last executing test programs:

2m2.218783732s ago: executing program 2 (id=73):
socket(0x25, 0x1, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r0, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0xd8d0481}], 0x1, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
listen(0xffffffffffffffff, 0x5)
socket$vsock_stream(0x28, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
epoll_wait(0xffffffffffffffff, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}], 0x6, 0x7)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs$namespace(0x0, 0x0)
socket(0x2a, 0x5, 0x6)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x202, 0x2, 0x1000000, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0x100, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

2m1.054780038s ago: executing program 2 (id=75):
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x0, 0x0)
close(r0)
syz_usb_connect(0x4, 0x36, &(0x7f0000000040)=ANY=[@ANYRES64=r0], 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
syz_open_dev$dmmidi(0x0, 0x4945c70c, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xa, 0x8008, 0x0, 0x8, 0x0, 0xfffffffffffffff7, 0x3, 0x8}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r3 = syz_open_dev$vbi(&(0x7f0000000080), 0x2, 0x2)
ioctl$VIDIOC_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x2d0, 0x191, 0x0, 0x0, 0x7, 0x1, 0x2f, 0xf3, 0x2, 0x1008, 0x722, 0x6, 0x7, 0x7f, 0x27, 0x20, {0x0, 0x1ff}, 0x3, 0xed}})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8924, &(0x7f0000000000)={'macsec0\x00', @random="010000201000"})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r5, 0x560a, 0x0)
memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1)
r6 = syz_usb_connect(0x139d84f2cb0a94e6, 0x0, 0x0, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, 0x0, 0x40000)
syz_usb_control_io$hid(r6, 0x0, 0x0)
r8 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x40280)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r8, 0xc1205531, &(0x7f0000001a40)={0x1, 0x6, 0x40, 0x8004, '\x00', '\x00', '\x00', 0x0, 0x5d05, 0x10000004, 0x1, "38e7fa2049d300106613c00000de72ec"})
syz_open_procfs(0xffffffffffffffff, &(0x7f00000192c0)='coredump_filter\x00')
syz_open_dev$audion(&(0x7f00000011c0), 0x3, 0x8c4201)

1m57.621283724s ago: executing program 2 (id=89):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x30, 0x8b}, 0x0)
ioctl$XFS_IOC_PATH_TO_HANDLE(r0, 0xc01c5869, &(0x7f00000003c0)={<r1=>r0, &(0x7f0000000440)='!^\x00', 0x50a40, &(0x7f00000000c0)={@_ha_fsid={[0xfff, 0x7fff]}, {0xa3, 0x4, 0x4, 0x53d}}, 0x8, &(0x7f0000000100)={@_ha_fsid}, &(0x7f0000000280)=0x8})
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, &(0x7f0000000400)={0x2, 0x6, 0x0, 0x1}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000180)={@private0, 0x8000000, 0x0, 0xff, 0x1, 0xffff}, 0x20)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000025c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x60)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000400000000000000080003851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50afdff00000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0xa}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x12, 0x16, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@jmp={0x5, 0x0, 0x4, 0x1, 0x3, 0x10}, @alu={0x7, 0x1, 0x5, 0x2, 0x3, 0x18, 0xffffffffffffffff}, @exit, @initr0={0x18, 0x0, 0x0, 0x0, 0x986}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000680)='GPL\x00', 0x80000001, 0x9f, &(0x7f00000006c0)=""/159, 0x41000, 0x5, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x8, &(0x7f0000000780)={0x1, 0x5}, 0x8, 0x10, &(0x7f00000007c0)={0x3, 0x7, 0x4}, 0x10, 0xffffffffffffffff, r1, 0x6, &(0x7f0000000800)=[r1, r1, r1, r1, r1, r1, r1], &(0x7f0000000840)=[{0x0, 0x3, 0x0, 0xb}, {0x4, 0x5, 0x9, 0x8}, {0x2, 0x2, 0x4, 0x4}, {0x1, 0x3, 0xd, 0x2}, {0x0, 0x3, 0xe, 0x6}, {0x0, 0x2, 0x10, 0xb}], 0x10, 0x74b}, 0x94)

1m56.131864397s ago: executing program 2 (id=91):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x140)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x404, &(0x7f0000000340)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x7fff}}]}})
r1 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x2a5b091, 0x0)
mount$bind(&(0x7f0000000200)='.\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x2125099, 0x0)
r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0x7)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f00000000c0)=0xe9)
umount2(&(0x7f00000001c0)='./file0/file0\x00', 0x0)
read$FUSE(r1, &(0x7f0000002780)={0x2020}, 0x5ecfb203)

1m56.022765003s ago: executing program 2 (id=93):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000400)=ANY=[@ANYRES16=r0, @ANYRESHEX=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="a060903269c6c7b86676b7e17372b4a8f9445b210a92cb05d41717bcedecc5b0fa3e7aeffba4e32cd861f6f307d19fae1638adbaddfee37aa5d54eee8a987073198e0a17993d8ab2006719"], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newlink={0x4c, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0x8}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0x81}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}]}}}]}, 0x4c}}, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x2, 0x14, 0xfa, 0x7, 0x7, 0x0, 0x70bd28, 0x25dfdbfb, [@sadb_address={0x5, 0x5, 0x0, 0x190, 0x0, @in6={0xa, 0x4e21, 0xffff0000, @rand_addr=' \x01\x00', 0x5}}]}, 0x38}}, 0x40000)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r7 = openat2(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f0000000380)={0x200000, 0xa1, 0x2}, 0x18)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000003c0)={0xaa, 0x12b})
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x401, 0x800000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_STATS_PER_PORT={0x5, 0x2d, 0x40}]}}}]}, 0x3c}}, 0x0)
unshare(0x6a040000)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000002100090002000000ffdbdf25020000000800080046"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x844)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000600)={r0, r0, 0x2008, 0x0, 0x0, 0x6, 0xfe, 0x10cf, 0x5, 0x5, 0x2, 0x1, 'syz0\x00'})

1m55.790979402s ago: executing program 2 (id=94):
read(0xffffffffffffffff, &(0x7f0000000580)=""/63, 0x3f)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000003c0)=ANY=[@ANYRES8, @ANYRESHEX, @ANYRES8=0x0, @ANYRES64, @ANYRESOCT, @ANYRES64], &(0x7f0000000340)='GPL\x00', 0x6, 0xb2, &(0x7f0000000140)=""/178, 0x41000, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
listen(r3, 0x8000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
creat(0x0, 0x188)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f0000000180)={'multiq3\x00', [0x4f27, 0x1f, 0x10000, 0xff, 0x5, 0xcc7, 0x408, 0x7, 0xa, 0x100, 0x2, 0xffffffff, 0x5, 0x9, 0x3, 0x2, 0x0, 0x7, 0x3, 0x0, 0x40000089, 0x6, 0x4, 0x20001e58, 0xb, 0x1, 0x7c, 0x208, 0x6, 0x0, 0xb]})
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)

1m55.705482412s ago: executing program 32 (id=94):
read(0xffffffffffffffff, &(0x7f0000000580)=""/63, 0x3f)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000003c0)=ANY=[@ANYRES8, @ANYRESHEX, @ANYRES8=0x0, @ANYRES64, @ANYRESOCT, @ANYRES64], &(0x7f0000000340)='GPL\x00', 0x6, 0xb2, &(0x7f0000000140)=""/178, 0x41000, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
listen(r3, 0x8000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
creat(0x0, 0x188)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f0000000180)={'multiq3\x00', [0x4f27, 0x1f, 0x10000, 0xff, 0x5, 0xcc7, 0x408, 0x7, 0xa, 0x100, 0x2, 0xffffffff, 0x5, 0x9, 0x3, 0x2, 0x0, 0x7, 0x3, 0x0, 0x40000089, 0x6, 0x4, 0x20001e58, 0xb, 0x1, 0x7c, 0x208, 0x6, 0x0, 0xb]})
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)

