last executing test programs:

14m26.336363502s ago: executing program 2 (id=292):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
bpf$MAP_CREATE(0x0, 0x0, 0x48)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
ptrace(0x10, 0x0)

14m18.093078594s ago: executing program 2 (id=306):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r2, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e008104df635e731a5bfcd942f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd4f6cfdfe756bc00d08e36655c00"})
ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f00000006c0)={0x2, 0xf, 0x4, 0x1, 0x0, 0x5, 0x0})
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22}, 0x21)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000100))
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r3, 0x2f7e, &(0x7f0000000180)=""/171)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000500)=@gcm_128={{0x304}, "ba593483c74686d7", "aa1975656ec7dbd211ca14cb31a6c1e2", '\x00', "4e8afeee33468949"}, 0x28)

14m17.282638995s ago: executing program 2 (id=308):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000000)={0xffffffffffffffff, <r1=>r0, 0x2})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={<r2=>0x0}, &(0x7f0000000200)=0xc)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f00000003c0)={{0x9, 0x4, 0x24c, 0x10000, 'syz1\x00', 0x2}, 0x5, 0x200, 0xaca0, r2, 0x7, 0x2, 'syz0\x00', &(0x7f0000000280)=['\\\x00', '+\x00', '\'\x00', '/dev/cpu/#/msr\x00', '(#\x00', '/dev/cpu/#/msr\x00', '[\x89)\x00'], 0x2b})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = syz_io_uring_setup(0x112, &(0x7f0000000140)={0x0, 0x24089, 0x80, 0x3}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_TIMEOUT={0xb, 0x8, 0x0, 0x0, 0x1, &(0x7f0000000380), 0x1, 0x40, 0x1})
io_uring_enter(r4, 0x47f6, 0xb277, 0x0, 0x0, 0x0)

14m16.712162279s ago: executing program 2 (id=311):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$kcm(0x10, 0x2, 0x4)
socket(0x11, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x2, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
memfd_secret(0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'syztnl0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x14, 0x0, 0x0, 0x0, 0x2b, @empty, @empty}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r4, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

14m15.549183445s ago: executing program 2 (id=312):
pipe2$9p(0x0, 0x0)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[], 0x5)
write$cgroup_subtree(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="2b63707520189b33db0c160f4cfb4e3914bc0f7475cbaa9a6a5a282c46ee56cbee2f00acb448c33be0619ba730154fc36b8c0615f0656ed2c7ae794fc4405396a03571057830a44748bcc214732977c8ace2b049dfde2c14fd57720fd55f9883558a630ee3b96f93"], 0x5)

14m11.925198658s ago: executing program 2 (id=322):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
bpf$MAP_CREATE(0x0, 0x0, 0x48)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
ptrace(0x10, 0x0)

13m55.347599808s ago: executing program 32 (id=322):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
bpf$MAP_CREATE(0x0, 0x0, 0x48)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
ptrace(0x10, 0x0)

13m38.195203737s ago: executing program 0 (id=372):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'wg0\x00', <r5=>0x0})
sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r5}, 0x14)
r6 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
syz_open_dev$usbfs(0x0, 0x1ff, 0x402)
ioctl$PTP_PEROUT_REQUEST2(r6, 0x40043d0d, 0x0)

13m37.130638852s ago: executing program 0 (id=373):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, 0x0, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000000000)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
write$char_usb(r2, 0x0, 0x0)
set_mempolicy(0x3, &(0x7f0000000100)=0x3, 0x9)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffe}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x34004000)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
write$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)

13m33.817357946s ago: executing program 0 (id=381):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
readlinkat(0xffffffffffffffff, 0x0, &(0x7f00000003c0)=""/161, 0xa1)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0xb, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@printk]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b210000ff3f7c081e0f315b91fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21f1498ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae766ce37bdaac6da997fbc15f0c79f42155b99a280667b51fdc7902d7be5ef41f953fedb32aceeada13250626957eff13d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0aac7b141787bad6b0ba090000005f2f3158f0d200000000000070000000000000000701000040000000afbb30c2946e41ef3167d1f6ed47aa1f52bad114a89dbed741f74a23cd8d915e2dcc74a4932646b90f90a9d3956d5cadb642ac79fcb0aae3654482188263abd27e9d57cc28032453dc75f333e1f367ab38b7e7719805a454e79802d07ec60c00b0000000000000000100000001"], 0x208}, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg(r1, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003200)=[{{0x0, 0x0, &(0x7f0000001e00)=[{0x0}, {0x0}, {&(0x7f0000003480)=""/172, 0xac}], 0x3}}], 0x1, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000007600)=[{{0x0, 0x0, &(0x7f0000003440)=[{0x0}, {0x0}, {&(0x7f0000004540)=""/240, 0xf0}], 0x3}}], 0x1, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/188, 0xbc, 0xdf0e}}], 0x1800, 0x2002, 0x0)

13m31.865230191s ago: executing program 0 (id=385):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r3)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0xe}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

13m27.99435646s ago: executing program 0 (id=395):
pipe2$9p(0x0, 0x0)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x5)
write$cgroup_subtree(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="2b63707520189b33db0c160f4cfb4e3914bc0f7475cbaa9a6a5a282c46ee56cbee2f00acb448c33be0619ba730154fc36b8c0615f0656ed2c7ae794fc4405396a03571057830a44748bcc214732977c8ace2b049dfde2c14fd57720fd55f9883558a630ee3b96f93"], 0x5)

13m26.417547768s ago: executing program 0 (id=399):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r2, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="40000000090601020000000000000000000000000900020073797a31000000000500010007000000180007800c00018008000140fffffffe050003000c"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x40241, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f00000004c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0})
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETLINK(r5, 0x400454cd, 0x6)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c000000020601080000000000000000000000000d0003006c6973743a73657400000000050005000000000005000100"], 0x5c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYRESOCT, @ANYRESOCT=r5, @ANYRES64, @ANYRESHEX, @ANYRESDEC, @ANYRESHEX=r5], 0x1c8}, 0x1, 0x0, 0x0, 0x20008084}, 0x0)
r7 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})

13m10.650315612s ago: executing program 33 (id=399):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r2, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="40000000090601020000000000000000000000000900020073797a31000000000500010007000000180007800c00018008000140fffffffe050003000c"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x40241, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f00000004c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0})
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETLINK(r5, 0x400454cd, 0x6)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c000000020601080000000000000000000000000d0003006c6973743a73657400000000050005000000000005000100"], 0x5c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYRESOCT, @ANYRESOCT=r5, @ANYRES64, @ANYRESHEX, @ANYRESDEC, @ANYRESHEX=r5], 0x1c8}, 0x1, 0x0, 0x0, 0x20008084}, 0x0)
r7 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})

9m53.288435004s ago: executing program 6 (id=749):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
syz_open_dev$usbmon(0x0, 0x400, 0x208000)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
keyctl$read(0xb, 0x0, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
r3 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r3, &(0x7f0000000000)={0x18, 0x0, {0x1, @broadcast, 'lo\x00'}}, 0x1e)
ioctl$PPPOEIOCSFWD(r3, 0x4008b100, &(0x7f00000002c0)={0x18, 0x0, {0x1, @broadcast, 'lo\x00'}})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_unlabel(0x0, r4)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)={0x14, r5, 0xc8036ab6d6cbef07, 0x70bd28}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x45080)

9m51.222874817s ago: executing program 6 (id=752):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
socket$inet6(0xa, 0x1, 0x8010000000000084)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$phonet_pipe(0x23, 0x5, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r4, r1, 0x25, 0x2, @val=@tcx={@void, @value=r4}}, 0x1c)
syz_emit_ethernet(0x5ee, &(0x7f0000002880)={@local, @local, @void, {@ipv6={0x8100, @generic={0x0, 0x6, "7409bf", 0x0, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @local}}}}, 0x0)

9m49.752430609s ago: executing program 6 (id=756):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_init_net_socket$llc(0x1a, 0x802, 0x0)
bind$llc(r3, &(0x7f0000000000)={0x1a, 0x0, 0x1, 0x0, 0x3, 0x4a}, 0x10)
close(r3)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4002, &(0x7f0000000000)=0xa, 0x83, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)={0x2, 0x18, 0x0, 0x0, 0x2}, 0x10}}, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0185879, &(0x7f00000003c0)={@desc={0x1, 0x0, @desc2}})
socket$inet6_udp(0xa, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, 0x1, 0x4, 0x401, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFULA_CFG_CMD={0x5, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24008054}, 0x40)

9m47.100253126s ago: executing program 6 (id=760):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r4, &(0x7f00000000c0)=[{{&(0x7f00000003c0)={0xa, 0x4e21, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000000)="7f", 0x1}], 0x1}}], 0x1, 0x0)
listen(r4, 0xfff)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0)
accept(r4, 0xfffffffffffffffd, &(0x7f0000000680))

9m43.710716167s ago: executing program 6 (id=766):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r1}, 0x18)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$key(0xf, 0x3, 0x2)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYRES32=r5], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$key(r4, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="0203f3021600000000000000000000000200090008000000e9000000000000000300060000000000020000000000000000000000000000000200010000000000000003fdff000020030005000000000002000000ac1414aa00000000000000000a00080008"], 0xb0}, 0x1, 0x7}, 0x0)

9m39.196116474s ago: executing program 6 (id=774):
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
r3 = userfaultfd(0x80801)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000d76000/0x3000)=nil, 0x800000})
ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f0000000080)={0x0, 0x3, 0x1})
ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000"])
ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f0000000100)={0x0, 0x0, 0x101, 0x0, {0x0, 0x4, 0xe2, 0xdb}})

9m22.968665752s ago: executing program 34 (id=774):
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
r3 = userfaultfd(0x80801)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000d76000/0x3000)=nil, 0x800000})
ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f0000000080)={0x0, 0x3, 0x1})
ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000"])
ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f0000000100)={0x0, 0x0, 0x101, 0x0, {0x0, 0x4, 0xe2, 0xdb}})

2m58.788904445s ago: executing program 7 (id=1448):
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x20a0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
fadvise64(0xffffffffffffffff, 0x3, 0x5, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000340)={0xd, 0x200090}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0x7f)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3, 0x0, 0x8}, 0x18)
openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x82, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x82000, 0x2c, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})

2m49.283110691s ago: executing program 7 (id=1470):
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x0, 0x0)
fchdir(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f00000000c0)=0x7)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendto$inet6(r1, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @dev={0xfe, 0x80, '\x00', 0x10}, 0x3a}, 0x1c)
r6 = creat(&(0x7f0000000080)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r6, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '\x86\x81\t\n\xac\"\xff4l\xaa\x91\xec\x99M.p\xdc4\x0e\x1c\xdf\xd3\xd4\x8d\xad\x99\x1c\xae\xb2vt\r@0K\x989\x1c\xd7%\x82\x94\x05\x06\xbeJ\x90\xd8&\xa6?~\x88\x01;\r7\xdf\xb7\xfb\x85\x133\x17I\xb4\xbc`7\xda\x91\xefP<f\xdcJ\xcf\xf9\xb1&M\xb9\x88\x8cK6\x89\xe9\xfa\xbfCN\x15\xa1M\xe67\xf5\x0e\a\x061\xb0\x00\xfc~<\xf3Eg\xcd\xd9\xa8\xf0\xbdw\xc6?Vs'}]}, 0x85)
close(r6)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

2m47.343306524s ago: executing program 7 (id=1477):
r0 = socket$kcm(0x2d, 0x2, 0x0)
sendmmsg(r0, &(0x7f00000004c0), 0x0, 0x8000)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
dup(r1)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(0x0, 0x0)
syz_open_dev$cec(0x0, 0xffffffffffffffff, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x4}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="1400000017000b63d25a80648c2594f905a3c92b", 0x14}], 0x1}, 0x0)

2m44.995443754s ago: executing program 7 (id=1482):
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, 0x0, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/pm_print_times', 0x102, 0xc2)
write$khugepaged_scan(r4, &(0x7f0000000000), 0x8)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000000203010200000000000000000000000008000340000000000900020000000000020000000800010001"], 0x30}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x1c}}, 0x0)
r7 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f00000002c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000100)={@my=0x1})

2m42.495047066s ago: executing program 7 (id=1485):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x150)
r0 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x14, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, 0x0, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$kcm(0xa, 0x6, 0x0)
setsockopt$sock_attach_bpf(r1, 0x10d, 0xa, &(0x7f0000000000), 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r3}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
r7 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r8 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, 0x0)
bind$can_j1939(r8, &(0x7f0000000080)={0x1d, 0x0, 0x2, {0x1, 0x0, 0x5}}, 0x18)
gettid()
r9 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x16b601, 0x0)
write$sequencer(r9, &(0x7f0000000240)=ANY=[@ANYBLOB="0293"], 0x9)
ioctl$SNDCTL_SEQ_SYNC(r9, 0x5101)

2m39.672884614s ago: executing program 7 (id=1493):
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
io_uring_register$IORING_REGISTER_CLOCK(0xffffffffffffffff, 0x1d, 0x0, 0x0)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x0)
mknod(&(0x7f0000000100)='./file0\x00', 0x40, 0x1ff)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r3 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
readlink(&(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)=""/29, 0x1d)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1})
tkill(r3, 0xb)
bind$alg(r0, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)

2m23.739534185s ago: executing program 35 (id=1493):
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
io_uring_register$IORING_REGISTER_CLOCK(0xffffffffffffffff, 0x1d, 0x0, 0x0)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x0)
mknod(&(0x7f0000000100)='./file0\x00', 0x40, 0x1ff)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r3 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
readlink(&(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)=""/29, 0x1d)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1})
tkill(r3, 0xb)
bind$alg(r0, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)

14.601064834s ago: executing program 1 (id=1770):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
r4 = socket$inet6(0xa, 0x3, 0x5)
sendmmsg(r4, 0x0, 0x0, 0x4000000)
mkdir(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chroot(&(0x7f0000000000)='./bus\x00')
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)

13.40274315s ago: executing program 1 (id=1771):
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@remote, @in6=@remote, 0x0, 0x0, 0xfffc, 0x41, 0x2}, {0x5, 0x3, 0xfffffffffffffffe, 0x0, 0x4, 0x0, 0x80000000000000}, {0x400, 0x3, 0x0, 0x800}, 0x8, 0x0, 0x1, 0x0, 0x2}, {{@in=@dev={0xac, 0x14, 0x14, 0xe}, 0x10000000, 0x2b}, 0x2, @in=@empty, 0xffffffff, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffe}}, 0xe8)
io_uring_setup(0x6c27, 0x0)
add_key$user(0x0, &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
getrlimit(0xa, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x7, 0x4, 0x0, 0x0, 0x2}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r5 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x40040, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, r5)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(0x0, 0x0, &(0x7f0000000000)='proc\x00', 0x0, 0x0)

12.301676128s ago: executing program 5 (id=1775):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0)
r5 = socket(0x10, 0x3, 0x0)
write(r5, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d)
recvmmsg(r5, &(0x7f00000021c0), 0x5b, 0x40, 0x0)
recvmmsg(r0, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000540)=""/215, 0xd7}], 0x1}, 0xb}], 0x2, 0x0, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000080), 0x4)

10.068775919s ago: executing program 5 (id=1777):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="4dc07f947163300c", 0x8)
r1 = fsopen(&(0x7f0000000100)='configfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200))
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r5 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$setperm(0x5, r5, 0xe200129)
keyctl$search(0xa, r5, &(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={'syz', 0x2}, r5)

10.00100337s ago: executing program 1 (id=1778):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0)
r6 = socket(0x10, 0x3, 0x0)
write(r6, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r1, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r0}, 0x20)
recvmmsg(r0, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000540)=""/215, 0xd7}], 0x1}, 0xb}], 0x2, 0x0, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000080), 0x4)

9.716528882s ago: executing program 4 (id=1779):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0)
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
r4 = socket$inet6(0xa, 0x5, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSBRKP(r5, 0x5425, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000023896)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x100, 0x0, 0x0, "7a58beca3900000000000000000000000200"})
setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r4, &(0x7f0000000100)={0xa, 0x4e21, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0xff}, 0x1c)
getsockopt$sock_buf(r4, 0x1, 0x1c, 0x0, 0x0)
syz_io_uring_setup(0x88b, &(0x7f0000000280)={0x0, 0xaedf, 0x8, 0xfffffffd, 0x25d}, &(0x7f0000000140), &(0x7f00000000c0))
socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)

8.664040525s ago: executing program 1 (id=1780):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
futex(0x0, 0x2, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r1, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000)
sendmsg$inet(r1, &(0x7f00000003c0)={&(0x7f0000000080)={0x2, 0xa, @local}, 0x10, &(0x7f00000001c0)}, 0x20000084)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)={0x14, r3, 0x1, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x2000c810}, 0x800)
ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045003, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="1201000043242108d81301006230010203010902120001000000000904"], 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7278, 0x0, 0x1, 0x18e}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000340)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r7, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
io_uring_enter(r4, 0x26c8, 0x0, 0x1, 0x0, 0x10)

8.648200132s ago: executing program 5 (id=1781):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet_sctp(0x2, 0x5, 0x84)
r2 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x12b001)
ioctl$CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r4, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, 0x0, 0x0)
r6 = accept(r3, 0x0, 0x0)
sendmsg$AUDIT_USER_AVC(r6, 0x0, 0x0)
connect$unix(r6, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x4000)

