last executing test programs:

10m10.095836978s ago: executing program 2 (id=72):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r1, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004000}, 0x20000000)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0xc1)
write$sndseq(r2, &(0x7f0000000500)=[{0x8, 0x8, 0x9, 0xeb, @time={0x81, 0x80000001}, {0x2d, 0x8}, {0xfd, 0xd}, @control={0x9, 0x3e78, 0x6171c62c}}, {0x1, 0x7, 0x3, 0x7, @time={0x2, 0x3}, {0xc, 0xdf}, {0x9, 0x9}, @time=@time={0x2b4b07bc, 0x5}}, {0xda, 0x9, 0xf, 0x6b, @time={0xe, 0x7}, {0x20}, {0x3, 0x8}, @raw32={[0x4, 0x3, 0x7]}}, {0x6, 0x6, 0xc, 0x7, @tick=0x10, {0x0, 0x1}, {0x4, 0x3}, @control={0x2d, 0x0, 0x9}}, {0x2, 0x7, 0x2e, 0xf9, @time={0xc, 0x5}, {0x20, 0xae}, {0xb, 0x6}, @quote={{0x86, 0x5}, 0xdd41, &(0x7f0000000400)={0x2, 0x1, 0x1, 0xab, @tick=0x2, {0x4, 0x6}, {0x6, 0x9}, @queue={0x40, {0x3, 0x9}}}}}, {0x8, 0x8, 0x9, 0x87, @time={0x5, 0xfffffffc}, {0x3, 0x7}, {0x8, 0x9}, @result={0x0, 0x5}}], 0xa8)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$FS_IOC_FSGETXATTR(r3, 0x801c581f, &(0x7f0000000280)={0x9, 0x1, 0x9, 0x8, 0x6})
syz_open_dev$sg(0x0, 0x0, 0x8002)
socket$inet_mptcp(0x2, 0x1, 0x106)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x9, 0x9, 0xfdfffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3fe, 0x5, 0x3, 0x9, 0x8, 0x45ff, 0x7ffffffc}, 0x0, 0x0)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02b24b9a676524250149b33f3e75", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/13], 0x50)

10m6.70863474s ago: executing program 2 (id=78):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r4 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\x01\x04\x00\x00\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
pwritev(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4)
syz_usb_connect(0x5, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201100153a42908f00a71729188010203010902"], 0x0)
sendfile(r3, r3, 0x0, 0x24002deb)
ioctl$LOOP_CLR_FD(r3, 0x4c01)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x2, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

10m2.963566003s ago: executing program 2 (id=90):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x7, 0x4, 0x8, 0x1}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000280)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
listen(r4, 0x2)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r5, &(0x7f0000000040)={0x2, 0x2, @local}, 0x10)
close_range(r4, 0xffffffffffffffff, 0x0)

10m0.612207658s ago: executing program 2 (id=92):
openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
io_uring_setup(0x7d98, &(0x7f00000003c0)={0x0, 0xdf07, 0x2, 0x2})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x6, 0x0, 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x40000000})
ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0)

9m57.628002309s ago: executing program 2 (id=99):
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121)
r1 = dup(r0)
r2 = openat$sequencer2(0xffffff9c, &(0x7f00000011c0), 0x0, 0x0)
ioctl$SNDCTL_SYNTH_INFO(r2, 0xc08c5102, &(0x7f00000003c0)={"0d23b303d68c2bc8613a991ad20df8495216ee25b04291af6c4bef608161", 0x9a, 0x0, 0x401, 0xffffffff, 0x9, 0x7, 0x81, 0x0, [0x80000000, 0x9, 0x7, 0x7fffffff, 0x9, 0x4717, 0xe, 0x7, 0x3ff, 0x6, 0x5, 0x54e49253, 0x1, 0x80, 0x10, 0x1, 0x7fffffff, 0x6, 0x8]})
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = socket(0x1e, 0x1, 0x0)
getsockopt$sock_buf(r3, 0x1, 0x1c, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$TCSETS(r1, 0x5402, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000140)=0x15)
r7 = syz_io_uring_setup(0x1c57, &(0x7f0000000300)={0x0, 0x40ac, 0x10000, 0x2, 0x3f, 0x0, r1}, &(0x7f0000000180)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r1, 0x8008f513, &(0x7f00000000c0))
syz_io_uring_submit(r8, r9, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0})
io_uring_enter(r7, 0x2def, 0x4000, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

9m56.156606215s ago: executing program 2 (id=104):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x6)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB, @ANYBLOB], 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x42002)
r1 = syz_open_dev$usbfs(&(0x7f00000002c0), 0x75, 0x301601)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r3=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @empty, 0x7}, {0xa, 0x0, 0x0, @mcast2, 0xfffffffe}, r3}}, 0xfffffe10)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r5=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @empty, 0x7}, {0xa, 0x0, 0x0, @mcast2, 0xfffffffe}, r5}}, 0xfffffe10)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, 0x0, 0x0)
r7 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f00000001c0), 0x4)

9m40.271635136s ago: executing program 32 (id=104):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x6)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB, @ANYBLOB], 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x42002)
r1 = syz_open_dev$usbfs(&(0x7f00000002c0), 0x75, 0x301601)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r3=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @empty, 0x7}, {0xa, 0x0, 0x0, @mcast2, 0xfffffffe}, r3}}, 0xfffffe10)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r5=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @empty, 0x7}, {0xa, 0x0, 0x0, @mcast2, 0xfffffffe}, r5}}, 0xfffffe10)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, 0x0, 0x0)
r7 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f00000001c0), 0x4)

5m45.766505487s ago: executing program 1 (id=576):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0xd5108000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xf7fffffb})
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x15, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
keyctl$chown(0x4, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000640)='percpu_alloc_percpu\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x5, &(0x7f0000000000)=@framed={{0xffffffb4, 0x6, 0x0, 0x0, 0x0, 0x73, 0x11, 0x42}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94)

5m43.835516937s ago: executing program 1 (id=579):
socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r4 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
truncate(&(0x7f0000000040)='./bus\x00', 0x9472)
dup3(r4, r3, 0x0)
finit_module(r4, 0x0, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000080)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1)
read(r5, &(0x7f0000000240)=""/28, 0xffd2)
socket$kcm(0x10, 0x2, 0x0)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, r3}, 0x50)
bpf$OBJ_PIN_MAP(0x9, &(0x7f0000000040)=@generic={0x0, r6}, 0x18)

5m42.388644468s ago: executing program 1 (id=581):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r2)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x8, 0x8}, 0x50)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x0}, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r5}, 0x10)
r6 = bpf$ITER_CREATE(0xb, 0x0, 0x0)
close(r6)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x0}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000980)={{r3}, &(0x7f0000000900), &(0x7f0000000940)=r2}, 0x20)

5m42.125596999s ago: executing program 1 (id=583):
socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r4 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
truncate(&(0x7f0000000040)='./bus\x00', 0x9472)
dup3(r4, r3, 0x0)
finit_module(r4, 0x0, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000080)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1)
read(r5, &(0x7f0000000240)=""/28, 0xffd2)
recvmsg(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)}, 0x40000100)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, r3}, 0x50)
bpf$OBJ_PIN_MAP(0x9, &(0x7f0000000040)=@generic={0x0, r6}, 0x18)

5m40.670664224s ago: executing program 1 (id=584):
socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r4 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
truncate(&(0x7f0000000040)='./bus\x00', 0x9472)
dup3(r4, r3, 0x0)
finit_module(r4, 0x0, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000080)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1)
read(r5, &(0x7f0000000240)=""/28, 0xffd2)
r6 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)}, 0x40000100)
bpf$OBJ_PIN_MAP(0x9, &(0x7f0000000040)=@generic={0x0}, 0x18)

5m38.83773192s ago: executing program 1 (id=587):
socket$nl_generic(0x10, 0x3, 0x10)
pipe2(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = memfd_create(&(0x7f00000000c0)='\xe9`\x10\x98[\x82?O3#\xfa\x02\xdc\x96\xa1\xbc\x80\x00+\xb6O', 0x0)
write$binfmt_elf32(r1, &(0x7f0000001e80)=ANY=[], 0x38)
fcntl$setpipe(r0, 0x407, 0x8001a0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shmdt(0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r6)
splice(r0, 0x0, r2, 0x0, 0x200002, 0x0)

5m22.088352306s ago: executing program 33 (id=587):
socket$nl_generic(0x10, 0x3, 0x10)
pipe2(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = memfd_create(&(0x7f00000000c0)='\xe9`\x10\x98[\x82?O3#\xfa\x02\xdc\x96\xa1\xbc\x80\x00+\xb6O', 0x0)
write$binfmt_elf32(r1, &(0x7f0000001e80)=ANY=[], 0x38)
fcntl$setpipe(r0, 0x407, 0x8001a0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shmdt(0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r6)
splice(r0, 0x0, r2, 0x0, 0x200002, 0x0)

26.066832639s ago: executing program 5 (id=1177):
syz_emit_ethernet(0xfdef, &(0x7f0000000100)=ANY=[], 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@newlink={0x34, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x44010}, [@IFLA_IFNAME={0x14, 0x3, 'geneve1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x2000000)
syz_emit_ethernet(0x52, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
lseek(r1, 0x9, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000440)=0x5)
ioctl$TCSETA(r5, 0x8925, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "4feda26323b172e0"})
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x44014)
socket(0x10, 0x80003, 0x0)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)

19.761586998s ago: executing program 5 (id=1188):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001b00)=""/102392, 0x18ff8)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc)
r2 = socket$inet6(0xa, 0x3, 0x26)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@private1, 0x4e20, 0x0, 0x4e22, 0x0, 0xa}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x24}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@empty, 0x800, 0x33}, 0xa, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0)
ioctl$VT_OPENQRY(0xffffffffffffffff, 0x4b46, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000)
socket$netlink(0x10, 0x3, 0x8)
socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'veth1_vlan\x00'}}, 0x1e)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)

13.992690119s ago: executing program 0 (id=1196):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getrlimit(0x6, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = add_key$keyring(&(0x7f0000000100), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f00000002c0)="0000000000000002ff690000001d00010000001800b57f00000200861f4104bfeacdd5a9007d16dcdc2850b5", 0x2c, r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000780)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1802a6cf1d47dd46bdb2e8f100000200000000000000000000008500000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0xd, 0x0, &(0x7f0000000500)="ba7114d8af50aa3e1c6ed2459d", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), 0x0}, 0x20)
sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_open_dev$I2C(0x0, 0x0, 0x189802)
r5 = creat(0x0, 0xe5)
r6 = fsopen(&(0x7f00000001c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='v1to_da_alloc', 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff5000/0xa000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ff7000/0x1000)=nil, 0x0, 0x0, r5}, 0x68)

13.873180319s ago: executing program 5 (id=1198):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001b00)=""/102392, 0x18ff8)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc)
r2 = socket$inet6(0xa, 0x3, 0x26)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@private1, 0x4e20, 0x0, 0x4e22, 0x0, 0xa}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x24}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@empty, 0x800, 0x33}, 0xa, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0)
ioctl$VT_OPENQRY(0xffffffffffffffff, 0x4b46, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000)
socket$netlink(0x10, 0x3, 0x8)
socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'veth1_vlan\x00'}}, 0x1e)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)

13.658455094s ago: executing program 3 (id=1199):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001b00)=""/102392, 0x18ff8)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
process_madvise(r2, &(0x7f0000000080)=[{&(0x7f0000000100)="7f", 0x1}], 0x1, 0x11, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc)
r3 = socket$inet6(0xa, 0x3, 0x26)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@private1, 0x4e20, 0x0, 0x4e22, 0x0, 0xa}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x24}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@empty, 0x800, 0x33}, 0xa, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8)
sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0)
ioctl$VT_OPENQRY(0xffffffffffffffff, 0x4b46, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r5, 0x2000)
socket$netlink(0x10, 0x3, 0x8)
socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r5, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'veth1_vlan\x00'}}, 0x1e)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)

12.701607647s ago: executing program 0 (id=1200):
syz_emit_ethernet(0xfdef, &(0x7f0000000100)=ANY=[], 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x2000000)
syz_emit_ethernet(0x52, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
lseek(r1, 0x9, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000440)=0x5)
ioctl$TCSETA(r5, 0x8925, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "4feda26323b172e0"})
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x44014)
socket(0x10, 0x80003, 0x0)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)

12.403654349s ago: executing program 6 (id=1201):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getrlimit(0x6, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = add_key$keyring(&(0x7f0000000100), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f00000002c0)="0000000000000002ff690000001d00010000001800b57f00000200861f4104bfeacdd5a9007d16dcdc2850b5", 0x2c, r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000780)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1802a6cf1d47dd46bdb2e8f100000200000000000000000000008500000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0xd, 0x0, &(0x7f0000000500)="ba7114d8af50aa3e1c6ed2459d", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), 0x0}, 0x20)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_open_dev$I2C(0x0, 0x0, 0x189802)
r5 = creat(0x0, 0xe5)
r6 = fsopen(&(0x7f00000001c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='v1to_da_alloc', 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff5000/0xa000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ff7000/0x1000)=nil, 0x0, 0x0, r5}, 0x68)