8.606948137s ago: executing program 4 (id=386):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYRES64=r0], 0x7c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
prlimit64(0x0, 0x7, 0x0, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000200)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8, 0x0)
read$FUSE(r2, &(0x7f0000001b40)={0x2020}, 0x205c)
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21}, &(0x7f0000bbdffc)=<r3=>0x0)
timer_settime(r3, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f0000000000))
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000140)=ANY=[@ANYRESDEC], 0x84}, 0x1, 0x0, 0x0, 0x2400c014}, 0x4040)
syz_emit_ethernet(0x4f, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6c2d010000198401"], 0x0)

6.909116246s ago: executing program 4 (id=391):
userfaultfd(0x80001)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
ptrace$ARCH_SHSTK_LOCK(0x1e, r0, 0x2, 0x5003)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r4, 0x117, 0x5, 0x0, 0xb)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, 0x0, 0x4040800)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x6, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = socket$inet_icmp(0x2, 0x2, 0x1)
sendmmsg$inet(r6, 0x0, 0x0, 0x20000054)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000400)="2ae0", 0x2, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
recvmmsg(r7, 0x0, 0x0, 0x10162, 0x0)

6.385443544s ago: executing program 3 (id=394):
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$cec(&(0x7f0000000480), 0x0, 0x400)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_int(r0, 0x0, 0x15, 0x0, &(0x7f0000000040))
syz_open_dev$video4linux(&(0x7f0000002180), 0x24, 0x40)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x802, &(0x7f00000000c0)=ANY=[@ANYBLOB='huge=always,huge=within_size,nr_blocks=', @ANYRESDEC=r1])
chdir(&(0x7f0000000140)='./file0\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ftruncate(r2, 0x8008976)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r2, 0x0)
write$binfmt_script(r2, &(0x7f0000000400)={'#! ', '', [], 0xa, "201100000000b073dbc2e1e649efc1d73828a06efe233dc8013ff03212750dda49e8d9eed99dedf65d632853f4dfe6d11ac5eb9dc22d5ec2b368dd84d61c"}, 0xffffff9b)

6.28568604s ago: executing program 3 (id=396):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x7f, 0x584e4f53, 0x3, 0x2, 0x7, 0x7, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
setsockopt$sock_timeval(r0, 0x1, 0x42, &(0x7f0000003480), 0x8)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x5, 0x8, 0xf}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000840)={r3}, 0xc)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000000)="79ff88b1110ff97eb13e6e737a8f0eb84d66b66e0e96ea599563ea043f9dda9ec39b923fa6bad3ee97023f80335806b7159b918e5b059e49d3c340f274520efa55347c87b3de31c018de57635e6547cf0b870b157215c0145423a370f0b10d8bfa6e80c3c5d50cd2", &(0x7f00000004c0)=@udp}, 0x1c)
ftruncate(0xffffffffffffffff, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
recvmmsg(r5, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
syz_open_dev$sg(0x0, 0xa, 0x400482)
sendfile(r4, 0xffffffffffffffff, 0x0, 0x578410eb)

6.18038063s ago: executing program 1 (id=397):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x7f, 0x584e4f53, 0x3, 0x2, 0x7, 0x7, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
setsockopt$sock_timeval(r0, 0x1, 0x42, &(0x7f0000003480), 0x8)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x5, 0x8, 0xf}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000840)={r3}, 0xc)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000000)="79ff88b1110ff97eb13e6e737a8f0eb84d66b66e0e96ea599563ea043f9dda9ec39b923fa6bad3ee97023f80335806b7159b918e5b059e49d3c340f274520efa55347c87b3de31c018de57635e6547cf0b870b157215c0145423a370f0b10d8bfa6e80c3c5d50cd2", &(0x7f00000004c0)=@udp=r4}, 0x1c)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
recvmmsg(r6, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
syz_open_dev$sg(0x0, 0xa, 0x400482)
sendfile(r5, r4, 0x0, 0x578410eb)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r7, 0x4b72, &(0x7f0000000080)={0x4, 0x1, 0x19, 0x6, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd0c234cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88731b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d461d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a750ecb3421143c5c4ded0f06affc524dcf3418272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955582efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8ddbf5e20d604413ed2ddf9bcbf881caf811852806175d638909f6234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284a3e90b88dfff412bff40c42c6415c54ae3335e54a49d315851feffe30d999c36def9122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a7e58b4f8c6a1c6b9b5ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef72c5d42cece59181fcb5bad8c24bd9f8f78dd85b82831325501e80d899e9252f99d3a266639438ac5252d9bccff4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2b046c6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd600000013139929cefec965c0c761785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829ed0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1aa1ab704782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c413923167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29a814bd8fed1ab6d2846c73345962895d289ac718aacac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"})
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1700bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00'}, 0x48)

5.371037778s ago: executing program 0 (id=398):
socket$netlink(0x10, 0x3, 0x6)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x6e880, 0x0)
syz_io_uring_setup(0x8d2, &(0x7f0000000400)={0x0, 0x2, 0x400, 0x2, 0x37d, 0x0, r0}, &(0x7f00000001c0), &(0x7f0000000080), &(0x7f0000000140))
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
io_uring_setup(0x30aa, 0x0)
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='iso9660\x00', 0x208000, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000001000010000", @ANYRES32=0x0, @ANYBLOB="21000000000000002000128008000100687372001400028008000100", @ANYRES32, @ANYBLOB="08000200", @ANYRES32, @ANYBLOB], 0x40}}, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b0000", 0x17}], 0x1}, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000480)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff88fb45000024000000000011907800000000ffffffff01004e200010907822c000010000000008ba1b7e20d90a68db020e737051ce37cbdd0ffe12360ccbc40136ac24e8ff7c8e41f4605502656e7eff0fce0a8628aa3418d2ed485fb3599c8bd694c37a2744c93b5b01e2bfb34dc61843d9a31c8f6a42c918a04a17782e3484fce63f318add60fa15e59dac7a3e1375095500aa1e3349666553cb7c0ed3"], 0x0)

4.378819617s ago: executing program 3 (id=399):
read(0xffffffffffffffff, &(0x7f0000000580)=""/63, 0x3f)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000003c0)=ANY=[@ANYRES8, @ANYRESHEX, @ANYRES8=0x0, @ANYRES64, @ANYRESOCT, @ANYRES64], &(0x7f0000000340)='GPL\x00', 0x6, 0xb2, &(0x7f0000000140)=""/178, 0x41000, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
listen(r3, 0x8000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
creat(0x0, 0x188)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f0000000180)={'multiq3\x00', [0x4f27, 0x1f, 0x10000, 0xff, 0x5, 0xcc7, 0x408, 0x7, 0xa, 0x100, 0x2, 0xffffffff, 0x5, 0x9, 0x3, 0x2, 0x0, 0x7, 0x3, 0x0, 0x40000089, 0x6, 0x4, 0x20001e58, 0xb, 0x1, 0x7c, 0x208, 0x6, 0x0, 0xb]})
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)

4.030763312s ago: executing program 1 (id=400):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb4, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}}, 0xb4}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x8004, &(0x7f0000000240)={0x2, 0x4e24, @broadcast}, 0x10)

