last executing test programs:

22m3.474636849s ago: executing program 0 (id=71):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0xffffff50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x1000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
close(r4)
r5 = socket$phonet_pipe(0x23, 0x5, 0x2)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000280)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_JOIN_OCB(r4, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0xc}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x28, r6, 0x400, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x6, 0x40}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x5}, 0x3400c000)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r9}, &(0x7f0000000800), 0x0}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r10 = openat$cgroup_freezer_state(r8, &(0x7f00000002c0), 0x2, 0x0)
openat$cgroup_procs(r8, 0x0, 0x2, 0x0)
write$cgroup_freezer_state(r10, 0x0, 0x0)

22m1.20670546s ago: executing program 0 (id=75):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
io_uring_setup(0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000140), 0x10001, 0x2)
r5 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000480), 0x410000, 0x0)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000500)={0x2, &(0x7f00000004c0)=[{}, {<r6=>0x0}]})
ioctl$DRM_IOCTL_LOCK(r5, 0x4008642a, &(0x7f0000000540)={r6, 0x23})
r7 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000000)='user\x00', &(0x7f00000002c0)='\\(B\xe31\xdf\x91\xc6\xd2\xd8\x94L\x99\x15\x86\xae\xf8\xcf!\f\xb1\x9d\x80\v\xab\xdeo\xf6l\x82\t\xde?\xa6\x9e|\xcb6\xd0\x04\xdd\x9b\x06\xb4\x19CB\xad\xa0\xc9\xf8\xd8kq\x92<\x18\x7f\x80/oX\fj\xa6\xd6\xd5\xb4', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000180)='user\x00', &(0x7f0000000040), 0x0)
sendto$llc(0xffffffffffffffff, &(0x7f0000000300)="8d", 0x1, 0x0, &(0x7f0000000380)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x10)
r8 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r9=>0x0}, &(0x7f0000000180)=0xc)
sendmsg$nl_generic(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x1e, 0x305, 0x0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @typed={0x8, 0x9, 0x0, 0x0, @uid=r9}]}, 0x24}}, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000040)=0xb7, 0x4)
bind$inet(r0, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000071123a000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendto$inet(r0, &(0x7f0000000100)="f4188a9876a9431deeb98e3edfaafa03a11300e3aebb4102000000000034c5d2af03a5f261a35c07d07d371a4402394549d78c3f511bb4793daf4b4e28410e598769487fb27044ece0b4e738bcc7e1ce3aa7a3df2572a082809f406467bc0f0b47872a2ecc399861b90da1ffcfb35a8f5579b72e3cde817a2a78ff205c6fee57f9177bbeeb2f3d121b9c508660c2d90b0dc3f2412b62e7d99a7dfa6960b663bb8e14764efb33f9465c242b84b75a436ef9af2492b19a15bb9108656d828553e1719de91aa29cb5bf187a0162d50e234b6207725486c9e828d756ff9b6d4f5c4960469dd3a48b4e525f0cbf7158f95d603a37c272f874ee3b5c6e56", 0xfffffffffffffdb0, 0x4040004, 0x0, 0xfffffffb)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

21m59.598924031s ago: executing program 0 (id=77):
r0 = socket$igmp6(0xa, 0x3, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = dup3(r4, r5, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000001f00)=""/4106, 0xfffffffffffffccb, 0x0, 0x0}, &(0x7f0000000080)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000001400)=""/200, 0xfffffffffffffecd, 0x0, 0x0}, &(0x7f0000001380)=0x40)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
socket$nl_generic(0x10, 0x3, 0x10)

21m55.149762417s ago: executing program 0 (id=83):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000), &(0x7f0000000040)=0x4)
mkdir(&(0x7f00000009c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
open_tree(0xffffffffffffff9c, 0x0, 0x41800)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000004, &(0x7f0000000a00)={[{@uuid_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
alarm(0x10010000000001)
alarm(0x8)
setxattr$incfs_metadata(&(0x7f0000000180)='./bus\x00', &(0x7f0000000240), &(0x7f0000000a40)="c2a9d6844747fa8889c0652b68bbea5d15ad2fe7db9e351f86bd5ba06c548a2dfa4ec50909de36c7604b23a6e5d10f50a334437b9f8f958e4d78dcd7f981570c961fb4060e4ab4b4025d7443d4a09ed4dc4900227fc6800f9f8fc836480b4ab731bf5be72fac469ad3de14b8761d2c972152d7ffcb99a3856e6eed751051fc0be38ce2c7f8dd5a3a5174ed33d86a6c76f30c724d066a8dc14e9c32a1ca79a9a7a3d6c29de851b136df82cf8ff2aa6e5a189fc38bf9f82c2ab00108eb3c2870fe6803eb53135358f09bf00cfb3e4d155c5eb837e97101a3a7cc4c99ce04b2b20b202cc382967a434d753f76a317d018ea7365b7228f0127d8578f807f0f0d737c617a40df1e83347ee1c19df88684d3342ea2cfaf31fe35d70179398f1f9948554f9e80ebf9930118c40c14b5e5879908f6e6f02073a17c54a313f484a9f55a71859137b3feff4f33ff79067c0b9bd6de86529fe8df7e34f5b3be22e42a6ada42c73acf294409f8111fbe0036683908ffde9dbec72bd5a174f5a0d6d8813e9773e55702b414dec88454f815c60da72a69d63672e61f383002fd4db493b300f7729b0cd1b466b02702ca4a2c4ccfbe3e413a08a66fcc1db28c1e2b804f53a5a70461bacad68e5b319afe511694878fc941e4db84474c1d1c2c0082518e3048e950a1c5ad777c3da654d80da1177b273e9ce2e4067c3c6564449823e590517bd54111cdebc05003df9b3b601b73da07291d5034514be446376d7cf17ca61c972bb434de365f9ed34dbf32c2b019320139379747dbd7532df7f4547f639c2cdb708bb01134e19da1b17507295e96aac26e196015a5e0d18dd52dad38e66109c9df98875dd7e730d907bdb519e98a9f14c7f0eff622aac779287fcf7b5f6d8bf266034ea4a7c7a6619c01c01947bba9918e3ba829d3a144a96d15fc31d00f4764b3c0888a3d8030d4ed335f7290893352d4d3bc9c2e517ae6bfc6929381755719756f0196efd51b13b7856a33e4f66c803dc85638ba956f32e09f09ecc726e5839baccdc6a27d24a6576da0edb629f99cbfdc5c1312b3e209fff4f10baf6c9025cee172a482eeceed9c44c668b3d83bbfd5ede0d458e5b87d2d8f9d444c579b4a0592213c88649e3c37d25d88edbaf432f38a6c6bc7a761417a190bcc90b4cce50c5a645bc97151967b6c33ca237a6c44c6e3f06733c3e3c47a090487a86ea31d3ed093a1f5c464060bb7ee4a316ce6dcfe0d3b570c08e565b10837efa80924e86a178f70e21b3ec891ed8be43044f424fb5ce93ec51a6923b63f14b49df0b1030213ccdfdcd1a194dd6c8f03addbab1d433a1328731cfe64c9a0f18156bbf30e949b0e8bc5725a73f8df8493c9e9ae6019540dc05e1aaabc88ad25410b663404f3222058edcf7437b634981fb2d5cd0fed72e240acc2b655a854bb54806a29f10f5ae92ec77864090cc93f1d577f2acf6608ea18134e0b807abb7047b7067ee2c337a8abaae740ea182be1b4d8d4e7648bea6da583d481bb693855ae171e03dd82944f1ae344e407955327ade40cdb0a81ef3e6ad706d7b5db1490195b74f54286d7b0dc2784c6c360b56a20fa8375cd3b8f05e5edd90b9b7387a96af04e04129032ec71b7aadb3225e4cae709db0b5d1f015f6a47354935bde66def805d2065b0ab6e1d1f62bc1b98bd68734b48b3201d632971c0ae5e77c18ba57565b6a58ab6ca97ea0fa4f605227fb9db0bf6d0bbff849230368dec82f3c85ae30054dc146368f9b488047c47be48c66cfdb4f7c33f9b4cf3fa3179e14db365682efa3981d075fd20c0dd96a38808c64bdeb4bcfec4cbf6187f425f24cf9e5cc092af99a03e679ed9ee2f62c305e5ee543d2486bbab1a7063411a1920892117a9dabd58821159b01023a87bd82909260bd811bac2badfa862cec54de3fc875ed7197531aaecf494c058a5f474faa27d43f29633cb3067ab09c1e001f452fdfab77796cd7b5f5ccc8d498c16426dd0109625e580f79cfd9eb41818eb564b31b05a9bd6c118b8845d29dc98ccc5a2f1b19069eca1e648a013a2e1022736249d4511e2ef65f1f1b0051f3624b56a2eafd5d7e24b93a398f122a4f3f409a70e596f62e42fde3ad28ef4744c74567e707eac8b28f579d7714ca6becef1273386d3fd635daeb8fad70b7a28c49cc5574edcb71344d9177dbbe49d703cbf42604479891d07d1c35199d356bb8ad9b55803543226aa410fb3f54b28fcf499ebea702b26f9ba72287adecc735d32b552d0552240ca7ea8cd45f4f3995dd3d9fd232de45ea7760102c91ca30e70db33ce5aad3ca5b656444497b3d60ca80f64266e2f6ae9344a7079f703d81256f101ca1a1f34b1d28b5efb5965cd024f61cb477f7bc27f27b428c2038cec1881f8fc2081a973de946777e14307f6ee352fb44ea7da330a0d055f2f27bdf97c3b26a8c687ec8fbd3f9457bca181f696f2f941c028f1d71ac625e65d23d68562d94fcf272e8bd841793eef8dfe3c31f83baa96aa1364de6e2ce8485a2983df6ac6218a0dbff1ef4649ab10cfd55e017d3ad7231387e2f3521ccae964ce4853cfad1432c564dffe549514d78cc2d52c048d48775ca8205e38337b8755721bee00b00170e0a933369823aeb23567152abf6e8fac969f84bb8a6fc4b82a9ebbf1135a3a6a7d852cf4303c5b33ffc79512bc8eb23b579ef90afd3865f0e582ff52b0fbd771282b531dbe2659d12c2511733c54700a22543b37de8c90e3e00cb216dd26f7dca47189a1ce57396fea7de2354fe74646e01d09084af8099822cd379cb747db232848495777fca3392b5f8e69033e1b289c1885e64635d661d31bfe4d84e07e0f832ef9026d40aba5defa2174397bf23b26735f3b33dd4fff074582995bd5d4765c4d04166fd7198a2fa3ca96814cc948c1325d360028381102c0866320b35f8c8d4237b8ca34685d8dfdc06af8c2a21ed9d3be4f6039c5f3115f51c9a150019ef5cd27ccea6028f55ec6bfc1adcea128a4677c319af5d267ad0d739053840a5503e57c3bcfce49dc35e682586250197ccac1ffb511370e1f84999aecce476867935bf22b30a77975a3dbce274fa494c25b995779177999814c0bf184d06f0ac2db77767c015c355e29d4004c73b0fff400d256e74845593b380721f0a52a1a14a08d59aebfa03c4d2fd5a44444c6ab019157b2338cc16d1d302e37a1bff43fe642bc4d37b9d193d2bb38e8019ce6abc68ffff1792a22696ea86be63af5317812bcd0e63ed09a5430420f3c71ce8a89221e36800f23743748b1ed9d47d2a8f48fd0adc11b769480f4b383b61d5619f41fb57f19517fef1bc681638222434792c94d65abffc89f2952f14e9049054be7acb259ab95f9d2a9821fe1a62a88cf59afe89556c37a4606a13d0b0ef0cb2ba71edce5d8ce5899b8adaa7d3a51067782dfe1aabf544a260f9ae25ac69e7917bec510b3b92a5eac2fcee8becaced75015756c8ed0ef9cc62bcee96135b1f3601ba1625f3201ebc6155ffce4c614a6ad1a7c7a2dc68724a4785903ce19dd7f576571b2999757e6259022d02f28543f1b37d42de575715ae5939a4242a174f630ff613a7ef42bc449b574de6e4ec62794c3503819a0bfd0639154ec8ba035213b785830c6d83036d93277fe7aabf3b8aaaeb16b688ef70cc6ad62a74056a085eed091a8569307504cf6530fb1d03afdd429784eaf8187922b95f9c1a3d7bc9e3582b83daca1dedc179f319874e7eb1fd9c244f9b6701b6d135cd826e978277652181ae145cb57ecb2580961c36e2ea32ab73560139ea303c1f745ab6ae83214a8955cb2a0f9208d0f1920f9332368ef7bb6b3923780a38b87a28d95a880779d7979b9dce9c06ae56e2dd8db5cf28936fdb51f86de9b01cf35a24b467f3d2865c02ae53e79e2d8be32c4fdf39dbae824e7bff9cca5c5c8ff609a34fd9f5677f9d4dd936d845e8cebf366dfa534c772e300f2dad9b1fbf688f9a8df49dfbac2772689c4228e00e9052a9eca5b0d7c46603b4f19e68a7497d17327624da2beefba64ab40091e9b1ab979e4de90dfe21695c5d4134df68d4cd9e41eb18cf8b26d21a99bb9773f28abaafb993e65a8ddccee16483f8824ea71793148e240d5e5b676a8fce17b7ac5938fa45c0ec5c3314ad06be1e9c7a26141ec6ca60b8c17e1c447974a6db479651d931f8779a82e8d2b79a772e2c25e9fc2bfb7620b6e8a7d29b4d727680d3ecd7976340ac16f3bd20847f728614e33ac3ab1ec106be4e94cbdb4de1b91045fadf39b87e24cc980d1439fe7a00c8ffece2dfecdcca657ba3c33ffe2acd0ac86d024752e2e83f2c86e2ec80e494a223d74fb5216c24f41dbe5bad2fea1543a0bb2e7bc9d59a4c30ff4616f92a303f1e915258e7e84a29875ebfb9dc6ad02b27de15bbc6295f89175f7fe0bf238d8257e8ff5ff4d1426213153d84694260f91422152968f58fd1fdbbfd902e4f9d3d218fef90e3b4f86c905ddfe07666e79056154214baba9465cecc89e61255a67490972d15a3d07044f1c63b638a0fc8a3f5ba9b18ee3c0b6bd5d52de997110991c3601f7482919481d7fea2b61fc5faf8f633d7cda5fe8fb8056769c02761b211e7d593a8cd30d30aae863495b5f1209a7198b98ec09f5712f5318efe86c137ba5a302b1b493cd8eb7b1b2e5eb354452ac891e5c3d17eec6d97b222caeb5963e082c2a5cac17bbc42b723f0ca741c72633e2a8596a80ef9dab34651cb7871e2833d50d821c5ee8a024013859229a77e27dd3c1d457527b773f525d0fe25dbf7aa87846e0bb57969397e7edf0d2e885a55d840a7ae9662cb95ae8a337d8396f00c18c38aa4c3e6ea1ddda9d36008ba81c62d3010424ad06aa94464b3e3a577f55037af92694720df6e91adc82020c656385e4242b4b3e1b97e33133f87b0db34a80cca88395ac954daf70cb7487352a87d844e1abf2e2677ef0fa4cd841aa3be8d37ad4b6ae224129d0650ded45fe57969ce411e9dfe8e2d2f3db3233b43c48d9ab085b7705931581891017608733d9c7f50ac096d03c0c75bc45dd2c8d5d1806b14c4cde139f235d5156a5d603d61ea37dd5a6a190b6d82bfffd7b8703cfa21559e01c59467aebd387f8f119fad3192287e1c9a90afeabb120f544d741c2a607e04b00bfa224f8d3317c865df28e2d6c00799dbb0feada885b0615b5ff1b33a7e2d1805d91abb66e9540a375367a8ea90c7373f548a6e332b1d13b0dc8a48f990577f88f82a84f9e207f41e904e75a32d2e5d5b6882a6b9e6be018e7743ae58be114da24795f653cc93709798da21d458ca21f3e12eeaab5286e4acd588008fc9fd73ef0e742683184cef9543eb023414a289c206257689d1698046e129f66a1a00eb56b26e6ec31ef57926bd4b0c6873555bae95ac649d3dfdbeeb1d197ccf5fdf70208bfe98529f5a6703e28ed0da869efc9263dfc9aa3b4c8f2a74d1ef83c21d61032749de683136246d6e615d94a2fe47809633beb1b26a0e8da850d4fbfc68a927e3cd78d6263d3db300d85155290fea83dd790ebd14f53a8341288cd35992bd549d2caae05fb9b12bdf6c641668a8b2beade804962a2fa5d5bfd54a2c17f19f68f5431460733e92a5da740870c6dc64b4fe2fd1f8ff17d8e2447c46103aa19c6910d1fbe028658d1ebd0fae0430fec8fc38aa619c0256c6ee2b3fca2ded1c54c6b7c8090878fc6a44b58009d6acfa1db629eededfc77d00d34acbe0526bb434e31936f4e51b8f21b067b7802eb85c43a01aa427ed06222500e", 0x1000, 0x6)
socket$inet6(0xa, 0x2, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000040))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000880)={'syz_tun\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280))
getsockopt$TIPC_SOCK_RECVQ_DEPTH(r4, 0x10f, 0x84, &(0x7f00000001c0), &(0x7f0000000340)=0x4)
chdir(&(0x7f0000000300)='./bus\x00')
rmdir(0x0)

21m53.926943485s ago: executing program 0 (id=85):
socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080), 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0xfffffffffffffffc}, 0x0)
prlimit64(0x0, 0xb, &(0x7f0000000140), 0x0)
r0 = gettid()
rt_sigqueueinfo(r0, 0x21, &(0x7f0000001500))
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000000c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0)
r4 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
ftruncate(r4, 0xffff)
fcntl$addseals(r4, 0x409, 0x7)
r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
r6 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x2000})
ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f0000000040)=0x2)
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$DMA_BUF_IOCTL_SYNC(r7, 0x40086200, &(0x7f0000000000)=0x5)
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0x0)
io_setup(0xff, &(0x7f0000000380))
socket$nl_netfilter(0x10, 0x3, 0xc)

21m49.013162965s ago: executing program 0 (id=92):
r0 = socket(0x80000000000000a, 0x2, 0x0)
landlock_create_ruleset(&(0x7f0000000180)={0x808, 0x6, 0x1}, 0x18, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, 0x0, 0x0)
r1 = creat(&(0x7f0000000280)='./file0\x00', 0x0)
close(r1)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000006980)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x410000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cpuinfo\x00', 0x0, 0x0)
pread64(r4, &(0x7f0000000380)=""/85, 0x55, 0x81ffffffffffffc)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x4)
socket$pppoe(0x18, 0x1, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r5, 0x84, 0x6c, &(0x7f0000001f40)={0x0, 0x1b, "4beedb4813d3d7e78d2d190dc67418c0b489b1f6c6375dd6037e64"}, 0x0)
socket$inet6(0xa, 0x3, 0x7)
socket$inet_udp(0x2, 0x2, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000600))
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000200)={'netdevsim0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x7}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_RATE={0x6, 0x5, {0x0, 0x4}}]}, 0x38}}, 0x0)
write$cgroup_int(r1, &(0x7f0000000100)=0x5, 0x12)

21m33.320924301s ago: executing program 32 (id=92):
r0 = socket(0x80000000000000a, 0x2, 0x0)
landlock_create_ruleset(&(0x7f0000000180)={0x808, 0x6, 0x1}, 0x18, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, 0x0, 0x0)
r1 = creat(&(0x7f0000000280)='./file0\x00', 0x0)
close(r1)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000006980)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x410000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cpuinfo\x00', 0x0, 0x0)
pread64(r4, &(0x7f0000000380)=""/85, 0x55, 0x81ffffffffffffc)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x4)
socket$pppoe(0x18, 0x1, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r5, 0x84, 0x6c, &(0x7f0000001f40)={0x0, 0x1b, "4beedb4813d3d7e78d2d190dc67418c0b489b1f6c6375dd6037e64"}, 0x0)
socket$inet6(0xa, 0x3, 0x7)
socket$inet_udp(0x2, 0x2, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000600))
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000200)={'netdevsim0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x7}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_RATE={0x6, 0x5, {0x0, 0x4}}]}, 0x38}}, 0x0)
write$cgroup_int(r1, &(0x7f0000000100)=0x5, 0x12)

7m28.49489952s ago: executing program 4 (id=2868):
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f0000000500)=""/69, 0x0})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x1, 0x0, 0x0, {{0x10, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @empty, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x4, 0x47}, @noop, @noop, @lsrr={0x83, 0x7, 0x0, [@private]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

7m26.557025284s ago: executing program 4 (id=2873):
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
syz_pidfd_open(0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3587], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = userfaultfd(0x1)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000040))
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x3)
socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$inet_sctp_SCTP_STATUS(r5, 0x84, 0xe, &(0x7f0000000280)={0x0, 0x200, 0xfff, 0x9, 0x9, 0x8, 0x7, 0x1000, {0x0, @in6={{0xa, 0x4e24, 0xfffffff1, @local, 0xe936}}, 0x9, 0x81, 0x300, 0x0, 0x6}}, &(0x7f0000000340)=0xb0)
r6 = creat(&(0x7f0000000240)='./bus\x00', 0x20)
setsockopt$inet_tcp_int(r6, 0x6, 0x8, &(0x7f00000001c0)=0x3, 0x4)
r7 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r7, 0x0, 0x0, 0x1000f4)
fallocate(r6, 0x3, 0x0, 0x1a00)

7m24.974071461s ago: executing program 4 (id=2877):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r1=>0x0})
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000000)=0x6, 0x4)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket(0x1d, 0x2, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[], 0x60}}, 0x0)
ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r0, 0x3b87, &(0x7f0000000140)={0x18, 0x1, 0x0, 0x0, r1, 0x1})

7m23.279673236s ago: executing program 4 (id=2881):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f0000000300), 0x100040000, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0x0, 0x6}, 0xc)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, 0x0, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
writev(r2, 0x0, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000004980)=@newsa={0x138, 0x11, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@local, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x0, 0x6c}, @in=@empty, {0x0, 0x0, 0x0, 0xfffffff7ffffffff}, {0x0, 0x4}, {}, 0x0, 0x0, 0x2, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x4004050}, 0x0)

7m21.066769529s ago: executing program 4 (id=2886):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}, 0x1, 0x0, 0x0, 0xc0}, 0x8000)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000040)={0x38, r3, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}]}, 0x38}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)={0x44, r6, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r7}, @val={0xc}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x44}}, 0x0)

7m19.551650332s ago: executing program 4 (id=2888):
syz_open_procfs(0x0, 0x0)
r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0)
fchown(r0, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xfffffffffffffffe}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_DELFLOWTABLE={0x14, 0x18, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x18)
mknod(&(0x7f00000000c0)='./file0\x00', 0x8001420, 0x0)
mount$afs(&(0x7f0000000040)=@cell={0x23, 'syz1:', 'syz0', '.backup'}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x300, 0x0)

7m3.546935396s ago: executing program 33 (id=2888):
syz_open_procfs(0x0, 0x0)
r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0)
fchown(r0, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xfffffffffffffffe}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_DELFLOWTABLE={0x14, 0x18, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x18)
mknod(&(0x7f00000000c0)='./file0\x00', 0x8001420, 0x0)
mount$afs(&(0x7f0000000040)=@cell={0x23, 'syz1:', 'syz0', '.backup'}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x300, 0x0)

4m10.148890138s ago: executing program 6 (id=3236):
socket$nl_route(0x10, 0x3, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/tty/drivers\x00', 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
socket$inet6(0xa, 0x6, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000012c0)={0x8, 0x805}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_DSP_GETIPTR(r3, 0x800c5011, &(0x7f0000000040))
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, &(0x7f0000000300)=ANY=[@ANYRES32=r3], 0x110)

4m9.068644838s ago: executing program 6 (id=3239):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
io_uring_setup(0x0, 0x0)
r5 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
sendto$llc(r5, 0x0, 0x0, 0x0, &(0x7f0000000380)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000040)=0xb7, 0x4)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f511, 0x0)
bind$inet(r0, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @empty}, 0x10)
sendto$inet(r0, &(0x7f0000000100)="f4188a9876a9431deeb98e3edfaafa03a11300e3aebb4102000000000034c5d2af03a5f261a35c07d07d371a4402394549d78c3f511bb4793daf4b4e28410e598769487fb27044ece0b4e738bcc7e1ce3aa7a3df2572a082809f406467bc0f0b47872a2ecc399861b90da1ffcfb35a8f5579b72e3cde817a2a78ff205c6fee57f9177bbeeb2f3d121b9c508660c2d90b0dc3f2412b62e7d99a7dfa6960b663bb8e14764efb33f9465c242b84b75a436ef9af2492b19a15bb9108656d828553e1719de91aa29cb5bf187a0162d50e234b6207725486c9e828d756ff9b6d4f5c4960469dd3a48b4e525f0cbf7158f95d603a37c272f874ee3b5c6e56", 0xfffffffffffffdb0, 0x4040004, 0x0, 0xfffffffb)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

4m6.06749743s ago: executing program 6 (id=3241):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x0, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0x0, 0x800}, 0x9c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x1, 0x0, 0x0, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
r4 = socket$l2tp(0x2, 0x2, 0x73)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
sendto$l2tp(r4, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
close(r4)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x1a)

4m3.505173259s ago: executing program 6 (id=3246):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={0x0}}, 0x0)
r3 = epoll_create1(0x0)
close(r3)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000240))
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r4 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)={[{@dyn}]})
open(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0)

