last executing test programs:

11.85335184s ago: executing program 1 (id=224):
sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001200)={0x14, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}}, 0x14}}, 0xc881)
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000700)=[{&(0x7f0000000540)}, {0x0}, {&(0x7f0000000400)}, {&(0x7f0000002a00)="398605fb4707631b08cf3dbc0b99af45d3e4c712d89099d35ca856b9231a32d09fb920a7ce8a975bdcf3b81138c1d4394758622aa2fb19291dea54fa15448beb9b6e2c44f5222ce6860146fa7156de8b25f053a3a87ed40e1d547fa4fc53e6b9358db39d0d2fd9a8b1e36aa4bca61949b954454db7ac4244c3f926477a27e4629b43060cf575deef8cf9b44261b1595913d03ddcff4493a37048f6561ef31f81ebc2ccdbd09da99736ecdbb8cd7b6cdc5d4c1bc3afe664ecf15082b47f42ad7ae3f517f85b56af0d8d501f04d90b50778d841c8cd4976884be5e1b762a901be2fa13f69bdf280915626f4c9b481422a8aacd07c57295ba8478d0a27a1379c49f6fd3b73e3a2f7a614e654948354ec03100bdd8fda54b497e17742a507c869d0d0334add10f64ea64b8182b569fd4f8a66e1da543175e44243ab8727f799d819e44a860043501f0c391e79e3c86500a3fa247c25130f2dafeed662d14d18e4098823128b422723726021d694ee224c63cab14acccb46120db22cb6d938bd4db567aeabce50d9803ea2057070df57df9554edb2abc856df001d69791dd851296c256c466ea8a96c6e06541f6b9a881817cf0d598f1be602eace33e1ac1e1db2b20d10b752d76867a4ba0ada4ee3863d4b65187842708af7e78f5a0f8f4ef3b6a334e4c32f31bf28b7ad32978e40e7deb57904aa1a8bd1da5ba053ab511b46a458f68153cc631c121e8678142722d77b7f6fd8640ffe9b22b8945f3620f0a8f386d78276758199f98a5ba651103eb7cdbbf985a332b195a7cbfb4f3c74ff17858986d771d72283559ee7dd8dc5727e6c792596939b69183b0507c8179e9c4facd44c6a8420959940de2cd2a2239ad81d4147d49430145bc4594cf58d68c6815f466f6ccbc7b574bbdfccedadca5545f0e23aedd145ee027c120d574511c51806995c37b201fdeb15476031d920333639dbcb2aa680f685fa5e435e5e6f30c8f3ab709a473a6219808df904de2d767fb25e57416592cd9b9cb3e45c7f51e161dc56ffa5893799ce69f0a71a9e35aa549957e048c283138ae95fbc3ca8096d72dfed71a5d25724667b5dca7e1f3828d2146a2dc84d9ebad96ae1238ea35c2b5dbf29aec147f9b5699c0b9d965f83c1b5a06c5f295b33cf082245703d6dc3c93065fd6d28ef51354236fdf2f008e0f6413200366743c9008e3bad1be1f53f0d1ec85366510a773e50ce4feb6c5caaf38852bce019fa5e755a3122457f87b9ec04b8ed8482b1b52653021feadfaaf766060bc63849c10d3d99b70f7b5405a5642d6fe52cc0fe24960d1eb520774b1d86d5cc00cdc86cd5111b9af41dd3031639274fc1feddb5f8b82a085a7019e33c917d3cbe6cbb670270741732aabfde16eab4351a0cf30fb66c5dda4eb954cd4ea9c1072144b241418e78ce875a10386686c3c0cec436b76b3c8ff8efb3cb983281859aaeeacb34fe4d27413991ac2a2d45eb94118ae51b1507228e14ec0dcd96e2589914322713b884bd411b55ad259e777858e55122588ce2f7cfdf8807bbaeab97f5eef217437b330f9de7419e412437aa9a38918a23b6d522acb21520192806789e283bca50f912611952af118d5d43e70f3a4f569f8bf87ee48cc8a68fb671b9b0a27327c5635ace1f0d5f1744aa0eeb9f929daa10f38093289eecf9298813c096857bb05c573cd102168d4815d76d23aa087b41e9026e51e9b7d6cff6adfe467887a6930dca447c83554ffd82a9bdf0b39c1b28731c773c43e420587a235ceb967007de48fdc8e86fe7960e769266b06a5368f6b43f2ca3b03eb933306bacb09f8be96ab7adf126ee3c3e123ac90b75310b3932059707cdb54a4e6fd990ad0839eb62f077e8a093d662615b5fbef8ceaf88c9bb5ebd86eeade835f3d2dff310c0493e13b56c17dc577c0c201129218b756794d46e77d1ae6d585560d679f65c04b7f0df28ee903003c030c88c3475c5a23cf973c41662ae7cb6f8fe955f02f4536e539a9a6e941ab454ba366a58f6e7a72ddb5278fab581cc01fd58084aeb30fbd5f9e1632171cc304480d2382696dc13fce686379ab7fb20fd82e9f3095fbfe08a2265a06e5c9f743f275e89e2a2b723fd1a5858342d468c6e24eae4e8bfb9b6ebe5ec25b0b62e3bcf4835fdde50bcc0c330f5f2defad79d906ed11bfd6832c1281bd5cbc55ab7a7de01cc596992fc829e599f636fd7f9815e56114ecc3638339dc69034761b2f006ffa1c86c444d21236de72a6e4368ad28fb73ea9f9800ffff43b0b0cdd26557607f87e6a5993b3df847fe58ee1fc00bc1b47a46292aebc3a6032c9c2abaf22d7ff048f8e1c558a6d9fad1be420011e54ffde0e5f7e8d0ee9e4540d3c48c3a3c9c2542e9d1cc76bd9b480ac277d6653ea3c6c75e515e0ecc6a9352eddbc0a53691da04e7c4fe585698d602da848441e7e55749a0a3eaf25044fc7478f5a0bc15dc01f103746f06efa2fd0c1e198dd312c4cd5b704fb9c63699724dfcba3024c53db857994e3d45f5c449606dfb653eecd18c861ce11aef7424c739d5d2fb00cfe1ae874b88911023b3c7a04d83a27347f7e9e086a57b00b7429316769a7ec5b4ed15bd8cb0cbcf9d45ec649bcbbb26f1330b8744fe3afeb522a0517607fcca662788e2dc100b9fa5358eaff4a2980e6943f3b38da171a333fc8ff27937018da4cfa2d727d7e17efb763923860da79546d166eee102b148f75d08014f494c3d770c65b2dcd583d3c97a39fb2bac337618bffc626fe803d97a507c836184f49bdcff66c7daf06a166446b7da396bf5a67abce7e76b8729bfa4d6a5c890c388847eebf1e00de700441620", 0x7df}, {&(0x7f0000003a00)}, {&(0x7f0000000640)="30117876826b04a4cd71f83c68076bbac59d0dc50a1594cd0fe8b96facc716302cfb257ac9d28f9b96b828d6f86a1a23", 0x30}, {&(0x7f0000000680)="726ca31e45f3e88c9cb1e08dff15b0056bd7fecd71b43a60d17820cf5369b94614ee323f80a84d", 0x27}, {&(0x7f00000006c0)="7c3a4ac8166c14ccd19235060177cd99a6a3", 0x12}], 0x8)
syz_genetlink_get_family_id$nl80211(0x0, r0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x418040, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0', [{0x20, 'axA\x9b^\xfb^$\r\'uij\r\xd9\xef\xd2Et^Q\v\x9fOFL\x95`Z\xae\xc3a\xfe%\x94\x1a\xebt\xc6\x06\x8fD,\xf7\xae#\x80\x80\xdf\xa3\xcaO\xc6\x8a\x91\x90\xadR\aW\xe1\xf3n\xca\xa3\x8f\xd6F\x03\x0e\x9b\xe5yb\xfc\xa19wUs\x83\xf1{&\n\x1d\x8e\x82y\x1a.B\x0e\xea\x17\xc7\xe7H\xa9\xd4\x8e\xe7 gD\x89*\xb5c<d\x1f\\\x10$o\x93\x02\x9c@\x9ddt\x8c\x875\xf7@\x9aM\xa3j\xfa\x1f\xe5\x81\xc9u<\xf0?w8P>\xc5\x8a\xe6R\xe5YGq\xf5\xb6\x95\xbc\x112\x9bno\xc8\x06\xb6\b\xcc\x03{Sn\x94G\x01\xb4\xffJQ8t\x99vY\xaaf\xc7,\x9f\xbb\x15G\x1cr\x19\xef\xab\n\xa8\xbc\xbd\xa2E\x16\x1cm\xbd=\x98\x7fU\xcbg\x15%\x95\xb11\x017\x83*\x14\xcbt\xc2\xcb\x04\x1e~?\xb9j\x18\x96\x84EA\xeaB\a\x83\xba\xdco<\x00'/256}]}, 0x10c)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r3, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)

10.553190886s ago: executing program 1 (id=228):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/comedi4\x00', 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0xfad6, 0x800, 0x1, 0x3}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000004880), 0x0, 0x0)
io_uring_enter(r1, 0x133d, 0x0, 0x8, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x1, {0x6, 0x6d4}, 0xf0}, 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYRES32=0x0], 0x50)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, &(0x7f00000000c0)='GPL\x00', 0xed3, 0x0, 0x0, 0x40f00, 0x30, '\x00', 0x0, 0x0, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0x3, 0x5, 0x7}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x10, 0x8}, 0x94)

9.592540834s ago: executing program 0 (id=230):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in={0x2, 0x4e21, @empty}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)='u', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x881)
dup(r0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, 0x0, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x80800)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r4, 0x0, 0x20040880)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002)
socket$kcm(0xa, 0x2, 0x73)
r5 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r5, 0x0, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000000080)=ANY=[@ANYBLOB="09000000000000000a004e220000000400000000000000000000000000000001040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000a004e210000000300000000000000000000ffff7f000001090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e3ffffff000000000000000000000000000000000000000000000000000000000a004e240000026c00000000000000000000ffff000000000100"/387], 0x310)
pipe2(0x0, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r7 = accept4(r6, 0x0, 0x0, 0x80000)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
sendmmsg$unix(r7, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0)

9.562523176s ago: executing program 1 (id=231):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xe6)
prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xcccccccc})
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r3, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000, 0x10000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r3, 0x0, <r4=>0x0, 0x1})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r3, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLL', 0x15})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x1fff})
openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0)
io_submit(0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000480)={&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff}, &(0x7f0000000040)=0x40)
r6 = syz_init_net_socket$ax25(0x3, 0x2, 0xcb)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
bind$ax25(r6, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)

9.043507938s ago: executing program 2 (id=232):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setresuid(0x0, 0xee00, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140), 0x20200, 0x0)
ioctl$IOCTL_GET_NUM_DEVICES(r1, 0x40046104, &(0x7f0000000180))
syz_clone3(&(0x7f0000000380)={0x20080, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0xffffffffffffffff], 0x1}, 0x58)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r3, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x4006, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
connect$rose(0xffffffffffffffff, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
pipe2$9p(&(0x7f0000000240), 0x0)
r4 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
write$binfmt_script(r4, &(0x7f00000003c0)={'#! ', './file0'}, 0xb)

6.878881993s ago: executing program 0 (id=234):
r0 = socket$kcm(0xa, 0x2, 0x3a)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)={0x18, 0x3e, 0x107, 0x70bd2d, 0x25dfdbfc, {0x4, 0x7c}, [@typed={0x4}]}, 0x18}}, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900}, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x203, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
sched_setscheduler(0x0, 0x2, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x13, r2, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