3.900452376s ago: executing program 1 (id=401):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', 0x0, 0x0)
ioctl$XFS_IOC_PATH_TO_HANDLE(r0, 0xc01c5869, &(0x7f00000003c0)={<r1=>r0, &(0x7f0000000440)='!^\x00', 0x50a40, &(0x7f00000000c0)={@_ha_fsid={[0xfff, 0x7fff]}, {0xa3, 0x4, 0x4, 0x53d}}, 0x8, &(0x7f0000000100)={@_ha_fsid}, &(0x7f0000000280)=0x8})
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, &(0x7f0000000400)={0x2, 0x6, 0x0, 0x1}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000180)={@private0, 0x8000000, 0x0, 0xff, 0x1, 0xffff}, 0x20)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000025c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x60)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000400000000000000080003851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50afdff00000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0xa}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x12, 0x16, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@jmp={0x5, 0x0, 0x4, 0x1, 0x3, 0x10}, @alu={0x7, 0x1, 0x5, 0x2, 0x3, 0x18, 0xffffffffffffffff}, @exit, @initr0={0x18, 0x0, 0x0, 0x0, 0x986}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000680)='GPL\x00', 0x80000001, 0x9f, &(0x7f00000006c0)=""/159, 0x41000, 0x5, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x8, &(0x7f0000000780)={0x1, 0x5}, 0x8, 0x10, &(0x7f00000007c0)={0x3, 0x7, 0x4}, 0x10, 0xffffffffffffffff, r1, 0x6, &(0x7f0000000800)=[r1, r1, r1, r1, r1, r1, r1], &(0x7f0000000840)=[{0x0, 0x3, 0x0, 0xb}, {0x4, 0x5, 0x9, 0x8}, {0x2, 0x2, 0x4, 0x4}, {0x1, 0x3, 0xd, 0x2}, {0x0, 0x3, 0xe, 0x6}, {0x0, 0x2, 0x10, 0xb}], 0x10, 0x74b}, 0x94)

3.541035145s ago: executing program 4 (id=402):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) (async)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000b80), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)={0x30, r2, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0x40080)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) (async)
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) (async)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

3.058450665s ago: executing program 0 (id=403):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x90, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2, 0x0, 0xffff}, [@CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x2, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_MASTER={0x2c, 0xe, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x93}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @rand_addr=0x64010102}}}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x4090}, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x8})
setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1700bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="b400000019000178f3b3d59d6fb2042500000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000001000000000000800000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000001000000"], 0xb4}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x8004, &(0x7f0000000240)={0x2, 0x4e24, @broadcast}, 0x10)

3.058111775s ago: executing program 4 (id=404):
read(0xffffffffffffffff, &(0x7f0000000580)=""/63, 0x3f)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000003c0)=ANY=[@ANYRES8, @ANYRESHEX, @ANYRES8=0x0, @ANYRES64, @ANYRESOCT, @ANYRES64, @ANYRES8=0x0], &(0x7f0000000340)='GPL\x00', 0x6, 0xb2, &(0x7f0000000140)=""/178, 0x41000, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
listen(r3, 0x8000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
creat(0x0, 0x188)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f0000000180)={'multiq3\x00', [0x4f27, 0x1f, 0x10000, 0xff, 0x5, 0xcc7, 0x408, 0x7, 0xa, 0x100, 0x2, 0xffffffff, 0x5, 0x9, 0x3, 0x2, 0x0, 0x7, 0x3, 0x0, 0x40000089, 0x6, 0x4, 0x20001e58, 0xb, 0x1, 0x7c, 0x208, 0x6, 0x0, 0xb]})
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], 0x0, 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)

3.056573149s ago: executing program 3 (id=405):
r0 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e1f, @dev={0xac, 0x14, 0x14, 0x2b}}, 0x10)
close(r0)

2.960912902s ago: executing program 0 (id=406):
syz_emit_ethernet(0x46, &(0x7f00000005c0)=ANY=[@ANYBLOB="aa0000000000000008000000080049ca003800661a2b2500005c069078b914010100890bf0e00000010000000088020000004e204e21af3e06cc7c9ef47bb1b1892c7c58ea12002ec9465da35622d86da804a12ba34138f602dbdee9aed65be1fe07b152006b981f6a0b29a2817593ccaa46eaed689de6ca3623aa031c416b6bddb4da7dbc928b509819a9dd5422bc794a5211b82eb6eda17156c50f81ed04f02ab688", @ANYRES32=0x0, @ANYRES32=0x41424344, @ANYRESOCT=0x0], 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a2c000000000a01040000000000000000010080030900010073797a30000000000900010073797a31000000002c000000030a010100000000000000000100fffd0900010073797a30000000000900030073797a320000000058000000060a010400000000000000000100000008000b4000000000300004802c0001800c00010062697477697365001c00028008000140000004140800024000000012080003400000053d0900010073797a300000000049fdffff1100010000000000000000000700000af7add90e224cc28efdcff6654262f7a98041e2953dbcc727e775e4516be3745e37c0d9f7c2d94a287d0d1b76e98e1a5b2a5d57c330ce21f14b808e4f91b571e7d3e71d0a81a0c151212c67e2bcfba49e2bda3df6f6bab485824c57d89aba7fc8efbf15d3de01289ae72bcfd843b2d3f430fd55280e6ed57e0918887dfc579c84bc27d286abbeb089af0c25b57ba884bcc0eb06e5d1c51853a5b9616d7456f7220eccf56e667a5490"], 0xd8}}, 0x0)
r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd)
ioctl$TCSETSF2(r1, 0x402c542d, &(0x7f0000000040)={0x7, 0x3, 0x28, 0x200, 0xc2, "0b066448ef342702154d39ab3d4b4a05742d86", 0x3, 0x4})
syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x210, 0x10080)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000040)={0x0})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc00c64b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0, 0x0, <r3=>0x0], 0x3})
mknod(&(0x7f00000048c0)='./file0\x00', 0x0, 0xffffffff)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
pipe2$watch_queue(&(0x7f0000000380)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
read$FUSE(r5, &(0x7f0000004900)={0x2020, 0x0, <r6=>0x0, 0x0, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000240)={0x50, 0x0, r6, {0x7, 0x1f, 0x0, 0x10000000}}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, &(0x7f0000000400))
syz_fuse_handle_req(r4, &(0x7f0000008380)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008df76a250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea21056000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000131a5d9400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x1)
fcntl$lock(r8, 0x7, &(0x7f0000000000)={0x1, 0x0, 0x9ae, 0x6, r7})
r9 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000240), 0x3, 0x0)
ioctl$SNAPSHOT_GET_IMAGE_SIZE(r9, 0x8008330e, 0x0)
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000001b40)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
syz_open_dev$loop(&(0x7f0000000040), 0x100013, 0xa4a82)
r10 = syz_pidfd_open(0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x12040, 0x102)
process_madvise(r10, &(0x7f0000000900)=[{0x0, 0xf4}, {&(0x7f0000000000)="c7", 0x1}], 0x2, 0xd, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc01c64b9, &(0x7f0000000180)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0], 0x5, r3, 0xe0e0e0e0})

2.960598712s ago: executing program 3 (id=407):
openat$cdrom(0xffffffffffffff9c, &(0x7f0000000640), 0x44040, 0x0)
openat$cdrom(0xffffffffffffff9c, &(0x7f00000000c0), 0x183240, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
timerfd_settime(0xffffffffffffffff, 0x7, 0x0, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ptrace(0x11, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r1, 0x8983, &(0x7f0000000500)={0x3, 'veth1_vlan\x00', {0x8}, 0x3})
ptrace$peekuser(0x3, 0x0, 0xffff)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x80000, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0xffffffffffffffff, 0x1, &(0x7f0000000380)={0x0, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf01b}, {0x0}], 0x2)
r3 = syz_io_uring_setup(0xa6e, 0x0, 0x0, 0x0, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, 0x0, 0x0)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000000)=0x1d6f4194, 0x8, 0x3)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x502, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2)
mount$bind(&(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x4, 0x0)
mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8002, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.kill\x00', 0x275a, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000280)=@generic={&(0x7f0000000100)='./file0\x00', 0x0, 0x168d07f3c2eed92a}, 0x14)
r5 = openat$cachefiles(0xffffff9c, 0x0, 0x0, 0x0)
ioctl$EVIOCGMASK(r5, 0x80104592, &(0x7f0000000440)={0x12, 0x38, &(0x7f00000003c0)="6777992544f071c2d9c8ccd22ae15f8eeeae8067ff7402b1104640cb73148668bbabf9ffae5bd380372acaf422499d64a51553c737ee4f71"})
read$FUSE(r4, &(0x7f0000002780)={0x2020}, 0xffffffffffffff41)