4m1.258133828s ago: executing program 6 (id=3249):
syz_open_dev$dri(0x0, 0x1ff, 0x0)
fanotify_mark(0xffffffffffffffff, 0x4, 0x48000052, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = fanotify_init(0x4, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0xff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r6, &(0x7f0000000180), 0x40041)
fanotify_mark(r1, 0x101, 0x20, r2, 0x0)
fanotify_mark(r1, 0x102, 0x28, r0, 0x0)

3m59.162852323s ago: executing program 6 (id=3253):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$netlink(0x10, 0x3, 0x0)
unshare(0x24020400)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
prlimit64(0x0, 0x7, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
close(r3)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000004340)={0x0, 0x0, 0x0}, 0x48800)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x3, &(0x7f0000000200)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$bt_hci(r0, 0x0, 0x2e)

3m52.282540156s ago: executing program 3 (id=3264):
r0 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe050000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet(0x2, 0x3, 0x5)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @rand_addr=0x3}}}})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
open(&(0x7f0000000280)='./file1\x00', 0x4c4c0, 0x0)
open(&(0x7f0000000000)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000200)=0x200)
truncate(&(0x7f0000000280)='./file1\x00', 0x1)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'syztnl1\x00', 0x0, 0x20, 0x80, 0x1000, 0x1, {{0x5, 0x4, 0x2, 0x2, 0x14, 0x66, 0x0, 0xe9, 0x2f, 0x0, @private, @local}}}})
r7 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x34325842, 0x0, 0x0, [{}, {}, {}, {}, {}, {0x0, 0x1}]}})
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r7, 0x40045612, &(0x7f0000000240)=0x1)
r8 = dup2(r7, r7)
ioctl$vim2m_VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f0000000280)={0x0, 0x1, 0x0, "adbdee06009e4aeabde9eefaff7a78cda902552f08cef4a662dd836c7451f8e5"})
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=@newtaction={0x6c, 0x30, 0x48b, 0x1000, 0x0, {}, [{0x58, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x9, 0xfc000000, 0x7, 0x4, 0xfffffffd}, @multicast1, @empty, 0xffffffff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)

3m50.918064324s ago: executing program 3 (id=3266):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
sendmsg$NL80211_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r1, 0x11, 0x68, 0x0, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x40}, {0x16}]}, 0x10)
r3 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0)
r4 = fsmount(r3, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1}}], 0x1, 0x24008050)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
fchown(r5, 0x0, 0x0)
read$FUSE(r4, 0x0, 0x0)

3m49.706382401s ago: executing program 3 (id=3269):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=ANY=[@ANYBLOB="12000000030603000000000000000000000000000000020073797a3000000000ddfd5f0b7bf7fd4795268a19173c2f6f285eaf879d86722610b2182f0bed7bd8e476ec"], 0x1c}}, 0x5)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0xb, 0x240200)
bind$inet(r4, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_tcp_int(r4, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x3654}]}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000022c0)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000003000000010000000200001302000000010200000000000000000000fdffad090000000010000000002e009dde099021b8144ff271539ae4bd284a7e20a5b7fb4422dd39718c95fc03a98589c035ea0af5ecc64a53b7039eec4503effd871671aab2384da1bdc102b68ff6e3dc3188d08f7fbe862d2cdbfe584beb6eb17a12564a2fc40fd7d5b83194a3"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
connect$inet(r4, &(0x7f0000000300)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10)
r5 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
read$FUSE(r5, &(0x7f0000000140)={0x2020}, 0x2020)
sendmsg$inet(r4, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)
recvmsg(r4, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1}, 0x700)
writev(0xffffffffffffffff, 0x0, 0x0)

3m48.467411341s ago: executing program 3 (id=3272):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000540)={'\x00', 0x7ff, 0x6, 0xc, 0x100000001, 0x59f})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0800000004000000040000000800000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
syz_open_dev$video4linux(0x0, 0x100000000ffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-ssse3\x00'}, 0x58)
r4 = accept$alg(r3, 0x0, 0x0)
sendmsg$alg(r4, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
keyctl$read(0xb, 0x0, 0x0, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000300)={0x9, {{0x2, 0x4e23, @local}}}, 0x88)
mount(0x0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0)
mprotect(&(0x7f0000ff8000/0x8000)=nil, 0x8000, 0x2000001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x40, 0xbe1a346f4315a134, @fd_index=0x2, 0x4, 0x0, 0x0, 0x12, 0x1, {0x1}})
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40005}, 0x10)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000e00)={r2, &(0x7f0000000d00), 0x0}, 0x20)

3m46.559494422s ago: executing program 3 (id=3275):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240))
ioctl$VHOST_SET_VRING_ENDIAN(r3, 0x4008af13, &(0x7f0000000040)={0x1, 0x1})
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000600)=""/73, 0x0})
tgkill(0x0, r0, 0x29)
r4 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xc}}, [@filter_kind_options=@f_basic={{0xa}, {0x10, 0x2, [@TCA_BASIC_EMATCHES={0xc, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8000}}]}]}}]}, 0x40}}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0)

3m44.543512184s ago: executing program 3 (id=3279):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x400}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x90)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f0000000480)={{&(0x7f00000003c0)=""/170, 0xaa}, &(0x7f0000000340), 0x29}, 0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f0000000300), 0xfffffffffffffffe, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
syslog(0x2, 0x0, 0x0)
syslog(0x4, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x48882, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000280)=0x6)
sendfile(r3, r3, 0x0, 0x20000000003f)

3m43.585711738s ago: executing program 34 (id=3253):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$netlink(0x10, 0x3, 0x0)
unshare(0x24020400)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
prlimit64(0x0, 0x7, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
close(r3)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000004340)={0x0, 0x0, 0x0}, 0x48800)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x3, &(0x7f0000000200)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$bt_hci(r0, 0x0, 0x2e)

3m29.400587093s ago: executing program 35 (id=3279):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x400}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x90)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f0000000480)={{&(0x7f00000003c0)=""/170, 0xaa}, &(0x7f0000000340), 0x29}, 0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f0000000300), 0xfffffffffffffffe, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
syslog(0x2, 0x0, 0x0)
syslog(0x4, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x48882, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000280)=0x6)
sendfile(r3, r3, 0x0, 0x20000000003f)

1m23.013443082s ago: executing program 1 (id=3466):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/tty/drivers\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000280), 0x0, 0x59dc, 0x0)
syz_emit_vhci(0x0, 0xd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
sched_setparam(0x0, &(0x7f0000000400))
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000003a80)={0x0, 0x1c, &(0x7f0000003980)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}]}, &(0x7f0000003ac0)=0x10)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x6d, &(0x7f0000000080), &(0x7f00000000c0)=0x3930)
r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_ZEROPAGE(r4, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000576000/0xd000)=nil, 0xd000}})
write$binfmt_aout(r3, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r1], 0xc8)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000180001000000000000000000020000000000000900000000060015000400000014001680100008800c000180"], 0x38}}, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e20, @rand_addr=0x64010101}, 0x2, 0x0, 0x4, 0x3}}, 0x2e)
accept4(0xffffffffffffffff, &(0x7f0000000540)=@nl=@unspec, &(0x7f0000000200)=0x80, 0x800)
mount_setattr(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
r6 = syz_open_dev$loop(&(0x7f0000000180), 0x7, 0x2480)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_aout(r7, &(0x7f0000000100)=ANY=[], 0x1a3)
write$binfmt_misc(r7, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000002c0)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00000014000800000000000000007f"}})
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="040e05000f205a00f88d188eea041b4452c6ea7360368bbcc1e0e9de9d30850edf9772525d75c4653b12aae8dec4c1eae9383dbbc59225326d37c7fc1d1901283ad19b291c77067e62cc43e9c406dea5bfd6dfda0600bdc5fadf45d2c39171592a26904e2d6de41ea609cc8af30e07e51d6f83ce56a33d2cf579b312a6f1552779e114b2c9495cfdd563b93123910efa8d38ddcf87537d21075afdc008019b033c0970454d9ef085fc85ead9cc8bad61ae8dac92469aa3d9178a39d9aebfd172ed8714e5ec8e25fe0e3fb97a3f3e2f5f7716fd8260aa1ac02923381b7d95f56db9a99001b8ce4d88fb8ac2b1502bb644"], 0x8)

1m18.357852641s ago: executing program 1 (id=3472):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
io_uring_setup(0x1558, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x640082, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000480), 0xf2ef, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r5, 0xc01064bd, &(0x7f0000000000)={&(0x7f00000025c0)="80063d025cd08275daaf2bdc7d6021e8767f776bfcfcb48e7ea4c1706e82db7e79689dba59966341a7c5b03ef02f597e039265c9b23c321b7bf9eadcb9bef6ed93442384ab02d3bb296d9284b03fd5c20035cf167da3e6b92deeeab937805de77cbaa83f549195b5c14723de7af48f56019844433d239000ff300ad736de1ea12ecfd45f8534e539ed67d615c69ecf8cf98b34246cdb1a8fb8e001b095b967a819fe10b00d3fac4997daf07c202e14ebec34fd8f399cef7c34a19a13b71f2cd541db79f41a38b88e7ddb1b9984ee4cb39d9939304f70a4a160fcb44964043e61bc380f8c5d35675e6976eeffc013e000ea1c6e3e68faa5a505a81c9bfc78665cfc11e2acc086e60a156b623eac124a3a13dd71cf619a26e0a721953b1137db8e9f57c826c01ec2d155237315ebf553b26204d43c7d800d03d8d64a15b3c6da95e0f1f622b1c5aaa8c0a4d05b7e6524a5b7db71aedc43efdb2b58fa15da24c8d3841e3b1866c89136cbeb47407dfbd71516324223a1bfb2c52ab510b7831c98e06449e307ae2ad7cc48882c40b7f1aa24bcd3ebd8e7fc1225085e0d6ec87effca590862eee549a6a62be737af8734d8614ef608d68969dec14d29d5b39d6f0888753b70745af4bb58a2cde8d3a4f083e55df64e4b3b7c171b4197b0689408231ca3cdda97c821457dce65547e5b9079116a314df678ec9a9129b794aeb44f76083bbeacba87a5fffaba0936507da051b78529197e37de0d392bcf3c0391b2fd64a5ac884a9d9367ff0fe6ac26342b8a8456f760a8d528a5a948080154a18fd32c9363b2ef26fad429140bf41bc8e17cb06266db2c0c956c0a3c9d24be546a29a4abf5ddce7e5eb8ca8b56347876fc0d3e53fb8938151a5710db8d5bb6c35979517eb4ed9cb905015a8bdbf301e7dc9a9b72c9129543e14552c63365e5ffadde3e69e05796dbbbb73c939ae3bdae9d40ff00281fdf92cc02d49416a06e2fe51c541cf7355c671f1ea009710850a72dc60a20ba7eae98ebf5bb88aca51eb1c392b2b53256d38020b5048317ad760664941da8d7f14773e2b1fd5ed016ea37c239930f7be15a352436326c1a34b4ddc93a623d384de5577722339c551cee6faa769292ff1e34b6ef6d8a144668c1f1de659afddfddd7ba4134c7fcc32f112b728c46bd6583bddd3c860e1f3608c2678290be4901a11aeacc9fd9d131a7f1932e3e78c245129cb3f2a081769fdcd1d09ea53d811dc43f69a43e5feb209246b0518aac961c224956d7ecad334fa247ab160bdb5553f06a1dc709da30d5f0a6c7c1727a8c69ecc45bee8a05f7968fe34a23529619db8e33d9ca96e2948db0bde27771c51d3b4185a82402cec0db561d6a07fb33875e1bd71c1ae5495519288b6c3f0d2a5304c12dd86fb83e43b4ec5c105be74f85a00b3dcf9346be63908675f5052fee250ac6d7901a88dce496809e1f1024878918516bc314e6845b41cdd124e651b09eaeaca7da12cfc4018428c1dff38fd489e04a59b0ce0baf21c5affdc915fa0868d876a5f800bf032d50428ba1a583f7780a5cfcaa78ceb0c6b4e5bd11dd8bcb7df5bb29bfe9c65ae308812492e4e5c4a2dcc34a7ac02bcb50b2a26d83ce024be9096761d3d1a44e459747c6713ad5e0a3f6c4f772fc8035b534a344d77f439e3e08421764f1f01ee525f0b8884371d4e06796f85ac7f9c7a31b54e34e74c7fe8bf7a90c9191952139c90527b9efb6c4c1a774569fff35de5b1c911976e35879e775fbd4dc1e747024481b0f6806da7ff4669a050e1ec27e72a99aeb0aee9a502fdc37e6f987cfd959464d341236052f1645ea59a393ef1cf28405af833b65407fbe74b98ae2b4f0f5649175feeaf0726a1c5d4593cfce5870a6a3d98471a64506dfb4cb7965d38ec6ce3bb6625e32a2e05a1fea88aafd1dd4433b7a4eda38937259659221e0aa3acafa68c3864b40c803cada12a1e11d62af00f7f1cf087778c3c0107a3ae84b4012b973934be969002ac7e122a30898a01175a97338fe81924627b4a134f90ba06cbdf60ac7683e8ca0e0222de304cbc24f8d1683e7c7bc3419f30349ebfa486f667fed2582f3b1491b503613b1d0f18042cb10b678449c4ce0e3f1cb2d8bac682dfe643d2f81bfaeccd8df189ce6f8a54514efe3d1da8067e8e12af5f49824ba14018ce40f5d85b32bbd0f11b18f6964660a042fab84fb236a58ca927ea662aff848a26fb77e6fec9f9a9591d36f2b09091df0fdb40b1544762c4a36b54b0e120d5d03b3356cc02ce6121d845ec023361e4c4430bb914c58ada731b0041086e1b454e15a8a7262c1abc3c429a60864067b97cc8da9d8fbde77b072b42571a61fe7d8c1d6e55edd01580e1ac04845976c05c1b73da946f2d1d8a16cda22620bc6f153014a18bcf5f99da2235e1902a9d154527b08e85233bb815b09e216a95eaecbd1b1a968cd8b5e10dd3d7e0a17c5992208ec70f3843f9b5383b109e4561e37188a9181f04e244043a5da63c7aec0629dd1433bbc7220fdb60fef440a8d04deca36cd782743af61cf7ed984bded5fc7d669e5da59d65b11abd5caa1a346b1a32d6c31be1f6249bccbdfae6a92b384bdcb8a61195310f856619a6f72af48e04f52252d58048f8b0aaa1131585478c981bba7490da2cfbdef081ef8160b2e997c7c6c815766c1c0639d9701d543f42d7866b9046596efb2e27f207c4f0b5bf8596a0d0cca779a4a65fbd4f50684f3c916c68bb145478ca4e3e10dd994261bd45e3b41771a9bdce9d32cf78bf4841f80e00a2cce4f25505067520335443fc33c73cbbd150153291a37865c6eabc4340c0eaec2c380b2e0454e1f205777675557d853969c385a5d85696234a554127df630adc1fdca8071e16b67f8460f5cd24e2d2094dc0aa3faffc0ded93cd248d54f536be1bab53fe377c854d2c8c57f065cc646c38f68ce0a207661e2e87c7295c7f36e3d22aa02bbae2a9fbdaadcf53f1bb2bc2fc7919b12bec42e41b30b58a8ed26644108fe3285f774ebd50726f17832de82478c586b2883e8ad182faaa675920086819c2ddb62e52bbb682a7f7ba5a326c00829bbe305dc527c14b250bf376502775a0bc1d68ddfc191450bab519305d673c93fe7b207b88af6ff9138544952f2ab7f7233abe834967b5ea790050a013434ec8758c18812fc2b172cdc4ca3c9b80b974abfd94f0892e7f910941c6a53f4e67098a8df8fe29e5d39e0a0bdfec25d990ad3457e4d2f5d0acf0ec7b71d43e884ae0c1587766a7f0e8a56601206a3a37f9b9cc55cd7b5801ce8bb537ca7841a241d8a2282ca4288a69251d2dc449f7fce333482ed0ea673f913ecccd291ccdf7e00bf13f927fcf2cf7a21718ab6a2b983ff6b8404bb1075d41e85bd985c86b85c31b92f42e2e6c6f3c559c413504008486822e52fc6392ebe77bad2f15718c06cb83fbc8f241eb00a6ad2bc32ff636fb022227ccbdb5c3eeceb8662989f86b727a5b30f51629789d3c39e5f231b14c07dbdd7e2b76ff7c1a8ee169c66edc6ce5f2cd6d9f56c4bd22d7c33eb84328367ee39511d48746a911da866383744fd34c51862c25a24b50467ddff9588e5801a8098b5df348472c4ab36ce06bc915dfd9f11256e2167205b5596c492e737fd4d1552fd3266d8debd8243cf95234f796f60949df0ee770e3cdc8b937f8789b633dde79e3c03c81961a8fd0ab828341df2156a6c8edf727708a79f68fe4ac9c279a17bcb4084da9363ea168a7d43d9e3c24d600a0e7e037cee4e11f1ce93e8aff19916e7f912b9ab3b99bb8ad8cb701686cbd7d1f1f04f3d9b11a6f32d68b84b87fe8f6242773e4fbe6eb546c7fc4eb1209f77b3bd8e8aa08b7fa0f7df0a86c5ebf92fa4e69549d6825fdaea8fd855f997080915420a3a57a4d9d899bd12f9ed4d50fc59b23bda98073a58fbaf912858447017f4352324c6e7a6d0f8256f9d46758fd0d9395039e5464a728850298dbcf4e4bf8068e7ed0f68c33c6f22500e84087d1145d15756fd9bbafd27c99de96b32399cabbfbb78d409d4af1f1c39ed078407ab53763ff70af635ed1fafe9db7e9da375907dcce567769b899dc8b7ea91b7fde8b0eadb0ed082d8b6671f1b8db14628ad9053b6ef5aa1ee41769c84e77c635ee92567e6348498d60a646d761703d40e243969c4544251ceea8e661d6aefe5ba005abeff96c337affd73c6be3498ca88bda25b6973301e388f26d17e9e0735200afcb7789eff75a9055d903b913e211db35fe6c87b0fc947b89ffee0185e42002bef45094469161c94ab8b152bb95a068fb8e9d75a8ba3710c142eaef49809669293c0117f62b3d32d3291c4f5546e1a42e02b9be7c3b80ae8d2ab6c3d4e39b2bba137d7deaeb757dad9d51017dde33454ea3a3da2292b18ede8acfc20515a6b8bbaf3332609f2b13ae757603722cc9d696ead9af4fb71d43583a7946af6fe355954c5023ea912ad6990595914e830c92357d252fc6a25199c494f5719dbc69925e0f62b94acdde5bed699ebfd57ddf7fbda14def47161236a8aecf72c4ae0bcac613d32ddb6ea4ed9a3b79a3a5d0550268e3930779f6ad618fbbd8f81ae394553fe2736fcd71b34c30d6aab626154952a197abbf48d4e869ad4f079eb82d83804ac71a073b7a885d1916a6ef79f2919d11cdf9547df7abd10c1134361b2b7ea68d230272618f958b8d4117c601437811a50224ab20ae253cb0c3d1789e14e9dbf287574716a2293f478aa0165d45743c7feab712f828790f197ebcffe652de08e062615d6aa6383149d79d55464c27160c0de17fa0db0c2aa6056f4a7acb19d76a2bfe7803b45e35d86ac35515fdabdb6c13bb211a76d4f1c8ce067de1d66420ef4ae29509824224065e638c34c156345e59b6f009e818c04da1087f2825e894b72190be9eba64f431973c875c9ed554d2a2d2299545274eca15ba12bf25bed01116a4800f977213e37164b41c8d6e7d6a6b416919ec65caa5f915227c5bf3ebb91ffaf3f8d6358ea084b087dc091fc726e70c6e2c486931338aed55edc592a738f1b76587e8f7731d68047dc2b3b758dc43ca3584551887f8a53af849634417dd1c8c04a27b4e8b15b48ce56abfe01fca5f0f1833ab2da32f258c35fa7d582330d08efdb459e1c3b7cac1688596bbd9878dd80a1791c7098424b6e6d5dcb550520d25d7aade1def43b244c4915c6f47da23da7aa39462eb609f2e9848b11965eed981960c9ff4728f29cf845c251ba2d493151527cb0120bec6207891db7a01d3819c278f250bc735c3a47aabf1fc8f8f90d0e075ac0dbd2ebaedebe73ff47aa122d6cccac01bb0446fb6f8a5cbb7e44d36367b32613146a8d8f30260762fcc8cdd249c36e838433444b8fa905bdba19cf70f420a0b1cde2d7ff77525d7c3e5eafa04e7dcd135f37cad2e932632d80b8adc09315c255a772ee6601f615708e73b4fb387b737a1495e935b610d92c5f5af78dbd4d99ad4ebda1d433512fe402ae6e4664a92cbf846c9d61506289c1a69e12a24fcf5602afdd4ec00dc93f43d48fc89f04999ad1d544a9bfac83a4dfe5a5276b84685d01acea3153ae2d98b3851df316af11cccc3ba6610a57bedbced9950a5fc79ce859f1df14c19b5d72a2e0c1535e07fbb6ffc4af84c2b76c4b8e1761fb5013cf29b5fa1cc950e2f35c5d966bb7e08d4a4c3e1d617e21ff3e9831b508e6c53e143afb1e48e5aed98cf19ec972f2fdb4ffd848537a51c5527c3c6aa7e1643cd2e745fa885e43cc3e12088e092c32db59dfc7ef", 0x1000, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r5, 0xc01064ac, &(0x7f0000000040)={r6, 0x1000, &(0x7f00000015c0)=""/4096})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f0000000340)={&(0x7f00000002c0)=[0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x3, r6, 0x1a9a9a9a8})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r10, @ANYBLOB="24005a80200001801400030000000000000000000008"], 0x40}}, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
sendmsg$802154_raw(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)="711f2abf2d0c383d5264df6f5d89", 0xe}}, 0x0)
recvmmsg(r0, &(0x7f0000002e40), 0x0, 0x142, 0x0)

1m16.239004154s ago: executing program 1 (id=3475):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x40)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000280)={0x10, @tick=0xab, 0xcc, {0x5}, 0x8, 0x0, 0x6})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
iopl(0x3)
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000100)=0x7fc00000)
memfd_create(0x0, 0x2)
ioperm(0x8, 0x8000000000000c0, 0x5e)
msync(&(0x7f0000954000/0x4000)=nil, 0x4000, 0x7)
prlimit64(0x0, 0x1, 0x0, 0x0)
ioctl$VIDIOC_S_AUDIO(r1, 0x40345622, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000540)={<r4=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r4, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4)
sendmmsg$inet(r4, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
recvmsg(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)=""/115, 0x73}], 0x1}, 0x40000000)
sysinfo(&(0x7f00000003c0)=""/67)
r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f00000000c0)=0x1c)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0)

1m10.36309396s ago: executing program 1 (id=3481):
r0 = openat$smackfs_relabel_self(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
mmap(&(0x7f0000bfd000/0x400000)=nil, 0x400000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
r6 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
r7 = dup3(r6, r5, 0x0)
recvmmsg(r7, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r8 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r8, 0xc1205531, 0x0)
write$smackfs_labels_list(r0, &(0x7f0000000440)=ANY=[@ANYBLOB='@.-&#^\')%+ )'], 0x15)
r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='attr/current\x00')
writev(r9, &(0x7f0000000080)=[{&(0x7f00000000c0)='w', 0x1}, {&(0x7f0000000000)="414556acda70efda56f89a89c3a92a27f3c9", 0x12}, {&(0x7f0000000100)="2e044b2c8c0a08815350ce575fab6a6a403476d8a5586589de2e8b8f2ff7883b2b0b57765635beaccb6a1df9771069d79c26d3c5e6db453702b23f63a7e488129e42615ad0ed1cdd2fcadb3d6939c12ebc3b680df87e8adb6551c0630e1064583c782dc945a144ee593c8f0b1c313be567ad12c30f464186edf049ad31c2b660c54f21aebbcaee72ecacf0bef21ee53ff49cb6ed4046832fc6a800183c2f35afba9a6d0c8bca4b78a49e", 0xaa}], 0x3)

1m5.279319811s ago: executing program 1 (id=3487):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x2000000000000376, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x5, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000016c0), 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x800005d, 0x4810)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
openat$nullb(0xffffffffffffff9c, 0x0, 0xc102, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000002c0)=0x7e)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000540)=0x9)
ioctl$TIOCSTI(r3, 0x5412, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000300))
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0x9)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x7e)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
prctl$PR_SET_THP_DISABLE(0x29, 0x0)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
listen(r4, 0x1)

1m2.643716634s ago: executing program 1 (id=3489):
syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', &(0x7f0000000100)=@default_ap_ssid, 0x6, 0x0)
r0 = socket(0x80000000000000a, 0x2, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
socket(0x10, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[], 0x1c}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
accept(r1, 0x0, 0x0)
r7 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}}, 0x108)
prctl$PR_GET_TSC(0x43, &(0x7f0000000040))

47.468919514s ago: executing program 36 (id=3489):
syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', &(0x7f0000000100)=@default_ap_ssid, 0x6, 0x0)
r0 = socket(0x80000000000000a, 0x2, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
socket(0x10, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[], 0x1c}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
accept(r1, 0x0, 0x0)
r7 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}}, 0x108)
prctl$PR_GET_TSC(0x43, &(0x7f0000000040))

