last executing test programs:

2m49.895635513s ago: executing program 2 (id=3):
socket$inet6_udp(0xa, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000100)={'syz0\x00', {0x0, 0x2, 0x0, 0xb03}, 0x2b, [0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x6, 0x0, 0x0, 0x800, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4000000, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xffffe, 0x0, 0x0, 0x0, 0x3, 0x0, 0x401, 0x0, 0x0, 0x4, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x0, 0x0, 0xffffffff], [0x2, 0x2, 0x0, 0x0, 0x10000000, 0x800000, 0x0, 0x44a, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1409, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x180d, 0x0, 0x1, 0x0, 0x0, 0xf, 0x0, 0x0, 0x58000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x4, 0x0, 0x3, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffe04, 0x0, 0xb0d, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x80001, 0x0, 0x3, 0x7f, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0xef86, 0x0, 0x0, 0x0, 0x800]}, 0x45c)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0xfa59)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x1}}, 0x18)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_fscache}]}})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

2m46.321342015s ago: executing program 2 (id=13):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
connect$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x4e20, @loopback}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sendmsg$xdp(0xffffffffffffffff, 0x0, 0x0)
sendmsg$alg(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x9}, 0x0, 0x0, 0x0, 0x0)

2m42.40931928s ago: executing program 2 (id=19):
r0 = socket(0x23, 0x5, 0x0)
sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4040000}, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6a72c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6(0xa, 0x3, 0x87)
mount(0x0, 0x0, 0x0, 0x81000, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
r4 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2c, &(0x7f00000004c0)={0x4, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00', 0x20000}}, {{0xa, 0x4e23, 0x40000, @dev={0xfe, 0x80, '\x00', 0x3c}}}}, 0x108)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108)
accept4(r0, &(0x7f0000001140)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, &(0x7f00000011c0)=0x80, 0x40000)
syz_usb_connect(0x5, 0x3e, &(0x7f0000000000)={{0x12, 0x1, 0x141, 0xc8, 0x55, 0x3d, 0x20, 0x499, 0x500c, 0x3349, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2c, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xa9, 0x2, 0x1, 0x46, 0x66, 0x27, 0x0, [@uac_as={[@format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x6, 0x4}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x7, 0x1, 0x6, 0xf}]}], [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

2m37.769197462s ago: executing program 2 (id=24):
socket$inet6_udp(0xa, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x50)
r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000001240)={r1, r2, 0x26, 0x0, @val=@kprobe_multi=@addrs={0x0, 0x0, 0x0, 0x0, 0x3}}, 0x30)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000001080)={r3, r1, 0x4, r1}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_control(r5, &(0x7f0000000040)='connect aa:aa:aa:aa:aa:10 1', 0x1b)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2m33.699250617s ago: executing program 2 (id=28):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000000), &(0x7f0000000040)=0x4)
socket(0x1a, 0x4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_emit_ethernet(0x1a6, &(0x7f0000000440)=ANY=[@ANYBLOB="ffffffffffff0f494246a77d86dd6700000101703afffe880000000000000000000000000201ff02000000000000000000000000000186009078ff02030001000000f6ffffff030fc896000000011d1c5f2d8566aeb1f564fbdcac07c7f14b6f7055fada3ae42a390f6aba7e5db842d2f7473cd3b85c9b9c4e9bdf2c512ae27eb4068e9cbcac46a5fed7a322ec3d48ffc1d94351eccf0280419519e010e5a094e32f88000d839643fddc20e090bfe30066f06eec735dfbd5ce9b279bd7329b2dcf06031d9d33a20a3a4b43e6a628ef0db7d56ee0601b14e59e9eec209fae0fa5dd17ef4d7c38e8133caa7c3ed234b93b6d408f281d476d0aa34a41ede61b65200649da6ab7e127b9d36ebc3ec292818accc6a572cb52d8b1f51dbcb4f1e4d042b980a0d0fa2973aa5832369e0fbed743eabb8c8f614c3cc678c85ffa79dffd3551aa39db1aed5193767fc83ef49f20300c4db48cd018e98e3d1e0fc7c418e941cd3c7661d2b88560b970d6ba65ef40453565ac6c2d8e19530540cc07196171253cc2e86186b33fb5a55f2854217213f6fdf6b773b46b301637c6a593664dd7e91dbf96dd093b2bc61a1b6ed821"], 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r4=>r0, {0x9, 0x1c0}}, './file0\x00'})
ioctl$SG_BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000180)={'\x00', 0x8d6, 0xffff, 0x8, 0x3, 0x8, r1})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @lowpan={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa}]}, 0x40}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'dummy0\x00', <r9=>0x0})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r10=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x215}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r9}, @IFLA_HSR_SLAVE2={0x8, 0x2, r10}]}}}]}, 0x40}, 0x1, 0xba01, 0x0, 0x4000044}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10)
r11 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r12, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x64, r11, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @loopback}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}]}, 0x64}}, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0)

2m32.955139711s ago: executing program 2 (id=31):
r0 = syz_io_uring_setup(0x67ef, &(0x7f0000000180)={0x0, 0x0, 0x10100}, 0x0, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='1'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000f, 0x12, r1, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

2m17.440283532s ago: executing program 32 (id=31):
r0 = syz_io_uring_setup(0x67ef, &(0x7f0000000180)={0x0, 0x0, 0x10100}, 0x0, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='1'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000f, 0x12, r1, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

1m33.212093516s ago: executing program 3 (id=125):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000240)=0xffffffffffffffff)
sendto$inet(r0, &(0x7f00000004c0)='<', 0x1, 0x885, 0x0, 0x0)
accept4$inet(r0, &(0x7f0000000040)={0x2, 0x0, @private}, &(0x7f00000000c0)=0x10, 0x800)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_GET_HW_INFO(r2, 0x3b8a, &(0x7f0000000180)={0x28, 0x1000000, 0x0, 0x0, 0x0})
sendto$inet(r1, &(0x7f0000000100)="01a9450ef0", 0x5, 0x40, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x10, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=ANY=[@ANYBLOB="840000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00300000000000005400128009000100766c616e000000004400028006000100000000000600050081000000280003803900010006000000090000000c00010000040000000000008dff010040000000060000000600050088a8000008000a00", @ANYRES32, @ANYBLOB="080005"], 0x84}, 0x1, 0xba01}, 0x0)
sendmsg$inet(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000140)="9f", 0x1}], 0x1}, 0x1)
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0)
personality(0x500006)
mprotect(&(0x7f0000ffa000/0x5000)=nil, 0x5000, 0xb)

1m31.398541356s ago: executing program 3 (id=129):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$netlink(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000078000000030a01030000000000000000050000000900010073797a300000000008000540000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000140003007465616d5f736c6176655f300000000008"], 0xd4}}, 0x8818)
write$binfmt_misc(r1, 0x0, 0x0)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

1m29.398742978s ago: executing program 3 (id=130):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={r3, <r4=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1f, 0x1d, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}, @snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x94)

1m28.172768919s ago: executing program 3 (id=132):
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0)
syz_open_dev$sndpcmc(0x0, 0x0, 0xa340658bc40d4f52)
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ENDIAN(r4, 0x4008af13, 0x0)
getdents64(r0, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000456000/0x1000)=nil, 0x1000, 0x0, 0x0, 0xf0ffffff)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@allocspi={0xf8, 0x16, 0x1, 0x70bd2b, 0x25dfdbfe, {{{@in=@private=0xa010101, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4e23, 0x0, 0x4e24, 0x0, 0xa, 0x80, 0x20, 0x1d}, {@in6=@local, 0x4d9, 0x33}, @in=@dev={0xac, 0x14, 0x14, 0x10}, {0x8, 0x7b5, 0x0, 0x6, 0x9, 0xfffffffffffffffa, 0xffffffff, 0x3}, {0x2, 0x3, 0x1, 0xfffffffffffffffa}, {0x0, 0x10001, 0xfffffff9}, 0x70bd2a, 0x0, 0x0, 0x2, 0x6, 0x1}, 0x8, 0x74f}}, 0xf8}, 0x1, 0x0, 0x0, 0x10}, 0x400c8c0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000003680)=@filter={'filter\x00', 0x42, 0x4, 0x3c0, 0xffffffff, 0x210, 0x318, 0x318, 0xffffffff, 0xffffffff, 0x408, 0x408, 0x408, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @private, 0x0, 0x0, 'wg1\x00', 'nr0\x00'}, 0x74000002, 0xb8, 0x1e0, 0x1ba, {0x46010000, 0x2c000000000000}, [@common=@unspec=@limit={{0x48}, {0x0, 0xdf6, 0x0, 0x0, 0x0, 0x9}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:removable_device_t:s0\x00'}}}, {{@uncond, 0x287, 0x70, 0x98}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@TCPOPTSTRIP={0x40}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x420)
ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f)

1m23.230460416s ago: executing program 3 (id=140):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x14, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000001500000018010000716c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000004340)=""/102376, 0x18fe8)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r2, 0x4c80, 0xffffffffffffffb6)
ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a2, &(0x7f0000000000)='bridge0\x00')
r3 = socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x4})
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{0x0}], 0x1)
r5 = syz_io_uring_setup(0xec5, &(0x7f00000008c0)={0x0, 0x8b9e, 0x20, 0x2}, &(0x7f0000000240)=<r6=>0x0, &(0x7f0000000340))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r5, 0xedd, 0x8acb, 0x41, 0x0, 0x0)
io_uring_enter(r5, 0x47fa, 0x0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d0400000028", 0xf)
mknod$loop(&(0x7f0000000140)='./bus\x00', 0x100, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m18.574521748s ago: executing program 3 (id=144):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0xff05, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), 0xffffffffffffffff)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000180)=[@window={0x3, 0x9, 0x1}, @mss={0x2, 0xfffffffe}, @mss={0x2, 0x81}, @sack_perm, @window={0x3, 0x400, 0x30}, @timestamp, @mss={0x2, 0xfffffffc}, @mss], 0x8)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
r6 = syz_io_uring_setup(0x4460, &(0x7f0000000080)={0x0, 0x5f3f, 0x10100}, &(0x7f00000004c0)=<r7=>0x0, &(0x7f0000000300)=<r8=>0x0)
r9 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r9, 0x80, &(0x7f0000000140)=@in6={0xa, 0x4e21, 0x7, @remote, 0x10000}})
io_uring_enter(r6, 0x291c, 0x0, 0x0, 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000180)=0x84000000)
r10 = epoll_create1(0x80000)
ioctl$FIBMAP(r9, 0x1, &(0x7f0000000100)=0x1)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r5, &(0x7f00000001c0)={0x2001})
ioctl$PPPIOCSFLAGS1(r5, 0x40047459, &(0x7f0000000080)=0x6100204)
pwritev(r5, &(0x7f0000000040)=[{&(0x7f0000000240)='\x00!', 0x2}], 0x1, 0x73a, 0x1)
getsockopt$inet_tcp_buf(r4, 0x6, 0xb, 0x0, &(0x7f00000014c0))
sendmsg$TIPC_NL_LINK_SET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000000)={0x24, r3, 0x1, 0x0, 0x0, {0xa}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}]}, 0x24}}, 0x0)

