode
[ 1198.024550][T11988] veth1_vlan: left promiscuous mode
[ 1198.035168][T11988] veth0_vlan: left promiscuous mode
[ 1198.171798][T11988] veth1_macvtap: left promiscuous mode
[ 1198.208155][T11988] veth0_macvtap: left promiscuous mode
[ 1198.469484][T11988] veth1_vlan: left promiscuous mode
[ 1198.547305][T11988] veth0_vlan: left promiscuous mode
[ 1199.043282][T12695] Can't find ip_set type hish:ip,mark
[ 1199.357726][   T30] audit: type=1800 audit(1750958361.542:23): pid=12699 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.1524" name="bus" dev="overlay" ino=1151 res=0 errno=0
[ 1201.618429][T11039] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1202.070504][T12710] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1202.085457][T12710] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1202.112118][T11039] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1202.121728][T11039] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1202.130228][T11039] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1202.138843][T11039] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1202.816375][T11988] team0 (unregistering): Port device team_slave_1 removed
[ 1202.951306][T11988] team0 (unregistering): Port device team_slave_0 removed
[ 1204.215388][T11349] Bluetooth: hci0: command tx timeout
[ 1204.945802][T11039] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1204.962098][T11039] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1204.964558][T12728] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1530'.
[ 1204.971234][T11039] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1204.993791][T11039] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1205.002219][T11039] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1205.518545][T11988] team0 (unregistering): Port device team_slave_1 removed
[ 1205.572286][T11988] team0 (unregistering): Port device team_slave_0 removed
[ 1206.232006][T11988] team0 (unregistering): Port device team_slave_1 removed
[ 1206.277858][T11988] team0 (unregistering): Port device team_slave_0 removed
[ 1206.299810][T11039] Bluetooth: hci0: command tx timeout
[ 1208.030042][ T5925] libceph: connect (1)[c::]:6789 error -101
[ 1208.142022][T11039] Bluetooth: hci1: command tx timeout
[ 1208.168149][ T5925] libceph: mon0 (1)[c::]:6789 connect error
[ 1208.578362][T11039] Bluetooth: hci0: command tx timeout
[ 1208.704736][T12739] ceph: No mds server is up or the cluster is laggy
[ 1208.734858][ T5885] libceph: connect (1)[c::]:6789 error -101
[ 1208.741115][ T5885] libceph: mon0 (1)[c::]:6789 connect error
[ 1209.912309][ T9163] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1209.921429][ T9163] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1209.934276][ T9163] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1209.950096][ T9163] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1209.967126][ T9163] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1210.214914][ T9163] Bluetooth: hci1: command 0x041b tx timeout
[ 1210.857485][ T9163] Bluetooth: hci0: command tx timeout
[ 1212.077677][ T9163] Bluetooth: hci5: command tx timeout
[ 1212.435594][ T9163] Bluetooth: hci1: command 0x041b tx timeout
[ 1213.362345][T12706] chnl_net:caif_netlink_parms(): no params data found
[ 1213.538558][T12726] chnl_net:caif_netlink_parms(): no params data found
[ 1214.144212][ T9163] Bluetooth: hci5: command tx timeout
[ 1214.241164][T12706] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1214.262432][T12706] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1214.270657][T12706] bridge_slave_0: entered allmulticast mode
[ 1214.279239][T12706] bridge_slave_0: entered promiscuous mode
[ 1214.454593][ T9163] Bluetooth: hci1: command 0x041b tx timeout
[ 1214.477406][T12706] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1214.510103][T12706] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1214.527977][T12706] bridge_slave_1: entered allmulticast mode
[ 1214.566431][T12706] bridge_slave_1: entered promiscuous mode
[ 1214.651515][T12726] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1214.671934][T12726] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1214.684454][T12726] bridge_slave_0: entered allmulticast mode
[ 1214.692612][T12726] bridge_slave_0: entered promiscuous mode
[ 1214.829417][T12752] chnl_net:caif_netlink_parms(): no params data found
[ 1214.895887][T12726] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1214.903106][T12726] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1214.924566][T12726] bridge_slave_1: entered allmulticast mode
[ 1214.933960][T12726] bridge_slave_1: entered promiscuous mode
[ 1214.998896][T12706] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1215.119212][T12706] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1215.153940][T12726] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1215.188960][T12726] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1215.326304][   T30] audit: type=1800 audit(1750958377.512:24): pid=12790 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.1540" name="bus" dev="overlay" ino=1197 res=0 errno=0
[ 1216.214565][ T9163] Bluetooth: hci5: command tx timeout
[ 1216.451654][T12796] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1216.483513][T12796] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1216.535221][ T9163] Bluetooth: hci1: command 0x041b tx timeout
[ 1216.897293][T12798] input: syz0 as /devices/virtual/input/input16
[ 1217.141775][T12752] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1217.162298][T12752] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1217.174079][T12752] bridge_slave_0: entered allmulticast mode
[ 1217.191881][T12752] bridge_slave_0: entered promiscuous mode
[ 1217.210031][T12752] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1217.225218][T12752] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1217.254969][T12752] bridge_slave_1: entered allmulticast mode
[ 1217.263213][T12752] bridge_slave_1: entered promiscuous mode
[ 1217.293730][T12706] team0: Port device team_slave_0 added
[ 1217.303249][T12706] team0: Port device team_slave_1 added
[ 1217.319220][T12726] team0: Port device team_slave_0 added
[ 1217.332599][T12726] team0: Port device team_slave_1 added
[ 1218.294660][ T9163] Bluetooth: hci5: command tx timeout