2.020085493s ago: executing program 0 (id=408):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x145, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x14)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000000c0), &(0x7f00000001c0), &(0x7f0000000000))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$WG_CMD_GET_DEVICE(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, r5, 0x301, 0x70bd2c, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xc0}, 0x20040000)
r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r6, &(0x7f00000004c0)={{0x6, @rose, 0x6}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
socket$alg(0x26, 0x5, 0x0)
r7 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$UI_SET_EVBIT(r7, 0x40045564, 0x3)
write$uinput_user_dev(r7, &(0x7f0000000080)={'syz1\x00', {0x3ff, 0x3, 0x4}, 0x4d, [0x10004, 0x6, 0x9, 0x8a4, 0xfffffffe, 0x2, 0x7fffffff, 0x80000001, 0x4, 0x1, 0xfd, 0x3c6, 0x7, 0x7, 0xf70, 0x3c00, 0xe7, 0x4007, 0x401, 0xbc5e, 0x4, 0x1, 0x8, 0xffff, 0xe, 0xe, 0x10, 0x20000000, 0x15098855, 0x6, 0x2, 0xfffffffb, 0x6, 0xc, 0xfffffff7, 0x4, 0xe79, 0x7, 0x1, 0x1, 0x1, 0x4, 0x401, 0x9, 0xbdc7, 0xb, 0x1, 0x9, 0x3, 0x1, 0x6, 0x2, 0x5, 0x49, 0x5, 0x9, 0x0, 0x1, 0x1000, 0x3, 0x2, 0x6, 0x7ff, 0xb8547353], [0x4, 0xffffffff, 0x4, 0x5, 0x7ffffdff, 0x1, 0x550, 0x6, 0x2, 0xfffffffc, 0x10001, 0xc, 0x36, 0x4, 0x6, 0x1, 0x9, 0x98, 0x8, 0xe56d, 0xa4, 0x9, 0x99d, 0x8, 0x0, 0xd, 0x10001, 0xfffffffe, 0x6e38, 0x8000, 0xa, 0x6, 0x3, 0x0, 0x5, 0x7, 0x4, 0xd, 0x9, 0xfff, 0x4, 0x0, 0x40000040, 0x1, 0x8, 0x5, 0x8, 0x0, 0x34f1, 0x1ff, 0x4, 0x1b2c5a97, 0x0, 0x9, 0x8, 0x0, 0x1, 0x1, 0x6, 0x6, 0xac, 0x2, 0x54, 0xcfb9], [0x3, 0xdb8, 0x9, 0x4, 0x2, 0x200006, 0x5, 0x5, 0x2, 0x80, 0xfffffffd, 0xc8d3, 0x33, 0x9a45, 0x0, 0xee40000, 0x1, 0x1, 0x4, 0x69d, 0x8, 0xffff, 0x0, 0x0, 0x40000008, 0x2, 0x4, 0x800, 0x7, 0x9, 0x10000, 0x0, 0x1, 0xfffffffe, 0x3, 0x0, 0x4, 0x8c0, 0x9, 0x2, 0x8, 0x7, 0x6, 0x2, 0x81, 0x8, 0x1, 0x55f2, 0xdf46, 0xfffffffd, 0x7f, 0x9, 0x8000, 0x40, 0x3, 0x20002, 0xa, 0x6, 0x2, 0xffffff00, 0xda15, 0x82, 0x3, 0x10], [0x0, 0x897, 0x8, 0x246d, 0x6, 0x101, 0x7fffffff, 0xd, 0x7ff, 0x606, 0x5, 0x9, 0x80000001, 0x2, 0xb, 0x2, 0x7, 0x1, 0x7, 0x8, 0x7ff, 0xffffffff, 0x0, 0x2, 0x6, 0x20c, 0xfffffffd, 0xa18, 0x161c8, 0x6, 0x7fc, 0x101, 0xff, 0x7, 0x9, 0x5, 0x7, 0x101, 0x9, 0x3000000, 0x20e, 0x4000006, 0x7, 0xfffffffd, 0x9, 0x1, 0x4, 0x2, 0x100, 0x8, 0x3c, 0x1000, 0x3, 0x3, 0x15, 0x8000, 0x7, 0x81, 0x8, 0x7, 0xfffffffc, 0x4, 0x6, 0xeff]}, 0x45c)
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r3, 0x1e, &(0x7f0000000040)={r3}, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
getsockopt$sock_int(r8, 0x1, 0x9, 0x0, &(0x7f0000000040))
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r9, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r11 = dup3(r10, r9, 0x0)
ioctl$BINDER_WRITE_READ(r11, 0xc0306201, &(0x7f0000000640)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x400c6314}], 0xfc, 0x200000000000000, 0x0})
close(0x3)

1.30639417s ago: executing program 3 (id=409):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x7f, 0x584e4f53, 0x3, 0x2, 0x7, 0x7, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
setsockopt$sock_timeval(r0, 0x1, 0x42, &(0x7f0000003480), 0x8)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x5, 0x8, 0xf}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000000)="79ff88b1110ff97eb13e6e737a8f0eb84d66b66e0e96ea599563ea043f9dda9ec39b923fa6bad3ee97023f80335806b7159b918e5b059e49d3c340f274520efa55347c87b3de31c018de57635e6547cf0b870b157215c0145423a370f0b10d8bfa6e80c3c5d50cd2", &(0x7f00000004c0)=@udp=r3}, 0x1c)
ftruncate(r3, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
recvmmsg(r5, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
syz_open_dev$sg(0x0, 0xa, 0x400482)
sendfile(r4, r3, 0x0, 0x578410eb)

1.30271506s ago: executing program 1 (id=410):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWCHAIN={0x3c, 0x3, 0xa, 0x76a9bba1a690db0f, 0x0, 0x0, {0xa, 0x0, 0x2005}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffc}, @NFTA_CHAIN_POLICY={0x8}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x24008850}, 0x24000840)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x1d7)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0, <r4=>0x0}, &(0x7f0000000180)=0xc)
mount$overlay(0x0, &(0x7f0000000300)='./file1\x00', &(0x7f00000003c0), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@index_off}, {@nfs_export_on}], [{@fsuuid={'fsuuid', 0x3d, {[0x37, 0x62, 0x62, 0x36, 0x31, 0x39, 0x33, 0x64], 0x2d, [0x65, 0x64, 0x62, 0x35], 0x2d, [0x36, 0x66, 0x36, 0x38], 0x2d, [0x32, 0x62, 0x31, 0x38], 0x2d, [0x36, 0x33, 0x65, 0x63, 0x37, 0x34, 0x65, 0x31]}}}, {@euid_gt={'euid>', r4}}, {@permit_directio}, {@obj_user={'obj_user', 0x3d, ')/{!('}}]})
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5b5d}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @rand_addr=' \x01\x00'}]}]}, @IFLA_ALT_IFNAME={0x14, 0x35, 'gre0\x00'}]}, 0x50}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$vcsu(0xffffff9c, &(0x7f0000000040), 0x40080, 0x0)
r5 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
shutdown(r5, 0x0)
openat$ocfs2_control(0xffffff9c, &(0x7f00000000c0), 0xa0800, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20040844)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r6, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

