last executing test programs:

3m29.431995895s ago: executing program 3 (id=84):
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
r3 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
keyctl$read(0xb, r3, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
fcntl$dupfd(0xffffffffffffffff, 0x0, r1)
accept4(r4, 0x0, 0x0, 0x80800)
r5 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x0, 0x0)
ioctl$SOUND_MIXER_READ_VOLUME(r5, 0xa0044d07, 0x0)
recvfrom$netrom(0xffffffffffffffff, 0x0, 0x0, 0x40000003, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001880)=ANY=[@ANYRES16, @ANYBLOB="01000000000000000000210000000e0001006e657464654a730a00000000000000006e65746478767369764b0000000000006c325f64726f7073000000000500830000000000"], 0x4c}}, 0x10040)
r7 = dup(r0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r7, 0x40045542, &(0x7f0000000140)=0x293c)
r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
pwritev(r8, &(0x7f0000000900)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x8, 0x0, 0x6)

3m18.191539671s ago: executing program 3 (id=91):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0})
r3 = socket$phonet(0x23, 0x2, 0x1)
ioctl$SIOCPNDELRESOURCE(r3, 0x89ef, &(0x7f00000000c0)=0xfffffffd)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0)
sched_getattr(0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]})
mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, &(0x7f0000000000))
r5 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040), &(0x7f0000000080))
ppoll(&(0x7f0000000140)=[{r5, 0x18}], 0x1, &(0x7f00000001c0)={0x0, 0x3938700}, 0x0, 0x0)
ioctl$sock_bt_hci(r4, 0x400448c9, 0x0)

3m13.279720013s ago: executing program 3 (id=96):
syz_open_dev$usbmon(&(0x7f0000001980), 0x1, 0x10280)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xc2354000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r3, &(0x7f0000000440)={0x15, 0x110, 0xfa00, {r4, 0xfffffffd, 0x0, 0x30, 0x0, @in6={0xa, 0x4e22, 0x3, @empty, 0x4}, @in={0x2, 0x4e22, @rand_addr=0x64010101}}}, 0x118)
close(r3)
setuid(0xee01)
chdir(0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r5, 0x0, 0x2, &(0x7f0000000000)=0x8000, 0x4)
syz_open_dev$evdev(&(0x7f0000007bc0), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
unshare(0x22000600)
r6 = socket$xdp(0x2c, 0x3, 0x0)
unshare(0x2020400)
setsockopt$XDP_TX_RING(r6, 0x11b, 0x3, 0x0, 0x0)

3m7.620123153s ago: executing program 3 (id=101):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$BPF_GET_MAP_INFO(0x3, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, 0x0}, 0x0)
r1 = syz_io_uring_setup(0x49e, &(0x7f0000000500)={0x0, 0x69af, 0x3180, 0x8000, 0x27e}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000240)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r1, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x680102, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x82, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x77, 0x4)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000001c0)='vegas\x00', 0x6)
sendmmsg$inet(r4, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000c40)='\\', 0x1}], 0x1}}], 0x1, 0x0)
sendto$inet(r4, &(0x7f0000000180)="17", 0x59a, 0x0, 0x0, 0xffffffffffffffa1)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_control(r5, &(0x7f0000000200)='connect aa:aa:aa:aa:aa:11 2', 0x1b)

3m2.307639441s ago: executing program 3 (id=109):
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
r2 = gettid()
r3 = socket$kcm(0x10, 0x3, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0xffffffffffffff8f}, 0x18)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5fffffd)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)="1400000022000b0fd25a806c8c6f94f90124fc60", 0x14}], 0x1}, 0x4000010)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYRES32=r2], 0x24}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000000)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
r6 = dup(r5)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x85, 0x0, 0x0)
syz_open_procfs$namespace(r2, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_FIOSETOWN(r7, 0x8901, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f00000000c0))
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r9, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x24, 0x4, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000020}, 0x800)
r10 = accept$unix(0xffffffffffffffff, &(0x7f0000000180), 0x0)
r11 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r11, &(0x7f0000000a40)={0xa, 0x4e02, 0x7ffe, @remote, 0x9}, 0x1c)
sendmsg(r11, &(0x7f00000000c0)={0x0, 0x9511, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
recvmmsg$unix(r10, &(0x7f0000002240)=[{{&(0x7f0000000380)=@abs, 0x6e, &(0x7f0000001680), 0x0, &(0x7f0000001700)=[@cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xc8}}, {{&(0x7f0000001800)=@abs, 0x6e, &(0x7f0000001c40)=[{&(0x7f0000001880)=""/188, 0xbc}, {&(0x7f0000001940)=""/167, 0xa7}, {&(0x7f0000001a00)=""/9, 0x9}, {&(0x7f0000001a40)=""/135, 0x87}, {&(0x7f0000001b00)=""/205, 0xcd}, {&(0x7f0000001c00)=""/26, 0x1a}], 0x6, &(0x7f0000001cc0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x38}}, {{&(0x7f0000001d00)=@abs, 0x6e, &(0x7f0000001e00)=[{&(0x7f0000001d80)=""/70, 0x46}], 0x1}}, {{&(0x7f0000001e40), 0x6e, &(0x7f0000002000)=[{&(0x7f0000001ec0)=""/61, 0x3d}, {&(0x7f0000001f00)=""/224, 0xe0}], 0x2}}, {{&(0x7f0000002040), 0x6e, &(0x7f0000002200)=[{&(0x7f00000021c0)=""/29, 0x1d}], 0x1}}], 0x5, 0x10002, &(0x7f0000002100)={0x77359400})
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r12, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x30, 0x7, 0x6, 0x5, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x8800}, 0x20040000)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x1c}}, 0x0)

2m59.993874463s ago: executing program 3 (id=112):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x78, 0x802)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r2, 0x100000000)
mremap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f00003eb000/0x1000)=nil)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x3, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x38}, 0x28)
socket$netlink(0x10, 0x3, 0x12)
r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
read$FUSE(r3, &(0x7f0000005e40)={0x2020, 0x0, <r4=>0x0, <r5=>0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
write$FUSE_ATTR(r3, &(0x7f0000005340)={0x78, 0x0, r4, {0x2000000007, 0x400, 0x0, {0x6, 0xfffe000000000000, 0xfffffffffffffffb, 0xff, 0x694, 0x3, 0x7f, 0x9, 0x800, 0x2000, 0x2, r5, r6, 0xb, 0x8, 0x1000000}}}, 0x78)
lremovexattr(0x0, &(0x7f00000001c0)=@known='system.posix_acl_default\x00')
write$FUSE_STATX(0xffffffffffffffff, &(0x7f0000000540)={0x130, 0x0, 0x0, {0x3, 0x6, 0x0, '\x00', {0x2000, 0x5, 0x7, 0xc07, 0x0, 0x0, 0xc000, '\x00', 0x1, 0x6, 0x0, 0x3, {0x0, 0x1}, {0x4, 0x800}, {0x961, 0x6a5ad1fb}, {0xfffffffffffffffe}, 0x80000000, 0xdc, 0x7e, 0xa}}}, 0x130)
mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x163)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r8, 0x6, 0x210000000013, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r8, 0x6, 0xd, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_getattr(r7, &(0x7f0000000200)={0x38}, 0x38, 0x0)

2m57.564084874s ago: executing program 1 (id=113):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8000040000000001, 0xffffffffffffffff})
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r6 = accept4(r4, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4)
sendto$unix(r6, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8dfa0fa7da9d391b92ce2a7f9fe0f9d584a3775f", 0x703d59595f6742a8, 0x800, 0x0, 0x0)
recvfrom(r6, &(0x7f00000030c0)=""/4117, 0xffffffffffffffbf, 0x1, 0x0, 0xffffffffffffffb5)
sendmsg$802154_raw(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)="eb", 0x1}, 0x1, 0x0, 0x0, 0x8008040}, 0x30008080)
sendmmsg$alg(r6, &(0x7f0000002a40)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40004}], 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x20493859, 0x0, 0x0, 0x0, 0x5, 0xfeedcafe, 0x3, 0x7}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

2m55.93747326s ago: executing program 1 (id=117):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'lo\x00'})
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000540)={0x2, 0x0, {&(0x7f0000000840)=""/256, 0xf4, 0x0, 0x3, 0x2}}, 0x8b)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x2)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
rseq(&(0x7f0000000040), 0xfffffe4c, 0x1, 0x0)

2m53.845978401s ago: executing program 1 (id=119):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0})
r3 = socket$phonet(0x23, 0x2, 0x1)
ioctl$SIOCPNDELRESOURCE(r3, 0x89ef, &(0x7f00000000c0)=0xfffffffd)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0)
sched_getattr(0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]})
mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, &(0x7f0000000000))
r5 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040), &(0x7f0000000080))
ppoll(&(0x7f0000000140)=[{r5, 0x18}], 0x1, &(0x7f00000001c0)={0x0, 0x3938700}, 0x0, 0x0)
ioctl$sock_bt_hci(r4, 0x400448c9, 0x0)

2m51.993835428s ago: executing program 1 (id=121):
socket$pppl2tp(0x18, 0x1, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r0 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bd2)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
r2 = syz_open_dev$sg(0x0, 0x0, 0x2000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fcntl$dupfd(r2, 0x0, r2)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
msgctl$MSG_INFO(0x0, 0xc, &(0x7f00000000c0)=""/173)
r3 = openat$cgroup_ro(r0, 0x0, 0x275a, 0x0)
fcntl$lock(r3, 0x26, &(0x7f0000000000)={0x1, 0x0, 0x56e, 0xfffffffffffffffc})
r4 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r4, 0xc0505405, 0x0)
fcntl$lock(r3, 0x24, &(0x7f0000000040)={0x2, 0x2, 0x1, 0x7})
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmsg$xdp(r6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20004000}, 0x5880)
bind$alg(r6, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-twofish-avx\x00'}, 0x58)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000300)={@fallback, 0x2b, 0x1, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)}, 0x40)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
unshare(0x20000400)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x62000000, 0x0, 0x0, 0x0, 0x0, 0x0)

2m50.893421684s ago: executing program 1 (id=123):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x5, 0x0, &(0x7f0000000100)="b9ff030f60", 0x0, 0x34e152f7, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x5c0c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000080)=0x7, 0x83, 0x0)
mlock(&(0x7f0000ffa000/0x3000)=nil, 0x3000)
r4 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[{0x10, 0x110, 0xc}], 0x10}, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = mq_open(&(0x7f00005a1ffb)='eth0\x04', 0x42, 0x0, 0x0)
mq_notify(r5, 0x0)
mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r6, 0x5453, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x12, 0x0, 0x0, &(0x7f00000003c0)='syzkaller\x00', 0x10000, 0x0, 0x0, 0x41000, 0x2a, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x2d0, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @mcast2, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x0, 0x0, 0x0, 0x50}, 0x0, 0x100, 0x130, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x330)
r7 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r7, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff00000000017c0000040042800c0001800600060090390000100002800c000300080018"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
sendmsg(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000002c0)="cd45041b6bd176e64ce13b6fbc35171e7ccaf3e2925cb726c69e18f3f4cf2370f08bcdfde07785942896df6b62c9cac85d772e52e80a6d6d5d57f7446345b9df01", 0x41}, {0x0}, {&(0x7f0000000400)="10bb39057a5d6cc9ac32d2bf62d50ad909db90fba107c5f9de10f6ff080e51a94f4b9769303fa356c8749b3878514fdb00fd6ac31e2a04525422cd22cc56175b56103cff0b7b1b671d61e95b541bc80bc6b3163c7bd55b7b8e935198d2b4270857e0e2f64f2e8ca83cdca6469423", 0x6e}], 0x3, 0x0, 0x0, 0x2c}, 0x4044004)

2m48.787231972s ago: executing program 1 (id=126):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$RTC_UIE_OFF(0xffffffffffffffff, 0x7004)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg(r2, 0x0, 0x4000042)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r3, &(0x7f0000000180)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture Volume\' 00000000000000000000\nVOLUME\nLINE\nMONITOR\nCD \'CD Capture\' 8'], 0x86)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r4, r3, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f00000000c0)=0x2)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r7 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
ioctl$SNDCTL_DSP_GETOSPACE(r6, 0x8010500c, &(0x7f0000000040))
ioctl$SNDRV_PCM_IOCTL_HW_FREE(r7, 0x4112, 0x0)
ioctl$SNDCTL_DSP_POST(r6, 0x5008, 0x0)
socket$key(0xf, 0x3, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x2, 0x80805, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

2m42.813295725s ago: executing program 32 (id=112):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x78, 0x802)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r2, 0x100000000)
mremap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f00003eb000/0x1000)=nil)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x3, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x38}, 0x28)
socket$netlink(0x10, 0x3, 0x12)
r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
read$FUSE(r3, &(0x7f0000005e40)={0x2020, 0x0, <r4=>0x0, <r5=>0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
write$FUSE_ATTR(r3, &(0x7f0000005340)={0x78, 0x0, r4, {0x2000000007, 0x400, 0x0, {0x6, 0xfffe000000000000, 0xfffffffffffffffb, 0xff, 0x694, 0x3, 0x7f, 0x9, 0x800, 0x2000, 0x2, r5, r6, 0xb, 0x8, 0x1000000}}}, 0x78)
lremovexattr(0x0, &(0x7f00000001c0)=@known='system.posix_acl_default\x00')
write$FUSE_STATX(0xffffffffffffffff, &(0x7f0000000540)={0x130, 0x0, 0x0, {0x3, 0x6, 0x0, '\x00', {0x2000, 0x5, 0x7, 0xc07, 0x0, 0x0, 0xc000, '\x00', 0x1, 0x6, 0x0, 0x3, {0x0, 0x1}, {0x4, 0x800}, {0x961, 0x6a5ad1fb}, {0xfffffffffffffffe}, 0x80000000, 0xdc, 0x7e, 0xa}}}, 0x130)
mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x163)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r8, 0x6, 0x210000000013, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r8, 0x6, 0xd, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_getattr(r7, &(0x7f0000000200)={0x38}, 0x38, 0x0)