[ 1218.372459][T12726] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1218.402897][T12726] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1218.497927][T12726] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1218.826402][T12706] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1218.902424][T12706] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1219.266464][T12706] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1219.296988][T12726] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1219.304011][T12726] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1219.393566][T12726] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1219.738170][T12752] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1219.808739][T12752] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1219.835312][T12706] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1219.842566][T12706] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1220.009332][T12706] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1220.255863][T12752] team0: Port device team_slave_0 added
[ 1220.265062][T12752] team0: Port device team_slave_1 added
[ 1221.511517][T12820] Can't find ip_set type hish:ip,mark
[ 1221.686253][T12706] hsr_slave_0: entered promiscuous mode
[ 1221.701161][T12706] hsr_slave_1: entered promiscuous mode
[ 1221.711105][T12706] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1221.725383][T12706] Cannot create hsr debugfs directory
[ 1221.760161][T12726] hsr_slave_0: entered promiscuous mode
[ 1221.775789][T12726] hsr_slave_1: entered promiscuous mode
[ 1221.782609][T12726] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1221.798536][T12726] Cannot create hsr debugfs directory
[ 1221.809706][T12752] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1221.822072][T12752] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1221.848477][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1221.874175][T12752] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1221.887313][T12752] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1221.894360][T12752] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1221.923277][T12752] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1222.029436][T12827] netlink: 'syz.6.1547': attribute type 4 has an invalid length.
[ 1222.086679][T12828] netlink: 'syz.6.1547': attribute type 4 has an invalid length.
[ 1223.128339][T12836] overlayfs: missing 'lowerdir'
[ 1224.133249][T12837] overlayfs: failed to resolve './file1': -2
[ 1225.381463][T12752] hsr_slave_0: entered promiscuous mode
[ 1226.010467][T12752] hsr_slave_1: entered promiscuous mode
[ 1226.027735][T12752] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1226.047099][T12752] Cannot create hsr debugfs directory
[ 1231.896166][T12871] input: syz0 as /devices/virtual/input/input17
[ 1232.315793][T11988] bridge_slave_1: left allmulticast mode
[ 1232.328235][T11988] bridge_slave_1: left promiscuous mode
[ 1232.334411][T11988] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1232.345117][T11988] bridge_slave_0: left allmulticast mode
[ 1232.350779][T11988] bridge_slave_0: left promiscuous mode
[ 1232.357101][T11988] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1232.369735][T11988] bridge_slave_1: left allmulticast mode
[ 1232.375663][T11988] bridge_slave_1: left promiscuous mode
[ 1232.381783][T11988] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1232.392602][T11988] bridge_slave_0: left allmulticast mode
[ 1232.445727][T12878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1558'.
[ 1232.522614][T11988] bridge_slave_0: left promiscuous mode
[ 1232.532252][T11988] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1232.548885][T11988] bridge_slave_1: left allmulticast mode
[ 1232.555156][T11988] bridge_slave_1: left promiscuous mode
[ 1232.561355][T11988] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1232.576909][T11988] bridge_slave_0: left allmulticast mode
[ 1232.582842][T11988] bridge_slave_0: left promiscuous mode
[ 1232.590938][T11988] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1233.372951][T11988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1234.109515][T11988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1234.166378][T11988] bond0 (unregistering): Released all slaves
[ 1235.129435][T11988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1235.158905][T11988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1235.186435][T11988] bond0 (unregistering): Released all slaves
[ 1235.461494][T11988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1235.486059][T11988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1235.507074][T11988] bond0 (unregistering): Released all slaves
[ 1235.830066][T11988] hsr_slave_0: left promiscuous mode
[ 1236.024208][T11988] hsr_slave_1: left promiscuous mode
[ 1236.030612][T11988] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1236.047639][T11988] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1236.979846][T11988] hsr_slave_0: left promiscuous mode
[ 1237.004638][T11988] hsr_slave_1: left promiscuous mode
[ 1237.010580][T11988] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1237.028533][T11988] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1237.834305][T11988] hsr_slave_0: left promiscuous mode
[ 1237.864554][T11988] hsr_slave_1: left promiscuous mode
[ 1237.873833][T11988] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1237.898723][T11988] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1238.955868][T12906] hub 8-0:1.0: USB hub found
[ 1238.962372][T12906] hub 8-0:1.0: 1 port detected
[ 1238.968146][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1239.123502][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1241.067072][T12916] overlayfs: failed to resolve './file0': -2
[ 1242.460915][T11988] team0 (unregistering): Port device team_slave_1 removed
[ 1243.519485][T12923] Can't find ip_set type hish:ip,mark
[ 1243.702777][T11988] team0 (unregistering): Port device team_slave_0 removed
[ 1246.388050][T11988] team0 (unregistering): Port device team_slave_1 removed
[ 1246.459600][T11988] team0 (unregistering): Port device team_slave_0 removed
[ 1248.398235][T11988] team0 (unregistering): Port device team_slave_1 removed
[ 1248.465960][T11988] team0 (unregistering): Port device team_slave_0 removed
[ 1252.127223][ T5885] libceph: connect (1)[c::]:6789 error -101
[ 1252.134236][ T5885] libceph: mon0 (1)[c::]:6789 connect error
[ 1252.732068][   T10] libceph: connect (1)[c::]:6789 error -101