7.12869169s ago: executing program 4 (id=1782):
r0 = socket$pptp(0x18, 0x1, 0x2)
r1 = socket$inet6(0xa, 0x80002, 0x88)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_REVISION_TARGET(r3, 0x29, 0x45, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x0, 0x0)
close(r0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r6, 0x400455c8, 0x8000000001)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x8, &(0x7f00000002c0)=<r8=>0x0)
io_submit(r8, 0x1, &(0x7f0000000000)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r7, &(0x7f0000000040)="0300ffff0000", 0x6}])

6.896990581s ago: executing program 5 (id=1783):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x810, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000000, 0x10, 0xffffffffffffffff, 0x10000000)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x40, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ptrace$ARCH_GET_UNTAG_MASK(0x1e, 0x0, 0x0, 0x4001)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80)
r4 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@bloom_filter={0x1e, 0x2ded5b17, 0x1, 0x81, 0x404, 0xffffffffffffffff, 0x7f, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x1, 0xc}, 0x50)
close(0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
fsmount(r4, 0x0, 0x8)
fchdir(r1)
writev(r0, &(0x7f0000001380)=[{&(0x7f00000000c0)="435b258e1839edfe2975469c3a3a03a0293a029558640d2cd173c7e6b57cc5afce941857a0801affb4febdfaabaf6797edd2fae2e0d2392d8db210df6f060bf4e360cd0cd1fe085c712874339ae78956197850827be9fba0b590f6ef9edeb11cd5f6d7e95a07169d1bfbaa27e374307885d4fa2adf077f28c25b430bf7939f92a27129cbb18e51b0a4346cd5d7aedfe230bf1a0f7053161eceac3dbb9d433765630266c9f590be6bbbde0e06f26582355f28dda65e88906d0ae8aca494a2ec3e23908cb8f4508b7923b0b766c7c9a75287bc9be34492f206a25bf6218de319e69344f4298485f9f6f0d2d39c4da47c1fc2f73a87f9f26894911999d9c8480d8954911fe8e7b8f239910d4f1e00cfe2f435cd3564d4ce99c488233102a87e9f0fd3477806a3893681d73b649bce29e256c3c318da4606cada6483b6da955810af9c3d9263fb3d7b585f27903b726e84e3eb80138fa0086fd6beb2b020c9c610dd1a3fbcf3c23f445f332be82f909162e1bc0688082cfbd2a6f100f0b7927ce0192daa2cafe316db35c2e421ef7d7cc17bd1251bc009ff50a32329d1a127dcfdd4660379e914b68a202192e1898f3c876a7ced54b501a397c9db389c82c121107bd7ff05b9a14151b012c94aff970efaf9bdef9ea3813ef1cfdd6a1f466ae8cbe812c7be83c9a0a8aa40ba8b6df6aa567d6e0ec700a2c4e995c956e161a786d80a98952e48566940e165665fcd5b21ac72ae6d3105ca8a781d49419fd279484ee458912bd2f0dd2be440a207a2fb244f898c6405bfb4f5bd24221f3e2fe1a157229570db534e8644757e19054338b6a1df9873c708f42c15b095e893e23b1f43c73e110e2cc98e06984b044feb5bcc663a171cd41558d06b15d2fa119eac55403176d55d298846fa87a4aefb9c66fa13ceec288c0c811c4468e7d2c391f68870a5dc9f32edbe125cc2cc975d6b88b132164cb686f4d210563fb01782806840585c6054d6aebc1741b2c4855f80f7f299954fd22ae4c0216a140c56d4429336a09d6be7ba4f31d2ee95044a40f6f549cbfca82cd62ed7e0bf76577e7629b02d10b97fd5d7bd916130a573d85cd3c62abc3732763c8dd1e6d64bc9110af370485fcf023b26255556049bce01a7679b209ad5a0f3746f64e3e4ce3f37c4948514", 0x33e}], 0x1)

6.712916919s ago: executing program 3 (id=1784):
syz_usb_ep_read(0xffffffffffffffff, 0x1, 0x0, 0x0)
r0 = syz_io_uring_setup(0x2d4c, 0x0, &(0x7f0000000080), 0x0)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00')
socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$iommufd(0xffffffffffffff9c, 0x0, 0xc02c3, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5865}, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="4c0000001900010929bd700080000000021810000000fd010000000008000100ac141400080005000a0101021800168014000300fc0000000000000000000000000000000600150002000000105789105305c04877749f44cd68bfaf6f39d48a8ac773b16d0b7032a6b960c1008049e8edc43126e36fedc66308eb5b9b0d92ad8fc5f741dd6d92168415944fe38b464444d4b2d3164a78717bf5a622da51eb832bd4825fc6670d9ef6fc46f7b95639c059e5fa6837d13c816039ac75343119b1f355a9537c5eb70e1bcfe2e8cb29345c1aa16e4877eb4b3b15107ee516"], 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x0)

6.383381421s ago: executing program 5 (id=1785):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x20008000)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x44}}, 0x0)
socket$inet(0x2, 0x1, 0x0)
rseq(&(0x7f0000000080), 0x20, 0x0, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000400)=@broute={'broute\x00', 0x70, 0x0, 0x90, [0x3, 0x0, 0x0, 0x0, 0x200000001300, 0x200000001330], 0x0, 0x0, &(0x7f0000001300)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff000000000000000000000000000000000000000000000000000000f0ffffff00000000000000000000000000ffffffff0000000000000000000000002000000000000000000000000000000000000000000000000000000000000000fcffffff00000000"]}, 0x108)
r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r4, 0x10e, 0x2, &(0x7f0000000000)=0x2, 0x4)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xd)
r5 = syz_io_uring_setup(0xbdc, &(0x7f00000021c0)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r6=>0x0, &(0x7f0000002180)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r8 = io_uring_setup(0x5de3, &(0x7f0000000380)={0x0, 0x5f0c, 0x1000, 0x2, 0xb6, 0x0, r5})
r9 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288, 0x0, r8}, &(0x7f0000000340)=<r10=>0x0, &(0x7f0000000280)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x11c, &(0x7f0000000300)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r9, 0x3516, 0x0, 0x0, 0x0, 0x0)
r12 = syz_usb_connect(0x5, 0x59, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ec13b2106c04e814280b0102030109024700010000000009046900000e010000182402010202", @ANYRES16], 0x0)
syz_usb_control_io$hid(r12, &(0x7f0000002340)={0x24, 0x0, &(0x7f00000021c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0)

5.419615108s ago: executing program 1 (id=1786):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280), 0x0)
socket$tipc(0x1e, 0x5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
kcmp(r1, r1, 0x2, r3, r2)
r4 = socket$tipc(0x1e, 0x2, 0x0)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000000c0)="0100", 0x2, 0xfffffffffffffffd)
getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x1, &(0x7f00000003c0)=""/204, &(0x7f0000000000)=0xcc)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000010c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x418, 0x280, 0x268, 0x300, 0x280, 0x268, 0x390, 0x460, 0x460, 0x390, 0x460, 0x9, 0x0, {[{{@uncond, 0x0, 0x1f8, 0x238, 0x0, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x0, 0xb, 0x0, 0x3, 0x0, 0x5, 0x9}}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x8, 0x21, "6bb6778f9bdec125b0fb4f26be757b1e6f2fb8e9079627dc6726c4bc85e9"}}}, {{@ipv6={@private2, @remote, [], [], 'ip6gretap0\x00', 'ip6_vti0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x478)
syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x4802)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "b81923", 0x8, 0x0, 0x0, @local, @local, {[@dstopts]}}}}}, 0x0)

5.131394442s ago: executing program 3 (id=1787):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = socket$rxrpc(0x21, 0x2, 0xa)
connect$rxrpc(r2, &(0x7f0000000000)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e20, 0x200, @dev={0xfe, 0x80, '\x00', 0x26}, 0x1}}, 0x24)
sendmsg$inet(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
recvfrom$rxrpc(r2, 0x0, 0x0, 0xe8ce25b3ffff0000, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={0x0, r1, 0x0, 0x417}, 0x18)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x13f, 0x9}}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='ntfs3\x00', 0x2208004, 0x0)

4.141042711s ago: executing program 5 (id=1788):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mount(&(0x7f0000000180)=@sg0, &(0x7f0000000040)='.\x00', &(0x7f0000000100)='ecryptfs\x00', 0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000040)={@private2={0xfc, 0x2, '\x00', 0x4}, @private2, @loopback, 0x1, 0x0, 0x6, 0x400, 0xcbb0, 0x4010201})
read$msr(r1, 0x0, 0x0)
fsetxattr$security_capability(r1, &(0x7f0000000040), 0x0, 0x0, 0x3)
syz_open_dev$usbfs(&(0x7f0000000000), 0x0, 0xae42199df2a516dc)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r7=>0x0})
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000001200000008000300", @ANYRES32=r7, @ANYBLOB="0a000600080211010101000036ee38101a4faf979f5eb07b77e5e38b7523c4b8a1c9ecf1e6f567d388f8a4cab0c879c0ffb8a21247d3784f344cdc7fe92e88bd4ca6303dc9a0b7135d3680cc8079a3d6afe047ddcd75be62c5ed982805c14daf9c0c5ff62451ee0009b3adcdd766870000000000000000005bb7f6a5466232dc9db8193a7ecbc3b04bc5614d7f5397ba291abc2d38a4c5f0db8e312eb153d8b2951e65d203849b484e86d60a07558c397c492da70663ef180964c679b160b6ce8967d82f84f4b9e1c3e631b36e8e4862ac90fa32df0ecc19248316f7ee9694e07bae6f0f79ebb86db4b4fbcad88b80400436db0c95c87affa045caeb82603bae7c61b83879311a687c46459c5b3afc9672318e9ebfd907836e6a043d00e0ac411c9eb80b3c3a4ae1fe1a84b2eee496c5a81be269010fbd6c4c26f13e15257e23a730b0ab5502d97b5ba41b90b3b64cc6ecd9c11696a7c6d94e2a21c1b67829a50250f64c13eb1c92b2a8f44ee91b7714835d20bcdf646e0e8b2092df936765d61eeb0b2ebbd6635c5456510e230e6213f748602a414bb429974b0d7aaefeffb0eb865a214ce4b422b3bd8381465416b4bc7694e9"], 0x28}, 0x1, 0x0, 0x0, 0x4040}, 0x0)

4.104893322s ago: executing program 1 (id=1789):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

4.057169114s ago: executing program 3 (id=1790):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="4dc07f947163300c", 0x8)
r1 = fsopen(&(0x7f0000000100)='configfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200))
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r5 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$setperm(0x5, r5, 0xe200129)
keyctl$search(0xa, r5, &(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={'syz', 0x2}, r5)

3.876120543s ago: executing program 4 (id=1791):
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000000)=0xfd, 0x4)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
process_vm_writev(0x0, &(0x7f0000000500), 0x0, &(0x7f0000000580)=[{&(0x7f00000018c0)=""/4096, 0x1000}], 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
epoll_create(0x1)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
close(r3)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f00000000c0)=0x2)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r6 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
ioctl$SNDCTL_DSP_GETOSPACE(r5, 0x8010500c, &(0x7f0000000040))
ioctl$SNDRV_PCM_IOCTL_HW_FREE(r6, 0x4112, 0x0)

2.721647793s ago: executing program 3 (id=1792):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000000c0)="010001000000000000001000015b097ead85847817353d2dbad05dd5", 0x1c, 0xfffffffffffffffd)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
r5 = syz_open_procfs(r4, &(0x7f00000000c0)='uid_map\x00')
r6 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, &(0x7f0000000240)={&(0x7f0000b95000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe7e, 0x0, 0x0}, &(0x7f0000000180)=0x40)
pread64(r5, &(0x7f0000000480)=""/177, 0xb1, 0xa6)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000280)={0x6, 0x8000, 0x3, 0xf0}, &(0x7f0000000300)=0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
pipe(&(0x7f00000000c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
fcntl$setpipe(r8, 0x407, 0x7000000)
fcntl$setpipe(r7, 0x407, 0x991e3dc)

1.229092095s ago: executing program 4 (id=1793):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x1f32}, 0x48, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, 0x0)
r5 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r6 = openat$binfmt(0xffffffffffffff9c, r5, 0x42, 0x1ff)
close(r6)
r7 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
execveat$binfmt(0xffffffffffffff9c, r7, 0x0, 0x0, 0x0)
r8 = openat$binfmt(0xffffffffffffff9c, r7, 0x2, 0x0)
close(r8)
execveat$binfmt(0xffffffffffffff9c, r7, 0x0, 0x0, 0x0)

1.040183046s ago: executing program 3 (id=1794):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
process_madvise(0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = fsopen(&(0x7f00000000c0)='ecryptfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000080)={0x0, "4fcb813dd28b42bee2b094a3de6dbfd30a74457bcd1cfd5feffe5c019f45d57f", <r6=>0xffffffffffffffff})
socket$rds(0x15, 0x5, 0x0)
ioctl$SYNC_IOC_FILE_INFO(r6, 0x40103e05, &(0x7f0000000240)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

182.2505ms ago: executing program 4 (id=1795):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a98000000060a0b040000000000000000020000006c000480680001800a000100696e6e65720000005800028008000240000000840800034000000007080004400000000f0800014000000000340005800c0001007061796c6f6164002400028008000340000000b908000240800000040800014000000014080004400000004b0900010073797a30000000000900020073797a32"], 0xc0}}, 0x0)

26.270172ms ago: executing program 4 (id=1796):
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2}, 0x94)
syz_io_uring_setup(0x107f, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x1b, 0x5, 0xd})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)=ANY=[])
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
ioctl$SNDRV_PCM_IOCTL_RESET(0xffffffffffffffff, 0x4141, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r7, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port1\x00', 0x72, 0x51ce8, 0x0, 0x8000008, 0x4, 0x2, 0x1, 0x0, 0x7cce8c743ee810de})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r7, 0x40505330, &(0x7f0000000bc0)={0x800080, 0x858, 0x8, 0x7, 0x43, 0x558})
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
close_range(r8, 0xffffffffffffffff, 0x0)

0s ago: executing program 3 (id=1797):
bind$can_j1939(0xffffffffffffffff, &(0x7f00000000c0), 0x18)
openat$userio(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x100)
r0 = timerfd_create(0x0, 0x800)
r1 = syz_io_uring_setup(0xd3, &(0x7f0000000480)={0x0, 0x6776, 0x8, 0x22, 0x335}, &(0x7f0000000080)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)
timerfd_settime(r0, 0x3, 0x0, 0x0)
clock_settime(0x0, &(0x7f0000000040)={0x77359400})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = syz_io_uring_setup(0xa0, &(0x7f00000002c0)={0x0, 0x89b8, 0x8, 0x0, 0x207}, &(0x7f0000000040)=<r7=>0x0, &(0x7f00000000c0)=<r8=>0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0x4008af12, &(0x7f00000001c0)={0x2, 0x2})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r5, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r6, 0x847ba, 0x0, 0x28, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffff"], 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