38.561478989s ago: executing program 5 (id=3510):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$vim2m(&(0x7f0000000140), 0x10001, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000240)={0x1, @raw_data="a425e2f1a54d24f15852323460608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa194c092730319"})
mkdir(&(0x7f0000000440)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000380)=ANY=[], 0x15)
r7 = dup(r6)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f0000000340)=<r8=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r7, @ANYBLOB, @ANYRESDEC=r8])
removexattr(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)=ANY=[@ANYBLOB='secoD\x00\x00\x00\x00\x00\x00'])
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r9 = syz_open_dev$dri(&(0x7f00000005c0), 0x1f, 0x0)
r10 = syz_open_procfs(0x0, &(0x7f00000001c0)='ns\x00')
r11 = open_tree(r10, &(0x7f0000000100)='.\x00', 0x0)
fchdir(r11)
umount2(&(0x7f0000000280)='./mnt\x00', 0x2)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f0000000140)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, <r12=>0x0], &(0x7f00000000c0)=[0x0, 0x0], &(0x7f0000000100)=[0x0], 0xa, 0x3, 0x2, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR2(r9, 0xc02464bb, &(0x7f0000000180)={0x2, r12, 0x6, 0x9, 0x81, 0x4, 0x0, 0x8001, 0xfffffffa})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r9, 0xc01064c8, &(0x7f00000002c0)={0x1, 0x0, &(0x7f0000000280)=[0x0]})

37.619178602s ago: executing program 5 (id=3512):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000100)='memory.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r0, &(0x7f0000000000)={'some', 0x20, 0x8, 0x20, 0x4}, 0x2f)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xcb65000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x3, 0xcd)
ioctl$SIOCAX25DELUID(r4, 0x89e2, &(0x7f0000000200)={0x3, @bcast={0xa2, 0xa6, 0xa8, 0x2}})
ioctl$SIOCAX25ADDUID(r4, 0x89e1, &(0x7f0000000000)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xee01})
syz_emit_ethernet(0x72, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaa8c40aaaaaaeeb507030c9608004800006400000000002f9078ac1414bbac141414890754e000000186020000000420880b0000000000000800000086dd080088be00000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000d32dd41676472588c1176957a2a063161f232a1d30262ad5081c901b346c2135bd83e05e9413510853"], 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_CPUID2(r7, 0x4008ae90, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000000000001"])
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$SIOCAX25GETINFOOLD(r4, 0x89e9, &(0x7f0000000040))
socket$inet6(0xa, 0x2, 0x0)
syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40)

35.625217736s ago: executing program 5 (id=3515):
shmget$private(0x0, 0x2000, 0x4, &(0x7f0000ffb000/0x2000)=nil)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1000, 0x0)
r3 = semget$private(0x0, 0x6, 0x583)
semop(r3, &(0x7f00000001c0)=[{0x0, 0x8000}], 0x1)
semop(0x0, &(0x7f0000000240)=[{0x0, 0x8001}], 0x1)
semop(0x0, &(0x7f0000000040)=[{0x0, 0xffff}, {0x0, 0x19}], 0x2)
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000000)=[0x40])
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = io_uring_setup(0x1690, &(0x7f0000000080)={0x0, 0x9d1, 0x40, 0x2, 0x1de})
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0}, 0x20)
r5 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
fchdir(r5)
syz_emit_ethernet(0xfc0, &(0x7f0000000080)=ANY=[], 0x0)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
io_setup(0x6, &(0x7f0000005700))
read$FUSE(0xffffffffffffffff, &(0x7f00000002c0)={0x2020}, 0x2020)

32.695334536s ago: executing program 5 (id=3517):
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r0 = shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ff6000/0x2000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x10)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000703ac020580406709169000000010902120001000000000904"], 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
io_setup(0x4, &(0x7f00000014c0)=<r2=>0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000140)={0x24, &(0x7f0000000000)={0x40, 0x1, 0x4, {0x4, 0xf5584a4a203ad372, "13ee"}}, &(0x7f0000000300)=ANY=[@ANYBLOB="0003c4000000c403f8659faa5c946271a84158832489934f07b3d3de30a4c9aa2d1e794c33d3ec86c84c2909c75d1995d67eb4a15f97ae53171d9fbd99402655dc0ee6d84041bfdfeff8ece44d3b2aa5a310d1d9ceb10dff835f06e18af56a87cb28782e79c910cf7fb48f1457a5a0c410dfaa43c2ff0d1bb29fbda5b3f87e16cea7c62538ad05863eea5ab953ef9ec40e4699c70e3f5966c3e098b9ee7bcd39c4620ed4542c7bf752a1ffc2bf9a983c2e17596890cf9f1930b30f452cc0d39dda1ffc2431ad3bac35f6"], &(0x7f0000000040)={0x0, 0x22, 0x2, {[@global=@item_012={0x1, 0x1, 0x1, "9d"}]}}, &(0x7f0000000080)={0x0, 0x21, 0x9, {0x9, 0x21, 0x9, 0x8, 0x1, {0x22, 0x22b}}}}, &(0x7f0000000580)={0x2c, &(0x7f00000001c0)={0x0, 0x0, 0x3c, "d0697bc233439f07df57b2adeff4f2a922d96c19ddd27ea9829e629ad812c3ce723b057b43be39133e1aafe97309aea235a88465fad2747c4a21a271"}, &(0x7f0000000400)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000440)={0x0, 0x8, 0x1, 0x2}, &(0x7f00000005c0)=ANY=[@ANYBLOB="2001a1000000b0fb1578a6197892b456b95fa7c714537b871879d4fe8afdfd08b067188c531f81940eb2ef1d151c432d1b15ac658e6489cfb6c049447729e829e16647b422e15b1bd5a4b57ab12f62de0cae08ea79f369063b2fd3f558d3481f383e8d507c81b7225561c0383e29fc50d036178affdb82a9b141e5cc2ee596a1b98e58f9b9f8a5c68af96295e7f0066d4e2b2cece8fc87b1079b0b3f2278aa172ae2e406614802a8f0ab6a512298dbaca58a19b81544157639d329da32ae49b75bf5d7759da13b64fee82906c45c69b5d4820529c2103ba3b88fab535042ef84942694397872"], &(0x7f0000000540)={0x20, 0x3, 0x1, 0xa}})
r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='mounts\x00')
io_submit(r2, 0x1, &(0x7f0000000180)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}])
umount2(&(0x7f0000000180)='./file0\x00', 0x3)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c710016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa73d897e3896d863081b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbd744e517e65ddab19e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f200004304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188541c300f5c1bf56705ba12d198e897186b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710f7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47cbb0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9ea410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be0a33c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06a6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c6062368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c5bed4b0d73dffb17a88aaad5921aee7dae6a2f3009d9cb434898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a64d903b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e7ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00000000000000000000000000006a728258ca3d846a000e80d5f43109a48ddc54cec5d7f78c80e010ed02ffc0846577cafcd9e0ad83149bfb08ba7b5b431311041deb5e5d65610ad6e8d6ed55e900071b4d37d9fadb17a0407e7251866b63faccfe936980f59ceaa9d6b6863024b482023799a4f30a225b560f320e89ed44130e78f8cf000ac3c743b08d4256f282fc36162ac4b59527a3b67560313914ff6ac4ac43cd0e79d6372da631de3fde6c29de3b43d3046df23019ecadd57f175a2443928b1bcb9be16f54936796c3b928dc07c70771622cef2fafeb239a3ca4"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r4}, 0x10)
futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f0000004000), 0x92020007)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x10)
socket(0x5, 0x6, 0xdffffff9)
syz_open_dev$cec(&(0x7f0000000080), 0xffffffffffffffff, 0x0)
io_setup(0x6, &(0x7f0000001380))
syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
io_submit(0x0, 0x2, &(0x7f0000000240)=[0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x3, 0x9, 0xffffffffffffffff, 0x0, 0x0, 0x8}])

32.495345893s ago: executing program 2 (id=3519):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0}, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x9, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x6b, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r4, &(0x7f00000000c0)=ANY=[], 0xffe)
r6 = socket$kcm(0x29, 0x5, 0x0)
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
pwritev(r7, &(0x7f0000001a40)=[{&(0x7f0000000280)="f697079a161cfb7702311e629acda76933", 0x11}, {&(0x7f0000000340)="527302587e0a4e47ad", 0x9}], 0x2, 0x0, 0x7)
set_mempolicy(0x3, &(0x7f0000000040)=0x9, 0x5)
set_mempolicy(0x2, &(0x7f0000000140)=0xa, 0x4)
sendmsg$rds(r6, &(0x7f0000002940)={0x0, 0x0, &(0x7f0000002800)=[{0x0}], 0x1}, 0x0)
write(r6, 0x0, 0x0)
r8 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r9 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r8)
r10 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0, r9)
add_key$keyring(0x0, 0x0, 0x0, 0x0, r10)

29.57238935s ago: executing program 5 (id=3520):
mount$tmpfs(0x0, 0x0, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0x0])
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x26, 0x0)
fcntl$lock(r0, 0x25, &(0x7f00000000c0)={0x2, 0x0, 0x4004})
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000280), 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095000000000000000d72"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
pipe(0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x6)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x34, &(0x7f00000000c0)=r5, 0x4)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x24, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r6, &(0x7f00000002c0), 0x20000000}, 0x20)
r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r7, 0x40186f40, 0x20000502)
mount(&(0x7f0000000100)=@nullb, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='befs\x00', 0x0, &(0x7f0000000340))

29.312616965s ago: executing program 2 (id=3522):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r4, 0x5607, 0x38)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETMODE(r4, 0x4b3a, 0x0)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, 0x0, 0x0)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r5, &(0x7f0000003b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x16da)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1281, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, @void, @value}, 0x94)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4001, @loopback}, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
membarrier(0x2, 0x0)
sendmsg$NFNL_MSG_ACCT_DEL(r6, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, 0x3, 0x7, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x5}, @NFACCT_FLAGS={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x10008}, 0x4000014)

26.757223572s ago: executing program 2 (id=3524):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x402, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000001200)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32=r5, @ANYRES32=r6, @ANYBLOB='\a\x00'], 0x10)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0)
ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BLKZEROOUT(r7, 0x40101286, 0x0)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/sysvipc/msg\x00', 0x0, 0x0)
fcntl$lock(r8, 0x25, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f00000001c0)=""/61, 0x3d}], 0x1, 0x7a, 0xfffffffe)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000060000000400", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000060000ddff0bce00"/28], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r9}, &(0x7f0000000040), &(0x7f0000000140)=r1}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r9, &(0x7f0000000040)}, 0x20)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r10, &(0x7f0000000100)={0x0, 0x8, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="7800000039000900000000000000000001000000040000000c000180cafc00000547000008000200000009004c0007"], 0x78}}, 0x0)
recvfrom(r0, 0x0, 0x59, 0x0, 0x0, 0x0)

25.020616773s ago: executing program 5 (id=3525):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth1_virt_wifi\x00'})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0003}]})
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
socket$netlink(0x10, 0x3, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000040))
syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0xf000}, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=<r4=>0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r6, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}]}, 0x1c}}, 0x0)
write$nci(r3, &(0x7f0000000040)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x1, {0x1, 0x9, 0xf7, 0x1}}, 0x7)
r7 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001517ee40f00a057a0200010203010902120001000000400904000000ff"], 0x0)
syz_usb_control_io$cdc_ncm(r7, 0x0, &(0x7f0000000440)={0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="00001100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$KDFONTOP_SET(r8, 0x4b72, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, 0x0, 0x40)
syz_usb_connect(0x4, 0x2d, &(0x7f0000000000)=ANY=[@ANYRES16=r8, @ANYRESDEC=0x0], 0x0)

24.173991433s ago: executing program 2 (id=3527):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000005c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61965b7e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7f, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x199, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000], [0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x8000]}, 0x45c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000000)={0xc})
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSBRKP(r5, 0x5425, 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, 0x0)
ioctl$TCSETSW2(r6, 0x5408, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "2cf155f1d8b4d0441f0246e09537aa82dc1ecf"})
ioctl$TIOCGPGRP(r5, 0x5437, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000080)=0x1d3a, 0x4)
bind$inet(r7, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r7, &(0x7f0000000480)={0x2, 0x4e22, @multicast2}, 0x10)
sendmmsg(r7, &(0x7f0000007fc0), 0x800001d, 0x0)

22.783731432s ago: executing program 8 (id=3528):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000000000), 0x0)
syz_open_dev$dri(0x0, 0x1ff, 0x0)
r3 = socket(0x28, 0x3, 0x7218)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_sctp(0xa, 0x1, 0x84)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6)
ioctl$sock_SIOCETHTOOL(r3, 0x89f0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000001cc0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_TOL(r4, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000001d00)={0x68, r5, 0x1, 0x70bd25, 0x0, {{}, {}, {0x4c, 0x18, {0x1ff, @media='ib\x00'}}}}, 0x68}}, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
msync(&(0x7f0000ff7000/0x3000)=nil, 0x3000, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

22.603231287s ago: executing program 2 (id=3529):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x3, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x49, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x3, 0x0, 0x10000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000]}, 0x45c)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[], 0x20}}, 0x0)
sendmsg$kcm(r3, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8100000}, 0x0)
recvmsg$kcm(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r4, 0x0, 0xd1, 0x0, 0x0)
setsockopt$MRT_INIT(r4, 0x0, 0xc8, &(0x7f0000000080), 0x4)
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000040)={0x0, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @dev}, 0x10)
r5 = fsopen(&(0x7f0000000300)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x0)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r3, 0x8008f512, 0x0)
ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r1, 0x5501)
setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000000)=0x7ff, 0x4)
sendmmsg$inet_sctp(r0, &(0x7f0000006c40)=[{&(0x7f0000004200)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000006480)=[{&(0x7f0000004240)}], 0x1}], 0x1, 0x0)
ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000040)={0x5, {0x5, 0x78a84334, 0x0, 0x0, 0x8, 0x1}})
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r7, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
setsockopt$SO_TIMESTAMP(r7, 0x1, 0x40, &(0x7f0000000080)=0x3ff, 0x4)
recvmmsg(r7, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000780)=""/4091, 0xffb}], 0x1}}], 0x1, 0x0, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f0000004800)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000004dc0)=ANY=[@ANYBLOB="2c0000008400000001000000000000000400"/40, @ANYRES32=0x0, @ANYBLOB="14"], 0x40}], 0x1, 0x0)

21.242540284s ago: executing program 8 (id=3530):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffffffffffff99, &(0x7f0000000080)=[{&(0x7f00000000c0)="e03f030026000b05d25a806c8c6f94f90224fc601000010010000000053582fb8f51c18fffd99b8e8bc137153e37", 0x33fe0}], 0x1}, 0x40040)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$802154_dgram(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000540)=ANY=[@ANYBLOB="1500000065ffff0010000008003950323030302e75", @ANYRES16=r1, @ANYRESOCT, @ANYRESHEX=r2], 0x15)
r4 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xfffe)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
umount2(&(0x7f0000000040)='./bus\x00', 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
r5 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_int(r5, 0x107, 0x9, &(0x7f0000000000)=0x1, 0x4)
syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00')

21.20202765s ago: executing program 2 (id=3531):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
sendmmsg(r4, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x200c8004, &(0x7f0000000280)={0xa, 0x4e22, 0x0, @mcast2}, 0x1c)
ioctl$sock_SIOCGPGRP(r3, 0x8904, 0x0)
ptrace$pokeuser(0x6, 0x0, 0x3ff, 0x2000000000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5, 0x3, 0x1}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xcc}}, 0x0)
r6 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r6, 0x0, &(0x7f0000000040))
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r7, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x20, 0x2a, 0x821, 0x0, 0x0, {0x4, 0x0, 0x2c00}, [@nested={0x4, 0xe}, @typed={0x8, 0x18, 0x0, 0x0, @ipv4=@multicast1=0xaac0f00}]}, 0x20}, 0x1, 0x3000000, 0x0, 0x11}, 0x0)

19.130126952s ago: executing program 8 (id=3532):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000003c0)={<r1=>0x0, @loopback, @local}, &(0x7f0000000400)=0xc)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
shutdown(r2, 0x1)
getsockopt$bt_hci(r2, 0x84, 0x1, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000380)={0xc})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000140)={0xc})
ioctl$IOMMU_HWPT_ALLOC$TEST(0xffffffffffffffff, 0x3b89, 0x0)
r7 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r7, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r7, &(0x7f0000000480), 0x2e9, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000540)={{0x2, 0x2}, 0x0, [0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffb9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x2, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x630, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f00000000c0)={'syztnl1\x00', r1, 0x29, 0xf, 0x10, 0x64f4, 0x30, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @loopback, 0x700, 0x10, 0xffffffff, 0x4a3ed078}})
r8 = syz_io_uring_complete(0x0)
recvmsg(r8, &(0x7f0000000380)={&(0x7f0000000000)=@caif, 0x80, &(0x7f0000000300)=[{&(0x7f0000000180)=""/181, 0xb5}, {&(0x7f0000000240)=""/115, 0x73}, {&(0x7f0000000080)=""/29, 0x1d}, {&(0x7f00000002c0)=""/27, 0x1b}], 0x4, &(0x7f0000000340)=""/7, 0x7}, 0x40000100)

17.542587477s ago: executing program 8 (id=3533):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c003d000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
open$dir(&(0x7f00000001c0)='./file0\x00', 0x200000, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x10}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000000000d03000000000000000000000105002000800000000000000000000003000000000200000002"], 0x0, 0x4e, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, 0x0)
r4 = syz_open_dev$usbmon(0x0, 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
r6 = dup3(r4, r5, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x101641)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
setsockopt$bt_BT_SECURITY(r8, 0x112, 0x4, &(0x7f0000000280)={0x1, 0xad}, 0x2)
ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000200))
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r9, 0x0)
ftruncate(r9, 0xc17a)

16.643300612s ago: executing program 8 (id=3534):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = add_key$keyring(&(0x7f0000000340), &(0x7f00000004c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000500)=@keyring={'key_or_keyring:', r3})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000380), 0x4)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000200)=@gcm_256={{0x304}, "00e0f07600", "832b4d2434b35bca8c0b78d2afff6d70d2025c7f53123828322d5af0d5c6c3a5", '`\a-N', "298f0e6df9ae9b3d"}, 0x38)
sendfile(r4, r5, &(0x7f0000000100), 0x100000000010001)
close_range(r1, r4, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0)
sendmmsg$sock(0xffffffffffffffff, &(0x7f000000af80)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000002c0)="86", 0xff03}], 0x1}}], 0xfffffdef, 0x0)

15.415185223s ago: executing program 8 (id=3535):
sched_setaffinity(0xffffffffffffffff, 0x8, &(0x7f0000000000)=0x100000000)
syz_emit_ethernet(0x3e, &(0x7f0000000180)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x2, 0x0}, @remote}, @dest_unreach={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @multicast2, @local}}}}}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a40)={0x28, 0x16, 0xa01, 0x0, 0x0, {0xa}, [@nested={0x14, 0x31, 0x0, 0x1, [@typed={0x8, 0xd2, 0x0, 0x0, @str='-]-\x00'}, @typed={0x8, 0x19, 0x0, 0x0, @uid}]}]}, 0x28}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="1f003300d000000008021100"], 0x3c}}, 0x0)

9.016955313s ago: executing program 37 (id=3525):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth1_virt_wifi\x00'})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0003}]})
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
socket$netlink(0x10, 0x3, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000040))
syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0xf000}, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=<r4=>0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r6, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}]}, 0x1c}}, 0x0)
write$nci(r3, &(0x7f0000000040)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x1, {0x1, 0x9, 0xf7, 0x1}}, 0x7)
r7 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001517ee40f00a057a0200010203010902120001000000400904000000ff"], 0x0)
syz_usb_control_io$cdc_ncm(r7, 0x0, &(0x7f0000000440)={0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="00001100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$KDFONTOP_SET(r8, 0x4b72, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, 0x0, 0x40)
syz_usb_connect(0x4, 0x2d, &(0x7f0000000000)=ANY=[@ANYRES16=r8, @ANYRESDEC=0x0], 0x0)

6.002904301s ago: executing program 38 (id=3531):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
sendmmsg(r4, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x200c8004, &(0x7f0000000280)={0xa, 0x4e22, 0x0, @mcast2}, 0x1c)
ioctl$sock_SIOCGPGRP(r3, 0x8904, 0x0)
ptrace$pokeuser(0x6, 0x0, 0x3ff, 0x2000000000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5, 0x3, 0x1}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xcc}}, 0x0)
r6 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r6, 0x0, &(0x7f0000000040))
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r7, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x20, 0x2a, 0x821, 0x0, 0x0, {0x4, 0x0, 0x2c00}, [@nested={0x4, 0xe}, @typed={0x8, 0x18, 0x0, 0x0, @ipv4=@multicast1=0xaac0f00}]}, 0x20}, 0x1, 0x3000000, 0x0, 0x11}, 0x0)

0s ago: executing program 39 (id=3535):
sched_setaffinity(0xffffffffffffffff, 0x8, &(0x7f0000000000)=0x100000000)
syz_emit_ethernet(0x3e, &(0x7f0000000180)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x2, 0x0}, @remote}, @dest_unreach={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @multicast2, @local}}}}}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a40)={0x28, 0x16, 0xa01, 0x0, 0x0, {0xa}, [@nested={0x14, 0x31, 0x0, 0x1, [@typed={0x8, 0xd2, 0x0, 0x0, @str='-]-\x00'}, @typed={0x8, 0x19, 0x0, 0x0, @uid}]}]}, 0x28}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="1f003300d000000008021100"], 0x3c}}, 0x0)

kernel console output (not intermixed with test programs):