2m31.3527682s ago: executing program 33 (id=126):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$RTC_UIE_OFF(0xffffffffffffffff, 0x7004)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg(r2, 0x0, 0x4000042)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r3, &(0x7f0000000180)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture Volume\' 00000000000000000000\nVOLUME\nLINE\nMONITOR\nCD \'CD Capture\' 8'], 0x86)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r4, r3, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f00000000c0)=0x2)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r7 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
ioctl$SNDCTL_DSP_GETOSPACE(r6, 0x8010500c, &(0x7f0000000040))
ioctl$SNDRV_PCM_IOCTL_HW_FREE(r7, 0x4112, 0x0)
ioctl$SNDCTL_DSP_POST(r6, 0x5008, 0x0)
socket$key(0xf, 0x3, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x2, 0x80805, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

1m36.340083415s ago: executing program 2 (id=201):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket(0x10, 0x3, 0x0)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bind$802154_raw(0xffffffffffffffff, 0x0, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0xc)
r6 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r7 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r7, &(0x7f0000000140)=@abs={0x1}, 0x6e)
socket$unix(0x1, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
rmdir(0x0)
setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000040)=0xad, 0x4)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x3}, 0x4)

1m33.402039023s ago: executing program 2 (id=203):
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000192c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_open_procfs(r2, &(0x7f0000019300)='pagemap\x00')
pread64(r5, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
r6 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000000c0)={0xc})
r8 = add_key(0x0, 0x0, 0x0, 0x0, r6)
keyctl$link(0x8, r6, r8)
r9 = add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @auto=[0x0, 0x0, 0x0, 0x0, 0x34]}, &(0x7f00000004c0)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe)
pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r10, 0x5761, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000001"])
keyctl$KEYCTL_WATCH_KEY(0x20, r9, r10, 0x0)

1m32.024199986s ago: executing program 2 (id=206):
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000519000/0x1000)=nil, 0x1000, 0x66)
pread64(0xffffffffffffffff, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
r3 = add_key$keyring(&(0x7f0000000a40), &(0x7f0000019200)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
syz_open_dev$video4linux(&(0x7f0000000400), 0x2, 0x0)
getgroups(0x5, &(0x7f00000192c0)=[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0])
keyctl$chown(0x4, r3, 0xee01, 0x0)
keyctl$KEYCTL_MOVE(0x3, r3, 0x0, 0x0, 0x0)
add_key(&(0x7f0000000040)='user\x00', 0x0, 0x0, 0x0, r3)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
sendto$inet(0xffffffffffffffff, &(0x7f0000001480)="3b5250dd8df768c581177cc96346a125c5baecd7e46618851e723e8ef1628f8e5c9fff1954ad6617c17fd0658b4c494ab4b9c82de21662", 0x37, 0x20000080, 0x0, 0x0)

1m30.137790422s ago: executing program 2 (id=207):
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000519000/0x1000)=nil, 0x1000, 0x66)
pread64(0xffffffffffffffff, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
r1 = add_key$keyring(&(0x7f0000000a40), &(0x7f0000019200)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r2 = syz_open_dev$video4linux(&(0x7f0000000400), 0x2, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc040564a, &(0x7f0000000000)={0x0, 0x1, 0x101b, 0xffffffffffffffff, 0x0, 0x0})
getgroups(0x5, &(0x7f00000192c0)=[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0])
keyctl$chown(0x4, r1, 0xee01, 0x0)
keyctl$KEYCTL_MOVE(0x3, r1, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
add_key(&(0x7f0000000040)='user\x00', 0x0, 0x0, 0x0, r1)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
sendto$inet(0xffffffffffffffff, &(0x7f0000001480)="3b5250dd8df768c581177cc96346a125c5baecd7e46618851e723e8ef1628f8e5c9fff1954ad6617c17fd0658b4c494ab4b9c82de21662", 0x37, 0x20000080, 0x0, 0x0)

1m29.699192355s ago: executing program 2 (id=208):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="370200007d02000005"], 0xe9)
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x60042, 0x0)
write$binfmt_elf64(r5, 0x0, 0x78)
close(r4)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r6, 0xffffffffffffffff, 0x0)
mount(&(0x7f0000000040)=@filename='\x00', &(0x7f00000000c0)='.\x00', &(0x7f0000000040)='ubifs\x00', 0x0, 0x0)

1m27.335111293s ago: executing program 2 (id=211):
openat$ubi_ctrl(0xffffff9c, &(0x7f0000000000), 0x428000, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000040)={0x0, 0xffc, 0x2, {0x9, @pix_mp={0xf, 0x5ae7, 0x50323234, 0x0, 0x6, [{0x80000004, 0x7}, {0x7ff, 0xb328}, {0x10000001, 0xd}, {0x63d, 0x7fd}, {0x1, 0xb}, {0x1, 0x489aa92e}, {0xc6, 0x39e8}, {0xff, 0x7}], 0x3, 0xc, 0x2, 0x0, 0x3}}})
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000001280), 0x0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x40000, 0x0)
ioctl$RTC_ALM_SET(r2, 0x40247007, &(0x7f00000002c0)={0x14, 0x10, 0x3, 0xb, 0x4, 0x2, 0x3, 0x84, 0x1})
fchdir(0xffffffffffffffff)
ioctl$I2C_RDWR(0xffffffffffffffff, 0x707, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0xc8b1, @loopback, 0x5}, 0x8)
r4 = socket$kcm(0xa, 0x1, 0x106)
setxattr$trusted_overlay_origin(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000200), 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
sendmsg$kcm(r4, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev, 0x2}, 0xff32, 0x0}, 0xe07e872420dfefca)
sendmsg$kcm(r4, 0x0, 0x4000800)
close(r4)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000)

1m10.372431256s ago: executing program 34 (id=211):
openat$ubi_ctrl(0xffffff9c, &(0x7f0000000000), 0x428000, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000040)={0x0, 0xffc, 0x2, {0x9, @pix_mp={0xf, 0x5ae7, 0x50323234, 0x0, 0x6, [{0x80000004, 0x7}, {0x7ff, 0xb328}, {0x10000001, 0xd}, {0x63d, 0x7fd}, {0x1, 0xb}, {0x1, 0x489aa92e}, {0xc6, 0x39e8}, {0xff, 0x7}], 0x3, 0xc, 0x2, 0x0, 0x3}}})
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000001280), 0x0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x40000, 0x0)
ioctl$RTC_ALM_SET(r2, 0x40247007, &(0x7f00000002c0)={0x14, 0x10, 0x3, 0xb, 0x4, 0x2, 0x3, 0x84, 0x1})
fchdir(0xffffffffffffffff)
ioctl$I2C_RDWR(0xffffffffffffffff, 0x707, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0xc8b1, @loopback, 0x5}, 0x8)
r4 = socket$kcm(0xa, 0x1, 0x106)
setxattr$trusted_overlay_origin(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000200), 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
sendmsg$kcm(r4, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev, 0x2}, 0xff32, 0x0}, 0xe07e872420dfefca)
sendmsg$kcm(r4, 0x0, 0x4000800)
close(r4)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000)

12.644829406s ago: executing program 0 (id=276):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
syz_open_dev$media(&(0x7f00000012c0), 0x66, 0x180502)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xfff7fffffffffff5}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000440)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000000c0)=0x3)
ioctl$VIDIOC_ENUM_DV_TIMINGS(r4, 0xc0945662, &(0x7f00000003c0)={0x8000001, 0x0, '\x00', {0x0, @bt={0x9, 0x10001ff, 0x4, 0x3, 0x8000000000000001, 0x1, 0x8, 0x6000005, 0x8, 0x8, 0x1, 0x9, 0x1, 0x7c, 0x10, 0x1d, {0x7, 0xd}, 0x1, 0x9}}})
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
r5 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r5, &(0x7f0000001bc0)=[{{&(0x7f0000000080)={0x2, 0x0, @private=0xa010102}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)}], 0x1}}, {{&(0x7f00000022c0)={0x2, 0x20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000600)=[{&(0x7f0000002300)="ef", 0x1}], 0x1}}], 0x2, 0x1005)
r6 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x76, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_G_CROP(r4, 0xc038563b, &(0x7f0000000100)={0x0, 0x0, {0x4, 0x1ff, 0xc, 0x6e5}})
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
sendmmsg$sock(r7, &(0x7f00000044c0), 0x4000000000001c0, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff)

11.660243257s ago: executing program 4 (id=277):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_clone3(0x0, 0x0)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x4e22, @multicast2}, 0x10, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x20}, 0x4000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace$pokeuser(0x6, r5, 0x358, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6(0xa, 0x3, 0xff)
r7 = dup2(r6, r6)
read$FUSE(r7, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
recvmsg(r8, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r9, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)

9.048838315s ago: executing program 0 (id=278):
socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
move_pages(0x0, 0xffffffffffffff55, 0x0, 0x0, 0x0, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x4)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendmsg$sock(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)="5b63392b41febc78767f2c24eb5b020ff1b2de985295fe3c67b1be419eeb1d13daf99fe36f4d8aed1aef9d92bf5d5bbe250c5c01046ad658897799292f678394714da261743da93315daf6fd850c9a9f7b31", 0x52}], 0x1}, 0x8000)
sendto$inet(r5, &(0x7f0000000200)=';', 0x1, 0x20004810, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000340)=[@timestamp, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x2000000000000061)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r5, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0)

8.49579932s ago: executing program 4 (id=279):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b52, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x3, 0xff)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$video(&(0x7f00000000c0), 0x7, 0x8100)
dup2(r2, r3)
ptrace$ARCH_GET_UNTAG_MASK(0x1e, 0x0, &(0x7f0000000040), 0x4001)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r4, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002dbd7000ffdbdf25180000000e0001"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r6, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000cc0)="91ebffffff7f7d8625547e6fdcfb96c1d9b461ad7581ce705ad7203fb9e00e70512c27e5d5980dbbdb9d8dd381060e0f5bd279f6b8d9109f8e5b1ad6402331e7e4ba5a0300ee40f4ed347c7997c0c822b355f310b659f42003566ffc26878858a5f20373da0b75bed8465da60f840979b6b18d0cbeb297ce3e1e34d46e9e28b416e60e9f9dceb059bd608a506d563315b1a9c536f6ca7ec68acd35c32cdace2471dce1452c62550a9bf975bb6adf889077c111c77030761c0f5d6baccf58dd38bdc0889b55669170d96224c8fd12762ad7f2a635040cde08fb0cdfb05e646a", 0xdf}], 0x1}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000b40)="5604b1f93280601007f1bfc8446f785300fcfc78c557b8e530dc9f84187a0dd96c1488a0a665ec777782588791c4fd3b0443cd5bde128419bfe468e7760112d01b2746540dc8a0e9087bde26b530a321fd36ffcbeddbc482d96b9f47e195afe70b76", 0x62}, {&(0x7f0000001a80)="d61f2c7a6ddbff16a09972b62284a63c170b9a6ec5cd29dfa047b76a9a0eeb4055c9dd2244e47c59e557c459c397cd02eb261fc7d521b1f2e95c3ce17726db0d3236a6d3b52d3f066554d84292329c8a6f034ff8d85d61dcf7ae508c5925903fb1feb7d07fe481313ad476131cf19514d6c77835e9cf82df2f153d9b82985da3e260fc6942d18345ac61b2958886a77e2a2726097d1888a25bee0fdec661520a057f8559f17e462bdf938f7f2303447bfaa744d3891372a825c63e83ff21650af922eaac39ab491cec071d31eebd6526d7a8ddd052d30beb962aeca814ad530c1413e502b92f3e51eaf75ec5b595b19e4945a1a821a8c47f804465f9e04d0ec9aff13036fe4f3a56b324e9ea795cc89d0f30433f3fa8aa7cc4dd93197840d644c6e48329c266316227ea917708cde40163a6b092d3c722a71e9f21255315cb87a74916d56da0479e7e8865b289fc8095a8477e7fee5eda0c55ec6d53c7aac85f6171717935832962f6db7889683497f3f5a4aa6c6af16908cc4c853536c4f624a75cae053c053f8490c028c15bf043adf4729306a4069324be546a83f71c16a15b86f1d6cb5505808acf055c982dfb14eaaa45b139ccc18952a1c1cbde3bb0d4882d72aa508b511b9a3e2b1a11b96aa29650279ca66b2ba92df4f9dcfa322ddd79d8a4da49182ac4d0c7078b2c2c2860e680276da35f952bc9627ab64d475aaeda4e896f04ffbb48983f29cee0574f219acb18778a0b17db40bca0c7102e8d6cbe0d66420a2d836efe9d4932605ad6852bd15bcfbee0fbc22bf79d08512bb8e4ef67004391f17b9723bd61bca96a861833bd415fafb468a205feb866aeaf0057b5d4c2eb5bed757aa6c8a38fd86de6e06bfce036465e63c9a9ae4512985474edbcd3c7ef50e74b4f6091a649cd04c6e14bc7238327edf829e0cca29fe837fd76e49b464933e40cf9799696fdb694a785a4aa7fc9342d32fd2fda5c5f81286dad13a17ac495bafefc5ec9b5ddbd744f879c00635c79d26b8131d7daadb26e5c4d0293ba696d29b1d80be0898263a1b157049fe222f2d2ba85b2dfa5cded7e372edf6bda18ecea8a75be58e19dba91c255561e21128277a8e00fd7c329ef4662494485775223d42803e25eed8f85765465159cdeb91515181a98eb465ddfb367ea9810d414fefc32e6b989bc539e02ca0129911022ec5670fbdc88b7420ab833350964f440aee90b1cc7eee831c3774c1087f8140193056a395839e11bd0aeb1adc4ef26a39d78c18bb33b254ee07c55d8936d659ab6728f69ee81b7fa5e988b6e2b619d9124", 0x3a5}], 0x2}}], 0x3, 0x0)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r6, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