1.013387538s ago: executing program 4 (id=411):
socket$netlink(0x10, 0x3, 0x6)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x6e880, 0x0)
syz_io_uring_setup(0x8d2, &(0x7f0000000400)={0x0, 0x2, 0x400, 0x2, 0x37d, 0x0, r0}, &(0x7f00000001c0), &(0x7f0000000080), &(0x7f0000000140))
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
io_uring_setup(0x30aa, 0x0)
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='iso9660\x00', 0x208000, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000001000010000", @ANYRES32=0x0, @ANYBLOB="21000000000000002000128008000100687372001400028008000100", @ANYRES32, @ANYBLOB="08000200", @ANYRES32, @ANYBLOB], 0x40}}, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b0000", 0x17}], 0x1}, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000480)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff88fb45000024000000000011907800000000ffffffff01004e200010907822c000010000000008ba1b7e20d90a68db020e737051ce37cbdd0ffe12360ccbc40136ac24e8ff7c8e41f4605502656e7eff0fce0a8628aa3418d2ed485fb3599c8bd694c37a2744c93b5b01e2bfb34dc61843d9a31c8f6a42c918a04a17782e3484fce63f318add60fa15e59dac7a3e1375095500aa1e3349666553cb7c0ed3"], 0x0)

811.082686ms ago: executing program 0 (id=412):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000200)={@void, @void, @eth={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x56}, @val={@void, {0x8100, 0x0, 0x0, 0x2}}, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00 \x00', 0xc, 0x11, 0x0, @empty, @mcast2, {[], {0x4f19, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x1, 0x7, 0x0, @void}}}}}}}}}, 0x46) (fail_nth: 3)

503.834169ms ago: executing program 1 (id=413):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_SECURITY(r1, 0x11, 0x4, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd88, 0x5}) (async)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000) (async)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0)
mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil) (async)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) (async)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"})
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(0xffffffffffffffff, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) (async)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) (async)
close_range(r0, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x229})
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r3 = getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)

430.685955ms ago: executing program 0 (id=414):
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0)
dup(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x204031, 0xffffffffffffffff, 0xffffd000)
sendmmsg$inet6(r1, &(0x7f00000001c0)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x1, @local, 0xa}, 0x1c, 0x0}}], 0x1, 0x20084800) (fail_nth: 3)

330.679523ms ago: executing program 1 (id=415):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
r2 = socket(0x10, 0x80003, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x67, 0x0, @rand_addr, @broadcast}, @time_exceeded={0x21, 0x0, 0x0, 0x12, 0x0, 0x2802, {0xf, 0x2, 0x0, 0x0, 0x24, 0x0, 0x9, 0xff, 0x0, 0x0, @local, @rand_addr=0xe0000000, {[@cipso={0x86, 0x1a, 0x0, [{0x2, 0xa, "f431c75babfefed0"}, {0x6, 0xa, "8e43df872afe33dd"}]}, @timestamp_addr={0x44, 0xc, 0x6b, 0x1, 0xa, [{@dev={0xac, 0x14, 0x14, 0x1d}}]}]}}}}}}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x209a, 0x0, &(0x7f0000000400)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0xda, 0x0, 0x1}, 0x48)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000100)={r3, 0x58, &(0x7f0000000400)}, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newqdisc={0x254, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x228, 0x2, [@TCA_RED_STAB={0x104, 0x2, "8b8f3405db3fa4d5c15a3651d080b8e374906f0947b6fe4268ba395bbd93a4f9b29b08a617608b1d16510394e38d83f7d331dd7c2ba24ddf1b6206389b994fc5906da205cf26d68993675cd77e1029498c2683783cef0a32cf1f5e7c6282d73c2a64a5ba6631ce4160d898899aadb3834937066a7a770d94725e08ae13012b5d662982ba4c9c5a4e61570779024306b3b6a5381f59b37dfcfc5092fa320cf2bad3369f3981bb69c4ed0577d07568ff3d3b1ab2487f3f2c21ca792ea7f9f0490554b53e09ba92b7f4b9b941b2ce546f6d62d2e05bc5519132474256beb075d50e72e9c55488bb472f3b4570d4c6806b2e873237c8d05c579c10155d6028716e68"}, @TCA_RED_MAX_P={0x8, 0x3, 0x4}, @TCA_RED_STAB={0x104, 0x2, "055d7370afe5af9a4d5757d6822db72cec7101f5c7b1a6acc37d7a6ca825b38ab07be12c56e3010648ab1b8052b4ca6c6e729879bb55325173c4d687df346046112b22275e7b8473c9cb3876510afef3e19342da2b555e535716a4f057c2963fa8d6a3d55914287a919f40a074225e5f0b60fa8ddfe696023a6d426b53c41f5f16dd29b34c12cf22c70191db8043b124033700c89fc16eb3fe1e1ab9b1f648d9c3a5aa6cec2173dd441dc99c6b136977ca36022e3bfff68275fe081fcb5f235b95f6784e998f227e0552cb2e6695f06caf0f4ad8425cd716468757449039a703a15f1c888e99c1eb41820733ae0063e96bf325ec81c01b8b7a86ed75d8a7011d"}, @TCA_RED_PARMS={0x14, 0x1, {0x8001, 0x0, 0x7, 0xd, 0xe, 0x18, 0x1}}]}}]}, 0x254}, 0x1, 0x0, 0x0, 0x2000000}, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd28, 0x25dfdc02, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bridge_slave_1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0xc890}, 0x20004000)
execve(&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)={[&(0x7f0000000180)='rxe\x00', &(0x7f00000001c0)='bridge_slave_1\x00', &(0x7f0000000200)='(\x00']}, &(0x7f0000000300)={[&(0x7f0000000280)='@\x00', &(0x7f00000002c0)='^\\']})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000500)={0x0, 0x200, 0x0, 'queue0\x00', 0x1fd})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x40605346, &(0x7f0000000440)={0x0, 0x0, {0x1, 0x2, 0x0, 0x1, 0x1}, 0x801})
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
write$sndseq(r7, &(0x7f0000000080)=[{0x1e, 0x0, 0x8, 0xfd, @tick, {}, {}, @result}], 0x5c)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = openat$tun(0xffffff9c, &(0x7f0000000340), 0x2000, 0x0)
ioctl$TUNSETVNETBE(r8, 0x400454de, &(0x7f00000003c0)=0x1)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e0000001000000"], 0x88}}, 0x0)

0s ago: executing program 4 (id=416):
syz_emit_ethernet(0x46, &(0x7f00000005c0)=ANY=[@ANYBLOB="aa0000000000000008000000080049ca003800661a2b2500005c069078b914010100890bf0e00000010000000088020000004e204e21af3e06cc7c9ef47bb1b1892c7c58ea12002ec9465da35622d86da804a12ba34138f602dbdee9aed65be1fe07b152006b981f6a0b29a2817593ccaa46eaed689de6ca3623aa031c416b6bddb4da7dbc928b509819a9dd5422bc794a5211b82eb6eda17156c50f81ed04f02ab688", @ANYRES32=0x0, @ANYRES32=0x41424344, @ANYRESOCT=0x0], 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a2c000000000a01040000000000000000010080030900010073797a30000000000900010073797a31000000002c000000030a010100000000000000000100fffd0900010073797a30000000000900030073797a320000000058000000060a010400000000000000000100000008000b4000000000300004802c0001800c00010062697477697365001c00028008000140000004140800024000000012080003400000053d0900010073797a300000000049fdffff1100010000000000000000000700000af7add90e224cc28efdcff6654262f7a98041e2953dbcc727e775e4516be3745e37c0d9f7c2d94a287d0d1b76e98e1a5b2a5d57c330ce21f14b808e4f91b571e7d3e71d0a81a0c151212c67e2bcfba49e2bda3df6f6bab485824c57d89aba7fc8efbf15d3de01289ae72bcfd843b2d3f430fd55280e6ed57e0918887dfc579c84bc27d286abbeb089af0c25b57ba884bcc0eb06e5d1c51853a5b9616d7456f7220eccf56e667a5490"], 0xd8}}, 0x0)
r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd)
ioctl$TCSETSF2(r1, 0x402c542d, &(0x7f0000000040)={0x7, 0x3, 0x28, 0x200, 0xc2, "0b066448ef342702154d39ab3d4b4a05742d86", 0x3, 0x4})
syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x210, 0x10080)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000040)={0x0})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc00c64b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0, 0x0, <r3=>0x0], 0x3})
mknod(&(0x7f00000048c0)='./file0\x00', 0x0, 0xffffffff)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
pipe2$watch_queue(&(0x7f0000000380)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
read$FUSE(r5, &(0x7f0000004900)={0x2020, 0x0, <r6=>0x0, 0x0, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000240)={0x50, 0x0, r6, {0x7, 0x1f, 0x0, 0x10000000}}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, &(0x7f0000000400))
syz_fuse_handle_req(r4, &(0x7f0000008380)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008df76a250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea21056000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000131a5d9400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x1)
fcntl$lock(r8, 0x7, &(0x7f0000000000)={0x1, 0x0, 0x9ae, 0x6, r7})
r9 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000240), 0x3, 0x0)
ioctl$SNAPSHOT_GET_IMAGE_SIZE(r9, 0x8008330e, 0x0)
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000001b40)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
syz_open_dev$loop(&(0x7f0000000040), 0x100013, 0xa4a82)
r10 = syz_pidfd_open(0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x12040, 0x102)
process_madvise(r10, &(0x7f0000000900)=[{0x0, 0xf4}, {&(0x7f0000000000)="c7", 0x1}], 0x2, 0xd, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc01c64b9, &(0x7f0000000180)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0], 0x5, r3, 0xe0e0e0e0})