12.332022014s ago: executing program 3 (id=1202):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getrlimit(0x6, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = add_key$keyring(&(0x7f0000000100), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f00000002c0)="0000000000000002ff690000001d00010000001800b57f00000200861f4104bfeacdd5a9007d16dcdc2850b5", 0x2c, r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000780)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1802a6cf1d47dd46bdb2e8f100000200000000000000000000008500000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0xd, 0x0, &(0x7f0000000500)="ba7114d8af50aa3e1c6ed2459d", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), 0x0}, 0x20)
sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_open_dev$I2C(0x0, 0x0, 0x189802)
r6 = creat(0x0, 0xe5)
r7 = fsopen(&(0x7f00000001c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='v1to_da_alloc', 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff5000/0xa000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ff7000/0x1000)=nil, 0x0, 0x0, r6}, 0x68)

9.207544283s ago: executing program 6 (id=1204):
r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r2, 0x0, 0x0, 0x20008000)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
execve(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)={[&(0x7f0000000100)=' ']}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
read$FUSE(r3, &(0x7f0000000940)={0x2020}, 0x2020)
r4 = creat(&(0x7f00000001c0)='./file0\x00', 0x8)
read$FUSE(r4, &(0x7f000000c400)={0x2020}, 0x2020)

8.723671726s ago: executing program 3 (id=1205):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001b00)=""/102392, 0x18ff8)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = getpid()
syz_pidfd_open(r2, 0x0)
bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc)
r3 = socket$inet6(0xa, 0x3, 0x26)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@private1, 0x4e20, 0x0, 0x4e22, 0x0, 0xa}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x24}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@empty, 0x800, 0x33}, 0xa, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8)
sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0)
ioctl$VT_OPENQRY(0xffffffffffffffff, 0x4b46, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r5, 0x2000)
socket$netlink(0x10, 0x3, 0x8)
socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r5, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'veth1_vlan\x00'}}, 0x1e)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)

8.277581022s ago: executing program 6 (id=1206):
r0 = fsopen(&(0x7f0000000040)='befs\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0xb, 0x6, 0x1)
syz_open_dev$video4linux(&(0x7f0000000080), 0x2008, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
r4 = syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r5, 0x0, 0x4040004)
ioctl$VIDIOC_SUBDEV_S_CROP(r4, 0xc038563c, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0xd7b706656310aba8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfff0}, {0xffff, 0xffff}, {0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x20048800)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
ioctl$VHOST_GET_VRING_ENDIAN(r6, 0x4028af11, &(0x7f00000001c0))
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)

8.257302322s ago: executing program 0 (id=1208):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001b00)=""/102392, 0x18ff8)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
process_madvise(r3, &(0x7f0000000080)=[{&(0x7f0000000100)="7f", 0x1}], 0x1, 0x11, 0x0)
bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc)
r4 = socket$inet6(0xa, 0x3, 0x26)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@private1, 0x4e20, 0x0, 0x4e22, 0x0, 0xa}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x24}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@empty, 0x800, 0x33}, 0xa, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8)
sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0)
ioctl$VT_OPENQRY(0xffffffffffffffff, 0x4b46, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r6, 0x2000)
socket$netlink(0x10, 0x3, 0x8)
socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r6, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'veth1_vlan\x00'}}, 0x1e)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)

7.180166135s ago: executing program 6 (id=1209):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getrlimit(0x6, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = add_key$keyring(&(0x7f0000000100), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f00000002c0)="0000000000000002ff690000001d00010000001800b57f00000200861f4104bfeacdd5a9007d16dcdc2850b5", 0x2c, r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000780)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1802a6cf1d47dd46bdb2e8f100000200000000000000000000008500000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0xd, 0x0, &(0x7f0000000500)="ba7114d8af50aa3e1c6ed2459d", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), 0x0}, 0x20)
sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_open_dev$I2C(0x0, 0x0, 0x189802)
r5 = creat(0x0, 0xe5)
r6 = fsopen(&(0x7f00000001c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='v1to_da_alloc', 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff5000/0xa000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ff7000/0x1000)=nil, 0x0, 0x0, r5}, 0x68)

6.378644876s ago: executing program 3 (id=1211):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getrlimit(0x6, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = add_key$keyring(&(0x7f0000000100), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f00000002c0)="0000000000000002ff690000001d00010000001800b57f00000200861f4104bfeacdd5a9007d16dcdc2850b5", 0x2c, r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000780)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1802a6cf1d47dd46bdb2e8f100000200000000000000000000008500000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0xd, 0x0, &(0x7f0000000500)="ba7114d8af50aa3e1c6ed2459d", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), 0x0}, 0x20)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_open_dev$I2C(0x0, 0x0, 0x189802)
r5 = creat(0x0, 0xe5)
r6 = fsopen(&(0x7f00000001c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='v1to_da_alloc', 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff5000/0xa000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ff7000/0x1000)=nil, 0x0, 0x0, r5}, 0x68)

4.842346332s ago: executing program 6 (id=1213):
syz_open_dev$vim2m(0x0, 0x20000006, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000400)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
ioprio_set$uid(0x3, 0x0, 0x6400)
chdir(&(0x7f0000000140)='./bus\x00')
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x5, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xa000, 0x0, 0x0, 0x0, 0x3ff, 0x801}}, {0x0, 0x13}}}, 0xa0)

4.81327475s ago: executing program 5 (id=1214):
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x8ff, 0x12)
io_uring_setup(0x194e, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0xfffffffffffffdfe, 0x801)
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0xb55, 0x5, 0x9606a0a, 0x5, 0xb37, 0x3, 0x1, 0x0, 0x0, 0x6, 0x2, 0x6}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x2e}, 0x1, 0x0, 0x0, 0x20000000}, 0x24004080)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x143)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800"/14, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)={0x14, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x1000000, 0x0, 0x24004000}, 0x24040840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x454, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@filter_kind_options=@f_route={{0xa}, {0x40c, 0x2, [@TCA_ROUTE4_POLICE={0x408, 0x5, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x3a3, 0x9, 0x7, 0x5, 0x42d7d4c5, 0x5, 0xfffffffb, 0x0, 0x5, 0x10001, 0x6, 0xfffffffe, 0x4, 0x0, 0x4, 0x1, 0x2, 0xc1ce, 0x1ff, 0xfffffffb, 0x7f, 0x5, 0xffff, 0x1, 0x8, 0x187f, 0x8, 0x100, 0x8, 0xede, 0x7, 0x7, 0x5, 0x3, 0x7, 0xfffffb32, 0x1, 0x6, 0x4, 0x7, 0x5, 0xffff, 0x2, 0x95, 0xfffffffb, 0x8, 0xffffffff, 0x6, 0x7f, 0x6c, 0xfffffffe, 0x8000, 0x4, 0xf, 0x8, 0x792, 0x4, 0x1, 0x0, 0x9, 0x3, 0x7f, 0xe1a, 0x1, 0x9, 0x6, 0x8001, 0x9, 0xa5, 0x7, 0x6, 0x81, 0x3, 0x2, 0x2, 0x6, 0x200, 0x7, 0xa, 0x3, 0x3, 0x9, 0x800, 0x0, 0x146, 0x9, 0x8001, 0xb, 0x2, 0x1ff, 0x7f, 0x9, 0x6, 0x3, 0x57, 0x622, 0x8000, 0x80, 0xc7, 0x609, 0x7, 0x3f, 0x0, 0x401, 0x7, 0xffffff92, 0x332, 0x4, 0x7, 0x4, 0x235e, 0xb03, 0x4, 0x2, 0x6, 0x0, 0x8, 0x5, 0x0, 0x564, 0x200, 0x1ff, 0x4, 0x9, 0x1, 0xcd9, 0x1, 0x10001, 0x2, 0x2, 0x45e9, 0x3, 0x9, 0x1000, 0x7, 0x3, 0x3, 0x7, 0xd, 0x4, 0x80000000, 0x5, 0x19, 0x400, 0xfff, 0x1ff, 0x1000, 0x100, 0x2, 0xc4f6, 0xbeb, 0x8, 0x6, 0x0, 0x9, 0xffffffff, 0x69, 0x40, 0xf2, 0x4, 0x9, 0x4, 0x8001, 0x9, 0x1, 0xc, 0x4, 0xffffffff, 0x1f, 0x5, 0x251b, 0x729e, 0x2, 0x6, 0x800, 0x1, 0x8001, 0xfffff7e6, 0x1e7, 0x8, 0x1, 0x10001, 0x0, 0xffffffff, 0xe8c, 0x8, 0x8, 0x5, 0x0, 0x4, 0x5, 0x3, 0x0, 0x7, 0x6, 0x4, 0x7, 0x3f56, 0x4e, 0x7fffffff, 0x3, 0x5, 0x7fffffff, 0x0, 0x4, 0x7, 0x7, 0x1, 0x2, 0x3, 0x9, 0x8001, 0x5, 0xffffffff, 0x6, 0x2, 0x2, 0x2, 0x40000000, 0x6, 0x2, 0xa28, 0xffff, 0x10000, 0x7, 0x2, 0x5, 0x1, 0x9, 0x3ff, 0x8, 0x1, 0x3ff, 0x81, 0x4, 0x2, 0x8, 0x1, 0x2, 0x8, 0x75f7, 0x800, 0x8, 0x3, 0x7, 0x200000, 0x10, 0xa3, 0xffffffff, 0x800, 0x7fff, 0x3, 0x3, 0x3, 0x3, 0xfffffc01]}]}]}}, @TCA_RATE={0x6, 0x5, {0x8, 0x81}}, @TCA_RATE={0x6, 0x5, {0x1, 0x2}}, @TCA_RATE={0x6, 0x5, {0x6, 0x2}}]}, 0x454}, 0x1, 0x0, 0x0, 0x81}, 0x2000c000)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})
connect$netrom(r2, &(0x7f0000000000)={{0x6, @null}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @bcast]}, 0x48)
connect$netrom(r2, &(0x7f0000000080)={{0x6, @rose}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x8, 0x0}, @default, @bcast]}, 0x10)

3.848121288s ago: executing program 4 (id=1215):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getrlimit(0x6, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = add_key$keyring(&(0x7f0000000100), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f00000002c0)="0000000000000002ff690000001d00010000001800b57f00000200861f4104bfeacdd5a9007d16dcdc2850b5", 0x2c, r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000780)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1802a6cf1d47dd46bdb2e8f100000200000000000000000000008500000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), 0x0}, 0x20)
sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_open_dev$I2C(0x0, 0x0, 0x189802)
r5 = creat(0x0, 0xe5)
r6 = fsopen(&(0x7f00000001c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='v1to_da_alloc', 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff5000/0xa000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ff7000/0x1000)=nil, 0x0, 0x0, r5}, 0x68)

3.33411963s ago: executing program 0 (id=1216):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getrlimit(0x6, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = add_key$keyring(&(0x7f0000000100), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f00000002c0)="0000000000000002ff690000001d00010000001800b57f00000200861f4104bfeacdd5a9007d16dcdc2850b5", 0x2c, r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000780)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1802a6cf1d47dd46bdb2e8f100000200000000000000000000008500000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0xd, 0x0, &(0x7f0000000500)="ba7114d8af50aa3e1c6ed2459d", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), 0x0}, 0x20)
sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_open_dev$I2C(0x0, 0x0, 0x189802)
r5 = creat(0x0, 0xe5)
r6 = fsopen(&(0x7f00000001c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='v1to_da_alloc', 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff5000/0xa000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ff7000/0x1000)=nil, 0x0, 0x0, r5}, 0x68)

3.27393644s ago: executing program 3 (id=1217):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_io_uring_setup(0xa07, &(0x7f0000000200)={0x0, 0xcc72, 0x0, 0x3}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
r5 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x6299, 0x2, 0x1, 0x334}, &(0x7f00000002c0), &(0x7f0000000080))
io_uring_register$IORING_REGISTER_RESTRICTIONS(r5, 0xb, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, 0x0)
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
remap_file_pages(&(0x7f000057a000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x1c0000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x2c, r7, 0x5, 0x0, 0x0, {{}, {@void, @val={0xc, 0x99, {0x8, 0x2f}}}}, [@NL80211_ATTR_MESH_ID={0xa}]}, 0x2c}}, 0x48040)
sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)={0x54, r7, 0x200, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0xfffffffe}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_MAC_HINT={0xa}]}, 0x54}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x7, [{0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x35)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
clock_gettime(0x0, &(0x7f0000000180))
nanosleep(0x0, &(0x7f0000000580))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