6.563987527s ago: executing program 0 (id=280):
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="dc05ee057ada978f61034835c9655cc8f5553beda9f730e151772060ac74b31cd73d524a83d2278bcacaf9ccf186df9ce51f99f2e19707bd19279dea3a989ab3c0bcffcfba1b5cdd4eb33ba40f0198d12e4108f58d9942e2a7a2efac7ed3d4a8ba0211be34077582823b52cea03ece14b22f2f5754", @ANYRES32, @ANYRESHEX, @ANYRESDEC, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES8=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x20)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
close(r1)
bind$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x3, 0x54}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000100000001"], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e24, 0x9, @ipv4={'\x00', '\xff\xff', @local}, 0xf}, 0x1c)
listen(r6, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000140)={0x2, 0x4e22, @local}, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000380), r4)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004000)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
close(r2)

6.022002145s ago: executing program 4 (id=281):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="370200007d02000005"], 0xe9)
r5 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x60042, 0x0)
write$binfmt_elf64(r5, &(0x7f0000000280)=ANY=[], 0x78)
close(r4)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r6, 0xffffffffffffffff, 0x0)
mount(&(0x7f0000000040)=@filename='\x00', &(0x7f00000000c0)='.\x00', &(0x7f0000000040)='ubifs\x00', 0x0, 0x0)

5.18064305s ago: executing program 0 (id=282):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
syz_emit_ethernet(0xfa, &(0x7f0000000880)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaaaa18000004bc00d3789c2222584e025ac760596cc58949d62fdb20693d84327f438ad03e4853d2aad5879c3d465076e6692dc3462f0c6fb55b543566db8db2d09d3fd4a176436e04edadcc2251d87dc01143f4b980c088d2cf26591b8f51aa3c11336cd0b5bcf188433c9774b4884c350cb1c9a5209ad381ad720042ba2a0621885734d1c1ccc0f3676272febbe9e396bebb587b58a71faa13bd64ad802f1d49201cb55ab74c60f9b23640d8453ffb5e692eb022997c861fd283e9e1427abe81eebf4049a1b5a1df7b9c8b855753c84a6cc3534761a2f21574e7704e3b1e2b86a5b31fc21147aba99124f7a28819eebff41aca8fd35d695072be9799de137757feebfd590efa49eb6360bc5047d56c3e6ab7668763cfbc7a0092aa6409e8bfda1747771c452323bd0d64f5d788c5089d6cbfc6d2bdcdb7371b9c50f66a7e1c253c95f22f233d0f000000ebdb96f1583d19337f6fff07000000000000fdbb1884ed5696610ef9f4a66c9dc9401db5188c9547d2b21d09e86799975c3b7e670876be0171e0b05c4991c950f2e2106a8ed71c508d3e5efccefc1e8def0d97e12433001b2d885346f8fbc46e663f2f0edd46794d0c908361eafd4acf7641cfeffd"], &(0x7f0000000080)={0x0, 0x1, [0x2e9, 0x567, 0x865, 0x254]})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), 0xffffffffffffffff)
r3 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/smackfs/doi\x00', 0x2, 0x0)
write$smackfs_cipsonum(r3, &(0x7f0000000100)=0x2, 0x14)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r1, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x1c, r2, 0x20, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=<r5=>0x0)
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r5], 0x1c}}, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000500)=<r6=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000540)=<r7=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000580)=<r8=>0x0)
sendmsg$NFC_CMD_LLC_GET_PARAMS(r1, &(0x7f0000000680)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x5c, 0x0, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}, @NFC_ATTR_FIRMWARE_NAME={0x11, 0x14, '802.15.4 MAC\x00'}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}, @NFC_ATTR_FIRMWARE_NAME={0xc, 0x14, '+\']\\)){)'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8004}, 0x10)
r9 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_control(r9, &(0x7f0000000040)='connect aa:aa:aa:aa:aa:10 1', 0x1b)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000007110b400000000950000000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
r10 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r10, 0x0, 0x0)
sendmsg$rds(r10, &(0x7f0000000300)={&(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@rdma_args={0x48, 0x114, 0x1, {{0x3, 0x2}, {0x0}, 0x0, 0x0, 0x60, 0xfffffffefffffffe}}], 0x48, 0x8004}, 0x0)

4.328108226s ago: executing program 4 (id=283):
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000a7d265994c071986001863a1c675ed00ce0000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
syz_clone(0x20000, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r7, 0x8933, &(0x7f0000000280)={'wg0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@ipv4_newroute={0x34, 0x1a, 0x1, 0x70bd29, 0x0, {0x2, 0x20, 0x20, 0x5, 0x0, 0x3}, [@RTA_SRC={0x8, 0x2, @private=0xa010101}, @RTA_DST={0x8, 0x1, @local}, @RTA_IIF={0x8, 0x3, r8}]}, 0x34}}, 0x0)

2.240981297s ago: executing program 4 (id=284):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mkdir(0x0, 0x0)
pipe2$9p(&(0x7f0000001900), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x35c, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000300)={0x1, 0x0, 0x0, 'queue1\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000004c00)=""/102392, 0x18ff8)
write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.055704619s ago: executing program 0 (id=285):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r0, 0xf502, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x262200, 0x0)
close(r1)
r2 = socket$inet6(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r6}, 0x10)
r7 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x6a, &(0x7f0000000000)=ANY=[], 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r2, 0x0)
setsockopt$inet6_mreq(r8, 0x29, 0x1b, &(0x7f0000000200)={@dev={0xfe, 0x80, '\x00', 0xfc}}, 0x14)
fcntl$setstatus(r1, 0x4, 0x2000)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x3)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$fou(&(0x7f00000002c0), r7)
sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01002cbd7000ffdbdf25010000000500040002000000050002000a0000001400070000000000000000000000000000000001"], 0x38}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})

77.764398ms ago: executing program 0 (id=286):
r0 = syz_io_uring_setup(0x4ed, &(0x7f0000000140)={0x0, 0xfec9, 0x0, 0x0, 0x20024c}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000ba1000/0x1000)=nil, 0x1000, 0x0, 0x4, 0x1c0000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000340)={0xd, 0x200200090}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
r6 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r6, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
writev(0xffffffffffffffff, &(0x7f00000008c0)=[{0x0}], 0x1)
setsockopt$SO_TIMESTAMP(r6, 0x1, 0x23, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, 0x0, 0x0)
recvmmsg(r6, 0x0, 0x0, 0x1000000000fe, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r7, 0x0, 0x8}, 0x18)
socket$packet(0x11, 0x2, 0x300)
r8 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000580)="39000000140081ae50003c00fbff008311001f9f660fcf065c05acb612f691f3bd3508abca1be6eeb89c44ebb37358582bb8b7d553b4e92155", 0x39}], 0x1}, 0x0)
add_key$user(0x0, 0x0, &(0x7f00000000c0)="ff", 0x1, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x5ff, 0x2000)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x9, &(0x7f00000004c0)={0x77359400}, 0x1, 0x40, 0x1})
io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)