s
[  424.555376][ T8371] team0: Port device team_slave_0 added
[  424.567317][ T6121] vhci_hcd: release socket
[  424.574245][ T6121] vhci_hcd: disconnect device
[  424.600504][ T6121] vhci_hcd: stop threads
[  424.605385][ T8371] team0: Port device team_slave_1 added
[  424.619545][ T6121] vhci_hcd: release socket
[  424.639527][ T6121] vhci_hcd: disconnect device
[  424.662730][ T6121] vhci_hcd: stop threads
[  424.690061][ T6121] vhci_hcd: release socket
[  424.701748][ T8672] kvm: kvm [8670]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x32e4
[  424.709495][ T6121] vhci_hcd: disconnect device
[  424.732592][ T8672] kvm: kvm [8670]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0x32e4
[  426.184653][ T8371] batman_adv: batadv0: Adding interface: batadv_slave_0
[  427.106872][ T8371] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  427.166630][ T8371] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  427.190101][ T8371] batman_adv: batadv0: Adding interface: batadv_slave_1
[  427.206515][ T8371] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  427.266926][ T8371] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  428.879403][ T8371] hsr_slave_0: entered promiscuous mode
[  428.886830][ T8371] hsr_slave_1: entered promiscuous mode
[  428.893736][ T8371] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  428.903766][ T8371] Cannot create hsr debugfs directory
[  429.872282][ T5951] vhci_hcd: vhci_device speed not set
[  431.126526][ T8721] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  431.186759][ T8736] tipc: Cannot configure node identity twice
[  434.733847][ T8756] netlink: 'syz.4.610': attribute type 1 has an invalid length.
[  434.741680][ T8756] netlink: 4 bytes leftover after parsing attributes in process `syz.4.610'.
[  435.317157][   T48] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  436.275734][ T8767] trusted_key: encrypted_key: key user:syz not found
[  436.567616][   T48] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.02
[  436.721063][   T48] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.779723][   T48] usb 4-1: Product: syz
[  436.816508][   T48] usb 4-1: Manufacturer: syz
[  437.081341][   T48] usb 4-1: SerialNumber: syz
[  437.165724][   T48] usb 4-1: config 0 descriptor??
[  437.275773][ T8777] netlink: 20 bytes leftover after parsing attributes in process `syz.4.616'.
[  437.526147][   T48] hso 4-1:0.0: Failed to find BULK IN ep
[  438.031586][ T8759] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  438.050728][ T8777] batadv0: entered promiscuous mode
[  438.067077][ T8759] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  438.068068][ T8777] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  438.115915][ T8777] batadv0: left promiscuous mode
[  438.166781][ T5951] usb 4-1: USB disconnect, device number 3
[  438.499251][ T8793] =======================================================
[  438.499251][ T8793] WARNING: The mand mount option has been deprecated and
[  438.499251][ T8793]          and is ignored by this kernel. Remove the mand
[  438.499251][ T8793]          option from the mount to silence this warning.
[  438.499251][ T8793] =======================================================
[  438.572902][ T8793] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  439.168814][ T8784] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  439.221359][ T8784] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  439.236538][ T8784] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  439.472828][ T8371] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  440.175082][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  440.203641][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  440.204923][ T8371] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  440.968868][ T8371] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  441.348765][ T8810] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  441.419650][ T8371] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  445.404993][ T8371] 8021q: adding VLAN 0 to HW filter on device bond0
[  446.018884][ T8852] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  449.551823][ T8870] netlink: 'syz.1.634': attribute type 2 has an invalid length.
[  449.559677][ T8870] netlink: 244 bytes leftover after parsing attributes in process `syz.1.634'.
[  451.258331][ T8886] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  451.426271][ T8886] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  451.459330][ T8886] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  451.604606][ T8886] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  451.734570][ T8886] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  452.221632][ T8896] loop6: detected capacity change from 0 to 2560
[  452.251645][ T6408] buffer_io_error: 4 callbacks suppressed
[  452.251662][ T6408] Buffer I/O error on dev loop6, logical block 0, async page read
[  452.401826][ T6408] Buffer I/O error on dev loop6, logical block 0, async page read
[  452.416049][ T6408] Buffer I/O error on dev loop6, logical block 0, async page read
[  452.425561][ T6408] Buffer I/O error on dev loop6, logical block 0, async page read
[  452.459869][ T6408] Buffer I/O error on dev loop6, logical block 0, async page read
[  452.481947][ T6408] Buffer I/O error on dev loop6, logical block 0, async page read
[  452.506307][ T6408] Buffer I/O error on dev loop6, logical block 0, async page read
[  452.532713][ T6408] Buffer I/O error on dev loop6, logical block 0, async page read
[  452.565485][ T8901] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  452.596013][ T6408] ldm_validate_partition_table(): Disk read failed.
[  452.632384][ T6408] Buffer I/O error on dev loop6, logical block 0, async page read
[  452.644283][ T6408] Buffer I/O error on dev loop6, logical block 0, async page read
[  452.654894][ T6408] Dev loop6: unable to read RDB block 0
[  452.669793][ T6408]  loop6: unable to read partition table
[  452.691604][ T8896] ldm_validate_partition_table(): Disk read failed.
[  452.705985][ T8896] Dev loop6: unable to read RDB block 0
[  452.714531][ T8896]  loop6: unable to read partition table
[  452.766356][ T8896] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  453.075851][ T5206] ldm_validate_partition_table(): Disk read failed.
[  453.100294][ T5206] Dev loop6: unable to read RDB block 0
[  453.117343][ T5206]  loop6: unable to read partition table
[  453.648767][   T48] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  454.127759][ T5847] Bluetooth: hci2: command tx timeout
[  454.909386][   T48] usb 4-1: config 0 has an invalid descriptor of length 191, skipping remainder of the config
[  454.921304][   T48] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  454.966759][   T48] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 33536, setting to 64
[  455.271527][   T48] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  455.421734][   T48] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  455.442438][   T48] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  455.456515][   T48] usb 4-1: Manufacturer: syz
[  455.485659][   T48] usb 4-1: config 0 descriptor??
[  456.437215][ T5847] Bluetooth: hci2: command tx timeout
[  456.687022][ T8941] Invalid logical block size (3)
[  457.888667][   T48] rc_core: IR keymap rc-hauppauge not found
[  458.856611][ T5847] Bluetooth: hci2: command tx timeout
[  458.862696][   T48] Registered IR keymap rc-empty
[  458.887840][   T48] mceusb 4-1:0.0: Error: mce write urb status = -71
[  459.466038][   T48] mceusb 4-1:0.0: Error: mce write urb status = -71
[  459.482493][ T8884] chnl_net:caif_netlink_parms(): no params data found
[  459.598095][   T48] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  459.668607][   T48] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input7
[  459.706225][   T48] mceusb 4-1:0.0: Error: mce write urb status = -71
[  459.756763][   T48] mceusb 4-1:0.0: Error: mce write urb status = -71
[  459.782775][   T48] mceusb 4-1:0.0: Error: mce write urb status = -71
[  459.826166][   T48] mceusb 4-1:0.0: Error: mce write urb status = -71
[  459.886884][   T48] mceusb 4-1:0.0: Error: mce write urb status = -71
[  459.971208][   T48] mceusb 4-1:0.0: Error: mce write urb status = -71
[  460.601481][   T48] mceusb 4-1:0.0: Error: mce write urb status = -71
[  460.649592][   T48] mceusb 4-1:0.0: Error: mce write urb status = -71
[  460.942915][ T5847] Bluetooth: hci2: command tx timeout
[  461.156770][   T48] mceusb 4-1:0.0: Error: mce write urb status = -71
[  461.772621][   T48] mceusb 4-1:0.0: Error: mce write urb status = -71
[  461.815966][   T48] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[  461.845108][   T48] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  461.940189][   T48] usb 4-1: USB disconnect, device number 4
[  462.025249][ T8884] bridge0: port 1(bridge_slave_0) entered blocking state
[  462.082324][ T8884] bridge0: port 1(bridge_slave_0) entered disabled state
[  462.130409][ T8884] bridge_slave_0: entered allmulticast mode
[  462.186347][ T8884] bridge_slave_0: entered promiscuous mode
[  462.289594][ T8884] bridge0: port 2(bridge_slave_1) entered blocking state
[  462.330351][ T8884] bridge0: port 2(bridge_slave_1) entered disabled state
[  462.370884][ T8884] bridge_slave_1: entered allmulticast mode
[  462.411248][ T8884] bridge_slave_1: entered promiscuous mode
[  463.579477][ T8884] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  463.812625][ T8884] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  467.182301][   T36] bridge_slave_1: left allmulticast mode
[  467.307278][   T36] bridge_slave_1: left promiscuous mode
[  467.323363][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  467.347536][   T36] bridge_slave_0: left allmulticast mode
[  467.353287][   T36] bridge_slave_0: left promiscuous mode
[  467.405084][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  472.794510][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  472.876836][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  472.915879][   T36] bond0 (unregistering): Released all slaves
[  472.952318][ T9036] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  472.995703][ T8884] team0: Port device team_slave_0 added
[  473.022705][ T8884] team0: Port device team_slave_1 added
[  473.482711][ T8884] batman_adv: batadv0: Adding interface: batadv_slave_0
[  473.556552][ T8884] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  473.582454][    C1] vkms_vblank_simulate: vblank timer overrun
[  473.594791][ T8884] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  474.224569][   T36] hsr_slave_0: left promiscuous mode
[  474.255102][   T36] hsr_slave_1: left promiscuous mode
[  474.295659][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  474.341880][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  474.358193][ T9095] netlink: 'syz.1.671': attribute type 4 has an invalid length.
[  474.366938][ T9095] netlink: 17 bytes leftover after parsing attributes in process `syz.1.671'.
[  475.435972][ T9087] delete_channel: no stack
[  476.368786][   T36] team0 (unregistering): Port device team_slave_1 removed
[  476.431637][   T36] team0 (unregistering): Port device team_slave_0 removed
[  476.753640][ T8884] batman_adv: batadv0: Adding interface: batadv_slave_1
[  476.764577][ T8884] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  476.792217][ T8884] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  478.709827][ T8884] hsr_slave_0: entered promiscuous mode
[  478.782996][ T8884] hsr_slave_1: entered promiscuous mode
[  478.796882][ T8884] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  478.804511][ T8884] Cannot create hsr debugfs directory
[  478.891519][ T1035] Bluetooth: hci4: Frame reassembly failed (-84)
[  479.250628][ T9134] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  480.926723][ T5847] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  480.927035][ T8886] Bluetooth: hci4: command 0x1003 tx timeout
[  480.999867][ T9144] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  481.134892][ T9154] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  481.584250][ T8884] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  481.610997][ T8884] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  481.653734][ T8884] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  481.692007][ T8884] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  481.759586][  T977] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  481.988596][  T977] usb 2-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  482.232013][  T977] usb 2-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1
[  482.484112][  T977] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  482.495598][  T977] usb 2-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101
[  482.619806][  T977] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  482.783180][  T977] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  482.851989][ T8884] 8021q: adding VLAN 0 to HW filter on device bond0
[  483.678713][ T8884] 8021q: adding VLAN 0 to HW filter on device team0
[  484.022335][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  484.029615][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  484.074460][  T977] ath6kl: Failed to submit usb control message: -71
[  484.670395][  T977] ath6kl: unable to send the bmi data to the device: -71
[  484.696442][  T977] ath6kl: Unable to send get target info: -71
[  484.710282][  T977] ath6kl: Failed to init ath6kl core: -71
[  484.774158][  T977] ath6kl_usb 2-1:4.0: probe with driver ath6kl_usb failed with error -71
[  484.791122][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state
[  484.798420][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state
[  484.838037][  T977] usb 2-1: USB disconnect, device number 7
[  484.962524][    C1] Illegal XDP return value 16128 on prog  (id 173) dev lo, expect packet loss!
[  486.333003][ T8884] 8021q: adding VLAN 0 to HW filter on device batadv0
[  489.086524][ T5955] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  489.866532][ T5955] usb 4-1: Using ep0 maxpacket: 16
[  489.910785][ T5955] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  489.938507][ T5955] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  490.111420][ T5955] usb 4-1: Product: syz
[  490.122583][ T5955] usb 4-1: Manufacturer: syz
[  490.127485][ T5955] usb 4-1: SerialNumber: syz
[  490.148482][ T5955] usb 4-1: config 0 descriptor??
[  491.936034][ T8884] veth0_vlan: entered promiscuous mode
[  491.953426][ T8884] veth1_vlan: entered promiscuous mode
[  491.990957][ T8884] veth0_macvtap: entered promiscuous mode
[  492.000905][ T8884] veth1_macvtap: entered promiscuous mode
[  492.074266][ T8884] batman_adv: batadv0: Interface activated: batadv_slave_0
[  492.146829][ T8884] batman_adv: batadv0: Interface activated: batadv_slave_1
[  492.698998][ T8884] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  492.753104][ T8884] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  492.880963][ T8884] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  493.752135][ T8884] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  493.892454][ T1150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  493.945125][ T1150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  494.190046][ T6034] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  494.222089][ T6034] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  495.992584][   T48] usb 4-1: USB disconnect, device number 5
[  501.106186][ T9372] libceph: resolve '.
[  501.106186][ T9372] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[  501.106186][ T9372] ' (ret=-3): failed
[  502.218260][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  502.224625][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  503.609765][ T9392] xt_bpf: check failed: parse error
[  505.277369][ T9405] netlink: 308 bytes leftover after parsing attributes in process `syz.4.718'.
[  505.287144][ T9405] netlink: 8 bytes leftover after parsing attributes in process `syz.4.718'.
[  505.300245][ T9405] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check.
[  508.119973][ T9425] netlink: 1041 bytes leftover after parsing attributes in process `syz.4.722'.
[  508.526508][ T9425] sp0: Synchronizing with TNC
[  508.846858][ T5955] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  509.169353][ T5955] usb 5-1: config 0 has an invalid interface number: 190 but max is 0
[  509.912470][ T5955] usb 5-1: config 0 has no interface number 0
[  509.921629][ T5955] usb 5-1: config 0 interface 190 has no altsetting 0
[  510.048444][ T5955] usb 5-1: string descriptor 0 read error: -71
[  510.079999][ T5955] usb 5-1: New USB device found, idVendor=0411, idProduct=017f, bcdDevice=85.ac
[  510.130132][ T5955] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.166782][ T5955] usb 5-1: config 0 descriptor??
[  510.189290][ T5955] usb 5-1: can't set config #0, error -71
[  510.235459][ T5955] usb 5-1: USB disconnect, device number 4
[  514.455366][ T9477] syz.3.733: attempt to access beyond end of device
[  514.455366][ T9477] loop7: rw=0, sector=0, nr_sectors = 1 limit=0
[  514.468865][ T9477] FAT-fs (loop7): unable to read boot sector
[  520.541646][ T9526] netlink: 8 bytes leftover after parsing attributes in process `syz.3.746'.
[  525.524876][   T10] IPVS: starting estimator thread 0...
[  525.788620][ T9565] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  525.946522][ T9566] IPVS: using max 28 ests per chain, 67200 per kthread
[  529.441711][ T9589] vcan0: tx drop: invalid da for name 0x00000000000000c7
[  530.482858][ T9598] sctp: failed to load transform for md5: -2
[  532.739434][ T9612] netlink: 132 bytes leftover after parsing attributes in process `syz.4.765'.
[  533.467793][ T9619] netlink: 4 bytes leftover after parsing attributes in process `syz.3.768'.
[  533.795554][ T9619] dummy0: entered promiscuous mode
[  533.805401][ T9619] macvtap1: entered promiscuous mode
[  533.814580][ T9619] macvtap1: entered allmulticast mode
[  533.872777][ T9619] dummy0: entered allmulticast mode
[  538.514011][ T9669] input: syz0 as /devices/virtual/input/input8
[  541.347731][ T9689] ttyS ttyS3: ldisc open failed (-12), clearing slot 3
[  544.893540][ T9724] netlink: 60 bytes leftover after parsing attributes in process `syz.1.787'.
[  544.904552][ T9724] unsupported nlmsg_type 40
[  557.007308][ T9783] overlayfs: failed to clone upperpath
[  561.087972][ T8886] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  561.098167][ T8886] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  561.105982][ T8886] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  561.117054][ T8886] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  561.129884][ T8886] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  561.823015][ T9819] netlink: 'syz.3.806': attribute type 1 has an invalid length.
[  562.296250][ T9819] 8021q: adding VLAN 0 to HW filter on device bond2
[  562.910017][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  562.917736][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  563.359573][ T8886] Bluetooth: hci4: command tx timeout
[  564.202942][ T9824] 8021q: adding VLAN 0 to HW filter on device bond2
[  564.397068][ T9824] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[  564.483328][ T9851] netlink: 'syz.1.809': attribute type 10 has an invalid length.
[  564.569161][ T9852] netlink: 'syz.1.809': attribute type 10 has an invalid length.
[  564.577669][ T9852] netlink: 2 bytes leftover after parsing attributes in process `syz.1.809'.
[  565.058606][ T9824] bond2: (slave vxcan3): Error -95 calling set_mac_address
[  565.143566][ T9825] gretap1: entered promiscuous mode
[  565.194372][ T9825] bond2: (slave gretap1): making interface the new active one
[  565.227086][ T9825] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  565.321155][ T9819] macvlan2: entered promiscuous mode
[  565.327494][ T9819] macvlan2: entered allmulticast mode
[  565.333766][ T9819] bond2: entered promiscuous mode
[  565.349621][ T9819] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  565.374399][ T9819] bond2: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1