[ 1252.753519][   T10] libceph: mon0 (1)[c::]:6789 connect error
[ 1252.799247][T12968] ceph: No mds server is up or the cluster is laggy
[ 1252.913026][T12726] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1253.101544][T12726] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1253.323865][   T10] libceph: connect (1)[c::]:6789 error -101
[ 1253.330924][   T10] libceph: mon0 (1)[c::]:6789 connect error
[ 1253.597437][   T10] libceph: connect (1)[c::]:6789 error -101
[ 1253.612640][   T10] libceph: mon0 (1)[c::]:6789 connect error
[ 1253.966378][T12978] ceph: No mds server is up or the cluster is laggy
[ 1254.030217][T12726] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1254.103728][T12726] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1254.214811][T11349] Bluetooth: hci5: command 0x0405 tx timeout
[ 1254.332032][T12706] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1254.378913][T12706] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1254.418848][T12706] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1254.476791][T12706] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1255.071143][T12752] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1255.109636][T12752] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1255.406046][T12752] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1255.430918][T12752] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1255.511648][T13005] overlayfs: missing 'lowerdir'
[ 1256.323904][T12726] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1256.508097][T12706] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1256.665619][T13015] syz.6.1587: attempt to access beyond end of device
[ 1256.665619][T13015] nbd6: rw=0, sector=64, nr_sectors = 8 limit=0
[ 1256.679601][T13015] syz.6.1587: attempt to access beyond end of device
[ 1256.679601][T13015] nbd6: rw=0, sector=120, nr_sectors = 8 limit=0
[ 1256.693176][T13015] Mount JFS Failure: -5
[ 1256.697514][T13015] jfs_mount failed w/return code = -5
[ 1257.202106][T12726] 8021q: adding VLAN 0 to HW filter on device team0
[ 1257.376620][T12706] 8021q: adding VLAN 0 to HW filter on device team0
[ 1257.408497][T11979] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1257.415662][T11979] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1257.478636][T11979] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1257.485944][T11979] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1257.703140][T11979] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1257.710407][T11979] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1258.529569][T11979] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1258.536820][T11979] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1258.634776][T12706] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1258.651245][T12706] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1258.733524][T12726] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1258.765211][T12726] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1258.837179][T12752] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1258.874430][T12752] 8021q: adding VLAN 0 to HW filter on device team0
[ 1258.956674][T12752] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1258.976329][T12752] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1259.085689][T11979] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1259.093052][T11979] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1259.922553][T11979] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1259.930798][T11979] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1260.189875][T13033] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1591'.
[ 1263.439373][T12752] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1264.720396][ T5878] libceph: connect (1)[c::]:6789 error -101
[ 1264.826796][ T5878] libceph: mon0 (1)[c::]:6789 connect error
[ 1265.299125][T10211] libceph: connect (1)[c::]:6789 error -101
[ 1265.370069][T10211] libceph: mon0 (1)[c::]:6789 connect error
[ 1265.437902][T13057] ceph: No mds server is up or the cluster is laggy
[ 1266.172693][T13072] syz.1.1596: attempt to access beyond end of device
[ 1266.172693][T13072] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[ 1266.186955][T13072] syz.1.1596: attempt to access beyond end of device
[ 1266.186955][T13072] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0
[ 1266.200294][T13072] Mount JFS Failure: -5
[ 1266.204665][T13072] jfs_mount failed w/return code = -5
[ 1266.961141][T13064] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1595'.
[ 1267.250716][ T9163] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1267.274568][ T9163] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1267.293484][ T9163] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1267.306601][ T9163] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1267.315483][ T9163] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1267.752775][T11349] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1267.761533][T11349] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1267.769562][T11349] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1267.778246][T11349] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1267.786734][T11349] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1268.328330][ T9163] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1268.337705][ T9163] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1268.346031][ T9163] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1268.361886][ T9163] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1268.371403][ T9163] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1269.449158][ T9163] Bluetooth: hci0: command tx timeout
[ 1269.978170][ T9163] Bluetooth: hci1: command tx timeout
[ 1270.462893][ T9163] Bluetooth: hci3: command tx timeout
[ 1271.309075][ T5994] bridge_slave_1: left allmulticast mode
[ 1271.329284][ T5994] bridge_slave_1: left promiscuous mode
[ 1271.361339][ T5994] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1271.494722][ T9163] Bluetooth: hci0: command tx timeout
[ 1271.535086][ T5994] bridge_slave_0: left allmulticast mode
[ 1271.545605][ T5994] bridge_slave_0: left promiscuous mode
[ 1271.551479][ T5994] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1272.075144][ T9163] Bluetooth: hci1: command tx timeout
[ 1272.171161][T13115] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1603'.