2.790347323s ago: executing program 4 (id=1218):
r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r2, 0x0, 0x0, 0x20008000)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
execve(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)={[&(0x7f0000000100)=' ']}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
read$FUSE(r3, &(0x7f0000000940)={0x2020}, 0x2020)
r4 = creat(&(0x7f00000001c0)='./file0\x00', 0x8)
read$FUSE(r4, &(0x7f000000c400)={0x2020}, 0x2020)

2.748877373s ago: executing program 0 (id=1219):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getrlimit(0x6, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = add_key$keyring(&(0x7f0000000100), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f00000002c0)="0000000000000002ff690000001d00010000001800b57f00000200861f4104bfeacdd5a9007d16dcdc2850b5", 0x2c, r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000780)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1802a6cf1d47dd46bdb2e8f100000200000000000000000000008500000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), 0x0}, 0x20)
sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_open_dev$I2C(0x0, 0x0, 0x189802)
r5 = creat(0x0, 0xe5)
r6 = fsopen(&(0x7f00000001c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='v1to_da_alloc', 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff5000/0xa000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ff7000/0x1000)=nil, 0x0, 0x0, r5}, 0x68)

2.323813513s ago: executing program 4 (id=1220):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getrlimit(0x6, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = add_key$keyring(&(0x7f0000000100), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f00000002c0)="0000000000000002ff690000001d00010000001800b57f00000200861f4104bfeacdd5a9007d16dcdc2850b5", 0x2c, r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000780)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0xd, 0x0, &(0x7f0000000500)="ba7114d8af50aa3e1c6ed2459d", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), 0x0}, 0x20)
sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_open_dev$I2C(0x0, 0x0, 0x189802)
r5 = creat(0x0, 0xe5)
r6 = fsopen(&(0x7f00000001c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='v1to_da_alloc', 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff5000/0xa000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ff7000/0x1000)=nil, 0x0, 0x0, r5}, 0x68)

2.320779366s ago: executing program 5 (id=1221):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getrlimit(0x6, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = add_key$keyring(&(0x7f0000000100), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f00000002c0)="0000000000000002ff690000001d00010000001800b57f00000200861f4104bfeacdd5a9007d16dcdc2850b5", 0x2c, r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000780)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1802a6cf1d47dd46bdb2e8f100000200000000000000000000008500000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0xd, 0x0, &(0x7f0000000500)="ba7114d8af50aa3e1c6ed2459d", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), 0x0}, 0x20)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_open_dev$I2C(0x0, 0x0, 0x189802)
r5 = creat(0x0, 0xe5)
r6 = fsopen(&(0x7f00000001c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='v1to_da_alloc', 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff5000/0xa000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ff7000/0x1000)=nil, 0x0, 0x0, r5}, 0x68)

1.733861817s ago: executing program 4 (id=1222):
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x8ff, 0x12)
io_uring_setup(0x194e, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0xfffffffffffffdfe, 0x801)
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0xb55, 0x5, 0x9606a0a, 0x5, 0xb37, 0x3, 0x1, 0x0, 0x0, 0x6, 0x2, 0x6}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x2e}, 0x1, 0x0, 0x0, 0x20000000}, 0x24004080)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x143)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800"/14, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)={0x14, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x1000000, 0x0, 0x24004000}, 0x24040840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x454, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@filter_kind_options=@f_route={{0xa}, {0x40c, 0x2, [@TCA_ROUTE4_POLICE={0x408, 0x5, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x3a3, 0x9, 0x7, 0x5, 0x42d7d4c5, 0x5, 0xfffffffb, 0x0, 0x5, 0x10001, 0x6, 0xfffffffe, 0x4, 0x0, 0x4, 0x1, 0x2, 0xc1ce, 0x1ff, 0xfffffffb, 0x7f, 0x5, 0xffff, 0x1, 0x8, 0x187f, 0x8, 0x100, 0x8, 0xede, 0x7, 0x7, 0x5, 0x3, 0x7, 0xfffffb32, 0x1, 0x6, 0x4, 0x7, 0x5, 0xffff, 0x2, 0x95, 0xfffffffb, 0x8, 0xffffffff, 0x6, 0x7f, 0x6c, 0xfffffffe, 0x8000, 0x4, 0xf, 0x8, 0x792, 0x4, 0x1, 0x0, 0x9, 0x3, 0x7f, 0xe1a, 0x1, 0x9, 0x6, 0x8001, 0x9, 0xa5, 0x7, 0x6, 0x81, 0x3, 0x2, 0x2, 0x6, 0x200, 0x7, 0xa, 0x3, 0x3, 0x9, 0x800, 0x0, 0x146, 0x9, 0x8001, 0xb, 0x2, 0x1ff, 0x7f, 0x9, 0x6, 0x3, 0x57, 0x622, 0x8000, 0x80, 0xc7, 0x609, 0x7, 0x3f, 0x0, 0x401, 0x7, 0xffffff92, 0x332, 0x4, 0x7, 0x4, 0x235e, 0xb03, 0x4, 0x2, 0x6, 0x0, 0x8, 0x5, 0x0, 0x564, 0x200, 0x1ff, 0x4, 0x9, 0x1, 0xcd9, 0x1, 0x10001, 0x2, 0x2, 0x45e9, 0x3, 0x9, 0x1000, 0x7, 0x3, 0x3, 0x7, 0xd, 0x4, 0x80000000, 0x5, 0x19, 0x400, 0xfff, 0x1ff, 0x1000, 0x100, 0x2, 0xc4f6, 0xbeb, 0x8, 0x6, 0x0, 0x9, 0xffffffff, 0x69, 0x40, 0xf2, 0x4, 0x9, 0x4, 0x8001, 0x9, 0x1, 0xc, 0x4, 0xffffffff, 0x1f, 0x5, 0x251b, 0x729e, 0x2, 0x6, 0x800, 0x1, 0x8001, 0xfffff7e6, 0x1e7, 0x8, 0x1, 0x10001, 0x0, 0xffffffff, 0xe8c, 0x8, 0x8, 0x5, 0x0, 0x4, 0x5, 0x3, 0x0, 0x7, 0x6, 0x4, 0x7, 0x3f56, 0x4e, 0x7fffffff, 0x3, 0x5, 0x7fffffff, 0x0, 0x4, 0x7, 0x7, 0x1, 0x2, 0x3, 0x9, 0x8001, 0x5, 0xffffffff, 0x6, 0x2, 0x2, 0x2, 0x40000000, 0x6, 0x2, 0xa28, 0xffff, 0x10000, 0x7, 0x2, 0x5, 0x1, 0x9, 0x3ff, 0x8, 0x1, 0x3ff, 0x81, 0x4, 0x2, 0x8, 0x1, 0x2, 0x8, 0x75f7, 0x800, 0x8, 0x3, 0x7, 0x200000, 0x10, 0xa3, 0xffffffff, 0x800, 0x7fff, 0x3, 0x3, 0x3, 0x3, 0xfffffc01]}]}]}}, @TCA_RATE={0x6, 0x5, {0x8, 0x81}}, @TCA_RATE={0x6, 0x5, {0x1, 0x2}}, @TCA_RATE={0x6, 0x5, {0x6, 0x2}}]}, 0x454}, 0x1, 0x0, 0x0, 0x81}, 0x2000c000)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})
connect$netrom(r2, &(0x7f0000000000)={{0x6, @null}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @bcast]}, 0x48)
connect$netrom(r2, &(0x7f0000000080)={{0x6, @rose}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x8, 0x0}, @default, @bcast]}, 0x10)

1.725393043s ago: executing program 6 (id=1223):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001b00)=""/102392, 0x18ff8)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc)
r2 = socket$inet6(0xa, 0x3, 0x26)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@private1, 0x4e20, 0x0, 0x4e22, 0x0, 0xa}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x24}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@empty, 0x800, 0x33}, 0xa, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0)
ioctl$VT_OPENQRY(0xffffffffffffffff, 0x4b46, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000)
socket$netlink(0x10, 0x3, 0x8)
socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'veth1_vlan\x00'}}, 0x1e)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)

1.395681794s ago: executing program 0 (id=1224):
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000040)={0xc})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x1b00, 0x0, 0x3, 0x80}, &(0x7f0000000180)=<r4=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c000000020603000000"], 0x5c}}, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf)
r6 = fcntl$dupfd(r5, 0x0, r5)
ioctl$TCFLSH(r6, 0x400455c8, 0x2)
ioctl$TIOCSETD(r6, 0x5412, 0x0)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000280)=0x4)
ioctl$TIOCSTI(r5, 0x5412, 0x0)
ioctl$TIOCSTI(r5, 0x5412, 0x0)
syz_io_uring_submit(r4, 0x0, 0x0)
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)

1.294033188s ago: executing program 4 (id=1225):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
process_madvise(r2, &(0x7f0000000080)=[{&(0x7f0000000100)="7f", 0x1}], 0x1, 0x11, 0x0)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc)
r3 = socket$inet6(0xa, 0x3, 0x26)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@private1, 0x4e20, 0x0, 0x4e22, 0x0, 0xa}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x24}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@empty, 0x800, 0x33}, 0xa, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8)
sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0)
ioctl$VT_OPENQRY(0xffffffffffffffff, 0x4b46, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r5, 0x2000)
socket$netlink(0x10, 0x3, 0x8)
socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r5, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'veth1_vlan\x00'}}, 0x1e)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)

120.216822ms ago: executing program 5 (id=1226):
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x8ff, 0x12)
io_uring_setup(0x194e, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0xfffffffffffffdfe, 0x801)
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0xb55, 0x5, 0x9606a0a, 0x5, 0xb37, 0x3, 0x1, 0x0, 0x0, 0x6, 0x2, 0x6}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x2e}, 0x1, 0x0, 0x0, 0x20000000}, 0x24004080)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x143)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800"/14, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)={0x14, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x1000000, 0x0, 0x24004000}, 0x24040840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x454, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@filter_kind_options=@f_route={{0xa}, {0x40c, 0x2, [@TCA_ROUTE4_POLICE={0x408, 0x5, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x3a3, 0x9, 0x7, 0x5, 0x42d7d4c5, 0x5, 0xfffffffb, 0x0, 0x5, 0x10001, 0x6, 0xfffffffe, 0x4, 0x0, 0x4, 0x1, 0x2, 0xc1ce, 0x1ff, 0xfffffffb, 0x7f, 0x5, 0xffff, 0x1, 0x8, 0x187f, 0x8, 0x100, 0x8, 0xede, 0x7, 0x7, 0x5, 0x3, 0x7, 0xfffffb32, 0x1, 0x6, 0x4, 0x7, 0x5, 0xffff, 0x2, 0x95, 0xfffffffb, 0x8, 0xffffffff, 0x6, 0x7f, 0x6c, 0xfffffffe, 0x8000, 0x4, 0xf, 0x8, 0x792, 0x4, 0x1, 0x0, 0x9, 0x3, 0x7f, 0xe1a, 0x1, 0x9, 0x6, 0x8001, 0x9, 0xa5, 0x7, 0x6, 0x81, 0x3, 0x2, 0x2, 0x6, 0x200, 0x7, 0xa, 0x3, 0x3, 0x9, 0x800, 0x0, 0x146, 0x9, 0x8001, 0xb, 0x2, 0x1ff, 0x7f, 0x9, 0x6, 0x3, 0x57, 0x622, 0x8000, 0x80, 0xc7, 0x609, 0x7, 0x3f, 0x0, 0x401, 0x7, 0xffffff92, 0x332, 0x4, 0x7, 0x4, 0x235e, 0xb03, 0x4, 0x2, 0x6, 0x0, 0x8, 0x5, 0x0, 0x564, 0x200, 0x1ff, 0x4, 0x9, 0x1, 0xcd9, 0x1, 0x10001, 0x2, 0x2, 0x45e9, 0x3, 0x9, 0x1000, 0x7, 0x3, 0x3, 0x7, 0xd, 0x4, 0x80000000, 0x5, 0x19, 0x400, 0xfff, 0x1ff, 0x1000, 0x100, 0x2, 0xc4f6, 0xbeb, 0x8, 0x6, 0x0, 0x9, 0xffffffff, 0x69, 0x40, 0xf2, 0x4, 0x9, 0x4, 0x8001, 0x9, 0x1, 0xc, 0x4, 0xffffffff, 0x1f, 0x5, 0x251b, 0x729e, 0x2, 0x6, 0x800, 0x1, 0x8001, 0xfffff7e6, 0x1e7, 0x8, 0x1, 0x10001, 0x0, 0xffffffff, 0xe8c, 0x8, 0x8, 0x5, 0x0, 0x4, 0x5, 0x3, 0x0, 0x7, 0x6, 0x4, 0x7, 0x3f56, 0x4e, 0x7fffffff, 0x3, 0x5, 0x7fffffff, 0x0, 0x4, 0x7, 0x7, 0x1, 0x2, 0x3, 0x9, 0x8001, 0x5, 0xffffffff, 0x6, 0x2, 0x2, 0x2, 0x40000000, 0x6, 0x2, 0xa28, 0xffff, 0x10000, 0x7, 0x2, 0x5, 0x1, 0x9, 0x3ff, 0x8, 0x1, 0x3ff, 0x81, 0x4, 0x2, 0x8, 0x1, 0x2, 0x8, 0x75f7, 0x800, 0x8, 0x3, 0x7, 0x200000, 0x10, 0xa3, 0xffffffff, 0x800, 0x7fff, 0x3, 0x3, 0x3, 0x3, 0xfffffc01]}]}]}}, @TCA_RATE={0x6, 0x5, {0x8, 0x81}}, @TCA_RATE={0x6, 0x5, {0x1, 0x2}}, @TCA_RATE={0x6, 0x5, {0x6, 0x2}}]}, 0x454}, 0x1, 0x0, 0x0, 0x81}, 0x2000c000)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})
connect$netrom(r2, &(0x7f0000000080)={{0x6, @rose}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x8, 0x0}, @default, @bcast]}, 0x10)
chdir(&(0x7f0000000100)='./file0\x00')

