last executing test programs:

15.575743361s ago: executing program 2 (id=605):
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x2c0, 0x0, &(0x7f0000000180)=[0x6bd1a312, 0x2ec66, 0x8, 0x8, 0x7, 0x800000000000009, 0x0, 0x2, 0x10000, 0x100, 0x8000000000000001, 0x40000000000000, 0x3, 0x5, 0x5, 0x49, 0x3ff, 0x2, 0x0, 0xb, 0x8000000008, 0xb, 0x1c1, 0x1000000003, 0x2, 0x2, 0x6, 0x7, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x9, 0x7, 0x23b, 0x3, 0x2, 0x8890, 0x8, 0x8, 0x6, 0x6, 0x3, 0xa3de, 0x4, 0x8, 0x5c3e, 0x622, 0xfffffffffffffffd, 0x5, 0xfffffffffffffffa, 0x1, 0xe, 0x7, 0x4, 0x100000000, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x6, 0xfffffffeffffffff, 0x8, 0xd, 0x9, 0xe8, 0x80000000, 0xfffffffffffffc00, 0x2, 0x4, 0x2, 0xcdc, 0x7, 0x2, 0x3, 0x2, 0x5, 0xffe, 0x9, 0x4, 0x6, 0xab6, 0x0, 0x4, 0xfff, 0xffffffffffffff81, 0x9, 0xff, 0x5, 0xff8, 0x5, 0x400000000008061d, 0x6, 0x8, 0xf3, 0x6, 0x6, 0x200, 0x7, 0xe53e, 0x2c, 0x2, 0x2293332f, 0x6, 0x34, 0x0, 0xd, 0x2, 0x0, 0x2, 0x2, 0x7, 0x8, 0xfffd, 0x10, 0x8, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0x3ffc00000, 0x8, 0x3]})
ioctl$KVM_CAP_X86_GUEST_MODE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x6, 0x3, 0x8000000000005, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x6, 0x100000000000bdb], 0xffff1001, 0x124182})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000002, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0xeeee8000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

15.529780234s ago: executing program 3 (id=606):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
dup(0xffffffffffffffff)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_io_uring_setup(0x239, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x401, 0x6)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44081)
r4 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r4, &(0x7f0000000140), 0x4924b68, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = fcntl$dupfd(r0, 0x0, r5)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDSIGACCEPT(r6, 0x400455c8, 0x9)

13.417118915s ago: executing program 2 (id=611):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r2, 0x84, 0x23, 0x0, 0x0)

12.401627407s ago: executing program 0 (id=613):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xe6)
prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xcccccccc})
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r3, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000, 0x10000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r3, 0x0, <r4=>0x0, 0x1})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r3, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x1fff})
openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0)
io_submit(0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000480)={&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff}, &(0x7f0000000040)=0x40)
syz_init_net_socket$ax25(0x3, 0x2, 0xcb)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)

12.36686763s ago: executing program 1 (id=614):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12011f00abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
unlinkat(r1, &(0x7f0000000100)='./file0/file0\x00', 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
write$qrtrtun(r1, &(0x7f0000000300)="ca0e80", 0x3)
write$char_usb(r1, &(0x7f0000002600)="b56511e72c6cba780ce701ed0b2db27a336692892a6491e2488652ff00c468d353d809d5b20d8ee0f9fefa6cd7bd1036ed25f0e37053d291887c707a892884c2b4aa2ebac156ef8288264449eea05c4f51c3bb4355eb108744fe34e5d0e851d51a855854135f04dd5d854459226f090b6f0d6135e8f2824eed7469236cad2251116a381d8cd30bae59c1fe71e028a667cb910d523aa5d7208286755075ee8be937304cca20e234303df72ad4e2bdc71219456229460a7c6a2df61e8b21b4a4941dcba5c257b90bbf0a976a73973319258ad7f738c04dfbdee4ea0e1b77a909a154fd934f791ebea03db6f06c8f14bc40924e46cbb9b343f25d63f332f9b3f176601f842a4e40401cbc62ee7803c3a2d71f3878f61d8fb8cb5ee90a696b22fb97bbdfd36af05c2e34dfb3d380ae7bc701053b9009d654d84f04c851b311341efcec16ef3d5c8a7e8af494068dbad55bfa7b7bf4475ceb03a6f4ef11ce14652dc36f279671b7184586c7aab57d50ca23deaeeeaebc2ed024d91f399c84834e7802ad28b6ffec7ed089e8af35d15f2713e70ce55b3f60b9c002496e110c3a68e4c01faf901df4e39d007bf99f3a2d2e33c58b92b961937060a92ab6347995c09eb6a363092e3a45b68bd5e734d43b0bc98070d66c8d03490897a7d05e894da6d92c46cb1d961d11a7d1cd9d3c437c07e9f090690d2b344a93fdc5d7276b74231f1ad050024359e7a73ee913e9a7eba72f23482de94c572d07491328ca363762c44ddcdb1623ec6d639b368d407ffafbb265de19bd5e52ec86c12167dfe2a3de629af1d66612c3f313e07a301d8378fc6eb551196b51680d1194d682ff6cdbb0f811608d6321b41664108ef6dd1dfcc7df602901b0c0d549fb8d0c1aa9b542b99d76b6b8c360c9bcb01ed819a57441948465279d0b2652be1058065929bffae3e9c8923ba01c954f3c49298db8ffad96b73684daf2e608046be2ffb0de70237e044d4be3e6ccc1984ebd2f6e0f57e99fcb0ec30598f121bd93a4003e0ba0815e5ddbeba9f3f8600ef86258a5423fb1f30da5be531e573bf5322a5842eeb23107f02021dc332e0e687bd1f4f0ac09293c3638603279484dd552d534089e0b5b903c4ceeedef410662ec12e17e9b616950874e24d313d770e84b488544a8b829039d06637269367c108dc37712d46ef6601ef4e937a120c607e570446d6216366a72ced5d543ba92a929cef7c4fb03307e88174ad88381b16de1c3f9985f483ff75e9b40fc6ba11d037dda41df9a583009baa3b246c19ab5a20cb4e62accb7a86090717c17db68b0d14905ed0ce6e49555de65448782fc0899f631393b5ccd65da59265d1b4ba9ff4d8a328cb42d2e3a465db23cfa9f159ce5716df7ccf393a561a1783679048570f2467c5336106bc8954569c047e854b2211141d169b27ca796b42c544f70123bd9f6ae23f87d1be164cd7bb2da3dc79e6f12a687296942c9c8f2d99b6961b48e046028bd69dcda162510ad235b7bf28a0ff994e23f08e807437dcd1a426a31e818b918e5c28725bf12f42d6f719d9d81100e529b9f7e4891167aef44ec7afa086e46cf832d144ebe668dbafcbf229be799f33df6c1fb3365f4cb64f360fb70ee140818503a185a44f15d3db5fd5abe8ea3c59f4120c23d3792a4ac791959858dc88286e403ad45b31716e28be7684375c2651f88ed78c2948d673ef2a8a937136ca9842717585894453a83280edc21f3fadb974c36696fe7d8bd136a005a69d14d034a869c4035282ac7c91642a05743814b4cd57df50a4eb15dd7a561637ea4ef6b3bcf89695f125fcd390746357917a6bcf55e0268a09ae5b1195f99a7fe5fec2d4115978052e195d7b5df345b827121a86166c9095e387301fc561654db0183715239247eb9dc15e83c20389aa6271b42125bd475b82db032150aa39fab06fde1034347a8a884c74edb21be34c8cf5b437ad7223970defbb27ca8eb0029fdd4acd4bc92236584ed42f03706376c583a5c8e5cf9f2415ee1f8c1b01f34d7cf1b673db2158eb99d55878ee41b391f8d7339c6f3471ae4af25e5ecb8cea2fbed9f915ce483f1a9411ca5b21776295aa4f52fa31d875f9850f3e07b8093b0f92570d41d77e68e9a79a27b6f5a2c9a100cde02ea745353e996b99b43e0f1aa51288d863859bc618a602c17a15e285e6c189a21a4762b57ce396c852a5453f035c7a2d849a98c30a2e7f797ed13ffae44e4d15a240d092a25b4820e0d2fe3b9cb74b89efc977634d1f37eddc1433f6b06fd13c543bceca1254f91413d8b914bd67f1dca660ad8ef561dfb2ce5f0486b3e1a19a3682dad8a727177a1ea448273c3cd308300e3b4fc4f96efa8d6d723de8b38f7688e13c47b2aa801ba5c33a138208412524250e41eb253520f68324dbdb5e7de6e02dc315e20cf1844cc7a5f15428dd342bcf40895d94b3de0e1acdb698a94e0dd881edfb7569d0c81981213e7186eac0d80dd35e1a48aad319678db523e9cea10163e3924c52d1d4ff589b3b228d98e64e6ee22990600ac9b272b483520148dac0e26d27ef618c86b0a49075f71d8c21e49bbcf83eb1374f0ad393074e32fa33a257f13fb187ba40b02ee6e688092e81ce0c04e3e53507b4b244fcf3afd4dbf05747a8c81828351558223a7bd0ff6684e94cd264bb3841cca4983c10b627c3c13286872798a3bce148b7f9847cb2b485bb900ad006b08482c801e9f05e5e57591e9c9ed1235c397ebffec2bffdf0eaa4aa2b3927e583f913edb95ce47603bc725ad16c59c4b638668190bd1f9c4b2c9e1b14a85d9e3e81ef3668baf27e59dd14d1ade2d7873d4feb989cdac04675f40b59a1a41453b44e0fdb89f4a7f3f52cb3a6a79d0763f85826fe1b5acb3215a0328c32ccdf2c21bb4ab3310c2d33f9b1255582e0807492ce59953f6cd4422bfa5ea9192177bbf13bd7a83807362036708653bd01b67d3def4ef7041ea29995404c0b10b0eae74bbf614652f887f755e94d390341437d50cecbf2c16fa21638ad3f85f30db17e1af9bf2b4aa8113d6a9170dc4c024f484200a471e9c73f6d2055585bdb499156081d3bc288a2ddd2b9d856c69c22ad3b4ee16555c64d86b7a9d83722860fdbf06b3a1592f3e5832fdf2d3ee078e54b7cee981cec96de0a4c77e052d2f86061cba468f6c5861771014dd56320f5fd4f84b5a890838e9fe72f41620d131cfdb7d0e627dd490acab383d5fc8cfc95e966ced3dfe3d315ad76a0452a50e8b4e9882ca9294eaa12f73629affc90505f48aedc1da6081259226056012decf4a60c3e252860cc7452e6058d8029d2d0971496e19cc94558c96678bd1b074894271b2bff2810f8a684c9329c584641bfeeb2fd4db920aec9d18e1b05803c37bc1b3cd1b3782a713ea754b1a35f137e21e31afd230aa1ba53cbc0af2ec98c860c993441007f910b8814e115725753f7a05d0b0b290048dd6aa97f3ae6f14b9652db8017e23303a3aa52c9fd5b83aa3f8ecb5e280425709237cd6fc6728664168bb2dda083ceab3ca528a78432104912e96a2ff9057885b1aebf1a8423b5c390f32bc5f3f0093870a27d8eee3576aa70a9b1ee21041a64e7dc0bbac8b46e7aa6a825bddeeab7f7bdad2ffa238a6cc77532551ebe4e650faadf67328371563e17b508ace6ed5dfcec60cd4b90ca23260f8ae78d937b7503f9595f233c7b719b837484bb684b2f9ca4df4d716a7de9ceadf0212e7f24574f1f14015ffb583c9ad2747cbddf2f0903d3dfc60eb204c6b581ba9caba16471d1bfb09b8b96ddadadcc97435ad6fe5ed249e25b01e0d5af5fe0430e4fb18eefce981fa6c78abab2a35f186137f256d8719f2053316680c03e7499941efd68a0ff066519f4d02608c320228c8cdc42fde4abecefde9d2113f730529e0215f284732d267c6804a49778a4ee32fb860122b4584a519ced4dfc0c8a3d25d90142d16e9e36eff436881dbddd06b99dee8c4e2ff7dbc19edaa7e1ad5b1f9d713abd72d4e4547b3a46ab6acfaa7d92b6da52b75bd530f6d833d156b95f1da248219c85fe807af0a47ae22c20392c889f5e89a3524cf42412a70277fe98196deb7a4c2b136fba8cc411afa84ab762d9b95b284d95f9220b3789ab54dcfb21cd2b99fcd501263cf23654c332a3aa37c6dac0c9c54e5602a691192707708e53abea4c63b7943b1348d3cf0bdce7e4076e3a4ed9afe8651cd8e953e30104534dcb6e85ab77773b60be7e46f6cd07ea8fc675d27593223dadb9cba83f3976e5133d79afd6e4a83877bd8f0d56bd99f3d996df0295838ffb421781da6c088f18f1f94e149659f02f01b99c73de89826f65bd3dbb44468518e0f0dd5fca324d3c9864d192040cd067b54b8801610bf8391ded4df50968bf7a0d0c0f7c56f47da904ad9bcc52e8690a844b7b0be9a4e7bc8ae396382ad4f6910df9eee9f19cacd9fb0aa9a378ee8b2e58befcd7158d1ea6cdc73cc63233d8c09fb4a04e7e672d7d0c7187f7b027e87560649eb8dfe97c81f3dea408f7f9c171e38892f077e9423e91b55a4635ddbea7b535d31c8ab28ae5030f04356bf05c737884a351a8da8ae81535ed5e9628befc767cd431907dd388c00b9a8d8ebf5b57017f70830dac5eb2872b77da544742d2c93940a945ed060e387e14680ea92e9a93799e64aca69ded0219486df2541b9fa209923c8d0f57978a39eba4fd17e9108243101d441cfe2c0374aaa65c434cea22e5d103588d526fc92531249ff8b8cd4783d8b915584c5ac71ff330797c85d5f66510a403cf996bec00239cef1730a35c1138b8f7f63f14e253e4d91999632d80f23076f7af79a38388e935e198d666efe799a4b8c2d82e443f01ea4907183d3bc9fb5bb94e119b1fb34beaaf1c0d296c4898600f99488a243c00309ee68a3c7297f3851ca8226eb72103d3e9981ab2dbc7dce584795aa452ee7950508f6016f04c965309f381edb1ce91059c3c21e0f7adf67f966d690545fb9597529fd5885937c433c5a156867951fc419f92ad55795a4267b0c66b59ba22ba782f92d431e37748aa41949a954b3c68120ddac938788b6d753d9152a562f8bf972c744359def08a16da4c077df2795710397e70faa3fe8e004ccf7275ad42d518094821207ad6813f66bf5c15e1a61298b3f977d7fd783f7cac82e88b652a14b9f6df36425cf89507428a6594d2200f392faea2542e6e51faa934ec1218652afd32c1f09ba277f8faa0b0fbf60b82340b42f88115394b36524026e71638bb7faec318168164e7448214f755c36dba743b15858788365171e521b9722d7950d48cb274b67361c89ef262a320186b8fb4ab84394fffdba09b14ca27608e6f49b6513d84a182459666d66902ef5cd3fa048d811401b910fc284c2d07dfe83bd398321f5e4a528b5c76dd2a4bbb7e68ce5826788c065cc686c8e174cc7cafdb289b0e4accd73fb54cccfdf3111a22a0fd764e5677cb54c94f7387b3290e8ea96a43ab678c514a33f497c3ed42ddaae3b1bad3c137d2b4aa193b2de5f4ac6e3f2a1404fcdf9919e18fb4cc8c042a72b550cf01d1dfffb8857d05d92430a669197cd66b7c7c88c539ff61aa880b94b5375989bae5fb8f381f8b211e52fd1bc3060eb2ad77d8de778a49ef3a21d992d3166c586eb5f3bb72a29da04c88441c381752939dc478b3088a66c869949b6d05a66286c61598dba66afb6d57b53ad164476d69fdb2ac668bb9c6fc4452dbb28041bb24556d3aae1dcaee06666fa18d0398e42a93741b5", 0xffd)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0xfff], 0x0, 0x0, 0x1}}, 0x40)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r5 = openat$cgroup_devices(r4, 0x0, 0x2, 0x0)
write$cgroup_devices(r5, &(0x7f0000000080)=ANY=[@ANYBLOB='b 7:', @ANYRESOCT], 0xd)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="202301"], 0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r6 = syz_io_uring_setup(0x499, &(0x7f0000000200)={0x0, 0xf7c9, 0x0, 0x1, 0x193}, &(0x7f0000000340)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r9 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r9, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_uring_enter(r6, 0x26c8, 0x0, 0x1, 0x0, 0x10)