/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input69
[  877.061663][ T5190] bcm5974 4-1:0.0: could not read from device
[  877.129221][T14913] netlink: 5312 bytes leftover after parsing attributes in process `syz.4.2521'.
[  877.138569][T14913] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  877.326467][ T5190] bcm5974 4-1:0.0: could not read from device
[  877.536948][ T5190] bcm5974 4-1:0.0: could not read from device
[  877.695057][ T5190] bcm5974 4-1:0.0: could not read from device
[  877.901302][ T3068] usb 4-1: USB disconnect, device number 37
[  881.554907][ T5832] usb 6-1: new full-speed USB device number 35 using dummy_hcd
[  881.715382][ T5832] usb 6-1: too many endpoints for config 1 interface 0 altsetting 253: 132, using maximum allowed: 30
[  881.727876][ T5832] usb 6-1: config 1 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 132
[  881.749541][ T5832] usb 6-1: config 1 interface 0 has no altsetting 0
[  881.760384][ T5832] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  881.769910][ T5832] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  881.778097][ T5832] usb 6-1: Product: syz
[  881.782578][ T5832] usb 6-1: Manufacturer: syz
[  881.985476][ T5832] usb 6-1: SerialNumber: syz
[  882.114070][ T5838] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  882.264104][ T5838] usb 3-1: Using ep0 maxpacket: 32
[  882.277169][ T5838] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  882.298354][ T5838] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  882.317337][ T5838] usb 3-1: Product: syz
[  882.327389][ T5838] usb 3-1: Manufacturer: syz
[  882.338540][ T5838] usb 3-1: SerialNumber: syz
[  882.356379][ T5838] usb 3-1: config 0 descriptor??
[  882.379504][ T5838] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  882.712552][ T5832] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 35 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  883.168376][T14995] vlan3: entered promiscuous mode
[  883.173724][T14995] xfrm0: entered promiscuous mode
[  883.181556][T14995] vlan3: entered allmulticast mode
[  883.190610][T14995] xfrm0: entered allmulticast mode
[  883.202418][T14995] team0: Device vlan3 is up. Set it down before adding it as a team port
[  883.222721][T14995] xfrm0: left allmulticast mode
[  883.227823][T14995] xfrm0: left promiscuous mode
[  884.314921][ T5832] usb 6-1: USB disconnect, device number 35
[  884.378879][ T5832] usblp0: removed
[  885.210274][ T5838] gspca_ov534_9: reg_r err -71
[  885.434257][ T5838] gspca_ov534_9: Unknown sensor 0000
[  885.434330][ T5838] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22
[  885.457420][ T5838] usb 3-1: USB disconnect, device number 32
[  885.490133][T15038] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2563'.
[  885.515000][T15038] siw: device registration error -23
[  885.763416][T15045] af_packet: tpacket_rcv: packet too big, clamped from 417 to 4294967272. macoff=96
[  887.316243][T15058] lo speed is unknown, defaulting to 1000
[  887.563275][T15058] lo speed is unknown, defaulting to 1000
[  889.162889][T15086] netlink: 5312 bytes leftover after parsing attributes in process `syz.3.2575'.
[  889.172139][T15086] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  889.199768][T15088] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  889.986273][T15112] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2585'.
[  889.998986][T15112] erspan0: left allmulticast mode
[  890.444192][T15112] erspan0: left promiscuous mode
[  890.464183][T15112] bridge0: port 3(erspan0) entered disabled state
[  890.520664][T15112] bridge_slave_1: left allmulticast mode
[  890.538977][T15112] bridge_slave_1: left promiscuous mode
[  890.559045][T15112] bridge0: port 2(bridge_slave_1) entered disabled state
[  890.613016][T15112] bridge_slave_0: left allmulticast mode
[  890.646703][T15112] bridge_slave_0: left promiscuous mode
[  890.885015][T15112] bridge0: port 1(bridge_slave_0) entered disabled state
[  891.657740][T15112] team0: Port device bridge0 removed
[  892.680624][T15142] netlink: 5312 bytes leftover after parsing attributes in process `syz.1.2591'.
[  892.690007][T15142] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  893.691052][T15159] netlink: 'syz.2.2595': attribute type 10 has an invalid length.
[  893.806463][T15159] team0: Device veth1_vlan failed to register rx_handler
[  893.947465][T15166] infiniband syz1: set active
[  894.003005][T15166] bond0: (slave bond_slave_0): Releasing backup interface
[  894.059006][T15166] bond0: (slave bond_slave_1): Releasing backup interface
[  894.122259][T15166] team0: Port device team_slave_0 removed
[  894.140697][T15166] bond1: (slave team_slave_1): Releasing active interface
[  894.164741][T15166] team_slave_1: left promiscuous mode
[  894.186054][T15166] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  894.204189][T15166] batman_adv: batadv0: Removing interface: batadv_slave_0
[  894.220748][T15166] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  894.248181][T15166] batman_adv: batadv0: Removing interface: batadv_slave_1
[  894.279421][ T3068] lo speed is unknown, defaulting to 1000
[  894.279449][T15167] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2597'.
[  895.759367][T15172] netlink: 'syz.5.2601': attribute type 3 has an invalid length.
[  896.218903][T15172] netlink: 'syz.5.2601': attribute type 3 has an invalid length.
[  896.300978][T15181] bridge_slave_0: left allmulticast mode
[  896.318330][T15181] bridge_slave_0: left promiscuous mode
[  896.332904][T15181] bridge0: port 1(bridge_slave_0) entered disabled state
[  896.352183][T15181] bridge_slave_1: left allmulticast mode
[  896.360833][T15181] bridge_slave_1: left promiscuous mode
[  896.371114][T15181] bridge0: port 2(bridge_slave_1) entered disabled state
[  896.391397][T15181] bond0: (slave bond_slave_0): Releasing backup interface
[  896.421889][T15181] bond0: (slave bond_slave_1): Releasing backup interface
[  896.488116][T15181] team0: Port device team_slave_0 removed
[  896.508556][T15181] team0: Port device team_slave_1 removed
[  896.529349][T15181] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  896.537548][T15181] batman_adv: batadv0: Removing interface: batadv_slave_0
[  896.546438][T15181] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  896.554481][T15181] batman_adv: batadv0: Removing interface: batadv_slave_1
[  896.569992][T15181] infiniband syz0: set active
[  897.608357][T15203] netlink: 5312 bytes leftover after parsing attributes in process `syz.4.2605'.
[  897.617700][T15203] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  898.804968][T15198] tipc: Bearer <udp:syz2>: already 2 bearers with priority 10
[  898.812937][T15198] tipc: Bearer <udp:syz2>: trying with adjusted priority
[  899.043957][T15198] tipc: New replicast peer: 255.255.255.255
[  899.051457][T15198] tipc: Enabled bearer <udp:syz2>, priority 9
[  899.165342][   T29] audit: type=1804 audit(1731719940.494:160): pid=15212 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.5.2611" name="/newroot/459/file1" dev="fuse" ino=1 res=1 errno=0
[  899.213232][   T29] audit: type=1800 audit(1731719940.494:161): pid=15212 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.2611" name="/" dev="fuse" ino=1 res=0 errno=0
[  900.206727][T15236] binder_alloc: 15235: pid 15235 spamming oneway? 1 buffers allocated for a total size of 4096
[  900.502177][T15242] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2617'.
[  901.535135][T15259] netlink: 5312 bytes leftover after parsing attributes in process `syz.1.2620'.
[  901.544401][T15259] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  903.959670][T15286] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2625'.
[  904.921230][T15302] binder: 15300:15302 ioctl c0306201 20000680 returned -14
[  906.211093][ T3068] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  906.929518][ T3068] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  906.960119][ T3068] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  906.983425][ T3068] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  907.009785][ T3068] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  907.018233][ T3068] usb 6-1: SerialNumber: syz
[  907.037150][T15321] binder: BINDER_SET_CONTEXT_MGR already set
[  907.054140][T15321] binder: 15319:15321 ioctl 4018620d 200001c0 returned -16
[  907.234458][ T3068] usb 6-1: 0:2 : does not exist
[  907.239455][ T3068] usb 6-1: unit 5: unexpected type 0x0d
[  907.250579][ T3068] usb 6-1: USB disconnect, device number 36
[  907.324084][ T5832] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  907.445831][T15332] netlink: 5312 bytes leftover after parsing attributes in process `syz.1.2639'.
[  907.455140][T15332] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  908.288211][ T5832] usb 5-1: Using ep0 maxpacket: 16
[  908.306652][ T5832] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  909.136680][ T5832] usb 5-1: config 0 has no interface number 0
[  909.165975][T15344] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[15344]
[  909.201815][ T5832] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  909.211015][ T5832] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  909.225252][ T5832] usb 5-1: Product: syz
[  909.229859][ T5832] usb 5-1: Manufacturer: syz
[  909.245632][ T5832] usb 5-1: SerialNumber: syz
[  909.261825][ T5832] usb 5-1: config 0 descriptor??
[  909.484619][ T5913] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  909.614069][ T3068] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  909.635893][ T5913] usb 3-1: config 0 has an invalid descriptor of length 25, skipping remainder of the config
[  909.651733][ T5913] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  909.669529][ T5913] usb 3-1: New USB device found, idVendor=0421, idProduct=0492, bcdDevice=22.e3
[  909.679418][ T5913] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  909.693625][ T5913] usb 3-1: Product: syz
[  909.699648][ T5913] usb 3-1: Manufacturer: syz
[  909.710415][ T5913] usb 3-1: SerialNumber: syz
[  909.734707][ T5832] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  909.741867][ T5913] usb 3-1: config 0 descriptor??
[  909.892845][ T3068] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  909.905789][ T3068] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  910.117639][ T3068] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  910.162848][ T3068] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  910.252341][ T5832] gspca_spca1528: reg_w err -110
[  910.352389][ T5838] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  910.375209][ T3068] usb 6-1: config 0 descriptor??
[  910.396884][ T5832] spca1528 5-1:0.1: probe with driver spca1528 failed with error -110
[  910.410537][ T5832] usb 5-1: USB disconnect, device number 29
[  910.585985][ T5838] usb 2-1: Using ep0 maxpacket: 32
[  910.593047][ T5838] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  910.614570][ T5838] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  911.406977][ T5838] usb 2-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[  911.416220][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  911.424690][ T5838] usb 2-1: Product: syz
[  911.428869][ T5838] usb 2-1: Manufacturer: syz
[  911.433465][ T5838] usb 2-1: SerialNumber: syz
[  911.440226][ T5838] usb 2-1: config 0 descriptor??
[  911.470841][ T5838] usb 2-1: no audio or video endpoints found
[  911.494813][ T5832] usb 3-1: USB disconnect, device number 33
[  911.562968][T15373] dns_resolver: Unsupported server list version (0)
[  911.612509][T15370] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=662173688 (1324347376 ns) > initial count (522240 ns). Using initial count to start timer.
[  911.675560][ T3068] usbhid 6-1:0.0: can't add hid device: -71
[  911.681584][ T3068] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  911.695852][ T3068] usb 6-1: USB disconnect, device number 37
[  911.774430][T15379] netlink: 5312 bytes leftover after parsing attributes in process `syz.2.2651'.
[  911.783646][T15379] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  912.569249][ T5832] usb 2-1: USB disconnect, device number 33
[  912.654136][T15386] netlink: 'syz.2.2652': attribute type 1 has an invalid length.
[  912.661998][T15386] netlink: 'syz.2.2652': attribute type 4 has an invalid length.
[  912.676844][T15386] netlink: 15334 bytes leftover after parsing attributes in process `syz.2.2652'.
[  913.463956][ T5832] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  913.616260][ T5832] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  913.648514][ T5832] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  913.678049][ T5832] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  914.481125][ T5832] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  914.490643][ T5832] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  914.508902][ T5832] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  914.539494][ T5832] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -12
[  914.746501][ T5832] usb 6-1: USB disconnect, device number 38
[  914.939612][T15417] netlink: 5312 bytes leftover after parsing attributes in process `syz.2.2662'.
[  914.949178][T15417] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  917.978399][T15456] sch_tbf: burst 4398 is lower than device lo mtu (11337746) !
[  918.114317][T15458] netlink: 5312 bytes leftover after parsing attributes in process `syz.4.2675'.
[  918.123557][T15458] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  918.919891][T15468] binder: BINDER_SET_CONTEXT_MGR already set
[  918.927841][T15468] binder: 15467:15468 ioctl 4018620d 200001c0 returned -16
[  919.568155][   T29] audit: type=1800 audit(1731719960.894:162): pid=15483 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.2681" name="/" dev="fuse" ino=1 res=0 errno=0
[  920.844146][ T5832] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  920.893915][ T5913] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  921.016092][ T5832] usb 4-1: config 0 has an invalid interface number: 18 but max is 0
[  921.030142][ T5832] usb 4-1: config 0 has no interface number 0
[  921.043357][ T5832] usb 4-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  921.050322][ T5913] usb 3-1: Using ep0 maxpacket: 16
[  921.067457][ T5832] usb 4-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  921.068879][ T5913] usb 3-1: config 0 has no interfaces?
[  921.096164][ T5832] usb 4-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10
[  921.099814][ T5913] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  921.111300][ T5832] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  921.121043][ T5913] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  921.136082][ T5832] usb 4-1: Manufacturer: syz
[  921.142757][ T5913] usb 3-1: config 0 descriptor??
[  921.152625][ T5832] usb 4-1: config 0 descriptor??
[  921.666526][ T5913] usb 3-1: USB disconnect, device number 34
[  921.670548][ T5832] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.18/0003:054C:03D5.001F/input/input70
[  921.772390][ T5832] sony 0003:054C:03D5.001F: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.3-1/input18
[  921.841936][T15507] netlink: 5312 bytes leftover after parsing attributes in process `syz.5.2687'.
[  921.851342][T15507] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  922.120857][ T5832] usb 4-1: USB disconnect, device number 38
[  922.840106][ T5913] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  923.008304][ T5913] usb 6-1: Using ep0 maxpacket: 16
[  923.016819][ T5913] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  923.028123][ T5913] usb 6-1: config 0 has no interface number 0
[  923.035851][ T5913] usb 6-1: config 0 interface 1 has no altsetting 0
[  923.063546][ T5913] usb 6-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  923.083767][ T5913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  923.128696][ T5913] usb 6-1: Product: syz
[  923.149475][ T5913] usb 6-1: Manufacturer: syz
[  923.174965][ T5913] usb 6-1: SerialNumber: syz
[  923.232396][ T5913] usb 6-1: config 0 descriptor??
[  923.597053][ T5913] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  924.087066][ T5913] gspca_spca1528: reg_w err -71
[  924.110984][ T5913] spca1528 6-1:0.1: probe with driver spca1528 failed with error -71
[  924.122255][ T5913] usb 6-1: USB disconnect, device number 39
[  926.879424][T15554] netlink: 5312 bytes leftover after parsing attributes in process `syz.5.2699'.
[  926.888820][T15554] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  928.208105][   T29] audit: type=1400 audit(1731719969.544:163): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="#!" requested=w pid=15564 comm="syz.3.2703" dest=20000
[  928.381430][   T29] audit: type=1400 audit(1731719969.714:164): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="#!" requested=w pid=15571 comm="syz.5.2707"
[  928.437443][T15574] overlayfs: statfs failed on './file0'
[  928.454213][ T5838] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  929.578470][ T3068] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  929.774056][ T3068] usb 2-1: Using ep0 maxpacket: 16
[  929.791772][ T3068] usb 2-1: config 0 has no interfaces?
[  929.827636][ T3068] usb 2-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=a8.43
[  929.976483][ T3068] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  930.093252][ T3068] usb 2-1: Product: syz
[  930.112950][ T3068] usb 2-1: Manufacturer: syz
[  930.155752][ T5838] usb 4-1: config index 0 descriptor too short (expected 106, got 36)
[  930.164019][ T5838] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  930.174306][ T5838] usb 4-1: config 0 has no interfaces?
[  930.179806][ T5838] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00
[  930.200330][ T5838] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  930.561915][ T5838] usb 4-1: config 0 descriptor??
[  931.070964][ T3068] usb 2-1: SerialNumber: syz
[  931.129877][ T5838] usb 4-1: can't set config #0, error -71
[  931.131436][ T3068] usb 2-1: config 0 descriptor??
[  931.136995][ T5838] usb 4-1: USB disconnect, device number 39
[  931.277873][T15598] netlink: 5312 bytes leftover after parsing attributes in process `syz.4.2712'.
[  931.287130][T15598] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  932.211327][T15604] batman_adv: batadv0: Adding interface: dummy0
[  932.218005][T15604] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  932.252940][T15604] batman_adv: batadv0: Interface activated: dummy0
[  932.281205][T15605] batadv0: mtu less than device minimum
[  932.287100][ T5913] usb 2-1: USB disconnect, device number 34
[  932.296280][T15605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  932.309301][T15605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  932.321673][T15605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  932.334107][T15605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  932.346447][T15605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  932.358991][T15605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  932.371291][T15605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  932.383670][T15605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  932.395402][T15605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  932.462304][T15602] vlan0: entered promiscuous mode
[  932.500839][T15602] vlan0: entered allmulticast mode
[  932.719976][T15602] hsr_slave_1: entered allmulticast mode
[  933.155159][T15608] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2715'.
[  933.250269][T15608] hsr_slave_1 (unregistering): left allmulticast mode
[  933.279784][T15608] hsr_slave_1 (unregistering): left promiscuous mode
[  933.435473][ T5838] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  934.309788][ T5838] usb 3-1: Using ep0 maxpacket: 8
[  934.496459][ T5838] usb 3-1: config 4 has an invalid interface number: 182 but max is 0
[  934.504883][ T5838] usb 3-1: config 4 has no interface number 0
[  934.510991][ T5838] usb 3-1: config 4 interface 182 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  934.523745][ T5838] usb 3-1: config 4 interface 182 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  935.493879][ T5838] usb 3-1: New USB device found, idVendor=0499, idProduct=1033, bcdDevice=5c.79
[  935.503022][ T5838] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  935.511177][ T5838] usb 3-1: Product: syz
[  935.515490][ T5838] usb 3-1: Manufacturer: syz
[  935.520111][ T5838] usb 3-1: SerialNumber: syz
[  935.879057][ T5838] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  936.394728][ T5838] snd-usb-audio 3-1:4.182: probe with driver snd-usb-audio failed with error -2
[  936.582548][ T5838] usb 3-1: USB disconnect, device number 35
[  943.360573][T15686] ip6gretap1: entered allmulticast mode
[  943.460154][T15694] xt_NFQUEUE: number of total queues is 0
[  945.339188][T15708] netlink: 'syz.4.2740': attribute type 1 has an invalid length.
[  946.559922][T15712] veth0_vlan: left promiscuous mode
[  946.573069][T15720] serio: Serial port ptm0
[  947.817887][T15708] 8021q: adding VLAN 0 to HW filter on device batadv1
[  947.846742][T15708] bond1: (slave batadv1): Enslaving as a backup interface with an up link
[  947.943595][T15723] bond1 (unregistering): (slave batadv1): Releasing backup interface
[  948.039980][T15723] bond1 (unregistering): Released all slaves
[  948.142484][T15733] ntfs3(nullb0): Primary boot signature is not NTFS.
[  948.150526][T15733] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  948.917116][T15729] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2745'.
[  948.948273][T15729] netlink: 124 bytes leftover after parsing attributes in process `syz.5.2745'.
[  948.979139][T15729] netlink: 508 bytes leftover after parsing attributes in process `syz.5.2745'.
[  949.244070][   T29] audit: type=1800 audit(1731719990.564:165): pid=15739 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.2748" name="/" dev="9p" ino=2 res=0 errno=0
[  949.801757][T15749] xt_socket: unknown flags 0x8
[  950.675603][ T5832] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  952.013893][ T5832] usb 2-1: Using ep0 maxpacket: 8
[  952.021344][ T5832] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  952.034518][ T5832] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  952.045648][ T5832] usb 2-1: config 0 descriptor??
[  955.219870][ T5832] usb 2-1: can't set config #0, error -71
[  955.235340][ T5832] usb 2-1: USB disconnect, device number 35
[  956.526006][T15791] program syz.3.2760 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  956.644945][   T29] audit: type=1326 audit(1731719997.934:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15780 comm="syz.5.2761" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fae84f7e719 code=0x0
[  957.299421][T15787] delete_channel: no stack
[  957.744555][T15810] tipc: Started in network mode
[  957.749469][T15810] tipc: Node identity 4, cluster identity 4
[  957.755882][T15810] tipc: Node number set to 4
[  960.964041][T15836] ALSA: seq fatal error: cannot create timer (-22)
[  962.121703][ T5832] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  962.324244][ T5832] usb 6-1: Using ep0 maxpacket: 16
[  962.351852][ T5832] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  962.557910][ T5832] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  962.574759][ T5832] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  962.614005][ T5832] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  962.637138][ T5832] usb 6-1: config 0 descriptor??
[  963.415455][ T5832] input: HID 05ac:8241 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:05AC:8241.0020/input/input71
[  963.699814][ T5832] appleir 0003:05AC:8241.0020: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.5-1/input0
[  964.324026][ T5913] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  964.674257][T15882] syzkaller0: entered promiscuous mode
[  964.694806][T15882] syzkaller0: entered allmulticast mode
[  964.747857][ T5913] usb 5-1: config 0 has an invalid interface number: 17 but max is 0
[  964.756075][ T5913] usb 5-1: config 0 has no interface number 0
[  964.762188][ T5913] usb 5-1: config 0 interface 17 has no altsetting 0
[  964.769186][ T5913] usb 5-1: New USB device found, idVendor=19d2, idProduct=1148, bcdDevice=5c.71
[  964.778551][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  964.799720][ T5913] usb 5-1: config 0 descriptor??
[  965.079245][T15897] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2791'.
[  965.207603][T15900] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2793'.
[  965.493974][ T5913] usb 5-1: string descriptor 0 read error: -71
[  965.569769][  T969] usb 6-1: USB disconnect, device number 40
[  965.586718][ T5913] usb 5-1: USB disconnect, device number 30
[  968.133896][  T969] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  968.304119][  T969] usb 6-1: Using ep0 maxpacket: 32
[  968.319024][  T969] usb 6-1: config 0 has no interfaces?
[  968.340926][  T969] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  968.373003][  T969] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  968.398381][  T969] usb 6-1: config 0 descriptor??
[  968.665878][  T969] usb 6-1: USB disconnect, device number 41
[  968.846994][T15939] syz.1.2804: attempt to access beyond end of device
[  968.846994][T15939] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0
[  968.861246][T15939] XFS (nbd1): SB validate failed with error -5.
[  970.749650][T15966] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2809'.
[  970.854208][ T5913] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  971.014237][ T5913] usb 4-1: Using ep0 maxpacket: 16
[  971.036244][ T5913] usb 4-1: config 0 has an invalid descriptor of length 123, skipping remainder of the config
[  971.081078][ T5913] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  971.159183][ T5913] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  971.244301][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  971.308151][ T5913] usb 4-1: config 0 descriptor??
[  971.725538][ T5913] usb 4-1: string descriptor 0 read error: -71
[  971.732859][ T5913] usb 4-1: USB disconnect, device number 40
[  971.785324][T15972] Process accounting resumed
[  972.655692][T15990] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2815'.
[  979.468081][T16058] syz.5.2830 uses old SIOCAX25GETINFO
[  980.044410][T16063] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2831'.
[  983.800283][ T5913] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  984.844389][ T5913] usb 5-1: config 0 has no interfaces?
[  984.850250][ T5913] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  984.914375][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  984.958412][ T5913] usb 5-1: config 0 descriptor??
[  985.076306][  T969] usb 5-1: USB disconnect, device number 31
[  991.914950][ T5913] IPVS: starting estimator thread 0...
[  993.174149][T16178] IPVS: using max 20 ests per chain, 48000 per kthread
[  994.824157][ T5913] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  995.015399][ T5913] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  995.018928][T16196] net_ratelimit: 10 callbacks suppressed
[  995.018945][T16196] TCP: out of memory -- consider tuning tcp_mem
[  995.027131][ T5913] usb 3-1: New USB device found, idVendor=04d5, idProduct=0001, bcdDevice= 0.00
[  995.032459][T16196] TCP: out of memory -- consider tuning tcp_mem
[  995.039537][ T5913] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  995.227125][ T5913] usb 3-1: config 0 descriptor??
[  995.266453][ T5913] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  996.766292][  T969] usb 3-1: USB disconnect, device number 36
[  996.836428][T16218] pimreg: entered allmulticast mode
[  996.852963][T16218] input: syz0 as /devices/virtual/input/input72
[ 1000.511281][T16251] netlink: 272 bytes leftover after parsing attributes in process `syz.4.2881'.
[ 1003.798924][T16272] debugfs: Directory 'netdev:nicvf0' with parent 'phy7' already present!
[ 1018.674069][   T29] audit: type=1400 audit(1731720060.014:167): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="#!" requested=w pid=16390 comm="syz.2.2917" dest=20000
[ 1019.505262][T16410] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1020.111591][T16414] mkiss: ax0: crc mode is auto.
[ 1020.263229][T16422] netlink: zone id is out of range
[ 1020.289093][T16422] netlink: set zone limit has 4 unknown bytes
[ 1024.006145][T13451] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1024.232258][T13451] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1024.242933][T13451] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1024.254893][T13451] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1024.265991][T13451] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1024.391143][T13451] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1024.714496][   T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1024.721857][   T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1024.730311][   T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1024.752766][   T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1024.760885][   T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1024.770637][   T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1024.862530][T16448] lo speed is unknown, defaulting to 1000
[ 1025.346868][T16448] lo speed is unknown, defaulting to 1000
[ 1026.015381][   T29] audit: type=1326 audit(1731720067.204:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16467 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f097417e719 code=0x7fc00000
[ 1026.072907][   T29] audit: type=1326 audit(1731720067.204:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16467 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f097417e719 code=0x7fc00000
[ 1026.932691][   T54] Bluetooth: hci4: command tx timeout
[ 1027.033801][   T29] audit: type=1326 audit(1731720067.204:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16467 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f097417e719 code=0x7fc00000