6.701208378s ago: executing program 2 (id=235):
sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001200)={0x24c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x9}, @NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_MATCH={0x195, 0x5b, "894c6442bb5735eb1dd7f34feed08e7fb24d9df1ae6ae3c0dda6569b7a684eec79d056d432daf6c2feb25f7dff576dc3334d808a32676e2b91bd7070c352d9eb9c8f9c5ff735c7100a1096e595f1581e59df1534a32fd14d34d4836a3a685cae002c8d42ff0145e1522848e70dd7751cfee9a420396838f4f22920c4825d65818fec2c0c0b472ca6c53ccadf6bb5acbee17bff6743c6c0653ee37f6a9c551746d8b02e828ea462fe5cea01250a403287e8287a642e87f4e38b4b3fe43dfe3944f38c3864e4b68fe2cf8427d347903d816d722dc1401d8a6fb66b4b3d3dc9e70c86a8bbc40db893b99150954168786222855a90dc7bc9f500944aec3dfe9bea90f473287faab0bc724d88f5de299351033f7dd22e65faf27dc48f3f1ed764c8cefe2449da7de64ce77cf061f5520192ec11770ee2004564cfa5052d6323dd4ec61af050cf803e89b67836daedc5c88b535cb1485d44204193447c044635e055e6518d7295dba9807ebcdd1cc687c7671568bd7dbbd08fbb563c6a8d477933cee0c88fb4e367ebe3a154458666c67900d9ae"}, @NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x1ff}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0xc}, @NL80211_ATTR_FRAME_MATCH={0x7c, 0x5b, "2537861a416172e1b3a4641f689e7128268d1c658d415db2a4a062885a2bced47cb6720eacc6e377961573f48e503a971c116892a4defcf1fdcda062dfbf3e7aabe23f1cbfdad14c8e50ab42677d34e5d1de13e5670d7a948fa03547a566b48a5b0b529334f38f00989ac8f9c4af14aa1d6f7923f034eaa1"}]}, 0x24c}}, 0xc881)
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000700)=[{&(0x7f0000000540)}, {0x0}, {&(0x7f0000000400)}, {&(0x7f0000002a00)="398605fb4707631b08cf3dbc0b99af45d3e4c712d89099d35ca856b9231a32d09fb920a7ce8a975bdcf3b81138c1d4394758622aa2fb19291dea54fa15448beb9b6e2c44f5222ce6860146fa7156de8b25f053a3a87ed40e1d547fa4fc53e6b9358db39d0d2fd9a8b1e36aa4bca61949b954454db7ac4244c3f926477a27e4629b43060cf575deef8cf9b44261b1595913d03ddcff4493a37048f6561ef31f81ebc2ccdbd09da99736ecdbb8cd7b6cdc5d4c1bc3afe664ecf15082b47f42ad7ae3f517f85b56af0d8d501f04d90b50778d841c8cd4976884be5e1b762a901be2fa13f69bdf280915626f4c9b481422a8aacd07c57295ba8478d0a27a1379c49f6fd3b73e3a2f7a614e654948354ec03100bdd8fda54b497e17742a507c869d0d0334add10f64ea64b8182b569fd4f8a66e1da543175e44243ab8727f799d819e44a860043501f0c391e79e3c86500a3fa247c25130f2dafeed662d14d18e4098823128b422723726021d694ee224c63cab14acccb46120db22cb6d938bd4db567aeabce50d9803ea2057070df57df9554edb2abc856df001d69791dd851296c256c466ea8a96c6e06541f6b9a881817cf0d598f1be602eace33e1ac1e1db2b20d10b752d76867a4ba0ada4ee3863d4b65187842708af7e78f5a0f8f4ef3b6a334e4c32f31bf28b7ad32978e40e7deb57904aa1a8bd1da5ba053ab511b46a458f68153cc631c121e8678142722d77b7f6fd8640ffe9b22b8945f3620f0a8f386d78276758199f98a5ba651103eb7cdbbf985a332b195a7cbfb4f3c74ff17858986d771d72283559ee7dd8dc5727e6c792596939b69183b0507c8179e9c4facd44c6a8420959940de2cd2a2239ad81d4147d49430145bc4594cf58d68c6815f466f6ccbc7b574bbdfccedadca5545f0e23aedd145ee027c120d574511c51806995c37b201fdeb15476031d920333639dbcb2aa680f685fa5e435e5e6f30c8f3ab709a473a6219808df904de2d767fb25e57416592cd9b9cb3e45c7f51e161dc56ffa5893799ce69f0a71a9e35aa549957e048c283138ae95fbc3ca8096d72dfed71a5d25724667b5dca7e1f3828d2146a2dc84d9ebad96ae1238ea35c2b5dbf29aec147f9b5699c0b9d965f83c1b5a06c5f295b33cf082245703d6dc3c93065fd6d28ef51354236fdf2f008e0f6413200366743c9008e3bad1be1f53f0d1ec85366510a773e50ce4feb6c5caaf38852bce019fa5e755a3122457f87b9ec04b8ed8482b1b52653021feadfaaf766060bc63849c10d3d99b70f7b5405a5642d6fe52cc0fe24960d1eb520774b1d86d5cc00cdc86cd5111b9af41dd3031639274fc1feddb5f8b82a085a7019e33c917d3cbe6cbb670270741732aabfde16eab4351a0cf30fb66c5dda4eb954cd4ea9c1072144b241418e78ce875a10386686c3c0cec436b76b3c8ff8efb3cb983281859aaeeacb34fe4d27413991ac2a2d45eb94118ae51b1507228e14ec0dcd96e2589914322713b884bd411b55ad259e777858e55122588ce2f7cfdf8807bbaeab97f5eef217437b330f9de7419e412437aa9a38918a23b6d522acb21520192806789e283bca50f912611952af118d5d43e70f3a4f569f8bf87ee48cc8a68fb671b9b0a27327c5635ace1f0d5f1744aa0eeb9f929daa10f38093289eecf9298813c096857bb05c573cd102168d4815d76d23aa087b41e9026e51e9b7d6cff6adfe467887a6930dca447c83554ffd82a9bdf0b39c1b28731c773c43e420587a235ceb967007de48fdc8e86fe7960e769266b06a5368f6b43f2ca3b03eb933306bacb09f8be96ab7adf126ee3c3e123ac90b75310b3932059707cdb54a4e6fd990ad0839eb62f077e8a093d662615b5fbef8ceaf88c9bb5ebd86eeade835f3d2dff310c0493e13b56c17dc577c0c201129218b756794d46e77d1ae6d585560d679f65c04b7f0df28ee903003c030c88c3475c5a23cf973c41662ae7cb6f8fe955f02f4536e539a9a6e941ab454ba366a58f6e7a72ddb5278fab581cc01fd58084aeb30fbd5f9e1632171cc304480d2382696dc13fce686379ab7fb20fd82e9f3095fbfe08a2265a06e5c9f743f275e89e2a2b723fd1a5858342d468c6e24eae4e8bfb9b6ebe5ec25b0b62e3bcf4835fdde50bcc0c330f5f2defad79d906ed11bfd6832c1281bd5cbc55ab7a7de01cc596992fc829e599f636fd7f9815e56114ecc3638339dc69034761b2f006ffa1c86c444d21236de72a6e4368ad28fb73ea9f9800ffff43b0b0cdd26557607f87e6a5993b3df847fe58ee1fc00bc1b47a46292aebc3a6032c9c2abaf22d7ff048f8e1c558a6d9fad1be420011e54ffde0e5f7e8d0ee9e4540d3c48c3a3c9c2542e9d1cc76bd9b480ac277d6653ea3c6c75e515e0ecc6a9352eddbc0a53691da04e7c4fe585698d602da848441e7e55749a0a3eaf25044fc7478f5a0bc15dc01f103746f06efa2fd0c1e198dd312c4cd5b704fb9c63699724dfcba3024c53db857994e3d45f5c449606dfb653eecd18c861ce11aef7424c739d5d2fb00cfe1ae874b88911023b3c7a04d83a27347f7e9e086a57b00b7429316769a7ec5b4ed15bd8cb0cbcf9d45ec649bcbbb26f1330b8744fe3afeb522a0517607fcca662788e2dc100b9fa5358eaff4a2980e6943f3b38da171a333fc8ff27937018da4cfa2d727d7e17efb763923860da79546d166eee102b148f75d08014f494c3d770c65b2dcd583d3c97a39fb2bac337618bffc626fe803d97a507c836184f49bdcff66c7daf06a166446b7da396bf5a67abce7e76b8729bfa4d6a5c890c388847eebf1e00de700441620dc39b5de1f8788846ceb46f4a4b53cd4dca6b3075b39195e683300ffbd3338134f9adda7134de5e41339db47024c0255635f928517284334dfaf09864fdb2e438c2bb38052ad0fa8104eb8e1839019c6d921a6334d99b63a6cd17eb1d0ee4088e7189ab86fe68c973cc40c17ac663e5ba3afbfa72e9fe2e6b76b652909070ae931007f66b575a46c159aa2b39337b127f3eb6c494e128b495fb94a27d039cd1996852976b79aa38931b7c4eb3a65b7d8e03d6be7c0989b45732e5b2650d36c6544336f93b1f96572804f5275d583d20d2ae9c9fe118ad69846e208082341d2c24fd4728044005d917aadf005dc2dbd68725404f35d22256b04e0c930e0cf989ea8630a90d46ed47bccd7d7f5b8eee25c60b0fd41185c24adc655bc126b625085de9f1e896d9adddf25c6855f0d8a9dcc653d759d4c4adebfe8fbfddaa059e5d8573de316c6ff0e9a7e7f53f3799f202bb70420533d678a109913c228e7733216d3f83a33075f5e8395dd2037770688b2d6e3d3cbdc342444eed513495ca12b87bb11aa25e51a716e6dd34d7f197e2bd22207d37b66855752f3602233c3b7ea78c7406e0ebd9509752ae65ec527877b602f0c20a73c6c87b946bd6890bad8aaa43c7c09260db2cba7cdb72c952405f50cb7ba3a6b5e1721ed555d605d147ab961bc1f8c610c7aceca4bd4837aac563d62b5c80b740ee8cf0069a184d283d8a4f78bf962ac89a4f48c5ae6e37b79d72ca19ff8ac56cd4b7a392ea8ac5bc981681c588c5d31b8301b2010363ec0ece6b3cd0940231325499943a600b7ef7572d055a69fa86a44c706c6a75382269944308aa0e7006c9b45ea007b8b6753388fbffd646ce240dbc6ecf7fbdf0866de24470fbd8600956c20bdc6b795dcde6bb01ad84cb48ae718c119377dc91d16965ff68ee74e96c24d284f511d76599c5b48c1b8fdd6882529762d67a0ac41a6c3dd7ec49a6d73bca873cf7646a8972eb367106379c9c5908ec803c37d53d514f7f9334e53fc2337c5f098821332e1369c2fee270c3721f0e102833688f710f494c6a1ac4c2968db7398c42d8396fc53b4796fd3e7df3fc30eb27201b72d8cbf373bb08435f6e0224425ea67bab50c334ee63c71d40f8b5e5033befb88801d81de9c8f9306218a6ebc8ec96202183f6101bea802a17bc1671482db14f19705931d33da43a9ab93058d6a320ba6718463f632e2d8eeab78d5da6fc1b7d753811f411aec20ae62aefb9cff73b34db8f273c82fa926aedc106d3049ffe38c3cf5ea68097c7f15c152d731f68101327aa4bd6f7b374eccca645dc25cc3cdd1706ad23c7b7378bc1d2ac68db486c67b63d52919f6f451bcd4a17a1b06f7655367e00f353c1ae7464c94a1c4b20df199909d32b62280ef5ffe210852375e055661b1fab4c801112edfb2887538547797aa2bd4ab7f3f69ecbb3725717d0dee14e15b24db30d99fe008867b2f966bb8be1fbe4797e2dfec013e1deed510cdb71fe64b313944f2f42c0f7be97572211458e9de32fb97fd4cb2938297e98a5915378693ebb83f205ecbadf0cf50e48244b57569896bc12a663c0b581ca981f68df189ecfe3a23d482d09b01462054a9f05f83ae4ba1aa3744ad0b94662cb82083e98b78de597cfcb266d1f036b6c98da6e3442c6b5d385e231fbd2c969e37bc2955b5a13e019f06d836cd3700a2ad5c3e5938c4a262fc79d8e59f5e058c7aab82a583cab34d6006b1d8bc6a0d9bd9cdaffb30454cbf4f14669bd133ad63dee98abbb6a63391acb1673df5c06f31a1887c7caffd0c427680ffe7b705dbfea29ff524d950efb12a43d9d66077e09941f35497ac100f8bec935269a5981444335ae80c9334b540cb3032e82475e3de6d93e1e9011de860286bff2b4d005cecf8a8a90b68dd73f89d434a751b6ef530adb8ddab33da47642813083d0a71ff81c2e53a724234a1c41b46605d1d2e9c4294e9b043febd3be47794a9925cf95279df4f31717d048de7303e3e65387950f5f51a229c29ed7a9d027e9e2e273904b892de7e3de9d7499e387c07cfb2c3b901d143639bda189771e478f583aea2117064643392da5805bd4f1d273b939bfa05002ef93b98f793e2f787b48ee9299a579abd59ebf01aae553ccf2928eea865a3e5df1c055f7316afc9fa7e32a25283cbf56f59ede6823a88b6ef3d1d127d938f85691b58f90269e6a57c00ae77db93e691a647bb77bb454ba5d3da9ffe475dc65124f379a9c5ead8c1ba9030092dc81a3d73e9429bfcd1b0623a9adfddd5759541704053373d89f237063005ad41df723e9ccdbf0757b5783ec7f410c386a095ed7ba45a308acc83a308479e7b0b04ad0f4b09978e2ff680d76cc0b80d466ec49bf3a81a4fb00025e57df1d1e8d062da4e0a52a92f14a5babe60494c1ef78ae93bd694f4a672420bc99fb81327cf6d3bf75e34ec88d853ba4566489085f4c3661955c4b64026fab0f494ca32cffac7b225831885b376500fdfaaed867e1fe064e540a19e185b78e7b360eee75484479c600f35d2a69e74b6b6a1314c69a3f5302734c992b188e536018fd4dd7b170a0d3b070f9f22ad50caec5754bd1885766db340a27700c47b95600c6facd3abab3bb0dbe0a920dc57968a28f886f1785e6aa3b9ef9840a83f4831622252e5b9d41834369419a426eeb33610dd907d8dda2166923379cf17e3a20b913199a9d8cad3efd687378ee6cb97b4d6f16c145ee97140f1350bb476901febd6970eb86932676d44ff11f8c2a89d692ff20c40de0010932cb686837779cdcdc69d54bd1d794cce7648d72948375e5229fcd542c4110124a8a132aac3bccb4fee", 0xfbe}, {&(0x7f0000003a00)}, {&(0x7f0000000640)="30117876826b04a4cd71f83c68076bbac59d0dc50a1594cd0fe8b96facc716302cfb257ac9d28f9b96b828d6f86a1a23", 0x30}, {&(0x7f0000000680)="726ca31e45f3e88c9cb1e08dff15b0056bd7fecd71b43a60d17820cf5369b94614ee323f80a84d9ceb5cbf18929e4aa5ba5910", 0x33}, {&(0x7f00000006c0)="7c3a4ac8166c14ccd19235060177cd99a6a3", 0x12}], 0x8)
syz_genetlink_get_family_id$nl80211(0x0, r0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x418040, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0', [{0x20, 'axA\x9b^\xfb^$\r\'uij\r\xd9\xef\xd2Et^Q\v\x9fOFL\x95`Z\xae\xc3a\xfe%\x94\x1a\xebt\xc6\x06\x8fD,\xf7\xae#\x80\x80\xdf\xa3\xcaO\xc6\x8a\x91\x90\xadR\aW\xe1\xf3n\xca\xa3\x8f\xd6F\x03\x0e\x9b\xe5yb\xfc\xa19wUs\x83\xf1{&\n\x1d\x8e\x82y\x1a.B\x0e\xea\x17\xc7\xe7H\xa9\xd4\x8e\xe7 gD\x89*\xb5c<d\x1f\\\x10$o\x93\x02\x9c@\x9ddt\x8c\x875\xf7@\x9aM\xa3j\xfa\x1f\xe5\x81\xc9u<\xf0?w8P>\xc5\x8a\xe6R\xe5YGq\xf5\xb6\x95\xbc\x112\x9bno\xc8\x06\xb6\b\xcc\x03{Sn\x94G\x01\xb4\xffJQ8t\x99vY\xaaf\xc7,\x9f\xbb\x15G\x1cr\x19\xef\xab\n\xa8\xbc\xbd\xa2E\x16\x1cm\xbd=\x98\x7fU\xcbg\x15%\x95\xb11\x017\x83*\x14\xcbt\xc2\xcb\x04\x1e~?\xb9j\x18\x96\x84EA\xeaB\a\x83\xba\xdco<\x00'/256}]}, 0x10c)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r3, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)