14.301317ms ago: executing program 4 (id=1227):
syz_open_dev$vim2m(0x0, 0x20000006, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x5, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xa000, 0x0, 0x0, 0x0, 0x3ff, 0x801}}, {0x0, 0x13}}}, 0xa0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)

0s ago: executing program 3 (id=1228):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getrlimit(0x6, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = add_key$keyring(&(0x7f0000000100), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f00000002c0)="0000000000000002ff690000001d00010000001800b57f00000200861f4104bfeacdd5a9007d16dcdc2850b5", 0x2c, r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000780)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1802a6cf1d47dd46bdb2e8f100000200000000000000000000008500000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xd, 0x0, &(0x7f0000000500)="ba7114d8af50aa3e1c6ed2459d", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), 0x0}, 0x20)
sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_open_dev$I2C(0x0, 0x0, 0x189802)
r5 = creat(0x0, 0xe5)
r6 = fsopen(&(0x7f00000001c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='v1to_da_alloc', 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff5000/0xa000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ff7000/0x1000)=nil, 0x0, 0x0, r5}, 0x68)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.147' (ED25519) to the list of known hosts.
[   67.299043][ T5808] cgroup: Unknown subsys name 'net'
[   67.490378][ T5808] cgroup: Unknown subsys name 'cpuset'
[   67.499434][ T5808] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   68.873490][ T5808] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   71.271871][ T5823] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   71.271951][ T5827] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   71.287553][ T5827] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   71.299811][ T5827] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   71.311680][ T5825] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   71.320180][ T5827] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   71.328846][ T5825] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   71.329550][ T5832] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   71.336864][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   71.351362][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   71.352866][ T5825] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   71.358695][ T5834] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   71.369391][ T5825] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   71.374416][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   71.392428][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   71.397322][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[   71.435526][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   71.437366][ T5834] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   71.443533][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   71.449970][ T5140] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   71.458176][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   71.466907][ T5834] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   71.471473][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[   71.479164][ T5834] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   71.485593][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   71.491457][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   71.510731][ T5827] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   72.082940][ T5818] chnl_net:caif_netlink_parms(): no params data found
[   72.115192][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   72.246315][ T5819] chnl_net:caif_netlink_parms(): no params data found
[   72.329847][ T5828] chnl_net:caif_netlink_parms(): no params data found
[   72.373798][ T5826] chnl_net:caif_netlink_parms(): no params data found
[   72.522027][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.529821][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.537516][ T5818] bridge_slave_0: entered allmulticast mode
[   72.544588][ T5818] bridge_slave_0: entered promiscuous mode
[   72.552747][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.560858][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.568112][ T5830] bridge_slave_0: entered allmulticast mode
[   72.575146][ T5830] bridge_slave_0: entered promiscuous mode
[   72.614088][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.621792][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.630612][ T5818] bridge_slave_1: entered allmulticast mode
[   72.638098][ T5818] bridge_slave_1: entered promiscuous mode
[   72.645147][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.653010][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.660726][ T5830] bridge_slave_1: entered allmulticast mode
[   72.668518][ T5830] bridge_slave_1: entered promiscuous mode
[   72.685132][ T5819] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.692393][ T5819] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.699773][ T5819] bridge_slave_0: entered allmulticast mode
[   72.706780][ T5819] bridge_slave_0: entered promiscuous mode
[   72.765192][ T5819] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.772751][ T5819] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.781899][ T5819] bridge_slave_1: entered allmulticast mode
[   72.788924][ T5819] bridge_slave_1: entered promiscuous mode
[   72.823471][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.830900][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.839110][ T5826] bridge_slave_0: entered allmulticast mode
[   72.846413][ T5826] bridge_slave_0: entered promiscuous mode
[   72.891689][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   72.903661][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   72.917150][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   72.926589][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.934345][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.942211][ T5826] bridge_slave_1: entered allmulticast mode
[   72.949809][ T5826] bridge_slave_1: entered promiscuous mode
[   72.967195][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.974335][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.982000][ T5828] bridge_slave_0: entered allmulticast mode
[   72.989002][ T5828] bridge_slave_0: entered promiscuous mode
[   73.010203][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.060726][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.073371][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.081505][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.089447][ T5828] bridge_slave_1: entered allmulticast mode
[   73.096362][ T5828] bridge_slave_1: entered promiscuous mode
[   73.107036][ T5819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.138489][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.161527][ T5819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.173729][ T5818] team0: Port device team_slave_0 added
[   73.182782][ T5830] team0: Port device team_slave_0 added
[   73.218657][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.255642][ T5818] team0: Port device team_slave_1 added
[   73.264323][ T5830] team0: Port device team_slave_1 added
[   73.285333][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.297928][ T5819] team0: Port device team_slave_0 added
[   73.341527][ T5826] team0: Port device team_slave_0 added
[   73.362098][ T5819] team0: Port device team_slave_1 added
[   73.368955][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.375912][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.402501][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.428827][ T5826] team0: Port device team_slave_1 added
[   73.435401][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.442419][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.469425][ T5832] Bluetooth: hci1: command tx timeout
[   73.475011][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.509996][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.517189][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.543663][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.555830][ T5832] Bluetooth: hci2: command tx timeout
[   73.561423][   T51] Bluetooth: hci4: command tx timeout
[   73.566787][ T5823] Bluetooth: hci3: command tx timeout
[   73.567206][ T5827] Bluetooth: hci0: command tx timeout
[   73.582062][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.589137][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.615129][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.636844][ T5828] team0: Port device team_slave_0 added
[   73.663478][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.670864][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.697030][ T5819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.720584][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.727599][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.753561][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.766319][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.773319][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.799465][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.812111][ T5828] team0: Port device team_slave_1 added
[   73.820952][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.828429][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.854444][ T5819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.933480][ T5818] hsr_slave_0: entered promiscuous mode
[   73.941300][ T5818] hsr_slave_1: entered promiscuous mode
[   73.977943][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.984915][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.011401][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.024292][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.031757][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.058266][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.106573][ T5830] hsr_slave_0: entered promiscuous mode
[   74.112986][ T5830] hsr_slave_1: entered promiscuous mode
[   74.119461][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   74.127879][ T5830] Cannot create hsr debugfs directory
[   74.211827][ T5819] hsr_slave_0: entered promiscuous mode
[   74.219049][ T5819] hsr_slave_1: entered promiscuous mode
[   74.225036][ T5819] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   74.232995][ T5819] Cannot create hsr debugfs directory
[   74.254177][ T5826] hsr_slave_0: entered promiscuous mode
[   74.260856][ T5826] hsr_slave_1: entered promiscuous mode
[   74.267097][ T5826] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   74.274659][ T5826] Cannot create hsr debugfs directory
[   74.412286][ T5828] hsr_slave_0: entered promiscuous mode
[   74.419786][ T5828] hsr_slave_1: entered promiscuous mode
[   74.425792][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   74.433427][ T5828] Cannot create hsr debugfs directory
[   74.849142][ T5818] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   74.880937][ T5818] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   74.898458][ T5818] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   74.918756][ T5818] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   74.936001][ T5819] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   74.948865][ T5819] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   74.970687][ T5819] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   74.990449][ T5819] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   75.054971][ T5830] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   75.065476][ T5830] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   75.086364][ T5830] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   75.098524][ T5830] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   75.225639][ T5826] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   75.259341][ T5826] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   75.286483][ T5826] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   75.323245][ T5826] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   75.385114][ T5819] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.417140][ T5828] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   75.428592][ T5828] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   75.439595][ T5828] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   75.454948][ T5828] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   75.526474][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.537170][ T5827] Bluetooth: hci1: command tx timeout
[   75.539019][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.553408][ T5819] 8021q: adding VLAN 0 to HW filter on device team0
[   75.591841][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.599434][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.617623][ T5832] Bluetooth: hci2: command tx timeout
[   75.621551][ T5818] 8021q: adding VLAN 0 to HW filter on device team0
[   75.623039][ T5832] Bluetooth: hci4: command tx timeout
[   75.629828][ T5823] Bluetooth: hci3: command tx timeout
[   75.640780][ T5827] Bluetooth: hci0: command tx timeout
[   75.645201][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   75.660950][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.668190][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.705115][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.712347][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.741537][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.748680][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.793873][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.801105][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.815025][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.822489][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.918403][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.955995][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.975188][ T5826] 8021q: adding VLAN 0 to HW filter on device team0
[   76.024708][ T1101] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.031911][ T1101] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.072227][ T5828] 8021q: adding VLAN 0 to HW filter on device team0
[   76.091083][ T3577] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.098277][ T3577] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.156292][ T3546] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.163483][ T3546] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.230499][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.237686][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.514628][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.534968][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.558606][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.711703][ T5819] veth0_vlan: entered promiscuous mode