0s ago: executing program 4 (id=287):
r0 = syz_io_uring_setup(0x2666, &(0x7f0000000580)={0x0, 0xc6f4, 0x200, 0xffffffff, 0x1}, &(0x7f0000000800), &(0x7f0000000840))
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x21, 0x0, 0x1)
openat$dlm_control(0xffffffffffffff9c, 0x0, 0xa080, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
fcntl$setsig(0xffffffffffffffff, 0x3, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000007c0)={r1, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000540)='/sys/kernel/debug/sync/info\x00'}, 0x30)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
close(r4)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_WAIT_VBLANK(r5, 0xc018643a, &(0x7f0000000140)={0x1, 0x101})
ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETMODE(r7, 0x4b3a, 0x1)
ioctl$TCXONC(r7, 0x4b3a, 0x2)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmmsg$inet_sctp(r8, &(0x7f0000000500)=[{&(0x7f0000000040)=@in={0x2, 0xb, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000700)=[{&(0x7f00000000c0)='l', 0x1}, {&(0x7f0000000240)}, {0x0}], 0x3, &(0x7f0000000000)=[@init={0x18, 0x84, 0x0, {0x7ff, 0x0, 0x3}}, @dstaddrv4={0x18, 0x84, 0x7, @broadcast}], 0x30, 0x14001}], 0x1, 0x4044040)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000100000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r9}, 0x10)
syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100de2ae663e7005d35b94082058d00ac7a010203010902120001000000000904000000959ec800"], 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.227' (ED25519) to the list of known hosts.
[   89.898157][ T5826] cgroup: Unknown subsys name 'net'
[   90.124098][ T5826] cgroup: Unknown subsys name 'cpuset'
[   90.179095][ T5826] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   92.183426][   T49] cfg80211: failed to load regulatory.db
[   92.201787][ T5826] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   96.559039][ T5841] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   96.581787][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   96.591813][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   96.596738][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   96.611255][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   96.612458][ T5853] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   96.628827][ T5853] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   96.629474][ T5853] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   96.682015][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   96.685165][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   96.685725][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   96.686187][ T5852] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   96.687352][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   96.687611][ T5852] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   96.688501][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   96.730567][ T5851] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   96.731141][ T5851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   96.736063][ T5157] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   96.737009][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   96.739271][ T5851] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   96.743645][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   96.749417][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   96.759091][ T5851] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   96.793417][ T5856] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   96.799898][ T5856] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   97.750202][ T5838] chnl_net:caif_netlink_parms(): no params data found
[   97.827079][ T5843] chnl_net:caif_netlink_parms(): no params data found
[   98.013242][ T5839] chnl_net:caif_netlink_parms(): no params data found
[   98.140337][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   98.201345][ T5840] chnl_net:caif_netlink_parms(): no params data found
[   98.749939][   T59] Bluetooth: hci0: command tx timeout
[   98.818613][ T5856] Bluetooth: hci2: command tx timeout
[   98.818814][ T5856] Bluetooth: hci3: command tx timeout
[   98.819067][   T59] Bluetooth: hci1: command tx timeout
[   98.851289][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.852427][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.853073][ T5838] bridge_slave_0: entered allmulticast mode
[   98.856223][ T5838] bridge_slave_0: entered promiscuous mode
[   98.899607][   T59] Bluetooth: hci4: command tx timeout
[   99.022297][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.022452][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.022670][ T5838] bridge_slave_1: entered allmulticast mode
[   99.025578][ T5838] bridge_slave_1: entered promiscuous mode
[   99.117978][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.118111][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.120488][ T5843] bridge_slave_0: entered allmulticast mode
[   99.123745][ T5843] bridge_slave_0: entered promiscuous mode
[   99.321042][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.321211][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.321818][ T5843] bridge_slave_1: entered allmulticast mode
[   99.324403][ T5843] bridge_slave_1: entered promiscuous mode
[   99.511001][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.511155][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.511840][ T5839] bridge_slave_0: entered allmulticast mode
[   99.514726][ T5839] bridge_slave_0: entered promiscuous mode
[   99.823614][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.823918][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.824123][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.824320][ T5839] bridge_slave_1: entered allmulticast mode
[   99.826590][ T5839] bridge_slave_1: entered promiscuous mode
[   99.921630][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.921778][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.922004][ T5854] bridge_slave_0: entered allmulticast mode
[   99.925016][ T5854] bridge_slave_0: entered promiscuous mode
[  100.055590][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.127523][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.127793][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.127956][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.128137][ T5854] bridge_slave_1: entered allmulticast mode
[  100.135071][ T5854] bridge_slave_1: entered promiscuous mode
[  100.137114][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.137274][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.137500][ T5840] bridge_slave_0: entered allmulticast mode
[  100.143384][ T5840] bridge_slave_0: entered promiscuous mode
[  100.324651][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.390013][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.390140][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.390295][ T5840] bridge_slave_1: entered allmulticast mode
[  100.392275][ T5840] bridge_slave_1: entered promiscuous mode
[  100.471866][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.684786][ T5838] team0: Port device team_slave_0 added
[  100.689928][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.764651][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.818710][   T59] Bluetooth: hci0: command tx timeout
[  100.850414][ T5838] team0: Port device team_slave_1 added
[  100.898948][ T5857] Bluetooth: hci3: command tx timeout
[  100.898995][ T5857] Bluetooth: hci2: command tx timeout
[  100.899167][   T59] Bluetooth: hci1: command tx timeout
[  100.932101][ T5843] team0: Port device team_slave_0 added
[  100.936411][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.950325][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.988486][   T59] Bluetooth: hci4: command tx timeout
[  101.123416][ T5843] team0: Port device team_slave_1 added
[  101.214159][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.546692][ T5839] team0: Port device team_slave_0 added
[  101.731351][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.731370][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.731399][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.736030][ T5839] team0: Port device team_slave_1 added
[  101.833192][ T5854] team0: Port device team_slave_0 added
[  101.911753][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.911772][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.911799][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.010711][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.010730][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.010758][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.014727][ T5854] team0: Port device team_slave_1 added
[  102.016986][ T5840] team0: Port device team_slave_0 added
[  102.160131][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.160149][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.160177][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.301919][ T5840] team0: Port device team_slave_1 added
[  102.303022][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.303036][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.303062][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.580582][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.580595][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.580615][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.585132][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.585148][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.585177][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.822674][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.822692][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.822721][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.898478][   T59] Bluetooth: hci0: command tx timeout
[  102.901858][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.901874][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.901903][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.979713][ T5856] Bluetooth: hci2: command tx timeout
[  102.979811][ T5856] Bluetooth: hci3: command tx timeout
[  102.980008][   T59] Bluetooth: hci1: command tx timeout
[  103.038607][ T5838] hsr_slave_0: entered promiscuous mode
[  103.039933][ T5838] hsr_slave_1: entered promiscuous mode
[  103.041885][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.041900][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.041927][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.058415][   T59] Bluetooth: hci4: command tx timeout
[  103.278118][ T5843] hsr_slave_0: entered promiscuous mode
[  103.280486][ T5843] hsr_slave_1: entered promiscuous mode
[  103.281743][ T5843] debugfs: 'hsr0' already exists in 'hsr'
[  103.281887][ T5843] Cannot create hsr debugfs directory
[  103.521128][ T5839] hsr_slave_0: entered promiscuous mode
[  103.524443][ T5839] hsr_slave_1: entered promiscuous mode
[  103.525207][ T5839] debugfs: 'hsr0' already exists in 'hsr'
[  103.525234][ T5839] Cannot create hsr debugfs directory
[  103.800047][ T5854] hsr_slave_0: entered promiscuous mode
[  103.801520][ T5854] hsr_slave_1: entered promiscuous mode
[  103.802474][ T5854] debugfs: 'hsr0' already exists in 'hsr'
[  103.802499][ T5854] Cannot create hsr debugfs directory
[  104.048922][ T5840] hsr_slave_0: entered promiscuous mode
[  104.049930][ T5840] hsr_slave_1: entered promiscuous mode
[  104.050798][ T5840] debugfs: 'hsr0' already exists in 'hsr'
[  104.050838][ T5840] Cannot create hsr debugfs directory
[  104.978643][ T5857] Bluetooth: hci0: command tx timeout
[  105.059772][ T5856] Bluetooth: hci2: command tx timeout
[  105.059825][ T5857] Bluetooth: hci3: command tx timeout
[  105.060004][   T59] Bluetooth: hci1: command tx timeout
[  105.138496][   T59] Bluetooth: hci4: command tx timeout
[  105.659565][ T5838] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  105.697331][ T5838] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  105.727261][ T5838] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  105.781240][ T5838] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  105.961522][ T5843] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  105.994206][ T5843] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  106.034973][ T5843] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  106.086832][ T5843] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  106.233034][ T5839] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  106.286651][ T5839] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  106.330631][ T5839] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  106.393409][ T5839] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  106.586852][ T5854] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  106.656499][ T5854] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  106.707257][ T5854] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  106.761939][ T5854] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  106.873689][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.939318][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  106.996284][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  107.044576][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  107.101302][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  107.155325][ T5838] 8021q: adding VLAN 0 to HW filter on device team0
[  107.213938][ T3595] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.214817][ T3595] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.292345][ T3611] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.292502][ T3611] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.296403][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.454889][ T5843] 8021q: adding VLAN 0 to HW filter on device team0
[  107.514541][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.535284][ T3611] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.535545][ T3611] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.615138][ T3611] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.615262][ T3611] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.699829][ T5839] 8021q: adding VLAN 0 to HW filter on device team0
[  107.785311][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.792892][  T175] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.793066][  T175] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.853722][ T3611] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.854530][ T3611] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.999952][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[  108.017482][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.075519][ T3611] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.075711][ T3611] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.156931][ T3611] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.157178][ T3611] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.208216][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[  108.290974][ T2562] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.291204][ T2562] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.354869][ T3556] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.355029][ T3556] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.381224][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.746516][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.900705][ T5838] veth0_vlan: entered promiscuous mode
[  108.957053][ T5838] veth1_vlan: entered promiscuous mode
[  109.051603][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.223337][ T5843] veth0_vlan: entered promiscuous mode
[  109.291217][ T5838] veth0_macvtap: entered promiscuous mode
[  109.303096][ T5843] veth1_vlan: entered promiscuous mode
[  109.330727][ T5838] veth1_macvtap: entered promiscuous mode
[  109.354098][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.503389][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.537297][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.559421][ T5839] veth0_vlan: entered promiscuous mode
[  109.603539][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.654300][ T5843] veth0_macvtap: entered promiscuous mode
[  109.706226][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.714456][ T5839] veth1_vlan: entered promiscuous mode
[  109.727216][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.729658][ T5843] veth1_macvtap: entered promiscuous mode
[  109.753212][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.772910][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.955676][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0
[  110.075019][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1
[  110.154159][ T5840] veth0_vlan: entered promiscuous mode