11.61959771s ago: executing program 0 (id=615):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x1, 0x0, &(0x7f00000000c0))
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000100)='.\x00', &(0x7f0000000000)='iso9660\x00', 0x1000080, 0x0)

10.88602809s ago: executing program 2 (id=616):
r0 = getpid()
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x10)
r5 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r6, <r7=>0x0})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r8=>0x0}, &(0x7f0000000280)=0x5)
ioprio_set$uid(0x0, r8, 0x2007)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000500)={0x0, 0x0, <r9=>0x0}, &(0x7f0000000700)=0xc)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000007c0)=[{{&(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000480)=[{&(0x7f00000003c0)="8aec8647702d4b3a7c4540a0fe2ada565382f957b8d84763b868017e7c97ade19b71cd28bddd10ba6c7bddb882559b4a8f75888cbadaa160b3c212eed3b1843176c8f4cb323350d2bb388e99505f680f2c182edc696b72b7dfedfea1ac39e587e524ccc13606d14cf92e3a74af4dba25c2c8ee35e6a1ad399b80a0e580ccfe16de1d839e90ce3d59be39ffb680a6", 0x8e}, {&(0x7f0000000580)="205d90d14458b9792ef352f07b9ac3549bd47e309f292a45fc8cd9ec779e0c2993e3d659c25b2b2089bf48cb2aa0fef4a5d6db536b168eaf4fe2f8ccf8e5ef9995b78baec8fe2b1d89bc296489d115fad6640189294348ba7d4dbdffd5ccc51ff22ed9994a4f3bc69629635884eadd20e49b2cb2a66e90ae14844103a40a00a519325e3c18301b7f95e9ad269bd0d26fcc3fad27d045b9ba74625db9110e67a261c0eb50be20a361f616063dd62ac10a8e25ff964893d5f8cf3091961ef4cf4b93a75aa1b19245e865e64f27b2b4c5624e0b379bc3f03128b1b27c8c5a2ea8b3b846c5f9", 0xe4}], 0x2, &(0x7f0000000740)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r1]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r0, r8, r9}}}], 0x58, 0x4020810}}], 0x1, 0x44)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r5, 0xc01864b0, &(0x7f0000000000)={r6, r7, 0x1, 0x0, 0x3})
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x9, 0x7f}}, './file0\x00'})
r10 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r10, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000140)={'vxcan1\x00'})

10.053514707s ago: executing program 3 (id=617):
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0x20, &(0x7f0000000380)={&(0x7f00000001c0)=""/11, 0xb, <r0=>0x0, &(0x7f0000000340)=""/58, 0x3a}}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22f7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000000)="c1188e19b95d02ff4284860151b0", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = socket(0x11, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
close(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000001500010000000000000000000500000008000100", @ANYRES16], 0x1c}, 0x1, 0x0, 0x0, 0x48001}, 0x0)
openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x10)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4)

9.89140582s ago: executing program 2 (id=618):
syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xdef0, 0x8000000000000000}, 0x0)
prctl$PR_SET_TIMERSLACK(0x1d, 0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xf, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="35c8e05654c6179dea974f569cbdc1891bca30a9f69fc87d325fff9084484b73cbad34c95ff6f2e2092285aaf97f552d7189", @ANYRESDEC=r0, @ANYRESDEC=0x0, @ANYRES8=r0], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r4, 0x851, 0x0)
execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[&(0x7f0000000300)=' wO\xd5\xce\x82\x89r\xa0\r\xc4Z\x15\xfds\x17g\n\xee\x9f\a0\xc3\x80\xbf\x80j$\xe6Z\xde\xf1pc\x96\x8f\xb5\x9d\xe3\x11m\x88~\xe3\xc7\xe3\t\xab\xbb@\xd9\xf8\xa2N\x03\xcf\xe4\xd6\x0ew\x10\xc2\xaa\x84bC\xc8\xd0\xe07\xa1\rIa\xb1^\xc5WG\xccV\xd3\x91\x84x\x9d\x8eg\x84\xeb\x9e;\x8f\xa1\xa3\xcf]@\x82\xcf\x01$;\xd5\xc0\xa8\xc8r\x0e_\xac\xef\xf5\r\xd5Q\v\b#E\xcf@a\xa2\xaa#\x13S\x04\x12$\xcb\xbeV!\x1d\xc7\x84_\\ \xc7oh$\xc9\x06m']})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r5, 0x0, 0x0)
keyctl$read(0xb, 0x0, &(0x7f0000000680)=""/4096, 0x1000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="580000001000030400000000fedbdf2500007400", @ANYRES32=0x0, @ANYBLOB="0008000007500500380012800b0001006272696467650000280002800500190002000000050017000000000008000100810000000a0014080000000000000000"], 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x0)

5.178716181s ago: executing program 2 (id=619):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[], 0x50)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r1, 0x8982, &(0x7f00000001c0)={0x1, 'macvtap0\x00', {}, 0x1ff})
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0)
r3 = syz_open_procfs(r0, &(0x7f0000000000)='map_files\x00')
fchdir(r3)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000300))
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000380)={'gre0\x00', &(0x7f00000004c0)={'gretap0\x00', 0x0, 0x1, 0x700, 0x9, 0x8, {{0x7, 0x4, 0x2, 0x4, 0x1c, 0x67, 0x0, 0xf, 0x2f, 0x0, @multicast1, @loopback, {[@timestamp_addr={0x44, 0x4, 0x28, 0x1, 0x3}, @lsrr={0x83, 0x3, 0xd}]}}}}})
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4000)
getdents(r4, &(0x7f0000000100)=""/60, 0x6f)
getdents64(r4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)

4.81436878s ago: executing program 3 (id=620):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in={0x2, 0x4e21, @empty}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)='u', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x881)
dup(r0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000080)=ANY=[@ANYBLOB="09000000000000000a004e220000000400000000000000000000000000000001040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000a004e210000000300000000000000000000ffff7f000001090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e3ffffff000000000000000000000000000000000000000000000000000000000a004e240000026c00000000000000000000ffff000000000100"/388], 0x310)
pipe2(0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x80000)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
sendmmsg$unix(r4, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0)

4.709191049s ago: executing program 1 (id=621):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/comedi4\x00', 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0xfad6, 0x800, 0x1, 0x3}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000004880), 0x0, 0x0)
io_uring_enter(r1, 0x133d, 0x0, 0x8, 0x0, 0x0)

3.665156873s ago: executing program 1 (id=622):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000005200), 0x400000000000059, 0x2, 0x0)
write$bt_hci(r0, &(0x7f0000000200)=ANY=[], 0x6)

3.598817288s ago: executing program 0 (id=623):
r0 = mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb]0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc0884f2, 0x196, &(0x7f0000000440)={0x2000000000002000, 0x2000001, 0x55, 0x3})
r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000002300)=@o_path={0x0, 0x0, 0x4000, r0}, 0x18)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000002340), 0x208400, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002200)={0x6, 0x8, &(0x7f0000002680)=ANY=[@ANYRES16, @ANYBLOB="0000000000000000850000000700000018260000", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00\a\x00\x00\x00'], &(0x7f0000001100)='GPL\x00', 0x1000004, 0x1000, &(0x7f0000001140)=""/4096, 0x1f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000002140)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002180)={0x0, 0x20000, 0xb, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000300)=[0x1, 0x1, r1, r2, r1, r2, r1], 0x0, 0x10, 0x5}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_open_dev$video(0x0, 0x7, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
mount$fuse(0x0, &(0x7f00000025c0)='./file0\x00', 0x0, 0xa0001c, &(0x7f0000002640)=ANY=[@ANYBLOB, @ANYRESDEC, @ANYRES64=r3, @ANYRESDEC=0x0, @ANYBLOB])
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wg0\x00'})
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000040)={0x80, 0xa0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x10, 0x8}, {0x8, 0x8}, {0xd54, 0x0, 0x1}, {0x0, 0x20000000}, 0x0, 0x10, 0x0, 0x101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x6, 0xfffffffd, 0x0, 0x0, 0x0, 0x2, 0x6})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000002004000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78)
r5 = socket$netlink(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(r5, &(0x7f00000002c0)={0x0, 0x5, &(0x7f0000000280)={&(0x7f0000000340)=@newtaction={0x9c, 0x30, 0x48b, 0x0, 0x0, {}, [{0x88, 0x1, [@m_ctinfo={0x30, 0x2, 0x0, 0x0, {{0xb}, {0x3a}, {0x4}, {0xc}, {0xc}}}, @m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x8, 0x1, {{}, @multicast2, @remote}}]}, {0xffffff1a}, {0xc}, {0xc}}}]}]}, 0x9c}}, 0x0)

3.596418139s ago: executing program 3 (id=624):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=ANY=[@ANYBLOB=',\x00\x00', @ANYRES16=r2, @ANYBLOB], 0x2c}}, 0x20000000)
syz_open_dev$ttys(0xc, 0x2, 0x1)
syz_open_dev$vim2m(&(0x7f00000000c0), 0xfffffffffffff630, 0x2)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x8200, 0x0)
ioctl$SNDRV_PCM_IOCTL_XRUN(0xffffffffffffffff, 0x4148, 0x0)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000240), 0x2400, 0x0)
read$msr(r3, &(0x7f0000000300)=""/136, 0x88)
ioctl$SNDRV_PCM_IOCTL_DROP(r3, 0x4143, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0xfffb}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd502000000090001007379"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff)
readv(r4, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/214, 0xd6}], 0x1)
sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001e0001eb25bd70000000000001"], 0x114}], 0x1}, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)

3.533778864s ago: executing program 2 (id=625):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
dup(0xffffffffffffffff)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_io_uring_setup(0x239, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x401, 0x6)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44081)
r4 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r4, &(0x7f0000000140), 0x4924b68, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = fcntl$dupfd(r0, 0x0, r5)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDSIGACCEPT(r6, 0x400455c8, 0x9)

3.270635465s ago: executing program 0 (id=626):
r0 = getpid()
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x10)
r5 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r6, <r7=>0x0})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r8=>0x0}, &(0x7f0000000280)=0x5)
ioprio_set$uid(0x0, r8, 0x2007)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000500)={0x0, 0x0, <r9=>0x0}, &(0x7f0000000700)=0xc)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000007c0)=[{{&(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000480)=[{&(0x7f0000000580)="205d90d14458b9792ef352f07b9ac3549bd47e309f292a45fc8cd9ec779e0c2993e3d659c25b2b2089bf48cb2aa0fef4a5d6db536b168eaf4fe2f8ccf8e5ef9995b78baec8fe2b1d89bc296489d115fad6640189294348ba7d4dbdffd5ccc51ff22ed9994a4f3bc69629635884eadd20e49b2cb2a66e90ae14844103a40a00a519325e3c18301b7f95e9ad269bd0d26fcc3fad27d045b9ba74625db9110e67a261c0eb50be20a361f616063dd62ac10a8e25ff964893d5f8cf3091961ef4cf4b93a75aa1b19245e865e64f27b2b4c5624e0b379bc3f03128b1b27c8c5a2ea8b3b846c5f904", 0xe5}], 0x1, &(0x7f0000000740)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r1]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r0, r8, r9}}}], 0x58, 0x4020810}}], 0x1, 0x44)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r5, 0xc01864b0, &(0x7f0000000000)={r6, r7, 0x1, 0x0, 0x3})
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x9, 0x7f}}, './file0\x00'})
r10 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r10, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000140)={'vxcan1\x00'})