[ 1272.544267][ T9163] Bluetooth: hci3: command tx timeout
[ 1273.533555][T13119] fuse: Unknown parameter '00000000000000000000'
[ 1273.574438][ T9163] Bluetooth: hci0: command tx timeout
[ 1273.762035][ T5994] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1273.774741][ T5994] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1273.816576][ T5994] bond0 (unregistering): Released all slaves
[ 1273.887853][T13115] vlan2: entered promiscuous mode
[ 1273.901427][T13115] syz_tun: entered promiscuous mode
[ 1273.983151][T13075] chnl_net:caif_netlink_parms(): no params data found
[ 1274.001912][T13080] chnl_net:caif_netlink_parms(): no params data found
[ 1274.135605][ T5994] hsr_slave_0: left promiscuous mode
[ 1274.142277][ T5994] hsr_slave_1: left promiscuous mode
[ 1274.154143][ T9163] Bluetooth: hci1: command tx timeout
[ 1274.162381][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1274.175983][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1274.623302][ T9163] Bluetooth: hci3: command tx timeout
[ 1274.763116][T13130] ALSA: mixer_oss: invalid OSS volume '00000000000000000004'
[ 1274.810272][T13130] syz.6.1606 (13130): drop_caches: 2
[ 1275.443403][ T5994] team0 (unregistering): Port device team_slave_1 removed
[ 1275.569154][ T5994] team0 (unregistering): Port device team_slave_0 removed
[ 1275.654682][ T9163] Bluetooth: hci0: command tx timeout
[ 1276.241499][ T9163] Bluetooth: hci1: command tx timeout
[ 1276.765028][ T9163] Bluetooth: hci3: command tx timeout
[ 1277.266158][T13086] chnl_net:caif_netlink_parms(): no params data found
[ 1278.476800][T13080] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1278.484046][T13080] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1278.500042][T13080] bridge_slave_0: entered allmulticast mode
[ 1278.517160][T13080] bridge_slave_0: entered promiscuous mode
[ 1278.751391][T13075] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1278.973274][T13155] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1279.043852][T13156] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1279.328965][T13075] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1279.344722][T13075] bridge_slave_0: entered allmulticast mode
[ 1279.363727][T13075] bridge_slave_0: entered promiscuous mode
[ 1279.479235][T13080] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1279.489359][T13080] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1279.498105][T13080] bridge_slave_1: entered allmulticast mode
[ 1279.519440][T13080] bridge_slave_1: entered promiscuous mode
[ 1280.277161][T13158] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[ 1280.398405][T13075] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1280.448003][T13075] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1280.458944][T13075] bridge_slave_1: entered allmulticast mode
[ 1280.592033][T13075] bridge_slave_1: entered promiscuous mode
[ 1280.822425][T13075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1280.837071][T13080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1280.865780][T13075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1280.947461][T13171] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1613'.
[ 1280.991638][T13172] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1612'.
[ 1281.030215][T13080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1281.157399][T13086] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1281.335618][T13086] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1281.384251][T13086] bridge_slave_0: entered allmulticast mode
[ 1281.392536][T13086] bridge_slave_0: entered promiscuous mode
[ 1281.455766][T13086] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1281.487359][T13086] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1281.512788][T13086] bridge_slave_1: entered allmulticast mode
[ 1281.568418][T13086] bridge_slave_1: entered promiscuous mode
[ 1281.741786][T11349] Bluetooth: hci3: command 0x0405 tx timeout
[ 1282.123682][T13075] team0: Port device team_slave_0 added
[ 1282.131807][T13075] team0: Port device team_slave_1 added
[ 1282.165771][T13171] vlan2: entered promiscuous mode
[ 1282.176189][T13171] syz_tun: entered promiscuous mode
[ 1282.223913][T13080] team0: Port device team_slave_0 added
[ 1282.591376][T13080] team0: Port device team_slave_1 added
[ 1282.599595][T13086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1282.619851][T13075] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1282.629527][T13075] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1282.776586][T13075] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1282.819576][T13086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1283.122941][T13181] netlink: 'syz.1.1614': attribute type 4 has an invalid length.
[ 1283.180246][T13182] netlink: 'syz.1.1614': attribute type 4 has an invalid length.