1m2.561270587s ago: executing program 33 (id=144):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0xff05, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), 0xffffffffffffffff)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000180)=[@window={0x3, 0x9, 0x1}, @mss={0x2, 0xfffffffe}, @mss={0x2, 0x81}, @sack_perm, @window={0x3, 0x400, 0x30}, @timestamp, @mss={0x2, 0xfffffffc}, @mss], 0x8)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
r6 = syz_io_uring_setup(0x4460, &(0x7f0000000080)={0x0, 0x5f3f, 0x10100}, &(0x7f00000004c0)=<r7=>0x0, &(0x7f0000000300)=<r8=>0x0)
r9 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r9, 0x80, &(0x7f0000000140)=@in6={0xa, 0x4e21, 0x7, @remote, 0x10000}})
io_uring_enter(r6, 0x291c, 0x0, 0x0, 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000180)=0x84000000)
r10 = epoll_create1(0x80000)
ioctl$FIBMAP(r9, 0x1, &(0x7f0000000100)=0x1)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r5, &(0x7f00000001c0)={0x2001})
ioctl$PPPIOCSFLAGS1(r5, 0x40047459, &(0x7f0000000080)=0x6100204)
pwritev(r5, &(0x7f0000000040)=[{&(0x7f0000000240)='\x00!', 0x2}], 0x1, 0x73a, 0x1)
getsockopt$inet_tcp_buf(r4, 0x6, 0xb, 0x0, &(0x7f00000014c0))
sendmsg$TIPC_NL_LINK_SET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000000)={0x24, r3, 0x1, 0x0, 0x0, {0xa}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}]}, 0x24}}, 0x0)

1m0.256233397s ago: executing program 1 (id=170):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='illinois\x00', 0x9)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000700), 0x4)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)
r4 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r4, 0x0, 0x0)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000)
syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0x0, 0x2cf}, 0x0, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)

58.057798956s ago: executing program 1 (id=173):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000001000000000000000000000071123e000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0)
sendmsg$DEVLINK_CMD_TRAP_SET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0}, 0x10)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0)
sendfile(0xffffffffffffffff, r4, &(0x7f00000002c0)=0x800, 0x1)

56.155683559s ago: executing program 1 (id=175):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe2(0x0, 0x80800)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x300000000000000, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
close(0x3)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x0, 0x0})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x4058534c, &(0x7f0000000000)={0x80, 0x9, 0x5, 0xe09, 0x20000, 0x28e7})
read(r2, 0x0, 0x0)

53.689082653s ago: executing program 0 (id=179):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000480), r0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1}, 0x50)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x30}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x3801}, {0x2c}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x3c, r1, 0x207, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MLSCATLST={0x10, 0xc, 0x0, 0x1, [{0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x29a3}]}]}]}, 0x3c}, 0x1, 0x9000000, 0x0, 0x200040c0}, 0x880)

53.274575841s ago: executing program 0 (id=180):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=@newtaction={0x14, 0x1e, 0x109}, 0x14}}, 0x44090)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYRESDEC=r2, @ANYBLOB="4000000010003b1500000000ffdbdf2500000000", @ANYRES32=0x0, @ANYRES32=r2, @ANYRESOCT=r0, @ANYRES32=r1, @ANYBLOB="09d7aa2ff88f69250966877d0d059ad5d8e252408fd041c8a5466ec82e0937d822e88b1866b4f39b342ccae423ffff8011e4503d4af95adf9b5f6611bfc8f683d7f7d37ec4356148d998b4c2cc8a38d81cf937c0e0527b926fe42c410c8ae5508e8af8a18956438ddc09f5185ccfbb"], 0x40}, 0x1, 0x0, 0x0, 0x20000841}, 0x400c000)

53.079223956s ago: executing program 0 (id=181):
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000000000008000080"]) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = getpid() (async)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000200)=@setlink={0x90, 0x10, 0x401, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, 0x16122}, [@IFLA_LINKINFO={0x68, 0x12, 0x0, 0x1, @ipip6={{0x58}, {0x58, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x3b}}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x3}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0x2}, @IFLA_IPTUN_PROTO={0x5, 0x9, 0x4}, @IFLA_IPTUN_FWMARK={0x0, 0x14, 0x1}, @IFLA_IPTUN_ENCAP_TYPE={0x6}, @IFLA_IPTUN_FLAGS={0x8, 0x8, 0x10}, @IFLA_IPTUN_ENCAP_TYPE={0x6}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e20}]}}}, @IFLA_NET_NS_PID={0x8, 0x13, r0}]}, 0x90}, 0x1, 0x0, 0x0, 0x24004040}, 0x20000000) (async)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0b0000000700000002"], 0x50) (async)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10) (async)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000280)=ANY=[], 0xa8)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000040)}, 0x20)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="060000000401f2473d6204004800000000000000", @ANYRES32, @ANYBLOB="fcffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x400}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r6}, 0xc)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

52.477299336s ago: executing program 1 (id=182):
syz_usb_connect(0x4, 0x24, 0x0, 0x0)
r0 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000000), 0x0, 0x44004, &(0x7f0000000100)={0xa, 0x4e21, 0x4b, @loopback, 0xc5c}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_MSG_GETCHAIN(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000d30a01ffd622a8709e0a420001000002"], 0x14}, 0x1, 0x0, 0x0, 0x40004}, 0x40000)
sched_setscheduler(0x0, 0x5, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x119)
getpriority(0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

52.228763852s ago: executing program 4 (id=183):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$binfmt_aout(r0, 0x0, 0x6b1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10)
connect$inet(r1, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmmsg$inet(r1, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.numa_stat\x00', 0x275a, 0x0)

51.463440227s ago: executing program 1 (id=184):
r0 = socket(0x23, 0x5, 0x0)
sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4040000}, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6a72c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6(0xa, 0x3, 0x87)
mount(0x0, 0x0, 0x0, 0x81000, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
r4 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108)
accept4(r0, &(0x7f0000001140)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, &(0x7f00000011c0)=0x80, 0x40000)
syz_usb_connect(0x5, 0x3e, &(0x7f0000000000)={{0x12, 0x1, 0x141, 0xc8, 0x55, 0x3d, 0x20, 0x499, 0x500c, 0x3349, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2c, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xa9, 0x2, 0x1, 0x46, 0x66, 0x27, 0x0, [@uac_as={[@format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x6, 0x4}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x7, 0x1, 0x6, 0xf}]}], [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000001080), 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = syz_open_procfs(0x0, &(0x7f0000001300)='net/kcm\x00')
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000001100)=@arm64_ccsidr={0x6020000000110002, &(0x7f00000010c0)=0xff})
read$char_usb(r5, &(0x7f0000000040)=""/4109, 0x100d)
sendmsg$nl_xfrm(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="40010000100001000000000000000000fe80000000000000000000000000003c0000000000000000000000000000000040030000000300030000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="e00000010000000000000000000000000000000033000000000000000000000000000000000000000000000000000000000000000000000000000000000000000204000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000040000000000000000000000000004000000000000000000050000000000000000000000000001fd000000000000000008002300f8ffffff4800010073686132353600"/248], 0x140}}, 0x0)

51.417385866s ago: executing program 4 (id=185):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$netlink(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x8818)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

51.086415817s ago: executing program 0 (id=186):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_HASH_TYPE={0x8, 0x7, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0xbc}}, 0x4)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_NESTED_STATE(r3, 0x4080aebf, &(0x7f0000003680)={{0x3, 0x0, 0x80, {0x3000}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c2371371b77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc2456a72fabb16b47da71624d2e9081de748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc3016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e516"})

49.581039887s ago: executing program 4 (id=187):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
capset(&(0x7f0000000040)={0x20080522, r1}, &(0x7f0000000080)={0x6, 0x1, 0xfffffe2f, 0x2, 0xffffffff, 0x5})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = gettid()
tkill(r2, 0x7)
ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r2, 0x4, 0x4002)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xffffffff}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, 0x0, 0xffffffffffffff9c, 0x0, 0x244)

48.851406995s ago: executing program 4 (id=188):
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0)
syz_open_dev$sndpcmc(0x0, 0x0, 0xa340658bc40d4f52)
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ENDIAN(r4, 0x4008af13, 0x0)
getdents64(r0, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000456000/0x1000)=nil, 0x1000, 0x0, 0x0, 0xf0ffffff)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@allocspi={0xf8, 0x16, 0x1, 0x70bd2b, 0x25dfdbfe, {{{@in=@private=0xa010101, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4e23, 0x0, 0x4e24, 0x0, 0xa, 0x80, 0x20, 0x1d}, {@in6=@local, 0x4d9, 0x33}, @in=@dev={0xac, 0x14, 0x14, 0x10}, {0x8, 0x7b5, 0x0, 0x6, 0x9, 0xfffffffffffffffa, 0xffffffff, 0x3}, {0x2, 0x3, 0x1, 0xfffffffffffffffa}, {0x0, 0x10001, 0xfffffff9}, 0x70bd2a, 0x0, 0x0, 0x2, 0x6, 0x1}, 0x8, 0x74f}}, 0xf8}, 0x1, 0x0, 0x0, 0x10}, 0x400c8c0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000003680)=@filter={'filter\x00', 0x42, 0x4, 0x3c0, 0xffffffff, 0x210, 0x318, 0x318, 0xffffffff, 0xffffffff, 0x408, 0x408, 0x408, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @private, 0x0, 0x0, 'wg1\x00', 'nr0\x00'}, 0x74000002, 0xb8, 0x1e0, 0x1ba, {0x46010000, 0x2c000000000000}, [@common=@unspec=@limit={{0x48}, {0x0, 0xdf6, 0x0, 0x0, 0x0, 0x9}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:removable_device_t:s0\x00'}}}, {{@uncond, 0x287, 0x70, 0x98}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@TCPOPTSTRIP={0x40}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x420)
ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f)

48.773629591s ago: executing program 0 (id=189):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000ac0), r1)
sendmsg$NLBL_CALIPSO_C_REMOVE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="8ea97fdf419ea7bed3f6e5cf763957424050685ce14dd00d2d2b8247a65337036ccb52f6", @ANYRES16=r2, @ANYBLOB="010025bd7000ffdbdf25020000000800010003000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40005}, 0x8000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r3, &(0x7f00000002c0)={0x2, 0x4e21, @local}, 0x10)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, &(0x7f0000000000)={0x2, 'ipvlan0\x00', 0x4}, 0x18)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r4 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)
r5 = socket(0x11, 0x800000002, 0x0)
setreuid(0x0, 0xee00)
r6 = msgget$private(0x0, 0x790)
msgrcv(r6, 0x0, 0x0, 0x0, 0x1000)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000040)={<r7=>0x0, 0x0, <r8=>0x0}, &(0x7f00000001c0)=0xc)
msgctl$IPC_SET(r6, 0x1, &(0x7f0000000400)={{0x3, 0x0, r8, 0x0, 0x0, 0x10c, 0xf8aa}, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, 0x6, 0xdc8d, 0x4, 0x1, 0xffffffffffffffff, r7})