[   76.739817][ T5818] veth0_vlan: entered promiscuous mode
[   76.755318][ T5819] veth1_vlan: entered promiscuous mode
[   76.782787][ T5818] veth1_vlan: entered promiscuous mode
[   76.837488][ T5830] veth0_vlan: entered promiscuous mode
[   76.872668][ T5830] veth1_vlan: entered promiscuous mode
[   76.931612][ T5819] veth0_macvtap: entered promiscuous mode
[   76.952371][ T5818] veth0_macvtap: entered promiscuous mode
[   76.963437][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.971604][ T5819] veth1_macvtap: entered promiscuous mode
[   76.992332][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.000243][ T5818] veth1_macvtap: entered promiscuous mode
[   77.038241][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.082778][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.104311][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.136292][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.149947][ T5818] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.159629][ T5818] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.168776][ T5818] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.177680][ T5818] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.200169][ T5830] veth0_macvtap: entered promiscuous mode
[   77.225005][ T5830] veth1_macvtap: entered promiscuous mode
[   77.270958][ T5819] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.280545][ T5819] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.289863][ T5819] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.299059][ T5819] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.412006][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.474760][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.489039][ T5828] veth0_vlan: entered promiscuous mode
[   77.491024][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.502188][ T5828] veth1_vlan: entered promiscuous mode
[   77.522897][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.551628][ T5830] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.564628][ T5830] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.574022][ T5830] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.582855][ T5830] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.617611][ T5832] Bluetooth: hci1: command tx timeout
[   77.647281][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.655120][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.692794][ T5826] veth0_vlan: entered promiscuous mode
[   77.698723][ T5832] Bluetooth: hci3: command tx timeout
[   77.704159][ T5827] Bluetooth: hci2: command tx timeout
[   77.710098][   T51] Bluetooth: hci4: command tx timeout
[   77.710108][ T5823] Bluetooth: hci0: command tx timeout
[   77.749024][ T5828] veth0_macvtap: entered promiscuous mode
[   77.777707][ T3471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.790149][ T5826] veth1_vlan: entered promiscuous mode
[   77.803331][ T3471] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.834296][ T5828] veth1_macvtap: entered promiscuous mode
[   77.856564][ T5818] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   77.971569][ T5826] veth0_macvtap: entered promiscuous mode
[   77.990951][ T3471] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.013168][ T3471] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.042068][ T5826] veth1_macvtap: entered promiscuous mode
[   78.057214][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   78.255463][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   78.357870][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   78.460178][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   78.460387][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   78.562596][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   78.562787][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   78.665089][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   78.767378][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   78.767625][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   78.775962][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   79.446076][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.678745][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.704602][ T5823] Bluetooth: hci1: command tx timeout
[   79.717142][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.023842][ T5823] Bluetooth: hci0: command tx timeout
[   80.023899][ T5832] Bluetooth: hci3: command tx timeout
[   80.029410][ T5823] Bluetooth: hci4: command tx timeout
[   80.040472][ T5827] Bluetooth: hci2: command tx timeout
[   80.046330][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.150702][ T3546] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.166102][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0
[   80.183328][ T3546] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.213549][ T5828] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.254446][ T5828] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.263356][ T5828] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.272931][ T5828] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.304134][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.682032][ T5826] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.719650][ T5826] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.735819][ T5826] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.745993][ T5826] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.552929][ T3438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.586679][ T3438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.710914][ T3471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.750485][ T3471] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.696469][ T5975] netlink: 104 bytes leftover after parsing attributes in process `syz.3.11'.
[   84.774504][ T5975] input: syz0 as /devices/virtual/input/input5
[   85.130278][ T3471] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.164577][ T3471] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.777632][ T3577] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.785502][ T3577] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.758695][ T5990] xt_l2tp: v2 sid > 0xffff: 262144
[   86.798387][ T1209] cfg80211: failed to load regulatory.db
[   87.439607][ T5989] syz.2.16 uses obsolete (PF_INET,SOCK_PACKET)
[   87.541036][ T6004] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   88.778916][ T5993] tipc: Started in network mode
[   88.783956][ T5993] tipc: Node identity faa1d5e5bd01, cluster identity 4711
[   88.800946][ T5993] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   88.873878][ T6000] syzkaller0: entered promiscuous mode
[   88.880869][ T6000] syzkaller0: entered allmulticast mode
[   88.942075][ T6000] tipc: Resetting bearer <eth:syzkaller0>
[   89.116327][ T5987] tipc: Resetting bearer <eth:syzkaller0>
[   90.021551][ T1209] tipc: Node number set to 1201722853
[   90.057922][ T5987] tipc: Disabling bearer <eth:syzkaller0>
[   90.704877][ T6030] netlink: 'syz.3.24': attribute type 11 has an invalid length.
[   92.057364][ T6043] vlan2: entered promiscuous mode
[   92.062586][ T6043] vlan2: entered allmulticast mode
[   92.068040][ T6043] hsr_slave_1: entered allmulticast mode
[   93.833718][ T6056] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   95.183530][ T6062] ubi31: attaching mtd0
[   95.199435][ T6062] ubi31: scanning is finished
[   95.204307][ T6062] ubi31: empty MTD device detected
[   95.621581][ T6051] mmap: syz.1.29 (6051) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   95.896052][ T6051] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   96.960799][ T6062] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[   97.247127][ T6051] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   97.397289][ T6057] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   99.110177][ T6091] IPVS: set_ctl: invalid protocol: 216 172.20.20.170:20003
[  100.137006][ T5873] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  100.366718][ T5873] usb 4-1: device descriptor read/64, error -71
[  101.268686][ T5873] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  101.430992][ T5931] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  101.496715][ T5873] usb 4-1: device descriptor read/64, error -71
[  101.858035][ T5873] usb usb4-port1: attempt power cycle
[  101.926787][ T5931] usb 1-1: Using ep0 maxpacket: 8
[  101.949063][ T5931] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  102.357101][ T5931] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  102.368441][ T5931] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  102.379494][ T5931] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  102.389862][ T5931] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  102.403205][ T5931] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  102.412727][ T5931] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.660413][ T5931] usb 1-1: usb_control_msg returned -32
[  102.666176][ T5931] usbtmc 1-1:16.0: can't read capabilities
[  102.738722][   T30] audit: type=1800 audit(1751539188.731:2): pid=6115 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.45" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  104.199374][ T6121] usbtmc 1-1:16.0: control status returned 0
[  104.829661][    T9] usb 1-1: USB disconnect, device number 2
[  105.849385][ T6141] futex_wake_op: syz.0.52 tries to shift op by -1; fix this program
[  106.823309][ T6139] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  106.885453][ T6139] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  106.956065][ T6148] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  107.734992][ T6153] Zero length message leads to an empty skb
[  112.810514][ T6199] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  112.862981][   T12] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2
[  113.460796][ T6203] warning: `syz.4.68' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  116.371713][   T30] audit: type=1326 audit(1751539201.831:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6232 comm="syz.0.75" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f286418e929 code=0x0
[  118.108409][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888034cb4400: rx timeout, send abort
[  118.608250][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888057e84800: rx timeout, send abort
[  118.617472][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888034cb4400: abort rx timeout. Force session deactivation
[  119.116562][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888057e84800: abort rx timeout. Force session deactivation
[  119.195910][ T6252] loop7: detected capacity change from 0 to 16384
[  119.515860][    T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  119.844085][    T9] usb 3-1: Using ep0 maxpacket: 8
[  120.620648][    T9] usb 3-1: device descriptor read/all, error -71
[  122.674369][ T6288] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  125.105911][ T6300] =======================================================
[  125.105911][ T6300] WARNING: The mand mount option has been deprecated and
[  125.105911][ T6300]          and is ignored by this kernel. Remove the mand
[  125.105911][ T6300]          option from the mount to silence this warning.
[  125.105911][ T6300] =======================================================
[  126.015836][ T6308] hfsplus: unable to find HFS+ superblock
[  128.347552][ T5904] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  128.506844][ T5904] usb 4-1: Using ep0 maxpacket: 8
[  128.715472][ T5904] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  128.853326][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.871743][ T5904] usb 4-1: Product: syz
[  128.876113][ T5904] usb 4-1: Manufacturer: syz
[  128.890617][ T5904] usb 4-1: SerialNumber: syz
[  129.607885][ T5904] usb 4-1: config 0 descriptor??
[  129.962174][ T5904] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  130.172982][ T6350] capability: warning: `syz.0.107' uses 32-bit capabilities (legacy support in use)
[  132.823617][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  133.550005][ T5904] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  134.019375][ T5904] usb 4-1: USB disconnect, device number 5
[  134.355639][ T6379] block nbd1: NBD_DISCONNECT
[  134.943832][ T6380] nvme_fabrics: missing parameter 'transport=%s'
[  134.988121][ T6380] nvme_fabrics: missing parameter 'nqn=%s'
[  139.886585][    T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  140.304595][ T5827] Bluetooth: hci4: SCO packet for unknown connection handle 0
[  140.317978][    T9] usb 1-1: Using ep0 maxpacket: 32
[  140.351245][    T9] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  140.361062][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.381652][    T9] usb 1-1: Product: syz
[  140.385910][    T9] usb 1-1: Manufacturer: syz
[  141.092315][   T10] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  141.099922][    T9] usb 1-1: SerialNumber: syz
[  141.120735][    T9] usb 1-1: config 0 descriptor??
[  141.133960][    T9] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  141.275346][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  141.291870][   T10] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  141.309915][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  141.324819][   T10] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0
[  141.466012][   T10] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0017, bcdDevice=2f.a3
[  141.492059][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.573526][ T6431] bond_slave_1: entered promiscuous mode
[  141.697142][   T10] usb 4-1: Product: syz
[  141.701857][   T10] usb 4-1: Manufacturer: syz
[  141.707406][   T10] usb 4-1: SerialNumber: syz
[  142.098226][    T9] gspca_stk1135: reg_w 0x0 err -110
[  142.367088][ T6424] bond_slave_1: left promiscuous mode
[  142.582109][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  142.588750][    T9] gspca_stk1135: Sensor write failed
[  142.594188][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  143.327921][   T10] usb 4-1: config 0 descriptor??
[  143.333053][    T9] gspca_stk1135: Sensor write failed
[  143.342467][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  143.348955][    T9] gspca_stk1135: Sensor read failed
[  143.354384][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  143.360834][    T9] gspca_stk1135: Sensor read failed
[  143.366070][    T9] gspca_stk1135: Detected sensor type unknown (0x0)
[  143.373954][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  143.380571][    T9] gspca_stk1135: Sensor read failed
[  143.410572][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  143.449064][   T10] usb 4-1: can't set config #0, error -71
[  143.472204][    T9] gspca_stk1135: Sensor read failed
[  143.507388][   T10] usb 4-1: USB disconnect, device number 6
[  143.513304][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  143.531823][    T9] gspca_stk1135: Sensor write failed