3.21034772s ago: executing program 3 (id=627):
syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xdef0, 0x8000000000000000}, 0x0)
prctl$PR_SET_TIMERSLACK(0x1d, 0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xf, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="35c8e05654c6179dea974f569cbdc1891bca30a9f69fc87d325fff9084484b73cbad34c95ff6f2e2092285aaf97f552d7189", @ANYRESDEC=r0, @ANYRESDEC=0x0, @ANYRES8=r0], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r4, 0x851, 0x0)
execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[&(0x7f0000000300)=' wO\xd5\xce\x82\x89r\xa0\r\xc4Z\x15\xfds\x17g\n\xee\x9f\a0\xc3\x80\xbf\x80j$\xe6Z\xde\xf1pc\x96\x8f\xb5\x9d\xe3\x11m\x88~\xe3\xc7\xe3\t\xab\xbb@\xd9\xf8\xa2N\x03\xcf\xe4\xd6\x0ew\x10\xc2\xaa\x84bC\xc8\xd0\xe07\xa1\rIa\xb1^\xc5WG\xccV\xd3\x91\x84x\x9d\x8eg\x84\xeb\x9e;\x8f\xa1\xa3\xcf]@\x82\xcf\x01$;\xd5\xc0\xa8\xc8r\x0e_\xac\xef\xf5\r\xd5Q\v\b#E\xcf@a\xa2\xaa#\x13S\x04\x12$\xcb\xbeV!\x1d\xc7\x84_\\ \xc7oh$\xc9\x06m']})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r5, 0x0, 0x0)
keyctl$read(0xb, 0x0, &(0x7f0000000680)=""/4096, 0x1000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="580000001000030400000000fedbdf2500007400", @ANYRES32=0x0, @ANYBLOB="0008000007500500380012800b0001006272696467650000280002800500190002000000050017000000000008000100810000000a0014080000000000000000"], 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x0)

2.234462679s ago: executing program 0 (id=628):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0x200028, 0x8, 0x2, 0x0, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
r6 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, 0x0)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00464b4, &(0x7f0000000400)={r5})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000200)={0x10001, 0x401f, 0x3})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000380)={0xfb, 0x4, 0xd83f})
dup(r1)
close_range(r0, 0xffffffffffffffff, 0x0)

2.204734601s ago: executing program 1 (id=629):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
chown(0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x6)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="1400000016000b63d25a80648c25940121", 0x11}, {&(0x7f0000000280)="e26248", 0x3}], 0x2}, 0x40050)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xffffffffffffffff}}, './file0\x00'})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000000100)={0x48})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioperm(0x7, 0x449, 0x7ff)
mount$bpf(0x0, &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x888a, &(0x7f0000000380))
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000008d28080000000000"], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0)

1.203000092s ago: executing program 3 (id=630):
sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001200)={0x57c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x9}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x1}, @NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_MATCH={0x33e, 0x5b, "894c6442bb5735eb1dd7f34feed08e7fb24d9df1ae6ae3c0dda6569b7a684eec79d056d432daf6c2feb25f7dff576dc3334d808a32676e2b91bd7070c352d9eb9c8f9c5ff735c7100a1096e595f1581e59df1534a32fd14d34d4836a3a685cae002c8d42ff0145e1522848e70dd7751cfee9a420396838f4f22920c4825d65818fec2c0c0b472ca6c53ccadf6bb5acbee17bff6743c6c0653ee37f6a9c551746d8b02e828ea462fe5cea01250a403287e8287a642e87f4e38b4b3fe43dfe3944f38c3864e4b68fe2cf8427d347903d816d722dc1401d8a6fb66b4b3d3dc9e70c86a8bbc40db893b99150954168786222855a90dc7bc9f500944aec3dfe9bea90f473287faab0bc724d88f5de299351033f7dd22e65faf27dc48f3f1ed764c8cefe2449da7de64ce77cf061f5520192ec11770ee2004564cfa5052d6323dd4ec61af050cf803e89b67836daedc5c88b535cb1485d44204193447c044635e055e6518d7295dba9807ebcdd1cc687c7671568bd7dbbd08fbb563c6a8d477933cee0c88fb4e367ebe3a154458666c67900d9ae2b3d82827f6cf5bcebe99fd3f47f8b52885a1dc0bc71dd949fff5fad6f98ae14d06c85240375340e9c2fdaec79199bb687fb4c73b187b6fa5f954b7211551e9930a34f55918fe6ad3b4acaddee3cc1df4f6e092f6c469869c5d98fd1908fce76eda7f1b4408b1f8761fd212c2476754f35905566eb37f2a061d59146e45bf691a6f9d29087bf57f6ad2b374ea7407567a49d8fa3b5dc8df0e8a975498e9e74bdc2c566d8cef9f1441a291b13bdc9cdb895f95ae18e79daf6dd549cd7b95f0b303dcf523a259525e002347327016515a0c0f403b4790c5e6a37ccf317c3600834ee7e20ffbf6a5d241378962ed5b4e1e6bf91b096c751ba089ce88d9fe6f7012d4919e64bd617755fc4b54ab89f659c694b8b35b74a8f760552d17e912c13d86b67bdfe4d9109a5b117093ac8091d98daa1126c8669e4c85d57843cb2629517845aa834b5aba67ae01b2418a8d793e40bc53cae9681375522781bb6808aac1d3cdeb6b1cfefd1847ce82f75e5e9d7677ea56f3596163fe70a898707625eac5f9dc999bfdd5bcec23edf46128f80284e82c90bdd88206a8fdc1e8073c88c28ade79566ddad2d2593f93c"}, @NL80211_ATTR_FRAME_MATCH={0x100, 0x5b, "2068f96769f722c2c8ce1a867261d9750759594e5f3bae31c300081a2a8d77aaf7ba1bb71a5db537b50b8dfb6163fd506a97b272c9fb05534dcf6a96ef612ecc2e00a87f54bf04a836b21a48e6d177ed1e42acf3e31fdd5d3a9d7ff8bee52e200d73c0200f7ec48069a987fc794ac507ddf869419bab7ad862f7096e37ddd89055854ff2175c8d3c8c385b3956166f1bb91420e0c3aa0cc67875942545f021f45038118433358115a296ec6ab02c410ddc182899b42e521356881f27fabbeb706f9b15281461c78c3f50dcad81c1a3ecb6e22334669369b402702c53209e8b2641f37cc989b12f503c6f62bcf6f05db23c801cf6a0c5ba311015c026"}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x1ff}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0xc}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x4}, @NL80211_ATTR_FRAME_MATCH={0xf5, 0x5b, "2537861a416172e1b3a4641f689e7128268d1c658d415db2a4a062885a2bced47cb6720eacc6e377961573f48e503a971c116892a4defcf1fdcda062dfbf3e7aabe23f1cbfdad14c8e50ab42677d34e5d1de13e5670d7a948fa03547a566b48a5b0b529334f38f00989ac8f9c4af14aa1d6f7923f034eaa15615e641dce7adf46324a7669f59b73e6d793886fefbeff2388ed14f2b826848e1009e8837d31c141b8154e4b1175f5935908b76f4cf686bb96c5a08a9b4b23a894bf84c18bb013702306fa8c94dcb33de65cd85d659fdbc55821a906a47490167f0fc01aee45814527289af1f4e581d66dca0fd8dcd40bab1"}]}, 0x57c}}, 0xc881)
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000700)=[{&(0x7f0000000540)}, {0x0}, {&(0x7f0000000400)}, {&(0x7f0000002a00)="398605fb4707631b08cf3dbc0b99af45d3e4c712d89099d35ca856b9231a32d09fb920a7ce8a975bdcf3b81138c1d4394758622aa2fb19291dea54fa15448beb9b6e2c44f5222ce6860146fa7156de8b25f053a3a87ed40e1d547fa4fc53e6b9358db39d0d2fd9a8b1e36aa4bca61949b954454db7ac4244c3f926477a27e4629b43060cf575deef8cf9b44261b1595913d03ddcff4493a37048f6561ef31f81ebc2ccdbd09da99736ecdbb8cd7b6cdc5d4c1bc3afe664ecf15082b47f42ad7ae3f517f85b56af0d8d501f04d90b50778d841c8cd4976884be5e1b762a901be2fa13f69bdf280915626f4c9b481422a8aacd07c57295ba8478d0a27a1379c49f6fd3b73e3a2f7a614e654948354ec03100bdd8fda54b497e17742a507c869d0d0334add10f64ea64b8182b569fd4f8a66e1da543175e44243ab8727f799d819e44a860043501f0c391e79e3c86500a3fa247c25130f2dafeed662d14d18e4098823128b422723726021d694ee224c63cab14acccb46120db22cb6d938bd4db567aeabce50d9803ea2057070df57df9554edb2abc856df001d69791dd851296c256c466ea8a96c6e06541f6b9a881817cf0d598f1be602eace33e1ac1e1db2b20d10b752d76867a4ba0ada4ee3863d4b65187842708af7e78f5a0f8f4ef3b6a334e4c32f31bf28b7ad32978e40e7deb57904aa1a8bd1da5ba053ab511b46a458f68153cc631c121e8678142722d77b7f6fd8640ffe9b22b8945f3620f0a8f386d78276758199f98a5ba651103eb7cdbbf985a332b195a7cbfb4f3c74ff17858986d771d72283559ee7dd8dc5727e6c792596939b69183b0507c8179e9c4facd44c6a8420959940de2cd2a2239ad81d4147d49430145bc4594cf58d68c6815f466f6ccbc7b574bbdfccedadca5545f0e23aedd145ee027c120d574511c51806995c37b201fdeb15476031d920333639dbcb2aa680f685fa5e435e5e6f30c8f3ab709a473a6219808df904de2d767fb25e57416592cd9b9cb3e45c7f51e161dc56ffa5893799ce69f0a71a9e35aa549957e048c283138ae95fbc3ca8096d72dfed71a5d25724667b5dca7e1f3828d2146a2dc84d9ebad96ae1238ea35c2b5dbf29aec147f9b5699c0b9d965f83c1b5a06c5f295