45.330089554s ago: executing program 1 (id=190):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe2(0x0, 0x80800)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x300000000000000, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
close(0x3)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x0, 0x0})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x4058534c, &(0x7f0000000000)={0x80, 0x9, 0x5, 0xe09, 0x20000, 0x28e7})
read(r2, 0x0, 0x0)

44.607695324s ago: executing program 4 (id=191):
socket$inet6_udp(0xa, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000100)={'syz0\x00', {0x0, 0x2, 0x0, 0xb03}, 0x2b, [0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x6, 0x0, 0x0, 0x800, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4000000, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xffffe, 0x0, 0x0, 0x0, 0x3, 0x0, 0x401, 0x0, 0x0, 0x4, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x0, 0x0, 0xffffffff], [0x2, 0x2, 0x0, 0x0, 0x10000000, 0x800000, 0x0, 0x44a, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1409, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x180d, 0x0, 0x1, 0x0, 0x0, 0xf, 0x0, 0x0, 0x58000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x4, 0x0, 0x3, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffe04, 0x0, 0xb0d, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x80001, 0x0, 0x3, 0x7f, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0xef86, 0x0, 0x0, 0x0, 0x800]}, 0x45c)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0xfa59)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x1}}, 0x18)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

38.863291277s ago: executing program 0 (id=192):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x14, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000001500000018010000716c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000004340)=""/102376, 0x18fe8)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r2, 0x4c80, 0xffffffffffffffb6)
ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a2, &(0x7f0000000000)='bridge0\x00')
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x4})
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)

34.460497354s ago: executing program 4 (id=193):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000001000000000000000000000071123e000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0)
sendmsg$DEVLINK_CMD_TRAP_SET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0}, 0x10)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0)
sendfile(0xffffffffffffffff, r4, &(0x7f00000002c0)=0x800, 0x1)

29.783943175s ago: executing program 34 (id=190):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe2(0x0, 0x80800)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x300000000000000, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
close(0x3)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x0, 0x0})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x4058534c, &(0x7f0000000000)={0x80, 0x9, 0x5, 0xe09, 0x20000, 0x28e7})
read(r2, 0x0, 0x0)

17.02481847s ago: executing program 35 (id=192):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x14, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000001500000018010000716c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000004340)=""/102376, 0x18fe8)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r2, 0x4c80, 0xffffffffffffffb6)
ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a2, &(0x7f0000000000)='bridge0\x00')
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x4})
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)