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:35493' (ED25519) to the list of known hosts.
[   57.132793][ T5946] cgroup: Unknown subsys name 'net'
[   57.288259][ T5946] cgroup: Unknown subsys name 'cpuset'
[   57.295267][ T5946] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.411615][ T5946] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   62.744846][ T5965] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   62.761107][ T5971] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   62.765713][ T5971] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   62.770356][ T5971] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   62.774840][ T5971] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   62.780258][ T5971] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   62.781659][ T5976] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   62.782541][ T5977] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   62.783434][ T5977] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   62.784946][ T5979] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   62.785621][ T5971] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   62.786122][ T5978] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   62.788398][ T5976] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   62.789704][ T5978] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   62.790095][ T5978] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   62.792059][ T5979] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   62.792600][ T5979] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   62.794961][ T5974] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   62.801574][ T5971] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   62.823529][ T5971] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   63.179650][ T5973] chnl_net:caif_netlink_parms(): no params data found
[   63.246734][ T5968] chnl_net:caif_netlink_parms(): no params data found
[   63.308068][ T5963] chnl_net:caif_netlink_parms(): no params data found
[   63.355296][ T5973] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.359878][ T5973] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.362915][ T5973] bridge_slave_0: entered allmulticast mode
[   63.378135][ T5973] bridge_slave_0: entered promiscuous mode
[   63.409954][ T5973] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.412677][ T5973] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.416667][ T5973] bridge_slave_1: entered allmulticast mode
[   63.420088][ T5973] bridge_slave_1: entered promiscuous mode
[   63.471473][ T5967] chnl_net:caif_netlink_parms(): no params data found
[   63.498604][ T5973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.542624][ T5973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.557931][ T5968] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.561021][ T5968] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.564049][ T5968] bridge_slave_0: entered allmulticast mode
[   63.567353][ T5968] bridge_slave_0: entered promiscuous mode
[   63.572017][ T5968] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.574522][ T5968] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.576874][ T5968] bridge_slave_1: entered allmulticast mode
[   63.579546][ T5968] bridge_slave_1: entered promiscuous mode
[   63.620280][ T5963] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.623637][ T5963] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.627060][ T5963] bridge_slave_0: entered allmulticast mode
[   63.631375][ T5963] bridge_slave_0: entered promiscuous mode
[   63.639920][ T5973] team0: Port device team_slave_0 added
[   63.644668][ T5968] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.649848][ T5968] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.657216][ T5963] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.660131][ T5963] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.663551][ T5963] bridge_slave_1: entered allmulticast mode
[   63.667632][ T5963] bridge_slave_1: entered promiscuous mode
[   63.684858][ T5973] team0: Port device team_slave_1 added
[   63.717035][ T5968] team0: Port device team_slave_0 added
[   63.720724][ T5968] team0: Port device team_slave_1 added
[   63.729302][ T5963] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.752045][ T5967] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.754442][ T5967] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.756778][ T5967] bridge_slave_0: entered allmulticast mode
[   63.759510][ T5967] bridge_slave_0: entered promiscuous mode
[   63.762940][ T5967] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.765633][ T5967] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.769284][ T5967] bridge_slave_1: entered allmulticast mode
[   63.773688][ T5967] bridge_slave_1: entered promiscuous mode
[   63.779787][ T5963] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.784495][ T5973] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.787048][ T5973] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   63.795830][ T5973] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.800720][ T5968] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.803599][ T5968] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   63.811863][ T5968] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.840407][ T5973] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.842852][ T5973] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   63.852202][ T5973] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.862313][ T5968] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.866289][ T5968] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   63.878034][ T5968] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.884738][ T5967] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.889844][ T5967] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.920169][ T5963] team0: Port device team_slave_0 added
[   63.923661][ T5963] team0: Port device team_slave_1 added
[   63.926713][ T5967] team0: Port device team_slave_0 added
[   63.930047][ T5967] team0: Port device team_slave_1 added
[   63.954880][ T5963] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.957892][ T5963] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   63.969239][ T5963] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.004872][ T5963] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.008300][ T5963] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.019568][ T5963] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.028722][ T5973] hsr_slave_0: entered promiscuous mode
[   64.032080][ T5973] hsr_slave_1: entered promiscuous mode
[   64.036057][ T5967] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.039002][ T5967] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.048981][ T5967] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.058769][ T5968] hsr_slave_0: entered promiscuous mode
[   64.061916][ T5968] hsr_slave_1: entered promiscuous mode
[   64.065133][ T5968] debugfs: 'hsr0' already exists in 'hsr'
[   64.067329][ T5968] Cannot create hsr debugfs directory
[   64.077184][ T5967] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.079990][ T5967] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.089656][ T5967] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.195254][ T5967] hsr_slave_0: entered promiscuous mode
[   64.198075][ T5967] hsr_slave_1: entered promiscuous mode
[   64.201104][ T5967] debugfs: 'hsr0' already exists in 'hsr'
[   64.203846][ T5967] Cannot create hsr debugfs directory
[   64.242207][ T5963] hsr_slave_0: entered promiscuous mode
[   64.246032][ T5963] hsr_slave_1: entered promiscuous mode
[   64.248987][ T5963] debugfs: 'hsr0' already exists in 'hsr'
[   64.251432][ T5963] Cannot create hsr debugfs directory
[   64.533404][ T5968] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   64.540171][ T5968] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   64.548231][ T5968] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   64.554161][ T5968] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   64.562382][ T5968] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   64.566846][ T5968] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   64.569629][ T5968] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   64.574965][ T5968] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   64.629247][ T5973] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   64.640836][ T5973] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   64.644258][ T5973] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   64.649844][ T5973] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   64.657172][ T5973] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   64.664321][ T5973] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   64.668658][ T5973] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   64.674743][ T5973] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   64.730734][ T5967] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   64.740392][ T5967] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   64.748518][ T5967] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   64.753464][ T5967] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   64.756854][ T5967] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   64.761569][ T5967] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   64.765822][ T5967] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   64.770344][ T5967] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   64.861645][ T5963] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   64.871206][ T5963] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   64.874702][ T5971] Bluetooth: hci3: command tx timeout