6.55288014s ago: executing program 3 (id=236):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x189802)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e)
socket(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x498, 0x0, &(0x7f0000000340), &(0x7f0000000040))
io_uring_enter(r3, 0x627, 0x4c1, 0x43, 0x0, 0x0)
semctl$IPC_RMID(0x0, 0x0, 0x0)
open$dir(0x0, 0x200200, 0x15)

5.725940757s ago: executing program 2 (id=237):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040), 0x0)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)='u', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x881)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @thr={&(0x7f00000005c0)="6144de9d1e3bde2f6310d84e651b89acecac569503d977ee47eebe32b8a8c5e93677e58d04908ab9fa25c2d0f9d79a7dea24a3b34a97226698c9bcfe857455baa449b6613a63579951142e3985f4ab36f9b3a16d50fd6a089121c7597d784e64", &(0x7f0000000940)="665dad733597bd0055eb9165029b1652d08a61ef9b73a5f1af1168f924ec4353b8452a47b78d033e1cfe134d0cffcf1e8c57563ac61e6dff1e8c246d3102aa05e2c0741ec8ac109817c121f02067dc1e8389c8a740b59758b43f1061a096458b1287b921fc81aba387fc7f93beae73841c0af9e44dc2e32a75d7438b10264632241f458fe742cf4aaec2a7e7032bf54b433d3b96c67f4e25b1c4bb019df4bf86"}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x310)
pipe2(0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x80000)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
sendmmsg$unix(r3, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0)

5.673300841s ago: executing program 1 (id=238):
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x4)
ioctl$SNDCTL_DSP_POST(r3, 0x5008, 0x0)
ioctl$TCFLSH(r0, 0x400455c8, 0x4)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r5, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)

4.629117946s ago: executing program 2 (id=239):
sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001200)={0x14, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}}, 0x14}}, 0xc881)
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000700)=[{&(0x7f0000000540)}, {0x0}, {&(0x7f0000000400)}, {&(0x7f0000002a00)="398605fb4707631b08cf3dbc0b99af45d3e4c712d89099d35ca856b9231a32d09fb920a7ce8a975bdcf3b81138c1d4394758622aa2fb19291dea54fa15448beb9b6e2c44f5222ce6860146fa7156de8b25f053a3a87ed40e1d547fa4fc53e6b9358db39d0d2fd9a8b1e36aa4bca61949b954454db7ac4244c3f926477a27e4629b43060cf575deef8cf9b44261b1595913d03ddcff4493a37048f6561ef31f81ebc2ccdbd09da99736ecdbb8cd7b6cdc5d4c1bc3afe664ecf15082b47f42ad7ae3f517f85b56af0d8d501f04d90b50778d841c8cd4976884be5e1b762a901be2fa13f69bdf280915626f4c9b481422a8aacd07c57295ba8478d0a27a1379c49f6fd3b73e3a2f7a614e654948354ec03100bdd8fda54b497e17742a507c869d0d0334add10f64ea64b8182b569fd4f8a66e1da543175e44243ab8727f799d819e44a860043501f0c391e79e3c86500a3fa247c25130f2dafeed662d14d18e4098823128b422723726021d694ee224c63cab14acccb46120db22cb6d938bd4db567aeabce50d9803ea2057070df57df9554edb2abc856df001d69791dd851296c256c466ea8a96c6e06541f6b9a881817cf0d598f1be602eace33e1ac1e1db2b20d10b752d76867a4ba0ada4ee3863d4b65187842708af7e78f5a0f8f4ef3b6a334e4c32f31bf28b7ad32978e40e7deb57904aa1a8bd1da5ba053ab511b46a458f68153cc631c121e8678142722d77b7f6fd8640ffe9b22b8945f3620f0a8f386d78276758199f98a5ba651103eb7cdbbf985a332b195a7cbfb4f3c74ff17858986d771d72283559ee7dd8dc5727e6c792596939b69183b0507c8179e9c4facd44c6a8420959940de2cd2a2239ad81d4147d49430145bc4594cf58d68c6815f466f6ccbc7b574bbdfccedadca5545f0e23aedd145ee027c120d574511c51806995c37b201fdeb15476031d920333639dbcb2aa680f685fa5e435e5e6f30c8f3ab709a473a6219808df904de2d767fb25e57416592cd9b9cb3e45c7f51e161dc56ffa5893799ce69f0a71a9e35aa549957e048c283138ae95fbc3ca8096d72dfed71a5d25724667b5dca7e1f3828d2146a2dc84d9ebad96ae1238ea35c2b5dbf29aec147f9b5699c0b9d965f83c1b5a06c5f295b33cf082245703d6dc3c93065fd6d28ef51354236fdf2f008e0f6413200366743c9008e3bad1be1f53f0d1ec85366510a773e50ce4feb6c5caaf38852bce019fa5e755a3122457f87b9ec04b8ed8482b1b52653021feadfaaf766060bc63849c10d3d99b70f7b5405a5642d6fe52cc0fe24960d1eb520774b1d86d5cc00cdc86cd5111b9af41dd3031639274fc1feddb5f8b82a085a7019e33c917d3cbe6cbb670270741732aabfde16eab4351a0cf30fb66c5dda4eb954cd4ea9c1072144b241418e78ce875a10386686c3c0cec436b76b3c8ff8efb3cb983281859aaeeacb34fe4d27413991ac2a2d45eb94118ae51b1507228e14ec0dcd96e2589914322713b884bd411b55ad259e777858e55122588ce2f7cfdf8807bbaeab97f5eef217437b330f9de7419e412437aa9a38918a23b6d522acb21520192806789e283bca50f912611952af118d5d43e70f3a4f569f8bf87ee48cc8a68fb671b9b0a27327c5635ace1f0d5f1744aa0eeb9f929daa10f38093289eecf9298813c096857bb05c573cd102168d4815d76d23aa087b41e9026e51e9b7d6cff6adfe467887a6930dca447c83554ffd82a9bdf0b39c1b28731c773c43e420587a235ceb967007de48fdc8e86fe7960e769266b06a5368f6b43f2ca3b03eb933306bacb09f8be96ab7adf126ee3c3e123ac90b75310b3932059707cdb54a4e6fd990ad0839eb62f077e8a093d662615b5fbef8ceaf88c9bb5ebd86eeade835f3d2dff310c0493e13b56c17dc577c0c201129218b756794d46e77d1ae6d585560d679f65c04b7f0df28ee903003c030c88c3475c5a23cf973c41662ae7cb6f8fe955f02f4536e539a9a6e941ab454ba366a58f6e7a72ddb5278fab581cc01fd58084aeb30fbd5f9e1632171cc304480d2382696dc13fce686379ab7fb20fd82e9f3095fbfe08a2265a06e5c9f743f275e89e2a2b723fd1a5858342d468c6e24eae4e8bfb9b6ebe5ec25b0b62e3bcf4835fdde50bcc0c330f5f2defad79d906ed11bfd6832c1281bd5cbc55ab7a7de01cc596992fc829e599f636fd7f9815e56114ecc3638339dc69034761b2f006ffa1c86c444d21236de72a6e4368ad28fb73ea9f9800ffff43b0b0cdd26557607f87e6a5993b3df847fe58ee1fc00bc1b47a46292aebc3a6032c9c2abaf22d7ff048f8e1c558a6d9fad1be420011e54ffde0e5f7e8d0ee9e4540d3c48c3a3c9c2542e9d1cc76bd9b480ac277d6653ea3c6c75e515e0ecc6a9352eddbc0a53691da04e7c4fe585698d602da848441e7e55749a0a3eaf25044fc7478f5a0bc15dc01f103746f06efa2fd0c1e198dd312c4cd5b704fb9c63699724dfcba3024c53db857994e3d45f5c449606dfb653eecd18c861ce11aef7424c739d5d2fb00cfe1ae874b88911023b3c7a04d83a27347f7e9e086a57b00b7429316769a7ec5b4ed15bd8cb0cbcf9d45ec649bcbbb26f1330b8744fe3afeb522a0517607fcca662788e2dc100b9fa5358eaff4a2980e6943f3b38da171a333fc8ff27937018da4cfa2d727d7e17efb763923860da79546d166eee102b148f75d08014f494c3d770c65b2dcd583d3c97a39fb2bac337618bffc626fe803d97a507c836184f49bdcff66c7daf06a166446b7da396bf5a67abce7e76b8729bfa4d6a5c890c388847eebf1e00de700441620", 0x7df}, {&(0x7f0000003a00)}, {&(0x7f0000000640)="30117876826b04a4cd71f83c68076bbac59d0dc50a1594cd0fe8b96facc716302cfb257ac9d28f9b96b828d6f86a1a23", 0x30}, {&(0x7f0000000680)="726ca31e45f3e88c9cb1e08dff15b0056bd7fecd71b43a60d17820cf5369b94614ee323f80a84d", 0x27}, {&(0x7f00000006c0)="7c3a4ac8166c14ccd19235060177cd99a6a3", 0x12}], 0x8)
syz_genetlink_get_family_id$nl80211(0x0, r0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x418040, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0', [{0x20, 'axA\x9b^\xfb^$\r\'uij\r\xd9\xef\xd2Et^Q\v\x9fOFL\x95`Z\xae\xc3a\xfe%\x94\x1a\xebt\xc6\x06\x8fD,\xf7\xae#\x80\x80\xdf\xa3\xcaO\xc6\x8a\x91\x90\xadR\aW\xe1\xf3n\xca\xa3\x8f\xd6F\x03\x0e\x9b\xe5yb\xfc\xa19wUs\x83\xf1{&\n\x1d\x8e\x82y\x1a.B\x0e\xea\x17\xc7\xe7H\xa9\xd4\x8e\xe7 gD\x89*\xb5c<d\x1f\\\x10$o\x93\x02\x9c@\x9ddt\x8c\x875\xf7@\x9aM\xa3j\xfa\x1f\xe5\x81\xc9u<\xf0?w8P>\xc5\x8a\xe6R\xe5YGq\xf5\xb6\x95\xbc\x112\x9bno\xc8\x06\xb6\b\xcc\x03{Sn\x94G\x01\xb4\xffJQ8t\x99vY\xaaf\xc7,\x9f\xbb\x15G\x1cr\x19\xef\xab\n\xa8\xbc\xbd\xa2E\x16\x1cm\xbd=\x98\x7fU\xcbg\x15%\x95\xb11\x017\x83*\x14\xcbt\xc2\xcb\x04\x1e~?\xb9j\x18\x96\x84EA\xeaB\a\x83\xba\xdco<\x00'/256}]}, 0x10c)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r3, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)

4.379983356s ago: executing program 3 (id=240):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038014000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a300000000014000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x24040089}, 0x20008000)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1)
mkdir(0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r1, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
r2 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0x5}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r6, {0x0, 0xfff2}, {}, {0xa, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)
syz_emit_ethernet(0x22, 0x0, 0x0)

4.262347505s ago: executing program 3 (id=241):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/comedi4\x00', 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0xfad6, 0x800, 0x1, 0x3}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000004880), 0x0, 0x0)
io_uring_enter(r1, 0x133d, 0x0, 0x8, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x1, {0x6, 0x6d4}, 0xf0}, 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYRES32=0x0], 0x50)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, &(0x7f00000000c0)='GPL\x00', 0xed3, 0x0, 0x0, 0x40f00, 0x30, '\x00', 0x0, 0x0, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0x3, 0x5, 0x7}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x10, 0x8}, 0x94)

3.518597085s ago: executing program 2 (id=242):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=ANY=[@ANYBLOB=',\x00\x00', @ANYRES16=r1, @ANYBLOB], 0x2c}}, 0x20000000)
syz_open_dev$ttys(0xc, 0x2, 0x1)
syz_open_dev$vim2m(&(0x7f00000000c0), 0xfffffffffffff630, 0x2)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x8200, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000100)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94)
ioctl$SNDRV_PCM_IOCTL_XRUN(0xffffffffffffffff, 0x4148, 0x0)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000240), 0x2400, 0x0)
read$msr(r2, &(0x7f0000000300)=""/136, 0x88)
ioctl$SNDRV_PCM_IOCTL_DROP(r2, 0x4143, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0xfffb}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd502000000090001007379"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff)
readv(r5, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/214, 0xd6}], 0x1)
sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001e0001eb25"], 0x114}], 0x1}, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
socket$inet6_udp(0xa, 0x2, 0x0)

3.301873783s ago: executing program 1 (id=243):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in={0x2, 0x4e21, @empty}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)='u', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x881)
dup(r0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, 0x0, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x80800)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r4, 0x0, 0x20040880)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002)
socket$kcm(0xa, 0x2, 0x73)
r5 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r5, 0x0, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000000080)=ANY=[@ANYBLOB="09000000000000000a004e220000000400000000000000000000000000000001040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000a004e210000000300000000000000000000ffff7f000001090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e3ffffff000000000000000000000000000000000000000000000000000000000a004e240000026c00000000000000000000ffff000000000100"/387], 0x310)
pipe2(0x0, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r7 = accept4(r6, 0x0, 0x0, 0x80000)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
sendmmsg$unix(r7, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0)