0s ago: executing program 36 (id=193):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000001000000000000000000000071123e000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0)
sendmsg$DEVLINK_CMD_TRAP_SET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0}, 0x10)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0)
sendfile(0xffffffffffffffff, r4, &(0x7f00000002c0)=0x800, 0x1)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.12' (ED25519) to the list of known hosts.
[   86.805430][ T5823] cgroup: Unknown subsys name 'net'
[   87.069381][    T9] cfg80211: failed to load regulatory.db
[   87.078803][ T5823] cgroup: Unknown subsys name 'cpuset'
[   87.178631][ T5823] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   89.189160][ T5823] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   92.128839][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   92.131788][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   92.132453][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   92.136503][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   92.136966][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   92.137753][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   92.171252][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   92.180698][ T5850] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   92.186386][ T5850] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   92.195924][ T5851] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   92.203313][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   92.218594][ T5850] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   92.221212][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   92.224336][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   92.225214][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   92.225932][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   92.228635][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   92.229551][ T5852] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   92.231036][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   92.234258][ T5840] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   92.235734][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   92.252770][ T5153] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   92.277224][   T59] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   92.281339][   T59] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   92.357340][ T5850] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   93.367908][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   93.395487][ T5835] chnl_net:caif_netlink_parms(): no params data found
[   93.483760][ T5834] chnl_net:caif_netlink_parms(): no params data found
[   93.499936][ T5839] chnl_net:caif_netlink_parms(): no params data found
[   93.725455][ T5841] chnl_net:caif_netlink_parms(): no params data found
[   94.259587][ T5843] Bluetooth: hci1: command tx timeout
[   94.348140][ T5843] Bluetooth: hci3: command tx timeout
[   94.348333][ T5843] Bluetooth: hci0: command tx timeout
[   94.348421][ T5843] Bluetooth: hci2: command tx timeout
[   94.418845][ T5850] Bluetooth: hci4: command tx timeout
[   94.441224][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.442418][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.443039][ T5833] bridge_slave_0: entered allmulticast mode
[   94.446501][ T5833] bridge_slave_0: entered promiscuous mode
[   94.595420][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.595522][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.595845][ T5835] bridge_slave_0: entered allmulticast mode
[   94.597621][ T5835] bridge_slave_0: entered promiscuous mode
[   94.602638][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.602777][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.603019][ T5833] bridge_slave_1: entered allmulticast mode
[   94.605829][ T5833] bridge_slave_1: entered promiscuous mode
[   94.798812][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.798987][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.799580][ T5835] bridge_slave_1: entered allmulticast mode
[   94.802958][ T5835] bridge_slave_1: entered promiscuous mode
[   94.870032][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.870224][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.870423][ T5834] bridge_slave_0: entered allmulticast mode
[   94.873698][ T5834] bridge_slave_0: entered promiscuous mode
[   94.876766][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.876926][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.877123][ T5839] bridge_slave_0: entered allmulticast mode
[   94.885643][ T5839] bridge_slave_0: entered promiscuous mode
[   95.168233][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.168427][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.168670][ T5834] bridge_slave_1: entered allmulticast mode
[   95.171853][ T5834] bridge_slave_1: entered promiscuous mode
[   95.173351][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.173478][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.173593][ T5839] bridge_slave_1: entered allmulticast mode
[   95.175275][ T5839] bridge_slave_1: entered promiscuous mode
[   95.327868][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.479920][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.480085][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.480379][ T5841] bridge_slave_0: entered allmulticast mode
[   95.483738][ T5841] bridge_slave_0: entered promiscuous mode
[   95.500691][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.504547][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.801118][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.801279][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.801495][ T5841] bridge_slave_1: entered allmulticast mode
[   95.804811][ T5841] bridge_slave_1: entered promiscuous mode
[   95.811208][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.920466][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.924917][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   96.134728][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.143962][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.271430][ T5833] team0: Port device team_slave_0 added
[   96.338130][ T5850] Bluetooth: hci1: command tx timeout
[   96.418115][ T5850] Bluetooth: hci2: command tx timeout
[   96.418156][ T5850] Bluetooth: hci0: command tx timeout
[   96.418200][ T5850] Bluetooth: hci3: command tx timeout
[   96.422285][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   96.424521][ T5835] team0: Port device team_slave_0 added
[   96.426969][ T5833] team0: Port device team_slave_1 added
[   96.498265][ T5850] Bluetooth: hci4: command tx timeout
[   96.600047][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.602197][ T5835] team0: Port device team_slave_1 added
[   96.712559][ T5834] team0: Port device team_slave_0 added
[   97.090682][ T5839] team0: Port device team_slave_0 added
[   97.303415][ T5834] team0: Port device team_slave_1 added
[   97.310421][ T5839] team0: Port device team_slave_1 added
[   97.444799][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.444812][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.444828][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.642458][ T5841] team0: Port device team_slave_0 added
[   97.643861][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.643876][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.643904][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.645582][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.645597][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.645623][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   97.890064][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.890084][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.890113][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   97.909296][ T5841] team0: Port device team_slave_1 added
[   97.981008][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.981027][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.981056][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.984135][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.984150][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.984177][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.119522][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.119534][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.119550][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.120626][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.120637][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.120652][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.318573][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.318600][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.318628][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.418425][ T5850] Bluetooth: hci1: command tx timeout
[   98.480584][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.480603][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.480632][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.497023][ T5833] hsr_slave_0: entered promiscuous mode
[   98.500295][ T5833] hsr_slave_1: entered promiscuous mode
[   98.508106][ T5850] Bluetooth: hci3: command tx timeout
[   98.508144][ T5850] Bluetooth: hci0: command tx timeout
[   98.508169][ T5850] Bluetooth: hci2: command tx timeout
[   98.578352][ T5843] Bluetooth: hci4: command tx timeout
[   98.813076][ T5835] hsr_slave_0: entered promiscuous mode
[   98.814116][ T5835] hsr_slave_1: entered promiscuous mode
[   98.814856][ T5835] debugfs: 'hsr0' already exists in 'hsr'
[   98.814930][ T5835] Cannot create hsr debugfs directory
[   99.028472][ T5834] hsr_slave_0: entered promiscuous mode
[   99.030020][ T5834] hsr_slave_1: entered promiscuous mode
[   99.031081][ T5834] debugfs: 'hsr0' already exists in 'hsr'
[   99.031116][ T5834] Cannot create hsr debugfs directory
[   99.170335][ T5839] hsr_slave_0: entered promiscuous mode
[   99.172409][ T5839] hsr_slave_1: entered promiscuous mode
[   99.173507][ T5839] debugfs: 'hsr0' already exists in 'hsr'
[   99.173533][ T5839] Cannot create hsr debugfs directory
[   99.508330][ T5841] hsr_slave_0: entered promiscuous mode
[   99.509998][ T5841] hsr_slave_1: entered promiscuous mode
[   99.511004][ T5841] debugfs: 'hsr0' already exists in 'hsr'
[   99.511030][ T5841] Cannot create hsr debugfs directory
[  100.498354][ T5843] Bluetooth: hci1: command tx timeout
[  100.578327][ T5837] Bluetooth: hci2: command tx timeout
[  100.578367][ T5837] Bluetooth: hci3: command tx timeout
[  100.578428][ T5843] Bluetooth: hci0: command tx timeout
[  100.660625][ T5843] Bluetooth: hci4: command tx timeout
[  101.245328][ T5833] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  101.299800][ T5833] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  101.327361][ T5833] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  101.375545][ T5833] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  101.527721][ T5835] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  101.574384][ T5835] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  101.617582][ T5835] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  101.685044][ T5835] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  101.845882][ T5834] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  101.901489][ T5834] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  101.942854][ T5834] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.008844][ T5834] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  102.238541][ T5839] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  102.284345][ T5839] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  102.327725][ T5839] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  102.393949][ T5839] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  102.592730][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.602113][ T5841] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  102.647857][ T5841] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  102.691550][ T5841] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  102.715858][ T5841] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  102.834875][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[  102.881062][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.905446][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.906903][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.965963][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.966087][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.061083][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[  103.110892][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.125576][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.125748][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.182245][ T3504] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.182428][ T3504] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.294526][ T5834] 8021q: adding VLAN 0 to HW filter on device team0
[  103.354386][  T184] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.354705][  T184] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.362147][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.433768][  T184] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.435294][  T184] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.593706][ T5839] 8021q: adding VLAN 0 to HW filter on device team0
[  103.615238][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.684478][ T3557] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.684749][ T3557] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.763107][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.763478][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.851565][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[  103.934292][  T184] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.934469][  T184] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.996007][  T184] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.996177][  T184] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.220810][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[  104.433352][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[  104.730803][ T5833] veth0_vlan: entered promiscuous mode
[  104.755152][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0
[  104.805064][ T5833] veth1_vlan: entered promiscuous mode
[  105.033376][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.174088][ T5833] veth0_macvtap: entered promiscuous mode
[  105.208329][ T5834] veth0_vlan: entered promiscuous mode
[  105.226439][ T5833] veth1_macvtap: entered promiscuous mode