[  143.550594][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  143.674264][    T9] gspca_stk1135: Sensor write failed
[  143.681689][    T9] stk1135 1-1:0.0: probe with driver stk1135 failed with error -110
[  144.786898][ T5904] usb 1-1: USB disconnect, device number 3
[  146.724561][ T5823] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  146.741256][ T5823] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  146.757581][ T5823] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  146.813823][ T5823] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  146.830470][ T5823] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  147.933349][ T6465] tty tty20: ldisc open failed (-12), clearing slot 19
[  148.081402][ T6464] block nbd0: NBD_DISCONNECT
[  148.086483][ T6464] block nbd0: Send disconnect failed -22
[  148.094816][ T6458] block nbd0: Disconnected due to user request.
[  148.115025][ T6458] block nbd0: shutting down sockets
[  148.440706][ T6469] batadv0: entered promiscuous mode
[  148.445952][ T6469] batadv0: entered allmulticast mode
[  148.897741][ T5827] Bluetooth: hci5: command tx timeout
[  150.918368][ T6454] chnl_net:caif_netlink_parms(): no params data found
[  151.143143][ T5827] Bluetooth: hci5: command tx timeout
[  152.007520][ T6497] Cannot find add_set index 0 as target
[  152.312347][ T6495] Process accounting resumed
[  153.229462][ T5827] Bluetooth: hci5: command tx timeout
[  154.375689][ T5819] syz-executor (5819) used greatest stack depth: 19192 bytes left
[  154.393168][ T6520] : entered promiscuous mode
[  154.885922][ T6454] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.907822][ T6454] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.960249][ T6454] bridge_slave_0: entered allmulticast mode
[  154.973225][ T6454] bridge_slave_0: entered promiscuous mode
[  155.007489][ T6454] bridge0: port 2(bridge_slave_1) entered blocking state
[  155.064095][ T6454] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.150935][ T6454] bridge_slave_1: entered allmulticast mode
[  155.348039][ T5827] Bluetooth: hci5: command tx timeout
[  155.349957][ T6454] bridge_slave_1: entered promiscuous mode
[  155.666883][ T6540] netlink: 14 bytes leftover after parsing attributes in process `syz.4.150'.
[  155.680105][ T6454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  157.268171][ T6540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  157.280324][ T6540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  157.291399][ T6540] bond0 (unregistering): Released all slaves
[  157.315240][ T6454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  158.574231][ T6454] team0: Port device team_slave_0 added
[  158.634008][ T6454] team0: Port device team_slave_1 added
[  158.835484][ T6564] bridge1: entered promiscuous mode
[  158.838202][ T6566] netlink: 4 bytes leftover after parsing attributes in process `syz.1.157'.
[  158.871270][ T6564] bridge1: entered allmulticast mode
[  158.985189][ T6564] team0: Port device bridge1 added
[  159.048204][ T6454] batman_adv: batadv0: Adding interface: batadv_slave_0
[  159.077512][ T6454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  159.105207][ T6454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  159.119000][ T6454] batman_adv: batadv0: Adding interface: batadv_slave_1
[  159.125967][ T6454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  159.154065][ T6454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  160.236816][ T6575] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  160.298499][ T6575] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  161.289118][ T6586] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  161.335435][ T6566] team0 (unregistering): Port device team_slave_0 removed
[  161.365653][ T6566] team0 (unregistering): Port device team_slave_1 removed
[  161.384502][ T6566] team0 (unregistering): Port device bridge1 removed
[  162.060064][   T30] audit: type=1326 audit(1751539248.061:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6587 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff26e58e929 code=0x7ffc0000
[  162.093230][ T6588] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.163' sets config #0
[  162.111143][ T6588] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.163' sets config #1
[  162.139824][ T6454] hsr_slave_0: entered promiscuous mode
[  162.147822][ T6454] hsr_slave_1: entered promiscuous mode
[  162.154561][ T6454] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  162.163204][   T30] audit: type=1326 audit(1751539248.061:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6587 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff26e58e929 code=0x7ffc0000
[  162.185426][ T6454] Cannot create hsr debugfs directory
[  162.220738][   T30] audit: type=1326 audit(1751539248.061:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6587 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff26e58e929 code=0x7ffc0000
[  162.374396][   T30] audit: type=1326 audit(1751539248.061:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6587 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff26e58e929 code=0x7ffc0000
[  162.969332][   T30] audit: type=1326 audit(1751539248.061:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6587 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff26e58e929 code=0x7ffc0000
[  163.052164][   T30] audit: type=1326 audit(1751539248.061:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6587 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff26e58e929 code=0x7ffc0000
[  163.169388][   T30] audit: type=1326 audit(1751539248.061:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6587 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff26e58e929 code=0x7ffc0000
[  163.191423][   T30] audit: type=1326 audit(1751539248.061:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6587 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff26e58e929 code=0x7ffc0000
[  163.236729][   T30] audit: type=1326 audit(1751539248.061:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6587 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7ff26e58e929 code=0x7ffc0000
[  163.416837][   T30] audit: type=1326 audit(1751539248.061:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6587 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff26e58e929 code=0x7ffc0000
[  164.067011][    T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  164.277439][    T9] usb 4-1: Using ep0 maxpacket: 8
[  164.294482][    T9] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  164.331236][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.342789][    T9] usb 4-1: Product: syz
[  164.350406][    T9] usb 4-1: Manufacturer: syz
[  164.355390][    T9] usb 4-1: SerialNumber: syz
[  164.438996][ T6611] netlink: 104 bytes leftover after parsing attributes in process `syz.1.170'.
[  164.632497][ T6611] input: syz0 as /devices/virtual/input/input6
[  164.760494][    T9] usb 4-1: config 0 descriptor??
[  166.768534][ T6454] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  166.908295][    T9] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  166.951049][ T6454] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  167.579527][ T6454] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  167.704092][ T6454] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  168.015990][ T6454] 8021q: adding VLAN 0 to HW filter on device bond0
[  168.049740][ T6454] 8021q: adding VLAN 0 to HW filter on device team0
[  168.820730][ T3438] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.827931][ T3438] bridge0: port 1(bridge_slave_0) entered forwarding state
[  168.989099][    T9] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110
[  169.385098][ T3438] bridge0: port 2(bridge_slave_1) entered blocking state
[  169.392309][ T3438] bridge0: port 2(bridge_slave_1) entered forwarding state
[  169.459283][ T5891] usb 4-1: USB disconnect, device number 7
[  171.030500][ T6656] process 'syz.1.179' launched './file0' with NULL argv: empty string added
[  171.341883][ T6658] bridge0: port 3(gretap0) entered blocking state
[  171.348769][ T6658] bridge0: port 3(gretap0) entered disabled state
[  171.357132][ T6658] gretap0: entered allmulticast mode
[  171.367322][ T6658] gretap0: entered promiscuous mode
[  171.374211][ T6658] bridge0: port 3(gretap0) entered blocking state
[  171.381167][ T6658] bridge0: port 3(gretap0) entered forwarding state
[  172.968857][ T6454] 8021q: adding VLAN 0 to HW filter on device batadv0
[  178.023980][ T6698] block device autoloading is deprecated and will be removed.
[  179.938211][ T6706] Device name cannot be null; rc = [-22]
[  180.336908][ T6454] veth0_vlan: entered promiscuous mode
[  180.376409][ T6454] veth1_vlan: entered promiscuous mode
[  180.424522][ T6454] veth0_macvtap: entered promiscuous mode
[  180.448669][ T6454] veth1_macvtap: entered promiscuous mode
[  180.581378][ T6454] batman_adv: batadv0: Interface activated: batadv_slave_0
[  183.975626][ T6454] batman_adv: batadv0: Interface activated: batadv_slave_1
[  183.986607][ T6454] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  183.995418][ T6454] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  184.004643][ T6454] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  184.013474][ T6454] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  184.698510][ T6733] netlink: 8 bytes leftover after parsing attributes in process `syz.4.198'.
[  184.767123][ T3438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.793200][ T3438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  184.949023][ T3438] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.964078][ T3438] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.830062][   T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  186.167567][   T10] usb 4-1: Using ep0 maxpacket: 32
[  187.436740][   T10] usb 4-1: unable to read config index 0 descriptor/start: -71
[  187.581933][   T10] usb 4-1: can't read configurations, error -71
[  190.059348][ T6778] netlink: 8 bytes leftover after parsing attributes in process `syz.5.207'.
[  190.068305][ T6778] netlink: 4 bytes leftover after parsing attributes in process `syz.5.207'.
[  190.573906][ T6762] xt_hashlimit: overflow, rate too high: 0
[  194.297484][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  195.303989][ T6818] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  195.334400][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  195.334415][   T30] audit: type=1326 audit(1751539537.330:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6815 comm="syz.0.217" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f286418e929 code=0x0
[  196.537887][ T5827] Bluetooth: hci4: command 0x0406 tx timeout
[  196.547282][ T5834] Bluetooth: hci3: command 0x0406 tx timeout
[  196.555918][ T5834] Bluetooth: hci1: command 0x0406 tx timeout
[  199.492281][ T6846] evm: overlay not supported
[  200.216740][   T10] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  200.388107][   T10] usb 6-1: config 0 has an invalid interface number: 170 but max is 0
[  200.429206][   T10] usb 6-1: config 0 has no interface number 0
[  200.476753][   T10] usb 6-1: config 0 interface 170 has no altsetting 0
[  200.541017][   T10] usb 6-1: New USB device found, idVendor=c383, idProduct=abd3, bcdDevice=60.bf
[  200.641291][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.794670][   T10] usb 6-1: config 0 descriptor??
[  200.930168][   T10] usb 6-1: bad CDC descriptors
[  201.556724][ T6850] overlayfs: missing 'lowerdir'
[  201.567049][ T6850] overlayfs: missing 'lowerdir'
[  202.007232][    T9] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  202.179205][ T5891] usb 6-1: USB disconnect, device number 2
[  202.316442][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  202.709085][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  202.751681][    T9] usb 4-1: New USB device found, idVendor=28bd, idProduct=0075, bcdDevice= 0.00
[  202.796682][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.987774][    T9] usb 4-1: config 0 descriptor??
[  203.861010][    T9] uclogic 0003:28BD:0075.0001: interface is invalid, ignoring
[  205.011649][   T51] Bluetooth: hci1: unexpected event for opcode 0x2016
[  205.877288][ T6889] ptrace attach of "./syz-executor exec"[6890] was attempted by "./syz-executor exec"[6889]
[  206.682324][ T5904] usb 4-1: USB disconnect, device number 10
[  208.259684][ T6905] o2cb: This node has not been configured.
[  208.265614][ T6905] o2cb: Cluster check failed. Fix errors before retrying.
[  208.272782][ T6905] (syz.4.241,6905,1):user_dlm_register:674 ERROR: status = -22
[  208.280360][ T6905] (syz.4.241,6905,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file0"
[  211.395527][ T6916] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  211.402834][ T6916] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  212.014993][ T6916] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  212.021761][ T6916] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  212.090903][ T6916] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  212.098364][ T6916] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  212.114311][ T6916] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  212.124074][ T6916] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  212.139117][ T6916] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  212.146561][ T6916] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  212.152950][ T6916] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  212.176279][ T6916] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  212.470441][ T6022] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.624558][ T6948] netlink: 4 bytes leftover after parsing attributes in process `syz.0.251'.
[  213.137788][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  214.092007][ T6022] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.102390][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  214.177879][   T51] Bluetooth: hci5: command 0x0c1a tx timeout
[  214.184124][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  214.191118][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  215.226863][ T5823] Bluetooth: hci1: command 0x0406 tx timeout
[  216.278248][ T5823] Bluetooth: hci3: command 0x0406 tx timeout
[  216.284393][ T5823] Bluetooth: hci4: command 0x0406 tx timeout
[  216.290602][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  216.298003][   T51] Bluetooth: hci5: command 0x0c1a tx timeout
[  216.793519][ T6022] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.408313][ T5823] Bluetooth: hci5: command 0x0c1a tx timeout
[  218.418092][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  218.861446][ T6022] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.439710][ T7029] netlink: 12 bytes leftover after parsing attributes in process `syz.0.269'.
[  223.499377][ T6022] bridge_slave_1: left allmulticast mode
[  223.533350][ T6022] bridge_slave_1: left promiscuous mode