b33cf082245703d6dc3c93065fd6d28ef51354236fdf2f008e0f6413200366743c9008e3bad1be1f53f0d1ec85366510a773e50ce4feb6c5caaf38852bce019fa5e755a3122457f87b9ec04b8ed8482b1b52653021feadfaaf766060bc63849c10d3d99b70f7b5405a5642d6fe52cc0fe24960d1eb520774b1d86d5cc00cdc86cd5111b9af41dd3031639274fc1feddb5f8b82a085a7019e33c917d3cbe6cbb670270741732aabfde16eab4351a0cf30fb66c5dda4eb954cd4ea9c1072144b241418e78ce875a10386686c3c0cec436b76b3c8ff8efb3cb983281859aaeeacb34fe4d27413991ac2a2d45eb94118ae51b1507228e14ec0dcd96e2589914322713b884bd411b55ad259e777858e55122588ce2f7cfdf8807bbaeab97f5eef217437b330f9de7419e412437aa9a38918a23b6d522acb21520192806789e283bca50f912611952af118d5d43e70f3a4f569f8bf87ee48cc8a68fb671b9b0a27327c5635ace1f0d5f1744aa0eeb9f929daa10f38093289eecf9298813c096857bb05c573cd102168d4815d76d23aa087b41e9026e51e9b7d6cff6adfe467887a6930dca447c83554ffd82a9bdf0b39c1b28731c773c43e420587a235ceb967007de48fdc8e86fe7960e769266b06a5368f6b43f2ca3b03eb933306bacb09f8be96ab7adf126ee3c3e123ac90b75310b3932059707cdb54a4e6fd990ad0839eb62f077e8a093d662615b5fbef8ceaf88c9bb5ebd86eeade835f3d2dff310c0493e13b56c17dc577c0c201129218b756794d46e77d1ae6d585560d679f65c04b7f0df28ee903003c030c88c3475c5a23cf973c41662ae7cb6f8fe955f02f4536e539a9a6e941ab454ba366a58f6e7a72ddb5278fab581cc01fd58084aeb30fbd5f9e1632171cc304480d2382696dc13fce686379ab7fb20fd82e9f3095fbfe08a2265a06e5c9f743f275e89e2a2b723fd1a5858342d468c6e24eae4e8bfb9b6ebe5ec25b0b62e3bcf4835fdde50bcc0c330f5f2defad79d906ed11bfd6832c1281bd5cbc55ab7a7de01cc596992fc829e599f636fd7f9815e56114ecc3638339dc69034761b2f006ffa1c86c444d21236de72a6e4368ad28fb73ea9f9800ffff43b0b0cdd26557607f87e6a5993b3df847fe58ee1fc00bc1b47a46292aebc3a6032c9c2abaf22d7ff048f8e1c558a6d9fad1be420011e54ffde0e5f7e8d0ee9e4540d3c48c3a3c9c2542e9d1cc76bd9b480ac277d6653ea3c6c75e515e0ecc6a9352eddbc0a53691da04e7c4fe585698d602da848441e7e55749a0a3eaf25044fc7478f5a0bc15dc01f103746f06efa2fd0c1e198dd312c4cd5b704fb9c63699724dfcba3024c53db857994e3d45f5c449606dfb653eecd18c861ce11aef7424c739d5d2fb00cfe1ae874b88911023b3c7a04d83a27347f7e9e086a57b00b7429316769a7ec5b4ed15bd8cb0cbcf9d45ec649bcbbb26f1330b8744fe3afeb522a0517607fcca662788e2dc100b9fa5358eaff4a2980e6943f3b38da171a333fc8ff27937018da4cfa2d727d7e17efb763923860da79546d166eee102b148f75d08014f494c3d770c65b2dcd583d3c97a39fb2bac337618bffc626fe803d97a507c836184f49bdcff66c7daf06a166446b7da396bf5a67abce7e76b8729bfa4d6a5c890c388847eebf1e00de700441620dc39b5de1f8788846ceb46f4a4b53cd4dca6b3075b39195e683300ffbd3338134f9adda7134de5e41339db47024c0255635f928517284334dfaf09864fdb2e438c2bb38052ad0fa8104eb8e1839019c6d921a6334d99b63a6cd17eb1d0ee4088e7189ab86fe68c973cc40c17ac663e5ba3afbfa72e9fe2e6b76b652909070ae931007f66b575a46c159aa2b39337b127f3eb6c494e128b495fb94a27d039cd1996852976b79aa38931b7c4eb3a65b7d8e03d6be7c0989b45732e5b2650d36c6544336f93b1f96572804f5275d583d20d2ae9c9fe118ad69846e208082341d2c24fd4728044005d917aadf005dc2dbd68725404f35d22256b04e0c930e0cf989ea8630a90d46ed47bccd7d7f5b8eee25c60b0fd41185c24adc655bc126b625085de9f1e896d9adddf25c6855f0d8a9dcc653d759d4c4adebfe8fbfddaa059e5d8573de316c6ff0e9a7e7f53f3799f202bb70420533d678a109913c228e7733216d3f83a33075f5e8395dd2037770688b2d6e3d3cbdc342444eed513495ca12b87bb11aa25e51a716e6dd34d7f197e2bd22207d37b66855752f3602233c3b7ea78c7406e0ebd9509752ae65ec527877b602f0c20a73c6c87b946bd6890bad8aaa43c7c09260db2cba7cdb72c952405f50cb7ba3a6b5e1721ed555d605d147ab961bc1f8c610c7aceca4bd4837aac563d62b5c80b740ee8cf0069a184d283d8a4f78bf962ac89a4f48c5ae6e37b79d72ca19ff8ac56cd4b7a392ea8ac5bc981681c588c5d31b8301b2010363ec0ece6b3cd0940231325499943a600b7ef7572d055a69fa86a44c706c6a75382269944308aa0e7006c9b45ea007b8b6753388fbffd646ce240dbc6ecf7fbdf0866de24470fbd8600956c20bdc6b795dcde6bb01ad84cb48ae718c119377dc91d16965ff68ee74e96c24d284f511d76599c5b48c1b8fdd6882529762d67a0ac41a6c3dd7ec49a6d73bca873cf7646a8972eb367106379c9c5908ec803c37d53d514f7f9334e53fc2337c5f098821332e1369c2fee270c3721f0e102833688f710f494c6a1ac4c2968db7398c42d8396fc53b4796fd3e7df3fc30eb27201b72d8cbf373bb08435f6e0224425ea67bab50c334ee63c71d40f8b5e5033befb88801d81de9c8f9306218a6ebc8ec96202183f6101bea802a17bc1671482db14f19705931d33da43a9ab93058d6a320ba6718463f632e2d8eeab78d5da6fc1b7d753811f411aec20ae62aefb9cff73b34db8f273c82fa926aedc106d3049ffe38c3cf5ea68097c7f15c152d731f68101327aa4bd6f7b374eccca645dc25cc3cdd1706ad23c7b7378bc1d2ac68db486c67b63d52919f6f451bcd4a17a1b06f7655367e00f353c1ae7464c94a1c4b20df199909d32b62280ef5ffe210852375e055661b1fab4c801112edfb2887538547797aa2bd4ab7f3f69ecbb3725717d0dee14e15b24db30d99fe008867b2f966bb8be1fbe4797e2dfec013e1deed510cdb71fe64b313944f2f42c0f7be97572211458e9de32fb97fd4cb2938297e98a5915378693ebb83f205ecbadf0cf50e48244b57569896bc12a663c0b581ca981f68df189ecfe3a23d482d09b01462054a9f05f83ae4ba1aa3744ad0b94662cb82083e98b78de597cfcb266d1f036b6c98da6e3442c6b5d385e231fbd2c969e37bc2955b5a13e019f06d836cd3700a2ad5c3e5938c4a262fc79d8e59f5e058c7aab82a583cab34d6006b1d8bc6a0d9bd9cdaffb30454cbf4f14669bd133ad63dee98abbb6a63391acb1673df5c06f31a1887c7caffd0c427680ffe7b705dbfea29ff524d950efb12a43d9d66077e09941f35497ac100f8bec935269a5981444335ae80c9334b540cb3032e82475e3de6d93e1e9011de860286bff2b4d005cecf8a8a90b68dd73f89d434a751b6ef530adb8ddab33da47642813083d0a71ff81c2e53a724234a1c41b46605d1d2e9c4294e9b043febd3be47794a9925cf95279df4f31717d048de7303e3e65387950f5f51a229c29ed7a9d027e9e2e273904b892de7e3de9d7499e387c07cfb2c3b901d143639bda189771e478f583aea2117064643392da5805bd4f1d273b939bfa05002ef93b98f793e2f787b48ee9299a579abd59ebf01aae553ccf2928eea865a3e5df1c055f7316afc9fa7e32a25283cbf56f59ede6823a88b6ef3d1d127d938f85691b58f90269e6a57c00ae77db93e691a647bb77bb454ba5d3da9ffe475dc65124f379a9c5ead8c1ba9030092dc81a3d73e9429bfcd1b0623a9adfddd5759541704053373d89f237063005ad41df723e9ccdbf0757b5783ec7f410c386a095ed7ba45a308acc83a308479e7b0b04ad0f4b09978e2ff680d76cc0b80d466ec49bf3a81a4fb00025e57df1d1e8d062da4e0a52a92f14a5babe60494c1ef78ae93bd694f4a672420bc99fb81327cf6d3bf75e34ec88d853ba4566489085f4c3661955c4b64026fab0f494ca32cffac7b225831885b376500fdfaaed867e1fe064e540a19e185b78e7b360eee75484479c600f35d2a69e74b6b6a1314c69a3f5302734c992b188e536018fd4dd7b170a0d3b070f9f22ad50caec5754bd1885766db340a27700c47b95600c6facd3abab3bb0dbe0a920dc57968a28f886f1785e6aa3b9ef9840a83f4831622252e5b9d41834369419a426eeb33610dd907d8dda2166923379cf17e3a20b913199a9d8cad3efd687378ee6cb97b4d6f16c145ee97140f1350bb476901febd6970eb86932676d44ff11f8c2a89d692ff20c40de0010932cb686837779cdcdc69d54bd1d794cce7648d72948375e5229fcd542c4110124a8a132aac3bccb4fee", 0xfbe}, {&(0x7f0000003a00)}, {&(0x7f0000000640)="30117876826b04a4cd71f83c68076bbac59d0dc50a1594cd0fe8b96facc716302cfb257ac9d28f9b96b828d6f86a1a23", 0x30}, {&(0x7f0000000680)="726ca31e45f3e88c9cb1e08dff15b0056bd7fecd71b43a60d17820cf5369b94614ee323f80a84d9ceb5cbf18929e4aa5ba5910", 0x33}, {&(0x7f00000006c0)="7c3a4ac8166c14ccd19235060177cd99a6a3", 0x12}], 0x8)
syz_genetlink_get_family_id$nl80211(0x0, r0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x418040, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0', [{0x20, 'axA\x9b^\xfb^$\r\'uij\r\xd9\xef\xd2Et^Q\v\x9fOFL\x95`Z\xae\xc3a\xfe%\x94\x1a\xebt\xc6\x06\x8fD,\xf7\xae#\x80\x80\xdf\xa3\xcaO\xc6\x8a\x91\x90\xadR\aW\xe1\xf3n\xca\xa3\x8f\xd6F\x03\x0e\x9b\xe5yb\xfc\xa19wUs\x83\xf1{&\n\x1d\x8e\x82y\x1a.B\x0e\xea\x17\xc7\xe7H\xa9\xd4\x8e\xe7 gD\x89*\xb5c<d\x1f\\\x10$o\x93\x02\x9c@\x9ddt\x8c\x875\xf7@\x9aM\xa3j\xfa\x1f\xe5\x81\xc9u<\xf0?w8P>\xc5\x8a\xe6R\xe5YGq\xf5\xb6\x95\xbc\x112\x9bno\xc8\x06\xb6\b\xcc\x03{Sn\x94G\x01\xb4\xffJQ8t\x99vY\xaaf\xc7,\x9f\xbb\x15G\x1cr\x19\xef\xab\n\xa8\xbc\xbd\xa2E\x16\x1cm\xbd=\x98\x7fU\xcbg\x15%\x95\xb11\x017\x83*\x14\xcbt\xc2\xcb\x04\x1e~?\xb9j\x18\x96\x84EA\xeaB\a\x83\xba\xdco<\x00'/256}]}, 0x10c)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r3, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)