3.182452063s ago: executing program 3 (id=244):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r2, &(0x7f0000000380)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x3, 0x4}}, 0x10, 0x0}, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x6c, 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1, 0x5d032, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000002680)="1e", 0x1}], 0x1)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000340)={0x0, 0x3cf9}, &(0x7f00000003c0)=0x8)
close(0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd', @ANYRESHEX=r4, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67936f75705f69643d0d097af626af47007bdbf2e62e25139f0458d030b3c7cf0b7e27df2b96db071db6df0f7c5affaf6224f62e0ddabbe2c2c3d67ddcbecdeef457333b2989c596eb4c6b93691fa400703368dfccfb2e532063960bce8e4fee3b06dce4c1563f28718b78b262a90e041d2c6656b7219a87172e8c38be825e24bfd237ee8a6361d3506d973e40d8f63880aa2d63c5357a0defadf03be8deab95d5b8bfb2e270506538473cd7ef208452ee5ce60ba7370cd803a11c1970b0d1b9df152f211142e341c047113ffe834f3d3bb469b81471c2c002fbce706d356206c4360aeb66a07ff1210912677b54ac18265d87fa32a85ae625127850cf8d8a3243d16035515c5558c8e2415b796df7cec57cd45b26c8cbc8edcea829f719f3805ced1b98b385a6588f8e9142cc1e8643042a0d93bb44065e3dea1a89c1c9b2cbabdb08d4da7529a4f6791b0e417de32804f407b9fb", @ANYRESDEC=0x0])
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)

3.142628636s ago: executing program 0 (id=245):
sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001200)={0x24c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x9}, @NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_MATCH={0x195, 0x5b, "894c6442bb5735eb1dd7f34feed08e7fb24d9df1ae6ae3c0dda6569b7a684eec79d056d432daf6c2feb25f7dff576dc3334d808a32676e2b91bd7070c352d9eb9c8f9c5ff735c7100a1096e595f1581e59df1534a32fd14d34d4836a3a685cae002c8d42ff0145e1522848e70dd7751cfee9a420396838f4f22920c4825d65818fec2c0c0b472ca6c53ccadf6bb5acbee17bff6743c6c0653ee37f6a9c551746d8b02e828ea462fe5cea01250a403287e8287a642e87f4e38b4b3fe43dfe3944f38c3864e4b68fe2cf8427d347903d816d722dc1401d8a6fb66b4b3d3dc9e70c86a8bbc40db893b99150954168786222855a90dc7bc9f500944aec3dfe9bea90f473287faab0bc724d88f5de299351033f7dd22e65faf27dc48f3f1ed764c8cefe2449da7de64ce77cf061f5520192ec11770ee2004564cfa5052d6323dd4ec61af050cf803e89b67836daedc5c88b535cb1485d44204193447c044635e055e6518d7295dba9807ebcdd1cc687c7671568bd7dbbd08fbb563c6a8d477933cee0c88fb4e367ebe3a154458666c67900d9ae"}, @NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x1ff}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0xc}, @NL80211_ATTR_FRAME_MATCH={0x7c, 0x5b, "2537861a416172e1b3a4641f689e7128268d1c658d415db2a4a062885a2bced47cb6720eacc6e377961573f48e503a971c116892a4defcf1fdcda062dfbf3e7aabe23f1cbfdad14c8e50ab42677d34e5d1de13e5670d7a948fa03547a566b48a5b0b529334f38f00989ac8f9c4af14aa1d6f7923f034eaa1"}]}, 0x24c}}, 0xc881)
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000700)=[{&(0x7f0000000540)}, {0x0}, {&(0x7f0000000400)}, {&(0x7f0000002a00)="398605fb4707631b08cf3dbc0b99af45d3e4c712d89099d35ca856b9231a32d09fb920a7ce8a975bdcf3b81138c1d4394758622aa2fb19291dea54fa15448beb9b6e2c44f5222ce6860146fa7156de8b25f053a3a87ed40e1d547fa4fc53e6b9358db39d0d2fd9a8b1e36aa4bca61949b954454db7ac4244c3f926477a27e4629b43060cf575deef8cf9b44261b1595913d03ddcff4493a37048f6561ef31f81ebc2ccdbd09da99736ecdbb8cd7b6cdc5d4c1bc3afe664ecf15082b47f42ad7ae3f517f85b56af0d8d501f04d90b50778d841c8cd4976884be5e1b762a901be2fa13f69bdf280915626f4c9b481422a8aacd07c57295ba8478d0a27a1379c49f6fd3b73e3a2f7a614e654948354ec03100bdd8fda54b497e17742a507c869d0d0334add10f64ea64b8182b569fd4f8a66e1da543175e44243ab8727f799d819e44a860043501f0c391e79e3c86500a3fa247c25130f2dafeed662d14d18e4098823128b422723726021d694ee224c63cab14acccb46120db22cb6d938bd4db567aeabce50d9803ea2057070df57df9554edb2abc856df001d69791dd851296c256c466ea8a96c6e06541f6b9a881817cf0d598f1be602eace33e1ac1e1db2b20d10b752d76867a4ba0ada4ee3863d4b65187842708af7e78f5a0f8f4ef3b6a334e4c32f31bf28b7ad32978e40e7deb57904aa1a8bd1da5ba053ab511b46a458f68153cc631c121e8678142722d77b7f6fd8640ffe9b22b8945f3620f0a8f386d78276758199f98a5ba651103eb7cdbbf985a332b195a7cbfb4f3c74ff17858986d771d72283559ee7dd8dc5727e6c792596939b69183b0507c8179e9c4facd44c6a8420959940de2cd2a2239ad81d4147d49430145bc4594cf58d68c6815f466f6ccbc7b574bbdfccedadca5545f0e23aedd145ee027c120d574511c51806995c37b201fdeb15476031d920333639dbcb2aa680f685fa5e435e5e6f30c8f3ab709a473a6219808df904de2d767fb25e57416592cd9b9cb3e45c7f51e161dc56ffa5893799ce69f0a71a9e35aa549957e048c283138ae95fbc3ca8096d72dfed71a5d25724667b5dca7e1f3828d2146a2dc84d9ebad96ae1238ea35c2b5dbf29aec147f9b5699c0b9d965f83c1b5a06c5f295b33cf082245703d6dc3c93065fd6d28ef51354236fdf2f008e0f6413200366743c9008e3bad1be1f53f0d1ec85366510a773e50ce4feb6c5caaf38852bce019fa5e755a3122457f87b9ec04b8ed8482b1b52653021feadfaaf766060bc63849c10d3d99b70f7b5405a5642d6fe52cc0fe24960d1eb520774b1d86d5cc00cdc86cd5111b9af41dd3031639274fc1feddb5f8b82a085a7019e33c917d3cbe6cbb670270741732aabfde16eab4351a0cf30fb66c5dda4eb954cd4ea9c1072144b241418e78ce875a10386686c3c0cec436b76b3c8ff8efb3cb983281859aaeeacb34fe4d27413991ac2a2d45eb94118ae51b1507228e14ec0dcd96e2589914322713b884bd411b55ad259e777858e55122588ce2f7cfdf8807bbaeab97f5eef217437b330f9de7419e412437aa9a38918a23b6d522acb21520192806789e283bca50f912611952af118d5d43e70f3a4f569f8bf87ee48cc8a68fb671b9b0a27327c5635ace1f0d5f1744aa0eeb9f929daa10f38093289eecf9298813c096857bb05c573cd102168d4815d76d23aa087b41e9026e51e9b7d6cff6adfe467887a6930dca447c83554ffd82a9bdf0b39c1b28731c773c43e420587a235ceb967007de48fdc8e86fe7960e769266b06a5368f6b43f2ca3b03eb933306bacb09f8be96ab7adf126ee3c3e123ac90b75310b3932059707cdb54a4e6fd990ad0839eb62f077e8a093d662615b5fbef8ceaf88c9bb5ebd86eeade835f3d2dff310c0493e13b56c17dc577c0c201129218b756794d46e77d1ae6d585560d679f65c04b7f0df28ee903003c030c88c3475c5a23cf973c41662ae7cb6f8fe955f02f4536e539a9a6e941ab454ba366a58f6e7a72ddb5278fab581cc01fd58084aeb30fbd5f9e1632171cc304480d2382696dc13fce686379ab7fb20fd82e9f3095fbfe08a2265a06e5c9f743f275e89e2a2b723fd1a5858342d468c6e24eae4e8bfb9b6ebe5ec25b0b62e3bcf4835fdde50bcc0c330f5f2defad79d906ed11bfd6832c1281bd5cbc55ab7a7de01cc596992fc829e599f636fd7f9815e56114ecc3638339dc69034761b2f006ffa1c86c444d21236de72a6e4368ad28fb73ea9f9800ffff43b0b0cdd26557607f87e6a5993b3df847fe58ee1fc00bc1b47a46292aebc3a6032c9c2abaf22d7ff048f8e1c558a6d9fad1be420011e54ffde0e5f7e8d0ee9e4540d3c48c3a3c9c2542e9d1cc76bd9b480ac277d6653ea3c6c75e515e0ecc6a9352eddbc0a53691da04e7c4fe585698d602da848441e7e55749a0a3eaf25044fc7478f5a0bc15dc01f103746f06efa2fd0c1e198dd312c4cd5b704fb9c63699724dfcba3024c53db857994e3d45f5c449606dfb653eecd18c861ce11aef7424c739d5d2fb00cfe1ae874b88911023b3c7a04d83a27347f7e9e086a57b00b7429316769a7ec5b4ed15bd8cb0cbcf9d45ec649bcbbb26f1330b8744fe3afeb522a0517607fcca662788e2dc100b9fa5358eaff4a2980e6943f3b38da171a333fc8ff27937018da4cfa2d727d7e17efb763923860da79546d166eee102b148f75d08014f494c3d770c65b2dcd583d3c97a39fb2bac337618bffc626fe803d97a507c836184f49bdcff66c7daf06a166446b7da396bf5a67abce7e76b8729bfa4d6a5c890c388847eebf1e00de700441620dc39b5de1f8788846ceb46f4a4b53cd4dca6b3075b39195e683300ffbd3338134f9adda7134de5e41339db47024c0255635f928517284334dfaf09864fdb2e438c2bb38052ad0fa8104eb8e1839019c6d921a6334d99b63a6cd17eb1d0ee4088e7189ab86fe68c973cc40c17ac663e5ba3afbfa72e9fe2e6b76b652909070ae931007f66b575a46c159aa2b39337b127f3eb6c494e128b495fb94a27d039cd1996852976b79aa38931b7c4eb3a65b7d8e03d6be7c0989b45732e5b2650d36c6544336f93b1f96572804f5275d583d20d2ae9c9fe118ad69846e208082341d2c24fd4728044005d917aadf005dc2dbd68725404f35d22256b04e0c930e0cf989ea8630a90d46ed47bccd7d7f5b8eee25c60b0fd41185c24adc655bc126b625085de9f1e896d9adddf25c6855f0d8a9dcc653d759d4c4adebfe8fbfddaa059e5d8573de316c6ff0e9a7e7f53f3799f202bb70420533d678a109913c228e7733216d3f83a33075f5e8395dd2037770688b2d6e3d3cbdc342444eed513495ca12b87bb11aa25e51a716e6dd34d7f197e2bd22207d37b66855752f3602233c3b7ea78c7406e0ebd9509752ae65ec527877b602f0c20a73c6c87b946bd6890bad8aaa43c7c09260db2cba7cdb72c952405f50cb7ba3a6b5e1721ed555d605d147ab961bc1f8c610c7aceca4bd4837aac563d62b5c80b740ee8cf0069a184d283d8a4f78bf962ac89a4f48c5ae6e37b79d72ca19ff8ac56cd4b7a392ea8ac5bc981681c588c5d31b8301b2010363ec0ece6b3cd0940231325499943a600b7ef7572d055a69fa86a44c706c6a75382269944308aa0e7006c9b45ea007b8b6753388fbffd646ce240dbc6ecf7fbdf0866de24470fbd8600956c20bdc6b795dcde6bb01ad84cb48ae718c119377dc91d16965ff68ee74e96c24d284f511d76599c5b48c1b8fdd6882529762d67a0ac41a6c3dd7ec49a6d73bca873cf7646a8972eb367106379c9c5908ec803c37d53d514f7f9334e53fc2337c5f098821332e1369c2fee270c3721f0e102833688f710f494c6a1ac4c2968db7398c42d8396fc53b4796fd3e7df3fc30eb27201b72d8cbf373bb08435f6e0224425ea67bab50c334ee63c71d40f8b5e5033befb88801d81de9c8f9306218a6ebc8ec96202183f6101bea802a17bc1671482db14f19705931d33da43a9ab93058d6a320ba6718463f632e2d8eeab78d5da6fc1b7d753811f411aec20ae62aefb9cff73b34db8f273c82fa926aedc106d3049ffe38c3cf5ea68097c7f15c152d731f68101327aa4bd6f7b374eccca645dc25cc3cdd1706ad23c7b7378bc1d2ac68db486c67b63d52919f6f451bcd4a17a1b06f7655367e00f353c1ae7464c94a1c4b20df199909d32b62280ef5ffe210852375e055661b1fab4c801112edfb2887538547797aa2bd4ab7f3f69ecbb3725717d0dee14e15b24db30d99fe008867b2f966bb8be1fbe4797e2dfec013e1deed510cdb71fe64b313944f2f42c0f7be97572211458e9de32fb97fd4cb2938297e98a5915378693ebb83f205ecbadf0cf50e48244b57569896bc12a663c0b581ca981f68df189ecfe3a23d482d09b01462054a9f05f83ae4ba1aa3744ad0b94662cb82083e98b78de597cfcb266d1f036b6c98da6e3442c6b5d385e231fbd2c969e37bc2955b5a13e019f06d836cd3700a2ad5c3e5938c4a262fc79d8e59f5e058c7aab82a583cab34d6006b1d8bc6a0d9bd9cdaffb30454cbf4f14669bd133ad63dee98abbb6a63391acb1673df5c06f31a1887c7caffd0c427680ffe7b705dbfea29ff524d950efb12a43d9d66077e09941f35497ac100f8bec935269a5981444335ae80c9334b540cb3032e82475e3de6d93e1e9011de860286bff2b4d005cecf8a8a90b68dd73f89d434a751b6ef530adb8ddab33da47642813083d0a71ff81c2e53a724234a1c41b46605d1d2e9c4294e9b043febd3be47794a9925cf95279df4f31717d048de7303e3e65387950f5f51a229c29ed7a9d027e9e2e273904b892de7e3de9d7499e387c07cfb2c3b901d143639bda189771e478f583aea2117064643392da5805bd4f1d273b939bfa05002ef93b98f793e2f787b48ee9299a579abd59ebf01aae553ccf2928eea865a3e5df1c055f7316afc9fa7e32a25283cbf56f59ede6823a88b6ef3d1d127d938f85691b58f90269e6a57c00ae77db93e691a647bb77bb454ba5d3da9ffe475dc65124f379a9c5ead8c1ba9030092dc81a3d73e9429bfcd1b0623a9adfddd5759541704053373d89f237063005ad41df723e9ccdbf0757b5783ec7f410c386a095ed7ba45a308acc83a308479e7b0b04ad0f4b09978e2ff680d76cc0b80d466ec49bf3a81a4fb00025e57df1d1e8d062da4e0a52a92f14a5babe60494c1ef78ae93bd694f4a672420bc99fb81327cf6d3bf75e34ec88d853ba4566489085f4c3661955c4b64026fab0f494ca32cffac7b225831885b376500fdfaaed867e1fe064e540a19e185b78e7b360eee75484479c600f35d2a69e74b6b6a1314c69a3f5302734c992b188e536018fd4dd7b170a0d3b070f9f22ad50caec5754bd1885766db340a27700c47b95600c6facd3abab3bb0dbe0a920dc57968a28f886f1785e6aa3b9ef9840a83f4831622252e5b9d41834369419a426eeb33610dd907d8dda2166923379cf17e3a20b913199a9d8cad3efd687378ee6cb97b4d6f16c145ee97140f1350bb476901febd6970eb86932676d44ff11f8c2a89d692ff20c40de0010932cb686837779cdcdc69d54bd1d794cce7648d72948375e5229fcd542c4110124a8a132aac3bccb4fee", 0xfbe}, {&(0x7f0000003a00)}, {&(0x7f0000000640)="30117876826b04a4cd71f83c68076bbac59d0dc50a1594cd0fe8b96facc716302cfb257ac9d28f9b96b828d6f86a1a23", 0x30}, {&(0x7f0000000680)="726ca31e45f3e88c9cb1e08dff15b0056bd7fecd71b43a60d17820cf5369b94614ee323f80a84d9ceb5cbf18929e4aa5ba5910", 0x33}, {&(0x7f00000006c0)="7c3a4ac8166c14ccd19235060177cd99a6a3", 0x12}], 0x8)
syz_genetlink_get_family_id$nl80211(0x0, r0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x418040, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0', [{0x20, 'axA\x9b^\xfb^$\r\'uij\r\xd9\xef\xd2Et^Q\v\x9fOFL\x95`Z\xae\xc3a\xfe%\x94\x1a\xebt\xc6\x06\x8fD,\xf7\xae#\x80\x80\xdf\xa3\xcaO\xc6\x8a\x91\x90\xadR\aW\xe1\xf3n\xca\xa3\x8f\xd6F\x03\x0e\x9b\xe5yb\xfc\xa19wUs\x83\xf1{&\n\x1d\x8e\x82y\x1a.B\x0e\xea\x17\xc7\xe7H\xa9\xd4\x8e\xe7 gD\x89*\xb5c<d\x1f\\\x10$o\x93\x02\x9c@\x9ddt\x8c\x875\xf7@\x9aM\xa3j\xfa\x1f\xe5\x81\xc9u<\xf0?w8P>\xc5\x8a\xe6R\xe5YGq\xf5\xb6\x95\xbc\x112\x9bno\xc8\x06\xb6\b\xcc\x03{Sn\x94G\x01\xb4\xffJQ8t\x99vY\xaaf\xc7,\x9f\xbb\x15G\x1cr\x19\xef\xab\n\xa8\xbc\xbd\xa2E\x16\x1cm\xbd=\x98\x7fU\xcbg\x15%\x95\xb11\x017\x83*\x14\xcbt\xc2\xcb\x04\x1e~?\xb9j\x18\x96\x84EA\xeaB\a\x83\xba\xdco<\x00'/256}]}, 0x10c)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r3, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)