[   64.878319][ T5963] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   64.884713][ T5971] Bluetooth: hci0: command tx timeout
[   64.885496][ T5974] Bluetooth: hci2: command tx timeout
[   64.887017][ T5963] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   64.893293][   T62] Bluetooth: hci1: command tx timeout
[   64.894493][ T5968] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.904334][ T5963] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   64.910299][ T5963] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   64.914608][ T5963] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   64.921119][ T5963] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   64.958901][ T5968] 8021q: adding VLAN 0 to HW filter on device team0
[   64.981289][  T600] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.984647][  T600] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.992718][ T5973] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.017339][  T600] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.020004][  T600] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.044480][ T5967] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.061358][ T5973] 8021q: adding VLAN 0 to HW filter on device team0
[   65.075645][ T5967] 8021q: adding VLAN 0 to HW filter on device team0
[   65.081388][   T86] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.083799][   T86] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.100401][  T600] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.103534][  T600] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.110953][  T600] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.114066][  T600] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.129096][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.131456][ T1160] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.181277][ T5963] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.205275][ T5963] 8021q: adding VLAN 0 to HW filter on device team0
[   65.220221][   T14] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.222747][   T14] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.238093][  T101] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.241137][  T101] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.307331][ T5973] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.353769][ T5968] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.366989][ T5973] veth0_vlan: entered promiscuous mode
[   65.381396][ T5967] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.392967][ T5973] veth1_vlan: entered promiscuous mode
[   65.439356][ T5968] veth0_vlan: entered promiscuous mode
[   65.449359][ T5963] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.460222][ T5968] veth1_vlan: entered promiscuous mode
[   65.464113][ T5973] veth0_macvtap: entered promiscuous mode
[   65.470645][ T5967] veth0_vlan: entered promiscuous mode
[   65.473967][ T5973] veth1_macvtap: entered promiscuous mode
[   65.486930][ T5973] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.490324][ T5967] veth1_vlan: entered promiscuous mode
[   65.500353][ T5973] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.515823][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.518810][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.531319][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.536199][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.542145][ T5968] veth0_macvtap: entered promiscuous mode
[   65.549741][ T5968] veth1_macvtap: entered promiscuous mode
[   65.570046][ T5963] veth0_vlan: entered promiscuous mode
[   65.585074][ T5967] veth0_macvtap: entered promiscuous mode
[   65.596857][ T5968] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.599949][ T5963] veth1_vlan: entered promiscuous mode
[   65.612642][ T5967] veth1_macvtap: entered promiscuous mode
[   65.631844][ T5968] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.652557][ T5967] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.669246][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.674961][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.680685][ T5967] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.687017][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.687688][  T101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.695829][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.696136][  T101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.718038][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.740917][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.741731][  T101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.743952][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.747068][  T101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.764201][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.775267][ T5963] veth0_macvtap: entered promiscuous mode
[   65.806125][ T5963] veth1_macvtap: entered promiscuous mode
[   65.818963][ T5973] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   65.842677][  T600] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.852185][  T600] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.868240][  T101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.869112][ T5963] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.880624][  T101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.904022][ T5963] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.940531][  T600] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.943890][  T600] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.947888][ T1160] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.950731][ T1160] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.960466][ T1160] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.963853][ T1160] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.968477][  T600] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.971648][  T600] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.016001][   T86] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.020995][   T86] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.082983][ T1160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.095475][ T1160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.340668][ T6061] overlayfs: failed to resolve './bus': -2
[   66.373502][ T6061] gre0: entered promiscuous mode
[   66.379709][ T6061] gre0: entered allmulticast mode
qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0xca000)
[   66.654509][ T6068] binder: 6051:6068 ioctl c0306201 80000640 returned -22
[   66.685171][ T1126] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[   66.688849][ T1126] ata1: failed to read log page 10h (errno=-5)
[   66.691584][ T1126] ata1.00: exception Emask 0x1 SAct 0xc000 SErr 0x0 action 0x0
[   66.695270][ T1126] ata1.00: irq_stat 0x41000000
[   66.697703][ T1126] ata1.00: failed command: READ FPDMA QUEUED
[   66.700756][ T1126] ata1.00: cmd 60/50:70:1e:7b:03/06:00:00:00:00/40 tag 14 ncq dma 827392 in
[   66.700756][ T1126]          res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[   66.708030][ T1126] ata1.00: status: { DRDY }
[   66.711620][ T1126] ata1.00: failed command: READ FPDMA QUEUED
[   66.714463][ T1126] ata1.00: cmd 60/c8:78:0e:99:03/02:00:00:00:00/40 tag 15 ncq dma 364544 in
[   66.714463][ T1126]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[   66.720555][ T1126] ata1.00: status: { DRDY }
[   66.722247][ T1126] ata1.00: error: { ABRT }
[   66.726827][ T1126] ata1.00: configured for UDMA/100
[   66.728970][ T1126] sd 0:0:0:0: [sda] tag#14 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[   66.732368][ T1126] sd 0:0:0:0: [sda] tag#14 Sense Key : Aborted Command [current] 
[   66.732480][ T6069] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4'.
[   66.736127][ T1126] sd 0:0:0:0: [sda] tag#14 Add. Sense: No additional sense information
[   66.743665][ T1126] sd 0:0:0:0: [sda] tag#14 CDB: Read(10) 28 00 00 03 7b 1e 00 06 50 00
[   66.747380][ T1126] I/O error, dev sda, sector 228126 op 0x0:(READ) flags 0x80700 phys_seg 42 prio class 2
[   66.752453][ T1126] sd 0:0:0:0: [sda] tag#15 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[   66.757144][ T1126] sd 0:0:0:0: [sda] tag#15 Sense Key : Aborted Command [current] 
[   66.761055][ T1126] sd 0:0:0:0: [sda] tag#15 Add. Sense: No additional sense information