[ 1283.403838][T13075] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1283.452133][T13075] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1283.597852][T13075] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1283.686739][T13080] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1283.693708][T13080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1283.756847][T13080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1283.930349][T13086] team0: Port device team_slave_0 added
[ 1284.040576][T13080] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1284.075326][T13080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1285.010670][T13080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1285.180701][T13086] team0: Port device team_slave_1 added
[ 1285.523856][T13080] hsr_slave_0: entered promiscuous mode
[ 1285.541200][T13080] hsr_slave_1: entered promiscuous mode
[ 1285.559696][T13080] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1285.590378][T13080] Cannot create hsr debugfs directory
[ 1285.638226][T13075] hsr_slave_0: entered promiscuous mode
[ 1285.649369][T13075] hsr_slave_1: entered promiscuous mode
[ 1285.673592][T13075] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1285.694256][T13075] Cannot create hsr debugfs directory
[ 1285.710940][T13086] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1285.734332][T13086] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1285.771124][T13086] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1285.852299][T13086] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1285.868936][T13086] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1285.897550][T13086] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1287.012788][T13086] hsr_slave_0: entered promiscuous mode
[ 1287.020753][T13086] hsr_slave_1: entered promiscuous mode
[ 1287.036102][T13086] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1287.044750][T13086] Cannot create hsr debugfs directory
[ 1288.420561][T13203] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1288.453403][T13203] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1290.632881][ T5994] bridge_slave_1: left allmulticast mode
[ 1290.638714][ T5994] bridge_slave_1: left promiscuous mode
[ 1290.644640][ T5994] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1291.497249][ T5994] bridge_slave_0: left allmulticast mode
[ 1291.502968][ T5994] bridge_slave_0: left promiscuous mode
[ 1291.519198][ T5994] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1291.552122][ T5994] bridge_slave_1: left allmulticast mode
[ 1291.568357][ T5994] bridge_slave_1: left promiscuous mode
[ 1291.579891][ T5994] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1291.601720][ T5994] bridge_slave_0: left allmulticast mode
[ 1291.633309][ T5994] bridge_slave_0: left promiscuous mode
[ 1291.643959][ T5994] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1293.251219][T13225] netlink: 'syz.6.1624': attribute type 4 has an invalid length.
[ 1293.308656][T13226] netlink: 'syz.6.1624': attribute type 4 has an invalid length.
[ 1293.927819][ T5994] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1293.940199][ T5994] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1293.950371][ T5994] bond0 (unregistering): Released all slaves
[ 1294.261300][ T5994] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1294.272941][ T5994] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1294.283626][ T5994] bond0 (unregistering): Released all slaves
[ 1294.539742][T13086] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1294.634965][T13086] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1294.668407][T13086] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1294.722022][ T5994] hsr_slave_0: left promiscuous mode
[ 1294.731718][ T5994] hsr_slave_1: left promiscuous mode
[ 1294.745127][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1294.765208][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1294.787091][ T5994] hsr_slave_0: left promiscuous mode
[ 1294.803669][ T5994] hsr_slave_1: left promiscuous mode
[ 1294.813199][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1294.829256][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1296.269357][T13240] syz.6.1628: attempt to access beyond end of device
[ 1296.269357][T13240] nbd6: rw=0, sector=64, nr_sectors = 8 limit=0
[ 1296.283670][T13240] syz.6.1628: attempt to access beyond end of device
[ 1296.283670][T13240] nbd6: rw=0, sector=120, nr_sectors = 8 limit=0
[ 1296.297494][T13240] Mount JFS Failure: -5
[ 1296.301735][T13240] jfs_mount failed w/return code = -5
[ 1297.649972][ T5994] team0 (unregistering): Port device team_slave_1 removed
[ 1297.805169][ T5994] team0 (unregistering): Port device team_slave_0 removed
[ 1298.269061][T13246] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1629'.
[ 1299.609371][ T5994] team0 (unregistering): Port device team_slave_1 removed
[ 1299.742750][ T5994] team0 (unregistering): Port device team_slave_0 removed
[ 1300.933031][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.942801][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1301.380212][T13255] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1301.742141][T13086] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1302.268749][T13086] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1303.163106][T13086] 8021q: adding VLAN 0 to HW filter on device team0
[ 1303.351119][ T6000] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1303.358365][ T6000] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1303.398830][ T6000] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1303.406076][ T6000] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1303.675588][T13086] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1303.687524][T13086] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1305.010382][T13283] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1305.793646][T13075] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1305.817680][T13075] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1305.837862][T13075] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1305.856262][T13075] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1305.975278][T13086] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1306.082694][T13080] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1306.233526][T13080] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1306.266162][T13080] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1306.313453][T13080] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1307.048440][T13075] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1307.387661][T13075] 8021q: adding VLAN 0 to HW filter on device team0
[ 1307.658542][T13086] veth0_vlan: entered promiscuous mode
[ 1307.850785][T13080] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1307.862768][ T6000] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1307.870049][ T6000] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1307.909473][ T5996] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1307.916646][ T5996] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1308.908839][T13086] veth1_vlan: entered promiscuous mode
[ 1308.962163][T13075] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1308.972749][T13075] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1309.053456][T13080] 8021q: adding VLAN 0 to HW filter on device team0
[ 1309.429962][ T5996] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1309.437146][ T5996] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1309.566500][ T6000] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1309.573678][ T6000] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1309.677864][T13326] fuse: Bad value for 'fd'
[ 1309.815255][T13086] veth0_macvtap: entered promiscuous mode
[ 1309.851706][T13086] veth1_macvtap: entered promiscuous mode
[ 1309.907087][T13086] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1310.162253][T13086] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1310.186298][T13075] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1310.198811][T13086] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1310.238098][T13086] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1310.253095][T13086] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1310.283095][T13086] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1311.556834][T13080] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1311.616941][T13075] veth0_vlan: entered promiscuous mode
[ 1311.668383][ T5994] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1311.706479][ T5994] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1311.740198][T13075] veth1_vlan: entered promiscuous mode
[ 1311.832670][T13075] veth0_macvtap: entered promiscuous mode
[ 1311.913937][T11983] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1311.950857][T13075] veth1_macvtap: entered promiscuous mode
[ 1311.994264][T11983] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1312.005145][T13080] veth0_vlan: entered promiscuous mode
[ 1312.065645][T13075] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1312.108138][T13075] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1312.127507][T13075] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1312.142180][T13075] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1312.161129][T13075] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1312.184227][T13075] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1312.249271][T13080] veth1_vlan: entered promiscuous mode
[ 1312.339893][T13080] veth0_macvtap: entered promiscuous mode
[ 1312.358368][T13080] veth1_macvtap: entered promiscuous mode
[ 1312.605817][ T5996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1312.614778][ T5994] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1312.632489][ T5994] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1312.641946][ T5996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1312.649122][T13080] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1313.503234][T13080] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1314.003053][T13080] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1314.087381][T13080] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1314.114175][T13080] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1314.123467][T13080] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1315.282527][ T5996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1315.320827][ T5996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1315.447552][T11979] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1315.461229][T11979] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1319.592947][T13383] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1651'.