[  105.288658][ T5834] veth1_vlan: entered promiscuous mode
[  105.352978][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.357594][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.404550][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[  105.467371][ T3504] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  105.497504][ T3504] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  105.513171][ T5839] veth0_vlan: entered promiscuous mode
[  105.526289][ T3504] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  105.542113][ T3504] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.628567][ T5834] veth0_macvtap: entered promiscuous mode
[  105.653786][ T5839] veth1_vlan: entered promiscuous mode
[  105.718867][ T5834] veth1_macvtap: entered promiscuous mode
[  105.724899][ T5835] veth0_vlan: entered promiscuous mode
[  105.908353][ T5835] veth1_vlan: entered promiscuous mode
[  105.936887][ T5841] veth0_vlan: entered promiscuous mode
[  105.961538][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.966235][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.966257][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.055172][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.087142][ T5841] veth1_vlan: entered promiscuous mode
[  106.147482][ T5839] veth0_macvtap: entered promiscuous mode
[  106.161754][   T68] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.166352][  T184] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.166374][  T184] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.187832][   T68] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.207248][   T68] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.224567][ T5839] veth1_macvtap: entered promiscuous mode
[  106.226417][   T68] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.421295][ T5835] veth0_macvtap: entered promiscuous mode
[  106.512228][ T5835] veth1_macvtap: entered promiscuous mode
[  106.611361][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0
[  106.666035][ T5841] veth0_macvtap: entered promiscuous mode
[  106.672020][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.028303][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  107.148030][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  107.328108][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  107.354196][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  107.354477][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  107.468343][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  107.625269][ T5841] veth1_macvtap: entered promiscuous mode
[  107.650992][   T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.651017][   T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.654738][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.720588][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.722143][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.797349][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.844627][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.939995][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.094122][ T3557] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.094146][ T3557] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.209069][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.235008][ T3557] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.285029][ T3557] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.310537][ T3557] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.441688][  T184] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.462370][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.638158][   T57] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.731426][   T57] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.771364][   T57] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.793117][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.208048][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  109.248036][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  109.268044][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  109.508099][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  109.533420][   T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.533478][   T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.077110][  T184] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.077133][  T184] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.098908][ T1406] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.098931][ T1406] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.242417][ T3992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.242440][ T3992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.439171][ T3992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.439193][ T3992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.603653][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.603675][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.860649][ T5982] binder: 5980:5982 ioctl c0306201 0 returned -14
[  112.080116][ T5984] binder: 5980:5984 ioctl c0306201 0 returned -14
[  118.843663][ T6025] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  121.998335][ T5925] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  122.195928][ T5925] usb 3-1: Using ep0 maxpacket: 32
[  122.459384][ T5925] usb 3-1: config 0 has an invalid interface number: 169 but max is 0
[  122.459437][ T5925] usb 3-1: config 0 has no interface number 0
[  122.461624][ T5925] usb 3-1: config 0 interface 169 has no altsetting 0
[  122.501195][ T5925] usb 3-1: New USB device found, idVendor=0499, idProduct=500c, bcdDevice=33.49
[  122.501224][ T5925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.501244][ T5925] usb 3-1: Product: syz
[  122.501259][ T5925] usb 3-1: Manufacturer: syz
[  122.501272][ T5925] usb 3-1: SerialNumber: syz
[  122.596783][ T6047] mmap: syz.0.22 (6047) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  122.685276][ T6051] ubi31: attaching mtd0
[  122.742793][ T6051] ubi31: scanning is finished
[  122.742927][ T6051] ubi31: empty MTD device detected
[  123.643821][ T5925] usb 3-1: config 0 descriptor??
[  123.652273][ T5925] usb 3-1: can't set config #0, error -71
[  123.940079][ T5925] usb 3-1: USB disconnect, device number 2
[  123.982340][ T6051] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  128.348178][ T6078] dummy0: entered promiscuous mode
[  128.350429][ T6078] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  128.352605][ T6078] hsr1: entered allmulticast mode
[  128.352619][ T6078] dummy0: entered allmulticast mode
[  128.352638][ T6078] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  128.738457][ T5846] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  129.101155][ T5846] usb 1-1: Using ep0 maxpacket: 8
[  129.283849][ T5846] usb 1-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  129.284003][ T5846] usb 1-1: config 0 interface 0 has no altsetting 0
[  129.284377][ T5846] usb 1-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00
[  129.284402][ T5846] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.510608][ T5846] usb 1-1: config 0 descriptor??
[  130.579968][ T5846] hid-u2fzero 0003:20A0:4287.0001: hidraw0: USB HID v0.03 Device [HID 20a0:4287] on usb-dummy_hcd.0-1/input0
[  130.587876][ T5846] hid-u2fzero 0003:20A0:4287.0001: NitroKey U2F LED initialised
[  130.613602][ T5846] hid-u2fzero 0003:20A0:4287.0001: NitroKey U2F RNG initialised
[  132.952438][ T5911] usb 1-1: USB disconnect, device number 2
[  133.519950][ T6120] Bluetooth: MGMT ver 1.23
[  133.555271][ T6120] sp0: Synchronizing with TNC
[  133.566062][ T6112] fido_id[6112]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  133.731938][ T6124] FAULT_INJECTION: forcing a failure.
[  133.731938][ T6124] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  133.731978][ T6124] CPU: 0 UID: 0 PID: 6124 Comm: syz.0.40 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  133.732004][ T6124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  133.732016][ T6124] Call Trace:
[  133.732024][ T6124]  <TASK>
[  133.732034][ T6124]  dump_stack_lvl+0x189/0x250
[  133.732070][ T6124]  ? __pfx____ratelimit+0x10/0x10
[  133.732105][ T6124]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.732137][ T6124]  ? __pfx__printk+0x10/0x10
[  133.732164][ T6124]  ? fs_reclaim_acquire+0x7d/0x100
[  133.732194][ T6124]  should_fail_ex+0x46c/0x600
[  133.732233][ T6124]  prepare_alloc_pages+0x213/0x670
[  133.732264][ T6124]  __alloc_frozen_pages_noprof+0x123/0x370
[  133.732292][ T6124]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  133.732326][ T6124]  ? policy_nodemask+0x27c/0x720
[  133.732353][ T6124]  ? rt_mutex_slowunlock+0x493/0x8a0
[  133.732386][ T6124]  alloc_pages_mpol+0xd1/0x380
[  133.732426][ T6124]  alloc_pages_noprof+0xcf/0x1e0
[  133.732460][ T6124]  pte_alloc_one+0x21/0x190
[  133.732493][ T6124]  __pte_alloc+0x25/0x1a0
[  133.732522][ T6124]  handle_mm_fault+0x297d/0x3400
[  133.732562][ T6124]  ? mt_find+0x15c/0x5f0
[  133.732594][ T6124]  ? __pfx_mt_find+0x10/0x10
[  133.732630][ T6124]  ? handle_mm_fault+0xdb/0x3400
[  133.732669][ T6124]  ? __pfx_handle_mm_fault+0x10/0x10
[  133.732714][ T6124]  ? do_raw_spin_lock+0x121/0x290
[  133.732744][ T6124]  ? lock_mm_and_find_vma+0x9c/0x300
[  133.732768][ T6124]  do_user_addr_fault+0x764/0x1390
[  133.732809][ T6124]  exc_page_fault+0x76/0xf0
[  133.732840][ T6124]  asm_exc_page_fault+0x26/0x30
[  133.732859][ T6124] RIP: 0010:rep_movs_alternative+0x33/0x90
[  133.732885][ T6124] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 3d d5 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
[  133.732902][ T6124] RSP: 0018:ffffc90005bbfde8 EFLAGS: 00050212
[  133.732923][ T6124] RAX: ffffffffffffffff RBX: 0000000000000010 RCX: 0000000000000010
[  133.732937][ T6124] RDX: 0000000000000000 RSI: ffffc90005bbfe60 RDI: 0000200000000380
[  133.732951][ T6124] RBP: ffffc90005bbfee0 R08: ffffc90005bbfe6f R09: 1ffff92000b77fcd
[  133.732965][ T6124] R10: dffffc0000000000 R11: fffff52000b77fce R12: 0000200000000390
[  133.732980][ T6124] R13: 00007ffffffff000 R14: ffffc90005bbfe60 R15: 0000200000000380
[  133.733017][ T6124]  _copy_to_user+0x8a/0xb0
[  133.733047][ T6124]  __x64_sys_getrlimit+0x190/0x1f0
[  133.733085][ T6124]  ? __pfx___x64_sys_getrlimit+0x10/0x10
[  133.733117][ T6124]  ? rcu_is_watching+0x15/0xb0
[  133.733157][ T6124]  ? do_syscall_64+0xbe/0x3b0
[  133.733181][ T6124]  do_syscall_64+0xfa/0x3b0
[  133.733199][ T6124]  ? lockdep_hardirqs_on+0x9c/0x150
[  133.733229][ T6124]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.733251][ T6124]  ? clear_bhb_loop+0x60/0xb0
[  133.733278][ T6124]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.733298][ T6124] RIP: 0033:0x7fb2e1ffebe9
[  133.733316][ T6124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.733332][ T6124] RSP: 002b:00007fb2e025e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000061
[  133.733353][ T6124] RAX: ffffffffffffffda RBX: 00007fb2e2235fa0 RCX: 00007fb2e1ffebe9
[  133.733367][ T6124] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 000000000000000a
[  133.733380][ T6124] RBP: 00007fb2e025e090 R08: 0000000000000000 R09: 0000000000000000
[  133.733394][ T6124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  133.733406][ T6124] R13: 00007fb2e2236038 R14: 00007fb2e2235fa0 R15: 00007fff1a6ec268
[  133.733441][ T6124]  </TASK>
[  134.062210][ T6119] [U] è
[  135.578612][ T6141] netlink: 12 bytes leftover after parsing attributes in process `syz.3.45'.
[  138.269693][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  138.269804][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  142.128131][ T6002] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  142.288258][ T6002] usb 4-1: Using ep0 maxpacket: 32
[  142.292135][ T6002] usb 4-1: config 0 has an invalid interface number: 169 but max is 0
[  142.292213][ T6002] usb 4-1: config 0 has no interface number 0
[  142.292270][ T6002] usb 4-1: config 0 interface 169 has no altsetting 0
[  142.326554][ T6002] usb 4-1: New USB device found, idVendor=0499, idProduct=500c, bcdDevice=33.49
[  142.326586][ T6002] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.326606][ T6002] usb 4-1: Product: syz
[  142.326620][ T6002] usb 4-1: Manufacturer: syz
[  142.326635][ T6002] usb 4-1: SerialNumber: syz
[  142.358131][ T6048] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  142.638045][ T6048] usb 5-1: Using ep0 maxpacket: 32
[  142.642266][ T6048] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  142.645539][ T6048] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=a6.13
[  142.645568][ T6048] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.645588][ T6048] usb 5-1: Product: syz
[  142.645604][ T6048] usb 5-1: Manufacturer: syz
[  142.645625][ T6048] usb 5-1: SerialNumber: syz
[  142.761574][ T6048] usb 5-1: config 0 descriptor??
[  142.764373][ T6002] usb 4-1: config 0 descriptor??
[  142.803588][ T6048] pvrusb2: Hardware description: Terratec Grabster AV400
[  142.803608][ T6048] pvrusb2: **********
[  142.803614][ T6048] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  142.803627][ T6048] pvrusb2: Important functionality might not be entirely working.
[  142.803636][ T6048] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  142.803648][ T6048] pvrusb2: **********
[  142.969184][ T6002] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  143.386646][ T2364] pvrusb2: Invalid write control endpoint
[  143.794891][ T6002] usb 4-1: USB disconnect, device number 2
[  144.156039][ T2364] pvrusb2: Invalid write control endpoint
[  144.156057][ T2364] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  144.156067][ T2364] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  144.156075][ T2364] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  144.156084][ T2364] pvrusb2: Device being rendered inoperable
[  144.242759][ T2364] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  144.242830][ T2364] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  144.365412][ T5911] usb 5-1: USB disconnect, device number 2
[  144.385147][ T2364] pvrusb2: Attached sub-driver cx25840
[  144.385166][ T2364] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  144.385177][ T2364] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  144.424037][ T6185] netlink: 8 bytes leftover after parsing attributes in process `syz.0.57'.
[  144.506235][ T6053] udevd[6053]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.169/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  150.740585][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  150.743929][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  150.746489][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  150.780999][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  150.782018][ T5850] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  152.825196][ T5850] Bluetooth: hci3: command tx timeout