[  110.183213][   T37] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.195113][ T5839] veth0_macvtap: entered promiscuous mode
[  110.207729][   T37] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.227428][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.250693][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.274291][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.274318][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.290176][ T5839] veth1_macvtap: entered promiscuous mode
[  110.357401][ T5840] veth1_vlan: entered promiscuous mode
[  110.498844][ T5854] veth0_vlan: entered promiscuous mode
[  110.507457][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.507495][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.612084][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0
[  110.692875][ T5854] veth1_vlan: entered promiscuous mode
[  110.723698][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1
[  110.818754][   T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.818776][   T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.855745][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.883578][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.904923][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.906882][ T5840] veth0_macvtap: entered promiscuous mode
[  110.926156][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.975606][ T5840] veth1_macvtap: entered promiscuous mode
[  111.004990][   T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.005012][   T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.454242][ T5854] veth0_macvtap: entered promiscuous mode
[  111.646498][ T5961] atomic_op ffff88803b6b2a18 conn xmit_atomic 0000000000000000
[  112.264258][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.285869][ T5854] veth1_macvtap: entered promiscuous mode
[  112.550328][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.747807][ T3611] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.792134][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.792159][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.176028][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.233505][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.258407][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  114.259442][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  114.259818][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  114.261948][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[  114.606278][ T5974] syz.2.3 (5974) used greatest stack depth: 16304 bytes left
[  114.725081][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.118365][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  115.128354][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  115.138311][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  115.148309][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  115.158297][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  115.168307][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  115.178300][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  116.580398][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.586519][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.586541][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.747093][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.816321][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.827490][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.827858][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.907627][ T5986] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  119.007682][ T5996] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  122.100264][ T6000] ceph: No mds server is up or the cluster is laggy
[  122.236312][ T5992] libceph: connect (1)[c::]:6789 error -101
[  122.289636][ T5992] libceph: mon0 (1)[c::]:6789 connect error
[  124.203442][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.203465][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.693121][   T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.693183][   T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.544971][    C0] vcan0: j1939_tp_rxtimer: 0xffff888027c8d800: rx timeout, send abort
[  126.546857][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888027c8d800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  127.111756][ T1181] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.111779][ T1181] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.150056][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.150079][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.830938][ T6052] netlink: 452 bytes leftover after parsing attributes in process `syz.2.21'.
[  133.263582][ T6070] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  134.461238][ T6078] Zero length message leads to an empty skb
[  138.471528][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  138.471634][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  142.203863][ T6101] CIFS: VFS: Malformed UNC in devname
[  153.223578][ T6175] netlink: 32 bytes leftover after parsing attributes in process `syz.3.41'.
[  154.382989][    C1] vkms_vblank_simulate: vblank timer overrun
[  155.368335][    C1] vkms_vblank_simulate: vblank timer overrun
[  155.578888][    C1] vkms_vblank_simulate: vblank timer overrun
[  155.828477][    C1] vkms_vblank_simulate: vblank timer overrun
[  155.988457][    C1] vkms_vblank_simulate: vblank timer overrun
[  157.391604][ T6195] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  157.391696][ T6195] CIFS mount error: No usable UNC path provided in device string!
[  157.391696][ T6195] 
[  157.391961][ T6195] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  157.576207][    C1] vkms_vblank_simulate: vblank timer overrun
[  161.595852][   T59] Bluetooth: hci2: ISO packet too small
[  161.844512][ T6208] Invalid source name
[  161.844532][ T6208] UBIFS error (pid: 6208): cannot open "ubifs", error -22
[  166.352735][ T6229] ubi31: attaching mtd0
[  166.399848][ T6229] ubi31: scanning is finished
[  166.399871][ T6229] ubi31: empty MTD device detected
[  166.630865][    C1] vkms_vblank_simulate: vblank timer overrun
[  166.759346][    C1] vkms_vblank_simulate: vblank timer overrun
[  167.458452][   T59] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  167.595860][    C1] vkms_vblank_simulate: vblank timer overrun
[  167.951265][ T6229] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  167.951285][ T6229] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  167.951297][ T6229] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  167.951309][ T6229] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  167.951321][ T6229] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  167.951332][ T6229] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  167.951344][ T6229] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 360052274
[  167.951359][ T6229] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  167.952357][ T6233] ubi31: background thread "ubi_bgt31d" started, PID 6233
[  168.445162][    C1] vkms_vblank_simulate: vblank timer overrun
[  168.516192][   T38] audit: type=1326 audit(1758452561.870:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6235 comm="syz.0.57" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ad378ec29 code=0x7ffc0000
[  168.516240][   T38] audit: type=1326 audit(1758452561.870:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6235 comm="syz.0.57" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ad378ec29 code=0x7ffc0000
[  168.516272][   T38] audit: type=1326 audit(1758452561.880:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6235 comm="syz.0.57" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f3ad378ec29 code=0x7ffc0000
[  168.564067][    C1] vkms_vblank_simulate: vblank timer overrun
[  169.522666][    C1] vkms_vblank_simulate: vblank timer overrun
[  171.496063][   T38] audit: type=1326 audit(1758452564.750:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6235 comm="syz.0.57" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ad378ec29 code=0x7ffc0000
[  171.496117][   T38] audit: type=1326 audit(1758452564.750:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6235 comm="syz.0.57" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ad378ec29 code=0x7ffc0000
[  171.545758][    C1] vkms_vblank_simulate: vblank timer overrun
[  171.614282][    C1] vkms_vblank_simulate: vblank timer overrun
[  172.118815][ T6251] capability: warning: `syz.3.58' uses deprecated v2 capabilities in a way that may be insecure
[  172.841899][ T6250] kernel profiling enabled (shift: 7)
[  174.248958][    C1] vkms_vblank_simulate: vblank timer overrun
[  174.739481][    C1] vkms_vblank_simulate: vblank timer overrun
[  177.135655][    C1] vkms_vblank_simulate: vblank timer overrun
[  177.368400][    C1] vkms_vblank_simulate: vblank timer overrun
[  177.739636][    C1] vkms_vblank_simulate: vblank timer overrun
[  177.833949][ T6272] syz.4.65 uses obsolete (PF_INET,SOCK_PACKET)
[  178.800015][ T6281] Invalid source name
[  178.800034][ T6281] UBIFS error (pid: 6281): cannot open "ubifs", error -22
[  179.275657][    C1] vkms_vblank_simulate: vblank timer overrun
[  179.331957][    C1] vkms_vblank_simulate: vblank timer overrun
[  179.493614][ T6284] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  183.195596][ T6300] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  183.199761][ T6300] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  183.728543][   T31] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[  184.160149][   T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  184.164866][   T31] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  184.164898][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.164920][   T31] usb 3-1: Product: syz
[  184.164936][   T31] usb 3-1: Manufacturer: syz
[  184.164952][   T31] usb 3-1: SerialNumber: syz
[  184.195680][   T31] usb 3-1: config 0 descriptor??
[  184.583649][ T6307] netlink: 64 bytes leftover after parsing attributes in process `syz.0.71'.
[  189.330263][ T6322] tty tty2: ldisc open failed (-12), clearing slot 1
[  190.074212][   T31] usb 3-1: USB disconnect, device number 2
[  191.225339][ T6314] syz.0.71 (6314): drop_caches: 2
[  191.281208][ T6009] udevd[6009]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  191.681413][ T6335] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  193.091495][ T5930] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  193.245061][ T5930] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  193.245090][ T5930] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  193.246694][ T5930] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  193.246723][ T5930] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  193.246745][ T5930] usb 5-1: SerialNumber: syz
[  194.398824][   T31] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  194.636920][ T5930] usb 5-1: 0:2 : does not exist
[  194.696903][   T31] usb 1-1: Using ep0 maxpacket: 16
[  194.731480][ T6366] 9pnet_fd: Insufficient options for proto=fd
[  195.254129][   T31] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  195.254161][   T31] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  195.254183][   T31] usb 1-1: Product: syz
[  195.254197][   T31] usb 1-1: Manufacturer: syz
[  195.254212][   T31] usb 1-1: SerialNumber: syz
[  195.443050][   T31] usb 1-1: config 0 descriptor??
[  196.488682][ T6376] =======================================================
[  196.488682][ T6376] WARNING: The mand mount option has been deprecated and
[  196.488682][ T6376]          and is ignored by this kernel. Remove the mand
[  196.488682][ T6376]          option from the mount to silence this warning.
[  196.488682][ T6376] =======================================================
[  196.488778][ T6376] new mount options do not match the existing superblock, will be ignored
[  196.874848][ T6375] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[  197.065363][ T5930] usb 5-1: USB disconnect, device number 2
[  197.444940][ T6363] syz.1.78: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  197.445347][ T6363] CPU: 1 UID: 0 PID: 6363 Comm: syz.1.78 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  197.445373][ T6363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  197.445391][ T6363] Call Trace:
[  197.445399][ T6363]  <TASK>
[  197.445409][ T6363]  dump_stack_lvl+0x189/0x250
[  197.445459][ T6363]  ? __pfx_dump_stack_lvl+0x10/0x10
[  197.445492][ T6363]  ? __pfx__printk+0x10/0x10
[  197.445517][ T6363]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  197.445542][ T6363]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  197.445568][ T6363]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  197.445596][ T6363]  warn_alloc+0x22e/0x3b0
[  197.445627][ T6363]  ? __pfx_warn_alloc+0x10/0x10
[  197.445669][ T6363]  ? __get_vm_area_node+0x2bc/0x350
[  197.445701][ T6363]  ? hash_netport4_resize+0x235/0x1b70
[  197.445729][ T6363]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  197.445760][ T6363]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.445815][ T6363]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  197.445853][ T6363]  ? rcu_is_watching+0x15/0xb0
[  197.445889][ T6363]  __kvmalloc_node_noprof+0x330/0x550
[  197.445920][ T6363]  ? hash_netport4_resize+0x235/0x1b70
[  197.445938][ T6363]  ? hash_netport4_resize+0x235/0x1b70
[  197.445964][ T6363]  hash_netport4_resize+0x235/0x1b70
[  197.445983][ T6363]  ? hash_netport4_uadt+0xc9a/0xf30
[  197.446010][ T6363]  ? __pfx_hash_netport4_add+0x10/0x10
[  197.446039][ T6363]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  197.446080][ T6363]  ? call_ad+0x102/0x9c0
[  197.446111][ T6363]  call_ad+0x3c5/0x9c0
[  197.446148][ T6363]  ? __pfx_call_ad+0x10/0x10
[  197.446193][ T6363]  ? __nla_parse+0x40/0x60
[  197.446220][ T6363]  ip_set_ad+0x797/0x940
[  197.446258][ T6363]  ? __pfx_ip_set_ad+0x10/0x10
[  197.446315][ T6363]  ? __pfx_ip_set_uadd+0x10/0x10
[  197.446351][ T6363]  nfnetlink_rcv_msg+0xb66/0x1150
[  197.446378][ T6363]  ? lockdep_hardirqs_on+0x9c/0x150
[  197.446410][ T6363]  ? nfnetlink_rcv_msg+0x212/0x1150
[  197.446459][ T6363]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  197.446518][ T6363]  ? rcu_is_watching+0x15/0xb0
[  197.446551][ T6363]  ? trace_irq_disable+0x37/0x110
[  197.446583][ T6363]  ? rcu_is_watching+0x15/0xb0
[  197.446627][ T6363]  netlink_rcv_skb+0x205/0x470
[  197.446755][ T6363]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  197.446788][ T6363]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  197.446833][ T6363]  ? bpf_lsm_capable+0x9/0x20
[  197.446861][ T6363]  ? security_capable+0x7e/0x2e0
[  197.446900][ T6363]  nfnetlink_rcv+0x26a/0x2530
[  197.446930][ T6363]  ? __dev_queue_xmit+0x1d3d/0x3b70
[  197.446970][ T6363]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  197.447004][ T6363]  ? lockdep_hardirqs_on+0x9c/0x150
[  197.447038][ T6363]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  197.447072][ T6363]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  197.447108][ T6363]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  197.447142][ T6363]  ? rcu_preempt_deferred_qs_irqrestore+0x89c/0xce0
[  197.447192][ T6363]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  197.447233][ T6363]  ? rcu_is_watching+0x15/0xb0
[  197.447277][ T6363]  ? rcu_read_unlock_special+0x35b/0x470
[  197.447309][ T6363]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  197.447337][ T6363]  ? netlink_deliver_tap+0x2e/0x1b0
[  197.447374][ T6363]  ? netlink_deliver_tap+0x2e/0x1b0
[  197.447414][ T6363]  netlink_unicast+0x843/0xa10
[  197.447457][ T6363]  ? __pfx_netlink_unicast+0x10/0x10
[  197.447488][ T6363]  ? netlink_sendmsg+0x642/0xb30
[  197.447518][ T6363]  ? skb_put+0x11b/0x210
[  197.447556][ T6363]  netlink_sendmsg+0x805/0xb30
[  197.447586][ T6363]  ? lockdep_hardirqs_on+0x9c/0x150
[  197.447638][ T6363]  ? __pfx_netlink_sendmsg+0x10/0x10
[  197.447676][ T6363]  ? __pfx_bpf_lsm_socket_sendmsg+0x10/0x10
[  197.447702][ T6363]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  197.447724][ T6363]  ? __pfx_netlink_sendmsg+0x10/0x10
[  197.447756][ T6363]  __sock_sendmsg+0x219/0x270
[  197.447789][ T6363]  ____sys_sendmsg+0x508/0x820
[  197.447820][ T6363]  ? __pfx_____sys_sendmsg+0x10/0x10
[  197.447854][ T6363]  ? import_iovec+0x74/0xa0
[  197.447886][ T6363]  ___sys_sendmsg+0x21f/0x2a0
[  197.447913][ T6363]  ? __pfx____sys_sendmsg+0x10/0x10
[  197.447977][ T6363]  ? __fget_files+0x2a/0x420
[  197.448009][ T6363]  ? __fget_files+0x3a6/0x420
[  197.448054][ T6363]  __x64_sys_sendmsg+0x1a1/0x260
[  197.448081][ T6363]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  197.448132][ T6363]  do_syscall_64+0xfa/0x3b0