434.246064ms ago: executing program 1 (id=631):
sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001200)={0x57c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x9}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x1}, @NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_MATCH={0x33e, 0x5b, "894c6442bb5735eb1dd7f34feed08e7fb24d9df1ae6ae3c0dda6569b7a684eec79d056d432daf6c2feb25f7dff576dc3334d808a32676e2b91bd7070c352d9eb9c8f9c5ff735c7100a1096e595f1581e59df1534a32fd14d34d4836a3a685cae002c8d42ff0145e1522848e70dd7751cfee9a420396838f4f22920c4825d65818fec2c0c0b472ca6c53ccadf6bb5acbee17bff6743c6c0653ee37f6a9c551746d8b02e828ea462fe5cea01250a403287e8287a642e87f4e38b4b3fe43dfe3944f38c3864e4b68fe2cf8427d347903d816d722dc1401d8a6fb66b4b3d3dc9e70c86a8bbc40db893b99150954168786222855a90dc7bc9f500944aec3dfe9bea90f473287faab0bc724d88f5de299351033f7dd22e65faf27dc48f3f1ed764c8cefe2449da7de64ce77cf061f5520192ec11770ee2004564cfa5052d6323dd4ec61af050cf803e89b67836daedc5c88b535cb1485d44204193447c044635e055e6518d7295dba9807ebcdd1cc687c7671568bd7dbbd08fbb563c6a8d477933cee0c88fb4e367ebe3a154458666c67900d9ae2b3d82827f6cf5bcebe99fd3f47f8b52885a1dc0bc71dd949fff5fad6f98ae14d06c85240375340e9c2fdaec79199bb687fb4c73b187b6fa5f954b7211551e9930a34f55918fe6ad3b4acaddee3cc1df4f6e092f6c469869c5d98fd1908fce76eda7f1b4408b1f8761fd212c2476754f35905566eb37f2a061d59146e45bf691a6f9d29087bf57f6ad2b374ea7407567a49d8fa3b5dc8df0e8a975498e9e74bdc2c566d8cef9f1441a291b13bdc9cdb895f95ae18e79daf6dd549cd7b95f0b303dcf523a259525e002347327016515a0c0f403b4790c5e6a37ccf317c3600834ee7e20ffbf6a5d241378962ed5b4e1e6bf91b096c751ba089ce88d9fe6f7012d4919e64bd617755fc4b54ab89f659c694b8b35b74a8f760552d17e912c13d86b67bdfe4d9109a5b117093ac8091d98daa1126c8669e4c85d57843cb2629517845aa834b5aba67ae01b2418a8d793e40bc53cae9681375522781bb6808aac1d3cdeb6b1cfefd1847ce82f75e5e9d7677ea56f3596163fe70a898707625eac5f9dc999bfdd5bcec23edf46128f80284e82c90bdd88206a8fdc1e8073c88c28ade79566ddad2d2593f93c"}, @NL80211_ATTR_FRAME_MATCH={0x100, 0x5b, "2068f96769f722c2c8ce1a867261d9750759594e5f3bae31c300081a2a8d77aaf7ba1bb71a5db537b50b8dfb6163fd506a97b272c9fb05534dcf6a96ef612ecc2e00a87f54bf04a836b21a48e6d177ed1e42acf3e31fdd5d3a9d7ff8bee52e200d73c0200f7ec48069a987fc794ac507ddf869419bab7ad862f7096e37ddd89055854ff2175c8d3c8c385b3956166f1bb91420e0c3aa0cc67875942545f021f45038118433358115a296ec6ab02c410ddc182899b42e521356881f27fabbeb706f9b15281461c78c3f50dcad81c1a3ecb6e22334669369b402702c53209e8b2641f37cc989b12f503c6f62bcf6f05db23c801cf6a0c5ba311015c026"}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x1ff}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0xc}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x4}, @NL80211_ATTR_FRAME_MATCH={0xf5, 0x5b, "2537861a416172e1b3a4641f689e7128268d1c658d415db2a4a062885a2bced47cb6720eacc6e377961573f48e503a971c116892a4defcf1fdcda062dfbf3e7aabe23f1cbfdad14c8e50ab42677d34e5d1de13e5670d7a948fa03547a566b48a5b0b529334f38f00989ac8f9c4af14aa1d6f7923f034eaa15615e641dce7adf46324a7669f59b73e6d793886fefbeff2388ed14f2b826848e1009e8837d31c141b8154e4b1175f5935908b76f4cf686bb96c5a08a9b4b23a894bf84c18bb013702306fa8c94dcb33de65cd85d659fdbc55821a906a47490167f0fc01aee45814527289af1f4e581d66dca0fd8dcd40bab1"}]}, 0x57c}}, 0xc881)
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000700)=[{&(0x7f0000000540)}, {0x0}, {&(0x7f0000000400)}, {&(0x7f0000002a00)="398605fb4707631b08cf3dbc0b99af45d3e4c712d89099d35ca856b9231a32d09fb920a7ce8a975bdcf3b81138c1d4394758622aa2fb19291dea54fa15448beb9b6e2c44f5222ce6860146fa7156de8b25f053a3a87ed40e1d547fa4fc53e6b9358db39d0d2fd9a8b1e36aa4bca61949b954454db7ac4244c3f926477a27e4629b43060cf575deef8cf9b44261b1595913d03ddcff4493a37048f6561ef31f81ebc2ccdbd09da99736ecdbb8cd7b6cdc5d4c1bc3afe664ecf15082b47f42ad7ae3f517f85b56af0d8d501f04d90b50778d841c8cd4976884be5e1b762a901be2fa13f69bdf280915626f4c9b481422a8aacd07c57295ba8478d0a27a1379c49f6fd3b73e3a2f7a614e654948354ec03100bdd8fda54b497e17742a507c869d0d0334add10f64ea64b8182b569fd4f8a66e1da543175e44243ab8727f799d819e44a860043501f0c391e79e3c86500a3fa247c25130f2dafeed662d14d18e4098823128b422723726021d694ee224c63cab14acccb46120db22cb6d938bd4db567aeabce50d9803ea2057070df57df9554edb2abc856df001d69791dd851296c256c466ea8a96c6e06541f6b9a881817cf0d598f1be602eace33e1ac1e1db2b20d10b752d76867a4ba0ada4ee3863d4b65187842708af7e78f5a0f8f4ef3b6a334e4c32f31bf28b7ad32978e40e7deb57904aa1a8bd1da5ba053ab511b46a458f68153cc631c121e8678142722d77b7f6fd8640ffe9b22b8945f3620f0a8f386d78276758199f98a5ba651103eb7cdbbf985a332b195a7cbfb4f3c74ff17858986d771d72283559ee7dd8dc5727e6c792596939b69183b0507c8179e9c4facd44c6a8420959940de2cd2a2239ad81d4147d49430145bc4594cf58d68c6815f466f6ccbc7b574bbdfccedadca5545f0e23aedd145ee027c120d574511c51806995c37b201fdeb15476031d920333639dbcb2aa680f685fa5e435e5e6f30c8f3ab709a473a6219808df904de2d767fb25e57416592cd9b9cb3e45c7f51e161dc56ffa5893799ce69f0a71a9e35aa549957e048c283138ae95fbc3ca8096d72dfed71a5d25724667b5dca7e1f3828d2146a2dc84d9ebad96ae1238ea35c2b5dbf29aec147f9b5699c0b9d965f83c1b5a06c5f295b33cf082245703d6dc3c93065fd6d28ef51354236fdf2f008e0f6413200366743c9008e3bad1be1f53f0d1ec85366510a773e50ce4feb6c5caaf38852bce019fa5e755a3122457f87b9ec04b8ed8482b1b52653021feadfaaf766060bc63849c10d3d99b70f7b5405a5642d6fe52cc0fe24960d1eb520774b1d86d5cc00cdc86cd5111b9af41dd3031639274fc1feddb5f8b82a085a7019e33c917d3cbe6cbb670270741732aabfde16eab4351a0cf30fb66c5dda4eb954cd4ea9c1072144b241418e78ce875a10386686c3c0cec436b76b3c8ff8efb3cb983281859aaeeacb34fe4d27413991ac2a2d45eb94118ae51b1507228e14ec0dcd96e2589914322713b884bd411b55ad259e777858e55122588ce2f7cfdf8807bbaeab97f5eef217437b330f9de7419e412437aa9a38918a23b6d522acb21520192806789e283bca50f912611952af118d5d43e70f3a4f569f8bf87ee48cc8a68fb671b9b0a27327c5635ace1f0d5f1744aa0eeb9f929daa10f38093289eecf9298813c096857bb05c573cd102168d4815d76d23aa087b41e9026e51e9b7d6cff6adfe467887a6930dca447c83554ffd82a9bdf0b39c1b28731c773c43e420587a235ceb967007de48fdc8e86fe7960e769266b06a5368f6b43f2ca3b03eb933306bacb09f8be96ab7adf126ee3c3e123ac90b75310b3932059707cdb54a4e6fd990ad0839eb62f077e8a093d662615b5fbef8ceaf88c9bb5ebd86eeade835f3d2dff310c0493e13b56c17dc577c0c201129218b756794d46e77d1ae6d585560d679f65c04b7f0df28ee903003c030c88c3475c5a23cf973c41662ae7cb6f8fe955f02f4536e539a9a6e941ab454ba366a58f6e7a72ddb5278fab581cc01fd58084aeb30fbd5f9e1632171cc304480d2382696dc13fce686379ab7fb20fd82e9f3095fbfe08a2265a06e5c9f743f275e89e2a2b723fd1a5858342d468c6e24eae4e8bfb9b6ebe5ec25b0b62e3bcf4835fdde50bcc0c330f5f2defad79d906ed11bfd6832c1281bd5cbc55ab7a7de01cc596992fc829e599f636fd7f9815e56114ecc3638339dc69034761b2f006ffa1c86c444d21236de72a6e4368ad28fb73ea9f9800ffff43b0b0cdd26557607f87e6a5993b3df847fe58ee1fc00bc1b47a46292aebc3a6032c9c2abaf22d7ff048f8e1c558a6d9fad1be420011e54ffde0e5f7e8d0ee9e4540d3c48c3a3c9c2542e9d1cc76bd9b480ac277d6653ea3c6c75e515e0ecc6a9352eddbc0a53691da04e7c4fe585698d602da848441e7e55749a0a3eaf25044fc7478f5a0bc15dc01f103746f06efa2fd0c1e198dd312c4cd5b704fb9c63699724dfcba3024c53db857994e3d45f5c449606dfb653eecd18c861ce11aef7424c739d5d2fb00cfe1ae874b88911023b3c7a04d83a27347f7e9e086a57b00b7429316769a7ec5b4ed15bd8cb0cbcf9d45ec649bcbbb26f1330b8744fe3afeb522a0517607fcca662788e2dc100b9fa5358eaff4a2980e6943f3b38da171a333fc8ff27937018da4cfa2d727d7e17efb763923860da79546d166eee102b148f75d08014f494c3d770c65b2dcd583d3c97a39fb2bac337618bffc626fe803d97a507c836184f49bdcff66c7daf06a166446b7da396bf5a67abce7e76b8729bfa4d6a5c890c388847eebf1e00de700441620dc39b5de1f8788846ceb46f4a4b53cd4dca6b3075b39195e683300ffbd3338134f9adda7134de5e41339db47024c0255635f928517284334dfaf09864fdb2e438c2bb38052ad0fa8104eb8e1839019c6d921a6334d99b63a6cd17eb1d0ee4088e7189ab86fe68c973cc40c17ac663e5ba3afbfa72e9fe2e6b76b652909070ae931007f66b575a46c159aa2b39337b127f3eb6c494e128b495fb94a27d039cd1996852976b79aa38931b7c4eb3a65b7d8e03d6be7c0989b45732e5b2650d36c6544336f93b1f96572804f5275d583d20d2ae9c9fe118ad69846e208082341d2c24fd4728044005d917aadf005dc2dbd68725404f35d22256b04e0c930e0cf989ea8630a90d46ed47bccd7d7f5b8eee25c60b0fd41185c24adc655bc126b625085de9f1e896d9adddf25c6855f0d8a9dcc653d759d4c4adebfe8fbfddaa059e5d8573de316c6ff0e9a7e7f53f3799f202bb70420533d678a109913c228e7733216d3f83a33075f5e8395dd2037770688b2d6e3d3cbdc342444eed513495ca12b87bb11aa25e51a716e6dd34d7f197e2bd22207d37b66855752f3602233c3b7ea78c7406e0ebd9509752ae65ec527877b602f0c20a73c6c87b946bd6890bad8aaa43c7c09260db2cba7cdb72c952405f50cb7ba3a6b5e1721ed555d605d147ab961bc1f8c610c7aceca4bd4837aac563d62b5c80b740ee8cf0069a184d283d8a4f78bf962ac89a4f48c5ae6e37b79d72ca19ff8ac56cd4b7a392ea8ac5bc981681c588c5d31b8301b2010363ec0ece6b3cd0940231325499943a600b7ef7572d055a69fa86a44c706c6a75382269944308aa0e7006c9b45ea007b8b6753388fbffd646ce240dbc6ecf7fbdf0866de24470fbd8600956c20bdc6b795dcde6bb01ad84cb48ae718c119377dc91d16965ff68ee74e96c24d284f511d76599c5b48c1b8fdd6882529762d67a0ac41a6c3dd7ec49a6d73bca873cf7646a8972eb367106379c9c5908ec803c37d53d514f7f9334e53fc2337c5f098821332e1369c2fee270c3721f0e102833688f710f494c6a1ac4c2968db7398c42d8396fc53b4796fd3e7df3fc30eb27201b72d8cbf373bb08435f6e0224425ea67bab50c334ee63c71d40f8b5e5033befb88801d81de9c8f9306218a6ebc8ec96202183f6101bea802a17bc1671482db14f19705931d33da43a9ab93058d6a320ba6718463f632e2d8eeab78d5da6fc1b7d753811f411aec20ae62aefb9cff73b34db8f273c82fa926aedc106d3049ffe38c3cf5ea68097c7f15c152d731f68101327aa4bd6f7b374eccca645dc25cc3cdd1706ad23c7b7378bc1d2ac68db486c67b63d52919f6f451bcd4a17a1b06f7655367e00f353c1ae7464c94a1c4b20df199909d32b62280ef5ffe210852375e055661b1fab4c801112edfb2887538547797aa2bd4ab7f3f69ecbb3725717d0dee14e15b24db30d99fe008867b2f966bb8be1fbe4797e2dfec013e1deed510cdb71fe64b313944f2f42c0f7be97572211458e9de32fb97fd4cb2938297e98a5915378693ebb83f205ecbadf0cf50e48244b57569896bc12a663c0b581ca981f68df189ecfe3a23d482d09b01462054a9f05f83ae4ba1aa3744ad0b94662cb82083e98b78de597cfcb266d1f036b6c98da6e3442c6b5d385e231fbd2c969e37bc2955b5a13e019f06d836cd3700a2ad5c3e5938c4a262fc79d8e59f5e058c7aab82a583cab34d6006b1d8bc6a0d9bd9cdaffb30454cbf4f14669bd133ad63dee98abbb6a63391acb1673df5c06f31a1887c7caffd0c427680ffe7b705dbfea29ff524d950efb12a43d9d66077e09941f35497ac100f8bec935269a5981444335ae80c9334b540cb3032e82475e3de6d93e1e9011de860286bff2b4d005cecf8a8a90b68dd73f89d434a751b6ef530adb8ddab33da47642813083d0a71ff81c2e53a724234a1c41b46605d1d2e9c4294e9b043febd3be47794a9925cf95279df4f31717d048de7303e3e65387950f5f51a229c29ed7a9d027e9e2e273904b892de7e3de9d7499e387c07cfb2c3b901d143639bda189771e478f583aea2117064643392da5805bd4f1d273b939bfa05002ef93b98f793e2f787b48ee9299a579abd59ebf01aae553ccf2928eea865a3e5df1c055f7316afc9fa7e32a25283cbf56f59ede6823a88b6ef3d1d127d938f85691b58f90269e6a57c00ae77db93e691a647bb77bb454ba5d3da9ffe475dc65124f379a9c5ead8c1ba9030092dc81a3d73e9429bfcd1b0623a9adfddd5759541704053373d89f237063005ad41df723e9ccdbf0757b5783ec7f410c386a095ed7ba45a308acc83a308479e7b0b04ad0f4b09978e2ff680d76cc0b80d466ec49bf3a81a4fb00025e57df1d1e8d062da4e0a52a92f14a5babe60494c1ef78ae93bd694f4a672420bc99fb81327cf6d3bf75e34ec88d853ba4566489085f4c3661955c4b64026fab0f494ca32cffac7b225831885b376500fdfaaed867e1fe064e540a19e185b78e7b360eee75484479c600f35d2a69e74b6b6a1314c69a3f5302734c992b188e536018fd4dd7b170a0d3b070f9f22ad50caec5754bd1885766db340a27700c47b95600c6facd3abab3bb0dbe0a920dc57968a28f886f1785e6aa3b9ef9840a83f4831622252e5b9d41834369419a426eeb33610dd907d8dda2166923379cf17e3a20b913199a9d8cad3efd687378ee6cb97b4d6f16c145ee97140f1350bb476901febd6970eb86932676d44ff11f8c2a89d692ff20c40de0010932cb686837779cdcdc69d54bd1d794cce7648d72948375e5229fcd542c4110124a8a132aac3bccb4fee", 0xfbe}, {&(0x7f0000003a00)}, {&(0x7f0000000640)="30117876826b04a4cd71f83c68076bbac59d0dc50a1594cd0fe8b96facc716302cfb257ac9d28f9b96b828d6f86a1a23", 0x30}, {&(0x7f0000000680)="726ca31e45f3e88c9cb1e08dff15b0056bd7fecd71b43a60d17820cf5369b94614ee323f80a84d9ceb5cbf18929e4aa5ba5910", 0x33}, {&(0x7f00000006c0)="7c3a4ac8166c14ccd19235060177cd99a6a3", 0x12}], 0x8)
syz_genetlink_get_family_id$nl80211(0x0, r0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x418040, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r3, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)