2.033962715s ago: executing program 2 (id=246):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xe6)
prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xcccccccc})
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r3, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000, 0x10000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r3, 0x0, <r4=>0x0, 0x1})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r3, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLL', 0x19})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x1fff})
openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0)
io_submit(0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000480)={&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff}, &(0x7f0000000040)=0x40)
r6 = syz_init_net_socket$ax25(0x3, 0x2, 0xcb)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
bind$ax25(r6, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)

1.813145903s ago: executing program 3 (id=247):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040), 0x0)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)='u', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x881)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @thr={&(0x7f00000005c0)="6144de9d1e3bde2f6310d84e651b89acecac569503d977ee47eebe32b8a8c5e93677e58d04908ab9fa25c2d0f9d79a7dea24a3b34a97226698c9bcfe857455baa449b6613a63579951142e3985f4ab36f9b3a16d50fd6a089121c7597d784e64", &(0x7f0000000940)="665dad733597bd0055eb9165029b1652d08a61ef9b73a5f1af1168f924ec4353b8452a47b78d033e1cfe134d0cffcf1e8c57563ac61e6dff1e8c246d3102aa05e2c0741ec8ac109817c121f02067dc1e8389c8a740b59758b43f1061a096458b1287b921fc81aba387fc7f93beae73841c0af9e44dc2e32a75d7438b10264632241f458fe742cf4aaec2a7e7032bf54b433d3b96c67f4e25b1c4bb019df4bf86"}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x310)
pipe2(0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x80000)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
sendmmsg$unix(r3, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0)

1.776728586s ago: executing program 1 (id=248):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x189802)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e)
socket(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x498, 0x0, &(0x7f0000000340), &(0x7f0000000040))
io_uring_enter(r3, 0x627, 0x4c1, 0x43, 0x0, 0x0)
semctl$IPC_RMID(0x0, 0x0, 0x0)
open$dir(0x0, 0x200200, 0x15)

687.460935ms ago: executing program 0 (id=249):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038014000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a300000000014000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x24040089}, 0x20008000)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1)
mkdir(0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r1, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
r2 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0x5}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r6, {0x0, 0xfff2}, {}, {0xa, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)
syz_emit_ethernet(0x22, 0x0, 0x0)

668.732796ms ago: executing program 3 (id=250):
sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001200)={0x14, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}}, 0x14}}, 0xc881)
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000700)=[{&(0x7f0000000540)}, {0x0}, {&(0x7f0000000400)}, {&(0x7f0000002a00)="398605fb4707631b08cf3dbc0b99af45d3e4c712d89099d35ca856b9231a32d09fb920a7ce8a975bdcf3b81138c1d4394758622aa2fb19291dea54fa15448beb9b6e2c44f5222ce6860146fa7156de8b25f053a3a87ed40e1d547fa4fc53e6b9358db39d0d2fd9a8b1e36aa4bca61949b954454db7ac4244c3f926477a27e4629b43060cf575deef8cf9b44261b1595913d03ddcff4493a37048f6561ef31f81ebc2ccdbd09da99736ecdbb8cd7b6cdc5d4c1bc3afe664ecf15082b47f42ad7ae3f517f85b56af0d8d501f04d90b50778d841c8cd4976884be5e1b762a901be2fa13f69bdf280915626f4c9b481422a8aacd07c57295ba8478d0a27a1379c49f6fd3b73e3a2f7a614e654948354ec03100bdd8fda54b497e17742a507c869d0d0334add10f64ea64b8182b569fd4f8a66e1da543175e44243ab8727f799d819e44a860043501f0c391e79e3c86500a3fa247c25130f2dafeed662d14d18e4098823128b422723726021d694ee224c63cab14acccb46120db22cb6d938bd4db567aeabce50d9803ea2057070df57df9554edb2abc856df001d69791dd851296c256c466ea8a96c6e06541f6b9a881817cf0d598f1be602eace33e1ac1e1db2b20d10b752d76867a4ba0ada4ee3863d4b65187842708af7e78f5a0f8f4ef3b6a334e4c32f31bf28b7ad32978e40e7deb57904aa1a8bd1da5ba053ab511b46a458f68153cc631c121e8678142722d77b7f6fd8640ffe9b22b8945f3620f0a8f386d78276758199f98a5ba651103eb7cdbbf985a332b195a7cbfb4f3c74ff17858986d771d72283559ee7dd8dc5727e6c792596939b69183b0507c8179e9c4facd44c6a8420959940de2cd2a2239ad81d4147d49430145bc4594cf58d68c6815f466f6ccbc7b574bbdfccedadca5545f0e23aedd145ee027c120d574511c51806995c37b201fdeb15476031d920333639dbcb2aa680f685fa5e435e5e6f30c8f3ab709a473a6219808df904de2d767fb25e57416592cd9b9cb3e45c7f51e161dc56ffa5893799ce69f0a71a9e35aa549957e048c283138ae95fbc3ca8096d72dfed71a5d25724667b5dca7e1f3828d2146a2dc84d9ebad96ae1238ea35c2b5dbf29aec147f9b5699c0b9d965f83c1b5a06c5f295b33cf082245703d6dc3c93065fd6d28ef51354236fdf2f008e0f6413200366743c9008e3bad1be1f53f0d1ec85366510a773e50ce4feb6c5caaf38852bce019fa5e755a3122457f87b9ec04b8ed8482b1b52653021feadfaaf766060bc63849c10d3d99b70f7b5405a5642d6fe52cc0fe24960d1eb520774b1d86d5cc00cdc86cd5111b9af41dd3031639274fc1feddb5f8b82a085a7019e33c917d3cbe6cbb670270741732aabfde16eab4351a0cf30fb66c5dda4eb954cd4ea9c1072144b241418e78ce875a10386686c3c0cec436b76b3c8ff8efb3cb983281859aaeeacb34fe4d27413991ac2a2d45eb94118ae51b1507228e14ec0dcd96e2589914322713b884bd411b55ad259e777858e55122588ce2f7cfdf8807bbaeab97f5eef217437b330f9de7419e412437aa9a38918a23b6d522acb21520192806789e283bca50f912611952af118d5d43e70f3a4f569f8bf87ee48cc8a68fb671b9b0a27327c5635ace1f0d5f1744aa0eeb9f929daa10f38093289eecf9298813c096857bb05c573cd102168d4815d76d23aa087b41e9026e51e9b7d6cff6adfe467887a6930dca447c83554ffd82a9bdf0b39c1b28731c773c43e420587a235ceb967007de48fdc8e86fe7960e769266b06a5368f6b43f2ca3b03eb933306bacb09f8be96ab7adf126ee3c3e123ac90b75310b3932059707cdb54a4e6fd990ad0839eb62f077e8a093d662615b5fbef8ceaf88c9bb5ebd86eeade835f3d2dff310c0493e13b56c17dc577c0c201129218b756794d46e77d1ae6d585560d679f65c04b7f0df28ee903003c030c88c3475c5a23cf973c41662ae7cb6f8fe955f02f4536e539a9a6e941ab454ba366a58f6e7a72ddb5278fab581cc01fd58084aeb30fbd5f9e1632171cc304480d2382696dc13fce686379ab7fb20fd82e9f3095fbfe08a2265a06e5c9f743f275e89e2a2b723fd1a5858342d468c6e24eae4e8bfb9b6ebe5ec25b0b62e3bcf4835fdde50bcc0c330f5f2defad79d906ed11bfd6832c1281bd5cbc55ab7a7de01cc596992fc829e599f636fd7f9815e56114ecc3638339dc69034761b2f006ffa1c86c444d21236de72a6e4368ad28fb73ea9f9800ffff43b0b0cdd26557607f87e6a5993b3df847fe58ee1fc00bc1b47a46292aebc3a6032c9c2abaf22d7ff048f8e1c558a6d9fad1be420011e54ffde0e5f7e8d0ee9e4540d3c48c3a3c9c2542e9d1cc76bd9b480ac277d6653ea3c6c75e515e0ecc6a9352eddbc0a53691da04e7c4fe585698d602da848441e7e55749a0a3eaf25044fc7478f5a0bc15dc01f103746f06efa2fd0c1e198dd312c4cd5b704fb9c63699724dfcba3024c53db857994e3d45f5c449606dfb653eecd18c861ce11aef7424c739d5d2fb00cfe1ae874b88911023b3c7a04d83a27347f7e9e086a57b00b7429316769a7ec5b4ed15bd8cb0cbcf9d45ec649bcbbb26f1330b8744fe3afeb522a0517607fcca662788e2dc100b9fa5358eaff4a2980e6943f3b38da171a333fc8ff27937018da4cfa2d727d7e17efb763923860da79546d166eee102b148f75d08014f494c3d770c65b2dcd583d3c97a39fb2bac337618bffc626fe803d97a507c836184f49bdcff66c7daf06a166446b7da396bf5a67abce7e76b8729bfa4d6a5c890c388847eebf1e00de700441620", 0x7df}, {&(0x7f0000003a00)}, {&(0x7f0000000640)="30117876826b04a4cd71f83c68076bbac59d0dc50a1594cd0fe8b96facc716302cfb257ac9d28f9b96b828d6f86a1a23", 0x30}, {&(0x7f0000000680)="726ca31e45f3e88c9cb1e08dff15b0056bd7fecd71b43a60d17820cf5369b94614ee323f80a84d", 0x27}, {&(0x7f00000006c0)="7c3a4ac8166c14ccd19235060177cd99a6a3", 0x12}], 0x8)
syz_genetlink_get_family_id$nl80211(0x0, r0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x418040, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0', [{0x20, 'axA\x9b^\xfb^$\r\'uij\r\xd9\xef\xd2Et^Q\v\x9fOFL\x95`Z\xae\xc3a\xfe%\x94\x1a\xebt\xc6\x06\x8fD,\xf7\xae#\x80\x80\xdf\xa3\xcaO\xc6\x8a\x91\x90\xadR\aW\xe1\xf3n\xca\xa3\x8f\xd6F\x03\x0e\x9b\xe5yb\xfc\xa19wUs\x83\xf1{&\n\x1d\x8e\x82y\x1a.B\x0e\xea\x17\xc7\xe7H\xa9\xd4\x8e\xe7 gD\x89*\xb5c<d\x1f\\\x10$o\x93\x02\x9c@\x9ddt\x8c\x875\xf7@\x9aM\xa3j\xfa\x1f\xe5\x81\xc9u<\xf0?w8P>\xc5\x8a\xe6R\xe5YGq\xf5\xb6\x95\xbc\x112\x9bno\xc8\x06\xb6\b\xcc\x03{Sn\x94G\x01\xb4\xffJQ8t\x99vY\xaaf\xc7,\x9f\xbb\x15G\x1cr\x19\xef\xab\n\xa8\xbc\xbd\xa2E\x16\x1cm\xbd=\x98\x7fU\xcbg\x15%\x95\xb11\x017\x83*\x14\xcbt\xc2\xcb\x04\x1e~?\xb9j\x18\x96\x84EA\xeaB\a\x83\xba\xdco<\x00'/256}]}, 0x10c)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r3, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)