[  565.422386][ T8886] Bluetooth: hci4: command tx timeout
[  565.435190][ T9819] bond2: left promiscuous mode
[  565.532297][ T9851] batman_adv: batadv0: Adding interface: team0
[  565.538714][ T9851] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  565.564308][ T9851] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  565.619772][ T9868] netlink: 8 bytes leftover after parsing attributes in process `syz.4.811'.
[  565.997994][ T9852] team0: entered promiscuous mode
[  566.003867][ T9852] team_slave_0: entered promiscuous mode
[  566.013304][ T9852] team_slave_1: entered promiscuous mode
[  566.036097][ T9852] 8021q: adding VLAN 0 to HW filter on device team0
[  566.045997][ T9852] batman_adv: batadv0: Interface activated: team0
[  566.053941][ T9852] batman_adv: batadv0: Interface deactivated: team0
[  566.061163][ T9852] batman_adv: batadv0: Removing interface: team0
[  566.281164][ T9852] bridge0: port 4(team0) entered blocking state
[  566.288304][ T9852] bridge0: port 4(team0) entered disabled state
[  566.295005][ T9852] team0: entered allmulticast mode
[  566.303323][ T9852] team_slave_0: entered allmulticast mode
[  566.311206][ T9852] team_slave_1: entered allmulticast mode
[  566.321661][ T9852] bridge0: port 4(team0) entered blocking state
[  566.328395][ T9852] bridge0: port 4(team0) entered forwarding state
[  566.496007][ T9853] syzkaller0: entered promiscuous mode
[  566.514684][ T9853] syzkaller0: entered allmulticast mode
[  566.591908][ T1109] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  567.259822][ T9879] netlink: 'syz.1.814': attribute type 10 has an invalid length.
[  567.576476][ T8886] Bluetooth: hci4: command tx timeout
[  567.680766][ T9885] TCP: out of memory -- consider tuning tcp_mem
[  567.700167][ T1109] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  567.808256][ T9879] bridge0: port 3(syz_tun) entered disabled state
[  567.815012][ T9879] syz_tun: left allmulticast mode
[  567.820303][ T9879] bridge0: port 3(syz_tun) entered disabled state
[  567.833093][ T9879] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  567.996903][ T1109] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  568.426265][   T30] audit: type=1804 audit(1751998932.907:9): pid=9902 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.817" name="file0" dev="tmpfs" ino=1046 res=1 errno=0
[  569.011853][ T5955] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  569.024519][ T1109] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  569.189270][ T5955] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  569.209832][ T5955] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  569.219098][ T5955] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  569.240115][ T5955] usb 6-1: config 0 descriptor??
[  569.453508][ T9898] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  569.462376][ T9898] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  569.647307][ T8886] Bluetooth: hci4: command tx timeout
[  570.209385][ T9809] chnl_net:caif_netlink_parms(): no params data found
[  570.382977][ T5955] ath6kl: Failed to read usb control message: -71
[  570.522737][ T5955] ath6kl: Unable to read the bmi data from the device: -71
[  570.747332][ T5955] ath6kl: Unable to recv target info: -71
[  571.059609][ T5955] ath6kl: Failed to init ath6kl core: -71
[  571.065945][ T5955] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -71
[  571.135562][ T5955] usb 6-1: USB disconnect, device number 2
[  571.453324][ T9932] netlink: 'syz.5.822': attribute type 10 has an invalid length.
[  571.502532][ T9932] netlink: 40 bytes leftover after parsing attributes in process `syz.5.822'.
[  571.579167][ T9932] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  571.619683][ T9809] bridge0: port 1(bridge_slave_0) entered blocking state
[  571.661419][ T9809] bridge0: port 1(bridge_slave_0) entered disabled state
[  571.698427][ T9809] bridge_slave_0: entered allmulticast mode
[  571.726828][ T9809] bridge_slave_0: entered promiscuous mode
[  571.749510][ T9809] bridge0: port 2(bridge_slave_1) entered blocking state
[  571.941132][ T9809] bridge0: port 2(bridge_slave_1) entered disabled state
[  571.961729][ T9809] bridge_slave_1: entered allmulticast mode
[  571.971407][ T9809] bridge_slave_1: entered promiscuous mode
[  572.240055][ T9809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  572.287453][ T1109] bridge_slave_1: left allmulticast mode
[  572.596661][ T1109] bridge_slave_1: left promiscuous mode
[  572.619591][ T1109] bridge0: port 2(bridge_slave_1) entered disabled state
[  572.855609][ T1109] bridge_slave_0: left allmulticast mode
[  572.992958][ T1109] bridge_slave_0: left promiscuous mode
[  573.096997][ T1109] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.342366][ T9979] loop9: detected capacity change from 0 to 7
[  576.353061][ T9979] buffer_io_error: 43 callbacks suppressed
[  576.353079][ T9979] Buffer I/O error on dev loop9, logical block 0, async page read
[  576.367749][ T9979] Buffer I/O error on dev loop9, logical block 0, async page read
[  576.376828][ T9979] Buffer I/O error on dev loop9, logical block 0, async page read
[  576.385004][ T9979] Buffer I/O error on dev loop9, logical block 0, async page read
[  576.395000][ T9979] Buffer I/O error on dev loop9, logical block 0, async page read
[  576.403692][ T9979] Buffer I/O error on dev loop9, logical block 0, async page read
[  576.412548][ T9979] Buffer I/O error on dev loop9, logical block 0, async page read
[  576.420961][ T9979] ldm_validate_partition_table(): Disk read failed.
[  576.428004][ T9979] Buffer I/O error on dev loop9, logical block 0, async page read
[  576.437280][ T9979] Buffer I/O error on dev loop9, logical block 0, async page read
[  576.446098][ T9979] Buffer I/O error on dev loop9, logical block 0, async page read
[  576.456590][ T9979] Dev loop9: unable to read RDB block 0
[  576.463397][ T9979]  loop9: unable to read partition table
[  576.470111][ T9979] loop9: partition table beyond EOD, truncated
[  576.476816][ T9979] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  576.476816][ T9979] 
) failed (rc=-5)
[  578.337475][ T1109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  578.387680][ T1109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  578.438789][ T1109] bond0 (unregistering): Released all slaves
[  578.514894][ T9809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  579.737281][ T9951] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  579.746780][ T9951] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  579.756639][ T9951] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  581.576229][ T9997] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  581.923510][ T9809] team0: Port device team_slave_0 added
[  582.841519][ T9809] team0: Port device team_slave_1 added
[  587.317352][ T1109] hsr_slave_0: left promiscuous mode
[  588.009739][ T1109] hsr_slave_1: left promiscuous mode
[  588.199873][ T1109] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  588.220832][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_0
[  588.260306][ T1109] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  588.270819][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_1
[  588.658358][T10051] overlayfs: missing 'lowerdir'
[  588.675661][ T1109] veth1_macvtap: left promiscuous mode
[  588.720345][T10051] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  589.577475][ T1109] veth0_macvtap: left promiscuous mode
[  589.583232][ T1109] veth1_vlan: left promiscuous mode
[  589.590127][ T1109] veth0_vlan: left promiscuous mode
[  592.666148][ T5915] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  592.957564][ T5915] usb 6-1: Using ep0 maxpacket: 32
[  592.965324][ T5915] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  592.973871][ T5915] usb 6-1: config 0 has no interface number 0
[  592.991063][ T5915] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  593.001510][ T5915] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  593.010322][ T5915] usb 6-1: Product: syz
[  593.014534][ T5915] usb 6-1: Manufacturer: syz
[  593.020812][ T5915] usb 6-1: SerialNumber: syz
[  593.037683][ T5915] usb 6-1: config 0 descriptor??
[  593.050247][ T5915] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  593.110571][ T1109] team0 (unregistering): Port device team_slave_1 removed
[  593.164927][ T1109] team0 (unregistering): Port device team_slave_0 removed
[  593.301492][ T5915] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  593.342608][ T5915] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  593.633532][ T9809] batman_adv: batadv0: Adding interface: batadv_slave_0
[  593.640925][ T9809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  593.668338][ T9809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  593.845351][ T9809] batman_adv: batadv0: Adding interface: batadv_slave_1
[  593.893330][ T9809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  593.952162][ T9809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  598.245736][    C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  598.696867][ T5951] usb 6-1: USB disconnect, device number 3
[  598.752438][ T5951] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  599.165893][ T5951] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  599.241760][ T5951] quatech2 6-1:0.51: device disconnected
[  600.785883][ T9809] hsr_slave_0: entered promiscuous mode
[  601.037651][ T9809] hsr_slave_1: entered promiscuous mode
[  601.216752][ T9809] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  602.016310][ T9809] Cannot create hsr debugfs directory
[  604.517750][T10135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.862'.
[  605.348269][T10134] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[  605.808675][ T1211] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  606.083986][ T1211] usb 6-1: device descriptor read/64, error -71
[  606.371381][   T30] audit: type=1326 audit(1751998970.857:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10156 comm="syz.3.868" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa06178e929 code=0x0
[  606.686784][ T1211] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  606.846588][ T1211] usb 6-1: device descriptor read/64, error -71
[  606.900715][ T9809] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  606.941759][ T9809] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  606.967818][ T9809] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  607.007108][ T9809] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  607.022596][ T1211] usb usb6-port1: attempt power cycle
[  608.311245][ T1211] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  608.329872][ T9809] 8021q: adding VLAN 0 to HW filter on device bond0
[  608.419009][ T9809] 8021q: adding VLAN 0 to HW filter on device team0
[  608.443789][ T6135] bridge0: port 1(bridge_slave_0) entered blocking state
[  608.451086][ T6135] bridge0: port 1(bridge_slave_0) entered forwarding state
[  608.556487][ T1211] usb 6-1: device not accepting address 6, error -71
[  608.975102][ T9325] bridge0: port 2(bridge_slave_1) entered blocking state
[  608.982400][ T9325] bridge0: port 2(bridge_slave_1) entered forwarding state
[  611.242766][ T9809] 8021q: adding VLAN 0 to HW filter on device batadv0
[  614.810088][T10236] _�Z`Ԁ@: entered promiscuous mode
[  615.997170][ T5847] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  616.007960][ T5847] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  616.017326][ T5847] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  616.027783][ T5847] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  616.047377][ T5847] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  618.136541][ T8886] Bluetooth: hci2: command tx timeout
[  620.257081][ T8886] Bluetooth: hci2: command tx timeout
[  622.307715][ T8886] Bluetooth: hci2: command tx timeout
[  624.080716][T10263] chnl_net:caif_netlink_parms(): no params data found
[  624.241079][T10337] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  624.294887][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  624.301833][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  624.317276][T10337] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  624.342176][T10337] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  624.365935][T10337] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  624.366870][ T8886] Bluetooth: hci2: command tx timeout
[  624.403285][T10337] geneve2: entered promiscuous mode
[  624.446877][T10337] geneve2: entered allmulticast mode
[  624.459362][T10337] netdevsim netdevsim5 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[  624.487728][T10337] netdevsim netdevsim5 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  624.516763][T10337] netdevsim netdevsim5 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  624.525854][T10337] netdevsim netdevsim5 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  625.062168][T10352] syzkaller0: entered promiscuous mode
[  625.074664][T10352] syzkaller0: entered allmulticast mode
[  626.917861][T10375] netlink: 8 bytes leftover after parsing attributes in process `syz.1.901'.
[  627.177055][T10373] GUP no longer grows the stack in syz.5.900 (10373): 200000004000-20000000a000 (200000002000)
[  627.187800][T10373] CPU: 1 UID: 0 PID: 10373 Comm: syz.5.900 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) 
[  627.187817][T10373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  627.187830][T10373] Call Trace:
[  627.187840][T10373]  <TASK>
[  627.187846][T10373]  dump_stack_lvl+0x189/0x250
[  627.187872][T10373]  ? __pfx_dump_stack_lvl+0x10/0x10
[  627.187886][T10373]  ? __pfx__printk+0x10/0x10
[  627.187901][T10373]  ? find_vma+0xe7/0x160
[  627.187929][T10373]  __get_user_pages+0x2a60/0x30b0
[  627.187968][T10373]  ? __pfx___get_user_pages+0x10/0x10
[  627.187990][T10373]  get_user_pages_remote+0x2f9/0xaa0
[  627.188007][T10373]  ? __pfx_mtree_load+0x10/0x10
[  627.188031][T10373]  ? __pfx_get_user_pages_remote+0x10/0x10
[  627.188054][T10373]  __access_remote_vm+0x215/0x5f0
[  627.188078][T10373]  ? __pfx___access_remote_vm+0x10/0x10
[  627.188098][T10373]  ? alloc_pages_noprof+0xbe/0x190
[  627.188122][T10373]  proc_pid_cmdline_read+0x440/0x840
[  627.188150][T10373]  ? __asan_memset+0x22/0x50
[  627.188177][T10373]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  627.188199][T10373]  ? rw_verify_area+0x258/0x650
[  627.188219][T10373]  vfs_readv+0x5a7/0x850
[  627.188231][T10373]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  627.188252][T10373]  ? __pfx_vfs_readv+0x10/0x10
[  627.188274][T10373]  ? __fget_files+0x2a/0x420
[  627.188289][T10373]  ? __fget_files+0x3a0/0x420
[  627.188300][T10373]  ? __fget_files+0x2a/0x420
[  627.188317][T10373]  __x64_sys_preadv+0x197/0x2a0
[  627.188351][T10373]  ? __pfx___x64_sys_preadv+0x10/0x10
[  627.188386][T10373]  ? rcu_is_watching+0x15/0xb0
[  627.188407][T10373]  ? do_syscall_64+0xbe/0x3b0
[  627.188423][T10373]  do_syscall_64+0xfa/0x3b0
[  627.188435][T10373]  ? lockdep_hardirqs_on+0x9c/0x150
[  627.188461][T10373]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  627.188475][T10373]  ? clear_bhb_loop+0x60/0xb0
[  627.188492][T10373]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  627.188506][T10373] RIP: 0033:0x7fcace18e929
[  627.188523][T10373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  627.188535][T10373] RSP: 002b:00007fcacefdb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  627.188551][T10373] RAX: ffffffffffffffda RBX: 00007fcace3b5fa0 RCX: 00007fcace18e929
[  627.188561][T10373] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000005
[  627.188570][T10373] RBP: 00007fcace210b39 R08: 0000000021000008 R09: 0000000000000000
[  627.188579][T10373] R10: 0000000000000304 R11: 0000000000000246 R12: 0000000000000000
[  627.188587][T10373] R13: 0000000000000000 R14: 00007fcace3b5fa0 R15: 00007ffcc9dd6118
[  627.188610][T10373]  </TASK>
[  627.456058][    C1] vkms_vblank_simulate: vblank timer overrun
[  628.579033][T10263] bridge0: port 1(bridge_slave_0) entered blocking state
[  628.614616][T10263] bridge0: port 1(bridge_slave_0) entered disabled state
[  629.247487][T10263] bridge_slave_0: entered allmulticast mode
[  629.255207][T10263] bridge_slave_0: entered promiscuous mode
[  629.382380][T10263] bridge0: port 2(bridge_slave_1) entered blocking state
[  629.438243][T10263] bridge0: port 2(bridge_slave_1) entered disabled state
[  629.445548][T10263] bridge_slave_1: entered allmulticast mode
[  629.458732][T10263] bridge_slave_1: entered promiscuous mode
[  630.909860][T10263] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  630.937449][ T6034] bridge_slave_1: left allmulticast mode
[  630.945717][ T6034] bridge_slave_1: left promiscuous mode
[  630.956770][ T6034] bridge0: port 2(bridge_slave_1) entered disabled state
[  631.583482][T10428] tipc: Failed to remove unknown binding: 66,1,1/1657526022:147657847/147657849
[  631.593032][T10428] tipc: Failed to remove unknown binding: 66,1,1/1657526022:147657847/147657849
[  632.139296][ T6034] bridge_slave_0: left allmulticast mode
[  632.184494][ T6034] bridge_slave_0: left promiscuous mode
[  632.376560][ T6034] bridge0: port 1(bridge_slave_0) entered disabled state
[  633.317510][T10434] nvme_fabrics: missing parameter 'transport=%s'
[  633.324165][T10434] nvme_fabrics: missing parameter 'nqn=%s'
[  633.626520][T10437] input: syz1 as /devices/virtual/input/input10
[  635.021163][T10447] loop9: detected capacity change from 0 to 7
[  635.033717][T10447] buffer_io_error: 4 callbacks suppressed
[  635.033733][T10447] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.048334][T10447] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.056759][T10447] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.065263][T10447] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.098238][T10447] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.107423][T10447] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.115820][T10447] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.123910][T10447] ldm_validate_partition_table(): Disk read failed.
[  635.132655][T10447] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.141193][T10447] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.163003][T10447] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.172428][T10447] Dev loop9: unable to read RDB block 0
[  635.180129][T10447]  loop9: unable to read partition table
[  635.186616][T10447] loop9: partition table beyond EOD, truncated
[  635.193119][T10447] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  635.193119][T10447] 
) failed (rc=-5)
[  637.031643][ T6034] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  637.051023][ T6034] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  637.063906][ T6034] bond0 (unregistering): Released all slaves
[  637.083017][T10414] 8021q: VLANs not supported on caif0
[  637.092569][T10263] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  638.313587][T10475] netlink: 'syz.3.921': attribute type 10 has an invalid length.
[  638.697882][ T1211] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  638.933503][ T1211] usb 6-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  638.985583][ T1211] usb 6-1: config 220 has 1 interface, different from the descriptor's value: 184
[  639.056002][ T1211] usb 6-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  639.115940][ T1211] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.366252][ T1211] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  639.514694][T10475] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  640.560163][T10263] team0: Port device team_slave_0 added
[  640.568101][ T1211] gspca_sn9c2028: read1 error -110
[  640.574608][ T1211] gspca_sn9c2028: read1 error -32
[  640.583360][ T1211] gspca_sn9c2028: read1 error -32
[  641.627279][ T1211] sn9c2028 6-1:220.0: probe with driver sn9c2028 failed with error -32
[  641.697747][T10263] team0: Port device team_slave_1 added
[  641.718853][  T977] usb 6-1: USB disconnect, device number 8
[  641.905928][T10492] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  641.933560][ T6034] hsr_slave_0: left promiscuous mode