420.484765ms ago: executing program 0 (id=632):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in={0x2, 0x4e21, @empty}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)='u', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x881)
dup(r0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000080)=ANY=[@ANYBLOB="09000000000000000a004e220000000400000000000000000000000000000001040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000a004e210000000300000000000000000000ffff7f000001090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e3ffffff000000000000000000000000000000000000000000000000000000000a004e240000026c00000000000000000000ffff000000000100"/388], 0x310)
pipe2(0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x80000)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
sendmmsg$unix(r4, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0)

0s ago: executing program 1 (id=633):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x1, 0x0, &(0x7f00000000c0))
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000100)='.\x00', &(0x7f0000000000)='iso9660\x00', 0x1000080, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.71' (ED25519) to the list of known hosts.
[   81.312789][ T5774] cgroup: Unknown subsys name 'net'
[   81.451483][ T5774] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   83.217268][ T5774] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   84.908208][ T5786] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.916808][ T5786] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.927308][ T5786] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.936143][ T5786] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.944529][ T5786] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   84.948703][ T5790] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   84.952416][ T5786] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.960831][ T5790] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   84.973729][ T5790] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   84.984580][ T5790] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   84.994742][ T5790] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   85.006178][ T5786] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   85.014929][ T5786] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   85.022482][ T5786] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   85.030715][ T5790] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   85.040712][ T5790] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   85.050931][ T5790] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   85.064529][ T5790] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   85.067641][ T5792] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   85.082679][ T5102] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   85.105368][ T5792] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   85.113934][ T5792] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   85.122029][ T5792] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   85.130287][ T5792] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   85.555950][ T5783] chnl_net:caif_netlink_parms(): no params data found
[   85.660351][ T5791] chnl_net:caif_netlink_parms(): no params data found
[   85.739211][ T5787] chnl_net:caif_netlink_parms(): no params data found
[   85.823780][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.832139][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.840037][ T5783] bridge_slave_0: entered allmulticast mode
[   85.847715][ T5783] bridge_slave_0: entered promiscuous mode
[   85.909267][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.917159][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.924661][ T5783] bridge_slave_1: entered allmulticast mode
[   85.931688][ T5783] bridge_slave_1: entered promiscuous mode
[   85.949360][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.957633][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.965025][ T5791] bridge_slave_0: entered allmulticast mode
[   85.972105][ T5791] bridge_slave_0: entered promiscuous mode
[   86.016882][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.024321][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.031617][ T5791] bridge_slave_1: entered allmulticast mode
[   86.039544][ T5791] bridge_slave_1: entered promiscuous mode
[   86.046411][ T5784] chnl_net:caif_netlink_parms(): no params data found
[   86.060957][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.119592][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.158822][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.171275][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.200715][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.208182][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.215735][ T5787] bridge_slave_0: entered allmulticast mode
[   86.223621][ T5787] bridge_slave_0: entered promiscuous mode
[   86.261325][ T5783] team0: Port device team_slave_0 added
[   86.269444][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.276894][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.284391][ T5787] bridge_slave_1: entered allmulticast mode
[   86.291430][ T5787] bridge_slave_1: entered promiscuous mode
[   86.318667][ T5783] team0: Port device team_slave_1 added
[   86.354944][ T5791] team0: Port device team_slave_0 added
[   86.394594][ T5791] team0: Port device team_slave_1 added
[   86.407090][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.414431][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.442197][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.465381][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.502018][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.509398][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.535536][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.556329][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.603675][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.611046][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.618793][ T5784] bridge_slave_0: entered allmulticast mode
[   86.628123][ T5784] bridge_slave_0: entered promiscuous mode
[   86.649780][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.657357][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.684192][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.698262][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.705693][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.732074][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.769983][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.777559][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.786018][ T5784] bridge_slave_1: entered allmulticast mode
[   86.794190][ T5784] bridge_slave_1: entered promiscuous mode
[   86.804817][ T5787] team0: Port device team_slave_0 added
[   86.824718][ T5783] hsr_slave_0: entered promiscuous mode
[   86.831634][ T5783] hsr_slave_1: entered promiscuous mode
[   86.854880][ T5787] team0: Port device team_slave_1 added
[   86.878144][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.914867][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.990256][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.998410][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.025052][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.034452][ T5792] Bluetooth: hci0: command tx timeout
[   87.038720][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.049416][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.076199][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.094502][ T5791] hsr_slave_0: entered promiscuous mode
[   87.095527][ T5792] Bluetooth: hci1: command tx timeout
[   87.106920][ T5791] hsr_slave_1: entered promiscuous mode
[   87.114150][ T5791] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.122090][ T5791] Cannot create hsr debugfs directory
[   87.131324][ T5784] team0: Port device team_slave_0 added
[   87.141309][ T5784] team0: Port device team_slave_1 added
[   87.175931][ T5786] Bluetooth: hci3: command tx timeout
[   87.175953][ T5792] Bluetooth: hci2: command tx timeout
[   87.226296][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.236934][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.264672][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.316712][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.324982][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.354256][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.394242][ T5787] hsr_slave_0: entered promiscuous mode
[   87.401133][ T5787] hsr_slave_1: entered promiscuous mode
[   87.408070][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.417526][ T5787] Cannot create hsr debugfs directory
[   87.600183][ T5784] hsr_slave_0: entered promiscuous mode
[   87.607364][ T5784] hsr_slave_1: entered promiscuous mode
[   87.619480][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.627583][ T5784] Cannot create hsr debugfs directory
[   88.004180][ T5783] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   88.023454][ T5783] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   88.034148][ T5783] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   88.054203][ T5783] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   88.116109][ T5791] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   88.131990][ T5791] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   88.144666][ T5791] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   88.165527][ T5791] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   88.290231][ T5787] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   88.309756][ T5787] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   88.338279][ T5787] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   88.352115][ T5787] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   88.407003][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.470374][ T5784] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   88.482207][ T5784] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   88.497615][ T5784] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   88.519908][ T5784] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   88.549570][ T5783] 8021q: adding VLAN 0 to HW filter on device team0
[   88.584072][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.591448][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.634776][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.642079][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.673794][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.757302][ T5791] 8021q: adding VLAN 0 to HW filter on device team0
[   88.791645][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.798860][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.836155][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.843374][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.887503][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.926662][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.984160][ T5787] 8021q: adding VLAN 0 to HW filter on device team0
[   89.017428][ T5791] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   89.040199][ T5784] 8021q: adding VLAN 0 to HW filter on device team0
[   89.089484][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.097028][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.107416][ T5786] Bluetooth: hci0: command tx timeout
[   89.123049][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.130888][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.155484][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.162764][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.173888][ T5786] Bluetooth: hci1: command tx timeout
[   89.184276][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.191607][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.253733][ T5786] Bluetooth: hci3: command tx timeout
[   89.254765][ T5102] Bluetooth: hci2: command tx timeout
[   89.438503][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.588003][ T5783] veth0_vlan: entered promiscuous mode
[   89.637980][ T5783] veth1_vlan: entered promiscuous mode
[   89.662158][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.767241][ T5783] veth0_macvtap: entered promiscuous mode
[   89.781723][ T5783] veth1_macvtap: entered promiscuous mode
[   89.832335][ T5791] veth0_vlan: entered promiscuous mode
[   89.865980][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.881575][ T5791] veth1_vlan: entered promiscuous mode
[   89.935896][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.949866][ T5783] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.960737][ T5783] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.969617][ T5783] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.979344][ T5783] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.012963][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.089352][ T5791] veth0_macvtap: entered promiscuous mode
[   90.107339][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.160455][ T5791] veth1_macvtap: entered promiscuous mode
[   90.189203][ T1135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.213431][ T1135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.269349][ T5787] veth0_vlan: entered promiscuous mode
[   90.285966][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.298183][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.310138][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.336513][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.340276][ T5787] veth1_vlan: entered promiscuous mode
[   90.350178][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.387340][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.408007][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.421344][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.446588][ T5784] veth0_vlan: entered promiscuous mode
[   90.465462][ T5791] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.488719][ T5791] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.498425][ T5791] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.507494][ T5791] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.549368][ T5787] veth0_macvtap: entered promiscuous mode
[   90.586704][ T5784] veth1_vlan: entered promiscuous mode
[   90.641946][ T5787] veth1_macvtap: entered promiscuous mode
[   90.702439][ T5784] veth0_macvtap: entered promiscuous mode
[   90.719262][ T5784] veth1_macvtap: entered promiscuous mode
[   90.741878][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.753263][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.763912][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.791702][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.816173][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.867909][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.890734][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.910833][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.937695][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.949637][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.978168][ T5784] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.028678][ T5784] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.046739][ T5879] Zero length message leads to an empty skb
[   91.161062][ T5784] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.177067][ T5102] Bluetooth: hci0: command tx timeout
[   91.273766][ T5102] Bluetooth: hci1: command tx timeout
[   91.322862][ T5784] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.333059][ T5102] Bluetooth: hci3: command tx timeout
[   91.339295][ T5102] Bluetooth: hci2: command tx timeout