312.658915ms ago: executing program 0 (id=251):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setresuid(0x0, 0xee00, 0x0)
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140), 0x20200, 0x0)
ioctl$IOCTL_GET_NUM_DEVICES(r0, 0x40046104, &(0x7f0000000180))
syz_clone3(&(0x7f0000000380)={0x20080, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0xffffffffffffffff], 0x1}, 0x58)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socket(0x2, 0x80805, 0x0)
connect$rose(0xffffffffffffffff, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
pipe2$9p(&(0x7f0000000240), 0x0)
r2 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
write$binfmt_script(r2, &(0x7f00000003c0)={'#! ', './file0'}, 0xb)

0s ago: executing program 0 (id=252):
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x4)
ioctl$SNDCTL_DSP_POST(r5, 0x5008, 0x0)
ioctl$TCFLSH(r0, 0x400455c8, 0x4)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r7, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.14' (ED25519) to the list of known hosts.
syzkaller login: [   71.333584][ T5774] cgroup: Unknown subsys name 'net'
[   71.477820][ T5774] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   71.785643][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[   71.792325][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[   73.260748][ T5774] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   74.820683][   T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   74.829495][ T5789] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   74.838241][ T5789] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   74.846390][ T5789] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   74.860263][ T5789] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   74.868295][ T5789] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   74.871574][   T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   74.883155][ T5789] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   74.883872][   T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   74.900006][   T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   74.927535][ T5786] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   74.935090][ T5786] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   74.940157][ T5789] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   74.951651][ T5786] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   74.970029][ T5789] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   74.981693][ T5101] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   74.982220][ T5786] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   74.997796][ T5101] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   74.998579][ T5786] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   75.012318][ T5101] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   75.020485][ T5101] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   75.029254][   T50] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   75.037236][ T5786] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   75.045301][ T5786] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   75.425705][ T5783] chnl_net:caif_netlink_parms(): no params data found
[   75.596801][ T5788] chnl_net:caif_netlink_parms(): no params data found
[   75.678250][ T5794] chnl_net:caif_netlink_parms(): no params data found
[   75.716223][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.723496][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.731133][ T5783] bridge_slave_0: entered allmulticast mode
[   75.738236][ T5783] bridge_slave_0: entered promiscuous mode
[   75.747300][ T5792] chnl_net:caif_netlink_parms(): no params data found
[   75.786509][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.793909][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.801893][ T5783] bridge_slave_1: entered allmulticast mode
[   75.808796][ T5783] bridge_slave_1: entered promiscuous mode
[   75.857539][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.864800][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.872204][ T5788] bridge_slave_0: entered allmulticast mode
[   75.879043][ T5788] bridge_slave_0: entered promiscuous mode
[   75.907143][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   75.920645][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   75.930080][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.937384][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.945154][ T5788] bridge_slave_1: entered allmulticast mode
[   75.952533][ T5788] bridge_slave_1: entered promiscuous mode
[   76.063954][ T5783] team0: Port device team_slave_0 added
[   76.074112][ T5783] team0: Port device team_slave_1 added
[   76.083667][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   76.097324][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   76.117052][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.124754][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.132116][ T5794] bridge_slave_0: entered allmulticast mode
[   76.138972][ T5794] bridge_slave_0: entered promiscuous mode
[   76.180502][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.187712][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.195962][ T5794] bridge_slave_1: entered allmulticast mode
[   76.202927][ T5794] bridge_slave_1: entered promiscuous mode
[   76.245349][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.252896][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.260375][ T5792] bridge_slave_0: entered allmulticast mode
[   76.267295][ T5792] bridge_slave_0: entered promiscuous mode
[   76.292219][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   76.302842][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0
[   76.311038][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   76.337643][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   76.353359][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1
[   76.360387][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   76.386609][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   76.400701][ T5788] team0: Port device team_slave_0 added
[   76.414722][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.422744][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.430148][ T5792] bridge_slave_1: entered allmulticast mode
[   76.437300][ T5792] bridge_slave_1: entered promiscuous mode
[   76.446067][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   76.471252][ T5788] team0: Port device team_slave_1 added
[   76.551581][ T5794] team0: Port device team_slave_0 added
[   76.569228][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0
[   76.576526][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   76.602535][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   76.617667][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   76.631490][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   76.643098][ T5794] team0: Port device team_slave_1 added
[   76.654516][ T5783] hsr_slave_0: entered promiscuous mode
[   76.661662][ T5783] hsr_slave_1: entered promiscuous mode
[   76.668962][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1
[   76.676111][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   76.702600][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   76.801409][ T5792] team0: Port device team_slave_0 added
[   76.808046][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0
[   76.815546][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   76.841766][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   76.854933][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1
[   76.862052][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   76.888576][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   76.921480][ T5792] team0: Port device team_slave_1 added
[   76.946962][ T5788] hsr_slave_0: entered promiscuous mode
[   76.953930][ T5788] hsr_slave_1: entered promiscuous mode
[   76.960544][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   76.968356][ T5788] Cannot create hsr debugfs directory
[   76.980625][ T5786] Bluetooth: hci1: command tx timeout
[   76.990050][ T5786] Bluetooth: hci0: command tx timeout
[   77.008312][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.016715][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.044211][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.057030][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1
[   77.064597][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.091977][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   77.139934][ T5786] Bluetooth: hci3: command tx timeout
[   77.139954][   T50] Bluetooth: hci2: command tx timeout
[   77.206289][ T5794] hsr_slave_0: entered promiscuous mode
[   77.212882][ T5794] hsr_slave_1: entered promiscuous mode
[   77.218960][ T5794] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   77.227416][ T5794] Cannot create hsr debugfs directory
[   77.247898][ T5792] hsr_slave_0: entered promiscuous mode
[   77.254931][ T5792] hsr_slave_1: entered promiscuous mode
[   77.262024][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   77.269602][ T5792] Cannot create hsr debugfs directory
[   77.533291][ T5783] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   77.592396][ T5783] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   77.604262][ T5783] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   77.632395][ T5783] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   77.728680][ T5788] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   77.748963][ T5788] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   77.765072][ T5788] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   77.775762][ T5788] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   77.863060][ T5794] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   77.875433][ T5794] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   77.892903][ T5794] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   77.904455][ T5794] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   77.977407][ T5792] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   78.012697][ T5792] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   78.023788][ T5792] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   78.034472][ T5792] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   78.141982][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.189038][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.231457][ T5783] 8021q: adding VLAN 0 to HW filter on device team0
[   78.273508][ T3425] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.281344][ T3425] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.297854][ T5788] 8021q: adding VLAN 0 to HW filter on device team0
[   78.325174][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.332375][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.342357][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.349524][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.372191][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.402225][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.409432][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.433658][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.470095][ T5792] 8021q: adding VLAN 0 to HW filter on device team0
[   78.522831][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.530138][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.551471][ T5794] 8021q: adding VLAN 0 to HW filter on device team0
[   78.563235][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.570430][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.616722][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.623969][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.701055][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.708319][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.061279][ T5786] Bluetooth: hci0: command tx timeout
[   79.061289][   T50] Bluetooth: hci1: command tx timeout
[   79.084567][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.179660][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.220509][   T50] Bluetooth: hci3: command tx timeout
[   79.220601][ T5786] Bluetooth: hci2: command tx timeout
[   79.280995][ T5788] veth0_vlan: entered promiscuous mode
[   79.298914][ T5788] veth1_vlan: entered promiscuous mode
[   79.347910][ T5783] veth0_vlan: entered promiscuous mode
[   79.359199][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.384756][ T5783] veth1_vlan: entered promiscuous mode
[   79.428073][ T5788] veth0_macvtap: entered promiscuous mode
[   79.445807][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.476091][ T5788] veth1_macvtap: entered promiscuous mode
[   79.492026][ T5783] veth0_macvtap: entered promiscuous mode
[   79.503150][ T5783] veth1_macvtap: entered promiscuous mode
[   79.545696][ T5792] veth0_vlan: entered promiscuous mode
[   79.554862][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.584315][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   79.595185][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.609379][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.625266][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.640348][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   79.651386][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.665087][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.676078][ T5792] veth1_vlan: entered promiscuous mode
[   79.705450][ T5783] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.714672][ T5783] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.724392][ T5783] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.733517][ T5783] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.752806][ T5788] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.761829][ T5788] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.772275][ T5788] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.782089][ T5788] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.836870][ T5794] veth0_vlan: entered promiscuous mode
[   79.901789][ T5794] veth1_vlan: entered promiscuous mode
[   79.926046][ T5792] veth0_macvtap: entered promiscuous mode
[   79.955415][ T5792] veth1_macvtap: entered promiscuous mode
[   79.984044][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.996470][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.043625][ T5794] veth0_macvtap: entered promiscuous mode
[   80.059047][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   80.073446][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.083636][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   80.094225][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.106441][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0
[   80.121214][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.132254][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.142792][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.153905][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.165541][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.174592][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.176607][ T5794] veth1_macvtap: entered promiscuous mode
[   80.189445][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.222513][ T5792] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.231571][ T5792] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.242156][ T5792] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.251033][ T5792] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.290165][ T3425] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.307924][ T3425] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.324365][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   80.335316][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.345944][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   80.356499][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.366510][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   80.377133][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.391103][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0