[ 1027.115306][   T29] audit: type=1326 audit(1731720067.204:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16467 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f097417e719 code=0x7fc00000
[ 1027.182888][T16448] chnl_net:caif_netlink_parms(): no params data found
[ 1027.723075][   T29] audit: type=1326 audit(1731720067.204:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16467 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f097417e719 code=0x7fc00000
[ 1027.769858][T16490] netlink: 'syz.3.2940': attribute type 10 has an invalid length.
[ 1027.817851][   T29] audit: type=1326 audit(1731720067.214:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16467 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f097417e719 code=0x7fc00000
[ 1028.025411][   T29] audit: type=1326 audit(1731720067.214:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16467 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f097417e719 code=0x7fc00000
[ 1028.047900][   T29] audit: type=1326 audit(1731720067.214:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16467 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f097417e719 code=0x7fc00000
[ 1028.135575][   T29] audit: type=1326 audit(1731720067.214:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16467 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f097417e719 code=0x7fc00000
[ 1028.160142][   T29] audit: type=1326 audit(1731720067.214:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16467 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f097417e719 code=0x7fc00000
[ 1029.050965][   T54] Bluetooth: hci4: command tx timeout
[ 1029.054689][T16509] tmpfs: Bad value for 'gid'
[ 1029.061948][T16509] tmpfs: Bad value for 'gid'
[ 1029.447205][T16278] bond0: (slave syz_tun): Releasing backup interface
[ 1030.610932][T16448] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1030.620379][T16448] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1030.638736][T16448] bridge_slave_0: entered allmulticast mode
[ 1030.650178][T16448] bridge_slave_0: entered promiscuous mode
[ 1030.661595][T16448] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1030.669161][T16448] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1030.676500][T16448] bridge_slave_1: entered allmulticast mode
[ 1030.683432][T16448] bridge_slave_1: entered promiscuous mode
[ 1030.916367][T16524] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2948'.
[ 1031.124096][   T54] Bluetooth: hci4: command tx timeout
[ 1031.336314][T16516] syz.2.2944: vmalloc error: size 16777216, failed to allocated page array size 32768, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1031.355013][T16516] CPU: 1 UID: 0 PID: 16516 Comm: syz.2.2944 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0
[ 1031.365804][T16516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[ 1031.375866][T16516] Call Trace:
[ 1031.379159][T16516]  <TASK>
[ 1031.382089][T16516]  dump_stack_lvl+0x241/0x360
[ 1031.386781][T16516]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1031.391989][T16516]  ? __pfx__printk+0x10/0x10
[ 1031.396586][T16516]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[ 1031.403002][T16516]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[ 1031.409507][T16516]  warn_alloc+0x278/0x410
[ 1031.413865][T16516]  ? __pfx_warn_alloc+0x10/0x10
[ 1031.418744][T16516]  ? xp_alloc_tx_descs+0x67/0xc0
[ 1031.423705][T16516]  ? __get_vm_area_node+0x23d/0x270
[ 1031.428919][T16516]  __vmalloc_node_range_noprof+0x691/0x13f0
[ 1031.434817][T16516]  ? __pfx___alloc_pages_noprof+0x10/0x10
[ 1031.440567][T16516]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1031.446901][T16516]  ? rcu_is_watching+0x15/0xb0
[ 1031.451668][T16516]  ? trace_kmalloc+0x1f/0xd0
[ 1031.456258][T16516]  ? __kmalloc_node_noprof+0x247/0x440
[ 1031.461717][T16516]  ? __kvmalloc_node_noprof+0x72/0x190
[ 1031.467188][T16516]  __kvmalloc_node_noprof+0x142/0x190
[ 1031.472574][T16516]  ? xp_alloc_tx_descs+0x67/0xc0
[ 1031.477530][T16516]  xp_alloc_tx_descs+0x67/0xc0
[ 1031.482314][T16516]  xsk_bind+0xb93/0xdc0
[ 1031.486477][T16516]  __sys_bind+0x22d/0x2d0
[ 1031.490838][T16516]  ? __pfx___sys_bind+0x10/0x10
[ 1031.495705][T16516]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1031.502041][T16516]  ? exc_page_fault+0x590/0x8c0
[ 1031.506897][T16516]  __x64_sys_bind+0x7a/0x90
[ 1031.511402][T16516]  do_syscall_64+0xf3/0x230
[ 1031.515913][T16516]  ? clear_bhb_loop+0x35/0x90
[ 1031.520600][T16516]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1031.526495][T16516] RIP: 0033:0x7f6b3597e719
[ 1031.530908][T16516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1031.550556][T16516] RSP: 002b:00007f6b366e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 1031.558973][T16516] RAX: ffffffffffffffda RBX: 00007f6b35b36130 RCX: 00007f6b3597e719
[ 1031.566947][T16516] RDX: 0000000000000010 RSI: 0000000020000240 RDI: 0000000000000003
[ 1031.574918][T16516] RBP: 00007f6b359f175e R08: 0000000000000000 R09: 0000000000000000
[ 1031.582891][T16516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1031.590870][T16516] R13: 0000000000000001 R14: 00007f6b35b36130 R15: 00007ffc9d6a0558
[ 1031.598861][T16516]  </TASK>
[ 1031.602307][T16516] Mem-Info:
[ 1031.605958][T16516] active_anon:3194 inactive_anon:6199 isolated_anon:0
[ 1031.605958][T16516]  active_file:21744 inactive_file:37895 isolated_file:0
[ 1031.605958][T16516]  unevictable:768 dirty:135 writeback:0
[ 1031.605958][T16516]  slab_reclaimable:10657 slab_unreclaimable:111316
[ 1031.605958][T16516]  mapped:23066 shmem:4277 pagetables:858
[ 1031.605958][T16516]  sec_pagetables:0 bounce:0
[ 1031.605958][T16516]  kernel_misc_reclaimable:0
[ 1031.605958][T16516]  free:1301715 free_pcp:2892 free_cma:0
[ 1031.680371][T16516] Node 0 active_anon:12776kB inactive_anon:24696kB active_file:86904kB inactive_file:151580kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:92264kB dirty:540kB writeback:0kB shmem:15572kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11312kB pagetables:3432kB sec_pagetables:0kB all_unreclaimable? no
[ 1031.719936][T16516] Node 1 active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[ 1031.756127][T16516] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1031.894305][T16516] lowmem_reserve[]: 0 2465 2466 0 0
[ 1031.957247][T16516] Node 0 DMA32 free:1296736kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:12824kB inactive_anon:24664kB active_file:86148kB inactive_file:151528kB unevictable:1536kB writepending:732kB present:3129332kB managed:2552504kB mlocked:0kB bounce:0kB free_pcp:1492kB local_pcp:692kB free_cma:0kB
[ 1032.086368][T16516] lowmem_reserve[]: 0 0 0 0 0
[ 1032.125800][T16516] Node 0 Normal free:4kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:764kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048580kB managed:880kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[ 1032.263332][T16516] lowmem_reserve[]: 0 0 0 0 0
[ 1032.338551][T16516] Node 1 Normal free:3905772kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1032.401254][T16516] lowmem_reserve[]: 0 0 0 0 0
[ 1032.413849][T16516] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1032.431101][T16516] Node 0 DMA32: 1172*4kB (UME) 763*8kB (UME) 523*16kB (UME) 202*32kB (UME) 98*64kB (UME) 52*128kB (UME) 25*256kB (UM) 24*512kB (UM) 49*1024kB (UME) 19*2048kB (UM) 281*4096kB (UME) = 1297304kB
[ 1032.450784][T16516] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB
[ 1032.472252][T16516] Node 1 Normal: 233*4kB (UM) 67*8kB (UME) 49*16kB (UME) 203*32kB (UME) 103*64kB (UME) 40*128kB (UME) 17*256kB (UME) 10*512kB (UME) 5*1024kB (UME) 2*2048kB (UE) 944*4096kB (UM) = 3905772kB
[ 1032.475899][T16536] ubi0: detaching mtd0
[ 1032.518825][T16536] ubi0: mtd0 is detached
[ 1032.523162][T16516] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1032.550254][T16516] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=2 hugepages_size=2048kB
[ 1032.552599][T16536] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1032.567716][T16516] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1032.581522][T16516] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1032.598435][T16516] 63935 total pagecache pages
[ 1032.603487][T16516] 0 pages in swap cache
[ 1032.689535][T16516] Free swap  = 124652kB
[ 1032.701855][T16516] Total swap = 124996kB
[ 1032.713494][T16516] 2097051 pages RAM
[ 1032.718613][T16516] 0 pages HighMem/MovableOnly
[ 1032.723316][T16516] 427073 pages reserved
[ 1032.727709][T16516] 0 pages cma reserved
[ 1032.981110][ T3450] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1033.204061][   T54] Bluetooth: hci4: command tx timeout
[ 1034.496585][ T3450] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1035.117046][ T3450] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1035.341968][T16448] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1035.611498][T16448] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1036.214178][  T969] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[ 1036.279725][ T3450] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1036.380245][  T969] usb 4-1: Using ep0 maxpacket: 32
[ 1036.391456][T16448] team0: Port device team_slave_0 added
[ 1036.412768][  T969] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[ 1036.434861][T16448] team0: Port device team_slave_1 added
[ 1036.449333][  T969] usb 4-1: config 0 has no interface number 0
[ 1036.460251][  T969] usb 4-1: config 0 interface 12 has no altsetting 0
[ 1037.219351][  T969] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1037.228657][  T969] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1037.238174][  T969] usb 4-1: Product: syz
[ 1037.242465][  T969] usb 4-1: Manufacturer: syz
[ 1037.291138][T16448] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1037.306775][T16577] kvm: kvm [16576]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x86
[ 1037.323841][T16448] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1037.371446][  T969] usb 4-1: SerialNumber: syz
[ 1037.396513][T16577] kvm: kvm [16576]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xe8
[ 1037.412281][  T969] usb 4-1: config 0 descriptor??
[ 1037.413491][T16448] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1037.422012][T16577] kvm: kvm [16576]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x876
[ 1037.444276][T16577] kvm: kvm [16576]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x8da
[ 1037.490353][T16577] kvm: kvm [16576]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xd5
[ 1037.494775][T16448] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1037.512156][T16577] kvm: kvm [16576]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x88f
[ 1037.518790][T16448] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1037.547621][T16448] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1037.682916][T16448] hsr_slave_0: entered promiscuous mode
[ 1037.690467][T16448] hsr_slave_1: entered promiscuous mode
[ 1037.723362][T16448] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1037.731717][T16448] Cannot create hsr debugfs directory
[ 1039.682084][  T969] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71
[ 1039.689854][  T969] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[ 1039.697309][  T969] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[ 1040.180363][  T969] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[ 1041.210675][  T969] usb 4-1: USB disconnect, device number 41
[ 1043.290422][ T3450] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1043.320213][ T3450] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1043.336890][ T3450] bond0 (unregistering): Released all slaves
[ 1043.675078][ T3450] tipc: Left network mode
[ 1043.874167][ T5832] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[ 1044.060528][ T5832] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1044.088148][ T5832] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1044.509558][T16448] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1044.573957][ T5832] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1044.672142][ T5832] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1044.687335][ T5832] usb 3-1: SerialNumber: syz
[ 1044.937027][T16448] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1045.005159][T16448] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1045.136293][ T5832] usb 3-1: 0:2 : does not exist
[ 1045.141272][ T5832] usb 3-1: unit 255 not found!
[ 1045.148902][ T5832] usb 3-1: 5:0: cannot get min/max values for control 2 (id 5)
[ 1045.171761][ T5832] usb 3-1: USB disconnect, device number 37
[ 1045.230253][T16448] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1045.322273][   T29] kauditd_printk_skb: 52 callbacks suppressed
[ 1045.322291][   T29] audit: type=1326 audit(1731720086.604:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16637 comm="syz.1.2974" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda0a37e719 code=0x0
[ 1046.501707][T16652] batadv0: entered promiscuous mode
[ 1046.507777][T16652] macvtap2: entered promiscuous mode
[ 1046.514565][T16652] 8021q: adding VLAN 0 to HW filter on device macvtap2
[ 1047.212047][T16652] batadv0: left promiscuous mode
[ 1047.639208][ T3450] hsr_slave_0: left promiscuous mode
[ 1050.264161][ T3450] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1050.275299][ T3450] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1051.340664][ T3450] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1051.350935][ T3450] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1052.409272][ T3450] veth1_macvtap: left promiscuous mode
[ 1052.582322][ T3450] veth0_macvtap: left promiscuous mode
[ 1052.604182][ T3450] veth1_vlan: left promiscuous mode
[ 1053.043517][ T3450] pimreg4 (unregistering): left allmulticast mode
[ 1054.748207][T16702] netlink: 'syz.5.2987': attribute type 16 has an invalid length.
[ 1054.914866][ T3450] team0 (unregistering): Port device team_slave_1 removed
[ 1055.444579][ T3450] team0 (unregistering): Port device team_slave_0 removed
[ 1058.643495][T16725] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0)
[ 1059.806349][T16729] hub 9-0:1.0: USB hub found
[ 1059.817209][T16729] hub 9-0:1.0: 1 port detected
[ 1060.228750][T16720] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2992'.
[ 1060.257443][T16720] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (252)
[ 1060.761570][T16448] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1061.299452][T16448] 8021q: adding VLAN 0 to HW filter on device team0
[ 1061.745835][T16448] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1061.756262][T16448] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1061.775665][ T6643] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1061.782775][ T6643] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1061.844509][ T6643] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1061.851702][ T6643] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1061.891197][   T29] audit: type=1326 audit(1731720103.184:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16746 comm="syz.1.2999" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda0a37e719 code=0x0
[ 1061.912708][  T969] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[ 1062.155606][ T3450] IPVS: stop unused estimator thread 0...
[ 1062.193105][T16448] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1062.205186][  T969] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1062.229526][  T969] usb 3-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[ 1062.249088][  T969] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1062.412452][  T969] gspca_main: stv0680-2.14.0 probing 041e:4007
[ 1063.444292][  T969] stv0680 3-1:4.0: STV(e): camera ping failed!!
[ 1063.694087][  T969] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[ 1063.702310][  T969] stv0680 3-1:4.0: last error: 0,  command = 0x0
[ 1063.711237][  T969] usb 3-1: USB disconnect, device number 38
[ 1065.701444][T16448] veth0_vlan: entered promiscuous mode
[ 1065.940162][T16448] veth1_vlan: entered promiscuous mode
[ 1066.766758][T16448] veth0_macvtap: entered promiscuous mode
[ 1066.828999][T16448] veth1_macvtap: entered promiscuous mode
[ 1066.943063][T16448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1066.960303][T16448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1067.012058][T16448] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1067.332891][T16448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1067.949699][T16448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1067.964292][T16448] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1067.986233][T16448] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1068.013262][T16448] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1068.027621][T16448] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1068.038065][T16448] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1068.437223][T15132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1068.531172][T15132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1070.207260][ T6643] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1070.217123][ T6643] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1070.783932][ T3068] usb 3-1: new full-speed USB device number 39 using dummy_hcd
[ 1071.805604][ T3068] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1071.815345][ T3068] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1071.828284][ T3068] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1071.845397][ T3068] usb 3-1: Product: syz
[ 1071.849695][ T3068] usb 3-1: Manufacturer: syz
[ 1071.862543][ T3068] usb 3-1: SerialNumber: syz
[ 1072.874542][T16841] overlayfs: overlapping lowerdir path
[ 1073.406986][ T3068] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 39 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[ 1073.743195][ T3068] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[ 1073.746508][T16848] MTD: Attempt to mount non-MTD device "/dev/loop6"
[ 1073.777892][T16848] syz.6.3018: attempt to access beyond end of device
[ 1073.777892][T16848] loop6: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1073.944362][ T3068] usb 4-1: Using ep0 maxpacket: 8
[ 1073.969387][ T3068] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1074.072606][ T3068] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1074.082814][ T3068] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1074.093018][ T3068] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1074.107279][ T3068] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1074.116395][ T3068] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1074.570035][ T3068] usb 4-1: GET_CAPABILITIES returned 0
[ 1074.579152][ T3068] usbtmc 4-1:16.0: can't read capabilities
[ 1075.773519][ T5832] usb 3-1: USB disconnect, device number 39
[ 1075.945828][ T5832] usblp0: removed
[ 1077.944987][   T29] audit: type=1326 audit(1731720118.534:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16866 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1078.081507][   T29] audit: type=1326 audit(1731720118.534:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16866 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1078.103360][   T29] audit: type=1326 audit(1731720118.534:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16866 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1078.125086][   T29] audit: type=1326 audit(1731720118.534:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16866 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1078.214068][   T29] audit: type=1326 audit(1731720118.534:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16866 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1078.446723][  T969] usb 4-1: USB disconnect, device number 42
[ 1078.477524][T16876] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1078.513862][   T29] audit: type=1326 audit(1731720118.544:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16866 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1078.677452][   T29] audit: type=1326 audit(1731720118.544:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16866 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1079.113935][   T29] audit: type=1326 audit(1731720118.544:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16866 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1079.160855][   T29] audit: type=1326 audit(1731720118.544:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16866 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1079.188601][   T29] audit: type=1326 audit(1731720118.544:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16866 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000
[ 1079.606951][T16900] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3032'.
[ 1080.224938][T16902] netlink: 'syz.6.3033': attribute type 1 has an invalid length.
[ 1080.232732][T16902] netlink: 101600 bytes leftover after parsing attributes in process `syz.6.3033'.
[ 1083.256289][T16934] netlink: 80 bytes leftover after parsing attributes in process `syz.6.3040'.
[ 1090.037361][T16977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:24) already exists on: dummy0
[ 1090.047941][T16977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1090.058792][T16977] dummy0: entered promiscuous mode
[ 1090.520957][T16977] dummy0: left promiscuous mode
[ 1091.714086][T16989] ISOFS: Unable to identify CD-ROM format.
[ 1103.552030][  T969] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[ 1104.396264][T17084] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3076'.
[ 1104.683895][  T969] usb 4-1: Using ep0 maxpacket: 8
[ 1104.725676][  T969] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[ 1104.733968][  T969] usb 4-1: config 0 has no interface number 0
[ 1104.734039][T17081] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3078'.
[ 1104.740234][  T969] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1104.763994][  T969] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1105.392406][T17088] lo speed is unknown, defaulting to 1000
[ 1105.527247][T17088] lo speed is unknown, defaulting to 1000
[ 1105.726597][  T969] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1105.737800][  T969] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1105.751227][  T969] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1105.760426][  T969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1106.574651][  T969] usb 4-1: config 0 descriptor??
[ 1106.925736][T17099] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1107.574383][  T969] usb 4-1: can't set config #0, error -71
[ 1107.633005][  T969] usb 4-1: USB disconnect, device number 43
[ 1112.638399][T17124] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[ 1112.836472][T17124] netdevsim netdevsim3 netdevsim0: left promiscuous mode
[ 1113.873807][ T5913] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[ 1113.903344][T17126] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[ 1113.943577][T13788] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1114.073758][ T5913] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1114.824266][ T5913] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1115.538377][ T5913] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1115.547809][ T5913] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1115.610682][ T5913] usb 3-1: SerialNumber: syz
[ 1115.986990][   T54] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1116.050610][T17148] netlink: 132 bytes leftover after parsing attributes in process `syz.6.3094'.
[ 1117.729257][ T5913] usb 3-1: invalid UAC_HEADER (v1)
[ 1117.755139][ T5913] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 1117.910745][ T5913] usb 3-1: USB disconnect, device number 40
[ 1125.085227][T17204] Bluetooth: hci1: Opcode 0x0401 failed: -22
[ 1126.091668][T17190] block nbd6: NBD_DISCONNECT
[ 1126.109897][T17190] block nbd6: Disconnected due to user request.
[ 1126.120897][T17190] block nbd6: shutting down sockets
[ 1127.370187][T13451] Bluetooth: hci1: command tx timeout
[ 1130.783306][T17244] ISOFS: Unable to identify CD-ROM format.
[ 1132.300055][T17257] netlink: 5312 bytes leftover after parsing attributes in process `syz.3.3120'.
[ 1132.309545][T17257] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[ 1132.435089][T17252] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3123'.
[ 1132.444548][T17252] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3123'.
[ 1132.470836][T17252] batadv0: entered promiscuous mode
[ 1132.496497][T17252] dummy0: entered promiscuous mode
[ 1132.519415][T17252] dummy0: left promiscuous mode
[ 1132.714371][T17252] batadv0: left promiscuous mode
[ 1132.801292][T17270] Invalid ELF header magic: != ELF
[ 1133.289719][T17271] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3122'.
[ 1134.127925][T17280] tmpfs: Bad value for 'mpol'
[ 1134.644408][T17288] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3129'.
[ 1136.988596][T17307] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[ 1137.948112][T17317] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3138'.
[ 1138.834778][T17328] netlink: 5312 bytes leftover after parsing attributes in process `syz.1.3136'.
[ 1138.843990][T17328] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[ 1139.953980][ T5913] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[ 1140.144028][ T5913] usb 6-1: Using ep0 maxpacket: 32
[ 1140.189489][ T5913] usb 6-1: config 0 has an invalid interface number: 16 but max is 0
[ 1140.197976][ T5913] usb 6-1: config 0 has no interface number 0
[ 1140.389653][ T5913] usb 6-1: New USB device found, idVendor=17cc, idProduct=0815, bcdDevice=a3.a3
[ 1140.399067][ T5913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1140.407578][ T5913] usb 6-1: Product: syz
[ 1140.411783][ T5913] usb 6-1: Manufacturer: syz
[ 1140.716281][ T5913] usb 6-1: SerialNumber: syz
[ 1140.752918][ T5913] usb 6-1: config 0 descriptor??
[ 1140.784311][ T5913] snd-usb-caiaq 6-1:0.16: can't set alt interface.
[ 1140.800388][ T5913] usb 6-1: unable to init card! (ret=-5)
[ 1140.813403][ T5913] snd-usb-caiaq 6-1:0.16: probe with driver snd-usb-caiaq failed with error -5
[ 1141.151591][ T5838] usb 6-1: USB disconnect, device number 42
[ 1143.489626][T17360] netlink: 'syz.2.3145': attribute type 1 has an invalid length.
[ 1143.497751][T17360] netlink: 112865 bytes leftover after parsing attributes in process `syz.2.3145'.
[ 1144.586500][T17355] binder: 17353:17355 ioctl 400c620e 200003c0 returned -22
[ 1146.113390][T17379] netlink: 5312 bytes leftover after parsing attributes in process `syz.1.3152'.
[ 1146.122823][T17379] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[ 1149.043137][   T54] Bluetooth: hci4: command 0x0406 tx timeout
[ 1149.504526][T17400] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1152.517040][T17427] netlink: 5312 bytes leftover after parsing attributes in process `syz.6.3164'.
[ 1152.526306][T17427] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[ 1154.244188][T17437] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1159.515083][T17484] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3177'.
[ 1160.060943][T17487] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3176'.
[ 1160.076150][T17487] syz.1.3176: attempt to access beyond end of device
[ 1160.076150][T17487] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1160.089706][T17487] befs: (nbd1): unable to read superblock
[ 1163.667182][T17517] ubi0: attaching mtd0
[ 1163.672231][T17517] ubi0 error: ubi_attach_mtd_dev: bad VID header (7) or data offsets (71)
[ 1163.839211][T17520] fuse: Unknown parameter '0x0000000000000005'
[ 1164.079036][T17521] netlink: 296 bytes leftover after parsing attributes in process `syz.2.3186'.
[ 1166.221603][T17539] netlink: 'syz.3.3191': attribute type 2 has an invalid length.
[ 1167.374161][   T54] Bluetooth: hci4: command 0x0406 tx timeout
[ 1167.406361][T17533] input: syz0 as /devices/virtual/input/input74
[ 1169.615330][ T5838] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[ 1169.826035][T17572] netlink: 'syz.5.3196': attribute type 32 has an invalid length.
[ 1170.108330][T13451] Bluetooth: hci4: command 0x0406 tx timeout
[ 1170.401537][ T5838] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[ 1170.660679][T17585] netlink: 'syz.5.3201': attribute type 10 has an invalid length.
[ 1171.525737][T17585] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1171.535796][T17585] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1172.770358][T17588] bond0: entered promiscuous mode
[ 1172.780370][T17588] batadv0: entered promiscuous mode
[ 1173.279167][T17604] block nbd6: shutting down sockets
[ 1175.834526][ T5913] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[ 1176.133934][ T5913] usb 2-1: Using ep0 maxpacket: 16
[ 1177.516226][ T5913] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1177.526834][ T5913] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[ 1177.547533][ T5913] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1177.556928][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1177.585342][ T5913] usb 2-1: config 0 descriptor??
[ 1177.826830][ T5913] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[ 1177.828464][T17621] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1178.570994][T17621] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1179.884222][T15885] usb 2-1: USB disconnect, device number 36
[ 1180.266049][T17655] x_tables: ip_tables: osf match: only valid for protocol 6
[ 1182.172438][T17657] binder: 17652:17657 ioctl c0189376 20000000 returned -22
[ 1182.515510][T17668] netlink: 5312 bytes leftover after parsing attributes in process `syz.1.3220'.
[ 1182.524905][T17668] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[ 1183.685805][   T29] kauditd_printk_skb: 2 callbacks suppressed
[ 1183.685824][   T29] audit: type=1326 audit(1731720225.024:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17671 comm="syz.1.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda0a37e719 code=0x7ffc0000