[ 1319.889527][T13387] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1319.921843][T13387] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1320.742003][T13392] hub 8-0:1.0: USB hub found
[ 1320.748569][T13392] hub 8-0:1.0: 1 port detected
[ 1321.885023][T13404] netlink: 'syz.3.1656': attribute type 4 has an invalid length.
[ 1321.938445][T13405] netlink: 'syz.3.1656': attribute type 4 has an invalid length.
[ 1324.044733][T13419] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1324.064895][T13419] netlink: 'syz.3.1659': attribute type 4 has an invalid length.
[ 1324.097664][T13419] netlink: 'syz.3.1659': attribute type 4 has an invalid length.
[ 1324.953608][T13426] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1663'.
[ 1328.243701][T13438] Can't find ip_set type hish:ip,mark
[ 1328.399693][T13435] fuse: Unknown parameter '00000000000000000000'
[ 1330.962473][ T5923] libceph: connect (1)[c::]:6789 error -101
[ 1330.977015][ T5923] libceph: mon0 (1)[c::]:6789 connect error
[ 1331.416546][T13452] ceph: No mds server is up or the cluster is laggy
[ 1331.857600][T13460] syz.0.1670: attempt to access beyond end of device
[ 1331.857600][T13460] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[ 1331.872644][T13460] syz.0.1670: attempt to access beyond end of device
[ 1331.872644][T13460] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0
[ 1331.885829][T13460] Mount JFS Failure: -5
[ 1331.890063][T13460] jfs_mount failed w/return code = -5
[ 1332.861438][ T9163] Bluetooth: hci3: command 0x0405 tx timeout
[ 1332.939783][T13464] hub 8-0:1.0: USB hub found
[ 1332.945755][T13464] hub 8-0:1.0: 1 port detected
[ 1337.916481][T13492] [U] 
[ 1337.919257][T13492] [U] 
[ 1337.921982][T13492] [U] 
[ 1337.924707][T13492] [U] 
[ 1337.965801][T13492] [U] 
[ 1337.968584][T13492] [U] 
[ 1337.971327][T13492] [U] 
[ 1337.974061][T13492] [U] 
[ 1338.014450][T13492] [U] 
[ 1338.017235][T13492] [U] 
[ 1338.019963][T13492] [U] 
[ 1338.022689][T13492] [U] 
[ 1338.114282][T13492] [U] 
[ 1338.117074][T13492] [U] 
[ 1338.119809][T13492] [U] 
[ 1338.122536][T13492] [U] 
[ 1338.377644][T13492] [U] 
[ 1338.380433][T13492] [U] 
[ 1338.383252][T13492] [U] 
[ 1338.385984][T13492] [U] 
[ 1339.002970][T13491] [U] 
[ 1339.492918][T13511] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1339.520037][T13511] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1341.648728][T13520] syz.0.1685: attempt to access beyond end of device
[ 1341.648728][T13520] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[ 1341.662915][T13520] syz.0.1685: attempt to access beyond end of device
[ 1341.662915][T13520] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0
[ 1341.676458][T13520] Mount JFS Failure: -5
[ 1341.680764][T13520] jfs_mount failed w/return code = -5
[ 1342.838203][T13527] netlink: 'syz.3.1687': attribute type 4 has an invalid length.
[ 1342.871399][T13527] netlink: 'syz.3.1687': attribute type 4 has an invalid length.