[  642.585800][ T6034] hsr_slave_1: left promiscuous mode
[  642.605738][ T6034] batman_adv: batadv0: Removing interface: batadv_slave_0
[  642.658094][ T6034] batman_adv: batadv0: Removing interface: batadv_slave_1
[  643.022193][ T6034] team0 (unregistering): Port device team_slave_1 removed
[  643.062421][ T6034] team0 (unregistering): Port device team_slave_0 removed
[  643.398404][T10495] lo speed is unknown, defaulting to 1000
[  643.404551][T10495] lo speed is unknown, defaulting to 1000
[  643.412007][T10495] lo speed is unknown, defaulting to 1000
[  643.429096][T10495] infiniband s: RDMA CMA: cma_listen_on_dev, error -98
[  643.515324][T10495] lo speed is unknown, defaulting to 1000
[  643.520698][T10263] batman_adv: batadv0: Adding interface: batadv_slave_0
[  643.531072][T10263] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  643.589704][T10263] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  643.613821][T10495] lo speed is unknown, defaulting to 1000
[  643.615730][T10263] batman_adv: batadv0: Adding interface: batadv_slave_1
[  643.632927][T10263] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  643.664663][T10263] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  645.849837][T10495] lo speed is unknown, defaulting to 1000
[  645.858175][T10495] lo speed is unknown, defaulting to 1000
[  645.866566][T10495] lo speed is unknown, defaulting to 1000
[  646.304074][T10532] input: syz1 as /devices/virtual/input/input11
[  647.655410][T10263] hsr_slave_0: entered promiscuous mode
[  647.697480][T10263] hsr_slave_1: entered promiscuous mode
[  647.703816][T10263] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  647.756559][T10263] Cannot create hsr debugfs directory
[  651.748951][T10585] trusted_key: encrypted_key: insufficient parameters specified
[  661.756865][T10263] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  661.872494][T10263] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  662.002106][T10675] netlink: 'syz.4.961': attribute type 10 has an invalid length.
[  662.019363][T10675] netlink: 40 bytes leftover after parsing attributes in process `syz.4.961'.
[  662.088892][T10675] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  662.200226][T10263] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  662.207282][T10671] netlink: 52 bytes leftover after parsing attributes in process `syz.3.960'.
[  662.923054][T10263] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  664.375034][T10695] netlink: 4 bytes leftover after parsing attributes in process `syz.3.966'.
[  664.669486][T10695] team_slave_0: entered promiscuous mode
[  664.675439][T10695] team_slave_1: entered promiscuous mode
[  664.682823][T10695] macvtap2: entered promiscuous mode
[  664.692166][T10695] team0: entered promiscuous mode
[  664.699725][T10695] macvtap2: entered allmulticast mode
[  664.705293][T10695] team0: entered allmulticast mode
[  664.721882][T10695] team_slave_0: entered allmulticast mode
[  664.788078][T10695] team_slave_1: entered allmulticast mode
[  664.863309][T10695] 8021q: adding VLAN 0 to HW filter on device macvtap2
[  666.751134][T10263] 8021q: adding VLAN 0 to HW filter on device bond0
[  667.177952][T10263] 8021q: adding VLAN 0 to HW filter on device team0
[  669.183596][ T1150] bridge0: port 1(bridge_slave_0) entered blocking state
[  669.190942][ T1150] bridge0: port 1(bridge_slave_0) entered forwarding state
[  671.201806][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state
[  671.209424][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state
[  671.696404][T10735] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  672.666163][T10263] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  672.693725][T10740] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  675.687209][T10780] Device name cannot be null; rc = [-22]
[  676.056519][  T977] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  676.728141][  T977] usb 5-1: Using ep0 maxpacket: 8
[  676.908053][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  676.935126][  T977] usb 5-1: config 5 has an invalid interface number: 35 but max is 0
[  677.025658][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  677.039559][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  677.063399][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  677.074562][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  677.121281][  T977] usb 5-1: config 5 has no interface number 0
[  677.537117][  T977] usb 5-1: config 5 interface 35 altsetting 10 endpoint 0x5 has an invalid bInterval 64, changing to 10
[  677.549448][T10789] netlink: 'syz.3.981': attribute type 10 has an invalid length.
[  677.557671][T10789] hsr0: entered promiscuous mode
[  677.564694][  T977] usb 5-1: config 5 interface 35 has no altsetting 0
[  677.575173][T10789] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  677.586288][T10789] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  677.598821][T10789] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  677.607546][  T977] usb 5-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=d4.1b
[  677.649654][T10794] lo speed is unknown, defaulting to 1000
[  677.696583][  T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.756541][  T977] usb 5-1: Product: syz
[  677.774385][  T977] usb 5-1: Manufacturer: syz
[  677.794251][  T977] usb 5-1: SerialNumber: syz
[  677.890311][T10804] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  678.133770][T10794] chnl_net:caif_netlink_parms(): no params data found
[  679.573024][ T5847] Bluetooth: hci4: command tx timeout
[  680.910364][  T977] ttusbir 5-1:5.35: cannot find expected altsetting
[  681.532085][  T977] usb 5-1: USB disconnect, device number 5
[  681.711978][ T5847] Bluetooth: hci4: command tx timeout
[  683.726415][ T5847] Bluetooth: hci4: command tx timeout
[  685.088205][T10871] netlink: 40 bytes leftover after parsing attributes in process `syz.4.994'.
[  685.153754][T10870] tipc: Can't bind to reserved service type 0
[  685.733615][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  685.740093][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  685.799801][T10794] bridge0: port 1(bridge_slave_0) entered blocking state
[  685.807716][ T5847] Bluetooth: hci4: command tx timeout
[  685.821645][T10794] bridge0: port 1(bridge_slave_0) entered disabled state
[  685.829624][T10794] bridge_slave_0: entered allmulticast mode
[  685.837381][T10794] bridge_slave_0: entered promiscuous mode
[  686.808537][T10794] bridge0: port 2(bridge_slave_1) entered blocking state
[  687.615582][T10794] bridge0: port 2(bridge_slave_1) entered disabled state
[  687.644518][T10794] bridge_slave_1: entered allmulticast mode
[  687.826586][T10895] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  687.850224][T10794] bridge_slave_1: entered promiscuous mode
[  688.266623][    T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  688.601869][T10907] xt_hashlimit: size too large, truncated to 1048576
[  688.993915][    T9] usb 6-1: device descriptor read/64, error -71
[  689.546062][T10794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  689.587626][    T9] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  689.750108][    T9] usb 6-1: device descriptor read/64, error -71
[  690.370804][    T9] usb usb6-port1: attempt power cycle
[  690.389710][T10794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  690.522954][T10794] team0: Port device team_slave_0 added
[  690.541769][   T49] bridge_slave_1: left allmulticast mode
[  690.561713][   T49] bridge_slave_1: left promiscuous mode
[  690.573060][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  690.751523][   T49] bridge_slave_0: left allmulticast mode
[  690.773301][   T49] bridge_slave_0: left promiscuous mode
[  691.457959][    T9] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  691.509173][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  691.793056][T10924] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only
[  692.005086][    T9] usb 6-1: device descriptor read/8, error -71
[  698.515924][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  698.840629][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  698.910035][   T49] bond0 (unregistering): Released all slaves
[  698.959774][T10794] team0: Port device team_slave_1 added
[  699.439847][T10987] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  699.833131][T10794] batman_adv: batadv0: Adding interface: batadv_slave_0
[  699.840380][T10794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  700.121312][T10794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  701.176825][   T49] hsr_slave_0: left promiscuous mode
[  701.208468][   T49] hsr_slave_1: left promiscuous mode
[  701.645643][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  702.003564][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  702.213542][T11004] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1029'.
[  702.222665][T11004] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1029'.
[  707.710077][   T49] team0 (unregistering): Port device team_slave_1 removed
[  707.890101][   T49] team0 (unregistering): Port device team_slave_0 removed
[  709.800664][T10794] batman_adv: batadv0: Adding interface: batadv_slave_1
[  709.814111][T10794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  709.980308][T10794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  710.197150][T11044] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  710.217331][T11044] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  710.914049][T11044] bridge_slave_0: default FDB implementation only supports local addresses
[  712.168887][T11082] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1049'.
[  712.381290][T10794] hsr_slave_0: entered promiscuous mode
[  713.063831][T10794] hsr_slave_1: entered promiscuous mode
[  713.070340][T10794] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  713.078031][T10794] Cannot create hsr debugfs directory
[  713.463789][T11097] syz.1.1051: attempt to access beyond end of device
[  713.463789][T11097] loop3: rw=0, sector=0, nr_sectors = 1 limit=0
[  713.477298][T11097] FAT-fs (loop3): unable to read boot sector
[  715.671282][T11118] Device name cannot be null; rc = [-22]
[  720.204667][T10794] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  720.258744][T10794] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  720.278620][T11162] xt_connbytes: Forcing CT accounting to be enabled
[  720.285454][T11162] set match dimension is over the limit!
[  720.308517][T10794] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  720.327008][   T30] audit: type=1800 audit(1751999084.817:11): pid=11147 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.1.1063" name="/newroot/262/file0" dev="tmpfs" ino=1424 res=0 errno=0
[  720.369039][T10794] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  720.495759][T11173] syz.5.1068 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  720.508808][T11173] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 11173 comm: syz.5.1068)
[  720.525365][   T30] audit: type=1800 audit(1751999085.017:12): pid=11173 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.1068" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=30115 res=0 errno=0
[  721.623210][T10794] 8021q: adding VLAN 0 to HW filter on device bond0
[  722.923025][T10794] 8021q: adding VLAN 0 to HW filter on device team0
[  724.351050][ T1109] bridge0: port 1(bridge_slave_0) entered blocking state
[  724.358283][ T1109] bridge0: port 1(bridge_slave_0) entered forwarding state
[  724.371798][ T1109] bridge0: port 2(bridge_slave_1) entered blocking state
[  724.379069][ T1109] bridge0: port 2(bridge_slave_1) entered forwarding state
[  724.922141][T10794] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  725.708911][T10794] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  730.552899][T11231] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  730.713881][T10794] 8021q: adding VLAN 0 to HW filter on device batadv0
[  734.852705][T11282] siw: device registration error -23
[  738.795041][T11308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1094'.
[  739.792016][ T8886] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  739.818322][ T8886] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  739.828405][ T8886] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  739.838146][ T8886] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  739.845749][ T8886] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  740.042037][T11314] lo speed is unknown, defaulting to 1000
[  740.204344][T11320] syzkaller0: entered promiscuous mode
[  740.225727][T11320] syzkaller0: entered allmulticast mode
[  742.396173][ T8886] Bluetooth: hci2: command tx timeout
[  744.447676][ T5847] Bluetooth: hci2: command tx timeout
[  746.526892][ T5847] Bluetooth: hci2: command tx timeout
[  747.012744][T11378] overlayfs: failed to clone upperpath
[  747.564729][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  747.571228][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  748.270877][T11390] smk_cipso_doi:692 cipso add rc = -22
[  748.620670][ T5847] Bluetooth: hci2: command tx timeout
[  748.630220][T11387] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  748.639916][T11387] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  748.649630][T11387] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  750.017819][T11414] 9pnet_fd: Insufficient options for proto=fd
[  750.074489][T11314] chnl_net:caif_netlink_parms(): no params data found
[  751.731428][T11414] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1115'.
[  752.058558][T11423] bridge1: entered promiscuous mode
[  752.124667][T11427] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  752.435580][T11429] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1117'.
[  752.717988][T11440] netlink: 192 bytes leftover after parsing attributes in process `syz.3.1120'.
[  754.072147][T11466] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1121'.
[  754.546100][T11314] bridge0: port 1(bridge_slave_0) entered blocking state
[  754.553681][T11314] bridge0: port 1(bridge_slave_0) entered disabled state
[  754.601952][T11314] bridge_slave_0: entered allmulticast mode
[  754.634827][T11314] bridge_slave_0: entered promiscuous mode
[  754.660671][T11314] bridge0: port 2(bridge_slave_1) entered blocking state
[  754.689695][T11314] bridge0: port 2(bridge_slave_1) entered disabled state
[  754.948335][T11314] bridge_slave_1: entered allmulticast mode
[  754.983610][T11314] bridge_slave_1: entered promiscuous mode
[  756.238890][T11471] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  756.247773][T11471] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  756.257033][T11471] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  756.265833][T11471] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  756.275280][T11471] geneve2: entered allmulticast mode
[  756.580476][T11314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  756.648004][ T6142] bridge_slave_1: left allmulticast mode
[  756.653758][ T6142] bridge_slave_1: left promiscuous mode
[  756.660874][ T6142] bridge0: port 2(bridge_slave_1) entered disabled state
[  757.326927][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888056e63000: rx timeout, send abort
[  757.827900][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888056e60c00: rx timeout, send abort
[  757.837603][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888056e63000: abort rx timeout. Force session deactivation
[  757.863893][ T6142] bridge_slave_0: left allmulticast mode
[  757.882435][ T6142] bridge_slave_0: left promiscuous mode
[  757.900715][ T6142] bridge0: port 1(bridge_slave_0) entered disabled state
[  758.336339][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888056e60c00: abort rx timeout. Force session deactivation
[  763.999581][ T6142] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  764.060769][ T6142] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  764.154507][ T6142] bond0 (unregistering): Released all slaves
[  764.187296][T11314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  764.385631][T11561] hsr0: entered promiscuous mode
[  766.950845][ T6142] hsr_slave_0: left promiscuous mode
[  767.677058][ T6142] hsr_slave_1: left promiscuous mode
[  767.687159][ T6142] batman_adv: batadv0: Removing interface: batadv_slave_0
[  767.711433][ T6142] batman_adv: batadv0: Removing interface: batadv_slave_1
[  767.731271][T11610] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  768.213107][ T6142] team0 (unregistering): Port device team_slave_1 removed
[  768.281475][ T6142] team0 (unregistering): Port device team_slave_0 removed
[  769.515439][T11314] team0: Port device team_slave_0 added
[  769.769898][T11314] team0: Port device team_slave_1 added
[  771.077527][T11653] IPVS: set_ctl: invalid protocol: 44 172.20.20.187:20000
[  771.103213][T11653] netlink: 'syz.3.1155': attribute type 16 has an invalid length.
[  771.111695][T11653] netlink: 'syz.3.1155': attribute type 3 has an invalid length.
[  771.120398][T11653] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1155'.
[  772.006886][T11314] batman_adv: batadv0: Adding interface: batadv_slave_0
[  772.013907][T11314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  772.050548][T11314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  772.063232][T11314] batman_adv: batadv0: Adding interface: batadv_slave_1
[  772.070352][T11314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  772.096273][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.253695][T11314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  772.541855][T11664] netlink: 'syz.5.1156': attribute type 11 has an invalid length.
[  773.442519][T11314] hsr_slave_0: entered promiscuous mode
[  773.500912][T11314] hsr_slave_1: entered promiscuous mode
[  773.528072][T11314] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  773.536133][T11314] Cannot create hsr debugfs directory
[  779.523620][T11727] syz_tun: entered allmulticast mode
[  779.894841][T11732] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  779.960239][T11729] netlink: 'syz.5.1172': attribute type 14 has an invalid length.
[  779.976894][T11734] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1172'.
[  780.057597][T11724] syz_tun: left allmulticast mode
[  780.153176][T11314] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  780.223742][T11314] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  780.374109][T11314] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  780.402121][T11314] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  782.514607][T11314] 8021q: adding VLAN 0 to HW filter on device bond0
[  782.525014][T11761] lo speed is unknown, defaulting to 1000
[  782.550560][T11314] 8021q: adding VLAN 0 to HW filter on device team0
[  782.581241][ T1109] bridge0: port 1(bridge_slave_0) entered blocking state
[  782.588517][ T1109] bridge0: port 1(bridge_slave_0) entered forwarding state
[  782.658031][ T1109] bridge0: port 2(bridge_slave_1) entered blocking state
[  782.665385][ T1109] bridge0: port 2(bridge_slave_1) entered forwarding state
[  782.815136][T11790] sock: sock_set_timeout: `syz.5.1182' (pid 11790) tries to set negative timeout
[  782.922220][T11786] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  783.102602][T11314] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  783.125463][T11791] siw: device registration error -23
[  784.024854][T11314] 8021q: adding VLAN 0 to HW filter on device batadv0
[  784.779117][T11818] overlay: Unknown parameter '//file0'
[  784.873783][T11822] netlink: 'syz.4.1183': attribute type 10 has an invalid length.
[  785.108276][T11822] 8021q: adding VLAN 0 to HW filter on device team0
[  786.131976][T11827] overlay: ./file0 is not a directory
[  787.035372][T11826] Process accounting resumed
[  787.308930][T11314] veth0_vlan: entered promiscuous mode
[  787.437798][T11853] Invalid ELF header magic: != ELF
[  788.269433][T11314] veth1_vlan: entered promiscuous mode
[  788.812519][T11314] veth0_macvtap: entered promiscuous mode
[  788.859718][T11314] veth1_macvtap: entered promiscuous mode