[  223.572546][ T6022] bridge0: port 2(bridge_slave_1) entered disabled state
[  223.817188][ T6022] bridge_slave_0: left allmulticast mode
[  223.853447][ T6022] bridge_slave_0: left promiscuous mode
[  223.895370][ T6022] bridge0: port 1(bridge_slave_0) entered disabled state
[  229.171631][ T6022] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  229.261539][ T6022] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  229.363907][ T6022] bond0 (unregistering): Released all slaves
[  230.895610][ T7115] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  231.489512][   T30] audit: type=1326 audit(1751539573.429:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7108 comm="syz.1.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bff38e929 code=0x7fc00000
[  234.292388][ T7135] netlink: 12 bytes leftover after parsing attributes in process `syz.5.287'.
[  239.442600][ T6022] hsr_slave_0: left promiscuous mode
[  239.620541][ T6022] hsr_slave_1: left promiscuous mode
[  239.741262][ T6022] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  239.834694][ T6022] batman_adv: batadv0: Removing interface: batadv_slave_0
[  240.168100][ T6022] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  240.277715][ T6022] batman_adv: batadv0: Removing interface: batadv_slave_1
[  242.301570][ T6022] veth1_macvtap: left promiscuous mode
[  242.405465][ T6022] veth0_macvtap: left promiscuous mode
[  242.673991][ T6022] veth1_vlan: left promiscuous mode
[  242.687894][ T6022] veth0_vlan: left promiscuous mode
[  244.616718][ T6022] team0 (unregistering): Port device team_slave_1 removed
[  244.650662][ T6022] team0 (unregistering): Port device team_slave_0 removed
[  252.562674][ T7282] netlink: 'syz.3.317': attribute type 13 has an invalid length.
[  254.192725][ T7282] bridge0: port 2(bridge_slave_1) entered disabled state
[  254.200929][ T7282] bridge0: port 1(bridge_slave_0) entered disabled state
[  255.859754][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  256.725553][ T7282] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  256.742243][ T7282] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  257.946513][ T7318] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  257.977477][ T7282] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  257.986483][ T7282] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  257.996142][ T7282] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  258.008244][ T7318] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  258.022895][ T7282] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  258.072313][ T7322] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  279.038130][ T7587] overlayfs: failed to clone upperpath
[  300.847469][ T7828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  301.120428][ T7823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  301.205499][ T7828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  302.712733][ T7851] overlayfs: failed to clone upperpath
[  314.473458][ T7976] overlayfs: failed to clone upperpath
[  317.836002][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  325.537493][ T8073] overlayfs: failed to resolve './file0': -2
[  332.530620][ T8155] overlayfs: failed to resolve './file1': -2
[  333.486554][ T8161] overlayfs: failed to clone upperpath
[  337.988807][ T8208] overlayfs: failed to resolve './file1': -2
[  340.473847][ T8229] overlayfs: failed to resolve './file0': -2
[  350.476197][ T8328] Invalid ELF header magic: != ELF
[  352.918646][ T8351] overlayfs: failed to clone upperpath
[  366.712071][ T8473] Invalid ELF header magic: != ELF
[  367.686581][ T8482] overlayfs: failed to resolve './file1': -2
[  368.978088][ T8489] Invalid ELF header magic: != ELF
[  369.610578][ T8492] Invalid ELF header magic: != ELF
[  373.730401][ T8529] Invalid ELF header magic: != ELF
[  375.567250][ T8542] Invalid ELF header magic: != ELF
[  376.633386][ T8541] Invalid ELF header magic: != ELF
[  378.897593][ T8569] Invalid ELF header magic: != ELF
[  379.237279][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  380.211509][ T8580] Invalid ELF header magic: != ELF
[  381.913419][ T8598] Invalid ELF header magic: != ELF
[  382.719496][ T8600] Invalid ELF header magic: != ELF
[  383.898214][ T8609] Invalid ELF header magic: != ELF
[  385.933265][ T8625] Invalid ELF header magic: != ELF
[  388.860073][ T8642] Invalid ELF header magic: != ELF
[  389.812304][ T8652] Invalid ELF header magic: != ELF
[  392.128954][ T8685] Invalid ELF header magic: != ELF
[  393.699700][ T8698] Invalid ELF header magic: != ELF
[  402.214156][ T8724] Invalid ELF header magic: != ELF
[  403.340504][ T8726] Invalid ELF header magic: != ELF
[  406.705212][ T5823] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  406.713942][ T5823] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  406.721962][ T5823] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  406.730223][ T5823] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  406.741231][ T5823] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  407.572997][ T8740] chnl_net:caif_netlink_parms(): no params data found
[  408.840634][   T51] Bluetooth: hci0: command tx timeout
[  408.892541][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.133506][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.586095][ T8791] Invalid ELF header magic: != ELF
[  410.921563][   T51] Bluetooth: hci0: command tx timeout
[  411.076438][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.474159][ T8740] bridge0: port 1(bridge_slave_0) entered blocking state
[  411.486734][ T8740] bridge0: port 1(bridge_slave_0) entered disabled state
[  411.501182][ T8740] bridge_slave_0: entered allmulticast mode
[  411.509419][ T8740] bridge_slave_0: entered promiscuous mode
[  411.778373][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.976725][ T8740] bridge0: port 2(bridge_slave_1) entered blocking state
[  412.040372][ T8740] bridge0: port 2(bridge_slave_1) entered disabled state
[  412.108827][ T8740] bridge_slave_1: entered allmulticast mode
[  412.190371][ T8740] bridge_slave_1: entered promiscuous mode
[  412.459704][ T8740] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  412.596591][ T8740] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  412.845130][ T8740] team0: Port device team_slave_0 added
[  412.909568][ T8740] team0: Port device team_slave_1 added
[  413.001030][   T51] Bluetooth: hci0: command tx timeout
[  413.105173][   T13] bridge_slave_1: left allmulticast mode
[  413.131585][   T13] bridge_slave_1: left promiscuous mode
[  413.181117][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  413.394703][   T13] bridge_slave_0: left allmulticast mode
[  413.425286][   T13] bridge_slave_0: left promiscuous mode
[  413.445137][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  414.195186][ T8822] Invalid ELF header magic: != ELF
[  415.083705][   T51] Bluetooth: hci0: command tx timeout
[  416.417817][ T8848] Invalid ELF header magic: != ELF
[  417.481837][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  417.525864][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  417.564410][   T13] bond0 (unregistering): Released all slaves
[  418.107577][ T8740] batman_adv: batadv0: Adding interface: batadv_slave_0
[  418.218590][ T8740] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  418.244694][    C0] vkms_vblank_simulate: vblank timer overrun
[  418.513252][ T8740] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  418.537760][ T8740] batman_adv: batadv0: Adding interface: batadv_slave_1
[  418.569434][ T8740] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  418.621542][ T8740] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  418.646296][   T13] tipc: Left network mode
[  419.275668][ T8740] hsr_slave_0: entered promiscuous mode
[  419.301901][ T8740] hsr_slave_1: entered promiscuous mode
[  419.324979][ T8740] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  419.362116][ T8880] Invalid ELF header magic: != ELF
[  419.456165][ T8740] Cannot create hsr debugfs directory
[  426.837780][ T8937] Invalid ELF header magic: != ELF
[  426.877767][   T13] hsr_slave_0: left promiscuous mode
[  426.890685][   T13] hsr_slave_1: left promiscuous mode
[  427.535007][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  427.542429][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  427.554309][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  427.561706][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  427.884893][   T13] veth1_macvtap: left promiscuous mode
[  427.890474][   T13] veth0_macvtap: left promiscuous mode
[  427.896622][   T13] veth1_vlan: left promiscuous mode
[  427.901979][   T13] veth0_vlan: left promiscuous mode
[  434.851670][ T8740] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  435.129292][ T8740] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  436.104129][ T8740] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  436.411340][ T8740] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  437.240434][ T9055] netlink: 8 bytes leftover after parsing attributes in process `syz.5.672'.
[  437.893618][ T8740] 8021q: adding VLAN 0 to HW filter on device bond0
[  438.262757][ T8740] 8021q: adding VLAN 0 to HW filter on device team0
[  439.358158][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  439.365389][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  439.461585][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  439.468784][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  440.055363][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  441.677636][ T8740] 8021q: adding VLAN 0 to HW filter on device batadv0
[  442.515858][ T9122] Invalid ELF header magic: != ELF
[  445.144280][ T8740] veth0_vlan: entered promiscuous mode
[  445.262257][ T8740] veth1_vlan: entered promiscuous mode
[  445.371269][ T8740] veth0_macvtap: entered promiscuous mode
[  445.403837][ T8740] veth1_macvtap: entered promiscuous mode
[  446.631831][ T8740] batman_adv: batadv0: Interface activated: batadv_slave_0
[  446.684625][ T8740] batman_adv: batadv0: Interface activated: batadv_slave_1
[  447.028157][ T8740] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  447.227439][ T8740] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  447.266218][ T8740] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  447.286175][ T8740] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  448.213536][ T9171] Invalid ELF header magic: != ELF
[  449.225199][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  449.241665][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  449.289044][ T9180] Invalid ELF header magic: != ELF
[  449.598877][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  449.738377][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  451.974813][ T9209] overlayfs: failed to resolve './file1': -2
[  454.556814][ T3438] Bluetooth: (null): Invalid header checksum
[  454.673578][ T3438] Bluetooth: (null): Invalid header checksum
[  472.789835][ T9410] mkiss: ax0: crc mode is auto.
[  476.887577][ T9458] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  477.104678][ T9458] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  477.733741][ T6928] Bluetooth: (null): Invalid header checksum
[  477.744366][ T6928] Bluetooth: (null): Invalid header checksum
[  477.895771][ T9458] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  477.913139][ T6928] Bluetooth: (null): Invalid header checksum
[  477.939230][ T6928] Bluetooth: (null): Invalid header checksum
[  478.656900][ T6928] Bluetooth: (null): Invalid header checksum
[  483.132591][ T9514] overlayfs: missing 'workdir'
[  483.523731][ T9521] mkiss: ax0: crc mode is auto.
[  486.951266][ T9538] Invalid ELF header magic: != ELF
[  491.133174][ T3577] Bluetooth: (null): Invalid header checksum
[  491.566882][ T3577] Bluetooth: (null): Invalid header checksum
[  491.697856][ T3577] Bluetooth: (null): Invalid header checksum
[  491.704714][ T3577] Bluetooth: (null): Invalid header checksum
[  491.711127][ T3577] Bluetooth: (null): Invalid header checksum
[  493.911235][ T9596] Invalid ELF header magic: != ELF
[  495.567109][ T9610] overlayfs: missing 'lowerdir'
[  501.373341][ T9659] Invalid ELF header magic: != ELF
[  501.498694][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  502.497279][ T9670] overlayfs: failed to clone upperpath
[  506.246884][ T9702] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  506.255976][ T9702] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  517.593397][ T9816] Invalid ELF header magic: != ELF
[  521.147091][ T9855] Invalid ELF header magic: != ELF
[  521.231324][ T9854] mkiss: ax0: crc mode is auto.
[  529.176863][ T9907] Bluetooth: hci0: command 0x0406 tx timeout
[  532.976030][ T9995] Invalid ELF header magic: != ELF
[  534.665087][T10012] tipc: Started in network mode
[  534.670080][T10012] tipc: Node identity ac141425, cluster identity 4711
[  534.680196][T10012] tipc: New replicast peer: 0.0.0.0
[  534.696076][T10012] tipc: Enabled bearer <udp:syz2>, priority 10
[  534.935795][T10012] tipc: New replicast peer: 172.20.20.170
[  536.075769][ T5931] tipc: Node number set to 2886997029
[  540.121092][ T1101] Bluetooth: (null): Too short H5 packet
[  540.378516][ T1101] Bluetooth: (null): Invalid header checksum
[  540.384984][ T1101] Bluetooth: (null): Invalid header checksum
[  540.658804][T10074] Invalid ELF header magic: != ELF
[  544.095077][T10123] tipc: Started in network mode
[  544.101475][T10123] tipc: Node identity ac141425, cluster identity 4711
[  544.139509][T10123] tipc: New replicast peer: 0.0.0.0
[  544.148245][T10123] tipc: Enabled bearer <udp:syz2>, priority 10
[  544.443839][T10120] tipc: New replicast peer: 172.20.20.170
[  545.267523][   T10] tipc: Node number set to 2886997029
[  546.742961][T10150] tipc: Started in network mode
[  546.748122][T10150] tipc: Node identity ac141425, cluster identity 4711
[  546.755046][T10150] tipc: New replicast peer: 0.0.0.0
[  546.760708][T10150] tipc: Enabled bearer <udp:syz2>, priority 10
[  546.769027][T10150] tipc: New replicast peer: 172.20.20.170
[  547.856442][T10168] tipc: Started in network mode
[  547.862321][T10168] tipc: Node identity ac141425, cluster identity 4711
[  547.899734][ T5891] tipc: Node number set to 2886997029
[  547.943958][T10168] tipc: New replicast peer: 0.0.0.0
[  547.979335][T10168] tipc: Enabled bearer <udp:syz2>, priority 10
[  548.002408][T10167] tipc: New replicast peer: 172.20.20.170
[  548.802017][T10174] tipc: Started in network mode
[  548.809730][T10174] tipc: Node identity ac141425, cluster identity 4711
[  548.832722][T10174] tipc: New replicast peer: 0.0.0.0
[  548.847909][T10174] tipc: Enabled bearer <udp:syz2>, priority 10
[  549.086880][ T5931] tipc: Node number set to 2886997029
[  549.973023][   T10] tipc: Node number set to 2886997029
[  550.840993][T10174] tipc: New replicast peer: 172.20.20.170