[  153.483155][ T6224] netlink: 8 bytes leftover after parsing attributes in process `syz.0.68'.
[  155.088210][ T5850] Bluetooth: hci3: command tx timeout
[  157.195711][ T5850] Bluetooth: hci3: command tx timeout
[  159.413553][ T5850] Bluetooth: hci3: command tx timeout
[  162.556342][   T57] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.574879][   T37] audit: type=1326 audit(1757130135.757:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6272 comm="syz.0.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e1ffebe9 code=0x7ffc0000
[  162.574939][   T37] audit: type=1326 audit(1757130135.767:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6272 comm="syz.0.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e1ffebe9 code=0x7ffc0000
[  162.574987][   T37] audit: type=1326 audit(1757130135.767:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6272 comm="syz.0.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb2e1ffebe9 code=0x7ffc0000
[  162.575034][   T37] audit: type=1326 audit(1757130135.767:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6272 comm="syz.0.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e1ffebe9 code=0x7ffc0000
[  162.575080][   T37] audit: type=1326 audit(1757130135.767:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6272 comm="syz.0.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e1ffebe9 code=0x7ffc0000
[  162.575539][   T37] audit: type=1326 audit(1757130135.767:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6272 comm="syz.0.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7fb2e1ffebe9 code=0x7ffc0000
[  162.576005][   T37] audit: type=1326 audit(1757130135.767:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6272 comm="syz.0.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e1ffebe9 code=0x7ffc0000
[  162.576394][   T37] audit: type=1326 audit(1757130135.767:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6272 comm="syz.0.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb2e1ffebe9 code=0x7ffc0000
[  162.577040][   T37] audit: type=1326 audit(1757130135.767:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6272 comm="syz.0.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e1ffebe9 code=0x7ffc0000
[  162.581814][   T37] audit: type=1326 audit(1757130135.777:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6272 comm="syz.0.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb2e1ffebe9 code=0x7ffc0000
[  162.785859][ T6278] netlink: 8 bytes leftover after parsing attributes in process `syz.1.81'.
[  163.070348][ T6266] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  163.073906][ T6268] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  163.464416][   T57] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.722190][   T57] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.031756][   T57] netdevsim netdevsim2 netdevsim0 (unregistering): left promiscuous mode
[  170.034800][   T57] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.278168][ T6002] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  170.918137][ T6002] usb 1-1: Using ep0 maxpacket: 16
[  170.921059][ T6002] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  170.921092][ T6002] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  170.924345][ T6002] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  170.924373][ T6002] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.924393][ T6002] usb 1-1: Product: syz
[  170.924407][ T6002] usb 1-1: Manufacturer: syz
[  170.924422][ T6002] usb 1-1: SerialNumber: syz
[  170.931221][ T6002] usb 1-1: config 0 descriptor??
[  170.984452][ T6002] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  170.984488][ T6002] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[  171.365088][ T6320] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  171.367457][ T6320] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  171.428305][ T6332] netlink: 8 bytes leftover after parsing attributes in process `syz.1.95'.
[  171.486005][ T6208] chnl_net:caif_netlink_parms(): no params data found
[  171.602464][ T6002] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  171.604170][ T6002] em28xx 1-1:0.0: Config register raw data: 0x56
[  171.813469][ T6320] 9pnet_fd: Insufficient options for proto=fd
[  172.729307][ T6002] em28xx 1-1:0.0: AC97 chip type couldn't be determined
[  172.729365][ T6002] em28xx 1-1:0.0: No AC97 audio processor
[  172.848951][   T57] bridge_slave_1: left allmulticast mode
[  172.849432][   T57] bridge_slave_1: left promiscuous mode
[  172.852107][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.873985][ T6002] usb 1-1: USB disconnect, device number 3
[  172.880693][ T6002] em28xx 1-1:0.0: Disconnecting em28xx
[  172.886466][ T6002] em28xx 1-1:0.0: Freeing device
[  173.283572][   T57] bridge_slave_0: left allmulticast mode
[  173.283611][   T57] bridge_slave_0: left promiscuous mode
[  173.283906][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.162100][ T6383] ubi31: attaching mtd0
[  177.190151][ T6383] ubi31: scanning is finished
[  178.285903][ T6383] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  182.367177][ T6413] ubi31: attaching mtd0
[  182.371104][ T6413] ubi31: scanning is finished
[  183.807603][ T6413] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  183.807634][ T6413] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  183.807653][ T6413] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  183.807671][ T6413] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  183.807690][ T6413] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  183.807707][ T6413] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  183.807725][ T6413] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3500019682
[  183.807747][ T6413] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  183.887330][ T6421] ubi31: background thread "ubi_bgt31d" started, PID 6421
[  185.009231][   T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  185.102048][   T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  185.147494][   T57] bond0 (unregistering): Released all slaves
[  187.209108][ T6208] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.209312][ T6208] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.209561][ T6208] bridge_slave_0: entered allmulticast mode
[  187.240099][ T6208] bridge_slave_0: entered promiscuous mode
[  187.266966][ T6208] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.277847][ T6208] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.287160][ T6208] bridge_slave_1: entered allmulticast mode
[  187.395644][ T6208] bridge_slave_1: entered promiscuous mode
[  188.328046][ T6441] binder: 6440:6441 ioctl c0306201 0 returned -14
[  188.601463][ T6445] netlink: 36 bytes leftover after parsing attributes in process `syz.3.125'.
[  194.463520][ T6208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  194.514939][ T6208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  194.812802][ T6478] netlink: 12 bytes leftover after parsing attributes in process `syz.0.133'.
[  195.138855][ T6208] team0: Port device team_slave_0 added
[  195.398636][   T57] dummy0: left promiscuous mode
[  196.076447][   T57] hsr_slave_0: left promiscuous mode
[  196.208327][   T57] hsr_slave_1: left promiscuous mode
[  196.209405][   T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  196.209631][   T57] batman_adv: batadv0: Removing interface: batadv_slave_0
[  196.443944][   T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  196.443979][   T57] batman_adv: batadv0: Removing interface: batadv_slave_1
[  198.072472][   T57] veth1_macvtap: left promiscuous mode
[  198.072765][   T57] veth0_macvtap: left promiscuous mode
[  198.074039][   T57] veth1_vlan: left promiscuous mode
[  198.074455][   T57] veth0_vlan: left promiscuous mode
[  200.592349][ T6506] syz.0.139 (6506) used greatest stack depth: 18456 bytes left
[  200.604423][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  200.604514][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  203.090942][ T6521] netlink: 40 bytes leftover after parsing attributes in process `syz.0.143'.
[  205.781052][ T6048] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  206.018202][ T6048] usb 5-1: Using ep0 maxpacket: 32
[  206.020480][ T6048] usb 5-1: config 0 has an invalid interface number: 169 but max is 0
[  206.020507][ T6048] usb 5-1: config 0 has no interface number 0
[  206.020558][ T6048] usb 5-1: config 0 interface 169 has no altsetting 0
[  206.023334][ T6048] usb 5-1: New USB device found, idVendor=0499, idProduct=500c, bcdDevice=33.49
[  206.023363][ T6048] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.023384][ T6048] usb 5-1: Product: syz
[  206.023399][ T6048] usb 5-1: Manufacturer: syz
[  206.023414][ T6048] usb 5-1: SerialNumber: syz
[  206.103703][ T6048] usb 5-1: config 0 descriptor??
[  206.127076][ T6048] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  207.081247][ T5843] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  207.103666][ T5843] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  207.105896][ T5843] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  207.116332][ T5843] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  207.120431][ T5843] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  207.626016][ T1084] usb 5-1: USB disconnect, device number 3
[  209.268473][ T5850] Bluetooth: hci5: command tx timeout
[  209.797330][ T6560] FAULT_INJECTION: forcing a failure.
[  209.797330][ T6560] name failslab, interval 1, probability 0, space 0, times 0
[  209.797367][ T6560] CPU: 1 UID: 0 PID: 6560 Comm: syz.4.152 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  209.797390][ T6560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  209.797401][ T6560] Call Trace:
[  209.797410][ T6560]  <TASK>
[  209.797419][ T6560]  dump_stack_lvl+0x189/0x250
[  209.797454][ T6560]  ? __pfx____ratelimit+0x10/0x10
[  209.797486][ T6560]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.797516][ T6560]  ? __pfx__printk+0x10/0x10
[  209.797546][ T6560]  ? __pfx___might_resched+0x10/0x10
[  209.797567][ T6560]  ? fs_reclaim_acquire+0x7d/0x100
[  209.797592][ T6560]  should_fail_ex+0x46c/0x600
[  209.797626][ T6560]  ? __alloc_skb+0x112/0x2d0
[  209.797654][ T6560]  should_failslab+0xa8/0x100
[  209.797684][ T6560]  ? __alloc_skb+0x112/0x2d0
[  209.797711][ T6560]  kmem_cache_alloc_node_noprof+0x77/0x330
[  209.797748][ T6560]  __alloc_skb+0x112/0x2d0
[  209.797792][ T6560]  netlink_sendmsg+0x5c6/0xb30
[  209.797834][ T6560]  ? __pfx_netlink_sendmsg+0x10/0x10
[  209.797875][ T6560]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  209.797901][ T6560]  ? __pfx_netlink_sendmsg+0x10/0x10
[  209.797930][ T6560]  __sock_sendmsg+0x219/0x270
[  209.797959][ T6560]  ____sys_sendmsg+0x508/0x820
[  209.797987][ T6560]  ? __pfx_____sys_sendmsg+0x10/0x10
[  209.798019][ T6560]  ? import_iovec+0x74/0xa0
[  209.798049][ T6560]  ___sys_sendmsg+0x21f/0x2a0
[  209.798073][ T6560]  ? __pfx____sys_sendmsg+0x10/0x10
[  209.798133][ T6560]  ? __fget_files+0x2a/0x420
[  209.798162][ T6560]  ? __fget_files+0x3a6/0x420
[  209.798205][ T6560]  __x64_sys_sendmsg+0x1a1/0x260
[  209.798230][ T6560]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  209.798263][ T6560]  ? __pfx_ksys_write+0x10/0x10
[  209.798287][ T6560]  ? rcu_is_watching+0x15/0xb0
[  209.798325][ T6560]  ? do_syscall_64+0xbe/0x3b0
[  209.798374][ T6560]  do_syscall_64+0xfa/0x3b0
[  209.798392][ T6560]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.798423][ T6560]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.798444][ T6560]  ? clear_bhb_loop+0x60/0xb0
[  209.798471][ T6560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.798492][ T6560] RIP: 0033:0x7f4ee93debe9
[  209.798511][ T6560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.798529][ T6560] RSP: 002b:00007f4ee763e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  209.798552][ T6560] RAX: ffffffffffffffda RBX: 00007f4ee9615fa0 RCX: 00007f4ee93debe9
[  209.798567][ T6560] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004
[  209.798581][ T6560] RBP: 00007f4ee763e090 R08: 0000000000000000 R09: 0000000000000000
[  209.798593][ T6560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  209.798605][ T6560] R13: 00007f4ee9616038 R14: 00007f4ee9615fa0 R15: 00007ffed1d8c078
[  209.798639][ T6560]  </TASK>
[  211.378086][ T5850] Bluetooth: hci5: command tx timeout
[  213.751564][ T5850] Bluetooth: hci5: command tx timeout
[  215.778725][ T5153] Bluetooth: hci5: command tx timeout
[  217.155563][ T5153] Bluetooth: hci4: command 0x0406 tx timeout
[  217.563250][   T59] Bluetooth: hci2: command 0x0406 tx timeout
[  217.563399][   T59] Bluetooth: hci0: command 0x0406 tx timeout
[  217.564902][ T5153] Bluetooth: hci1: command 0x0406 tx timeout
[  219.106406][   T57] team0 (unregistering): Port device team_slave_1 removed
[  221.088471][   T57] team0 (unregistering): Port device team_slave_0 removed
[  223.643778][ T5850] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  223.646658][ T5850] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  223.658324][ T5850] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  223.669155][ T5850] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  223.678554][ T5850] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  225.788353][ T5842] Bluetooth: hci6: command tx timeout
[  226.048131][ T5911] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  226.203823][ T5911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  226.203861][ T5911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  226.203884][ T5911] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  226.203931][ T5911] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  226.203956][ T5911] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.291038][ T5911] usb 1-1: config 0 descriptor??
[  226.811030][ T5911] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  227.243174][ T5846] usb 1-1: USB disconnect, device number 4
[  227.868219][ T5842] Bluetooth: hci6: command tx timeout
[  228.655146][ T6664] netlink: 12 bytes leftover after parsing attributes in process `syz.0.181'.
[  229.938860][ T5842] Bluetooth: hci6: command tx timeout
[  230.205447][ T6208] team0: Port device team_slave_1 added
[  231.171177][ T1084] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  231.408742][ T1084] usb 2-1: Using ep0 maxpacket: 32
[  231.436808][ T1084] usb 2-1: config 0 has an invalid interface number: 169 but max is 0
[  231.436897][ T1084] usb 2-1: config 0 has no interface number 0
[  231.437220][ T1084] usb 2-1: config 0 interface 169 has no altsetting 0