[   80.513497][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.526083][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.537234][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.548457][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.560279][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.571221][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.582779][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.595167][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.606468][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.618637][ T5794] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.630117][ T5794] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.638882][ T5794] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.648218][ T5794] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.692029][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.700158][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.865661][ T3425] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.929331][ T3425] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.144238][   T50] Bluetooth: hci1: command tx timeout
[   81.144257][ T5786] Bluetooth: hci0: command tx timeout
[   81.367702][   T50] Bluetooth: hci3: command tx timeout
[   81.367722][ T5786] Bluetooth: hci2: command tx timeout
[   81.577122][  T991] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.610207][  T991] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.616799][ T5876] syz.1.2[5876]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   81.680782][ T5876] loop1: detected capacity change from 0 to 1024
[   81.764343][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.771187][ T5876] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.783725][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.289080][ T5886] mmap: syz.3.4 (5886) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   82.739866][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[   83.219893][ T5786] Bluetooth: hci0: command tx timeout
[   83.234005][ T5786] Bluetooth: hci1: command tx timeout
[   83.379826][ T5786] Bluetooth: hci2: command tx timeout
[   83.390589][ T5786] Bluetooth: hci3: command tx timeout
[   83.766025][ T5892] loop3: detected capacity change from 0 to 1024
[   83.910473][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   83.920415][ T5887] iommufd_mock iommufd_mock1: Adding to iommu group 0
[   83.968462][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   84.172943][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   84.420175][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   84.480129][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[   84.490170][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   84.939669][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.062354][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   85.071233][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   85.275606][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   85.433412][ T5902] Zero length message leads to an empty skb
[   85.936794][ T5909] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   86.212437][ T5914] loop2: detected capacity change from 0 to 16
[   86.272275][ T5914] MTD: Attempt to mount non-MTD device "/dev/loop2"
[   87.561294][   T55] cfg80211: failed to load regulatory.db
[   87.885344][ T5924] loop3: detected capacity change from 0 to 128
[   89.395612][   T28] audit: type=1800 audit(1755745672.169:2): pid=5924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.12" name="bus" dev="loop3" ino=1048592 res=0 errno=0
[   90.172577][ T5933] netlink: 20 bytes leftover after parsing attributes in process `syz.3.12'.
[   90.230004][ T5933] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12'.
[   90.317178][ T5931] syz.3.12: attempt to access beyond end of device
[   90.317178][ T5931] loop3: rw=2049, sector=433, nr_sectors = 608 limit=128
[   91.569917][ T5941] syz.1.17 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   92.918652][ T5949] capability: warning: `syz.2.14' uses deprecated v2 capabilities in a way that may be insecure
[   93.506891][ T5948] loop3: detected capacity change from 0 to 2048
[   93.678011][ T5948] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   94.267161][ T5955] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[   94.981120][ T5958] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.990448][ T5958] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.264575][ T5967] loop1: detected capacity change from 0 to 4096
[   95.304540][ T5792] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.674120][ T5985] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  100.694998][ T6008] netlink: 4 bytes leftover after parsing attributes in process `syz.3.32'.
[  100.906173][ T6010] loop0: detected capacity change from 0 to 32768
[  100.914012][ T6010] XFS: ikeep mount option is deprecated.
[  100.961610][ T6013] loop1: detected capacity change from 0 to 512
[  100.973599][ T6013] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e002c118, mo2=0002]
[  101.000910][ T6013] System zones: 1-12
[  101.015297][ T6010] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  101.100815][ T6013] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.34: corrupted in-inode xattr: e_value size too large
[  101.350179][ T6013] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.34: couldn't read orphan inode 15 (err -117)
[  101.410673][ T6013] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  101.417807][ T6010] XFS (loop0): Ending clean mount
[  101.474929][ T6010] XFS (loop0): Quotacheck needed: Please wait.
[  102.142100][ T6025] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.34: corrupted in-inode xattr: e_value size too large
[  102.210083][ T6010] XFS (loop0): Quotacheck: Done.
[  102.910847][ T5788] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  103.917758][ T6032] loop3: detected capacity change from 0 to 40427
[  104.803468][ T6032] F2FS-fs (loop3): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[  105.961782][ T6032] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  106.038179][ T6032] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x6
[  106.076441][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.190182][ T6032] F2FS-fs (loop3): invalid crc value
[  106.343119][ T6032] F2FS-fs (loop3): Found nat_bits in checkpoint
[  106.492669][ T6047] ubi31: attaching mtd0
[  106.509137][ T6047] ubi31: scanning is finished
[  106.514101][ T6047] ubi31: empty MTD device detected
[  107.056632][   T28] audit: type=1326 audit(1755745689.339:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6041 comm="syz.0.41" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1df8ebe9 code=0x7ffc0000
[  107.150717][ T6047] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  107.169493][   T28] audit: type=1326 audit(1755745689.339:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6041 comm="syz.0.41" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1df8ebe9 code=0x7ffc0000
[  107.344156][ T6032] F2FS-fs (loop3): Start checkpoint disabled!
[  107.926590][ T6067] netlink: 4 bytes leftover after parsing attributes in process `syz.0.46'.
[  108.756467][ T6075] loop1: detected capacity change from 0 to 512
[  108.800039][ T6075] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e002c118, mo2=0002]
[  108.840480][ T6075] System zones: 1-12
[  108.865821][ T6075] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.48: corrupted in-inode xattr: e_value size too large
[  108.899364][ T6075] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.48: couldn't read orphan inode 15 (err -117)
[  108.942316][ T6075] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.470196][ T6078] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.48: corrupted in-inode xattr: e_value size too large
[  110.700354][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.222752][ T6095] ubi31: attaching mtd0
[  112.234791][ T6095] ubi31: scanning is finished
[  112.500208][   T28] audit: type=1326 audit(1755745695.069:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.1.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadb0b8ebe9 code=0x7ffc0000
[  112.838941][ T6095] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  113.040480][   T28] audit: type=1326 audit(1755745695.069:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.1.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadb0b8ebe9 code=0x7ffc0000
[  115.871579][ T6121] netlink: 4 bytes leftover after parsing attributes in process `syz.1.59'.
[  119.195133][ T6132] loop1: detected capacity change from 0 to 512
[  119.234950][ T6132] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e002c118, mo2=0002]
[  119.251619][ T6132] System zones: 1-12
[  119.403757][ T6132] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.61: corrupted in-inode xattr: e_value size too large
[  119.507901][ T6138] ubi31: attaching mtd0
[  119.519448][ T6138] ubi31: scanning is finished
[  120.132913][   T28] audit: type=1326 audit(1755745702.349:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6133 comm="syz.0.62" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1df8ebe9 code=0x7ffc0000
[  120.168947][ T6132] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.61: couldn't read orphan inode 15 (err -117)
[  120.191810][ T6132] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  120.219612][   T28] audit: type=1326 audit(1755745702.349:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6133 comm="syz.0.62" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1df8ebe9 code=0x7ffc0000
[  120.262503][ T6138] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  120.914756][ T6132] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.61: corrupted in-inode xattr: e_value size too large
[  120.966914][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.004727][ T6156] loop3: detected capacity change from 0 to 40427
[  124.022464][ T6156] F2FS-fs (loop3): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[  124.030802][ T6156] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  124.060604][ T6156] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x6
[  124.074934][ T6156] F2FS-fs (loop3): invalid crc value
[  124.087105][ T6156] F2FS-fs (loop3): Found nat_bits in checkpoint
[  124.127859][ T6156] F2FS-fs (loop3): Start checkpoint disabled!
[  124.157409][ T6156] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  124.164720][ T6156] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  124.351117][ T6163] netlink: 4 bytes leftover after parsing attributes in process `syz.0.69'.
[  124.624388][   T12] kworker/u4:1: attempt to access beyond end of device
[  124.624388][   T12] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  124.661694][   T12] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  124.669266][   T12] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  124.676658][   T12] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  126.212236][ T6172] loop1: detected capacity change from 0 to 512
[  126.249925][ T6172] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e002c118, mo2=0002]
[  126.258033][ T6172] System zones: 1-12
[  126.625566][ T6180] ubi31: attaching mtd0
[  126.637209][ T6180] ubi31: scanning is finished
[  126.769881][   T28] audit: type=1326 audit(1755745709.469:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6176 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1df8ebe9 code=0x7ffc0000
[  127.035275][ T6172] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.73: corrupted in-inode xattr: e_value size too large
[  127.053789][ T6180] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  127.061552][ T6180] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  127.069029][ T6180] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  127.076161][ T6180] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  127.084299][ T6180] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  127.091304][ T6180] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  127.099430][ T6180] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2197182795
[  127.109599][ T6180] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  127.182558][ T6182] ubi31: background thread "ubi_bgt31d" started, PID 6182
[  127.269764][   T28] audit: type=1326 audit(1755745709.469:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6176 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1df8ebe9 code=0x7ffc0000
[  127.333970][ T6172] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.73: couldn't read orphan inode 15 (err -117)
[  127.382224][ T6172] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  127.821818][ T6187] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.73: corrupted in-inode xattr: e_value size too large
[  128.509216][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.524504][ T6193] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  128.895221][ T6197] bpq0: entered allmulticast mode
[  129.965468][ T6204] loop2: detected capacity change from 0 to 40427
[  129.994734][ T6204] F2FS-fs (loop2): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[  130.003176][ T6204] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  130.031142][ T6204] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x6
[  130.040821][ T6204] F2FS-fs (loop2): invalid crc value
[  130.057622][ T6204] F2FS-fs (loop2): Found nat_bits in checkpoint
[  130.087262][ T6204] F2FS-fs (loop2): Start checkpoint disabled!
[  130.102850][ T6204] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  130.109958][ T6204] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  132.354913][ T6211] bpq0: left allmulticast mode
[  132.953244][ T1092] kworker/u4:6: attempt to access beyond end of device
[  132.953244][ T1092] loop2: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  132.975881][ T1092] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  132.987390][ T1092] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  133.002856][ T1092] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  133.258367][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  133.275576][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  134.724174][ T6227] loop0: detected capacity change from 0 to 512
[  134.870071][ T6227] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e002c118, mo2=0002]
[  135.081624][ T6231] bpq0: entered allmulticast mode
[  135.091160][ T6227] System zones: 1-12
[  135.199379][ T6236] ubi: mtd0 is already attached to ubi31
[  135.918133][ T6227] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2244: inode #15: comm syz.0.89: corrupted in-inode xattr: e_value size too large
[  136.017055][   T28] audit: type=1326 audit(1755745717.999:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6232 comm="syz.2.84" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefe918ebe9 code=0x7ffc0000
[  136.060089][ T6227] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.89: couldn't read orphan inode 15 (err -117)
[  136.102596][   T28] audit: type=1326 audit(1755745717.999:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6232 comm="syz.2.84" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefe918ebe9 code=0x7ffc0000
[  136.177508][ T6227] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  136.772968][ T6243] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2244: inode #15: comm syz.0.89: corrupted in-inode xattr: e_value size too large
[  137.157766][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.441160][ T6251] bpq0: left allmulticast mode
[  137.904249][ T6254] loop0: detected capacity change from 0 to 40427
[  137.936144][ T6254] F2FS-fs (loop0): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[  137.944886][ T6254] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  137.964266][ T6254] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x6
[  137.974918][ T6254] F2FS-fs (loop0): invalid crc value
[  137.983155][ T6254] F2FS-fs (loop0): Found nat_bits in checkpoint
[  138.012407][ T6254] F2FS-fs (loop0): Start checkpoint disabled!
[  138.061399][ T6254] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  138.068571][ T6254] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  138.428017][ T5873] kworker/u4:9: attempt to access beyond end of device
[  138.428017][ T5873] loop0: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  138.446536][ T5873] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  138.457521][ T5873] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  138.469985][ T5873] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  141.013804][ T6270] bpq0: entered allmulticast mode