[  788.913319][T11314] batman_adv: batadv0: Interface activated: batadv_slave_0
[  789.181413][T11314] batman_adv: batadv0: Interface activated: batadv_slave_1
[  789.610927][T11865] trusted_key: encrypted_key: insufficient parameters specified
[  790.226360][T11314] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  790.235217][T11314] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  790.766999][T11314] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  790.775850][T11314] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  791.165659][T11872] siw: device registration error -23
[  793.511090][T11893] netlink: 'syz.3.1195': attribute type 1 has an invalid length.
[  793.519380][T11893] netlink: 'syz.3.1195': attribute type 2 has an invalid length.
[  794.084642][T11893] : entered promiscuous mode
[  795.217829][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  795.225766][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  796.560590][T11919] syzkaller0: entered promiscuous mode
[  796.621559][T11919] syzkaller0: entered allmulticast mode
[  796.718449][T11837] libceph: connect (1)[c::]:6789 error -101
[  796.749136][T11927] ceph: No mds server is up or the cluster is laggy
[  796.759986][T11931] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1205'.
[  796.770355][T11837] libceph: mon0 (1)[c::]:6789 connect error
[  797.132694][ T8886] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  797.143746][ T8886] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  797.153453][ T8886] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  797.162408][ T8886] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  797.170986][ T8886] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  797.653445][ T6033] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  797.714010][T11937] lo speed is unknown, defaulting to 1000
[  797.789283][ T6033] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  797.887898][ T6033] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  798.079280][ T6033] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  798.417948][T11937] chnl_net:caif_netlink_parms(): no params data found
[  798.596542][ T6033] bridge_slave_1: left allmulticast mode
[  798.605877][ T6033] bridge_slave_1: left promiscuous mode
[  798.618878][ T6033] bridge0: port 2(bridge_slave_1) entered disabled state
[  798.630504][ T6033] bridge_slave_0: left allmulticast mode
[  798.636196][ T6033] bridge_slave_0: left promiscuous mode
[  798.643101][ T6033] bridge0: port 1(bridge_slave_0) entered disabled state
[  798.950185][ T6033] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  798.962544][ T6033] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  798.973836][ T6033] bond0 (unregistering): Released all slaves
[  799.091779][T11937] bridge0: port 1(bridge_slave_0) entered blocking state
[  799.102827][T11937] bridge0: port 1(bridge_slave_0) entered disabled state
[  799.115693][T11937] bridge_slave_0: entered allmulticast mode
[  799.130377][T11937] bridge_slave_0: entered promiscuous mode
[  799.151547][T11937] bridge0: port 2(bridge_slave_1) entered blocking state
[  799.172320][T11937] bridge0: port 2(bridge_slave_1) entered disabled state
[  799.184790][T11937] bridge_slave_1: entered allmulticast mode
[  799.201077][T11937] bridge_slave_1: entered promiscuous mode
[  799.247098][ T8886] Bluetooth: hci2: command tx timeout
[  799.308994][T11937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  799.345252][T11937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  799.393782][ T6033] hsr_slave_0: left promiscuous mode
[  799.403089][ T6033] hsr_slave_1: left promiscuous mode
[  799.415670][ T6033] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  799.427781][ T6033] batman_adv: batadv0: Removing interface: batadv_slave_0
[  799.436052][ T6033] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  799.451302][ T6033] batman_adv: batadv0: Removing interface: batadv_slave_1
[  799.487493][ T6033] veth1_macvtap: left promiscuous mode
[  799.493248][ T6033] veth0_macvtap: left promiscuous mode
[  799.506645][ T6033] veth1_vlan: left promiscuous mode
[  799.513309][ T6033] veth0_vlan: left promiscuous mode
[  800.091142][ T6033] team0 (unregistering): Port device team_slave_1 removed
[  800.135025][ T6033] team0 (unregistering): Port device team_slave_0 removed
[  800.591792][T11937] team0: Port device team_slave_0 added
[  800.604949][T11937] team0: Port device team_slave_1 added
[  800.680032][T11937] batman_adv: batadv0: Adding interface: batadv_slave_0
[  800.690379][T11937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  800.721538][T11937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  800.735761][T11937] batman_adv: batadv0: Adding interface: batadv_slave_1
[  800.742863][T11937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  800.771645][T11937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  800.858996][T11937] hsr_slave_0: entered promiscuous mode
[  800.871257][T11937] hsr_slave_1: entered promiscuous mode
[  800.885524][T11937] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  800.895461][T11937] Cannot create hsr debugfs directory
[  801.332078][ T8886] Bluetooth: hci2: command tx timeout
[  801.428846][T11937] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  801.443266][T11937] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  801.455031][T11937] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  801.467045][T11937] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  801.583500][T11937] 8021q: adding VLAN 0 to HW filter on device bond0
[  801.615106][T11937] 8021q: adding VLAN 0 to HW filter on device team0
[  801.630387][ T6033] bridge0: port 1(bridge_slave_0) entered blocking state
[  801.637508][ T6033] bridge0: port 1(bridge_slave_0) entered forwarding state
[  801.652964][ T6121] bridge0: port 2(bridge_slave_1) entered blocking state
[  801.660133][ T6121] bridge0: port 2(bridge_slave_1) entered forwarding state
[  801.974931][T11937] 8021q: adding VLAN 0 to HW filter on device batadv0
[  802.332664][T11937] veth0_vlan: entered promiscuous mode
[  802.353070][T11937] veth1_vlan: entered promiscuous mode
[  802.410891][T11937] veth0_macvtap: entered promiscuous mode
[  802.428600][T11937] veth1_macvtap: entered promiscuous mode
[  802.454208][T11937] batman_adv: batadv0: Interface activated: batadv_slave_0
[  802.472113][T11937] batman_adv: batadv0: Interface activated: batadv_slave_1
[  802.490505][T11937] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  802.502299][T11937] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  802.512492][T11937] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  802.521554][T11937] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  802.641669][ T6142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  802.662690][ T6142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  802.703979][ T6033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  802.714574][ T6033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  803.470281][ T8886] Bluetooth: hci2: command tx timeout
[  804.228643][T12041] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1218'.
[  805.560947][ T8886] Bluetooth: hci2: command tx timeout
[  805.988322][T12070] siw: device registration error -23
[  809.047218][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  809.053679][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  809.557853][T12091] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1219'.
[  814.409138][T12137] siw: device registration error -23
[  823.097736][T12188] Invalid ELF header magic: != ELF
[  826.446431][ T5847] Bluetooth: hci4: command 0x1003 tx timeout
[  826.453372][ T8886] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  829.813459][T12216] pim6reg: entered allmulticast mode
[  836.105178][T12258] overlayfs: failed to clone upperpath
[  836.155270][T12259] overlayfs: failed to clone upperpath
[  838.486462][T12279] 9pnet_virtio: no channels available for device syz
[  841.201322][T12283] sctp: failed to load transform for md5: -2
[  843.730001][T12327] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1267'.
[  851.561828][T12412] overlayfs: failed to clone upperpath
[  854.066056][T12427] trusted_key: syz.3.1289 sent an empty control message without MSG_MORE.
[  854.981186][   T30] audit: type=1326 audit(1751999219.477:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12436 comm="syz.7.1290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  855.054344][   T30] audit: type=1326 audit(1751999219.477:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12436 comm="syz.7.1290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  855.136319][   T30] audit: type=1326 audit(1751999219.477:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12436 comm="syz.7.1290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  855.443667][   T30] audit: type=1326 audit(1751999219.477:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12436 comm="syz.7.1290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  856.336600][   T30] audit: type=1326 audit(1751999219.597:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12436 comm="syz.7.1290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  856.567773][   T30] audit: type=1326 audit(1751999219.597:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12436 comm="syz.7.1290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  856.922551][   T30] audit: type=1326 audit(1751999219.607:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12436 comm="syz.7.1290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  857.316351][   T30] audit: type=1326 audit(1751999219.607:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12436 comm="syz.7.1290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  857.337845][    C1] vkms_vblank_simulate: vblank timer overrun
[  858.349823][   T30] audit: type=1326 audit(1751999219.607:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12436 comm="syz.7.1290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  858.371314][    C1] vkms_vblank_simulate: vblank timer overrun
[  858.945646][   T30] audit: type=1326 audit(1751999219.607:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12436 comm="syz.7.1290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  859.088907][T12475] loop6: detected capacity change from 0 to 63
[  859.207321][T12329] buffer_io_error: 9 callbacks suppressed
[  859.207340][T12329] Buffer I/O error on dev loop6, logical block 0, async page read
[  859.247007][T12329] Buffer I/O error on dev loop6, logical block 0, async page read
[  859.255497][T12329] Buffer I/O error on dev loop6, logical block 0, async page read
[  859.324795][T12329] Buffer I/O error on dev loop6, logical block 0, async page read
[  859.354273][T12329] Buffer I/O error on dev loop6, logical block 0, async page read
[  859.404884][T12475] Buffer I/O error on dev loop6, logical block 0, async page read
[  859.424120][T12475] Buffer I/O error on dev loop6, logical block 0, async page read
[  859.440666][T12475] Buffer I/O error on dev loop6, logical block 0, async page read
[  859.456882][T12475] Buffer I/O error on dev loop6, logical block 0, async page read
[  859.472816][T12475] Buffer I/O error on dev loop6, logical block 0, async page read
[  861.668806][T12493] dvmrp8: entered allmulticast mode
[  864.210941][T12515] x_tables: ip_tables: osf match: only valid for protocol 6
[  867.044656][T12538] block device autoloading is deprecated and will be removed.
[  867.060935][T12538] syz.7.1312: attempt to access beyond end of device
[  867.060935][T12538] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  868.449802][T12558] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input14
[  869.417477][T12569] af_packet: tpacket_rcv: packet too big, clamped from 32820 to 3952. macoff=96
[  870.117019][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  870.128119][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  873.072225][T12605] netlink: 52 bytes leftover after parsing attributes in process `syz.7.1325'.
[  881.884370][T12675] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1342'.
[  883.106287][T12689] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1347'.
[  883.246068][    T9] libceph: connect (1)[c::]:6789 error -101
[  883.262528][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  883.477116][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  883.477137][   T30] audit: type=1326 audit(1751999247.857:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12686 comm="syz.5.1347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcace18e929 code=0x7ffc0000
[  883.778866][    T9] libceph: connect (1)[c::]:6789 error -101
[  883.826108][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  883.835286][T12689] ceph: No mds server is up or the cluster is laggy
[  883.925694][   T30] audit: type=1326 audit(1751999248.277:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12686 comm="syz.5.1347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcace18e929 code=0x7ffc0000
[  884.016100][   T30] audit: type=1326 audit(1751999248.277:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12686 comm="syz.5.1347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fcace18e929 code=0x7ffc0000
[  884.750566][   T30] audit: type=1326 audit(1751999248.297:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12686 comm="syz.5.1347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcace18e929 code=0x7ffc0000
[  884.772452][   T30] audit: type=1326 audit(1751999248.297:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12686 comm="syz.5.1347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcace18e929 code=0x7ffc0000
[  884.889202][   T30] audit: type=1326 audit(1751999248.297:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12686 comm="syz.5.1347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fcace18e929 code=0x7ffc0000
[  884.946472][   T30] audit: type=1326 audit(1751999248.297:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12686 comm="syz.5.1347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcace18e929 code=0x7ffc0000
[  884.967970][    C1] vkms_vblank_simulate: vblank timer overrun
[  885.106325][   T30] audit: type=1326 audit(1751999248.297:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12686 comm="syz.5.1347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcace18e929 code=0x7ffc0000
[  885.136343][   T30] audit: type=1326 audit(1751999248.297:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12686 comm="syz.5.1347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fcace18e929 code=0x7ffc0000
[  885.522485][   T30] audit: type=1326 audit(1751999248.297:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12686 comm="syz.5.1347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcace18e929 code=0x7ffc0000
[  887.467770][T12733] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  887.475622][T12733] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  890.353633][T12774] No such timeout policy "syz1"
[  892.701542][T12796] virtio-fs: tag </dev/md0> not found
[  892.754756][T12796] netlink: 88 bytes leftover after parsing attributes in process `syz.7.1365'.
[  904.137921][T12893] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  904.872799][ T5828] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  906.654463][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  906.654483][   T30] audit: type=1326 audit(1751999271.117:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12903 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f284538e929 code=0x7ffc0000
[  906.842851][T12924] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  906.921698][   T30] audit: type=1326 audit(1751999271.117:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12903 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f284538e929 code=0x7ffc0000
[  906.946894][   T30] audit: type=1326 audit(1751999271.117:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12903 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f284538e929 code=0x7ffc0000
[  906.968367][    C1] vkms_vblank_simulate: vblank timer overrun
[  906.974564][   T30] audit: type=1326 audit(1751999271.117:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12903 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f284538e929 code=0x7ffc0000
[  907.021800][   T30] audit: type=1326 audit(1751999271.147:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12903 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f284538e929 code=0x7ffc0000
[  908.008940][   T30] audit: type=1326 audit(1751999271.147:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12903 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f284538e929 code=0x7ffc0000
[  908.079775][   T30] audit: type=1326 audit(1751999271.147:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12903 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f284538e929 code=0x7ffc0000
[  908.101271][    C1] vkms_vblank_simulate: vblank timer overrun
[  908.226915][   T30] audit: type=1326 audit(1751999271.497:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12903 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f284538e929 code=0x7ffc0000
[  908.254619][   T30] audit: type=1326 audit(1751999271.497:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12903 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f284538e929 code=0x7ffc0000
[  908.301485][   T30] audit: type=1326 audit(1751999271.497:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12903 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f284538e929 code=0x7ffc0000
[  910.857065][T12961] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1399'.
[  915.879803][T13020] xt_HMARK: proto mask must be zero with L3 mode
[  919.249669][    T9] IPVS: starting estimator thread 0...
[  919.436369][T13040] IPVS: using max 38 ests per chain, 91200 per kthread
[  919.918008][T13053] sctp: [Deprecated]: syz.5.1419 (pid 13053) Use of struct sctp_assoc_value in delayed_ack socket option.
[  919.918008][T13053] Use struct sctp_sack_info instead
[  920.119390][T13055] IPv6: NLM_F_CREATE should be specified when creating new route
[  922.595953][T13070] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1423'.
[  923.064858][T13083] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  923.092300][T13083] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  926.629394][T13106] Smack: "smack_inode_setsecurity" netlbl error 2.
[  929.624014][T13129] trusted_key: encrypted_key: insufficient parameters specified
[  931.571278][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  931.593777][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  934.314924][T13161] netlink: 104 bytes leftover after parsing attributes in process `syz.7.1443'.
[  936.696801][    C1] wlan0: beacon TX faster than countdown (channel/color switch) completion
[  937.061610][T13183] vivid-004: kernel_thread() failed
[  937.331319][T13188] mmap: syz.1.1452 (13188): VmData 45842432 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[  942.007510][T13215] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1459'.
[  947.997311][T13288] netlink: 'syz.3.1473': attribute type 1 has an invalid length.
[  951.661444][T13321] xt_hashlimit: max too large, truncated to 1048576
[  951.668572][T13321] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  952.521792][   T30] kauditd_printk_skb: 78 callbacks suppressed
[  952.521810][   T30] audit: type=1326 audit(1751999317.017:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13329 comm="syz.3.1488" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa06178e929 code=0x0
[  955.435560][T13345] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  955.460894][T13345] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  955.474145][T13345] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  956.555315][   T30] audit: type=1326 audit(1751999321.047:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13355 comm="syz.7.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  956.582340][   T30] audit: type=1326 audit(1751999321.047:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13355 comm="syz.7.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  956.606548][T13345] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  956.635155][   T30] audit: type=1326 audit(1751999321.047:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13355 comm="syz.7.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  956.660584][T13356] ceph: No mds server is up or the cluster is laggy