[ 1348.359563][T13558] overlayfs: missing 'lowerdir'
[ 1348.388558][T13558] overlayfs: missing 'lowerdir'
[ 1351.575613][T13571] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1351.651568][T13572] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1352.209339][ T5923] libceph: connect (1)[c::]:6789 error -101
[ 1352.613916][ T5923] libceph: mon0 (1)[c::]:6789 connect error
[ 1352.681392][T13576] ceph: No mds server is up or the cluster is laggy
[ 1353.340343][ T5923] libceph: connect (1)[c::]:6789 error -101
[ 1353.354330][ T5923] libceph: mon0 (1)[c::]:6789 connect error
[ 1353.588942][T13590] overlayfs: missing 'lowerdir'
[ 1354.854011][T13600] netlink: 'syz.9.1704': attribute type 4 has an invalid length.
[ 1354.893711][T13600] netlink: 'syz.9.1704': attribute type 4 has an invalid length.
[ 1355.686827][T13601] Can't find ip_set type hish:ip,mark
[ 1355.768757][T13604] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1706'.
[ 1356.409102][T13608] [U] 
[ 1356.411881][T13608] [U] 
[ 1356.414613][T13608] [U] 
[ 1356.417337][T13608] [U] 
[ 1356.464500][T13608] [U] 
[ 1356.467242][T13608] [U] 
[ 1356.469922][T13608] [U] 
[ 1356.472604][T13608] [U] 
[ 1356.757976][T13608] [U] 
[ 1356.760761][T13608] [U] 
[ 1356.763494][T13608] [U] 
[ 1356.766224][T13608] [U] 
[ 1356.832978][T13608] [U] 
[ 1356.835759][T13608] [U] 
[ 1356.838481][T13608] [U] 
[ 1356.841201][T13608] [U] 
[ 1356.844943][T13608] [U] 
[ 1356.847685][T13608] [U] 
[ 1356.850404][T13608] [U] 
[ 1356.853211][T13608] [U] 
[ 1356.865185][T13608] [U] 
[ 1358.674336][T13625] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1359.286774][T13625] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1361.829455][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.836111][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1362.082951][T13646] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1362.098592][T13646] netlink: 'syz.3.1716': attribute type 4 has an invalid length.
[ 1362.130174][T13646] netlink: 'syz.3.1716': attribute type 4 has an invalid length.
[ 1365.674185][ T5923] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 1365.771989][T13677] netlink: 'syz.1.1722': attribute type 4 has an invalid length.
[ 1365.829069][T13678] netlink: 'syz.1.1722': attribute type 4 has an invalid length.
[ 1366.197623][ T5923] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1366.239681][ T5923] usb 1-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1366.251346][ T5923] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1366.260737][ T5923] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1368.628694][T13691] syz.1.1727: attempt to access beyond end of device
[ 1368.628694][T13691] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[ 1368.642510][T13691] syz.1.1727: attempt to access beyond end of device
[ 1368.642510][T13691] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0
[ 1368.656248][T13691] Mount JFS Failure: -5
[ 1368.660579][T13691] jfs_mount failed w/return code = -5
[ 1369.537572][T10211] usb 1-1: USB disconnect, device number 3
[ 1373.992294][T13716] hub 8-0:1.0: USB hub found
[ 1373.998401][T13716] hub 8-0:1.0: 1 port detected
[ 1377.317427][T13735] overlayfs: missing 'lowerdir'
[ 1377.425438][T13736] overlayfs: missing 'lowerdir'
[ 1378.612184][T13740] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1378.629813][T13740] netlink: 'syz.1.1738': attribute type 4 has an invalid length.
[ 1378.661928][T13740] netlink: 'syz.1.1738': attribute type 4 has an invalid length.
[ 1380.224207][ T5894] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[ 1380.494349][ T5894] usb 10-1: Using ep0 maxpacket: 16
[ 1380.503885][ T5894] usb 10-1: config 0 has an invalid interface number: 213 but max is 0
[ 1380.534287][ T5894] usb 10-1: config 0 has no interface number 0
[ 1380.548671][ T5894] usb 10-1: config 0 interface 213 altsetting 0 endpoint 0x82 has invalid maxpacket 1104, setting to 1024
[ 1380.586338][ T5894] usb 10-1: config 0 interface 213 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1380.638154][ T5894] usb 10-1: New USB device found, idVendor=0499, idProduct=105c, bcdDevice=c5.ad
[ 1380.762490][T13757] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1743'.
[ 1380.794502][ T5894] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1380.832083][ T5894] usb 10-1: Product: syz
[ 1380.947318][ T5894] usb 10-1: Manufacturer: syz
[ 1380.952130][ T5894] usb 10-1: SerialNumber: syz
[ 1381.086703][ T5894] usb 10-1: config 0 descriptor??
[ 1381.155101][T13751] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[ 1383.097322][T11349]  non-paged memory
[ 1383.101814][T11349] list_del corruption, ffff8880301fe280->next is LIST_POISON1 (dead000000000100)
[ 1383.111929][T11349] ------------[ cut here ]------------
[ 1383.118423][T11349] kernel BUG at lib/list_debug.c:58!