[  141.778719][ T6278] loop1: detected capacity change from 0 to 512
[  141.847743][ T6280] trusted_key: syz.3.103 sent an empty control message without MSG_MORE.
[  141.916379][ T6278] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e002c118, mo2=0002]
[  141.971414][ T6278] System zones: 1-12
[  141.985055][ T6278] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.102: corrupted in-inode xattr: e_value size too large
[  142.031163][ T6278] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.102: couldn't read orphan inode 15 (err -117)
[  142.078605][ T6278] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  142.804675][ T6278] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.102: corrupted in-inode xattr: e_value size too large
[  142.885967][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.480579][ T6300] bpq0: left allmulticast mode
[  144.883868][  T991] Bluetooth: hci4: Frame reassembly failed (-84)
[  146.108435][ T6311] netlink: 8 bytes leftover after parsing attributes in process `syz.1.110'.
[  146.900023][ T5786] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  146.929105][ T6313] bpq0: entered allmulticast mode
[  149.290011][ T6317] loop1: detected capacity change from 0 to 32768
[  149.325407][ T6317] XFS: ikeep mount option is deprecated.
[  149.411718][ T6317] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  149.912885][ T6317] XFS (loop1): Ending clean mount
[  149.933370][ T6317] XFS (loop1): Quotacheck needed: Please wait.
[  150.172436][ T6317] XFS (loop1): Quotacheck: Done.
[  150.288175][ T5783] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  150.906725][ T6353] netlink: 8 bytes leftover after parsing attributes in process `syz.1.120'.
[  155.933721][ T6393] netlink: 8 bytes leftover after parsing attributes in process `syz.0.134'.
[  157.818395][  T141] Bluetooth: hci4: Frame reassembly failed (-84)
[  159.859921][   T50] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  159.859949][ T5786] Bluetooth: hci4: command 0x1003 tx timeout
[  160.149186][ T6430] netlink: 8 bytes leftover after parsing attributes in process `syz.3.146'.
[  164.484017][ T6461] netlink: 8 bytes leftover after parsing attributes in process `syz.1.156'.
[  166.343092][   T48] Bluetooth: hci4: Frame reassembly failed (-84)
[  168.339820][   T50] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  168.668106][ T6492] netlink: 8 bytes leftover after parsing attributes in process `syz.3.166'.
[  173.323610][ T6525] netlink: 8 bytes leftover after parsing attributes in process `syz.0.176'.
[  176.828741][  T991] Bluetooth: hci4: Frame reassembly failed (-84)
[  177.431337][ T6560] netlink: 8 bytes leftover after parsing attributes in process `syz.0.187'.
[  178.830063][   T50] Bluetooth: hci4: command 0x1003 tx timeout
[  179.346074][ T5786] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  182.705477][ T6598] netlink: 8 bytes leftover after parsing attributes in process `syz.1.198'.
[  186.037857][ T6619] bpq0: left allmulticast mode
[  187.908202][ T6634] netlink: 8 bytes leftover after parsing attributes in process `syz.3.209'.
[  188.806911][ T6641] bpq0: entered allmulticast mode
[  189.631750][ T5786] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  191.443818][ T6664] bpq0: left allmulticast mode
[  191.817645][ T6666] netlink: 8 bytes leftover after parsing attributes in process `syz.1.220'.
[  193.859579][ T6682] bpq0: entered allmulticast mode
[  194.667440][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  194.939795][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  195.619918][ T5786] Bluetooth: hci4: command 0x1003 tx timeout
[  195.904200][   T50] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  196.000226][ T6694] netlink: 8 bytes leftover after parsing attributes in process `syz.3.229'.
[  198.640781][ T6709] bpq0: left allmulticast mode
[  198.929053][ T6715] bpq0: entered allmulticast mode
[  201.873816][ T6729] Bluetooth: hci2: command 0x0406 tx timeout
[  201.876892][ T5791] Bluetooth: hci1: command 0x0406 tx timeout
[  201.901615][   T50] Bluetooth: hci3: command 0x0406 tx timeout
[  201.903483][ T6729] Bluetooth: hci0: command 0x0406 tx timeout
[  202.189886][ T6722] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  202.453061][ T6739] netlink: 8 bytes leftover after parsing attributes in process `syz.2.242'.
[  205.408581][ T6766] bpq0: left allmulticast mode
[  206.213930][ T6764] ==================================================================
[  206.222048][ T6764] BUG: KASAN: slab-use-after-free in rose_transmit_link+0x5ba/0x740
[  206.230053][ T6764] Read of size 1 at addr ffff88801df22032 by task syz.3.250/6764
[  206.237768][ T6764] 
[  206.240108][ T6764] CPU: 1 PID: 6764 Comm: syz.3.250 Not tainted 6.6.102-syzkaller #0
[  206.248168][ T6764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  206.258231][ T6764] Call Trace:
[  206.261523][ T6764]  <TASK>
[  206.264460][ T6764]  dump_stack_lvl+0x16c/0x230
[  206.269140][ T6764]  ? __lock_acquire+0x7c80/0x7c80
[  206.274268][ T6764]  ? show_regs_print_info+0x20/0x20
[  206.279501][ T6764]  ? load_image+0x3b0/0x3b0
[  206.284026][ T6764]  ? _raw_spin_lock_irqsave+0xb4/0xf0
[  206.289505][ T6764]  ? __virt_addr_valid+0x18c/0x540
[  206.294633][ T6764]  ? __virt_addr_valid+0x469/0x540
[  206.299760][ T6764]  print_report+0xac/0x220
[  206.304206][ T6764]  ? rose_transmit_link+0x5ba/0x740
[  206.309414][ T6764]  kasan_report+0x117/0x150
[  206.313923][ T6764]  ? kmem_cache_alloc_node+0x17f/0x330
[  206.319401][ T6764]  ? rose_transmit_link+0x5ba/0x740
[  206.324635][ T6764]  rose_transmit_link+0x5ba/0x740
[  206.329675][ T6764]  ? skb_put+0x11b/0x210
[  206.333936][ T6764]  rose_write_internal+0x11d1/0x1ab0
[  206.339265][ T6764]  ? rose_validate_nr+0x120/0x120
[  206.344300][ T6764]  ? __timer_delete+0x6b/0x290
[  206.349095][ T6764]  ? skb_queue_purge_reason+0x6c/0x1c0
[  206.354568][ T6764]  rose_release+0x24e/0x510
[  206.359083][ T6764]  sock_close+0xbd/0x230
[  206.363357][ T6764]  ? sock_mmap+0xa0/0xa0
[  206.367655][ T6764]  __fput+0x234/0x970
[  206.371652][ T6764]  task_work_run+0x1ce/0x250
[  206.376286][ T6764]  ? task_work_cancel+0x240/0x240
[  206.381506][ T6764]  get_signal+0x1235/0x1400
[  206.386119][ T6764]  ? task_work_add+0x3a3/0x440
[  206.390892][ T6764]  ? __ia32_sys_pidfd_getfd+0x90/0x90
[  206.396289][ T6764]  ? wake_bit_function+0x200/0x200
[  206.401492][ T6764]  ? __might_fault+0xaa/0x120
[  206.406180][ T6764]  arch_do_signal_or_restart+0x96/0x780
[  206.411845][ T6764]  ? __sys_connect+0x240/0x420
[  206.416645][ T6764]  ? get_sigframe_size+0x20/0x20
[  206.421616][ T6764]  ? exit_to_user_mode_loop+0x3b/0x110
[  206.427095][ T6764]  exit_to_user_mode_loop+0x70/0x110
[  206.432393][ T6764]  exit_to_user_mode_prepare+0xb1/0x140
[  206.437955][ T6764]  syscall_exit_to_user_mode+0x1a/0x50
[  206.443452][ T6764]  do_syscall_64+0x61/0xb0
[  206.447891][ T6764]  ? clear_bhb_loop+0x40/0x90
[  206.452782][ T6764]  ? clear_bhb_loop+0x40/0x90
[  206.457484][ T6764]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  206.463398][ T6764] RIP: 0033:0x7f6163b8ebe9
[  206.467914][ T6764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.487540][ T6764] RSP: 002b:00007f6164938038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  206.495974][ T6764] RAX: fffffffffffffe00 RBX: 00007f6163db5fa0 RCX: 00007f6163b8ebe9
[  206.503950][ T6764] RDX: 0000000000000040 RSI: 0000200000000100 RDI: 0000000000000008
[  206.511928][ T6764] RBP: 00007f6163c11e19 R08: 0000000000000000 R09: 0000000000000000
[  206.519901][ T6764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  206.527965][ T6764] R13: 00007f6163db6038 R14: 00007f6163db5fa0 R15: 00007ffd0aea2618
[  206.535950][ T6764]  </TASK>
[  206.538990][ T6764] 
[  206.541331][ T6764] Allocated by task 6715:
[  206.545677][ T6764]  kasan_set_track+0x4e/0x70
[  206.550286][ T6764]  __kasan_kmalloc+0x8f/0xa0
[  206.554888][ T6764]  rose_add_node+0x23a/0xdd0
[  206.559485][ T6764]  rose_rt_ioctl+0xa42/0xfb0
[  206.564084][ T6764]  rose_ioctl+0x3cf/0x8b0
[  206.568416][ T6764]  sock_do_ioctl+0xd7/0x2f0
[  206.572927][ T6764]  sock_ioctl+0x623/0x7a0
[  206.577264][ T6764]  __se_sys_ioctl+0xfd/0x170
[  206.581974][ T6764]  do_syscall_64+0x55/0xb0
[  206.586397][ T6764]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  206.592301][ T6764] 
[  206.594626][ T6764] Freed by task 6766:
[  206.598605][ T6764]  kasan_set_track+0x4e/0x70
[  206.603199][ T6764]  kasan_save_free_info+0x2e/0x50
[  206.608247][ T6764]  ____kasan_slab_free+0x126/0x1e0
[  206.613560][ T6764]  slab_free_freelist_hook+0x130/0x1b0
[  206.619045][ T6764]  __kmem_cache_free+0xba/0x1f0
[  206.623922][ T6764]  rose_rt_device_down+0x43d/0x490
[  206.629044][ T6764]  rose_device_event+0x604/0x690
[  206.634009][ T6764]  notifier_call_chain+0x197/0x390
[  206.639154][ T6764]  __dev_notify_flags+0x18e/0x2e0
[  206.644204][ T6764]  dev_change_flags+0xe8/0x1a0
[  206.648974][ T6764]  dev_ifsioc+0x6a7/0xe20
[  206.653306][ T6764]  dev_ioctl+0x7e2/0x1170
[  206.657638][ T6764]  sock_do_ioctl+0x226/0x2f0
[  206.662234][ T6764]  sock_ioctl+0x623/0x7a0
[  206.666571][ T6764]  __se_sys_ioctl+0xfd/0x170
[  206.671168][ T6764]  do_syscall_64+0x55/0xb0
[  206.675615][ T6764]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  206.681518][ T6764] 
[  206.683848][ T6764] Last potentially related work creation:
[  206.689563][ T6764]  kasan_save_stack+0x3e/0x60
[  206.694253][ T6764]  __kasan_record_aux_stack+0xaf/0xc0
[  206.699630][ T6764]  call_rcu+0x158/0x930
[  206.703889][ T6764]  ip6_route_info_create+0x9c0/0x1200
[  206.709269][ T6764]  ip6_route_add+0x28/0x130
[  206.713782][ T6764]  addrconf_add_dev+0x257/0x340
[  206.718635][ T6764]  inet6_addr_add+0x215/0xb60
[  206.723670][ T6764]  inet6_rtm_newaddr+0x68d/0x940
[  206.728618][ T6764]  rtnetlink_rcv_msg+0x7c7/0xf10
[  206.733568][ T6764]  netlink_rcv_skb+0x216/0x480
[  206.738332][ T6764]  netlink_unicast+0x751/0x8d0
[  206.743129][ T6764]  netlink_sendmsg+0x8c1/0xbe0
[  206.747900][ T6764]  __sys_sendto+0x46a/0x620
[  206.752410][ T6764]  __x64_sys_sendto+0xde/0xf0
[  206.757101][ T6764]  do_syscall_64+0x55/0xb0
[  206.761529][ T6764]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  206.767432][ T6764] 
[  206.769786][ T6764] The buggy address belongs to the object at ffff88801df22000
[  206.769786][ T6764]  which belongs to the cache kmalloc-512 of size 512
[  206.783878][ T6764] The buggy address is located 50 bytes inside of
[  206.783878][ T6764]  freed 512-byte region [ffff88801df22000, ffff88801df22200)
[  206.797622][ T6764] 
[  206.799955][ T6764] The buggy address belongs to the physical page:
[  206.806370][ T6764] page:ffffea000077c800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1df20
[  206.816525][ T6764] head:ffffea000077c800 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  206.825460][ T6764] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  206.833440][ T6764] page_type: 0xffffffff()
[  206.837775][ T6764] raw: 00fff00000000840 ffff888017841c80 ffffea00014cde00 dead000000000002
[  206.846366][ T6764] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  206.855042][ T6764] page dumped because: kasan: bad access detected
[  206.861479][ T6764] page_owner tracks the page as allocated
[  206.867389][ T6764] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 6722836486, free_ts 0
[  206.887118][ T6764]  post_alloc_hook+0x1cd/0x210
[  206.892722][ T6764]  get_page_from_freelist+0x195c/0x19f0
[  206.898421][ T6764]  __alloc_pages+0x1e3/0x460
[  206.903034][ T6764]  alloc_page_interleave+0x24/0x1e0
[  206.908254][ T6764]  alloc_slab_page+0x5d/0x170
[  206.912955][ T6764]  new_slab+0x87/0x2e0
[  206.917041][ T6764]  ___slab_alloc+0xc6d/0x12f0
[  206.921732][ T6764]  __kmem_cache_alloc_node+0x1a2/0x260
[  206.927286][ T6764]  kmalloc_trace+0x2a/0xe0
[  206.931709][ T6764]  device_add+0xbe/0xc20
[  206.935967][ T6764]  tty_register_device_attr+0x401/0x8f0
[  206.941534][ T6764]  tty_register_driver+0x5a9/0xb20
[  206.946649][ T6764]  legacy_pty_init+0x3c1/0x600
[  206.951423][ T6764]  pty_init+0xe/0x20
[  206.955421][ T6764]  do_one_initcall+0x1fd/0x750
[  206.960278][ T6764]  do_initcall_level+0x137/0x1f0
[  206.965231][ T6764] page_owner free stack trace missing
[  206.970604][ T6764] 
[  206.972929][ T6764] Memory state around the buggy address:
[  206.978558][ T6764]  ffff88801df21f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  206.986711][ T6764]  ffff88801df21f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  206.994774][ T6764] >ffff88801df22000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  207.002856][ T6764]                                      ^
[  207.008484][ T6764]  ffff88801df22080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  207.016560][ T6764]  ffff88801df22100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  207.024628][ T6764] ==================================================================
[  207.061637][ T6764] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  207.068874][ T6764] CPU: 0 PID: 6764 Comm: syz.3.250 Not tainted 6.6.102-syzkaller #0
[  207.076948][ T6764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  207.087011][ T6764] Call Trace:
[  207.090291][ T6764]  <TASK>
[  207.093250][ T6764]  dump_stack_lvl+0x16c/0x230
[  207.097929][ T6764]  ? show_regs_print_info+0x20/0x20
[  207.103173][ T6764]  ? load_image+0x3b0/0x3b0
[  207.107768][ T6764]  panic+0x2c0/0x710
[  207.111684][ T6764]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  207.117868][ T6764]  ? bpf_jit_dump+0xd0/0xd0
[  207.122399][ T6764]  ? _raw_spin_unlock_irqrestore+0xfa/0x110
[  207.128297][ T6764]  ? _raw_spin_unlock+0x40/0x40
[  207.133148][ T6764]  ? rose_transmit_link+0x5ba/0x740
[  207.138537][ T6764]  check_panic_on_warn+0x84/0xa0
[  207.143580][ T6764]  ? rose_transmit_link+0x5ba/0x740
[  207.148788][ T6764]  end_report+0x6f/0x140
[  207.153031][ T6764]  kasan_report+0x128/0x150
[  207.157793][ T6764]  ? kmem_cache_alloc_node+0x17f/0x330
[  207.163288][ T6764]  ? rose_transmit_link+0x5ba/0x740
[  207.168949][ T6764]  rose_transmit_link+0x5ba/0x740
[  207.174085][ T6764]  ? skb_put+0x11b/0x210
[  207.178361][ T6764]  rose_write_internal+0x11d1/0x1ab0
[  207.183658][ T6764]  ? rose_validate_nr+0x120/0x120
[  207.188694][ T6764]  ? __timer_delete+0x6b/0x290
[  207.193461][ T6764]  ? skb_queue_purge_reason+0x6c/0x1c0
[  207.198917][ T6764]  rose_release+0x24e/0x510
[  207.203433][ T6764]  sock_close+0xbd/0x230
[  207.207678][ T6764]  ? sock_mmap+0xa0/0xa0
[  207.211922][ T6764]  __fput+0x234/0x970
[  207.215930][ T6764]  task_work_run+0x1ce/0x250
[  207.220552][ T6764]  ? task_work_cancel+0x240/0x240
[  207.225655][ T6764]  get_signal+0x1235/0x1400
[  207.230177][ T6764]  ? task_work_add+0x3a3/0x440
[  207.235046][ T6764]  ? __ia32_sys_pidfd_getfd+0x90/0x90
[  207.240455][ T6764]  ? wake_bit_function+0x200/0x200
[  207.245603][ T6764]  ? __might_fault+0xaa/0x120
[  207.250299][ T6764]  arch_do_signal_or_restart+0x96/0x780
[  207.255932][ T6764]  ? __sys_connect+0x240/0x420
[  207.260697][ T6764]  ? get_sigframe_size+0x20/0x20
[  207.265733][ T6764]  ? exit_to_user_mode_loop+0x3b/0x110
[  207.271195][ T6764]  exit_to_user_mode_loop+0x70/0x110
[  207.276482][ T6764]  exit_to_user_mode_prepare+0xb1/0x140
[  207.282029][ T6764]  syscall_exit_to_user_mode+0x1a/0x50
[  207.287503][ T6764]  do_syscall_64+0x61/0xb0
[  207.292001][ T6764]  ? clear_bhb_loop+0x40/0x90
[  207.296840][ T6764]  ? clear_bhb_loop+0x40/0x90
[  207.301512][ T6764]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  207.307504][ T6764] RIP: 0033:0x7f6163b8ebe9
[  207.311917][ T6764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  207.331626][ T6764] RSP: 002b:00007f6164938038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  207.340049][ T6764] RAX: fffffffffffffe00 RBX: 00007f6163db5fa0 RCX: 00007f6163b8ebe9
[  207.348016][ T6764] RDX: 0000000000000040 RSI: 0000200000000100 RDI: 0000000000000008
[  207.355990][ T6764] RBP: 00007f6163c11e19 R08: 0000000000000000 R09: 0000000000000000
[  207.363957][ T6764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  207.371922][ T6764] R13: 00007f6163db6038 R14: 00007f6163db5fa0 R15: 00007ffd0aea2618
[  207.379983][ T6764]  </TASK>
[  207.383133][ T6764] Kernel Offset: disabled
[  207.387469][ T6764] Rebooting in 86400 seconds..