[  231.734233][ T1084] usb 2-1: New USB device found, idVendor=0499, idProduct=500c, bcdDevice=33.49
[  231.734268][ T1084] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.734298][ T1084] usb 2-1: Product: syz
[  231.734313][ T1084] usb 2-1: Manufacturer: syz
[  231.734328][ T1084] usb 2-1: SerialNumber: syz
[  231.856958][ T1084] usb 2-1: config 0 descriptor??
[  232.009969][ T1084] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  232.023220][ T5842] Bluetooth: hci6: command tx timeout
[  234.161113][ T5911] usb 2-1: USB disconnect, device number 2
[  242.597985][    C1] sched: DL replenish lagged too much
[  264.033250][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  264.033347][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  289.656128][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  289.681436][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  289.702335][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  289.704225][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  289.705211][ T5850] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  290.162517][ T5850] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  290.166968][ T5850] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  290.190707][ T5850] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  290.193948][ T5850] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  290.231230][ T5850] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  290.333334][ T5842] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  290.338711][ T5842] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  290.339975][ T5842] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  290.341453][ T5842] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  290.342408][ T5842] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  290.729278][ T5843] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  290.737858][ T5843] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  290.761609][ T5843] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  290.763183][ T5843] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  290.764754][ T5843] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  291.065974][ T5840] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  291.083880][ T5840] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  291.085195][ T5840] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  291.087323][ T5840] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  291.138470][ T5840] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  292.967524][ T5840] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  293.010441][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  293.010960][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  293.012320][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  293.013215][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  299.453012][ T5840] Bluetooth: hci3: command tx timeout
[  299.453442][ T5840] Bluetooth: hci9: command tx timeout
[  299.453606][ T5840] Bluetooth: hci7: command tx timeout
[  299.453761][ T5840] Bluetooth: hci4: command tx timeout
[  299.453902][ T5840] Bluetooth: hci8: command tx timeout
[  301.538115][ T5843] Bluetooth: hci4: command tx timeout
[  301.538157][ T5843] Bluetooth: hci7: command tx timeout
[  301.538180][ T5843] Bluetooth: hci8: command tx timeout
[  301.538203][ T5843] Bluetooth: hci9: command tx timeout
[  301.538227][ T5843] Bluetooth: hci3: command tx timeout
[  303.618486][ T5843] Bluetooth: hci7: command tx timeout
[  303.618525][ T5843] Bluetooth: hci9: command tx timeout
[  303.618549][ T5843] Bluetooth: hci3: command tx timeout
[  303.618572][ T5843] Bluetooth: hci8: command tx timeout
[  303.618594][ T5843] Bluetooth: hci4: command tx timeout
[  308.390004][ T5840] Bluetooth: hci8: command tx timeout
[  308.390045][ T5840] Bluetooth: hci4: command tx timeout
[  308.390068][ T5840] Bluetooth: hci3: command tx timeout
[  308.390092][ T5840] Bluetooth: hci9: command tx timeout
[  308.390115][ T5840] Bluetooth: hci7: command tx timeout
[  322.585821][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  322.587723][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  330.333209][ T5837] Bluetooth: hci5: command 0x0406 tx timeout
[  335.194660][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  335.215656][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  335.216946][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  335.234538][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  335.235515][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  336.162259][ T5843] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  336.183678][ T5843] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  336.184949][ T5843] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  336.187138][ T5843] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  336.211644][ T5843] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  337.636592][ T5153] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  337.652221][ T5153] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  337.667092][ T5153] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  337.677095][ T5153] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  337.687892][ T5153] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  343.848956][ T5840] Bluetooth: hci0: command tx timeout
[  345.858859][ T5850] Bluetooth: hci0: command tx timeout
[  345.859226][ T5850] Bluetooth: hci10: command tx timeout
[  345.859417][ T5850] Bluetooth: hci11: command tx timeout
[  347.938221][ T5850] Bluetooth: hci10: command tx timeout
[  347.938260][ T5850] Bluetooth: hci11: command tx timeout
[  347.938284][ T5850] Bluetooth: hci0: command tx timeout
[  350.135348][ T5850] Bluetooth: hci0: command tx timeout
[  350.135392][ T5850] Bluetooth: hci11: command tx timeout
[  350.135412][ T5850] Bluetooth: hci10: command tx timeout
[  350.261127][ T5850] Bluetooth: hci6: command 0x0406 tx timeout
[  360.608322][ T5843] Bluetooth: hci10: command tx timeout
[  360.608362][ T5843] Bluetooth: hci11: command tx timeout
[  372.723091][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  372.751201][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  372.752531][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  372.772952][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  372.775282][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  372.839105][ T5850] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  372.868265][ T5850] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  372.876703][ T5850] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  372.899719][ T5850] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  372.900736][ T5850] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  374.817992][ T5840] Bluetooth: hci1: command tx timeout
[  374.978193][ T5840] Bluetooth: hci12: command tx timeout
[  376.898839][ T5840] Bluetooth: hci1: command tx timeout
[  377.058092][ T5840] Bluetooth: hci12: command tx timeout
[  378.978216][ T5840] Bluetooth: hci1: command tx timeout
[  379.138092][ T5840] Bluetooth: hci12: command tx timeout
[  381.058021][ T5840] Bluetooth: hci1: command tx timeout
[  381.218201][ T5840] Bluetooth: hci12: command tx timeout
[  384.043540][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  384.043635][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  394.269448][   T38] INFO: task kworker/u8:3:57 blocked for more than 142 seconds.
[  394.269477][   T38]       Not tainted syzkaller #0
[  394.269488][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  394.269498][   T38] task:kworker/u8:3    state:D stack:20584 pid:57    tgid:57    ppid:2      task_flags:0x4208060 flags:0x00004000
[  394.269565][   T38] Workqueue: netns cleanup_net
[  394.269601][   T38] Call Trace:
[  394.269609][   T38]  <TASK>
[  394.269626][   T38]  __schedule+0x16f3/0x4c20
[  394.269687][   T38]  ? __lock_acquire+0xab9/0xd20
[  394.269720][   T38]  ? __pfx___schedule+0x10/0x10
[  394.269772][   T38]  ? schedule+0x91/0x360
[  394.269805][   T38]  schedule+0x165/0x360
[  394.269839][   T38]  schedule_timeout+0x9a/0x270
[  394.269868][   T38]  ? __pfx_schedule_timeout+0x10/0x10
[  394.269913][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[  394.269945][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  394.269984][   T38]  ? wait_for_completion+0x267/0x5d0
[  394.270019][   T38]  wait_for_completion+0x2bf/0x5d0
[  394.270067][   T38]  ? __pfx_wait_for_completion+0x10/0x10
[  394.270102][   T38]  ? __raw_spin_lock_init+0x45/0x100
[  394.270130][   T38]  ? __init_swait_queue_head+0xa9/0x150
[  394.270162][   T38]  rcu_barrier+0x463/0x570
[  394.270199][   T38]  wg_destruct+0x21e/0x2f0
[  394.270234][   T38]  ? __pfx_wg_destruct+0x10/0x10
[  394.270259][   T38]  netdev_run_todo+0xcd4/0xea0
[  394.270291][   T38]  ? __pfx_netdev_run_todo+0x10/0x10
[  394.270311][   T38]  ? unregister_netdevice_queue+0x1b3/0x380
[  394.270339][   T38]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  394.270361][   T38]  ? batadv_meshif_vlan_put+0x131/0x1e0
[  394.270388][   T38]  ? batadv_meshif_destroy_netlink+0x125/0x160
[  394.270417][   T38]  default_device_exit_batch+0x81e/0x890
[  394.270456][   T38]  ? __pfx___might_resched+0x10/0x10
[  394.270481][   T38]  ? __pfx_default_device_exit_batch+0x10/0x10
[  394.270513][   T38]  ? cfg802154_pernet_exit+0x19/0xe0
[  394.270539][   T38]  ? mutex_lock_nested+0x16a/0x1d0
[  394.270575][   T38]  ? __pfx_default_device_exit_batch+0x10/0x10
[  394.270604][   T38]  ops_undo_list+0x525/0x990
[  394.270644][   T38]  ? __pfx_ops_undo_list+0x10/0x10
[  394.270689][   T38]  cleanup_net+0x4cb/0x800
[  394.270725][   T38]  ? __pfx_cleanup_net+0x10/0x10
[  394.270759][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[  394.270790][   T38]  ? process_scheduled_works+0x9ef/0x17b0
[  394.270816][   T38]  ? process_scheduled_works+0x9ef/0x17b0
[  394.270846][   T38]  process_scheduled_works+0xade/0x17b0
[  394.270909][   T38]  ? __pfx_process_scheduled_works+0x10/0x10
[  394.270959][   T38]  worker_thread+0x8a0/0xda0
[  394.271018][   T38]  kthread+0x70e/0x8a0
[  394.271053][   T38]  ? __pfx_worker_thread+0x10/0x10
[  394.271079][   T38]  ? __pfx_kthread+0x10/0x10
[  394.271117][   T38]  ? __pfx_kthread+0x10/0x10
[  394.271151][   T38]  ret_from_fork+0x3f9/0x770
[  394.271183][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  394.271217][   T38]  ? __switch_to_asm+0x39/0x70
[  394.271245][   T38]  ? __switch_to_asm+0x33/0x70
[  394.271264][   T38]  ? __pfx_kthread+0x10/0x10
[  394.271296][   T38]  ret_from_fork_asm+0x1a/0x30
[  394.271336][   T38]  </TASK>
[  394.271446][   T38] INFO: task syz.4.193:6712 blocked for more than 142 seconds.
[  394.271462][   T38]       Not tainted syzkaller #0
[  394.271473][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  394.271481][   T38] task:syz.4.193       state:D stack:25128 pid:6712  tgid:6712  ppid:5835   task_flags:0x400040 flags:0x00004006
[  394.271544][   T38] Call Trace:
[  394.271551][   T38]  <TASK>
[  394.271564][   T38]  __schedule+0x16f3/0x4c20
[  394.271611][   T38]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  394.271648][   T38]  ? __pfx___schedule+0x10/0x10
[  394.271706][   T38]  rt_mutex_schedule+0x77/0xf0
[  394.271728][   T38]  rt_mutex_slowlock_block+0x5ba/0x6d0
[  394.271771][   T38]  ? rt_mutex_slowlock_block+0x351/0x6d0
[  394.271802][   T38]  rt_mutex_slowlock+0x2b1/0x6e0
[  394.271831][   T38]  ? rt_mutex_slowlock+0x1c9/0x6e0
[  394.271858][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  394.271898][   T38]  ? rcu_barrier+0x4c/0x570
[  394.271927][   T38]  ? rt_mutex_slowunlock+0x493/0x8a0
[  394.271957][   T38]  ? rcu_barrier+0x4c/0x570
[  394.271976][   T38]  mutex_lock_nested+0x16a/0x1d0
[  394.272002][   T38]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  394.272034][   T38]  rcu_barrier+0x4c/0x570
[  394.272068][   T38]  kvm_mmu_uninit_vm+0x53/0x90
[  394.272092][   T38]  kvm_arch_destroy_vm+0x23d/0x280
[  394.272123][   T38]  kvm_put_kvm+0xf8e/0x1670
[  394.272161][   T38]  ? __pfx_kvm_vm_release+0x10/0x10
[  394.272191][   T38]  kvm_vm_release+0x46/0x50
[  394.272218][   T38]  __fput+0x45b/0xa80
[  394.272263][   T38]  task_work_run+0x1d4/0x260
[  394.272289][   T38]  ? __pfx_task_work_run+0x10/0x10
[  394.272318][   T38]  ? exit_to_user_mode_loop+0x40/0x110
[  394.272351][   T38]  exit_to_user_mode_loop+0xec/0x110
[  394.272382][   T38]  do_syscall_64+0x2bd/0x3b0
[  394.272404][   T38]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.272425][   T38]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  394.272446][   T38]  ? clear_bhb_loop+0x60/0xb0
[  394.272473][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.272494][   T38] RIP: 0033:0x7f4ee93debe9
[  394.272513][   T38] RSP: 002b:00007ffed1d8c1d8 EFLAGS: 00000246 ORIG_RAX: 000[  394.272513][   T38] RSP: 002b:00007ffed1d8c1d8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  394.272535][   T38] RAX: 0000000000000000 RBX: 000000000003c94e RCX: 00007f4ee93debe9
[  394.272550][   T38] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  394.272563][   T38] RBP: 00007f4ee9617da0 R08: 0000000000000001 R09: 00000012d1d8c4cf
[  394.272577][   T38] R10: 0000001b30820000 R11: 0000000000000246 R12: 00007f4ee9615fac
[  394.272592][   T38] R13: 00007f4ee9615fa0 R14: ffffffffffffffff R15: 00007ffed1d8c2f0
[  394.272629][   T38]  </TASK>
[  394.272650][   T38] 
[  394.272650][   T38] Showing all locks held in the system:
[  394.272660][   T38] 2 locks held by rcuc/1/28:
[  394.272673][   T38]  #0: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400
[  394.272729][   T38]  #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[  394.272785][   T38] 8 locks held by ktimers/1/29:
[  394.272797][   T38] 2 locks held by ksoftirqd/1/30:
[  394.272808][   T38]  #0: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400
[  394.272862][   T38]  #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[  394.272917][   T38] 1 lock held by khungtaskd/38:
[  394.272928][   T38]  #0: ffffffff8d9a8bc0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  394.272978][   T38] 2 locks held by kworker/1:1/44:
[  394.272993][   T38] 5 locks held by kworker/u8:3/57:
[  394.273004][   T38]  #0: ffff88801a6f4138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  394.273058][   T38]  #1: ffffc9000123fbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  394.273109][   T38]  #2: ffffffff8ecc6280 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[  394.273166][   T38]  #3: ffff88805a4217b8 (&wg->device_update_lock){+.+.}-{4:4}, at: wg_destruct+0x116/0x2f0