[   91.555261][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.568782][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.591581][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.602155][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.620730][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.632120][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.649209][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.661108][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.680929][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.700322][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   91.711735][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.721647][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   91.732206][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.743675][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   91.754442][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.771355][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.819587][ T5787] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.829322][ T5787] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.841799][ T5787] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.852502][ T5787] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.912154][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.923905][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.083868][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.091853][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.169179][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.205697][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.231715][   T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.268221][   T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.337155][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   92.361087][   T27] cfg80211: failed to load regulatory.db
[   92.439224][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   92.541764][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   92.746471][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   92.755958][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   92.781248][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   92.862601][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[   92.962819][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   93.143625][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.152340][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.253365][ T5786] Bluetooth: hci0: command tx timeout
[   93.374929][ T5786] Bluetooth: hci1: command tx timeout
[   93.412977][ T5786] Bluetooth: hci2: command tx timeout
[   93.418524][ T5786] Bluetooth: hci3: command tx timeout
[   94.523704][ T5904] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2
[   94.533584][ T5904] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0
[   94.562087][ T5906] mmap: syz.2.3 (5906) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   96.022654][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   96.126385][    T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!!
[   97.006101][ T5923] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11'.
[   97.041927][ T5923] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11'.
[  102.344731][ T5956] netlink: 8 bytes leftover after parsing attributes in process `syz.0.21'.
[  104.978781][ T5982] UBIFS error (pid: 5982): cannot open "usrquota", error -22
[  108.184831][ T5991] vivid-003: disconnect
[  108.398077][ T5989] vivid-003: reconnect
[  108.743215][ T5993] netlink: 8 bytes leftover after parsing attributes in process `syz.3.33'.
[  112.183996][ T6003] delete_channel: no stack
[  113.329132][ T6029] vivid-001: disconnect
[  114.146440][ T6026] vivid-001: reconnect
[  114.620834][ T6039] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  115.325550][ T6043] netlink: 8 bytes leftover after parsing attributes in process `syz.0.46'.
[  116.016519][ T6054] trusted_key: syz.3.48 sent an empty control message without MSG_MORE.
[  118.644697][ T6070] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  119.573283][ T5786] Bluetooth: hci4: sending frame failed (-49)
[  119.592640][ T5102] Bluetooth: hci4: Opcode 0x1003 failed: -49
[  122.291378][ T6098] netlink: 8 bytes leftover after parsing attributes in process `syz.1.58'.
[  122.696125][ T6100] JFS: discard option not supported on device
[  122.704408][ T6100] Mount JFS Failure: -22
[  122.708831][ T6100] jfs_mount failed w/return code = -22
[  123.362471][ T6117] netlink: 12 bytes leftover after parsing attributes in process `syz.2.63'.
[  123.372597][ T6117] netlink: 12 bytes leftover after parsing attributes in process `syz.2.63'.
[  124.700088][ T6113] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  125.589686][ T6131] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  125.599242][ T6131] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  125.608214][ T6131] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  125.617938][ T6131] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  127.373575][ T6147] UBIFS error (pid: 6147): cannot open "", error -22
[  127.558938][ T6146] vivid-001: disconnect
[  127.653853][ T6146] vivid-001: reconnect
[  131.585587][ T6177] ISOFS: Unable to identify CD-ROM format.
[  133.282768][ T6182] process 'syz.3.82' launched './file0' with NULL argv: empty string added
[  133.727701][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  133.736073][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  134.233032][ T6190] vivid-002: disconnect
[  134.299047][ T6190] vivid-002: reconnect
[  135.900341][ T6199] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  135.909773][ T6199] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  135.919499][ T6199] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  135.928426][ T6199] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  141.488535][ T6226] netlink: 44 bytes leftover after parsing attributes in process `syz.2.97'.
[  141.920150][ T6228] netlink: 8 bytes leftover after parsing attributes in process `syz.3.96'.
[  142.162458][ T6232] vivid-001: disconnect
[  142.407836][ T6232] vivid-001: reconnect
[  145.088872][ T6254] ISOFS: Unable to identify CD-ROM format.
[  145.633836][ T6262] netlink: 44 bytes leftover after parsing attributes in process `syz.2.107'.
[  146.323255][ T6266] vivid-000: disconnect
[  146.387810][ T6266] vivid-000: reconnect
[  146.650971][ T6270] netlink: 8 bytes leftover after parsing attributes in process `syz.0.110'.
[  147.893702][ T6281] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  147.902635][ T6281] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  147.911504][ T6281] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  147.920490][ T6281] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  148.912352][ T6290] syz.3.117 uses obsolete (PF_INET,SOCK_PACKET)
[  151.102860][ T6301] vivid-003: disconnect
[  151.108307][ T6301] vivid-003: reconnect
[  152.303831][ T6313] netlink: 8 bytes leftover after parsing attributes in process `syz.3.122'.
[  156.574676][ T6350] netlink: 8 bytes leftover after parsing attributes in process `syz.1.134'.
[  160.882414][ T6381] sctp: [Deprecated]: syz.0.141 (pid 6381) Use of struct sctp_assoc_value in delayed_ack socket option.
[  160.882414][ T6381] Use struct sctp_sack_info instead
[  163.011408][ T5825] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  163.203731][ T5825] usb 1-1: Using ep0 maxpacket: 8
[  163.244860][ T5825] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  163.266107][ T5825] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  163.285114][ T5825] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  163.299617][ T5825] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  163.327144][ T5825] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  163.347131][ T5825] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.410251][ T5825] hub 1-1:1.0: bad descriptor, ignoring hub
[  163.430474][ T5825] hub: probe of 1-1:1.0 failed with error -5
[  163.449758][ T5825] cdc_wdm 1-1:1.0: skipping garbage
[  163.463144][ T5825] cdc_wdm 1-1:1.0: skipping garbage
[  163.487639][ T5825] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  163.504340][ T5825] cdc_wdm 1-1:1.0: Unknown control protocol
[  164.124533][    T8] usb 1-1: USB disconnect, device number 2
[  164.304016][ T6407] netlink: 'syz.1.149': attribute type 20 has an invalid length.
[  164.484623][ T6407] dvmrp17: entered allmulticast mode
[  167.526718][ T6443] syz.1.159[6443]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[  168.011839][ T6436] netlink: 116 bytes leftover after parsing attributes in process `syz.1.159'.
[  168.027473][ T6439] vivid-001: disconnect
[  168.047513][ T6439] vivid-001: reconnect
[  168.722371][ T6455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.163'.
[  168.736856][ T6455] netlink: 4 bytes leftover after parsing attributes in process `syz.1.163'.
[  169.495199][ T5786] Bluetooth: hci4: command 0x1003 tx timeout
[  169.503754][ T5102] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  172.507340][ T6480] vivid-000: disconnect
[  172.531689][ T6480] vivid-000: reconnect
[  176.055288][ T6520] vivid-002: disconnect
[  176.099504][ T6520] vivid-002: reconnect
[  179.867110][ T6550] vivid-001: disconnect
[  179.889113][ T6550] vivid-001: reconnect
[  180.987125][ T6557] ISOFS: Unable to identify CD-ROM format.
[  182.426940][ T6579] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  182.435861][ T6579] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  182.444945][ T6579] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  182.454146][ T6579] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  183.422581][ T6582] vivid-001: disconnect
[  183.472321][ T6582] vivid-001: reconnect
[  185.741663][ T6604] syz.0.208: attempt to access beyond end of device
[  185.741663][ T6604] loop0: rw=0, sector=0, nr_sectors = 1 limit=0
[  187.310552][ T1135] Bluetooth: hci4: Frame reassembly failed (-84)
[  189.263699][ T5786] Bluetooth: hci4: command 0x1003 tx timeout
[  189.312752][ T5102] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  190.285917][ T6652] UBIFS error (pid: 6652): cannot open "usrquota", error -22
[  191.396341][ T6661] vivid-002: disconnect
[  191.459658][ T6661] vivid-002: reconnect
[  194.522294][ T6693] UBIFS error (pid: 6693): cannot open "usrquota", error -22
[  194.697107][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  194.711139][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  195.262882][ T5102] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  196.218988][ T6702] vivid-001: disconnect
[  196.224836][ T6702] vivid-001: reconnect
[  198.933430][ T6731] bpq0: entered allmulticast mode
[  199.742640][ T5102] Bluetooth: hci4: command 0xfc11 tx timeout
[  201.203025][ T5786] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  201.948225][ T6749] syz.0.252: attempt to access beyond end of device
[  201.948225][ T6749] loop0: rw=0, sector=0, nr_sectors = 1 limit=0
[  202.235777][ T6751] vivid-000: disconnect
[  202.302903][ T6751] vivid-000: reconnect
[  205.252449][ T5886] Bluetooth: hci4: Frame reassembly failed (-84)
[  205.861469][ T6778] netlink: 116 bytes leftover after parsing attributes in process `syz.1.260'.
[  206.245768][ T6795] syz.2.264: attempt to access beyond end of device
[  206.245768][ T6795] loop2: rw=0, sector=0, nr_sectors = 1 limit=0
[  206.410298][ T6796] vivid-003: disconnect
[  206.467732][ T6796] vivid-003: reconnect
[  206.992735][ T5786] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  210.554774][ T6823] netlink: 116 bytes leftover after parsing attributes in process `syz.2.273'.
[  211.129831][ T6839] syz.1.277: attempt to access beyond end of device
[  211.129831][ T6839] loop1: rw=0, sector=0, nr_sectors = 1 limit=0
[  212.157284][   T50] Bluetooth: hci2: command 0x0406 tx timeout
[  212.164415][   T50] Bluetooth: hci0: command 0x0406 tx timeout
[  212.170495][   T50] Bluetooth: hci1: command 0x0406 tx timeout
[  212.177019][   T50] Bluetooth: hci3: command 0x0406 tx timeout
[  212.628444][ T6856] fuse: Bad value for 'group_id'
[  217.751082][ T6905] fuse: Bad value for 'group_id'
[  218.213062][ T5102] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  218.687923][ T6912] ISOFS: Unable to identify CD-ROM format.
[  225.677298][ T6876] Bluetooth: hci4: Frame reassembly failed (-84)
[  226.893690][ T6953] ISOFS: Unable to identify CD-ROM format.
[  227.030098][ T6955] fuse: Bad value for 'group_id'
[  227.652987][ T5786] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  238.193594][   T28] audit: type=1326 audit(1755744584.831:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f107598ebe9 code=0x7ffc0000
[  238.267713][   T28] audit: type=1326 audit(1755744584.841:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f107598ebe9 code=0x7ffc0000
[  238.321460][   T28] audit: type=1326 audit(1755744584.881:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f107598ebe9 code=0x7ffc0000
[  238.402302][   T28] audit: type=1326 audit(1755744584.881:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f107598ebe9 code=0x7ffc0000
[  238.453181][   T28] audit: type=1326 audit(1755744584.881:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f107598ebe9 code=0x7ffc0000
[  255.186135][ T7195] ISOFS: Unable to identify CD-ROM format.
[  256.239233][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  256.246256][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  257.498890][ T7210] fuse: Bad value for 'fd'
[  261.455196][ T7242] fuse: Bad value for 'fd'
[  262.585078][ T7246] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  266.492585][ T7272] fuse: Unknown parameter 'grou00000000000000000000'
[  270.883512][ T7318] fuse: Unknown parameter 'grou00000000000000000000'
[  271.236145][ T7321] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  271.248526][ T7321] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  275.541095][ T7349] ISOFS: Unable to identify CD-ROM format.
[  276.595414][ T7357] fuse: Unknown parameter 'grou00000000000000000000'
[  280.306126][ T7390] fuse: Unknown parameter 'group_i00000000000000000000'
[  280.688783][ T7399] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  281.401653][ T7403] ISOFS: Unable to identify CD-ROM format.
[  284.088338][ T7432] fuse: Unknown parameter 'group_i00000000000000000000'
[  284.975012][ T5786] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  285.977429][ T7448] ISOFS: Unable to identify CD-ROM format.
[  290.466698][ T7476] fuse: Unknown parameter 'group_i00000000000000000000'
[  292.439577][ T5102] Bluetooth: hci4: command 0x1003 tx timeout
[  292.447072][ T5786] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  316.241667][ T7732] ISOFS: Unable to identify CD-ROM format.
[  317.512287][ T7006] Bluetooth: hci4: Frame reassembly failed (-84)
[  317.580091][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  317.586591][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  319.572991][ T5786] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  321.932620][ T7794] fuse: Bad value for 'group_id'
[  322.889239][ T5886] Bluetooth: hci4: Frame reassembly failed (-84)
[  323.960257][ T7804] ISOFS: Unable to identify CD-ROM format.
[  324.932756][ T5786] Bluetooth: hci4: command 0xfc11 tx timeout
[  324.940501][ T5102] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  328.761820][ T7006] Bluetooth: hci4: Frame reassembly failed (-84)
[  330.782598][ T5102] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  330.798841][ T5786] Bluetooth: hci4: command 0xfc11 tx timeout
[  332.696783][ T7882] ISOFS: Unable to identify CD-ROM format.
[  336.018992][ T7006] Bluetooth: hci4: Frame reassembly failed (-84)