[  197.448156][ T6363]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.448178][ T6363]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  197.448203][ T6363]  ? clear_bhb_loop+0x60/0xb0
[  197.448227][ T6363]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.448249][ T6363] RIP: 0033:0x7f409921ec29
[  197.448279][ T6363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  197.448298][ T6363] RSP: 002b:00007f409743c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  197.448323][ T6363] RAX: ffffffffffffffda RBX: 00007f4099466180 RCX: 00007f409921ec29
[  197.448340][ T6363] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000009
[  197.448354][ T6363] RBP: 00007f40992a1e41 R08: 0000000000000000 R09: 0000000000000000
[  197.448368][ T6363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  197.448381][ T6363] R13: 00007f4099466218 R14: 00007f4099466180 R15: 00007ffeb46c6ce8
[  197.448417][ T6363]  </TASK>
[  197.448495][ T6363] Mem-Info:
[  197.448510][ T6363] active_anon:3126 inactive_anon:8845 isolated_anon:0
[  197.448510][ T6363]  active_file:5399 inactive_file:37899 isolated_file:0
[  197.448510][ T6363]  unevictable:768 dirty:116 writeback:0
[  197.448510][ T6363]  slab_reclaimable:11598 slab_unreclaimable:102054
[  197.448510][ T6363]  mapped:33622 shmem:7098 pagetables:1267
[  197.448510][ T6363]  sec_pagetables:0 bounce:0
[  197.448510][ T6363]  kernel_misc_reclaimable:0
[  197.448510][ T6363]  free:1323736 free_pcp:5697 free_cma:0
[  197.448571][ T6363] Node 0 active_anon:12504kB inactive_anon:35380kB active_file:21388kB inactive_file:151596kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:134488kB dirty:464kB writeback:0kB shmem:26856kB kernel_stack:13188kB pagetables:4900kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  197.448666][ T6363] Node 1 active_anon:0kB inactive_anon:0kB active_file:208kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:48kB pagetables:168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  197.448712][ T6363] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  197.448779][ T6363] lowmem_reserve[]: 0 2512 2513 2513 2513
[  197.448820][ T6363] Node 0 DMA32 free:1380344kB boost:0kB min:3940kB low:6484kB high:9028kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12500kB inactive_anon:35340kB active_file:20368kB inactive_file:151528kB unevictable:1536kB writepending:464kB present:3129332kB managed:2572288kB mlocked:0kB bounce:0kB free_pcp:22784kB local_pcp:11112kB free_cma:0kB
[  197.448886][ T6363] lowmem_reserve[]: 0 0 1 1 1
[  197.448922][ T6363] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:1020kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  197.448991][ T6363] lowmem_reserve[]: 0 0 0 0 0
[  197.449027][ T6363] Node 1 Normal free:3899240kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:208kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  197.449090][ T6363] lowmem_reserve[]: 0 0 0 0 0
[  197.449127][ T6363] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  197.449257][ T6363] Node 0 DMA32: 103*4kB (UME) 108*8kB (UM) 260*16kB (UM) 85*32kB (UME) 40*64kB (UME) 16*128kB (UME) 6*256kB (UE) 6*512kB (UE) 7*1024kB (ME) 2*2048kB (UM) 330*4096kB (UM) = 1380316kB
[  197.449447][ T6363] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  197.449572][ T6363] Node 1 Normal: 206*4kB (UM) 60*8kB (UME) 31*16kB (UME) 207*32kB (UME) 84*64kB (UME) 29*128kB (UME) 15*256kB (UM) 8*512kB (UM) 1*1024kB (M) 1*2048kB (E) 945*4096kB (M) = 3899240kB
[  197.449762][ T6363] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  197.449780][ T6363] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  197.449799][ T6363] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  197.449816][ T6363] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  197.449834][ T6363] 50392 total pagecache pages
[  197.449846][ T6363] 0 pages in swap cache
[  197.449854][ T6363] Free swap  = 124996kB
[  197.449861][ T6363] Total swap = 124996kB
[  197.449870][ T6363] 2097051 pages RAM
[  197.449887][ T6363] 0 pages HighMem/MovableOnly
[  197.449895][ T6363] 422081 pages reserved
[  197.449903][ T6363] 0 pages cma reserved
[  199.033001][ T6390] trusted_key: syz.4.85 sent an empty control message without MSG_MORE.
[  199.045844][   T31] usb 1-1: USB disconnect, device number 2
[  199.784064][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  199.784146][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  201.025538][ T6340] udevd[6340]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  209.108365][   T38] audit: type=1326 audit(1758452602.290:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.4.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68dcb1ec29 code=0x7ffc0000
[  209.108429][   T38] audit: type=1326 audit(1758452602.290:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.4.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68dcb1ec29 code=0x7ffc0000
[  209.108476][   T38] audit: type=1326 audit(1758452602.300:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.4.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f68dcb1ec29 code=0x7ffc0000
[  209.108522][   T38] audit: type=1326 audit(1758452602.310:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.4.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f68dcb1ec63 code=0x7ffc0000
[  209.108568][   T38] audit: type=1326 audit(1758452602.310:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.4.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f68dcb1ec63 code=0x7ffc0000
[  209.108614][   T38] audit: type=1326 audit(1758452602.310:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.4.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68dcb1ec29 code=0x7ffc0000
[  209.108660][   T38] audit: type=1326 audit(1758452602.330:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.4.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68dcb1ec29 code=0x7ffc0000
[  209.108707][   T38] audit: type=1326 audit(1758452602.330:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.4.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68dcb1ec29 code=0x7ffc0000
[  209.108753][   T38] audit: type=1326 audit(1758452602.330:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.4.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68dcb1ec29 code=0x7ffc0000
[  209.108800][   T38] audit: type=1326 audit(1758452602.340:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.4.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f68dcb1ec29 code=0x7ffc0000
[  209.764489][ T6227] udevd[6227]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  210.188068][    C0] vkms_vblank_simulate: vblank timer overrun
[  210.251880][    C0] vkms_vblank_simulate: vblank timer overrun
[  210.350269][    C0] vkms_vblank_simulate: vblank timer overrun
[  210.577132][    C0] vkms_vblank_simulate: vblank timer overrun
[  210.756188][    C0] vkms_vblank_simulate: vblank timer overrun
[  210.817274][    C0] vkms_vblank_simulate: vblank timer overrun
[  211.370640][ T6422] new mount options do not match the existing superblock, will be ignored
[  211.411145][ T6422] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[  211.911526][    C0] vkms_vblank_simulate: vblank timer overrun
[  212.371474][    C0] vkms_vblank_simulate: vblank timer overrun
[  212.387382][ T6424] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  212.681653][    C0] vkms_vblank_simulate: vblank timer overrun
[  213.520963][    C0] vkms_vblank_simulate: vblank timer overrun
[  213.874273][    C0] vkms_vblank_simulate: vblank timer overrun
[  213.926303][    C0] vkms_vblank_simulate: vblank timer overrun
[  213.964648][    C0] vkms_vblank_simulate: vblank timer overrun
[  214.152366][    C0] vkms_vblank_simulate: vblank timer overrun
[  214.295863][    C0] vkms_vblank_simulate: vblank timer overrun
[  214.689516][ T6436] overlayfs: failed to resolve './file1': -2
[  218.462347][ T6443] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  218.462457][ T6443] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  218.717273][ T6443] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  218.791424][ T6443] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  218.791507][ T6443] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  218.845683][ T6443] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  218.880356][ T6443] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  218.880417][ T6443] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  218.951417][ T6443] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  218.989823][ T6443] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  218.989887][ T6443] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  219.042776][ T6443] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  219.058345][   T59] Bluetooth: hci1: command 0x0c1a tx timeout
[  221.013600][   T59] Bluetooth: hci3: command 0x0c1a tx timeout
[  221.013862][   T59] Bluetooth: hci2: command 0x0c1a tx timeout
[  221.058513][ T5857] Bluetooth: hci4: command 0x0c1a tx timeout
[  221.255220][ T6477] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  221.257536][ T6477] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  221.688408][ T5857] Bluetooth: hci1: command 0x0c1a tx timeout
[  223.058373][ T5857] Bluetooth: hci2: command 0x0c1a tx timeout
[  223.058405][ T5857] Bluetooth: hci3: command 0x0c1a tx timeout
[  223.138406][   T59] Bluetooth: hci4: command 0x0c1a tx timeout
[  223.708335][ T5857] Bluetooth: hci1: command 0x0c1a tx timeout
[  225.415231][ T5856] Bluetooth: hci2: command 0x0c1a tx timeout
[  225.418415][ T5856] Bluetooth: hci4: command 0x0c1a tx timeout
[  225.662486][ T5857] Bluetooth: hci3: command 0x0c1a tx timeout
[  226.177084][ T6493] futex_wake_op: syz.3.109 tries to shift op by -1; fix this program
[  226.980912][ T6497] netlink: 256 bytes leftover after parsing attributes in process `syz.2.106'.
[  226.989502][ T6497] unsupported nlmsg_type 40
[  228.046286][ T6506] cramfs: Unknown parameter 'discard'
[  228.061774][ T5856] Bluetooth: hci4: command 0x0c1a tx timeout
[  228.893682][ T6510] process 'syz.0.110' launched './file2' with NULL argv: empty string added
[  229.724213][ T6510] Bluetooth: hci0: Opcode 0x080f failed: -4
[  230.018025][ T6509] CUSE: info not properly terminated
[  232.135038][ T6538] overlayfs: overlapping lowerdir path
[  232.383286][ T6539] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  232.820400][ T6540] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  233.506089][ T5828] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  233.930799][ T6548] new mount options do not match the existing superblock, will be ignored
[  233.967073][ T6548] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[  234.339987][   T38] kauditd_printk_skb: 20 callbacks suppressed
[  234.340041][   T38] audit: type=1326 audit(1758452627.080:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6543 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f409921ec29 code=0x7ffc0000
[  234.340482][   T38] audit: type=1326 audit(1758452627.080:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6543 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f409921ec29 code=0x7ffc0000
[  234.341063][   T38] audit: type=1326 audit(1758452627.080:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6543 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f409921ec29 code=0x7ffc0000
[  234.588468][ T5828] usb 1-1: Using ep0 maxpacket: 32
[  234.612761][ T6547] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR
[  234.613161][ T6549] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  234.617700][ T5828] usb 1-1: config 0 has an invalid interface number: 169 but max is 0
[  234.617733][ T5828] usb 1-1: config 0 has an invalid descriptor of length 53, skipping remainder of the config
[  234.617757][ T5828] usb 1-1: config 0 has no interface number 0
[  234.617816][ T5828] usb 1-1: config 0 interface 169 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  234.617848][ T5828] usb 1-1: config 0 interface 169 has no altsetting 0
[  234.622002][ T5828] usb 1-1: New USB device found, idVendor=0499, idProduct=500c, bcdDevice=33.49
[  234.622037][ T5828] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.622060][ T5828] usb 1-1: Product: syz
[  234.622076][ T5828] usb 1-1: Manufacturer: syz
[  234.622093][ T5828] usb 1-1: SerialNumber: syz
[  234.840913][ T5828] usb 1-1: config 0 descriptor??
[  235.604114][ T5828] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  235.991531][ T5828] snd-usb-audio 1-1:0.169: probe with driver snd-usb-audio failed with error -2
[  236.036961][ T5828] usb 1-1: USB disconnect, device number 3
[  239.271733][ T6340] udevd[6340]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.169/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  242.614926][    C1] vkms_vblank_simulate: vblank timer overrun
[  243.128334][ T6594] IPVS: fo: SCTP 172.20.20.187:0 - no destination available
[  243.448527][    C1] vkms_vblank_simulate: vblank timer overrun
[  243.492327][    C1] vkms_vblank_simulate: vblank timer overrun
[  243.705664][    C1] vkms_vblank_simulate: vblank timer overrun
[  243.775486][    C1] vkms_vblank_simulate: vblank timer overrun
[  243.816786][ T5992] IPVS: starting estimator thread 0...
[  244.048701][ T6597] IPVS: using max 7 ests per chain, 16800 per kthread
[  244.647245][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.289989][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.467207][ T6606] input: syz0 as /devices/virtual/input/input5
[  245.472954][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.856382][    C1] vkms_vblank_simulate: vblank timer overrun
[  246.306618][    C1] vkms_vblank_simulate: vblank timer overrun
[  246.611101][    C1] vkms_vblank_simulate: vblank timer overrun
[  246.757177][    C1] vkms_vblank_simulate: vblank timer overrun
[  246.896053][    C1] vkms_vblank_simulate: vblank timer overrun
[  247.278688][    C1] vkms_vblank_simulate: vblank timer overrun
[  248.607566][ T6627] binder: 6622:6627 ioctl c018620c 200000000000 returned -22
[  250.680696][ T6629] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  251.824546][ T6628] orangefs_mount: mount request failed with -4
[  252.463645][ T6635] tmpfs: Bad value for 'mpol'
[  253.788370][ T6642] netlink: 96 bytes leftover after parsing attributes in process `syz.0.138'.
[  253.904930][ T6644] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  254.342020][ T6645] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  254.342209][ T6645] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  255.492781][ T5853] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  255.499780][ T5853] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  255.502099][ T5853] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  255.530799][ T5853] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  255.538640][ T5853] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  257.738398][ T5856] Bluetooth: hci5: command tx timeout
[  258.543982][ T5853] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  258.555651][ T5853] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  258.556958][ T5853] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  258.559273][ T5853] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  258.562380][ T5853] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  259.352895][ T6672] binder: BINDER_SET_CONTEXT_MGR already set
[  259.352959][ T6672] binder: 6663:6672 ioctl 4018620d 200000000040 returned -16
[  259.650156][ T6669] netlink: zone id is out of range
[  259.650525][ T6669] netlink: zone id is out of range
[  259.651744][ T6669] netlink: zone id is out of range
[  259.653597][ T6669] netlink: zone id is out of range
[  259.653606][ T6669] netlink: zone id is out of range
[  259.653612][ T6669] netlink: zone id is out of range
[  259.653617][ T6669] netlink: zone id is out of range
[  259.653623][ T6669] netlink: zone id is out of range
[  259.653628][ T6669] netlink: zone id is out of range
[  259.653633][ T6669] netlink: zone id is out of range
[  259.788384][ T5853] Bluetooth: hci5: command tx timeout
[  260.578362][ T5853] Bluetooth: hci2: command tx timeout
[  260.662643][ T6686] Malformed UNC in devname
[  260.662643][ T6686] 
[  260.662695][ T6686] CIFS: VFS: Malformed UNC in devname
[  261.159799][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  261.159883][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  261.458426][    T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  261.628591][    T9] usb 1-1: Using ep0 maxpacket: 8
[  261.634109][    T9] usb 1-1: config 0 has an invalid interface number: 148 but max is 0
[  261.634137][    T9] usb 1-1: config 0 has no interface number 0
[  261.781245][    T9] usb 1-1: New USB device found, idVendor=0d46, idProduct=2012, bcdDevice=4d.36