[  394.273220][   T38]  #4: ffffffff8d9ae570 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  394.273296][   T38] 2 locks held by dhcpcd/5499:
[  394.273308][   T38]  #0: ffff888141b88910 (nlk_cb_mutex-ROUTE){+.+.}-{4:4}, at: __netlink_dump_start+0xfe/0x7e0
[  394.273364][   T38]  #1: ffffffff8ecd3178 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dumpit+0x92/0x200
[  394.273420][   T38] 2 locks held by getty/5597:
[  394.273431][   T38]  #0: ffff88823bf668a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  394.273491][   T38]  #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410
[  394.273546][   T38] 2 locks held by syz-executor/5823:
[  394.273559][   T38] 1 lock held by syz-executor/5833:
[  394.273570][   T38]  #0: ffffffff8ecd3178 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[  394.273635][   T38] 4 locks held by kworker/1:3/5911:
[  394.273648][   T38] 3 locks held by kworker/u8:12/6000:
[  394.273660][   T38]  #0: ffff88803008f138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  394.273715][   T38]  #1: ffffc9000547fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  394.273771][   T38]  #2: ffffffff8ecd3178 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
[  394.273825][   T38] 3 locks held by kworker/0:7/6048:
[  394.273837][   T38]  #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  394.273891][   T38]  #1: ffffc900055dfbc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  394.273945][   T38]  #2: ffffffff8ecd3178 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20
[  394.273996][   T38] 2 locks held by kworker/u8:14/6073:
[  394.274008][   T38] 1 lock held by syz-executor/6208:
[  394.274020][   T38]  #0: ffffffff8d9ae570 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  394.274069][   T38] 2 locks held by kworker/u8:16/6382:
[  394.274081][   T38]  #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  394.274133][   T38]  #1: ffffc90005f9fbc0 ((work_completion)(&pool->idle_cull_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  394.274187][   T38] 1 lock held by syz.3.144/6523:
[  394.274199][   T38]  #0: ffffffff8d9ae570 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  394.274259][   T38] 2 locks held by syz-executor/6545:
[  394.274271][   T38]  #0: ffffffff8ecc6280 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  394.274326][   T38]  #1: ffffffff8d9ae570 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  394.274374][   T38] 2 locks held by syz-executor/6631:
[  394.274385][   T38]  #0: ffffffff8ecc6280 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  394.274440][   T38]  #1: ffffffff8d9ae570 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  394.274489][   T38] 1 lock held by syz.0.192/6726:
[  394.274500][   T38]  #0: ffffffff8ecd3178 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[  394.274558][   T38] 1 lock held by syz.4.193/6712:
[  394.274570][   T38]  #0: ffffffff8d9ae570 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  394.274620][   T38] 4 locks held by kworker/1:9/6718:
[  394.274632][   T38]  #0: ffff88805a6f3938 ((wq_completion)wg-crypt-wg1#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  394.274692][   T38]  #1: ffffc9000534fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  394.274764][   T38]  #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400
[  394.274818][   T38]  #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[  394.274871][   T38] 4 locks held by kworker/1:13/6733:
[  394.274881][   T38]  #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  394.274926][   T38]  #1: ffffc90004b7fbc0 ((work_completion)(&(&tbl->gc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  394.274980][   T38]  #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400
[  394.275029][   T38]  #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[  394.275081][   T38] 1 lock held by syz-executor/6737:
[  394.275093][   T38]  #0: ffffffff8ecd3178 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[  394.275147][   T38] 1 lock held by syz-executor/6739:
[  394.275158][   T38]  #0: ffffffff8ecd3178 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  394.275203][   T38] 1 lock held by syz-executor/6741:
[  394.275213][   T38]  #0: ffffffff8ecd3178 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  394.275266][   T38] 1 lock held by syz-executor/6745:
[  394.275278][   T38]  #0: ffffffff8ecd3178 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  394.275326][   T38] 1 lock held by syz-executor/6747:
[  394.275337][   T38]  #0: ffffffff8ecd3178 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  394.275385][   T38] 1 lock held by syz-executor/6761:
[  394.275396][   T38]  #0: ffffffff8ecd3178 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  394.275446][   T38] 1 lock held by syz-executor/6764:
[  394.275457][   T38]  #0: ffffffff8ecd3178 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  394.275503][   T38] 1 lock held by syz-executor/6766:
[  394.275514][   T38]  #0: ffffffff8ecd3178 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  394.275565][   T38] 1 lock held by syz-executor/6774:
[  394.275577][   T38]  #0: ffffffff8ecd3178 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  394.275626][   T38] 1 lock held by syz-executor/6775:
[  394.275637][   T38]  #0: ffffffff8ecd3178 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  394.275687][   T38] 3 locks held by kworker/u8:18/6778:
[  394.275698][   T38]  #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  394.275754][   T38]  #1: ffffc9000424fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  394.275807][   T38]  #2: ffffffff8ecd3178 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  394.275855][   T38] 
[  394.275860][   T38] =============================================
[  394.275860][   T38] 
[  394.275870][   T38] NMI backtrace for cpu 0
[  394.275885][   T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  394.275908][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  394.275920][   T38] Call Trace:
[  394.275928][   T38]  <TASK>
[  394.275936][   T38]  dump_stack_lvl+0x189/0x250
[  394.275971][   T38]  ? __pfx_dump_stack_lvl+0x10/0x10
[  394.276002][   T38]  ? __pfx__printk+0x10/0x10
[  394.276039][   T38]  nmi_cpu_backtrace+0x39e/0x3d0
[  394.276070][   T38]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  394.276128][   T38]  ? __pfx__printk+0x10/0x10
[  394.276157][   T38]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  394.276186][   T38]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  394.276216][   T38]  watchdog+0xf93/0xfe0
[  394.276257][   T38]  ? watchdog+0x1de/0xfe0
[  394.276291][   T38]  kthread+0x70e/0x8a0
[  394.276327][   T38]  ? __pfx_watchdog+0x10/0x10
[  394.276353][   T38]  ? __pfx_kthread+0x10/0x10
[  394.276391][   T38]  ? __pfx_kthread+0x10/0x10
[  394.276422][   T38]  ret_from_fork+0x3f9/0x770
[  394.276453][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  394.276486][   T38]  ? __switch_to_asm+0x39/0x70
[  394.276505][   T38]  ? __switch_to_asm+0x33/0x70
[  394.276523][   T38]  ? __pfx_kthread+0x10/0x10
[  394.276556][   T38]  ret_from_fork_asm+0x1a/0x30
[  394.276594][   T38]  </TASK>
[  394.276602][   T38] Sending NMI from CPU 0 to CPUs 1:
[  394.276632][    C1] NMI backtrace for cpu 1
[  394.276648][    C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  394.276668][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  394.276677][    C1] RIP: 0010:__lock_acquire+0xa4f/0xd20
[  394.276702][    C1] Code: e7 ff 90 0f 0b 90 90 90 31 c0 48 8b 3c 24 48 83 78 40 00 0f 84 8c 02 00 00 41 8b 46 20 25 ff 1f 00 00 48 0f a3 05 a1 c2 61 11 <73> 10 48 69 c0 c8 00 00 00 48 8d 80 f0 c2 9e 92 eb 40 83 3d 48 52
[  394.276715][    C1] RSP: 0018:ffffc90000a3eab0 EFLAGS: 00000007
[  394.276731][    C1] RAX: 0000000000000039 RBX: 0000000000000007 RCX: 00000000e4e8b976
[  394.276743][    C1] RDX: 000000008d2de7cf RSI: 000000004a2d4910 RDI: ffff88801caf1dc0
[  394.276754][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8af90bd4
[  394.276765][    C1] R10: dffffc0000000000 R11: fffffbfff1e3ab47 R12: 000000001186a4bf
[  394.276776][    C1] R13: ffff88801caf28e0 R14: ffff88801caf29f8 R15: 6f64e234e4e8b976
[  394.276788][    C1] FS:  0000000000000000(0000) GS:ffff8881269bf000(0000) knlGS:0000000000000000
[  394.276802][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  394.276814][    C1] CR2: 000055c1b1d18a48 CR3: 000000003b098000 CR4: 00000000003526f0
[  394.276831][    C1] Call Trace:
[  394.276837][    C1]  <TASK>
[  394.276846][    C1]  ? rt_spin_lock+0x144/0x2c0
[  394.276864][    C1]  lock_acquire+0x120/0x360
[  394.276884][    C1]  ? rt_spin_lock+0x144/0x2c0
[  394.276907][    C1]  _raw_spin_lock_irqsave+0xa7/0xf0
[  394.276929][    C1]  ? rt_spin_lock+0x144/0x2c0
[  394.276947][    C1]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  394.276973][    C1]  rt_spin_lock+0x144/0x2c0
[  394.276990][    C1]  ? stack_depot_save_flags+0x40/0x860
[  394.277014][    C1]  ? __pfx_rt_spin_lock+0x10/0x10
[  394.277032][    C1]  ? kasan_save_track+0x4f/0x80
[  394.277050][    C1]  ? kasan_save_track+0x3e/0x80
[  394.277066][    C1]  ? kasan_save_free_info+0x46/0x50
[  394.277081][    C1]  ? __kasan_slab_free+0x5b/0x80
[  394.277101][    C1]  ___slab_alloc+0x25f/0xdc0
[  394.277125][    C1]  ? __netif_receive_skb+0x143/0x380
[  394.277143][    C1]  ? process_backlog+0x31e/0x900
[  394.277163][    C1]  ? run_ktimerd+0xcf/0x190
[  394.277183][    C1]  ? smpboot_thread_fn+0x53f/0xa60
[  394.277201][    C1]  ? __alloc_skb+0x112/0x2d0
[  394.277224][    C1]  ? __alloc_skb+0x112/0x2d0
[  394.277245][    C1]  kmem_cache_alloc_node_noprof+0xf2/0x330
[  394.277270][    C1]  __alloc_skb+0x112/0x2d0
[  394.277292][    C1]  synproxy_send_client_synack+0x16c/0xe20
[  394.277321][    C1]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[  394.277343][    C1]  ? __pfx_nft_symhash_dump+0x10/0x10
[  394.277367][    C1]  ? synproxy_pernet+0x45/0x270
[  394.277385][    C1]  nft_synproxy_eval_v4+0x36e/0x560
[  394.277404][    C1]  ? __pfx_nft_synproxy_eval_v4+0x10/0x10
[  394.277422][    C1]  ? nf_ip_checksum+0x13c/0x510
[  394.277441][    C1]  nft_synproxy_do_eval+0x345/0x570
[  394.277457][    C1]  ? unwind_next_frame+0xa5/0x2390
[  394.277488][    C1]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  394.277512][    C1]  nft_do_chain+0x409/0x1920
[  394.277527][    C1]  ? arch_stack_walk+0x11c/0x150
[  394.277551][    C1]  ? ret_from_fork_asm+0x1a/0x30
[  394.277569][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[  394.277593][    C1]  ? smpboot_thread_fn+0x53f/0xa60
[  394.277611][    C1]  ? kthread+0x70e/0x8a0
[  394.277632][    C1]  ? ret_from_fork+0x3f9/0x770
[  394.277651][    C1]  ? ret_from_fork_asm+0x1a/0x30
[  394.277670][    C1]  nft_do_chain_inet+0x25d/0x340
[  394.277686][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  394.277702][    C1]  ? __lock_acquire+0xab9/0xd20
[  394.277726][    C1]  ? NF_HOOK+0x9a/0x3a0
[  394.277748][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  394.277765][    C1]  nf_hook_slow+0xc2/0x220
[  394.277788][    C1]  NF_HOOK+0x206/0x3a0
[  394.277809][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  394.277837][    C1]  ? NF_HOOK+0x9a/0x3a0
[  394.277857][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  394.277877][    C1]  ? ip_rcv_finish_core+0xda3/0x1c00
[  394.277899][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  394.277921][    C1]  ? skb_dst+0x4f/0xd0
[  394.277942][    C1]  ? ip_local_deliver+0x12a/0x1b0
[  394.277963][    C1]  NF_HOOK+0x30c/0x3a0
[  394.277984][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  394.278005][    C1]  ? NF_HOOK+0x9a/0x3a0
[  394.278025][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  394.278046][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  394.278070][    C1]  ? __pfx_ip_rcv+0x10/0x10
[  394.278090][    C1]  __netif_receive_skb+0x143/0x380
[  394.278109][    C1]  ? rt_spin_unlock+0x65/0x80
[  394.278129][    C1]  ? process_backlog+0x27b/0x900
[  394.278148][    C1]  process_backlog+0x31e/0x900
[  394.278172][    C1]  __napi_poll+0xb3/0x540
[  394.278192][    C1]  net_rx_action+0x707/0xe00
[  394.278212][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  394.278241][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  394.278274][    C1]  handle_softirqs+0x22f/0x710
[  394.278297][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  394.278320][    C1]  run_ktimerd+0xcf/0x190
[  394.278341][    C1]  ? __pfx_run_ktimerd+0x10/0x10
[  394.278366][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  394.278385][    C1]  smpboot_thread_fn+0x53f/0xa60
[  394.278405][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  394.278428][    C1]  kthread+0x70e/0x8a0
[  394.278451][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  394.278470][    C1]  ? __pfx_kthread+0x10/0x10
[  394.278502][    C1]  ? __pfx_kthread+0x10/0x10
[  394.278526][    C1]  ret_from_fork+0x3f9/0x770
[  394.278547][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  394.278569][    C1]  ? __switch_to_asm+0x39/0x70
[  394.278583][    C1]  ? __switch_to_asm+0x33/0x70
[  394.278597][    C1]  ? __pfx_kthread+0x10/0x10
[  394.278620][    C1]  ret_from_fork_asm+0x1a/0x30
[  394.278641][    C1]  </TASK>
[  394.837945][   T38] Kernel panic - not syncing: hung_task: blocked tasks
[  394.837969][   T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  394.837995][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  394.838008][   T38] Call Trace:
[  394.838017][   T38]  <TASK>
[  394.838028][   T38]  dump_stack_lvl+0x99/0x250
[  394.838067][   T38]  ? __asan_memcpy+0x40/0x70
[  394.838091][   T38]  ? __pfx_dump_stack_lvl+0x10/0x10
[  394.838122][   T38]  ? __pfx__printk+0x10/0x10
[  394.838161][   T38]  vpanic+0x281/0x750
[  394.838196][   T38]  ? __pfx_vpanic+0x10/0x10
[  394.838227][   T38]  ? preempt_schedule+0xae/0xc0
[  394.838268][   T38]  ? preempt_schedule_common+0x83/0xd0
[  394.838306][   T38]  panic+0xb9/0xc0
[  394.838337][   T38]  ? __pfx_panic+0x10/0x10
[  394.838369][   T38]  ? preempt_schedule_thunk+0x16/0x30
[  394.838402][   T38]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  394.838432][   T38]  watchdog+0xfd2/0xfe0
[  394.838467][   T38]  ? watchdog+0x1de/0xfe0
[  394.838499][   T38]  kthread+0x70e/0x8a0
[  394.838536][   T38]  ? __pfx_watchdog+0x10/0x10
[  394.838562][   T38]  ? __pfx_kthread+0x10/0x10
[  394.838600][   T38]  ? __pfx_kthread+0x10/0x10
[  394.838633][   T38]  ret_from_fork+0x3f9/0x770
[  394.838664][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  394.838699][   T38]  ? __switch_to_asm+0x39/0x70
[  394.838719][   T38]  ? __switch_to_asm+0x33/0x70
[  394.838738][   T38]  ? __pfx_kthread+0x10/0x10
[  394.838771][   T38]  ret_from_fork_asm+0x1a/0x30
[  394.838810][   T38]  </TASK>
[  394.839135][   T38] Kernel Offset: disabled