[  338.067212][ T5786] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  339.242824][ T5795] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  339.589257][ T5795] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  339.613359][ T7942] netlink: 'syz.2.593': attribute type 4 has an invalid length.
[  339.621225][ T7942] netlink: 152 bytes leftover after parsing attributes in process `syz.2.593'.
[  339.645821][ T5795] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  339.702919][ T7942] Ã: renamed from bond0 (while UP)
[  339.716792][ T5795] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  339.757973][ T5795] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.804550][ T5795] usb 1-1: config 0 descriptor??
[  339.865650][ T5795] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  341.826376][ T5102] Bluetooth: hci3: command 0x0406 tx timeout
[  343.554219][ T5795] usb 1-1: USB disconnect, device number 3
[  343.874954][ T7974] bpq0: left allmulticast mode
[  345.323844][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  347.039405][ T8010] qrtr: Invalid version 47
[  347.076782][ T8010] fuse: Unknown parameter 'fd0x000000000000000a'
[  347.332992][ T5786] Bluetooth: hci4: command 0xfc11 tx timeout
[  347.339681][ T5102] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  348.372586][ T5832] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  348.603989][ T5832] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  348.634884][ T5832] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.667546][ T8022] ISOFS: Unable to identify CD-ROM format.
[  348.675269][ T5832] usb 2-1: config 0 descriptor??
[  353.922086][ T5832] [drm:udl_init] *ERROR* Selecting channel failed
[  355.026990][ T5832] [drm] Initialized udl 0.0.1 20120220 for 2-1:0.0 on minor 2
[  355.054789][ T5832] [drm] Initialized udl on minor 2
[  355.096374][ T5832] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  355.139092][ T5832] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  355.182087][  T966] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  355.205197][ T5832] usb 2-1: USB disconnect, device number 2
[  355.219244][  T966] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  356.774106][   T42] Bluetooth: hci4: Frame reassembly failed (-84)
[  358.772808][ T5786] Bluetooth: hci4: command 0xfc11 tx timeout
[  358.772842][ T5102] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  359.543515][ T8075] bpq0: entered allmulticast mode
[  359.636010][ T8079] bpq0: left allmulticast mode
[  360.468679][ T8075] ==================================================================
[  360.476798][ T8075] BUG: KASAN: slab-use-after-free in rose_transmit_link+0x5ba/0x740
[  360.484824][ T8075] Read of size 1 at addr ffff88805e609c32 by task syz.3.630/8075
[  360.493046][ T8075] 
[  360.495506][ T8075] CPU: 0 PID: 8075 Comm: syz.3.630 Not tainted 6.6.102-syzkaller #0
[  360.503605][ T8075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  360.513715][ T8075] Call Trace:
[  360.517113][ T8075]  <TASK>
[  360.520095][ T8075]  dump_stack_lvl+0x16c/0x230
[  360.524835][ T8075]  ? __lock_acquire+0x7c80/0x7c80
[  360.530189][ T8075]  ? show_regs_print_info+0x20/0x20
[  360.535446][ T8075]  ? load_image+0x3b0/0x3b0
[  360.540023][ T8075]  ? _raw_spin_lock_irqsave+0xb4/0xf0
[  360.545468][ T8075]  ? __virt_addr_valid+0x18c/0x540
[  360.550641][ T8075]  ? __virt_addr_valid+0x469/0x540
[  360.555911][ T8075]  print_report+0xac/0x220
[  360.560388][ T8075]  ? rose_transmit_link+0x5ba/0x740
[  360.565639][ T8075]  kasan_report+0x117/0x150
[  360.570181][ T8075]  ? kmem_cache_alloc_node+0x17f/0x330
[  360.575683][ T8075]  ? rose_transmit_link+0x5ba/0x740
[  360.580918][ T8075]  rose_transmit_link+0x5ba/0x740
[  360.585979][ T8075]  ? skb_put+0x11b/0x210
[  360.590357][ T8075]  rose_write_internal+0x11d1/0x1ab0
[  360.595710][ T8075]  ? rose_validate_nr+0x120/0x120
[  360.600773][ T8075]  ? __timer_delete+0x6b/0x290
[  360.605580][ T8075]  ? skb_queue_purge_reason+0x6c/0x1c0
[  360.611125][ T8075]  rose_release+0x24e/0x510
[  360.615753][ T8075]  sock_close+0xbd/0x230
[  360.620203][ T8075]  ? sock_mmap+0xa0/0xa0
[  360.624517][ T8075]  __fput+0x234/0x970
[  360.628650][ T8075]  task_work_run+0x1ce/0x250
[  360.633565][ T8075]  ? task_work_cancel+0x240/0x240
[  360.638726][ T8075]  get_signal+0x1235/0x1400
[  360.643279][ T8075]  ? task_work_add+0x3a3/0x440
[  360.648210][ T8075]  ? __ia32_sys_pidfd_getfd+0x90/0x90
[  360.653727][ T8075]  ? wake_bit_function+0x200/0x200
[  360.658895][ T8075]  ? __might_fault+0xaa/0x120
[  360.663634][ T8075]  arch_do_signal_or_restart+0x96/0x780
[  360.669327][ T8075]  ? __sys_connect+0x240/0x420
[  360.674137][ T8075]  ? get_sigframe_size+0x20/0x20
[  360.679143][ T8075]  ? exit_to_user_mode_loop+0x3b/0x110
[  360.684755][ T8075]  exit_to_user_mode_loop+0x70/0x110
[  360.690269][ T8075]  exit_to_user_mode_prepare+0xb1/0x140
[  360.695973][ T8075]  syscall_exit_to_user_mode+0x1a/0x50
[  360.701765][ T8075]  do_syscall_64+0x61/0xb0
[  360.706410][ T8075]  ? clear_bhb_loop+0x40/0x90
[  360.711313][ T8075]  ? clear_bhb_loop+0x40/0x90
[  360.716219][ T8075]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  360.722168][ T8075] RIP: 0033:0x7f107598ebe9
[  360.726645][ T8075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  360.746384][ T8075] RSP: 002b:00007f1076798038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  360.754922][ T8075] RAX: fffffffffffffe00 RBX: 00007f1075bb5fa0 RCX: 00007f107598ebe9
[  360.763147][ T8075] RDX: 0000000000000040 RSI: 0000200000000100 RDI: 0000000000000008
[  360.771333][ T8075] RBP: 00007f1075a11e19 R08: 0000000000000000 R09: 0000000000000000
[  360.779501][ T8075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  360.787498][ T8075] R13: 00007f1075bb6038 R14: 00007f1075bb5fa0 R15: 00007ffcc3a672b8
[  360.795519][ T8075]  </TASK>
[  360.798559][ T8075] 
[  360.800902][ T8075] Allocated by task 8075:
[  360.805247][ T8075]  kasan_set_track+0x4e/0x70
[  360.809905][ T8075]  __kasan_kmalloc+0x8f/0xa0
[  360.814506][ T8075]  rose_add_node+0x23a/0xdd0
[  360.819106][ T8075]  rose_rt_ioctl+0xa42/0xfb0
[  360.823712][ T8075]  rose_ioctl+0x3cf/0x8b0
[  360.828086][ T8075]  sock_do_ioctl+0xd7/0x2f0
[  360.832624][ T8075]  sock_ioctl+0x623/0x7a0
[  360.836990][ T8075]  __se_sys_ioctl+0xfd/0x170
[  360.841632][ T8075]  do_syscall_64+0x55/0xb0
[  360.846176][ T8075]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  360.852120][ T8075] 
[  360.854468][ T8075] Freed by task 8079:
[  360.858623][ T8075]  kasan_set_track+0x4e/0x70
[  360.863327][ T8075]  kasan_save_free_info+0x2e/0x50
[  360.868400][ T8075]  ____kasan_slab_free+0x126/0x1e0
[  360.873647][ T8075]  slab_free_freelist_hook+0x130/0x1b0
[  360.879143][ T8075]  __kmem_cache_free+0xba/0x1f0
[  360.884019][ T8075]  rose_rt_device_down+0x43d/0x490
[  360.889326][ T8075]  rose_device_event+0x604/0x690
[  360.894280][ T8075]  notifier_call_chain+0x197/0x390
[  360.899421][ T8075]  __dev_notify_flags+0x18e/0x2e0
[  360.904484][ T8075]  dev_change_flags+0xe8/0x1a0
[  360.909266][ T8075]  dev_ifsioc+0x6a7/0xe20
[  360.913819][ T8075]  dev_ioctl+0x7e2/0x1170
[  360.918226][ T8075]  sock_do_ioctl+0x226/0x2f0
[  360.922934][ T8075]  sock_ioctl+0x623/0x7a0
[  360.927459][ T8075]  __se_sys_ioctl+0xfd/0x170
[  360.932075][ T8075]  do_syscall_64+0x55/0xb0
[  360.936521][ T8075]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  360.942539][ T8075] 
[  360.944881][ T8075] Last potentially related work creation:
[  360.950601][ T8075]  kasan_save_stack+0x3e/0x60
[  360.955315][ T8075]  __kasan_record_aux_stack+0xaf/0xc0
[  360.960802][ T8075]  insert_work+0x3d/0x310
[  360.965146][ T8075]  __queue_work+0xd2c/0x1020
[  360.969805][ T8075]  call_timer_fn+0x16e/0x530
[  360.974726][ T8075]  __run_timers+0x558/0x7d0
[  360.979303][ T8075]  run_timer_softirq+0x67/0xf0
[  360.984447][ T8075]  handle_softirqs+0x280/0x820
[  360.989435][ T8075]  __irq_exit_rcu+0xc7/0x190
[  360.994042][ T8075]  irq_exit_rcu+0x9/0x20
[  360.998325][ T8075]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  361.004184][ T8075]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  361.010199][ T8075] 
[  361.012578][ T8075] Second to last potentially related work creation:
[  361.019234][ T8075]  kasan_save_stack+0x3e/0x60
[  361.024364][ T8075]  __kasan_record_aux_stack+0xaf/0xc0
[  361.030111][ T8075]  insert_work+0x3d/0x310
[  361.034480][ T8075]  __queue_work+0xd2c/0x1020
[  361.039208][ T8075]  call_timer_fn+0x16e/0x530
[  361.044119][ T8075]  __run_timers+0x558/0x7d0
[  361.048763][ T8075]  run_timer_softirq+0x67/0xf0
[  361.053729][ T8075]  handle_softirqs+0x280/0x820
[  361.058776][ T8075]  __irq_exit_rcu+0xc7/0x190
[  361.063385][ T8075]  irq_exit_rcu+0x9/0x20
[  361.067744][ T8075]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  361.073501][ T8075]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  361.079621][ T8075] 
[  361.081955][ T8075] The buggy address belongs to the object at ffff88805e609c00
[  361.081955][ T8075]  which belongs to the cache kmalloc-512 of size 512
[  361.096659][ T8075] The buggy address is located 50 bytes inside of
[  361.096659][ T8075]  freed 512-byte region [ffff88805e609c00, ffff88805e609e00)
[  361.110586][ T8075] 
[  361.112929][ T8075] The buggy address belongs to the physical page:
[  361.119363][ T8075] page:ffffea0001798200 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805e608c00 pfn:0x5e608
[  361.130840][ T8075] head:ffffea0001798200 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  361.139967][ T8075] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  361.148524][ T8075] page_type: 0xffffffff()
[  361.153050][ T8075] raw: 00fff00000000840 ffff888017841c80 0000000000000000 dead000000000001
[  361.161669][ T8075] raw: ffff88805e608c00 000000008010000c 00000001ffffffff 0000000000000000
[  361.170280][ T8075] page dumped because: kasan: bad access detected
[  361.176717][ T8075] page_owner tracks the page as allocated
[  361.182464][ T8075] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5784, tgid 5784 (syz-executor), ts 90632403949, free_ts 28030744710
[  361.205601][ T8075]  post_alloc_hook+0x1cd/0x210
[  361.210465][ T8075]  get_page_from_freelist+0x195c/0x19f0
[  361.216106][ T8075]  __alloc_pages+0x1e3/0x460
[  361.220756][ T8075]  alloc_slab_page+0x5d/0x170
[  361.225737][ T8075]  new_slab+0x87/0x2e0
[  361.229869][ T8075]  ___slab_alloc+0xc6d/0x12f0
[  361.234598][ T8075]  __kmem_cache_alloc_node+0x1a2/0x260
[  361.240208][ T8075]  __kmalloc+0xa4/0x240
[  361.244427][ T8075]  fib6_info_alloc+0x32/0xe0
[  361.249307][ T8075]  ip6_route_info_create+0x44f/0x1200
[  361.254702][ T8075]  ip6_route_add+0x28/0x130
[  361.259362][ T8075]  addrconf_prefix_route+0x211/0x2b0
[  361.264936][ T8075]  inet6_addr_add+0x64a/0xb60
[  361.269684][ T8075]  inet6_rtm_newaddr+0x68d/0x940
[  361.274656][ T8075]  rtnetlink_rcv_msg+0x7c7/0xf10
[  361.279728][ T8075]  netlink_rcv_skb+0x216/0x480
[  361.284548][ T8075] page last free stack trace:
[  361.289593][ T8075]  free_unref_page_prepare+0x7ce/0x8e0
[  361.295182][ T8075]  free_unref_page+0x32/0x2e0
[  361.299899][ T8075]  free_contig_range+0xa1/0x160
[  361.304849][ T8075]  destroy_args+0x87/0x770
[  361.309386][ T8075]  debug_vm_pgtable+0x3cc/0x410
[  361.314350][ T8075]  do_one_initcall+0x1fd/0x750
[  361.319166][ T8075]  do_initcall_level+0x137/0x1f0
[  361.324136][ T8075]  do_initcalls+0x69/0xd0
[  361.328508][ T8075]  kernel_init_freeable+0x3d2/0x570
[  361.333819][ T8075]  kernel_init+0x1d/0x1c0
[  361.338180][ T8075]  ret_from_fork+0x48/0x80
[  361.342634][ T8075]  ret_from_fork_asm+0x11/0x20
[  361.347413][ T8075] 
[  361.349830][ T8075] Memory state around the buggy address:
[  361.355471][ T8075]  ffff88805e609b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  361.363647][ T8075]  ffff88805e609b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  361.372110][ T8075] >ffff88805e609c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  361.380181][ T8075]                                      ^
[  361.385907][ T8075]  ffff88805e609c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  361.394093][ T8075]  ffff88805e609d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  361.402157][ T8075] ==================================================================
[  361.410396][    C0] vkms_vblank_simulate: vblank timer overrun
[  361.463774][ T8075] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  361.471429][ T8075] CPU: 0 PID: 8075 Comm: syz.3.630 Not tainted 6.6.102-syzkaller #0
[  361.479620][ T8075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  361.489718][ T8075] Call Trace:
[  361.493061][ T8075]  <TASK>
[  361.496139][ T8075]  dump_stack_lvl+0x16c/0x230
[  361.500967][ T8075]  ? show_regs_print_info+0x20/0x20
[  361.506300][ T8075]  ? load_image+0x3b0/0x3b0
[  361.510893][ T8075]  panic+0x2c0/0x710
[  361.515169][ T8075]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  361.521387][ T8075]  ? bpf_jit_dump+0xd0/0xd0
[  361.525950][ T8075]  ? _raw_spin_unlock_irqrestore+0xfa/0x110
[  361.531902][ T8075]  ? _raw_spin_unlock+0x40/0x40
[  361.536942][ T8075]  ? rose_transmit_link+0x5ba/0x740
[  361.542367][ T8075]  check_panic_on_warn+0x84/0xa0
[  361.547616][ T8075]  ? rose_transmit_link+0x5ba/0x740
[  361.552858][ T8075]  end_report+0x6f/0x140
[  361.557232][ T8075]  kasan_report+0x128/0x150
[  361.561959][ T8075]  ? kmem_cache_alloc_node+0x17f/0x330
[  361.567474][ T8075]  ? rose_transmit_link+0x5ba/0x740
[  361.572727][ T8075]  rose_transmit_link+0x5ba/0x740
[  361.577796][ T8075]  ? skb_put+0x11b/0x210
[  361.582196][ T8075]  rose_write_internal+0x11d1/0x1ab0
[  361.587638][ T8075]  ? rose_validate_nr+0x120/0x120
[  361.592797][ T8075]  ? __timer_delete+0x6b/0x290
[  361.597614][ T8075]  ? skb_queue_purge_reason+0x6c/0x1c0
[  361.603134][ T8075]  rose_release+0x24e/0x510
[  361.607694][ T8075]  sock_close+0xbd/0x230
[  361.612299][ T8075]  ? sock_mmap+0xa0/0xa0
[  361.616604][ T8075]  __fput+0x234/0x970
[  361.620664][ T8075]  task_work_run+0x1ce/0x250
[  361.625581][ T8075]  ? task_work_cancel+0x240/0x240
[  361.630760][ T8075]  get_signal+0x1235/0x1400
[  361.635432][ T8075]  ? task_work_add+0x3a3/0x440
[  361.640339][ T8075]  ? __ia32_sys_pidfd_getfd+0x90/0x90
[  361.645772][ T8075]  ? wake_bit_function+0x200/0x200
[  361.651170][ T8075]  ? __might_fault+0xaa/0x120
[  361.655892][ T8075]  arch_do_signal_or_restart+0x96/0x780
[  361.661506][ T8075]  ? __sys_connect+0x240/0x420
[  361.666324][ T8075]  ? get_sigframe_size+0x20/0x20
[  361.671326][ T8075]  ? exit_to_user_mode_loop+0x3b/0x110
[  361.676838][ T8075]  exit_to_user_mode_loop+0x70/0x110
[  361.682449][ T8075]  exit_to_user_mode_prepare+0xb1/0x140
[  361.688133][ T8075]  syscall_exit_to_user_mode+0x1a/0x50
[  361.693731][ T8075]  do_syscall_64+0x61/0xb0
[  361.698285][ T8075]  ? clear_bhb_loop+0x40/0x90
[  361.703017][ T8075]  ? clear_bhb_loop+0x40/0x90
[  361.707743][ T8075]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  361.713776][ T8075] RIP: 0033:0x7f107598ebe9
[  361.718232][ T8075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  361.738254][ T8075] RSP: 002b:00007f1076798038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  361.746791][ T8075] RAX: fffffffffffffe00 RBX: 00007f1075bb5fa0 RCX: 00007f107598ebe9
[  361.754986][ T8075] RDX: 0000000000000040 RSI: 0000200000000100 RDI: 0000000000000008
[  361.763031][ T8075] RBP: 00007f1075a11e19 R08: 0000000000000000 R09: 0000000000000000
[  361.771113][ T8075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  361.779104][ T8075] R13: 00007f1075bb6038 R14: 00007f1075bb5fa0 R15: 00007ffcc3a672b8
[  361.787112][ T8075]  </TASK>
[  361.790493][ T8075] Kernel Offset: disabled
[  361.794829][ T8075] Rebooting in 86400 seconds..