[ 1383.123949][T11349] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[ 1383.130236][T11349] CPU: 1 UID: 0 PID: 11349 Comm: kworker/u9:4 Not tainted 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) 
[ 1383.142589][T11349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1383.152680][T11349] Workqueue: hci3 hci_conn_timeout
[ 1383.157840][T11349] RIP: 0010:__list_del_entry_valid_or_report+0x10e/0x190
[ 1383.164907][T11349] Code: 40 bd e1 8b 48 89 de e8 30 fa 66 fc 90 0f 0b 4c 89 e7 e8 65 82 40 fd 48 c7 c7 a0 bd e1 8b 48 89 de 4c 89 e2 e8 13 fa 66 fc 90 <0f> 0b 4c 89 e7 e8 48 82 40 fd 48 c7 c7 00 be e1 8b 48 89 de 4c 89
[ 1383.184550][T11349] RSP: 0018:ffffc90003237980 EFLAGS: 00010246
[ 1383.190734][T11349] RAX: 000000000000004e RBX: ffff8880301fe280 RCX: 73918a4d01080b00
[ 1383.198740][T11349] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 1383.206744][T11349] RBP: ffffffff8a6eb970 R08: 0000000000000003 R09: 0000000000000004
[ 1383.214764][T11349] R10: dffffc0000000000 R11: fffffbfff1bfaa04 R12: dead000000000100
[ 1383.222764][T11349] R13: dffffc0000000000 R14: dead000000000100 R15: dead000000000122
[ 1383.230887][T11349] FS:  0000000000000000(0000) GS:ffff888125d85000(0000) knlGS:0000000000000000
[ 1383.239866][T11349] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1383.246478][T11349] CR2: 0000200000001000 CR3: 000000007b468000 CR4: 00000000003526f0
[ 1383.254566][T11349] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1383.262593][T11349] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1383.270588][T11349] Call Trace:
[ 1383.273889][T11349]  <TASK>
[ 1383.276852][T11349]  hci_cmd_sync_dequeue_once+0x24a/0x370
[ 1383.282531][T11349]  hci_cancel_connect_sync+0xc8/0x120
[ 1383.287936][T11349]  hci_abort_conn+0x191/0x330
[ 1383.292642][T11349]  ? process_scheduled_works+0x9ef/0x17b0
[ 1383.298398][T11349]  process_scheduled_works+0xade/0x17b0
[ 1383.303987][T11349]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1383.310006][T11349]  worker_thread+0x8a0/0xda0
[ 1383.314643][T11349]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1383.320982][T11349]  ? __kthread_parkme+0x7b/0x200
[ 1383.325929][T11349]  kthread+0x70e/0x8a0
[ 1383.330000][T11349]  ? __pfx_worker_thread+0x10/0x10
[ 1383.335121][T11349]  ? __pfx_kthread+0x10/0x10
[ 1383.339733][T11349]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1383.344935][T11349]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1383.350136][T11349]  ? __pfx_kthread+0x10/0x10
[ 1383.354810][T11349]  ret_from_fork+0x3fc/0x770
[ 1383.359405][T11349]  ? __pfx_ret_from_fork+0x10/0x10
[ 1383.364650][T11349]  ? __switch_to_asm+0x39/0x70
[ 1383.369563][T11349]  ? __switch_to_asm+0x33/0x70
[ 1383.374340][T11349]  ? __pfx_kthread+0x10/0x10
[ 1383.378962][T11349]  ret_from_fork_asm+0x1a/0x30
[ 1383.383751][T11349]  </TASK>
[ 1383.386793][T11349] Modules linked in:
[ 1383.391535][T11349] ---[ end trace 0000000000000000 ]---
[ 1384.140963][T11349] RIP: 0010:__list_del_entry_valid_or_report+0x10e/0x190
[ 1384.148214][T11349] Code: 40 bd e1 8b 48 89 de e8 30 fa 66 fc 90 0f 0b 4c 89 e7 e8 65 82 40 fd 48 c7 c7 a0 bd e1 8b 48 89 de 4c 89 e2 e8 13 fa 66 fc 90 <0f> 0b 4c 89 e7 e8 48 82 40 fd 48 c7 c7 00 be e1 8b 48 89 de 4c 89
[ 1384.167963][T11349] RSP: 0018:ffffc90003237980 EFLAGS: 00010246
[ 1384.174155][T11349] RAX: 000000000000004e RBX: ffff8880301fe280 RCX: 73918a4d01080b00
[ 1384.182213][T11349] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 1384.190266][T11349] RBP: ffffffff8a6eb970 R08: 0000000000000003 R09: 0000000000000004
[ 1384.198307][T11349] R10: dffffc0000000000 R11: fffffbfff1bfaa04 R12: dead000000000100
[ 1384.206449][T11349] R13: dffffc0000000000 R14: dead000000000100 R15: dead000000000122
[ 1384.214664][T11349] FS:  0000000000000000(0000) GS:ffff888125d85000(0000) knlGS:0000000000000000
[ 1384.223745][T11349] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1384.230516][T11349] CR2: 0000200000001000 CR3: 000000007b468000 CR4: 00000000003526f0
[ 1384.238723][T11349] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1384.247756][T11349] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1384.255814][T11349] Kernel panic - not syncing: Fatal exception
[ 1384.262152][T11349] Kernel Offset: disabled
[ 1384.266477][T11349] Rebooting in 86400 seconds..