[ 1184.217319][   T29] audit: type=1326 audit(1731720225.024:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17671 comm="syz.1.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda0a37e719 code=0x7ffc0000
[ 1185.311078][   T29] audit: type=1326 audit(1731720225.054:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17671 comm="syz.1.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fda0a37e719 code=0x7ffc0000
[ 1185.342890][   T29] audit: type=1326 audit(1731720225.054:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17671 comm="syz.1.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda0a37e719 code=0x7ffc0000
[ 1185.365003][   T29] audit: type=1326 audit(1731720225.054:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17671 comm="syz.1.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda0a37e719 code=0x7ffc0000
[ 1185.386943][   T29] audit: type=1326 audit(1731720225.054:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17671 comm="syz.1.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7fda0a37e719 code=0x7ffc0000
[ 1185.540378][   T29] audit: type=1326 audit(1731720225.054:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17671 comm="syz.1.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda0a37e719 code=0x7ffc0000
[ 1185.562299][   T29] audit: type=1326 audit(1731720225.054:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17671 comm="syz.1.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda0a37e719 code=0x7ffc0000
[ 1185.584354][   T29] audit: type=1326 audit(1731720225.054:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17671 comm="syz.1.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fda0a37e719 code=0x7ffc0000
[ 1185.609490][   T29] audit: type=1326 audit(1731720225.054:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17671 comm="syz.1.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda0a37e719 code=0x7ffc0000
[ 1189.286263][T15885] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[ 1189.813906][T15885] usb 4-1: Using ep0 maxpacket: 8
[ 1190.266461][T15885] usb 4-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=14.e5
[ 1190.301085][T15885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1190.406598][T15885] usb 4-1: config 0 descriptor??
[ 1191.558064][T15885] usb 4-1: selecting invalid altsetting 1
[ 1191.563919][T15885] catc 4-1:0.0: Can't set altsetting 1.
[ 1191.569525][T15885] catc 4-1:0.0: probe with driver catc failed with error -5
[ 1192.253733][   T29] kauditd_printk_skb: 10 callbacks suppressed
[ 1192.253752][   T29] audit: type=1800 audit(1731720232.144:264): pid=17716 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.3231" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[ 1192.280120][T17702] usb 4-1: USB disconnect, device number 44
[ 1201.384016][   T29] audit: type=1800 audit(1731720241.884:265): pid=17777 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.3245" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[ 1204.377949][T17801] input: syz1 as /devices/virtual/input/input75
[ 1205.025539][T17806] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3250'.
[ 1205.234115][T17797] veth0_vlan: left promiscuous mode
[ 1205.240104][T17797] veth0_vlan: entered promiscuous mode
[ 1205.757401][T17809] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1207.555518][ T5838] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[ 1208.632473][ T5838] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1208.689030][ T5838] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1208.947127][ T5838] usb 6-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[ 1208.971331][ T5838] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1209.721223][ T5838] usb 6-1: config 0 descriptor??
[ 1210.006083][T15885] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[ 1210.063975][ T5838] usb 6-1: USB disconnect, device number 43
[ 1210.588917][T15885] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1210.603292][T15885] usb 2-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[ 1210.617106][T15885] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1210.646247][T15885] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1210.693393][T15885] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1210.711557][T15885] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1210.728144][T15885] usb 2-1: Product: syz
[ 1210.741460][T15885] usb 2-1: Manufacturer: syz
[ 1210.760010][T15885] cdc_wdm 2-1:1.0: skipping garbage
[ 1210.778818][T15885] cdc_wdm 2-1:1.0: skipping garbage
[ 1210.809361][T15885] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[ 1210.963803][ T5838] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[ 1211.683820][ T5838] usb 6-1: Using ep0 maxpacket: 16
[ 1211.691282][ T5838] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1211.702400][ T5838] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1211.752884][ T5838] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1211.954419][ T5838] usb 6-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.00
[ 1212.620596][ T5838] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1213.096860][ T5838] usb 6-1: config 0 descriptor??
[ 1213.257813][ T5838] usb 6-1: can't set config #0, error -71
[ 1213.274021][ T5838] usb 6-1: USB disconnect, device number 44
[ 1213.579512][ T5913] usb 2-1: USB disconnect, device number 37
[ 1214.901108][T17846] delete_channel: no stack
[ 1218.179664][T17890] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3276'.
[ 1224.479145][T17921] block device autoloading is deprecated and will be removed.
[ 1224.490276][T17921] syz.5.3285: attempt to access beyond end of device
[ 1224.490276][T17921] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1224.761606][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1224.773593][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1224.785247][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1225.279145][T17932] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3287'.
[ 1225.288224][T17932] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3287'.
[ 1225.306055][T17928] sd 0:0:1:0: device reset
[ 1225.327074][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1225.334925][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1225.345064][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1225.418468][T13451] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1225.429193][T13451] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1225.436906][T13451] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1225.453208][T13451] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1225.467619][T13451] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1225.476487][T13451] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1225.842762][T17922] lo speed is unknown, defaulting to 1000
[ 1226.866265][T17922] lo speed is unknown, defaulting to 1000
[ 1227.844429][T13451] Bluetooth: hci0: command tx timeout
[ 1229.907043][T13451] Bluetooth: hci0: command tx timeout
[ 1229.937285][T17922] chnl_net:caif_netlink_parms(): no params data found
[ 1230.557184][T17922] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1230.595025][T17922] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1230.602164][T17922] bridge_slave_0: entered allmulticast mode
[ 1230.649978][T17922] bridge_slave_0: entered promiscuous mode
[ 1230.666107][T17922] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1230.687194][T17922] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1230.726180][T17922] bridge_slave_1: entered allmulticast mode
[ 1230.753429][T17922] bridge_slave_1: entered promiscuous mode
[ 1231.600428][T17922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1231.611661][T17922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1231.698988][T17922] team0: Port device team_slave_0 added
[ 1231.739455][T17922] team0: Port device team_slave_1 added
[ 1232.483429][T13451] Bluetooth: hci0: command tx timeout
[ 1233.185494][T17922] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1233.192478][T17922] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1233.762445][T17922] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1233.781714][T17922] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1233.793812][T17922] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1233.826909][T17922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1233.911827][T17922] hsr_slave_0: entered promiscuous mode
[ 1233.930756][T17922] hsr_slave_1: entered promiscuous mode
[ 1234.963956][T13451] Bluetooth: hci0: command tx timeout
[ 1235.098375][   T54] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1235.147612][   T54] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1235.192095][T17922] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1235.199882][   T54] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1235.216528][T17922] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1235.228059][T17922] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1235.236974][T17922] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1236.023589][   T54] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1236.023972][   T29] audit: type=1326 audit(1731720276.664:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17997 comm="syz.5.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84f7e719 code=0x7ffc0000
[ 1236.052345][   T29] audit: type=1326 audit(1731720276.664:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17997 comm="syz.5.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fae84f7e719 code=0x7ffc0000
[ 1236.060003][T17922] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1236.074018][   T29] audit: type=1326 audit(1731720276.664:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17997 comm="syz.5.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84f7e719 code=0x7ffc0000
[ 1236.074057][   T29] audit: type=1326 audit(1731720276.664:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17997 comm="syz.5.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fae84f7e719 code=0x7ffc0000
[ 1236.091662][T17922] 8021q: adding VLAN 0 to HW filter on device team0
[ 1236.102420][   T29] audit: type=1326 audit(1731720276.664:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17997 comm="syz.5.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84f7e719 code=0x7ffc0000
[ 1236.102459][   T29] audit: type=1326 audit(1731720276.674:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17997 comm="syz.5.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fae84f7d0b0 code=0x7ffc0000
[ 1236.136944][   T54] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[ 1236.152411][   T29] audit: type=1326 audit(1731720276.674:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17997 comm="syz.5.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84f7e719 code=0x7ffc0000
[ 1236.175460][   T54] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1236.181059][   T29] audit: type=1326 audit(1731720276.674:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17997 comm="syz.5.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fae84f7e719 code=0x7ffc0000
[ 1236.231165][   T29] audit: type=1326 audit(1731720276.674:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17997 comm="syz.5.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84f7e719 code=0x7ffc0000
[ 1236.252947][   T29] audit: type=1326 audit(1731720276.674:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17997 comm="syz.5.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fae84f805ac code=0x7ffc0000
[ 1236.297100][T17996] lo speed is unknown, defaulting to 1000
[ 1236.368494][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1236.375613][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1236.422552][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1236.429724][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1236.487327][T17996] lo speed is unknown, defaulting to 1000
[ 1238.112084][T18028] 9pnet_fd: Insufficient options for proto=fd
[ 1238.679805][   T54] Bluetooth: hci6: command tx timeout
[ 1239.169220][T17922] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1239.259537][T17996] chnl_net:caif_netlink_parms(): no params data found
[ 1239.672035][T17996] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1239.680479][T17996] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1239.697566][T17996] bridge_slave_0: entered allmulticast mode
[ 1239.710859][T17996] bridge_slave_0: entered promiscuous mode
[ 1239.721790][T17996] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1239.767251][T17996] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1239.775144][T17996] bridge_slave_1: entered allmulticast mode
[ 1239.785474][T17996] bridge_slave_1: entered promiscuous mode
[ 1239.840286][T18047] input: syz0 as /devices/virtual/input/input76
[ 1239.917398][T17996] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1239.943377][T17996] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1240.016461][T17996] team0: Port device team_slave_0 added
[ 1240.058636][T17996] team0: Port device team_slave_1 added
[ 1240.102011][T17922] veth0_vlan: entered promiscuous mode
[ 1240.123646][T17996] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1240.143079][T17996] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1240.175585][T17996] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1240.195492][T17996] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1240.203347][T17996] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1240.236454][T17996] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1240.267045][T17922] veth1_vlan: entered promiscuous mode
[ 1240.356220][T17996] hsr_slave_0: entered promiscuous mode
[ 1240.381520][T17996] hsr_slave_1: entered promiscuous mode
[ 1240.406559][T17996] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1240.430948][T17996] Cannot create hsr debugfs directory
[ 1241.240079][   T54] Bluetooth: hci6: command tx timeout
[ 1241.291728][T17922] veth0_macvtap: entered promiscuous mode
[ 1241.356572][T17922] veth1_macvtap: entered promiscuous mode
[ 1241.551546][T17922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1241.563195][T17922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1241.574671][T17922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1242.395056][ T5832] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 1242.401157][ T5832] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[ 1242.423869][T17922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1242.434993][   T54] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1242.441971][T17922] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1242.486268][T17922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1242.497122][T17922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1242.513603][T17922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1242.533735][T17922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1242.568539][T17922] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1242.620605][T17922] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1242.656013][T17922] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1242.718666][T17922] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1242.738158][T17922] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1243.514966][   T54] Bluetooth: hci6: command tx timeout
[ 1243.816035][T17996] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1244.646020][ T5832] Bluetooth: hci6: Opcode 0x0c1a failed: -110
[ 1244.652142][ T5832] Bluetooth: hci6: Error when powering off device on rfkill (-110)
[ 1244.727138][T17996] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1244.766205][T17996] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1244.945376][ T5913] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[ 1244.968456][T17996] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1246.225861][   T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1246.266797][   T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1247.087915][T15132] Bluetooth: Error in BCSP hdr checksum
[ 1247.224372][T18098] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3317'.
[ 1247.234093][T18098] openvswitch: netlink: IP tunnel attribute has 3056 unknown bytes.
[ 1248.018359][   T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1248.038999][   T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1248.117141][T17996] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1248.202677][T17996] 8021q: adding VLAN 0 to HW filter on device team0
[ 1248.242833][T15132] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1248.249925][T15132] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1248.446480][T15132] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1248.453642][T15132] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1249.715470][T17136] Bluetooth: hci7: command 0x1003 tx timeout
[ 1249.776097][   T54] Bluetooth: hci7: Opcode 0x1003 failed: -110
[ 1253.089702][T17996] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1254.795590][T17996] veth0_vlan: entered promiscuous mode
[ 1255.030565][T17996] veth1_vlan: entered promiscuous mode
[ 1255.925900][T17996] veth0_macvtap: entered promiscuous mode
[ 1256.016829][T18172] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3332'.
[ 1256.804169][T17996] veth1_macvtap: entered promiscuous mode
[ 1257.118585][T17996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1257.133167][T17996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1257.212576][T18179] siw: device registration error -23
[ 1258.153840][T17996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1258.193720][T17996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1258.203559][T17996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1258.250149][T17996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1258.270397][T17996] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1258.280225][T17996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1258.291361][T17996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1258.312197][T17996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1258.322831][T17996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1258.332741][T17996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1258.343239][T17996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1258.354485][T17996] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1258.364530][T17996] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1258.373804][T17996] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1258.382561][T17996] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1258.391467][T17996] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1262.448249][ T2900] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1262.557726][T18204] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1263.000423][ T2900] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1263.417042][T15132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1263.509289][T15132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1265.495606][   T67] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1265.842672][   T29] kauditd_printk_skb: 10 callbacks suppressed
[ 1265.842746][   T29] audit: type=1400 audit(1731720307.104:286): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="#!" requested=w pid=18214 comm="syz.5.3343"
[ 1268.182855][T18233] binder: 18222:18233 ioctl c0306201 0 returned -14
[ 1268.294004][   T46] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[ 1268.352734][   T67] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1268.707079][   T46] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1268.722413][   T46] usb 6-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[ 1269.733879][   T46] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1270.178890][   T46] usb 6-1: config 0 descriptor??
[ 1270.195338][   T67] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1270.228566][T18243] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3347'.
[ 1270.373195][T18245] netlink: 'syz.1.3348': attribute type 10 has an invalid length.
[ 1270.418721][T18245] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1270.431453][T18245] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1270.760897][   T67] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1270.934857][   T46]  (null): keene_cmd_main failed (-110)
[ 1271.023207][   T46] video4linux radio48: keene_cmd_main failed (-32)
[ 1271.073493][   T46] radio-keene 6-1:0.0: V4L2 device registered as radio48
[ 1271.186875][T18246] bond0: entered promiscuous mode
[ 1271.192277][T18246] batadv0: entered promiscuous mode
[ 1271.270148][   T46] usb 6-1: USB disconnect, device number 46
[ 1273.552549][T18265] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1274.310657][   T67] bridge_slave_1: left allmulticast mode
[ 1274.316836][   T67] bridge_slave_1: left promiscuous mode
[ 1274.323390][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1274.505852][   T67] bridge_slave_0: left allmulticast mode
[ 1274.511553][   T67] bridge_slave_0: left promiscuous mode
[ 1274.522570][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1276.508824][T18291] openvswitch: netlink: EtherType 50a is less than min 600
[ 1276.520988][T18291] kAFS: unable to lookup cell 'onstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities
[ 1276.520988][T18291] vmx flags	'
[ 1280.900710][T17136] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1281.114024][T17136] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1281.124448][T17136] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1281.134921][T17136] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1281.144741][T17136] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1281.157730][T17136] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1281.219318][T18321] NILFS (nullb0): couldn't find nilfs on the device
[ 1282.244471][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1282.269647][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1282.948659][   T67] bond0 (unregistering): Released all slaves
[ 1283.246615][T18316] lo speed is unknown, defaulting to 1000
[ 1283.365269][T18316] lo speed is unknown, defaulting to 1000
[ 1283.424975][T17136] Bluetooth: hci3: command tx timeout
[ 1283.455731][T18332] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1285.545624][T17136] Bluetooth: hci3: command tx timeout
[ 1287.468067][   T29] audit: type=1326 audit(1731720328.794:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18352 comm="syz.5.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84f7e719 code=0x7ffc0000
[ 1287.537714][   T29] audit: type=1326 audit(1731720328.824:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18352 comm="syz.5.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84f7e719 code=0x7ffc0000
[ 1287.702733][T17136] Bluetooth: hci3: command tx timeout
[ 1287.710865][   T29] audit: type=1326 audit(1731720328.834:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18352 comm="syz.5.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fae84f7d0b0 code=0x7ffc0000
[ 1288.157770][T18316] chnl_net:caif_netlink_parms(): no params data found
[ 1288.214682][   T29] audit: type=1326 audit(1731720328.834:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18352 comm="syz.5.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fae84f7d0b0 code=0x7ffc0000
[ 1288.246638][   T29] audit: type=1326 audit(1731720328.834:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18352 comm="syz.5.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84f7e719 code=0x7ffc0000
[ 1288.658085][   T29] audit: type=1326 audit(1731720328.844:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18352 comm="syz.5.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84f7e719 code=0x7ffc0000
[ 1289.652480][T18374] NILFS (nullb0): couldn't find nilfs on the device
[ 1289.690645][   T29] audit: type=1326 audit(1731720328.844:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18352 comm="syz.5.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fae84f7e719 code=0x7ffc0000
[ 1289.712998][   T29] audit: type=1326 audit(1731720328.844:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18352 comm="syz.5.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84f7e719 code=0x7ffc0000
[ 1289.736145][   T29] audit: type=1326 audit(1731720328.844:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18352 comm="syz.5.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84f7e719 code=0x7ffc0000
[ 1289.758584][T17136] Bluetooth: hci3: command tx timeout
[ 1289.764229][   T29] audit: type=1326 audit(1731720328.854:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18352 comm="syz.5.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fae84f7e719 code=0x7ffc0000
[ 1292.026086][T18396] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3377'.
[ 1292.145357][T18316] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1292.229246][T18316] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1292.251305][T18316] bridge_slave_0: entered allmulticast mode
[ 1292.259960][T18316] bridge_slave_0: entered promiscuous mode
[ 1292.393229][   T67] hsr_slave_0: left promiscuous mode
[ 1292.430650][   T67] hsr_slave_1: left promiscuous mode
[ 1292.458951][T18405] usb usb9: usbfs: process 18405 (syz.2.3381) did not claim interface 0 before use
[ 1292.684218][   T67] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1292.693061][   T67] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1292.701774][   T67] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1292.710703][   T67] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1293.719217][   T67] veth1_macvtap: left promiscuous mode
[ 1293.739380][   T67] veth0_macvtap: left promiscuous mode
[ 1293.754594][   T67] veth1_vlan: left promiscuous mode
[ 1293.770647][   T67] veth0_vlan: left promiscuous mode
[ 1294.722707][   T67] team0 (unregistering): Port device team_slave_1 removed
[ 1294.848212][   T67] team0 (unregistering): Port device team_slave_0 removed
[ 1296.972654][T18399] netlink: 'syz.8.3378': attribute type 10 has an invalid length.
[ 1297.007603][T18399] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1297.019305][T18399] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1297.029872][T18316] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1297.049368][T18316] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1297.058440][T18316] bridge_slave_1: entered allmulticast mode
[ 1297.066711][T18316] bridge_slave_1: entered promiscuous mode
[ 1297.109330][T18394] bond0: entered promiscuous mode
[ 1297.124750][T18394] bond_slave_0: entered promiscuous mode
[ 1297.132371][T18394] bond_slave_1: entered promiscuous mode
[ 1297.139166][T18394] batadv0: entered promiscuous mode
[ 1297.587525][T18316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1298.562306][T18316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1300.554892][T18316] team0: Port device team_slave_0 added
[ 1300.563383][T18316] team0: Port device team_slave_1 added
[ 1302.291458][T18444] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3388'.
[ 1302.522773][T18447] 
: renamed from bond0
[ 1303.413935][T18316] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1303.463418][T18316] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1304.400789][T18464] siw: device registration error -23
[ 1304.419686][T18316] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1304.433760][T18316] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1304.442084][T18316] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1305.674744][T18316] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1306.394022][T18474] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3394'.
[ 1306.405796][T18474] netlink: 40 bytes leftover after parsing attributes in process `syz.8.3394'.
[ 1307.256675][T18316] hsr_slave_0: entered promiscuous mode
[ 1307.654392][T18316] hsr_slave_1: entered promiscuous mode
[ 1308.250310][T18316] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1308.543567][T18316] Cannot create hsr debugfs directory
[ 1308.603200][T18490] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3399'.
[ 1308.612915][T18490] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3399'.
[ 1309.568242][T18499] Cannot find add_set index 0 as target
[ 1310.508462][T18500] ALSA: seq fatal error: cannot create timer (-22)
[ 1312.247794][   T67] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1313.459162][   T67] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1314.469187][   T67] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1314.764009][ T5832] usb 2-1: new full-speed USB device number 38 using dummy_hcd
[ 1314.893025][   T67] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1314.967909][ T5832] usb 2-1: New USB device found, idVendor=045e, idProduct=00f4, bcdDevice=d5.51
[ 1315.013870][ T5832] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1315.043824][T18548] delete_channel: no stack
[ 1315.045120][ T5832] usb 2-1: config 0 descriptor??
[ 1315.080294][ T5832] gspca_main: gspca_sn9c20x-2.14.0 probing 045e:00f4
[ 1316.464763][ T5832] gspca_sn9c20x: Write register 1001 failed -71
[ 1316.474039][ T5832] gspca_sn9c20x: Device initialization failed
[ 1316.480607][ T5832] gspca_sn9c20x 2-1:0.0: probe with driver gspca_sn9c20x failed with error -71
[ 1317.081912][   T67] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1317.129717][ T5832] usb 2-1: USB disconnect, device number 38
[ 1318.846416][   T67] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1321.729046][T18581] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[ 1322.827417][   T29] kauditd_printk_skb: 19 callbacks suppressed
[ 1322.827454][   T29] audit: type=1400 audit(1731720363.504:316): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="#!" requested=w pid=18584 comm="syz.2.3420"