[  551.061212][T10186] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  552.976230][T10213] Invalid ELF header magic: != ELF
[  554.143474][T10199] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  554.273399][T10224] Invalid ELF header magic: != ELF
[  555.678575][T10239] Invalid ELF header magic: != ELF
[  556.692500][T10246] overlayfs: missing 'lowerdir'
[  557.361210][T10254] Invalid ELF header magic: != ELF
[  558.902925][T10265] Invalid ELF header magic: != ELF
[  562.380419][T10283] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  563.002841][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  563.022965][T10289] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  563.396440][T10300] Invalid ELF header magic: != ELF
[  564.205508][T10310] overlayfs: missing 'lowerdir'
[  566.130135][T10323] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  570.855511][T10369] overlayfs: missing 'lowerdir'
[  573.722807][T10390] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  576.143924][T10416] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  576.242314][T10419] overlayfs: missing 'workdir'
[  578.091801][T10435] Invalid ELF header magic: != ELF
[  579.282719][T10445] Invalid ELF header magic: != ELF
[  582.771847][T10465] mkiss: ax0: crc mode is auto.
[  588.851173][T10477] overlayfs: missing 'workdir'
[  590.011112][T10487] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  591.400713][T10496] overlayfs: failed to resolve './file1': -2
[  593.071560][T10509] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  593.549951][T10502] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  595.619296][T10545] mkiss: ax0: crc mode is auto.
[  597.855695][T10550] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  602.737973][ T3577] Bluetooth: (null): Too short H5 packet
[  602.747380][ T3577] Bluetooth: (null): Invalid header checksum
[  602.754615][ T3577] Bluetooth: (null): Invalid header checksum
[  602.761817][ T3577] Bluetooth: (null): Invalid header checksum
[  602.769577][ T3577] Bluetooth: (null): Invalid header checksum
[  602.776224][ T3577] Bluetooth: (null): Invalid header checksum
[  602.783931][ T3438] Bluetooth: (null): Invalid header checksum
[  605.116702][T10605] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  606.829485][T10620] netlink: 'syz.6.1000': attribute type 10 has an invalid length.
[  606.861754][T10620] 8021q: adding VLAN 0 to HW filter on device batadv0
[  606.890424][T10620] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  607.411815][T10620] syz.6.1000 (10620) used greatest stack depth: 18192 bytes left
[  612.712954][T10664] netlink: 'syz.5.1011': attribute type 10 has an invalid length.
[  612.741921][T10664] 8021q: adding VLAN 0 to HW filter on device batadv0
[  612.762008][T10664] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  613.722184][T10670] mkiss: ax0: crc mode is auto.
[  615.787302][T10675] Invalid ELF header magic: != ELF
[  617.994422][T10695] netlink: 'syz.4.1020': attribute type 10 has an invalid length.
[  618.003362][T10695] batadv0: left promiscuous mode
[  618.008450][T10695] batadv0: left allmulticast mode
[  618.886364][T10686] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  619.600976][T10684] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  621.347954][T10726] Invalid ELF header magic: != ELF
[  623.960780][T10746] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  624.640775][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  627.260654][T10752] netlink: 'syz.4.1034': attribute type 10 has an invalid length.
[  627.270412][T10751] netlink: 'syz.3.1032': attribute type 10 has an invalid length.
[  627.347466][T10751] 8021q: adding VLAN 0 to HW filter on device batadv0
[  627.440997][T10751] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  631.355275][T10786] netlink: 'syz.5.1040': attribute type 10 has an invalid length.
[  632.161644][T10775] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  632.583922][T10793] mkiss: ax0: crc mode is auto.
[  633.867774][T10768] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  635.432849][T10805] netlink: 'syz.4.1045': attribute type 10 has an invalid length.
[  639.822701][T10832] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  639.944816][T10842] netlink: 'syz.6.1056': attribute type 10 has an invalid length.
[  641.325181][T10851] netlink: 'syz.5.1059': attribute type 10 has an invalid length.
[  645.395634][T10885] netlink: 'syz.6.1068': attribute type 10 has an invalid length.
[  648.290242][T10899] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  654.820326][T10942] netlink: 'syz.0.1086': attribute type 10 has an invalid length.
[  654.892707][T10942] 8021q: adding VLAN 0 to HW filter on device batadv0
[  654.905356][T10942] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  655.362288][T10951] netlink: 'syz.5.1087': attribute type 10 has an invalid length.
[  657.493502][T10960] netlink: 'syz.0.1090': attribute type 10 has an invalid length.
[  659.982247][T10985] netlink: 'syz.0.1097': attribute type 10 has an invalid length.
[  663.507317][T11011] overlayfs: failed to clone upperpath
[  664.315675][T11022] netlink: 'syz.4.1106': attribute type 10 has an invalid length.
[  666.125768][T11032] netlink: 'syz.4.1110': attribute type 10 has an invalid length.
[  670.394348][T11063] netlink: 'syz.0.1117': attribute type 10 has an invalid length.
[  672.563045][T11072] mkiss: ax0: crc mode is auto.
[  674.744345][T11082] netlink: 'syz.5.1124': attribute type 10 has an invalid length.
[  677.176572][T11104] netlink: 'syz.3.1130': attribute type 10 has an invalid length.
[  682.134560][T11148] netlink: 'syz.4.1145': attribute type 10 has an invalid length.
[  682.977339][T11157] netlink: 'syz.6.1147': attribute type 10 has an invalid length.
[  684.716038][T11172] netlink: 'syz.3.1153': attribute type 10 has an invalid length.
[  685.914952][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  686.511209][T11180] netlink: 'syz.3.1154': attribute type 10 has an invalid length.
[  691.624681][T11212] netlink: 'syz.4.1164': attribute type 10 has an invalid length.
[  692.664540][T11214] netlink: 'syz.6.1165': attribute type 10 has an invalid length.
[  693.214574][T11220] netlink: 'syz.4.1166': attribute type 10 has an invalid length.
[  694.618152][T11229] mkiss: ax0: crc mode is auto.
[  698.039493][T11251] netlink: 'syz.6.1175': attribute type 10 has an invalid length.
[  699.155094][T11252] netlink: 'syz.4.1176': attribute type 10 has an invalid length.
[  700.300534][T11259] mkiss: ax0: crc mode is auto.
[  705.558237][T11312] netlink: 'syz.0.1190': attribute type 10 has an invalid length.
[  708.572201][T11325] netlink: 'syz.0.1193': attribute type 10 has an invalid length.
[  709.193160][T11328] netlink: 'syz.6.1194': attribute type 10 has an invalid length.
[  711.594024][T11350] mkiss: ax0: crc mode is auto.
[  719.173770][T11396] netlink: 'syz.4.1212': attribute type 10 has an invalid length.
[  719.911084][T11399] overlayfs: failed to resolve './file1': -2
[  721.903474][T11411] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  722.037539][T11408] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  722.048742][T11408] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  722.346803][T11428] page: refcount:3 mapcount:0 mapping:ffff888148d43678 index:0x2 pfn:0x3086a
[  722.397010][T11428] memcg:ffff888140493e80
[  722.401467][T11428] aops:def_blk_aops ino:fa00000
[  722.406463][T11428] flags: 0xfff00000000039(locked|uptodate|dirty|lru|node=0|zone=1|lastcpupid=0x7ff)
[  722.416650][T11428] raw: 00fff00000000039 ffffea0000c21ac8 ffff88801cea9928 ffff888148d43678
[  722.425408][T11428] raw: 0000000000000002 0000000000000000 00000003ffffffff ffff888140493e80
[  722.434287][T11428] page dumped because: VM_BUG_ON_FOLIO(!folio_contains(folio, index))
[  722.442650][T11428] page_owner tracks the page as allocated
[  722.448493][T11428] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 11426, tgid 11425 (syz.6.1223), ts 722343448099, free_ts 722291401540
[  722.769982][T11428]  post_alloc_hook+0x240/0x2a0
[  722.774795][T11428]  get_page_from_freelist+0x21d5/0x22b0
[  723.416636][T11428]  __alloc_frozen_pages_noprof+0x181/0x370
[  723.435897][T11428]  alloc_pages_mpol+0x232/0x4a0
[  723.459610][T11428]  alloc_pages_noprof+0xa9/0x190
[  723.484900][T11428]  folio_alloc_noprof+0x1e/0x30
[  723.501947][T11428]  filemap_alloc_folio_noprof+0xdf/0x470
[  723.551804][T11428]  page_cache_ra_order+0x5e5/0xc70
[  723.584842][T11428]  do_sync_mmap_readahead+0x4b5/0x5f0
[  723.606655][T11428]  filemap_fault+0x62a/0x1200
[  723.611385][T11428]  __do_fault+0x135/0x390
[  723.617094][T11428]  __handle_mm_fault+0x198b/0x5620
[  723.622215][T11428]  handle_mm_fault+0x2d5/0x7f0
[  723.676210][T11428]  do_user_addr_fault+0x764/0x1390
[  723.702835][T11428]  exc_page_fault+0x76/0xf0
[  723.728355][T11428]  asm_exc_page_fault+0x26/0x30
[  723.825517][T11428] page last free pid 11431 tgid 11427 stack trace:
[  723.944437][T11428]  __free_frozen_pages+0xc65/0xe60
[  723.963447][T11428]  __slab_free+0x326/0x400
[  724.314893][T11428]  qlist_free_all+0x97/0x140
[  724.328425][T11428]  kasan_quarantine_reduce+0x148/0x160
[  724.353505][T11428]  __kasan_slab_alloc+0x22/0x80
[  724.413968][T11428]  __kmalloc_noprof+0x224/0x4f0
[  724.524408][T11428]  tomoyo_realpath_from_path+0xe3/0x5d0
[  724.631881][T11428]  tomoyo_path_number_perm+0x1e8/0x5a0
[  724.701849][T11428]  security_file_ioctl+0xcb/0x2d0
[  724.710982][T11428]  __se_sys_ioctl+0x47/0x170
[  724.715775][T11428]  do_syscall_64+0xfa/0x3b0
[  724.725920][T11428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.746486][T11428] ------------[ cut here ]------------
[  724.752223][T11428] kernel BUG at mm/filemap.c:3442!
[  724.760997][T11428] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  724.767278][T11428] CPU: 1 UID: 0 PID: 11428 Comm: syz.6.1223 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  724.779344][T11428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  724.789394][T11428] RIP: 0010:filemap_fault+0x117d/0x1200
[  724.794925][T11428] Code: 38 c1 0f 8c 8e fc ff ff 4c 89 e7 e8 8d 6b 29 00 e9 81 fc ff ff e8 a3 13 c8 ff 48 89 df 48 c7 c6 a0 30 94 8b e8 d4 ae 0d 00 90 <0f> 0b e8 8c 13 c8 ff 48 8b 3c 24 48 c7 c6 20 37 94 8b e8 bc ae 0d
[  724.814520][T11428] RSP: 0018:ffffc9000dcf76e0 EFLAGS: 00010246
[  724.820578][T11428] RAX: eed1b72d270b6500 RBX: ffffea0000c21a80 RCX: 0000000000000000
[  724.828532][T11428] RDX: 0000000000000000 RSI: ffffffff8d96e815 RDI: 00000000ffffffff
[  724.836484][T11428] RBP: ffffc9000dcf7818 R08: ffffffff8f9fdbf7 R09: 1ffffffff1f3fb7e
[  724.844437][T11428] R10: dffffc0000000000 R11: fffffbfff1f3fb7f R12: dffffc0000000000
[  724.852389][T11428] R13: 1ffffd4000184351 R14: ffffea0000c21a98 R15: ffffea0000c21a88
[  724.860342][T11428] FS:  00007f3af2def6c0(0000) GS:ffff888125d84000(0000) knlGS:0000000000000000
[  724.869264][T11428] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  724.875847][T11428] CR2: 000055ea223914b0 CR3: 0000000027990000 CR4: 00000000003526f0
[  724.883806][T11428] Call Trace:
[  724.887072][T11428]  <TASK>
[  724.889989][T11428]  ? __pfx_filemap_fault+0x10/0x10
[  724.895091][T11428]  __do_fault+0x135/0x390
[  724.899404][T11428]  __handle_mm_fault+0x198b/0x5620
[  724.904497][T11428]  ? __pfx___handle_mm_fault+0x10/0x10
[  724.909941][T11428]  ? find_vma+0xe7/0x160
[  724.914164][T11428]  ? __pfx_find_vma+0x10/0x10
[  724.918823][T11428]  handle_mm_fault+0x2d5/0x7f0
[  724.923572][T11428]  do_user_addr_fault+0x764/0x1390
[  724.928666][T11428]  exc_page_fault+0x76/0xf0
[  724.933150][T11428]  asm_exc_page_fault+0x26/0x30
[  724.937977][T11428] RIP: 0010:__put_user_4+0xd/0x20
[  724.942985][T11428] Code: 66 89 01 31 c9 0f 01 ca e9 00 3b 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca e9 d7 3a 03 00 90 90 90 90 90 90 90 90 90 90
[  724.962589][T11428] RSP: 0018:ffffc9000dcf7c98 EFLAGS: 00050202
[  724.968638][T11428] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00002000000016f8
[  724.976595][T11428] RDX: 0000000000000000 RSI: ffffffff8db5a681 RDI: ffffffff8be1b940
[  724.984566][T11428] RBP: ffffc9000dcf7eb0 R08: 0000000000000000 R09: ffffffff820a3bc0
[  724.992518][T11428] R10: dffffc0000000000 R11: ffffed100f1527c1 R12: 00002000000016c0
[  725.000471][T11428] R13: 0000000000040000 R14: 0000200000000480 R15: 0000000000000049
[  725.008424][T11428]  ? __might_fault+0xb0/0x130
[  725.013084][T11428]  __sys_sendmmsg+0x25f/0x430
[  725.017743][T11428]  ? __pfx___sys_sendmmsg+0x10/0x10
[  725.022919][T11428]  ? do_futex+0x333/0x420
[  725.027237][T11428]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  725.033115][T11428]  ? __pfx___se_sys_futex+0x10/0x10
[  725.038296][T11428]  __x64_sys_sendmmsg+0xa0/0xc0
[  725.043128][T11428]  do_syscall_64+0xfa/0x3b0
[  725.047612][T11428]  ? lockdep_hardirqs_on+0x9c/0x150
[  725.052788][T11428]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.058830][T11428]  ? clear_bhb_loop+0x60/0xb0
[  725.063486][T11428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.069355][T11428] RIP: 0033:0x7f3af1f8e929
[  725.073767][T11428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  725.093374][T11428] RSP: 002b:00007f3af2def038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  725.101767][T11428] RAX: ffffffffffffffda RBX: 00007f3af21b6080 RCX: 00007f3af1f8e929
[  725.109718][T11428] RDX: 00000000000002e9 RSI: 0000200000000480 RDI: 0000000000000005
[  725.117671][T11428] RBP: 00007f3af2010b39 R08: 0000000000000000 R09: 0000000000000000
[  725.125629][T11428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  725.133580][T11428] R13: 0000000000000000 R14: 00007f3af21b6080 R15: 00007ffe8c253dd8
[  725.141546][T11428]  </TASK>
[  725.144557][T11428] Modules linked in:
[  725.149040][T11428] ---[ end trace 0000000000000000 ]---
[  725.157050][T11428] RIP: 0010:filemap_fault+0x117d/0x1200
[  725.162780][T11428] Code: 38 c1 0f 8c 8e fc ff ff 4c 89 e7 e8 8d 6b 29 00 e9 81 fc ff ff e8 a3 13 c8 ff 48 89 df 48 c7 c6 a0 30 94 8b e8 d4 ae 0d 00 90 <0f> 0b e8 8c 13 c8 ff 48 8b 3c 24 48 c7 c6 20 37 94 8b e8 bc ae 0d
[  725.302396][T11428] RSP: 0018:ffffc9000dcf76e0 EFLAGS: 00010246
[  725.341129][T11428] RAX: eed1b72d270b6500 RBX: ffffea0000c21a80 RCX: 0000000000000000
[  725.390694][T11428] RDX: 0000000000000000 RSI: ffffffff8d96e815 RDI: 00000000ffffffff
[  725.402991][T11428] RBP: ffffc9000dcf7818 R08: ffffffff8f9fdbf7 R09: 1ffffffff1f3fb7e
[  725.412467][T11428] R10: dffffc0000000000 R11: fffffbfff1f3fb7f R12: dffffc0000000000
[  725.420754][T11428] R13: 1ffffd4000184351 R14: ffffea0000c21a98 R15: ffffea0000c21a88
[  725.430788][T11428] FS:  00007f3af2def6c0(0000) GS:ffff888125d84000(0000) knlGS:0000000000000000
[  725.440302][T11428] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  725.447243][T11428] CR2: 0000001b2fa12ff8 CR3: 0000000027990000 CR4: 00000000003526f0
[  725.461341][T11428] Kernel panic - not syncing: Fatal exception
[  725.467682][T11428] Kernel Offset: disabled
[  725.471996][T11428] Rebooting in 86400 seconds..