[  261.781281][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.781308][    T9] usb 1-1: Product: syz
[  261.781324][    T9] usb 1-1: Manufacturer: syz
[  261.781339][    T9] usb 1-1: SerialNumber: syz
[  261.858443][ T5853] Bluetooth: hci5: command tx timeout
[  262.033582][   T38] audit: type=1326 audit(1758452655.350:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6688 comm="syz.2.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c5829ec29 code=0x7ffc0000
[  262.034024][   T38] audit: type=1326 audit(1758452655.360:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6688 comm="syz.2.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c5829ec29 code=0x7ffc0000
[  262.185185][ T6692] new mount options do not match the existing superblock, will be ignored
[  262.208273][ T6692] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[  262.304766][   T38] audit: type=1326 audit(1758452655.360:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6688 comm="syz.2.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f8c5829ec29 code=0x7ffc0000
[  263.288370][ T5853] Bluetooth: hci2: command tx timeout
[  263.446240][    T9] usb 1-1: config 0 descriptor??
[  263.622869][    T9] usb 1-1: can't set config #0, error -71
[  263.626282][    T9] usb 1-1: USB disconnect, device number 4
[  264.016239][ T5853] Bluetooth: hci5: command tx timeout
[  265.625925][ T5853] Bluetooth: hci2: command tx timeout
[  265.865988][ T6709] loop6: detected capacity change from 0 to 7
[  265.984007][ T6709] Dev loop6: unable to read RDB block 7
[  265.984304][ T6709]  loop6: unable to read partition table
[  265.989129][ T6709] loop6: partition table beyond EOD, truncated
[  265.989290][ T6709] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  267.932188][ T3195] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.082112][ T5856] Bluetooth: hci2: command tx timeout
[  268.642944][ T6724] syz.4.155 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  270.737677][ T6731] netlink: 452 bytes leftover after parsing attributes in process `syz.0.156'.
[  271.664725][ T5853] Bluetooth: hci2: command 0x0405 tx timeout
[  274.344731][ T6749] new mount options do not match the existing superblock, will be ignored
[  274.345799][ T6749] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[  274.458410][   T38] audit: type=1326 audit(1758452667.460:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6741 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ad378ec29 code=0x7ffc0000
[  274.458468][   T38] audit: type=1326 audit(1758452667.460:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6741 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ad378ec29 code=0x7ffc0000
[  274.458521][   T38] audit: type=1326 audit(1758452667.490:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6741 comm="syz.0.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f3ad378ec29 code=0x7ffc0000
[  275.478768][   T38] audit: type=1326 audit(1758452668.840:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6745 comm="syz.2.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c5829ec29 code=0x7ffc0000
[  275.478832][   T38] audit: type=1326 audit(1758452668.840:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6745 comm="syz.2.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c5829ec29 code=0x7ffc0000
[  275.478884][   T38] audit: type=1326 audit(1758452668.840:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6745 comm="syz.2.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f8c5829ec29 code=0x7ffc0000
[  276.108097][ T6757] new mount options do not match the existing superblock, will be ignored
[  276.185868][ T6757] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[  277.868853][ T6753] workqueue: Failed to create a rescuer kthread for wq "xfs-inodegc/nullb0": -EINTR
[  278.610001][ T3195] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.870429][ T6784] Invalid source name
[  281.870448][ T6784] UBIFS error (pid: 6784): cannot open "ubifs", error -22
[  284.395963][ T3195] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.013114][ T6812] new mount options do not match the existing superblock, will be ignored
[  287.028365][ T6812] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[  287.668336][   T38] audit: type=1326 audit(1758452680.180:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6807 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c5829ec29 code=0x7ffc0000
[  287.668395][   T38] audit: type=1326 audit(1758452680.180:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6807 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c5829ec29 code=0x7ffc0000
[  287.668442][   T38] audit: type=1326 audit(1758452680.190:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6807 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f8c5829ec29 code=0x7ffc0000
[  288.104645][ T6811] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR
[  288.104961][ T6812] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  288.665131][ T3195] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  289.003917][ T6824] new mount options do not match the existing superblock, will be ignored
[  289.021924][ T6824] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[  289.112606][   T38] audit: type=1326 audit(1758452682.170:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6819 comm="syz.2.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c5829ec29 code=0x7ffc0000
[  289.113067][   T38] audit: type=1326 audit(1758452682.170:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6819 comm="syz.2.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c5829ec29 code=0x7ffc0000
[  289.113423][   T38] audit: type=1326 audit(1758452682.180:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6819 comm="syz.2.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f8c5829ec29 code=0x7ffc0000
[  289.671564][ T6818] netlink: 452 bytes leftover after parsing attributes in process `syz.4.175'.
[  289.696885][ T6825] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  296.268542][ T5856] Bluetooth: hci1: command 0x1003 tx timeout
[  296.268699][ T5853] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  296.702723][ T6870] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  299.097124][ T6637] chnl_net:caif_netlink_parms(): no params data found
[  299.490345][ T6883] netlink: 452 bytes leftover after parsing attributes in process `syz.4.185'.
[  300.253579][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805de2c000: rx timeout, send abort
[  300.514387][ T3195] bridge_slave_1: left allmulticast mode
[  300.514484][ T3195] bridge_slave_1: left promiscuous mode
[  300.519511][ T3195] bridge0: port 2(bridge_slave_1) entered disabled state
[  300.602137][ T3195] bridge_slave_0: left allmulticast mode
[  300.602175][ T3195] bridge_slave_0: left promiscuous mode
[  300.603768][ T3195] bridge0: port 1(bridge_slave_0) entered disabled state
[  300.760577][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805de2c000: abort rx timeout. Force session deactivation
[  301.673993][ T6901] Invalid source name
[  301.674012][ T6901] UBIFS error (pid: 6901): cannot open "ubifs", error -22
[  308.830439][ T5856] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  308.849265][ T5856] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  308.851784][ T5856] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  308.853798][ T5856] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  308.856618][ T5856] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  309.576970][ T6948] Invalid source name
[  309.576990][ T6948] UBIFS error (pid: 6948): cannot open "ubifs", error -22
[  311.139231][ T6957] overlayfs: failed to resolve './file0': -2
[  312.277670][ T6961] netlink: 4 bytes leftover after parsing attributes in process `syz.0.200'.
[  312.768443][ T5856] Bluetooth: hci1: command tx timeout
[  312.860126][ T6964] ptrace attach of "./syz-executor exec"[5854] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  313.107609][    C1] vkms_vblank_simulate: vblank timer overrun
[  313.573858][    C1] vkms_vblank_simulate: vblank timer overrun
[  313.735600][    C1] vkms_vblank_simulate: vblank timer overrun
[  314.151461][    C1] vkms_vblank_simulate: vblank timer overrun
[  314.186219][    C1] vkms_vblank_simulate: vblank timer overrun
[  314.286054][    C1] vkms_vblank_simulate: vblank timer overrun
[  314.472137][    C1] vkms_vblank_simulate: vblank timer overrun
[  314.822277][ T5853] Bluetooth: hci1: command tx timeout
[  315.205942][    C1] vkms_vblank_simulate: vblank timer overrun
[  315.797263][    C1] vkms_vblank_simulate: vblank timer overrun
[  316.442150][    C1] vkms_vblank_simulate: vblank timer overrun
[  316.570589][    C1] vkms_vblank_simulate: vblank timer overrun
[  316.967788][    C1] vkms_vblank_simulate: vblank timer overrun
[  317.048502][ T5853] Bluetooth: hci1: command tx timeout
[  317.462401][ T6996] Invalid source name
[  317.462423][ T6996] UBIFS error (pid: 6996): cannot open "ubifs", error -22
[  317.577155][    C1] vkms_vblank_simulate: vblank timer overrun
[  318.643103][ T5856] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  318.674092][ T5856] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  318.675401][ T5856] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  318.676783][ T5856] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  318.677680][ T5856] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  319.058550][ T5853] Bluetooth: hci1: command tx timeout
[  319.530108][ T3195] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  319.913947][ T3195] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  319.988783][ T3195] bond0 (unregistering): Released all slaves
[  320.260290][ T7010] comedi comedi0: Minor 3 specified more than once!
[  322.318830][ T5853] Bluetooth: hci6: command tx timeout
[  322.462475][    C1] vkms_vblank_simulate: vblank timer overrun
[  322.655555][    C1] vkms_vblank_simulate: vblank timer overrun
[  322.658833][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  322.658914][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  322.698133][ T6637] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg0": -EINTR
[  323.013306][    C1] vkms_vblank_simulate: vblank timer overrun
[  323.314444][    C1] vkms_vblank_simulate: vblank timer overrun
[  323.354738][    C1] vkms_vblank_simulate: vblank timer overrun
[  323.388773][    C1] vkms_vblank_simulate: vblank timer overrun
[  324.111015][    C1] vkms_vblank_simulate: vblank timer overrun
[  324.586562][ T7021] netlink: 324 bytes leftover after parsing attributes in process `syz.0.213'.
[  325.839215][    C1] vkms_vblank_simulate: vblank timer overrun
[  325.858549][ T5853] Bluetooth: hci6: command tx timeout
[  326.112732][    C1] vkms_vblank_simulate: vblank timer overrun
[  326.770567][    C1] vkms_vblank_simulate: vblank timer overrun
[  327.411008][    C1] vkms_vblank_simulate: vblank timer overrun
[  328.300175][ T5853] Bluetooth: hci6: command tx timeout
[  330.338409][ T5853] Bluetooth: hci6: command tx timeout
[  330.818435][ T7053] Invalid source name
[  330.818482][ T7053] UBIFS error (pid: 7053): cannot open "ubifs", error -22
[  336.515394][ T7057] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9)
[  336.524202][ T7057] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  336.533842][ T7058] vhci_hcd: connection closed
[  336.538119][ T7057] vhci_hcd vhci_hcd.0: Device attached
[  336.578259][ T2562] vhci_hcd: stop threads
[  336.579985][ T2562] vhci_hcd: release socket
[  336.580186][ T2562] vhci_hcd: disconnect device
[  339.642977][ T5856] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  339.666827][ T5856] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  339.676222][ T5856] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  339.680992][ T5856] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  339.682346][ T5856] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  339.765665][    C1] vkms_vblank_simulate: vblank timer overrun
[  340.317231][ T7085] ubi31: detaching mtd0
[  341.298209][ T7085] ubi31: mtd0 is detached
[  341.778511][ T5853] Bluetooth: hci2: command tx timeout
[  342.804501][ T7094] Invalid source name
[  342.804519][ T7094] UBIFS error (pid: 7094): cannot open "ubifs", error -22
[  343.348527][ T7104] Invalid source name
[  343.348548][ T7104] UBIFS error (pid: 7104): cannot open "ubifs", error -22
[  343.906268][ T5853] Bluetooth: hci2: command tx timeout
[  345.673153][    C1] vkms_vblank_simulate: vblank timer overrun
[  346.102875][ T5853] Bluetooth: hci2: command tx timeout
[  346.501284][    C1] vkms_vblank_simulate: vblank timer overrun
[  347.117282][    C1] vkms_vblank_simulate: vblank timer overrun
[  347.975606][    C1] vkms_vblank_simulate: vblank timer overrun
[  348.179770][ T5853] Bluetooth: hci2: command tx timeout
[  348.239500][ T3195] hsr_slave_0: left promiscuous mode
[  348.321142][ T3195] hsr_slave_1: left promiscuous mode
[  348.322404][ T3195] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  348.322497][ T3195] batman_adv: batadv0: Removing interface: batadv_slave_0
[  348.984178][    C1] vkms_vblank_simulate: vblank timer overrun
[  349.044298][ T3195] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  349.044334][ T3195] batman_adv: batadv0: Removing interface: batadv_slave_1
[  349.469892][ T7142] Invalid source name
[  349.469912][ T7142] UBIFS error (pid: 7142): cannot open "ubifs", error -22
[  350.095544][    C1] vkms_vblank_simulate: vblank timer overrun
[  350.155003][ T3195] veth1_macvtap: left promiscuous mode
[  350.155638][ T3195] veth0_macvtap: left promiscuous mode
[  350.156096][ T3195] veth1_vlan: left promiscuous mode
[  350.156537][ T3195] veth0_vlan: left promiscuous mode
[  351.182623][ T7144] CIFS: VFS: Malformed UNC in devname
[  351.583606][    C1] vkms_vblank_simulate: vblank timer overrun
[  351.771298][ T7151] Invalid source name
[  351.771317][ T7151] UBIFS error (pid: 7151): cannot open "ubifs", error -22
[  352.348462][    C1] vkms_vblank_simulate: vblank timer overrun
[  352.503820][    C1] vkms_vblank_simulate: vblank timer overrun
[  352.711162][    C1] vkms_vblank_simulate: vblank timer overrun
[  352.920017][    C1] vkms_vblank_simulate: vblank timer overrun
[  353.061729][    C1] vkms_vblank_simulate: vblank timer overrun
[  353.768518][    C1] vkms_vblank_simulate: vblank timer overrun
[  354.361201][    C1] vkms_vblank_simulate: vblank timer overrun
[  355.201242][    C1] vkms_vblank_simulate: vblank timer overrun
[  355.463253][    C1] vkms_vblank_simulate: vblank timer overrun
[  355.786897][    C1] vkms_vblank_simulate: vblank timer overrun
[  355.914666][    C1] vkms_vblank_simulate: vblank timer overrun
[  356.920442][ T7175] futex_wake_op: syz.4.243 tries to shift op by -1; fix this program
[  358.467898][ T5853] Bluetooth: hci4: command 0x0c1a tx timeout
[  359.204700][ T7182] Invalid source name
[  359.204721][ T7182] UBIFS error (pid: 7182): cannot open "ubifs", error -22
[  362.113800][ T7196] Invalid source name
[  362.113848][ T7196] UBIFS error (pid: 7196): cannot open "ubifs", error -22
[  364.865481][ T7210] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  364.865790][ T7210] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  365.487450][ T7212] program syz.4.250 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  365.544362][ T7209] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  366.964411][ T7224] netlink: 780 bytes leftover after parsing attributes in process `syz.0.251'.
[  367.834854][ T5856] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  367.862809][ T5856] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  367.865017][ T5856] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  367.866646][ T5856] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  367.867797][ T5856] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  368.293728][ T7231] Invalid source name
[  368.293748][ T7231] UBIFS error (pid: 7231): cannot open "ubifs", error -22
[  370.188908][ T5853] Bluetooth: hci3: command tx timeout
[  370.975648][ T7242] Invalid source name
[  370.975668][ T7242] UBIFS error (pid: 7242): cannot open "ubifs", error -22
[  372.420128][    C1] vkms_vblank_simulate: vblank timer overrun
[  372.447820][    C1] vkms_vblank_simulate: vblank timer overrun
[  372.625944][    C1] vkms_vblank_simulate: vblank timer overrun
[  372.920651][ T5853] Bluetooth: hci3: command tx timeout
[  373.018594][    C1] vkms_vblank_simulate: vblank timer overrun
[  373.417854][ T7254] kAFS: No cell specified
[  373.702137][    C1] vkms_vblank_simulate: vblank timer overrun
[  373.967769][    C1] vkms_vblank_simulate: vblank timer overrun
[  374.191029][    C1] vkms_vblank_simulate: vblank timer overrun
[  374.726305][    C1] vkms_vblank_simulate: vblank timer overrun