[  956.742607][   T30] audit: type=1326 audit(1751999321.047:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13355 comm="syz.7.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  957.686346][ T8886] Bluetooth: hci2: command 0x0c1a tx timeout
[  957.693088][ T8886] Bluetooth: hci5: command 0x041b tx timeout
[  957.850533][   T30] audit: type=1326 audit(1751999321.047:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13355 comm="syz.7.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  958.224357][   T30] audit: type=1326 audit(1751999321.077:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13355 comm="syz.7.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  958.246549][   T30] audit: type=1326 audit(1751999321.077:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13355 comm="syz.7.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  958.320627][   T30] audit: type=1326 audit(1751999321.077:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13355 comm="syz.7.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  958.426331][   T30] audit: type=1326 audit(1751999321.077:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13355 comm="syz.7.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  958.586505][   T30] audit: type=1326 audit(1751999321.077:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13355 comm="syz.7.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  958.668951][T13393] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  958.678219][T13393] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  959.286735][   T30] audit: type=1326 audit(1751999321.077:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13355 comm="syz.7.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  959.348758][   T30] audit: type=1326 audit(1751999321.077:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13355 comm="syz.7.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  959.372280][   T30] audit: type=1326 audit(1751999321.077:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13355 comm="syz.7.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb70658d290 code=0x7ffc0000
[  959.395037][   T30] audit: type=1326 audit(1751999321.077:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13355 comm="syz.7.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70658e929 code=0x7ffc0000
[  959.881311][T11938] Bluetooth: hci2: command 0x0c1a tx timeout
[  961.966471][T11938] Bluetooth: hci2: command 0x0c1a tx timeout
[  964.494713][T13440] overlayfs: failed to clone upperpath
[  965.170462][T13442] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1516'.
[  965.686452][T13452] overlayfs: failed to clone lowerpath
[  967.143776][T13458] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1521'.
[  969.247109][T13472] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  971.613263][T13500] overlayfs: failed to clone upperpath
[  972.946059][T13511] ubi31: attaching mtd0
[  972.955993][T13511] ubi31: scanning is finished
[  972.961027][T13511] ubi31: empty MTD device detected
[  973.310865][T13511] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  973.585413][T13519] IPVS: sync thread started: state = BACKUP, mcast_ifn = vlan0, syncid = 1, id = 0
[  973.652281][T13522] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1536'.
[  975.445608][ T8886] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  975.454643][ T8886] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  975.463312][ T8886] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  975.471297][ T8886] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  975.479591][ T8886] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  977.057738][T13539] ip6tnl1: entered promiscuous mode
[  977.063052][T13539] ip6tnl1: entered allmulticast mode
[  977.827577][ T8886] Bluetooth: hci4: command tx timeout
[  978.431324][ T6121] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  979.218712][T13551] lo speed is unknown, defaulting to 1000
[  979.224601][T13551] lo speed is unknown, defaulting to 1000
[  979.231136][T13551] lo speed is unknown, defaulting to 1000
[  979.245094][T13551] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  979.282756][T13551] lo speed is unknown, defaulting to 1000
[  979.290322][T13551] lo speed is unknown, defaulting to 1000
[  979.298430][T13551] lo speed is unknown, defaulting to 1000
[  979.306056][T13551] lo speed is unknown, defaulting to 1000
[  979.314812][T13551] lo speed is unknown, defaulting to 1000
[  979.464950][T13529] lo speed is unknown, defaulting to 1000
[  979.559134][T13564] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1546'.
[  979.632357][T13564] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1546'.
[  979.668124][ T6121] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  979.746406][T13529] lo speed is unknown, defaulting to 1000
[  979.971168][ T8886] Bluetooth: hci4: command tx timeout
[  980.003712][ T6121] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  980.268391][T13578] syz.4.1548: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  980.284099][T13578] CPU: 0 UID: 0 PID: 13578 Comm: syz.4.1548 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) 
[  980.284129][T13578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  980.284143][T13578] Call Trace:
[  980.284154][T13578]  <TASK>
[  980.284164][T13578]  dump_stack_lvl+0x189/0x250
[  980.284193][T13578]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  980.284227][T13578]  ? __pfx_dump_stack_lvl+0x10/0x10
[  980.284251][T13578]  ? __pfx__printk+0x10/0x10
[  980.284278][T13578]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  980.284305][T13578]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  980.284357][T13578]  warn_alloc+0x214/0x310
[  980.284384][T13578]  ? __pfx_warn_alloc+0x10/0x10
[  980.284411][T13578]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  980.284448][T13578]  ? __vmalloc_node_range_noprof+0xac/0x12f0
[  980.284480][T13578]  ? __vmalloc_node_range_noprof+0xdc/0x12f0
[  980.284514][T13578]  ? kasan_check_range+0x9/0x2c0
[  980.284551][T13578]  __vmalloc_node_range_noprof+0x125/0x12f0
[  980.284619][T13578]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  980.284660][T13578]  ? __kasan_kmalloc+0x93/0xb0
[  980.284693][T13578]  vmalloc_user_noprof+0xad/0xf0
[  980.284725][T13578]  ? xskq_create+0xbf/0x170
[  980.284758][T13578]  xskq_create+0xbf/0x170
[  980.284792][T13578]  xsk_init_queue+0xb0/0x110
[  980.284825][T13578]  xsk_setsockopt+0x43f/0x710
[  980.284851][T13578]  ? rcu_is_watching+0x15/0xb0
[  980.284878][T13578]  ? __pfx_xsk_setsockopt+0x10/0x10
[  980.284903][T13578]  ? rcu_read_unlock_special+0x3fe/0x4c0
[  980.284932][T13578]  ? __lock_acquire+0xab9/0xd20
[  980.284968][T13578]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  980.284998][T13578]  ? __pfx_xsk_setsockopt+0x10/0x10
[  980.285029][T13578]  do_sock_setsockopt+0x25a/0x3e0
[  980.285059][T13578]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  980.285091][T13578]  ? __fget_files+0x2a/0x420
[  980.285121][T13578]  __x64_sys_setsockopt+0x18b/0x220
[  980.285154][T13578]  do_syscall_64+0xfa/0x3b0
[  980.285173][T13578]  ? lockdep_hardirqs_on+0x9c/0x150
[  980.285204][T13578]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  980.285226][T13578]  ? clear_bhb_loop+0x60/0xb0
[  980.285252][T13578]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  980.285273][T13578] RIP: 0033:0x7f284538e929
[  980.285293][T13578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  980.285311][T13578] RSP: 002b:00007f28461b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  980.285334][T13578] RAX: ffffffffffffffda RBX: 00007f28455b6320 RCX: 00007f284538e929
[  980.285350][T13578] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009
[  980.285363][T13578] RBP: 00007f2845410b39 R08: 0000000000000052 R09: 0000000000000000
[  980.285377][T13578] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  980.285391][T13578] R13: 0000000000000000 R14: 00007f28455b6320 R15: 00007ffcf05bf0f8
[  980.285430][T13578]  </TASK>
[  980.285519][T13578] Mem-Info:
[  980.582280][T13578] active_anon:8962 inactive_anon:12870 isolated_anon:0
[  980.582280][T13578]  active_file:16510 inactive_file:41499 isolated_file:0
[  980.582280][T13578]  unevictable:768 dirty:351 writeback:0
[  980.582280][T13578]  slab_reclaimable:11137 slab_unreclaimable:108113
[  980.582280][T13578]  mapped:39389 shmem:15805 pagetables:1660
[  980.582280][T13578]  sec_pagetables:0 bounce:0
[  980.582280][T13578]  kernel_misc_reclaimable:0
[  980.582280][T13578]  free:1276595 free_pcp:15904 free_cma:0
[  980.628676][T13578] Node 0 active_anon:35848kB inactive_anon:51480kB active_file:65812kB inactive_file:165996kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:157552kB dirty:1396kB writeback:0kB shmem:61684kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13564kB pagetables:6496kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  980.662941][T13578] Node 1 active_anon:0kB inactive_anon:0kB active_file:228kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  980.694716][T13578] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  980.723934][T13578] lowmem_reserve[]: 0 2500 2502 2502 2502
[  980.730117][T13578] Node 0 DMA32 free:1184032kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:35844kB inactive_anon:51436kB active_file:64060kB inactive_file:165928kB unevictable:1536kB writepending:1392kB present:3129332kB managed:2560916kB mlocked:0kB bounce:0kB free_pcp:51416kB local_pcp:13824kB free_cma:0kB
[  980.763543][T13578] lowmem_reserve[]: 0 0 1 1 1
[  980.768529][T13578] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1752kB inactive_file:68kB unevictable:0kB writepending:4kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  980.798027][T13578] lowmem_reserve[]: 0 0 0 0 0
[  980.802846][T13578] Node 1 Normal free:3906968kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:228kB inactive_file:0kB unevictable:1536kB writepending:8kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:12184kB local_pcp:7552kB free_cma:0kB
[  980.835133][T13578] lowmem_reserve[]: 0 0 0 0 0
[  980.839981][T13578] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  980.852812][T13578] Node 0 DMA32: 976*4kB (UME) 565*8kB (UME) 311*16kB (UM) 295*32kB (UME) 56*64kB (UME) 46*128kB (UME) 10*256kB (UME) 23*512kB (ME) 15*1024kB (UME) 8*2048kB (UME) 270*4096kB (M) = 1184312kB
[  980.872016][T13578] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  980.884436][T13578] Node 1 Normal: 207*4kB (UE) 54*8kB (UME) 46*16kB (UE) 272*32kB (UME) 102*64kB (UME) 25*128kB (UE) 10*256kB (UM) 2*512kB (U) 2*1024kB (UE) 1*2048kB (E) 947*4096kB (M) = 3907020kB
[  980.902506][T13578] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  980.912132][T13578] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  980.921496][T13578] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  980.931519][T13578] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  980.941125][T13578] 73810 total pagecache pages
[  980.945855][T13578] 0 pages in swap cache
[  980.950050][T13578] Free swap  = 124996kB
[  980.954233][T13578] Total swap = 124996kB
[  980.958663][T13578] 2097051 pages RAM
[  980.962497][T13578] 0 pages HighMem/MovableOnly
[  980.967232][T13578] 424715 pages reserved
[  980.971423][T13578] 0 pages cma reserved
[  981.834910][ T6121] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  982.578224][ T8886] Bluetooth: hci4: command tx timeout
[  983.177790][T13529] chnl_net:caif_netlink_parms(): no params data found
[  984.606903][ T8886] Bluetooth: hci4: command tx timeout
[  985.317820][T13622] ieee802154 phy0 wpan0: encryption failed: -22
[  985.618258][ T6121] bridge_slave_1: left allmulticast mode
[  985.623949][ T6121] bridge_slave_1: left promiscuous mode
[  985.639227][ T6121] bridge0: port 2(bridge_slave_1) entered disabled state
[  985.658045][ T6121] bridge_slave_0: left allmulticast mode
[  985.664701][ T6121] bridge_slave_0: left promiscuous mode
[  985.830836][ T6121] bridge0: port 1(bridge_slave_0) entered disabled state
[  987.268436][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  987.268453][   T30] audit: type=1326 audit(1751999351.757:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13634 comm="syz.4.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f284538e929 code=0x7fc00000
[  991.684878][ T6121] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  992.159705][ T6121] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  992.188257][ T6121] bond0 (unregistering): Released all slaves
[  992.809208][T13529] bridge0: port 1(bridge_slave_0) entered blocking state
[  992.837143][T13529] bridge0: port 1(bridge_slave_0) entered disabled state
[  992.875022][T13529] bridge_slave_0: entered allmulticast mode
[  992.912745][T13529] bridge_slave_0: entered promiscuous mode
[  992.936855][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  992.944794][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  993.307902][T13706] program syz.4.1583 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  993.458560][T13529] bridge0: port 2(bridge_slave_1) entered blocking state
[  993.507849][T13529] bridge0: port 2(bridge_slave_1) entered disabled state
[  993.685891][T13708] overlay: Unknown parameter '/dev/cpu/#/msr'
[  993.850953][T13529] bridge_slave_1: entered allmulticast mode
[  993.860298][T13529] bridge_slave_1: entered promiscuous mode
[  995.582573][T13723] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[  996.671690][T13529] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  996.693921][T13529] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  998.580887][ T6121] hsr_slave_0: left promiscuous mode
[  998.917736][ T6121] hsr_slave_1: left promiscuous mode
[  999.503990][ T6121] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  999.513780][ T6121] batman_adv: batadv0: Removing interface: batadv_slave_0
[  999.814038][ T6121] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  999.863304][T13760] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1592'.
[  999.872521][ T6121] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1000.222772][ T6121] veth1_macvtap: left promiscuous mode
[ 1000.239920][ T6121] veth0_macvtap: left promiscuous mode
[ 1000.245807][ T6121] veth1_vlan: left promiscuous mode
[ 1000.251257][ T6121] veth0_vlan: left promiscuous mode
[ 1002.167473][ T6121] team0 (unregistering): Port device team_slave_1 removed
[ 1002.242362][ T6121] team0 (unregistering): Port device team_slave_0 removed
[ 1002.386491][T13779] IPVS: length: 91 != 24
[ 1003.630341][T13529] team0: Port device team_slave_0 added
[ 1003.840463][T13529] team0: Port device team_slave_1 added
[ 1003.894189][T13790] overlayfs: failed to clone upperpath
[ 1005.029240][T13529] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1005.046390][T13529] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1005.137202][T13529] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1005.237362][T13529] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1005.244438][T13529] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1005.270714][T13529] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1009.483374][T13529] hsr_slave_0: entered promiscuous mode
[ 1009.484385][T13529] hsr_slave_1: entered promiscuous mode
[ 1009.485116][T13529] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1009.485182][T13529] Cannot create hsr debugfs directory
[ 1012.079523][T13870] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1017.258818][T13923] overlayfs: failed to resolve './file0': -2
[ 1017.805121][T13931] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1628'.
[ 1018.573706][T13941] CUSE: unknown device info "�KJ�H+��ۤ2Lh��nL�1�`�Cc��n�����8���0���(�3նi��>f���_ٮ,��
�<�_e�F��"
[ 1018.585602][T13941] CUSE: unknown device info "3�ܟ�,��̘�"
[ 1018.591517][T13941] CUSE: unknown device info "J���2SZ�� !e/��������J�+-n��a4����D�|G$��5O~�q	��
[ 1018.591517][T13941] f����z��X�SA�x��j��T�ǔ��w���xR�ɐQ��(hҏj	p�VdY0��|M?2J��I�v�^
R�@��"
[ 1018.610287][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1018.612495][T13943] IPv6: NLM_F_REPLACE set, but no existing node found!
[ 1018.616522][T13941] CUSE: unknown device info "!To�}ݝ&|L+U��o��ϲ���"��FstV�:׌E�gJ�����<@c�����4�T�M�M|�����"
[ 1018.616537][T13941] CUSE: DEVNAME unspecified
[ 1018.816306][   T30] audit: type=1326 audit(1751999383.117:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13933 comm="syz.4.1630" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f284538e929 code=0x0
[ 1018.845539][T13529] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1019.840236][T13529] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1020.033473][T13950] fuse: Bad value for 'fd'
[ 1020.041022][T13529] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1020.093587][T13529] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1023.074104][T13529] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1023.124546][T13529] 8021q: adding VLAN 0 to HW filter on device team0
[ 1023.444820][T13529] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1023.941120][T13529] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1023.977792][ T6144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1023.985085][ T6144] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1024.064239][ T6144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1024.071515][ T6144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1024.243852][T13996] overlayfs: missing 'lowerdir'
[ 1024.410985][T13999] netdevsim netdevsim5 netdevsim0: entered promiscuous mode
[ 1024.418969][T13999] netdevsim netdevsim5 netdevsim0: entered allmulticast mode
[ 1024.433249][T13999] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1024.608224][T13998] syz_tun: entered allmulticast mode
[ 1024.620730][T13994] syz_tun: left allmulticast mode
[ 1028.329623][T14023] rdma_rxe: rxe_newlink: failed to add lo
[ 1030.242955][T13529] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1032.705575][T14078] netlink: 144 bytes leftover after parsing attributes in process `syz.5.1655'.
[ 1032.930194][    T9] libceph: connect (1)[c::]:6789 error -101
[ 1032.953926][    T9] libceph: mon0 (1)[c::]:6789 connect error
[ 1032.971807][T14083] ceph: No mds server is up or the cluster is laggy
[ 1033.911761][T11938] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1033.923981][T11938] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1033.943396][T11938] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1033.967596][T11938] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1033.981518][T11938] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1035.183088][T14108] veth0_to_team: entered promiscuous mode
[ 1035.189212][T14108] veth0_to_team: entered allmulticast mode
[ 1035.840840][T14100] lo speed is unknown, defaulting to 1000
[ 1035.850610][T14100] lo speed is unknown, defaulting to 1000
[ 1036.065526][ T8886] Bluetooth: hci2: command tx timeout
[ 1036.095419][T14122] syz.4.1662: attempt to access beyond end of device
[ 1036.095419][T14122] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1038.194581][ T8886] Bluetooth: hci2: command tx timeout
[ 1040.596047][ T8886] Bluetooth: hci2: command tx timeout
[ 1041.924413][T14164] tipc: Failed to remove unknown binding: 66,1,1/2896693141:3692495961/3692495963
[ 1041.974371][T14168] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[ 1042.099422][T14164] tipc: Failed to remove unknown binding: 66,1,1/2896693141:3692495961/3692495963
[ 1042.145440][T14164] tipc: Failed to remove unknown binding: 66,1,1/2896693141:3692495961/3692495963
[ 1042.165768][T14169] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1042.636321][ T8886] Bluetooth: hci2: command tx timeout
[ 1042.993932][T14165] tipc: Disabling bearer <eth:syzkaller0>