[ 1323.477977][   T67] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1324.438072][   T29] audit: type=1326 audit(1731720364.974:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18596 comm="syz.2.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1325.075542][   T29] audit: type=1326 audit(1731720364.974:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18596 comm="syz.2.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1325.098933][   T29] audit: type=1326 audit(1731720364.974:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18596 comm="syz.2.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1325.122461][   T29] audit: type=1326 audit(1731720364.974:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18596 comm="syz.2.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1325.147065][   T29] audit: type=1326 audit(1731720364.974:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18596 comm="syz.2.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1325.170773][   T29] audit: type=1326 audit(1731720364.974:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18596 comm="syz.2.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1325.195455][   T29] audit: type=1326 audit(1731720364.974:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18596 comm="syz.2.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1325.219733][   T29] audit: type=1326 audit(1731720364.974:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18596 comm="syz.2.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1325.244090][   T29] audit: type=1326 audit(1731720364.974:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18596 comm="syz.2.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6b3597d0b0 code=0x7ffc0000
[ 1325.321965][T18605] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3431'.
[ 1325.333783][T18605] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3431'.
[ 1326.047273][T18623] netlink: 'syz.2.3425': attribute type 1 has an invalid length.
[ 1326.059025][T18623] netlink: 'syz.2.3425': attribute type 2 has an invalid length.
[ 1326.998746][   T67] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1330.550040][   T67] bridge_slave_1: left allmulticast mode
[ 1330.559495][   T67] bridge_slave_1: left promiscuous mode
[ 1330.779783][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1331.524445][   T67] bridge_slave_0: left allmulticast mode
[ 1331.530203][   T67] bridge_slave_0: left promiscuous mode
[ 1331.536533][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1332.618982][   T29] kauditd_printk_skb: 18 callbacks suppressed
[ 1332.619006][   T29] audit: type=1326 audit(1731720373.954:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18653 comm="syz.2.3435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1332.649026][   T29] audit: type=1326 audit(1731720373.954:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18653 comm="syz.2.3435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1332.672978][   T29] audit: type=1326 audit(1731720373.954:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18653 comm="syz.2.3435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1332.695589][   T29] audit: type=1326 audit(1731720373.954:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18653 comm="syz.2.3435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1332.717963][   T29] audit: type=1326 audit(1731720373.954:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18653 comm="syz.2.3435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1332.740237][   T29] audit: type=1326 audit(1731720373.984:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18653 comm="syz.2.3435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1332.762685][   T29] audit: type=1326 audit(1731720373.984:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18653 comm="syz.2.3435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1332.800936][   T29] audit: type=1326 audit(1731720373.984:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18653 comm="syz.2.3435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1332.851872][   T29] audit: type=1326 audit(1731720373.984:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18653 comm="syz.2.3435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6b3597d0b0 code=0x7ffc0000
[ 1332.876509][   T29] audit: type=1326 audit(1731720373.984:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18653 comm="syz.2.3435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b3597e719 code=0x7ffc0000
[ 1335.318490][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1335.331702][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1335.346300][   T67] bond0 (unregistering): Released all slaves
[ 1335.686910][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1335.700413][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1335.715867][   T67] bond0 (unregistering): (slave bond1): Releasing backup interface
[ 1335.728317][   T67] bond0 (unregistering): Released all slaves
[ 1336.055257][   T67] bond1 (unregistering): Released all slaves
[ 1336.134190][T18671] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3437'.
[ 1336.357912][T18316] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1336.743310][T18682] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[ 1337.397265][T18316] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1338.677720][T18316] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1339.998306][T18694] netlink: 200 bytes leftover after parsing attributes in process `syz.1.3442'.
[ 1340.835531][T18316] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1344.013972][   T67] tipc: Disabling bearer <udp:syz0>
[ 1344.025642][   T67] tipc: Disabling bearer <udp:s>
[ 1344.086703][   T67] tipc: Disabling bearer <udp:syz2>
[ 1344.410010][   T67] tipc: Left network mode
[ 1344.412210][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1344.424618][T18702] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3444'.
[ 1345.445040][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1345.824612][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1345.840532][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1345.851040][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1345.859936][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1346.263788][T18080] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[ 1346.382133][T18709] lo speed is unknown, defaulting to 1000
[ 1347.282019][T18080] usb 9-1: device descriptor read/64, error -71
[ 1347.382248][T18709] lo speed is unknown, defaulting to 1000
[ 1348.860410][T17136] Bluetooth: hci0: command tx timeout
[ 1352.637845][   T54] Bluetooth: hci0: command tx timeout
[ 1354.905133][T18766] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3457'.
[ 1354.914944][T18766] openvswitch: netlink: IP tunnel attribute has 3056 unknown bytes.
[ 1355.236864][   T54] Bluetooth: hci0: command tx timeout
[ 1357.271707][   T54] Bluetooth: hci0: command tx timeout
[ 1359.424630][T18784] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[ 1361.649925][T18811] qrtr: Invalid version 48
[ 1362.072970][   T29] kauditd_printk_skb: 16 callbacks suppressed
[ 1362.072996][   T29] audit: type=1326 audit(1731720403.404:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18815 comm="syz.5.3467" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fae84f7e719 code=0x0
[ 1363.493042][T18822] loop7: detected capacity change from 0 to 7
[ 1363.649061][T18822] Dev loop7: unable to read RDB block 7
[ 1363.741007][T18831] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3470'.
[ 1363.912610][T18822]  loop7: unable to read partition table
[ 1363.933050][T18822] loop7: partition table beyond EOD, truncated
[ 1363.939010][T18811] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3466'.
[ 1363.950071][T18822] loop_reread_partitions: partition scan of loop7 (�被x������ڬ��dƤ����ݡ�����
[ 1363.950071][T18822] 
) failed (rc=-5)
[ 1364.032779][T18833] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3469'.
[ 1364.734944][T18709] chnl_net:caif_netlink_parms(): no params data found
[ 1365.077514][T18831] ��: entered promiscuous mode
[ 1369.605769][T18869] serio: Serial port ptm0
[ 1369.684188][   T29] audit: type=1800 audit(1731720410.954:371): pid=18875 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.3475" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[ 1370.880450][T18709] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1370.889794][T18709] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1370.985304][T18709] bridge_slave_0: entered allmulticast mode
[ 1371.026754][T18709] bridge_slave_0: entered promiscuous mode
[ 1371.051832][T18709] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1371.104070][T18709] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1371.121849][T18709] bridge_slave_1: entered allmulticast mode
[ 1371.156560][T18709] bridge_slave_1: entered promiscuous mode
[ 1373.035067][T18892] input: syz1 as /devices/virtual/input/input78
[ 1377.086683][T18709] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1377.099247][T18709] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1377.671085][   T67] hsr_slave_0: left promiscuous mode
[ 1378.093950][   T67] hsr_slave_1: left promiscuous mode
[ 1378.116535][   T67] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1378.153830][   T67] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1378.174401][   T67] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1378.213221][   T67] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1378.381453][   T67] hsr_slave_0: left promiscuous mode
[ 1378.528547][T18927] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1382.123875][   T67] hsr_slave_1: left promiscuous mode
[ 1382.135003][   T67] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1382.179827][   T67] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1382.211542][   T67] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1382.251025][   T67] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1383.276825][   T67] veth1_macvtap: left promiscuous mode
[ 1383.282734][   T67] veth0_macvtap: left promiscuous mode
[ 1383.327106][   T67] veth1_vlan: left promiscuous mode
[ 1383.381572][   T67] veth0_vlan: left promiscuous mode
[ 1383.506956][   T67] veth1_vlan: left promiscuous mode
[ 1383.512324][   T67] veth0_vlan: left promiscuous mode
[ 1390.921355][   T67] team0 (unregistering): Port device team_slave_1 removed
[ 1391.923255][   T67] team0 (unregistering): Port device team_slave_0 removed
[ 1394.771126][   T67] team0 (unregistering): Port device team_slave_1 removed
[ 1394.863920][   T67] team0 (unregistering): Port device team_slave_0 removed
[ 1395.826490][T18709] team0: Port device team_slave_0 added
[ 1395.856782][T18709] team0: Port device team_slave_1 added
[ 1396.322189][T17136] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1396.969875][T17136] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1396.988057][T17136] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1396.999283][T17136] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1397.008141][T17136] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1397.017413][T17136] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1397.363240][T19014] 9pnet_fd: Insufficient options for proto=fd
[ 1398.234398][T18709] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1398.242579][T18709] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1398.334288][T18709] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1398.358377][T18709] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1398.383801][T18709] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1398.470036][T18709] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1398.492300][T19003] lo speed is unknown, defaulting to 1000
[ 1398.793235][T19019] hub 6-0:1.0: USB hub found
[ 1398.804085][T19019] hub 6-0:1.0: 1 port detected
[ 1398.861330][T19019] Invalid ELF header magic: != ELF
[ 1399.614652][   T54] Bluetooth: hci3: command tx timeout
[ 1401.524593][T19034] netlink: 'syz.2.3506': attribute type 3 has an invalid length.
[ 1401.535297][T19034] netlink: 'syz.2.3506': attribute type 1 has an invalid length.
[ 1401.547582][T19034] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.3506'.
[ 1401.773154][T18131] kernel read not supported for file /newroot/667 (pid: 18131 comm: kworker/1:4)
[ 1402.303110][   T54] Bluetooth: hci3: command tx timeout
[ 1402.315032][T19003] lo speed is unknown, defaulting to 1000
[ 1403.912352][T19043] Bluetooth: MGMT ver 1.23
[ 1404.629444][T17136] Bluetooth: hci3: command tx timeout
[ 1404.812943][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1404.837078][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1404.850041][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1404.868275][T18709] hsr_slave_0: entered promiscuous mode
[ 1405.195316][T19056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1405.514752][T19052] 9pnet_fd: Insufficient options for proto=fd
[ 1405.526430][T18709] hsr_slave_1: entered promiscuous mode
[ 1405.544818][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1405.581023][T19054] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1405.625196][   T54] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1405.689196][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1405.912215][T19046] lo speed is unknown, defaulting to 1000
[ 1406.894025][   T54] Bluetooth: hci3: command tx timeout
[ 1407.823923][   T54] Bluetooth: hci2: command tx timeout
[ 1408.718985][T19046] lo speed is unknown, defaulting to 1000
[ 1409.707028][ T3068] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[ 1410.593805][   T54] Bluetooth: hci2: command tx timeout
[ 1410.695202][T19003] chnl_net:caif_netlink_parms(): no params data found
[ 1410.783876][ T3068] usb 3-1: Using ep0 maxpacket: 32
[ 1410.860672][ T3068] usb 3-1: device descriptor read/all, error -71
[ 1410.872239][   T29] audit: type=1800 audit(1731720452.194:372): pid=19089 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.3517" name="SYSV00000000" dev="hugetlbfs" ino=4 res=0 errno=0
[ 1410.892951][   T67] IPVS: stop unused estimator thread 0...
[ 1412.781090][   T54] Bluetooth: hci2: command tx timeout
[ 1413.243806][ T5832] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[ 1414.279970][ T5832] usb 6-1: device not accepting address 47, error -71
[ 1414.349191][T19046] chnl_net:caif_netlink_parms(): no params data found
[ 1415.071406][   T54] Bluetooth: hci2: command tx timeout
[ 1415.168832][T19003] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1415.178987][T19003] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1415.186948][T19003] bridge_slave_0: entered allmulticast mode
[ 1415.207156][T19119] ubi0: attaching mtd0
[ 1415.208742][T19119] ubi0: scanning is finished
[ 1415.237787][T19003] bridge_slave_0: entered promiscuous mode
[ 1415.431094][T19123] befs: (nullb0): No write support. Marking filesystem read-only
[ 1415.442290][T19123] befs: (nullb0): invalid magic header
[ 1415.619682][T19003] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1415.627125][T19003] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1415.634563][T19003] bridge_slave_1: entered allmulticast mode
[ 1415.641805][T19003] bridge_slave_1: entered promiscuous mode
[ 1416.681873][T19119] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4
[ 1418.385662][T19136] netlink: 'syz.2.3524': attribute type 7 has an invalid length.
[ 1419.059103][   T67] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1419.175801][T19136] ��: entered promiscuous mode
[ 1419.286713][   T67] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1420.333092][   T67] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1420.487191][T19003] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1420.519144][T19003] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1420.699853][   T67] netdevsim netdevsim1 netdevsim0 (unregistering): left allmulticast mode
[ 1420.704142][ T5832] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[ 1420.911544][ T5832] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.02
[ 1420.938628][ T5832] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1420.963165][   T67] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1420.998892][ T5832] usb 6-1: Product: syz
[ 1421.003154][ T5832] usb 6-1: Manufacturer: syz
[ 1421.013185][ T5832] usb 6-1: SerialNumber: syz
[ 1421.023190][ T5832] usb 6-1: config 0 descriptor??
[ 1421.932900][ T5832] hso 6-1:0.0: Failed to find BULK IN ep
[ 1421.947727][T19168] input: syz0 as /devices/virtual/input/input79
[ 1422.225542][T19180] netlink: 'syz.8.3530': attribute type 1 has an invalid length.
[ 1422.234370][T19180] netlink: 157116 bytes leftover after parsing attributes in process `syz.8.3530'.
[ 1422.244016][T19180] nbd: couldn't find device at index 16
[ 1422.299546][T19003] team0: Port device team_slave_0 added
[ 1422.333733][T19003] team0: Port device team_slave_1 added
[ 1422.392201][T19046] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1422.500157][T19046] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1422.516270][T19046] bridge_slave_0: entered allmulticast mode
[ 1422.534901][T19046] bridge_slave_0: entered promiscuous mode
[ 1423.959767][ T9927] usb 6-1: USB disconnect, device number 49
[ 1424.306975][   T54] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1424.313861][T18131] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[ 1424.336612][T18131] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[ 1424.355273][T19046] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1424.370519][T19046] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1424.574365][T19046] bridge_slave_1: entered allmulticast mode
[ 1424.585620][T19046] bridge_slave_1: entered promiscuous mode
[ 1424.612332][T19003] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1424.621620][T19003] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1425.306994][T19003] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1425.709499][T19003] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1425.733215][T19003] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1425.782850][T19003] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1425.916011][T19046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1425.946035][T19046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1426.081792][T19046] team0: Port device team_slave_0 added
[ 1426.171185][T19046] team0: Port device team_slave_1 added
[ 1426.193546][T19003] hsr_slave_0: entered promiscuous mode
[ 1426.204738][T19003] hsr_slave_1: entered promiscuous mode
[ 1426.369864][T19003] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1426.391991][T19003] Cannot create hsr debugfs directory
[ 1426.464292][   T54] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1426.467170][T18131] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[ 1426.481364][T18131] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[ 1426.551348][T19046] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1426.559190][T19046] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1426.590451][T19046] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1426.619995][T19046] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1426.628552][T19046] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1426.658182][T19046] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1426.814846][T19046] hsr_slave_0: entered promiscuous mode
[ 1426.834887][T19046] hsr_slave_1: entered promiscuous mode
[ 1426.904211][T19046] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1426.912997][T19046] Cannot create hsr debugfs directory
[ 1427.099238][   T67] bridge_slave_1: left allmulticast mode
[ 1427.105797][   T67] bridge_slave_1: left promiscuous mode
[ 1427.113962][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1427.241183][   T67] bridge_slave_0: left allmulticast mode
[ 1427.248027][   T29] audit: type=1400 audit(1731720468.524:373): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="#!" requested=w pid=19201 comm="syz.8.3534"
[ 1427.311823][   T67] bridge_slave_0: left promiscuous mode
[ 1427.359805][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1427.548314][   T67] bridge_slave_1: left allmulticast mode
[ 1427.583335][   T67] bridge_slave_1: left promiscuous mode
[ 1427.651030][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1427.728353][   T67] bridge_slave_0: left allmulticast mode
[ 1427.754736][   T67] bridge_slave_0: left promiscuous mode
[ 1427.760698][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1429.380884][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1429.393859][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1429.411933][   T67] bond0 (unregistering): Released all slaves
[ 1429.713009][   T67] bond0 (unregistering): (slave batadv0): Releasing backup interface
[ 1429.725022][   T67] batadv0: left promiscuous mode
[ 1429.738322][   T67] bond0 (unregistering): Released all slaves
[ 1429.751348][   T67] bond1 (unregistering): Released all slaves
[ 1429.768539][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1429.780455][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1429.804834][   T67] bond0 (unregistering): Released all slaves
[ 1430.060324][   T67] tipc: Left network mode
[ 1574.154292][   T30] INFO: task kworker/u8:4:67 blocked for more than 143 seconds.
[ 1574.162127][   T30]       Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0
[ 1574.170244][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1574.179395][   T30] task:kworker/u8:4    state:D stack:18736 pid:67    tgid:67    ppid:2      flags:0x00004000
[ 1574.189826][   T30] Workqueue: netns cleanup_net
[ 1574.195086][   T30] Call Trace:
[ 1574.198412][   T30]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1574.201402][   T30]  __schedule+0x17fa/0x4bd0
[ 1574.206106][   T30]  ? __pfx___schedule+0x10/0x10
[ 1574.211583][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1574.217563][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[ 1574.223133][   T30]  ? kthread_data+0x52/0xd0
[ 1574.229507][   T30]  ? schedule+0x90/0x320
[ 1574.234573][   T30]  ? wq_worker_sleeping+0x66/0x240
[ 1574.239813][   T30]  ? schedule+0x90/0x320
[ 1574.245826][   T30]  schedule+0x14b/0x320
[ 1574.250115][   T30]  schedule_preempt_disabled+0x13/0x30
[ 1574.256463][   T30]  __mutex_lock+0x6a7/0xd70
[ 1574.261065][   T30]  ? kobject_put+0x446/0x480
[ 1574.302135][   T30]  ? __mutex_lock+0x52a/0xd70
[ 1574.334614][   T30]  ? rfkill_unregister+0xd0/0x230
[ 1574.339774][   T30]  ? __pfx___mutex_lock+0x10/0x10
[ 1574.345173][   T30]  ? __pfx_device_del+0x10/0x10
[ 1574.351160][   T30]  rfkill_unregister+0xd0/0x230
[ 1574.356219][   T30]  wiphy_unregister+0x22a/0xb00
[ 1574.361153][   T30]  ? __pfx_skb_queue_purge_reason+0x10/0x10
[ 1574.367443][   T30]  ? __pfx_wiphy_unregister+0x10/0x10
[ 1574.372906][   T30]  ? ieee80211_unregister_hw+0x144/0x2c0
[ 1574.378922][   T30]  ? ieee80211_unregister_hw+0x144/0x2c0
[ 1574.384882][   T30]  ieee80211_unregister_hw+0x1e2/0x2c0
[ 1574.390398][   T30]  mac80211_hwsim_del_radio+0x2c4/0x4c0
[ 1574.396128][   T30]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 1574.402267][   T30]  hwsim_exit_net+0x5c1/0x670
[ 1574.407472][   T30]  ? __pfx_hwsim_exit_net+0x10/0x10
[ 1574.412850][   T30]  ? __ip_vs_dev_cleanup_batch+0x239/0x260
[ 1574.419033][   T30]  cleanup_net+0x802/0xcc0
[ 1574.423700][   T30]  ? __pfx_cleanup_net+0x10/0x10
[ 1574.428722][   T30]  ? process_scheduled_works+0x976/0x1850
[ 1574.434954][   T30]  process_scheduled_works+0xa63/0x1850
[ 1574.440777][   T30]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1574.447106][   T30]  ? assign_work+0x364/0x3d0
[ 1574.451791][   T30]  worker_thread+0x870/0xd30
[ 1574.456752][   T30]  ? __kthread_parkme+0x169/0x1d0
[ 1574.461864][   T30]  ? __pfx_worker_thread+0x10/0x10
[ 1574.467098][   T30]  kthread+0x2f0/0x390
[ 1574.471301][   T30]  ? __pfx_worker_thread+0x10/0x10
[ 1574.476664][   T30]  ? __pfx_kthread+0x10/0x10
[ 1574.481578][   T30]  ret_from_fork+0x4b/0x80
[ 1574.486192][   T30]  ? __pfx_kthread+0x10/0x10
[ 1574.490846][   T30]  ret_from_fork_asm+0x1a/0x30
[ 1574.496037][   T30]  </TASK>
[ 1574.499387][   T30] INFO: task kworker/1:2:3068 blocked for more than 143 seconds.
[ 1574.507813][   T30]       Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0
[ 1574.515715][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1574.525080][   T30] task:kworker/1:2     state:D stack:19544 pid:3068  tgid:3068  ppid:2      flags:0x00004000
[ 1574.535539][   T30] Workqueue: events rfkill_global_led_trigger_worker
[ 1574.543182][   T30] Call Trace:
[ 1574.547539][   T30]  <TASK>
[ 1574.551225][   T30]  __schedule+0x17fa/0x4bd0
[ 1574.557332][   T30]  ? do_raw_spin_lock+0x14f/0x370
[ 1574.562473][   T30]  ? schedule+0x90/0x320
[ 1574.567126][   T30]  ? __pfx___schedule+0x10/0x10
[ 1574.572049][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1574.578420][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1574.583642][   T30]  ? kick_pool+0x1bd/0x620
[ 1574.588147][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1574.593404][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[ 1574.598800][   T30]  ? schedule+0x90/0x320
[ 1574.603101][   T30]  schedule+0x14b/0x320
[ 1574.607729][   T30]  schedule_preempt_disabled+0x13/0x30
[ 1574.613684][   T30]  __mutex_lock+0x6a7/0xd70
[ 1574.618268][   T30]  ? __mutex_lock+0x52a/0xd70
[ 1574.623108][   T30]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[ 1574.629949][   T30]  ? __pfx___mutex_lock+0x10/0x10
[ 1574.635277][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1574.641458][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1574.648002][   T30]  ? process_scheduled_works+0x976/0x1850
[ 1574.654342][   T30]  rfkill_global_led_trigger_worker+0x27/0xd0
[ 1574.660487][   T30]  process_scheduled_works+0xa63/0x1850
[ 1574.666523][   T30]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1574.672709][   T30]  ? assign_work+0x364/0x3d0
[ 1574.677577][   T30]  worker_thread+0x870/0xd30
[ 1574.682292][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1574.688368][   T30]  ? __kthread_parkme+0x169/0x1d0
[ 1574.693650][   T30]  ? __pfx_worker_thread+0x10/0x10
[ 1574.699094][   T30]  kthread+0x2f0/0x390
[ 1574.703250][   T30]  ? __pfx_worker_thread+0x10/0x10
[ 1574.708815][   T30]  ? __pfx_kthread+0x10/0x10
[ 1574.713456][   T30]  ret_from_fork+0x4b/0x80
[ 1574.718039][   T30]  ? __pfx_kthread+0x10/0x10
[ 1574.722856][   T30]  ret_from_fork_asm+0x1a/0x30
[ 1574.727797][   T30]  </TASK>
[ 1574.730943][   T30] INFO: task kworker/1:4:18131 blocked for more than 143 seconds.
[ 1574.739264][   T30]       Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0
[ 1574.748401][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1574.757291][   T30] task:kworker/1:4     state:D stack:23160 pid:18131 tgid:18131 ppid:2      flags:0x00004000
[ 1574.768373][   T30] Workqueue: events rfkill_op_handler
[ 1574.774198][   T30] Call Trace:
[ 1574.777535][   T30]  <TASK>
[ 1574.780782][   T30]  __schedule+0x17fa/0x4bd0
[ 1574.786514][   T30]  ? __pfx___schedule+0x10/0x10
[ 1574.792320][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1574.798144][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[ 1574.804346][   T30]  ? kthread_data+0x52/0xd0
[ 1574.809046][   T30]  ? schedule+0x90/0x320
[ 1574.813373][   T30]  ? wq_worker_sleeping+0x66/0x240
[ 1574.818795][   T30]  ? schedule+0x90/0x320
[ 1574.823204][   T30]  schedule+0x14b/0x320
[ 1574.828244][   T30]  schedule_preempt_disabled+0x13/0x30
[ 1574.833923][   T30]  __mutex_lock+0x6a7/0xd70
[ 1574.838664][   T30]  ? __mutex_lock+0x52a/0xd70
[ 1574.843367][   T30]  ? nfc_rfkill_set_block+0x50/0x310
[ 1574.849276][   T30]  ? __pfx___mutex_lock+0x10/0x10
[ 1574.854675][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[ 1574.860468][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1574.867352][   T30]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1574.873976][   T30]  ? kobject_uevent_env+0x54d/0x8e0
[ 1574.879262][   T30]  nfc_rfkill_set_block+0x50/0x310
[ 1574.884840][   T30]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[ 1574.890624][   T30]  rfkill_set_block+0x1f1/0x440
[ 1574.896084][   T30]  ? process_scheduled_works+0x976/0x1850
[ 1574.902237][   T30]  rfkill_epo+0x84/0x180
[ 1574.907019][   T30]  rfkill_op_handler+0x121/0x280
[ 1574.912219][   T30]  process_scheduled_works+0xa63/0x1850
[ 1574.918011][   T30]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1574.924537][   T30]  ? assign_work+0x364/0x3d0
[ 1574.929230][   T30]  worker_thread+0x870/0xd30
[ 1574.934162][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1574.940146][   T30]  ? __kthread_parkme+0x169/0x1d0
[ 1574.945783][   T30]  ? __pfx_worker_thread+0x10/0x10
[ 1574.951024][   T30]  kthread+0x2f0/0x390
[ 1574.955309][   T30]  ? __pfx_worker_thread+0x10/0x10
[ 1574.960540][   T30]  ? __pfx_kthread+0x10/0x10
[ 1574.965814][   T30]  ret_from_fork+0x4b/0x80
[ 1574.970397][   T30]  ? __pfx_kthread+0x10/0x10
[ 1574.975235][   T30]  ret_from_fork_asm+0x1a/0x30
[ 1574.980365][   T30]  </TASK>
[ 1574.983461][   T30] INFO: task syz-executor:19003 blocked for more than 144 seconds.
[ 1574.991903][   T30]       Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0
[ 1574.999828][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1575.009575][   T30] task:syz-executor    state:D stack:21656 pid:19003 tgid:19003 ppid:1      flags:0x00000004
[ 1575.020593][   T30] Call Trace:
[ 1575.024319][   T30]  <TASK>
[ 1575.027323][   T30]  __schedule+0x17fa/0x4bd0
[ 1575.031910][   T30]  ? __pfx___schedule+0x10/0x10
[ 1575.037196][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1575.042590][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[ 1575.048497][   T30]  ? schedule+0x90/0x320
[ 1575.053040][   T30]  schedule+0x14b/0x320
[ 1575.058567][   T30]  schedule_preempt_disabled+0x13/0x30
[ 1575.064742][   T30]  __mutex_lock+0x6a7/0xd70
[ 1575.069354][   T30]  ? __mutex_lock+0x52a/0xd70
[ 1575.074454][   T30]  ? genl_rcv_msg+0x121/0xec0
[ 1575.079302][   T30]  ? __pfx___mutex_lock+0x10/0x10
[ 1575.085110][   T30]  ? __pfx_validate_chain+0x10/0x10
[ 1575.090550][   T30]  ? __pfx_validate_chain+0x10/0x10
[ 1575.096054][   T30]  ? radix_tree_lookup+0x238/0x290
[ 1575.101322][   T30]  genl_rcv_msg+0x121/0xec0