[  374.957507][    C1] vkms_vblank_simulate: vblank timer overrun
[  374.978362][ T5853] Bluetooth: hci3: command tx timeout
[  375.145963][    C1] vkms_vblank_simulate: vblank timer overrun
[  375.691262][ T7271] netlink: 4 bytes leftover after parsing attributes in process `syz.0.260'.
[  375.768641][    C1] vkms_vblank_simulate: vblank timer overrun
[  376.196854][    C1] vkms_vblank_simulate: vblank timer overrun
[  376.717451][    C1] vkms_vblank_simulate: vblank timer overrun
[  376.842196][    C1] vkms_vblank_simulate: vblank timer overrun
[  377.058391][ T5853] Bluetooth: hci3: command tx timeout
[  377.458627][    C1] vkms_vblank_simulate: vblank timer overrun
[  379.693010][ T7281] Invalid source name
[  379.693030][ T7281] UBIFS error (pid: 7281): cannot open "ubifs", error -22
[  380.830807][ T7289] Invalid source name
[  380.830835][ T7289] UBIFS error (pid: 7289): cannot open "ubifs", error -22
[  381.671487][ T5856] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  381.674492][ T5856] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  381.675763][ T5856] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  381.677501][ T5856] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  381.689391][ T5856] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  383.106937][ T7303] netlink: 8 bytes leftover after parsing attributes in process `syz.0.266'.
[  383.195533][ T7304] vivid-004: disconnect
[  383.489605][ T7304] Bluetooth: MGMT ver 1.23
[  383.938344][ T5853] Bluetooth: hci5: command tx timeout
[  384.116201][ T3195] team0 (unregistering): Port device team_slave_1 removed
[  384.149980][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  384.150062][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  384.991048][ T7307] vivid-004: reconnect
[  385.400157][ T3195] team0 (unregistering): Port device team_slave_0 removed
[  386.822476][ T5853] Bluetooth: hci5: command tx timeout
[  388.904187][ T5853] Bluetooth: hci5: command tx timeout
[  390.101566][ T7327] tmpfs: Bad value for 'mpol'
[  391.345039][ T7332] Invalid source name
[  391.345061][ T7332] UBIFS error (pid: 7332): cannot open "ubifs", error -22
[  391.902767][ T5853] Bluetooth: hci5: command tx timeout
[  394.195267][    C1] vkms_vblank_simulate: vblank timer overrun
[  394.376143][    C1] vkms_vblank_simulate: vblank timer overrun
[  394.935767][    C1] vkms_vblank_simulate: vblank timer overrun
[  395.129562][    C1] vkms_vblank_simulate: vblank timer overrun
[  395.465231][    C1] vkms_vblank_simulate: vblank timer overrun
[  395.613816][    C1] vkms_vblank_simulate: vblank timer overrun
[  395.809351][    C1] vkms_vblank_simulate: vblank timer overrun
[  396.667513][    C1] vkms_vblank_simulate: vblank timer overrun
[  396.869785][    C1] vkms_vblank_simulate: vblank timer overrun
[  397.541878][    C1] vkms_vblank_simulate: vblank timer overrun
[  397.706283][    C1] vkms_vblank_simulate: vblank timer overrun
[  397.792249][    C1] vkms_vblank_simulate: vblank timer overrun
[  397.929984][    C1] vkms_vblank_simulate: vblank timer overrun
[  398.193873][    C1] vkms_vblank_simulate: vblank timer overrun
[  398.252236][    C1] vkms_vblank_simulate: vblank timer overrun
[  399.070398][    C1] vkms_vblank_simulate: vblank timer overrun
[  400.622306][ T5856] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  400.637225][ T5856] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  400.671105][ T5856] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  400.686014][ T5856] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  400.696834][ T5856] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  401.526463][ T7369] netlink: 8 bytes leftover after parsing attributes in process `syz.0.280'.
[  401.526493][ T7369] netlink: 8 bytes leftover after parsing attributes in process `syz.0.280'.
[  401.906179][ T7378] Invalid source name
[  401.906200][ T7378] UBIFS error (pid: 7378): cannot open "ubifs", error -22
[  402.818374][ T5853] Bluetooth: hci7: command tx timeout
[  404.917690][ T5853] Bluetooth: hci7: command tx timeout
[  406.854716][ T7399] mmap: syz.0.286 (7399) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  407.721832][ T5853] Bluetooth: hci7: command tx timeout
[  408.362475][    C0] vkms_vblank_simulate: vblank timer overrun
[  408.375787][ T7408] 
[  408.375802][ T7408] ======================================================
[  408.375811][ T7408] WARNING: possible circular locking dependency detected
[  408.375826][ T7408] syzkaller #0 Not tainted
[  408.375838][ T7408] ------------------------------------------------------
[  408.375845][ T7408] syz.4.287/7408 is trying to acquire lock:
[  408.375858][ T7408] ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[  408.375921][ T7408] 
[  408.375921][ T7408] but task is already holding lock:
[  408.375928][ T7408] ffff8880242ec3a0 (&dev->vblank_time_lock){+.+.}-{3:3}, at: drm_vblank_disable_and_save+0x7f/0x380
[  408.375992][ T7408] 
[  408.375992][ T7408] which lock already depends on the new lock.
[  408.375992][ T7408] 
[  408.376000][ T7408] 
[  408.376000][ T7408] the existing dependency chain (in reverse order) is:
[  408.376008][ T7408] 
[  408.376008][ T7408] -> #4 (&dev->vblank_time_lock){+.+.}-{3:3}:
[  408.376037][ T7408]        lock_acquire+0x120/0x360
[  408.376064][ T7408]        rt_spin_lock+0x88/0x2c0
[  408.376088][ T7408]        drm_crtc_vblank_on_config+0x2cd/0x860
[  408.376112][ T7408]        drm_crtc_vblank_on+0x88/0xc0
[  408.376135][ T7408]        drm_atomic_helper_commit_modeset_enables+0x602/0xe10
[  408.376161][ T7408]        vkms_atomic_commit_tail+0x69/0x210
[  408.376185][ T7408]        commit_tail+0x281/0x3a0
[  408.376210][ T7408]        drm_atomic_helper_commit+0xa6b/0xb10
[  408.376233][ T7408]        drm_atomic_commit+0x262/0x2c0
[  408.376254][ T7408]        drm_client_modeset_commit_atomic+0x620/0x760
[  408.376276][ T7408]        drm_client_modeset_commit_locked+0xce/0x4d0
[  408.376297][ T7408]        drm_client_modeset_commit+0x4a/0x70
[  408.376318][ T7408]        __drm_fb_helper_restore_fbdev_mode_unlocked+0x9d/0x1b0
[  408.376345][ T7408]        drm_fb_helper_set_par+0xaf/0x100
[  408.376371][ T7408]        fbcon_init+0x1258/0x2370
[  408.376402][ T7408]        visual_init+0x2ef/0x650
[  408.376429][ T7408]        do_bind_con_driver+0x890/0xf70
[  408.376459][ T7408]        do_take_over_console+0x899/0xa10
[  408.376489][ T7408]        do_fbcon_takeover+0x118/0x200
[  408.376518][ T7408]        fbcon_fb_registered+0x35e/0x610
[  408.376546][ T7408]        register_framebuffer+0x70f/0x890
[  408.376564][ T7408]        __drm_fb_helper_initial_config_and_unlock+0x130a/0x18a0
[  408.376589][ T7408]        drm_fbdev_client_hotplug+0x16f/0x230
[  408.376612][ T7408]        drm_client_register+0x16f/0x210
[  408.376637][ T7408]        drm_fbdev_client_setup+0x19f/0x3f0
[  408.376660][ T7408]        drm_client_setup+0x10a/0x230
[  408.376691][ T7408]        vkms_init+0x3e0/0x4b0
[  408.376710][ T7408]        do_one_initcall+0x233/0x820
[  408.376726][ T7408]        do_initcall_level+0x104/0x190
[  408.376749][ T7408]        do_initcalls+0x59/0xa0
[  408.376771][ T7408]        kernel_init_freeable+0x334/0x4b0
[  408.376794][ T7408]        kernel_init+0x1d/0x1d0
[  408.376813][ T7408]        ret_from_fork+0x436/0x7d0
[  408.376834][ T7408]        ret_from_fork_asm+0x1a/0x30
[  408.376850][ T7408] 
[  408.376850][ T7408] -> #3 (&dev->vbl_lock){+.+.}-{3:3}:
[  408.376874][ T7408]        lock_acquire+0x120/0x360
[  408.376895][ T7408]        rt_spin_lock+0x88/0x2c0
[  408.376914][ T7408]        vblank_disable_fn+0x72/0x190
[  408.376933][ T7408]        call_timer_fn+0x17e/0x5f0
[  408.376957][ T7408]        __run_timer_base+0x648/0x970
[  408.376976][ T7408]        run_timer_softirq+0xb7/0x180
[  408.376995][ T7408]        handle_softirqs+0x22f/0x710
[  408.377015][ T7408]        run_ktimerd+0xcf/0x190
[  408.377037][ T7408]        smpboot_thread_fn+0x53f/0xa60
[  408.377057][ T7408]        kthread+0x70e/0x8a0
[  408.377081][ T7408]        ret_from_fork+0x436/0x7d0
[  408.377101][ T7408]        ret_from_fork_asm+0x1a/0x30
[  408.377116][ T7408] 
[  408.377116][ T7408] -> #2 ((&vblank->disable_timer)){+...}-{0:0}:
[  408.377139][ T7408]        lock_acquire+0x120/0x360
[  408.377160][ T7408]        call_timer_fn+0xdb/0x5f0
[  408.377181][ T7408]        __run_timer_base+0x648/0x970
[  408.377199][ T7408]        run_timer_softirq+0xb7/0x180
[  408.377219][ T7408]        handle_softirqs+0x22f/0x710
[  408.377238][ T7408]        run_ktimerd+0xcf/0x190
[  408.377261][ T7408]        smpboot_thread_fn+0x53f/0xa60
[  408.377280][ T7408]        kthread+0x70e/0x8a0
[  408.377303][ T7408]        ret_from_fork+0x436/0x7d0
[  408.377323][ T7408]        ret_from_fork_asm+0x1a/0x30
[  408.377338][ T7408] 
[  408.377338][ T7408] -> #1 (&base->expiry_lock){+...}-{3:3}:
[  408.377361][ T7408]        lock_acquire+0x120/0x360
[  408.377381][ T7408]        rt_spin_lock+0x88/0x2c0
[  408.377399][ T7408]        __run_timer_base+0x114/0x970
[  408.377418][ T7408]        run_timer_softirq+0x67/0x180
[  408.377438][ T7408]        handle_softirqs+0x22f/0x710
[  408.377458][ T7408]        run_ktimerd+0xcf/0x190
[  408.377480][ T7408]        smpboot_thread_fn+0x53f/0xa60
[  408.377500][ T7408]        kthread+0x70e/0x8a0
[  408.377523][ T7408]        ret_from_fork+0x436/0x7d0
[  408.377543][ T7408]        ret_from_fork_asm+0x1a/0x30
[  408.377559][ T7408] 
[  408.377559][ T7408] -> #0 ((softirq_ctrl.lock)){+.+.}-{3:3}:
[  408.377581][ T7408]        validate_chain+0xb9b/0x2140
[  408.377605][ T7408]        __lock_acquire+0xab9/0xd20
[  408.377626][ T7408]        reacquire_held_locks+0x127/0x1d0
[  408.377651][ T7408]        lock_release+0x1b4/0x3e0
[  408.377679][ T7408]        __local_bh_enable_ip+0x10c/0x270
[  408.377701][ T7408]        hrtimer_cancel+0x39/0x60
[  408.377724][ T7408]        drm_vblank_disable_and_save+0x1bc/0x380
[  408.377745][ T7408]        drm_crtc_vblank_off+0x22e/0x820
[  408.377766][ T7408]        drm_atomic_helper_commit_modeset_disables+0xc89/0x2010
[  408.377789][ T7408]        vkms_atomic_commit_tail+0x51/0x210
[  408.377810][ T7408]        commit_tail+0x281/0x3a0
[  408.377831][ T7408]        drm_atomic_helper_commit+0xa6b/0xb10
[  408.377853][ T7408]        drm_atomic_commit+0x262/0x2c0
[  408.377872][ T7408]        drm_atomic_helper_set_config+0xe2/0x160
[  408.377895][ T7408]        drm_mode_setcrtc+0x9a4/0x1c50
[  408.377909][ T7408]        drm_ioctl_kernel+0x2d2/0x3a0
[  408.377934][ T7408]        drm_ioctl+0x685/0xb20
[  408.377957][ T7408]        __se_sys_ioctl+0xff/0x170
[  408.377975][ T7408]        do_syscall_64+0xfa/0x3b0
[  408.377990][ T7408]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.378006][ T7408] 
[  408.378006][ T7408] other info that might help us debug this:
[  408.378006][ T7408] 
[  408.378012][ T7408] Chain exists of:
[  408.378012][ T7408]   (softirq_ctrl.lock) --> &dev->vbl_lock --> &dev->vblank_time_lock
[  408.378012][ T7408] 
[  408.378039][ T7408]  Possible unsafe locking scenario:
[  408.378039][ T7408] 
[  408.378044][ T7408]        CPU0                    CPU1
[  408.378049][ T7408]        ----                    ----
[  408.378054][ T7408]   lock(&dev->vblank_time_lock);
[  408.378065][ T7408]                                lock(&dev->vbl_lock);
[  408.378077][ T7408]                                lock(&dev->vblank_time_lock);
[  408.378089][ T7408]   lock((softirq_ctrl.lock));
[  408.378100][ T7408] 
[  408.378100][ T7408]  *** DEADLOCK ***
[  408.378100][ T7408] 
[  408.378105][ T7408] 8 locks held by syz.4.287/7408:
[  408.378120][ T7408]  #0: ffffc900031cfb20 (crtc_ww_class_acquire){+.+.}-{0:0}, at: drm_mode_setcrtc+0x555/0x1c50
[  408.378171][ T7408]  #1: ffffc900031cfb48 (crtc_ww_class_mutex){+.+.}-{4:4}, at: drm_mode_setcrtc+0x555/0x1c50
[  408.378221][ T7408]  #2: ffff8880242ec4b8 (&dev->event_lock){+.+.}-{3:3}, at: drm_crtc_vblank_off+0xe4/0x820
[  408.378270][ T7408]  #3: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[  408.378315][ T7408]  #4: ffff8880242ec420 (&dev->vbl_lock){+.+.}-{3:3}, at: drm_crtc_vblank_off+0xf5/0x820
[  408.378361][ T7408]  #5: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[  408.378405][ T7408]  #6: ffff8880242ec3a0 (&dev->vblank_time_lock){+.+.}-{3:3}, at: drm_vblank_disable_and_save+0x7f/0x380
[  408.378451][ T7408]  #7: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[  408.378493][ T7408] 
[  408.378493][ T7408] stack backtrace:
[  408.378505][ T7408] CPU: 1 UID: 0 PID: 7408 Comm: syz.4.287 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  408.378525][ T7408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  408.378545][ T7408] Call Trace:
[  408.378553][ T7408]  <TASK>
[  408.378561][ T7408]  dump_stack_lvl+0x189/0x250
[  408.378592][ T7408]  ? __pfx_dump_stack_lvl+0x10/0x10
[  408.378618][ T7408]  ? __pfx__printk+0x10/0x10
[  408.378638][ T7408]  ? print_lock_name+0xde/0x100
[  408.378658][ T7408]  print_circular_bug+0x2ee/0x310
[  408.378684][ T7408]  check_noncircular+0x134/0x160
[  408.378716][ T7408]  validate_chain+0xb9b/0x2140
[  408.378750][ T7408]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  408.378777][ T7408]  ? lockdep_hardirqs_on+0x9c/0x150
[  408.378807][ T7408]  __lock_acquire+0xab9/0xd20
[  408.378833][ T7408]  reacquire_held_locks+0x127/0x1d0
[  408.378860][ T7408]  ? __local_bh_disable_ip+0x264/0x400
[  408.378884][ T7408]  lock_release+0x1b4/0x3e0
[  408.378907][ T7408]  ? __local_bh_enable_ip+0x100/0x270
[  408.378931][ T7408]  __local_bh_enable_ip+0x10c/0x270
[  408.378953][ T7408]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  408.378977][ T7408]  ? rt_spin_unlock+0x65/0x80
[  408.378999][ T7408]  ? hrtimer_cancel_wait_running+0xe5/0x180
[  408.379025][ T7408]  ? hrtimer_cancel_wait_running+0x142/0x180
[  408.379051][ T7408]  ? __pfx_vkms_disable_vblank+0x10/0x10
[  408.379077][ T7408]  hrtimer_cancel+0x39/0x60
[  408.379102][ T7408]  drm_vblank_disable_and_save+0x1bc/0x380
[  408.379126][ T7408]  drm_crtc_vblank_off+0x22e/0x820
[  408.379152][ T7408]  ? drm_atomic_bridge_chain_disable+0x157/0x180
[  408.379181][ T7408]  ? __pfx_vkms_crtc_atomic_disable+0x10/0x10
[  408.379208][ T7408]  drm_atomic_helper_commit_modeset_disables+0xc89/0x2010
[  408.379258][ T7408]  vkms_atomic_commit_tail+0x51/0x210
[  408.379281][ T7408]  ? read_tsc+0x9/0x20
[  408.379302][ T7408]  ? __pfx_vkms_atomic_commit_tail+0x10/0x10
[  408.379325][ T7408]  commit_tail+0x281/0x3a0
[  408.379351][ T7408]  drm_atomic_helper_commit+0xa6b/0xb10
[  408.379378][ T7408]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  408.379401][ T7408]  drm_atomic_commit+0x262/0x2c0
[  408.379424][ T7408]  ? __pfx_drm_atomic_commit+0x10/0x10
[  408.379443][ T7408]  ? __pfx___drm_printfn_info+0x10/0x10
[  408.379473][ T7408]  ? drm_atomic_state_init+0x231/0x310
[  408.379493][ T7408]  drm_atomic_helper_set_config+0xe2/0x160
[  408.379519][ T7408]  drm_mode_setcrtc+0x9a4/0x1c50
[  408.379546][ T7408]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  408.379573][ T7408]  ? lockdep_hardirqs_on+0x9c/0x150
[  408.379603][ T7408]  ? __pfx_drm_mode_setcrtc+0x10/0x10
[  408.379629][ T7408]  ? rt_spin_unlock+0x65/0x80
[  408.379653][ T7408]  ? drm_is_current_master+0x1a2/0x210
[  408.379682][ T7408]  drm_ioctl_kernel+0x2d2/0x3a0
[  408.379710][ T7408]  ? __pfx_drm_mode_setcrtc+0x10/0x10
[  408.379725][ T7408]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  408.379756][ T7408]  drm_ioctl+0x685/0xb20
[  408.379780][ T7408]  ? smk_tskacc+0x2fc/0x370
[  408.379810][ T7408]  ? __pfx_drm_mode_setcrtc+0x10/0x10
[  408.379828][ T7408]  ? __pfx_drm_ioctl+0x10/0x10
[  408.379860][ T7408]  ? __fget_files+0x2a/0x420
[  408.379886][ T7408]  ? bpf_lsm_file_ioctl+0x9/0x20
[  408.379907][ T7408]  ? __pfx_drm_ioctl+0x10/0x10
[  408.379933][ T7408]  __se_sys_ioctl+0xff/0x170
[  408.379954][ T7408]  do_syscall_64+0xfa/0x3b0
[  408.379970][ T7408]  ? lockdep_hardirqs_on+0x9c/0x150
[  408.379996][ T7408]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.380013][ T7408]  ? clear_bhb_loop+0x60/0xb0
[  408.380032][ T7408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.380050][ T7408] RIP: 0033:0x7f68dcb1ec29
[  408.380066][ T7408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.380080][ T7408] RSP: 002b:00007f68da921038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  408.380098][ T7408] RAX: ffffffffffffffda RBX: 00007f68dcd66270 RCX: 00007f68dcb1ec29
[  408.380113][ T7408] RDX: 0000200000000740 RSI: 00000000c06864a2 RDI: 0000000000000005
[  408.380124][ T7408] RBP: 00007f68dcba1e41 R08: 0000000000000000 R09: 0000000000000000
[  408.380136][ T7408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  408.380146][ T7408] R13: 00007f68dcd66308 R14: 00007f68dcd66270 R15: 00007fffa95fd558
[  408.380166][ T7408]  </TASK>