[ 1043.251539][T14100] chnl_net:caif_netlink_parms(): no params data found
[ 1044.369326][T14220] netlink: 126588 bytes leftover after parsing attributes in process `syz.3.1680'.
[ 1044.522157][ T1150] bridge_slave_1: left allmulticast mode
[ 1044.540523][ T1150] bridge_slave_1: left promiscuous mode
[ 1044.565040][ T1150] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1044.670676][ T1150] bridge_slave_0: left allmulticast mode
[ 1044.689636][ T1150] bridge_slave_0: left promiscuous mode
[ 1044.704330][ T1150] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1047.742363][ T1150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1047.763168][ T1150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1047.774306][ T1150] bond0 (unregistering): Released all slaves
[ 1047.796568][T14100] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1047.804514][T14100] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1047.829125][T14100] bridge_slave_0: entered allmulticast mode
[ 1047.838436][T14100] bridge_slave_0: entered promiscuous mode
[ 1047.852970][T14100] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1047.860405][T14100] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1047.871754][T14100] bridge_slave_1: entered allmulticast mode
[ 1047.892347][T14100] bridge_slave_1: entered promiscuous mode
[ 1047.910816][T14250] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1049.124570][T14100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1050.157241][ T1150] hsr_slave_0: left promiscuous mode
[ 1050.164378][ T1150] hsr_slave_1: left promiscuous mode
[ 1050.454440][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1050.646154][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1052.929018][ T1150] team0 (unregistering): Port device team_slave_1 removed
[ 1052.984345][ T1150] team0 (unregistering): Port device team_slave_0 removed
[ 1053.865284][T14100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1054.257871][T14100] team0: Port device team_slave_0 added
[ 1054.490121][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.497010][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.965709][T14100] team0: Port device team_slave_1 added
[ 1055.477656][T14318] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1700'.
[ 1060.910227][T14100] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1060.927484][T14100] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1061.185123][T14100] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1061.214993][T14324] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1061.386040][T14100] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1061.478986][T14346] JFS: discard option not supported on device
[ 1061.489746][T14346] Mount JFS Failure: -22
[ 1061.494059][T14346] jfs_mount failed w/return code = -22
[ 1062.104304][T14100] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1062.369861][T14100] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1063.946851][T14362] set match dimension is over the limit!
[ 1064.687692][T14100] hsr_slave_0: entered promiscuous mode
[ 1064.694317][T14100] hsr_slave_1: entered promiscuous mode
[ 1064.906496][T14100] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1064.925702][T14100] Cannot create hsr debugfs directory
[ 1065.422554][T13398] schedule_timeout: wrong timeout value fffffffffffffff9
[ 1065.472785][T13398] CPU: 0 UID: 0 PID: 13398 Comm: vivid-000-vid-o Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) 
[ 1065.472814][T13398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1065.472826][T13398] Call Trace:
[ 1065.472834][T13398]  <TASK>
[ 1065.472843][T13398]  dump_stack_lvl+0x189/0x250
[ 1065.472873][T13398]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1065.472895][T13398]  ? __pfx__printk+0x10/0x10
[ 1065.472942][T13398]  schedule_timeout+0x1e1/0x270
[ 1065.472966][T13398]  ? __pfx_schedule_timeout+0x10/0x10
[ 1065.472999][T13398]  ? prepare_to_wait_event+0x437/0x480
[ 1065.473034][T13398]  vivid_thread_vid_out+0x139f/0x1c90
[ 1065.473092][T13398]  ? __pfx_vivid_thread_vid_out+0x10/0x10
[ 1065.473122][T13398]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1065.473147][T13398]  ? __kthread_parkme+0x7b/0x200
[ 1065.473168][T13398]  ? __kthread_parkme+0x1a1/0x200
[ 1065.473196][T13398]  kthread+0x711/0x8a0
[ 1065.473224][T13398]  ? __pfx_vivid_thread_vid_out+0x10/0x10
[ 1065.473241][T13398]  ? __pfx_kthread+0x10/0x10
[ 1065.473268][T13398]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1065.473293][T13398]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1065.473318][T13398]  ? __pfx_kthread+0x10/0x10
[ 1065.473343][T13398]  ret_from_fork+0x3f9/0x770
[ 1065.473365][T13398]  ? __pfx_ret_from_fork+0x10/0x10
[ 1065.473389][T13398]  ? __switch_to_asm+0x39/0x70
[ 1065.473410][T13398]  ? __switch_to_asm+0x33/0x70
[ 1065.473431][T13398]  ? __pfx_kthread+0x10/0x10
[ 1065.473456][T13398]  ret_from_fork_asm+0x1a/0x30
[ 1065.473494][T13398]  </TASK>
[ 1065.989181][T14390] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1715'.
[ 1066.158071][T14391] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1066.867859][T14397] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1715'.
[ 1067.010824][T14390] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1715'.
[ 1069.016759][T14416] tipc: Enabled bearer <eth:vlan0>, priority 10
[ 1069.632504][T14425] nfs: Unknown parameter '��������'
[ 1070.499112][T14433] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1070.637025][T14438] syzkaller0: entered promiscuous mode
[ 1070.645479][T14438] syzkaller0: entered allmulticast mode
[ 1071.312016][T14445] tipc: Resetting bearer <eth:syzkaller0>
[ 1071.816656][T14431] tipc: Resetting bearer <eth:syzkaller0>
[ 1073.957637][T14431] tipc: Disabling bearer <eth:syzkaller0>
[ 1073.987768][T14466] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1729'.
[ 1074.376604][T14475] overlayfs: failed to clone lowerpath
[ 1074.468141][T14476] overlayfs: failed to clone upperpath
[ 1076.470046][T14100] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1076.649996][T14100] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1076.893141][T14100] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1077.911160][T14100] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1078.361411][T14520] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1738'.
[ 1078.370861][T14520] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1738'.
[ 1078.443730][T14521] netlink: 'syz.1.1738': attribute type 1 has an invalid length.
[ 1079.081839][T14523] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1079.143161][T14525] batadv1: entered promiscuous mode
[ 1079.152283][T14528] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1744'.
[ 1079.285104][T14530] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[ 1080.080366][T14100] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1080.121909][T14100] 8021q: adding VLAN 0 to HW filter on device team0
[ 1080.169033][ T6033] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1080.176262][ T6033] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1080.188574][T14535] netlink: 'syz.5.1745': attribute type 39 has an invalid length.
[ 1080.197984][    T9] tipc: Node number set to 143415860
[ 1080.366825][ T6033] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1080.374022][ T6033] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1083.011852][T14543] tipc: Enabled bearer <eth:vlan0>, priority 10
[ 1084.261207][T14563] xt_connbytes: Forcing CT accounting to be enabled
[ 1084.268245][T14563] Cannot find set identified by id 0 to match
[ 1086.709416][T14100] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1089.204911][T14580] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1090.365354][T14601] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1757'.
[ 1094.486777][T14628] ubi31: attaching mtd0
[ 1094.493231][T14628] ubi31: scanning is finished
[ 1095.329802][T14628] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[ 1095.337597][T14628] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[ 1095.345362][T14628] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[ 1095.352568][T14628] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[ 1095.360201][T14628] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[ 1095.367231][T14628] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[ 1095.375421][T14628] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 152803255
[ 1095.385612][T14628] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[ 1095.420887][T14642] ubi31: background thread "ubi_bgt31d" started, PID 14642
[ 1098.715090][T14664] batadv1: entered promiscuous mode
[ 1100.181149][T14682] overlayfs: failed to clone upperpath
[ 1100.917054][T11938] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1100.947887][T11938] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1100.970245][T11938] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1100.996506][T11938] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1101.016414][T11938] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1103.239490][T11938] Bluetooth: hci4: command tx timeout
[ 1103.259029][T14684] lo speed is unknown, defaulting to 1000
[ 1103.260629][T14684] lo speed is unknown, defaulting to 1000
[ 1103.909011][T14709] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nbd4": -EINTR
[ 1103.974052][T14706] tty tty28: ldisc open failed (-12), clearing slot 27
[ 1104.311091][T14716] netlink: 'syz.3.1776': attribute type 10 has an invalid length.
[ 1104.320636][T14707] kthread_run failed with err -4
[ 1105.272197][T11938] Bluetooth: hci4: command tx timeout
[ 1105.579421][T14716] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1105.586953][T14716] bond0: entered promiscuous mode
[ 1105.591998][T14716] bond_slave_0: entered promiscuous mode
[ 1105.597884][T14716] bond_slave_1: entered promiscuous mode
[ 1105.603655][T14716] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode
[ 1105.610876][T14716] bond0: entered allmulticast mode
[ 1105.615995][T14716] bond_slave_0: entered allmulticast mode
[ 1105.621740][T14716] bond_slave_1: entered allmulticast mode
[ 1105.627482][T14716] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[ 1105.636217][T14716] team0: Port device bond0 added
[ 1107.356218][T11938] Bluetooth: hci4: command tx timeout
[ 1107.778799][ T6144] Bluetooth: Error in BCSP hdr checksum
[ 1108.590904][T14761] netlink: 'syz.3.1784': attribute type 3 has an invalid length.
[ 1108.599026][T14761] netlink: 'syz.3.1784': attribute type 3 has an invalid length.
[ 1108.607151][T14761] netlink: 'syz.3.1784': attribute type 3 has an invalid length.
[ 1108.615053][T14761] netlink: 'syz.3.1784': attribute type 3 has an invalid length.
[ 1108.623024][T14761] netlink: 'syz.3.1784': attribute type 3 has an invalid length.
[ 1108.631294][T14761] netlink: 'syz.3.1784': attribute type 3 has an invalid length.
[ 1108.639217][T14761] netlink: 'syz.3.1784': attribute type 3 has an invalid length.
[ 1108.647069][T14761] netlink: 'syz.3.1784': attribute type 3 has an invalid length.
[ 1108.655172][T14761] netlink: 'syz.3.1784': attribute type 3 has an invalid length.
[ 1108.733984][T14684] chnl_net:caif_netlink_parms(): no params data found
[ 1109.029197][T14684] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1109.056344][T14684] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1109.064104][T14684] bridge_slave_0: entered allmulticast mode
[ 1109.199309][T14684] bridge_slave_0: entered promiscuous mode
[ 1109.241032][T14684] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1109.249157][T14684] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1109.256616][T14684] bridge_slave_1: entered allmulticast mode
[ 1109.266378][T14684] bridge_slave_1: entered promiscuous mode
[ 1109.341042][T14684] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1109.351286][ T1035] bridge_slave_1: left allmulticast mode
[ 1109.357989][ T1035] bridge_slave_1: left promiscuous mode
[ 1109.364417][ T1035] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1109.375538][ T1035] bridge_slave_0: left allmulticast mode
[ 1109.381656][ T1035] bridge_slave_0: left promiscuous mode
[ 1109.404593][ T1035] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1109.417073][ T8886] Bluetooth: hci4: command tx timeout
[ 1109.566627][T14774] Bluetooth: hci2: command 0x1003 tx timeout
[ 1109.607052][T11938] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 1110.669966][T14785] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[ 1110.683775][T14785] Error validating options; rc = [-22]
[ 1113.771566][T14809] Device name cannot be null; rc = [-22]
[ 1118.466771][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1118.473204][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 1219.546110][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1219.553128][    C0] rcu: 	1-...!: (1 GPs behind) idle=b514/0/0x1 softirq=73102/73103 fqs=4
[ 1219.562828][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=48941, q=169 ncpus=2)
[ 1219.570586][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1219.570623][    C1] NMI backtrace for cpu 1
[ 1219.570639][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) 
[ 1219.570659][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1219.570669][    C1] RIP: 0010:taprio_set_budgets+0x380/0x3b0
[ 1219.570708][    C1] Code: e6 e8 24 91 38 f8 48 c7 c7 e0 a0 56 8f 4c 89 e6 e8 65 79 68 fb e9 37 fe ff ff e8 0b 91 38 f8 eb 05 e8 04 91 38 f8 48 83 c4 38 <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 44 89 e1 80 e1 07
[ 1219.570722][    C1] RSP: 0018:ffffc90000a08c38 EFLAGS: 00000082
[ 1219.570737][    C1] RAX: ffffffff898793d5 RBX: 0000000000000004 RCX: ffff88801d2eda00
[ 1219.570748][    C1] RDX: 0000000000010000 RSI: 0000000000000004 RDI: ffff888078100884
[ 1219.570759][    C1] RBP: ffff888078100884 R08: ffff888078100887 R09: 1ffff1100f020110
[ 1219.570770][    C1] R10: dffffc0000000000 R11: ffffed100f020111 R12: 0000000000000001
[ 1219.570781][    C1] R13: 0000000000000000 R14: ffff888030aa62e0 R15: ffff888078100800
[ 1219.570792][    C1] FS:  0000000000000000(0000) GS:ffff888125d4f000(0000) knlGS:0000000000000000
[ 1219.570805][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1219.570816][    C1] CR2: 000000110c276dee CR3: 0000000046cde000 CR4: 00000000003526f0
[ 1219.570830][    C1] Call Trace:
[ 1219.570838][    C1]  <IRQ>
[ 1219.570848][    C1]  advance_sched+0x963/0xc90
[ 1219.570876][    C1]  ? __pfx_advance_sched+0x10/0x10
[ 1219.570895][    C1]  __hrtimer_run_queues+0x529/0xc60
[ 1219.570922][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1219.570938][    C1]  ? read_tsc+0x9/0x20
[ 1219.570965][    C1]  hrtimer_interrupt+0x45b/0xaa0
[ 1219.570995][    C1]  __sysvec_apic_timer_interrupt+0x108/0x410
[ 1219.571015][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1219.571038][    C1]  </IRQ>
[ 1219.571043][    C1]  <TASK>
[ 1219.571050][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1219.571073][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1219.571095][    C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 93 3d 20 00 f3 0f 1e fa fb f4 <e9> 88 dd 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1219.571108][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[ 1219.571138][    C1] RAX: ffa9b661444be800 RBX: ffffffff81975b68 RCX: ffa9b661444be800
[ 1219.571150][    C1] RDX: 0000000000000001 RSI: ffffffff8d984d62 RDI: ffffffff8be1ca40
[ 1219.571161][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb
[ 1219.571173][    C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa0c5f0
[ 1219.571186][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003a5db40
[ 1219.571199][    C1]  ? do_idle+0x1e8/0x510
[ 1219.571222][    C1]  default_idle+0x13/0x20
[ 1219.571238][    C1]  default_idle_call+0x74/0xb0
[ 1219.571255][    C1]  do_idle+0x1e8/0x510
[ 1219.571275][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1219.571291][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1219.571330][    C1]  cpu_startup_entry+0x44/0x60
[ 1219.571347][    C1]  start_secondary+0x101/0x110
[ 1219.571371][    C1]  common_startup_64+0x13e/0x147
[ 1219.571401][    C1]  </TASK>
[ 1219.571611][    C0] rcu: rcu_preempt kthread starved for 10424 jiffies! g48941 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[ 1219.884082][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1219.894071][    C0] rcu: RCU grace-period kthread stack dump:
[ 1219.899974][    C0] task:rcu_preempt     state:R  running task     stack:27128 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[ 1219.913515][    C0] Call Trace:
[ 1219.916829][    C0]  <TASK>
[ 1219.919798][    C0]  __schedule+0x16a2/0x4cb0
[ 1219.924350][    C0]  ? schedule+0x165/0x360
[ 1219.928711][    C0]  ? __pfx___schedule+0x10/0x10
[ 1219.933602][    C0]  ? schedule+0x91/0x360
[ 1219.937876][    C0]  schedule+0x165/0x360
[ 1219.942066][    C0]  schedule_timeout+0x12b/0x270
[ 1219.946940][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[ 1219.952334][    C0]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1219.958249][    C0]  ? __pfx_process_timeout+0x10/0x10
[ 1219.963582][    C0]  ? prepare_to_swait_event+0x341/0x380
[ 1219.969163][    C0]  rcu_gp_fqs_loop+0x301/0x1540
[ 1219.974049][    C0]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[ 1219.980233][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1219.985549][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1219.990788][    C0]  ? finish_swait+0xcd/0x1f0
[ 1219.995418][    C0]  rcu_gp_kthread+0x99/0x390
[ 1220.000052][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1220.005286][    C0]  ? __kthread_parkme+0x7b/0x200
[ 1220.010254][    C0]  ? __kthread_parkme+0x1a1/0x200
[ 1220.015325][    C0]  kthread+0x711/0x8a0
[ 1220.019436][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1220.024661][    C0]  ? __pfx_kthread+0x10/0x10
[ 1220.029296][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1220.034554][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1220.039788][    C0]  ? __pfx_kthread+0x10/0x10
[ 1220.044415][    C0]  ret_from_fork+0x3f9/0x770
[ 1220.049134][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1220.054281][    C0]  ? __switch_to_asm+0x39/0x70
[ 1220.059073][    C0]  ? __switch_to_asm+0x33/0x70
[ 1220.063858][    C0]  ? __pfx_kthread+0x10/0x10
[ 1220.068487][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1220.073302][    C0]  </TASK>
[ 1220.076354][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 1220.082695][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) 
[ 1220.094347][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1220.104416][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1220.110192][    C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 93 3d 20 00 f3 0f 1e fa fb f4 <e9> 88 dd 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1220.129819][    C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c6
[ 1220.135924][    C0] RAX: 1f6d5afca48cbc00 RBX: ffffffff81975b68 RCX: 1f6d5afca48cbc00
[ 1220.143917][    C0] RDX: 0000000000000001 RSI: ffffffff8d984d62 RDI: ffffffff8be1ca40
[ 1220.151906][    C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb
[ 1220.159911][    C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8fa0c5f0
[ 1220.167923][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50
[ 1220.175911][    C0] FS:  0000000000000000(0000) GS:ffff888125c4f000(0000) knlGS:0000000000000000
[ 1220.184859][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1220.191464][    C0] CR2: 000055a9c8f0c0a8 CR3: 000000007a870000 CR4: 00000000003526f0
[ 1220.199469][    C0] Call Trace:
[ 1220.202768][    C0]  <TASK>
[ 1220.205717][    C0]  default_idle+0x13/0x20
[ 1220.210075][    C0]  default_idle_call+0x74/0xb0
[ 1220.214871][    C0]  do_idle+0x1e8/0x510
[ 1220.218980][    C0]  ? __pfx_do_idle+0x10/0x10
[ 1220.223620][    C0]  cpu_startup_entry+0x44/0x60
[ 1220.228414][    C0]  rest_init+0x2de/0x300
[ 1220.232687][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[ 1220.238272][    C0]  start_kernel+0x47d/0x500
[ 1220.242799][    C0]  x86_64_start_reservations+0x24/0x30
[ 1220.248292][    C0]  x86_64_start_kernel+0x143/0x1c0
[ 1220.253433][    C0]  common_startup_64+0x13e/0x147
[ 1220.258416][    C0]  </TASK>