[ 1575.106380][   T30]  ? mark_lock+0x9a/0x360
[ 1575.110779][   T30]  ? __lock_acquire+0x1384/0x2050
[ 1575.116215][   T30]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1575.121355][   T30]  ? __pfx_lock_acquire+0x10/0x10
[ 1575.127383][   T30]  ? __pfx___might_resched+0x10/0x10
[ 1575.132746][   T30]  netlink_rcv_skb+0x1e3/0x430
[ 1575.137824][   T30]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1575.143103][   T30]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1575.149111][   T30]  genl_rcv+0x28/0x40
[ 1575.153252][   T30]  netlink_unicast+0x7f6/0x990
[ 1575.158479][   T30]  ? __pfx_netlink_unicast+0x10/0x10
[ 1575.164388][   T30]  ? __virt_addr_valid+0x183/0x530
[ 1575.169728][   T30]  ? __check_object_size+0x48e/0x900
[ 1575.175397][   T30]  netlink_sendmsg+0x8e4/0xcb0
[ 1575.180353][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1575.186079][   T30]  ? __might_fault+0xaa/0x120
[ 1575.190839][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1575.196630][   T30]  __sock_sendmsg+0x221/0x270
[ 1575.201461][   T30]  __sys_sendto+0x39b/0x4f0
[ 1575.206456][   T30]  ? __pfx___sys_sendto+0x10/0x10
[ 1575.211686][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1575.217942][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1575.224892][   T30]  __x64_sys_sendto+0xde/0x100
[ 1575.229867][   T30]  do_syscall_64+0xf3/0x230
[ 1575.234752][   T30]  ? clear_bhb_loop+0x35/0x90
[ 1575.239508][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1575.246076][   T30] RIP: 0033:0x7f11331805ac
[ 1575.250726][   T30] RSP: 002b:00007ffea8a9d6b0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1575.259534][   T30] RAX: ffffffffffffffda RBX: 00007f1133e64620 RCX: 00007f11331805ac
[ 1575.268655][   T30] RDX: 0000000000000020 RSI: 00007f1133e64670 RDI: 0000000000000005
[ 1575.277027][   T30] RBP: 0000000000000000 R08: 00007ffea8a9d704 R09: 000000000000000c
[ 1575.286202][   T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005
[ 1575.294486][   T30] R13: 00007ffea8a9d758 R14: 00007f1133e64670 R15: 0000000000000000
[ 1575.302550][   T30]  </TASK>
[ 1575.309178][   T30] INFO: task syz-executor:19046 blocked for more than 144 seconds.
[ 1575.318267][   T30]       Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0
[ 1575.327635][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1575.337337][   T30] task:syz-executor    state:D stack:21728 pid:19046 tgid:19046 ppid:1      flags:0x00000004
[ 1575.349029][   T30] Call Trace:
[ 1575.353090][   T30]  <TASK>
[ 1575.357015][   T30]  __schedule+0x17fa/0x4bd0
[ 1575.361650][   T30]  ? __pfx___schedule+0x10/0x10
[ 1575.367375][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1575.372776][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[ 1575.378534][   T30]  ? schedule+0x90/0x320
[ 1575.382843][   T30]  schedule+0x14b/0x320
[ 1575.387648][   T30]  schedule_preempt_disabled+0x13/0x30
[ 1575.393195][   T30]  __mutex_lock+0x6a7/0xd70
[ 1575.397926][   T30]  ? __mutex_lock+0x52a/0xd70
[ 1575.402687][   T30]  ? genl_rcv_msg+0x121/0xec0
[ 1575.408433][   T30]  ? __pfx___mutex_lock+0x10/0x10
[ 1575.415032][   T30]  ? __pfx_validate_chain+0x10/0x10
[ 1575.421296][   T30]  ? __pfx_validate_chain+0x10/0x10
[ 1575.427822][   T30]  ? radix_tree_lookup+0x238/0x290
[ 1575.433363][   T30]  genl_rcv_msg+0x121/0xec0
[ 1575.439352][   T30]  ? mark_lock+0x9a/0x360
[ 1575.445289][   T30]  ? __lock_acquire+0x1384/0x2050
[ 1575.451102][   T30]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1575.456577][   T30]  ? __pfx_lock_acquire+0x10/0x10
[ 1575.462128][   T30]  ? __pfx___might_resched+0x10/0x10
[ 1575.470819][   T30]  netlink_rcv_skb+0x1e3/0x430
[ 1575.477101][   T30]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1575.485067][   T30]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1575.491989][   T30]  genl_rcv+0x28/0x40
[ 1575.496652][   T30]  netlink_unicast+0x7f6/0x990
[ 1575.508692][   T30]  ? __pfx_netlink_unicast+0x10/0x10
[ 1575.515438][   T30]  ? __virt_addr_valid+0x183/0x530
[ 1575.521918][   T30]  ? __check_object_size+0x48e/0x900
[ 1575.530698][   T30]  netlink_sendmsg+0x8e4/0xcb0
[ 1575.536130][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1575.546120][   T30]  ? __might_fault+0xaa/0x120
[ 1575.551036][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1575.558029][   T30]  __sock_sendmsg+0x221/0x270
[ 1575.565517][   T30]  __sys_sendto+0x39b/0x4f0
[ 1575.571763][   T30]  ? __pfx___sys_sendto+0x10/0x10
[ 1575.579410][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1575.588528][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1575.596018][   T30]  __x64_sys_sendto+0xde/0x100
[ 1575.601830][   T30]  do_syscall_64+0xf3/0x230
[ 1575.608579][   T30]  ? clear_bhb_loop+0x35/0x90
[ 1575.613664][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1575.620616][   T30] RIP: 0033:0x7fe215b805ac
[ 1575.626563][   T30] RSP: 002b:00007ffc1ac60410 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1575.637370][   T30] RAX: ffffffffffffffda RBX: 00007fe216864620 RCX: 00007fe215b805ac
[ 1575.646886][   T30] RDX: 0000000000000020 RSI: 00007fe216864670 RDI: 0000000000000005
[ 1575.657354][   T30] RBP: 0000000000000000 R08: 00007ffc1ac60464 R09: 000000000000000c
[ 1575.668123][   T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005
[ 1575.677178][   T30] R13: 00007ffc1ac604b8 R14: 00007fe216864670 R15: 0000000000000000
[ 1575.686858][   T30]  </TASK>
[ 1575.690890][   T30] INFO: task syz.5.3525:19156 blocked for more than 144 seconds.
[ 1575.700282][   T30]       Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0
[ 1575.709671][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1575.721054][   T30] task:syz.5.3525      state:D stack:25328 pid:19156 tgid:19140 ppid:6481   flags:0x00004006
[ 1575.737743][   T30] Call Trace:
[ 1575.741423][   T30]  <TASK>
[ 1575.744850][   T30]  __schedule+0x17fa/0x4bd0
[ 1575.754143][   T30]  ? __pfx___schedule+0x10/0x10
[ 1575.759137][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1575.766329][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[ 1575.774746][   T30]  ? schedule+0x90/0x320
[ 1575.781084][   T30]  schedule+0x14b/0x320
[ 1575.787296][   T30]  schedule_preempt_disabled+0x13/0x30
[ 1575.795108][   T30]  __mutex_lock+0x6a7/0xd70
[ 1575.802043][   T30]  ? kobject_put+0x446/0x480
[ 1575.807969][   T30]  ? __mutex_lock+0x52a/0xd70
[ 1575.814818][   T30]  ? rfkill_unregister+0xd0/0x230
[ 1575.820940][   T30]  ? __pfx___mutex_lock+0x10/0x10
[ 1575.828573][   T30]  ? __pfx_device_del+0x10/0x10
[ 1575.835222][   T30]  ? __pfx_nfc_genl_device_removed+0x10/0x10
[ 1575.843324][   T30]  rfkill_unregister+0xd0/0x230
[ 1575.849016][   T30]  nfc_unregister_device+0x96/0x2a0
[ 1575.855280][   T30]  virtual_ncidev_close+0x56/0x90
[ 1575.861805][   T30]  ? __pfx_virtual_ncidev_close+0x10/0x10
[ 1575.869487][   T30]  __fput+0x23f/0x880
[ 1575.874669][   T30]  task_work_run+0x24f/0x310
[ 1575.882487][   T30]  ? __pfx_task_work_run+0x10/0x10
[ 1575.889379][   T30]  ? switch_task_namespaces+0xe4/0x110
[ 1575.901150][   T30]  do_exit+0xa2f/0x28e0
[ 1575.907421][   T30]  ? __pfx_do_exit+0x10/0x10
[ 1575.914395][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1575.920637][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1575.926980][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1575.934621][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[ 1575.939815][   T30]  do_group_exit+0x207/0x2c0
[ 1575.944831][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1575.951197][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[ 1575.957710][   T30]  get_signal+0x16a3/0x1740
[ 1575.962508][   T30]  ? __pfx_get_signal+0x10/0x10
[ 1575.968015][   T30]  arch_do_signal_or_restart+0x96/0x860
[ 1575.975211][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1575.982344][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1575.988924][   T30]  ? schedule+0x155/0x320
[ 1575.993414][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[ 1575.999614][   T30]  do_syscall_64+0x100/0x230
[ 1576.004553][   T30]  ? clear_bhb_loop+0x35/0x90
[ 1576.009390][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1576.015850][   T30] RIP: 0033:0x7fae84f7e719
[ 1576.020443][   T30] RSP: 002b:00007fae85d550e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1576.029088][   T30] RAX: fffffffffffffe00 RBX: 00007fae85136210 RCX: 00007fae84f7e719
[ 1576.037340][   T30] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fae85136210
[ 1576.045614][   T30] RBP: 00007fae85136208 R08: 0000000000000000 R09: 0000000000000000
[ 1576.054729][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae85136214
[ 1576.062949][   T30] R13: 0000000000000000 R14: 00007ffef4c5c440 R15: 00007ffef4c5c528
[ 1576.072606][   T30]  </TASK>
[ 1576.075938][   T30] INFO: task syz.2.3531:19187 blocked for more than 145 seconds.
[ 1576.084549][   T30]       Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0
[ 1576.092238][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1576.101316][   T30] task:syz.2.3531      state:D stack:22080 pid:19187 tgid:19181 ppid:5828   flags:0x00004006
[ 1576.111763][   T30] Call Trace:
[ 1576.115240][   T30]  <TASK>
[ 1576.118867][   T30]  __schedule+0x17fa/0x4bd0
[ 1576.123449][   T30]  ? __pfx___schedule+0x10/0x10
[ 1576.128460][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1576.133860][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[ 1576.139508][   T30]  ? schedule+0x90/0x320
[ 1576.144324][   T30]  schedule+0x14b/0x320
[ 1576.148834][   T30]  schedule_preempt_disabled+0x13/0x30
[ 1576.154482][   T30]  __mutex_lock+0x6a7/0xd70
[ 1576.159324][   T30]  ? __mutex_lock+0x52a/0xd70
[ 1576.164177][   T30]  ? rfkill_register+0x34/0x8c0
[ 1576.169088][   T30]  ? __pfx___mutex_lock+0x10/0x10
[ 1576.174512][   T30]  ? mod_delayed_work_on+0x2b6/0x370
[ 1576.179887][   T30]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1576.185364][   T30]  rfkill_register+0x34/0x8c0
[ 1576.190324][   T30]  wiphy_register+0x234c/0x2b30
[ 1576.195799][   T30]  ? __pfx_wiphy_register+0x10/0x10
[ 1576.201072][   T30]  ? minstrel_ht_alloc+0x72b/0x860
[ 1576.206481][   T30]  ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620
[ 1576.212620][   T30]  ieee80211_register_hw+0x30fb/0x3e10
[ 1576.218434][   T30]  ? mark_lock+0x9a/0x360
[ 1576.222952][   T30]  ? ieee80211_register_hw+0x1551/0x3e10
[ 1576.228876][   T30]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1576.234968][   T30]  ? __hrtimer_init+0x162/0x250
[ 1576.240000][   T30]  mac80211_hwsim_new_radio+0x2a9f/0x4a90
[ 1576.245966][   T30]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1576.252101][   T30]  hwsim_new_radio_nl+0xece/0x2290
[ 1576.257482][   T30]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1576.263877][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1576.269979][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1576.276553][   T30]  ? __nla_validate_parse+0xd31/0x3090
[ 1576.282078][   T30]  genl_rcv_msg+0xb14/0xec0
[ 1576.286979][   T30]  ? mark_lock+0x9a/0x360
[ 1576.291470][   T30]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1576.297086][   T30]  ? __pfx_lock_acquire+0x10/0x10
[ 1576.302220][   T30]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1576.308553][   T30]  ? __pfx___might_resched+0x10/0x10
[ 1576.314356][   T30]  netlink_rcv_skb+0x1e3/0x430
[ 1576.319767][   T30]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1576.325005][   T30]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1576.330520][   T30]  ? __netlink_deliver_tap+0x77e/0x7c0
[ 1576.336416][   T30]  genl_rcv+0x28/0x40
[ 1576.340793][   T30]  netlink_unicast+0x7f6/0x990
[ 1576.345901][   T30]  ? __pfx_netlink_unicast+0x10/0x10
[ 1576.351282][   T30]  ? __check_object_size+0x14d/0x900
[ 1576.356836][   T30]  ? __check_object_size+0x48e/0x900
[ 1576.362392][   T30]  netlink_sendmsg+0x8e4/0xcb0
[ 1576.367359][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1576.373222][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1576.378993][   T30]  __sock_sendmsg+0x221/0x270
[ 1576.383908][   T30]  ____sys_sendmsg+0x52a/0x7e0
[ 1576.388769][   T30]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1576.394257][   T30]  __sys_sendmsg+0x292/0x380
[ 1576.399623][   T30]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1576.404957][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1576.411459][   T30]  ? do_syscall_64+0x100/0x230
[ 1576.416991][   T30]  ? do_syscall_64+0xb6/0x230
[ 1576.421763][   T30]  do_syscall_64+0xf3/0x230
[ 1576.426541][   T30]  ? clear_bhb_loop+0x35/0x90
[ 1576.431927][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1576.437999][   T30] RIP: 0033:0x7f6b3597e719
[ 1576.442986][   T30] RSP: 002b:00007f6b366c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1576.451629][   T30] RAX: ffffffffffffffda RBX: 00007f6b35b36208 RCX: 00007f6b3597e719
[ 1576.459995][   T30] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 000000000000000b
[ 1576.469107][   T30] RBP: 00007f6b359f175e R08: 0000000000000000 R09: 0000000000000000
[ 1576.477540][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1576.486156][   T30] R13: 0000000000000000 R14: 00007f6b35b36208 R15: 00007ffc9d6a0558
[ 1576.494421][   T30]  </TASK>
[ 1576.497510][   T30] INFO: task syz.8.3535:19208 blocked for more than 145 seconds.
[ 1576.505749][   T30]       Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0
[ 1576.514315][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1576.523231][   T30] task:syz.8.3535      state:D stack:25216 pid:19208 tgid:19205 ppid:17996  flags:0x00004004
[ 1576.534111][   T30] Call Trace:
[ 1576.537546][   T30]  <TASK>
[ 1576.540734][   T30]  __schedule+0x17fa/0x4bd0
[ 1576.551893][   T30]  ? __pfx___schedule+0x10/0x10
[ 1576.557677][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1576.563071][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[ 1576.569974][   T30]  ? schedule+0x90/0x320
[ 1576.574956][   T30]  schedule+0x14b/0x320
[ 1576.579220][   T30]  schedule_preempt_disabled+0x13/0x30
[ 1576.585438][   T30]  __mutex_lock+0x6a7/0xd70
[ 1576.590224][   T30]  ? __mutex_lock+0x52a/0xd70
[ 1576.595217][   T30]  ? genl_rcv_msg+0x121/0xec0
[ 1576.600092][   T30]  ? __pfx___mutex_lock+0x10/0x10
[ 1576.605753][   T30]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1576.610886][   T30]  ? radix_tree_lookup+0x8a/0x290
[ 1576.616191][   T30]  ? radix_tree_lookup+0x238/0x290
[ 1576.621389][   T30]  genl_rcv_msg+0x121/0xec0
[ 1576.626718][   T30]  ? mark_lock+0x9a/0x360
[ 1576.631136][   T30]  ? __lock_acquire+0x1384/0x2050
[ 1576.636524][   T30]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1576.641737][   T30]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 1576.648233][   T30]  ? __pfx_lock_acquire+0x10/0x10
[ 1576.653327][   T30]  ? __pfx___might_resched+0x10/0x10
[ 1576.658876][   T30]  netlink_rcv_skb+0x1e3/0x430
[ 1576.664696][   T30]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1576.669884][   T30]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1576.676248][   T30]  ? __netlink_deliver_tap+0x77e/0x7c0
[ 1576.681901][   T30]  genl_rcv+0x28/0x40
[ 1576.686510][   T30]  netlink_unicast+0x7f6/0x990
[ 1576.691340][   T30]  ? irqentry_exit+0x63/0x90
[ 1576.696979][   T30]  ? __pfx_netlink_unicast+0x10/0x10
[ 1576.702417][   T30]  ? netlink_sendmsg+0x755/0xcb0
[ 1576.708383][   T30]  netlink_sendmsg+0x8e4/0xcb0
[ 1576.713235][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1576.719065][   T30]  ? __might_fault+0xaa/0x120
[ 1576.723905][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1576.729335][   T30]  __sock_sendmsg+0x221/0x270
[ 1576.734777][   T30]  __sys_sendto+0x39b/0x4f0
[ 1576.739359][   T30]  ? __pfx___sys_sendto+0x10/0x10
[ 1576.744597][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[ 1576.749885][   T30]  __x64_sys_sendto+0xde/0x100
[ 1576.755162][   T30]  do_syscall_64+0xf3/0x230
[ 1576.759746][   T30]  ? clear_bhb_loop+0x35/0x90
[ 1576.764572][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1576.770826][   T30] RIP: 0033:0x7fc0e3d805ac
[ 1576.776208][   T30] RSP: 002b:00007fc0e4b0aec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1576.785948][   T30] RAX: ffffffffffffffda RBX: 00007fc0e4b0afc0 RCX: 00007fc0e3d805ac
[ 1576.794638][   T30] RDX: 0000000000000020 RSI: 00007fc0e4b0b010 RDI: 000000000000000b
[ 1576.803209][   T30] RBP: 0000000000000000 R08: 00007fc0e4b0af14 R09: 000000000000000c
[ 1576.811790][   T30] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000b
[ 1576.820675][   T30] R13: 00007fc0e4b0af68 R14: 00007fc0e4b0b010 R15: 0000000000000000
[ 1576.829222][   T30]  </TASK>
[ 1576.832520][   T30] 
[ 1576.832520][   T30] Showing all locks held in the system:
[ 1576.841677][   T30] 1 lock held by khungtaskd/30:
[ 1576.846842][   T30]  #0: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[ 1576.858720][   T30] 4 locks held by kworker/u8:4/67:
[ 1576.864319][   T30]  #0: ffff88801baeb148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[ 1576.877025][   T30]  #1: ffffc900015f7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[ 1576.888769][   T30]  #2: ffffffff8fcb4c90 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[ 1576.898887][   T30]  #3: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xd0/0x230
[ 1576.909416][   T30] 3 locks held by kworker/1:2/3068:
[ 1576.915156][   T30]  #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[ 1576.926400][   T30]  #1: ffffc9000c0bfd00 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[ 1576.940500][   T30]  #2: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[ 1576.952112][   T30] 2 locks held by getty/5592:
[ 1576.957381][   T30]  #0: ffff88803133d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1576.968110][   T30]  #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00
[ 1576.978980][   T30] 3 locks held by kworker/u8:11/6643:
[ 1576.984566][   T30] 1 lock held by syz.5.1278/11293:
[ 1576.989747][   T30]  #0: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xd0/0x230
[ 1577.000438][   T30] 4 locks held by kworker/1:4/18131:
[ 1577.005896][   T30]  #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[ 1577.017495][   T30]  #1: ffffc9000519fd00 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[ 1577.028739][   T30]  #2: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x4f/0x180
[ 1577.038792][   T30]  #3: ffff88805e582100 (&dev->mutex){....}-{3:3}, at: nfc_rfkill_set_block+0x50/0x310
[ 1577.049064][   T30] 2 locks held by syz-executor/19003:
[ 1577.054961][   T30]  #0: ffffffff8fd274d0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[ 1577.063273][   T30]  #1: ffffffff8fd27388 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0
[ 1577.073068][   T30] 2 locks held by syz-executor/19046:
[ 1577.079246][   T30]  #0: ffffffff8fd274d0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[ 1577.087705][   T30]  #1: ffffffff8fd27388 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0
[ 1577.097154][   T30] 2 locks held by syz.5.3525/19156:
[ 1577.102375][   T30]  #0: ffff88805e582100 (&dev->mutex){....}-{3:3}, at: nfc_unregister_device+0x63/0x2a0
[ 1577.112297][   T30]  #1: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xd0/0x230
[ 1577.122970][   T30] 3 locks held by syz.2.3531/19187:
[ 1577.128338][   T30]  #0: ffffffff8fd274d0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[ 1577.137152][   T30]  #1: ffffffff8fd27388 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0
[ 1577.146310][   T30]  #2: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0
[ 1577.156805][   T30] 2 locks held by syz.8.3535/19208:
[ 1577.162072][   T30]  #0: ffffffff8fd274d0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[ 1577.170403][   T30]  #1: ffffffff8fd27388 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0
[ 1577.179967][   T30] 2 locks held by syz-executor/19211:
[ 1577.185519][   T30]  #0: ffff88807a9ae118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6a0
[ 1577.196280][   T30]  #1: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0
[ 1577.206581][   T30] 2 locks held by syz-executor/19214:
[ 1577.211988][   T30]  #0: ffff888024418918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6a0
[ 1577.222529][   T30]  #1: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0
[ 1577.232920][   T30] 2 locks held by syz-executor/19216:
[ 1577.238690][   T30]  #0: ffff888079661118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6a0
[ 1577.248996][   T30]  #1: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0
[ 1577.259302][   T30] 2 locks held by syz-executor/19219:
[ 1577.264945][   T30]  #0: ffff888079041118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6a0
[ 1577.275495][   T30]  #1: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0
[ 1577.285780][   T30] 2 locks held by syz-executor/19221:
[ 1577.291301][   T30]  #0: ffff888033722118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6a0
[ 1577.301942][   T30]  #1: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0
[ 1577.312124][   T30] 2 locks held by syz-executor/19223:
[ 1577.317934][   T30]  #0: ffff888028083918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6a0
[ 1577.328562][   T30]  #1: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0
[ 1577.339131][   T30] 2 locks held by syz-executor/19225:
[ 1577.345119][   T30]  #0: ffff88807c5ab118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6a0
[ 1577.356418][   T30]  #1: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0
[ 1577.367978][   T30] 2 locks held by syz-executor/19227:
[ 1577.374241][   T30]  #0: ffff888026308918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6a0
[ 1577.384840][   T30]  #1: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0
[ 1577.395327][   T30] 2 locks held by syz-executor/19229:
[ 1577.400928][   T30]  #0: ffff88807bb1c918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6a0
[ 1577.411218][   T30]  #1: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0
[ 1577.421631][   T30] 2 locks held by syz-executor/19231:
[ 1577.427124][   T30]  #0: ffff88807946a118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6a0
[ 1577.437658][   T30]  #1: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0
[ 1577.447730][   T30] 2 locks held by syz-executor/19239:
[ 1577.453137][   T30]  #0: ffff888028717918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6a0
[ 1577.463815][   T30]  #1: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0
[ 1577.474124][   T30] 2 locks held by syz-executor/19241:
[ 1577.479654][   T30]  #0: ffff88807cdfa118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6a0
[ 1577.490465][   T30]  #1: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0
[ 1577.500624][   T30] 2 locks held by syz-executor/19243:
[ 1577.506555][   T30]  #0: ffff88802478f118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6a0
[ 1577.517041][   T30]  #1: ffffffff8ff98ba8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0
[ 1577.527565][   T30] 
[ 1577.529933][   T30] =============================================
[ 1577.529933][   T30] 
[ 1577.538775][   T30] NMI backtrace for cpu 1
[ 1577.543176][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0
[ 1577.553818][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[ 1577.563925][   T30] Call Trace:
[ 1577.567258][   T30]  <TASK>
[ 1577.570309][   T30]  dump_stack_lvl+0x241/0x360
[ 1577.575050][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1577.580407][   T30]  ? __pfx__printk+0x10/0x10
[ 1577.585174][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[ 1577.590357][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1577.595858][   T30]  ? _printk+0xd5/0x120
[ 1577.600045][   T30]  ? __pfx__printk+0x10/0x10
[ 1577.604658][   T30]  ? __wake_up_klogd+0xcc/0x110
[ 1577.609532][   T30]  ? __pfx__printk+0x10/0x10
[ 1577.614150][   T30]  ? __rcu_read_unlock+0xa1/0x110
[ 1577.619223][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1577.625321][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[ 1577.631371][   T30]  watchdog+0xff4/0x1040
[ 1577.635837][   T30]  ? watchdog+0x1ea/0x1040
[ 1577.640325][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1577.645033][   T30]  kthread+0x2f0/0x390
[ 1577.649136][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1577.653940][   T30]  ? __pfx_kthread+0x10/0x10
[ 1577.658770][   T30]  ret_from_fork+0x4b/0x80
[ 1577.663392][   T30]  ? __pfx_kthread+0x10/0x10
[ 1577.668212][   T30]  ret_from_fork_asm+0x1a/0x30
[ 1577.673196][   T30]  </TASK>
[ 1577.677081][   T30] Sending NMI from CPU 1 to CPUs 0:
[ 1577.682375][    C0] NMI backtrace for cpu 0
[ 1577.682392][    C0] CPU: 0 UID: 0 PID: 6643 Comm: kworker/u8:11 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0
[ 1577.682416][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[ 1577.682429][    C0] Workqueue: bat_events batadv_nc_worker
[ 1577.682458][    C0] RIP: 0010:lock_release+0x236/0xa30
[ 1577.682491][    C0] Code: 92 ab 0e 00 0f 84 bf 03 00 00 49 8d b5 d8 0a 00 00 48 89 f0 48 c1 e8 03 48 89 44 24 48 42 0f b6 04 38 84 c0 0f 85 78 05 00 00 <8b> 06 85 c0 0f 84 2e 02 00 00 48 89 34 24 48 89 54 24 08 48 89 5c
[ 1577.682508][    C0] RSP: 0018:ffffc90018c4f960 EFLAGS: 00000046
[ 1577.682525][    C0] RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffc90018c4f903
[ 1577.682539][    C0] RDX: 1ffff92003189f3c RSI: ffff88807e058ad8 RDI: ffffffff8c6038e0
[ 1577.682555][    C0] RBP: ffffc90018c4fa98 R08: ffffffff901be06f R09: 1ffffffff2037c0d
[ 1577.682570][    C0] R10: dffffc0000000000 R11: fffffbfff2037c0e R12: 1ffff92003189f38
[ 1577.682585][    C0] R13: ffff88807e058000 R14: ffff88807a8dd398 R15: dffffc0000000000
[ 1577.682601][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[ 1577.682618][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1577.682632][    C0] CR2: 00007f86a9067d60 CR3: 000000000e734000 CR4: 00000000003526f0
[ 1577.682649][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1577.682662][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1577.682675][    C0] Call Trace:
[ 1577.682682][    C0]  <NMI>
[ 1577.682691][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[ 1577.682722][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 1577.682759][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1577.682796][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1577.682823][    C0]  ? nmi_handle+0x14f/0x5a0
[ 1577.682843][    C0]  ? nmi_handle+0x2a/0x5a0
[ 1577.682863][    C0]  ? lock_release+0x236/0xa30
[ 1577.682890][    C0]  ? default_do_nmi+0x63/0x160
[ 1577.682909][    C0]  ? exc_nmi+0x123/0x1f0
[ 1577.682927][    C0]  ? end_repeat_nmi+0xf/0x53
[ 1577.682956][    C0]  ? lock_release+0x236/0xa30
[ 1577.682984][    C0]  ? lock_release+0x236/0xa30
[ 1577.683013][    C0]  ? lock_release+0x236/0xa30
[ 1577.683041][    C0]  </NMI>
[ 1577.683047][    C0]  <TASK>
[ 1577.683056][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 1577.683084][    C0]  ? batadv_nc_purge_paths+0x312/0x3b0
[ 1577.683106][    C0]  ? __pfx_lock_release+0x10/0x10
[ 1577.683133][    C0]  ? do_raw_spin_lock+0x14f/0x370
[ 1577.683157][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[ 1577.683186][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1577.683211][    C0]  ? batadv_nc_purge_paths+0xe8/0x3b0
[ 1577.683233][    C0]  ? batadv_nc_purge_paths+0x312/0x3b0
[ 1577.683254][    C0]  _raw_spin_unlock_bh+0x1b/0x40
[ 1577.683276][    C0]  ? __pfx_batadv_nc_to_purge_nc_path_decoding+0x10/0x10
[ 1577.683300][    C0]  batadv_nc_purge_paths+0x312/0x3b0
[ 1577.683327][    C0]  batadv_nc_worker+0x365/0x610
[ 1577.683349][    C0]  ? process_scheduled_works+0x976/0x1850
[ 1577.683376][    C0]  process_scheduled_works+0xa63/0x1850
[ 1577.683415][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1577.683445][    C0]  ? assign_work+0x364/0x3d0
[ 1577.683473][    C0]  worker_thread+0x870/0xd30
[ 1577.683509][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1577.683533][    C0]  ? __kthread_parkme+0x169/0x1d0
[ 1577.683564][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1577.683591][    C0]  kthread+0x2f0/0x390
[ 1577.683609][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1577.683634][    C0]  ? __pfx_kthread+0x10/0x10
[ 1577.683653][    C0]  ret_from_fork+0x4b/0x80
[ 1577.683680][    C0]  ? __pfx_kthread+0x10/0x10
[ 1577.683698][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1577.683733][    C0]  </TASK>
[ 1578.052658][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[ 1578.059828][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0
[ 1578.071705][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[ 1578.082552][   T30] Call Trace:
[ 1578.085900][   T30]  <TASK>
[ 1578.089382][   T30]  dump_stack_lvl+0x241/0x360
[ 1578.094205][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1578.099633][   T30]  ? __pfx__printk+0x10/0x10
[ 1578.104518][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1578.110591][   T30]  ? vscnprintf+0x5d/0x90
[ 1578.115043][   T30]  panic+0x349/0x880
[ 1578.118997][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 1578.126181][   T30]  ? __pfx_panic+0x10/0x10
[ 1578.130691][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[ 1578.136268][   T30]  ? __irq_work_queue_local+0x137/0x410
[ 1578.141840][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[ 1578.147255][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 1578.153468][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[ 1578.159719][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[ 1578.165935][   T30]  watchdog+0x1033/0x1040
[ 1578.170315][   T30]  ? watchdog+0x1ea/0x1040
[ 1578.174778][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1578.179570][   T30]  kthread+0x2f0/0x390
[ 1578.183758][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1578.188738][   T30]  ? __pfx_kthread+0x10/0x10
[ 1578.194334][   T30]  ret_from_fork+0x4b/0x80
[ 1578.198824][   T30]  ? __pfx_kthread+0x10/0x10
[ 1578.203559][   T30]  ret_from_fork_asm+0x1a/0x30
[ 1578.208411][   T30]  </TASK>
[ 1578.211846][   T30] Kernel Offset: disabled
[ 1578.216190][   T30] Rebooting in 86400 seconds..