[   66.764408][ T1126] sd 0:0:0:0: [sda] tag#15 CDB: Read(10) 28 00 00 03 99 0e 00 02 c8 00
[   66.767283][ T1126] I/O error, dev sda, sector 235790 op 0x0:(READ) flags 0x80700 phys_seg 12 prio class 2
[   66.771392][ T1126] ata1: EH complete
[   66.952506][ T6069] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4'.
[   66.958980][ T6070] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4'.
[   66.963210][ T5974] Bluetooth: hci2: command tx timeout
[   66.965470][ T5974] Bluetooth: hci1: command tx timeout
[   66.966349][   T62] Bluetooth: hci0: command tx timeout
[   66.966427][ T5971] Bluetooth: hci3: command tx timeout
[   67.165493][ T6069] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4'.
[   67.274182][ T6070] bond0: entered promiscuous mode
[   67.276232][ T6070] bond_slave_0: entered promiscuous mode
[   67.278445][ T6070] bond_slave_1: entered promiscuous mode
[   67.286067][ T6070] gretap0: entered promiscuous mode
[   67.293353][ T6070] hsr1: entered promiscuous mode
[   67.780821][ T6080] netfs: Couldn't get user pages (rc=-14)
[   67.904217][ T6078] gretap1: entered promiscuous mode
[   67.934786][ T6078] batman_adv: batadv0: Adding interface: gretap1
[   67.937824][ T6078] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500.
[   67.974539][ T6078] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active
[   68.201593][ T6085] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8'.
[   68.288288][ T6089] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8'.
[   68.331151][ T6091] overlayfs: failed to resolve './bus': -2
[   68.332178][ T6085] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8'.
[   68.393809][ T6091] gre0: entered promiscuous mode
[   68.395463][ T6091] gre0: entered allmulticast mode
[   68.460034][ T6085] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8'.
[   69.034077][   T62] Bluetooth: hci3: command tx timeout
[   69.034679][ T5974] Bluetooth: hci2: command tx timeout
[   69.037495][   T62] Bluetooth: hci1: command tx timeout
[   69.044413][   T62] Bluetooth: hci0: command tx timeout
[   69.425169][ T6112] binder: 6097:6112 ioctl c0306201 80000640 returned -22
[   69.452788][ T6104] netlink: 32 bytes leftover after parsing attributes in process `syz.2.9'.
[   69.536099][ T6115] netlink: 'syz.2.9': attribute type 10 has an invalid length.
[   69.544038][ T6109] gre0: entered promiscuous mode
[   69.548941][ T6109] gre0: entered allmulticast mode
[   69.592964][ T6115] syz_tun: entered promiscuous mode
[   69.630536][ T6113] binder: 6107:6113 ioctl c0306201 80000640 returned -22
[   69.667953][ T6115] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[   71.077115][ T6140] binder: 6134:6140 ioctl c0306201 80000640 returned -22
[   71.113481][   T62] Bluetooth: hci2: command tx timeout
[   71.115655][ T5974] Bluetooth: hci3: command tx timeout
[   71.116198][   T62] Bluetooth: hci0: command tx timeout
[   71.119270][ T5317] Bluetooth: hci1: command tx timeout
[   71.292406][ T6142] gretap1: entered promiscuous mode
[   71.303979][ T6142] batman_adv: batadv0: Adding interface: gretap1
[   71.309068][ T6142] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500.
[   71.340477][ T6142] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active
[   71.583404][ T6147] netlink: 12 bytes leftover after parsing attributes in process `syz.1.17'.
[   71.764980][ T6149] bond0: entered promiscuous mode
[   71.769153][ T6149] bond_slave_0: entered promiscuous mode
[   71.772665][ T6149] bond_slave_1: entered promiscuous mode
[   71.781016][ T6149] gretap0: entered promiscuous mode
[   71.790586][ T6149] debugfs: 'hsr1' already exists in 'hsr'
[   71.792619][ T6149] Cannot create hsr debugfs directory
[   71.803954][ T6149] hsr1: entered promiscuous mode
[   72.140959][ T6147] __nla_validate_parse: 2 callbacks suppressed
[   72.141549][ T6147] netlink: 12 bytes leftover after parsing attributes in process `syz.1.17'.
[   74.900260][ T6174] netlink: 32 bytes leftover after parsing attributes in process `syz.0.21'.
[   77.168445][ T1431] ieee802154 phy0 wpan0: encryption failed: -22
[   77.172189][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[   78.640245][ T6193] IPVS: set_ctl: invalid protocol: 103 172.20.20.24:20001
[   78.645821][   T34] IPVS: starting estimator thread 0...
[   78.658504][ T6193] IPVS: lblc: FWM 3 0x00000003 - no destination available
[   78.754247][ T6197] IPVS: using max 43 ests per chain, 103200 per kthread
[   78.908223][ T6196] comedi comedi2: pcm3724: I/O port conflict (0x8,16)
[   79.292629][ T6199] syz.3.27 uses obsolete (PF_INET,SOCK_PACKET)
[   79.894429][ T6201] nbd0: detected capacity change from 0 to 128
[   80.244071][ T5974] block nbd0: Receive control failed (result -104)
[   80.248923][ T5317] block nbd0: Receive control failed (result -32)
[   80.668222][ T6220] loop1: detected capacity change from 0 to 7
[   80.688614][    C2] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   80.701243][ T6221] netlink: 12 bytes leftover after parsing attributes in process `syz.1.30'.
[   80.746627][ T5966] Buffer I/O error on dev loop1, logical block 0, async page read
[   80.754873][ T5966] Buffer I/O error on dev loop1, logical block 0, async page read
[   80.760611][ T6220] trusted_key: encrypted_key: insufficient parameters specified
[   80.766191][ T5966] Buffer I/O error on dev loop1, logical block 0, async page read
[   80.776382][ T5966] Buffer I/O error on dev loop1, logical block 0, async page read
[   80.786429][ T5966] Buffer I/O error on dev loop1, logical block 0, async page read
[   80.811664][ T6222] binder: 6211:6222 ioctl c0306201 80000640 returned -22
[   80.857224][ T6221] netlink: 12 bytes leftover after parsing attributes in process `syz.1.30'.
[   80.892483][ T6225] netlink: 8 bytes leftover after parsing attributes in process `syz.1.30'.
[   81.196102][ T6221] netlink: 12 bytes leftover after parsing attributes in process `syz.1.30'.
[   81.954566][ T6233] netlink: 14 bytes leftover after parsing attributes in process `syz.1.34'.
[   82.194597][ T6236] netlink: 16 bytes leftover after parsing attributes in process `syz.1.36'.
[   82.375636][ T6249] binder: 6237:6249 ioctl c0306201 80000640 returned -22
[   84.549140][ T6263] binder: 6256:6263 ioctl c0306201 80000640 returned -22
[   84.638803][ T6261] netfs: Couldn't get user pages (rc=-14)
[   84.772235][ T6267] netlink: 12 bytes leftover after parsing attributes in process `syz.2.42'.
[   84.847547][ T6269] netlink: 16 bytes leftover after parsing attributes in process `syz.2.42'.
[   84.851520][ T6267] netlink: 12 bytes leftover after parsing attributes in process `syz.2.42'.
[   84.879371][ T6269] bond0: entered promiscuous mode
[   84.885726][ T6269] bond_slave_0: entered promiscuous mode
[   84.890712][ T6269] bond_slave_1: entered promiscuous mode
[   84.895596][ T6269] gretap0: entered promiscuous mode
[   84.898548][ T6269] debugfs: 'hsr1' already exists in 'hsr'
[   84.900589][ T6269] Cannot create hsr debugfs directory
[   84.902508][ T6269] hsr1: entered promiscuous mode
[   84.947552][ T6267] netlink: 12 bytes leftover after parsing attributes in process `syz.2.42'.
[   85.391476][ T6279] fuse: Bad value for 'fd'
[   85.441484][ T6278] FAULT_INJECTION: forcing a failure.
[   85.441484][ T6278] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   85.445907][ T6278] CPU: 1 UID: 0 PID: 6278 Comm: syz.0.44 Not tainted syzkaller #0 PREEMPT(full) 
[   85.445934][ T6278] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.445960][ T6278] Call Trace:
[   85.445965][ T6278]  <TASK>
[   85.445970][ T6278]  dump_stack_lvl+0x100/0x190
[   85.445990][ T6278]  should_fail_ex.cold+0x5/0xa
[   85.446005][ T6278]  _copy_from_user+0x2e/0xd0
[   85.446023][ T6278]  get_compat_msghdr+0xb3/0x4b0
[   85.446036][ T6278]  ? __pfx_get_compat_msghdr+0x10/0x10
[   85.446049][ T6278]  ? rcu_is_watching+0x12/0xc0
[   85.446064][ T6278]  ? ___sys_recvmsg+0x177/0x1a0
[   85.446079][ T6278]  ? kfree+0x1dd/0x6c0
[   85.446097][ T6278]  ___sys_recvmsg+0x193/0x1a0
[   85.446111][ T6278]  ? __pfx____sys_recvmsg+0x10/0x10
[   85.446133][ T6278]  ? __pfx___might_resched+0x10/0x10
[   85.446148][ T6278]  do_recvmmsg+0x563/0x760
[   85.446164][ T6278]  ? __pfx_do_recvmmsg+0x10/0x10
[   85.446180][ T6278]  ? ksys_write+0x190/0x250
[   85.446192][ T6278]  ? ksys_write+0x190/0x250
[   85.446207][ T6278]  ? __fget_files+0x215/0x3d0
[   85.446219][ T6278]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   85.446241][ T6278]  __sys_recvmmsg+0x21f/0x270
[   85.446253][ T6278]  ? __pfx___sys_recvmmsg+0x10/0x10
[   85.446265][ T6278]  ? ksys_write+0x1ac/0x250
[   85.446278][ T6278]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[   85.446290][ T6278]  ? __do_fast_syscall_32+0x98/0x950
[   85.446300][ T6278]  ? lockdep_hardirqs_on+0x78/0x100
[   85.446315][ T6278]  __do_fast_syscall_32+0xe7/0x950
[   85.446324][ T6278]  ? lockdep_hardirqs_on+0x78/0x100
[   85.446340][ T6278]  do_fast_syscall_32+0x32/0x70
[   85.446354][ T6278]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   85.446369][ T6278] RIP: 0023:0xf7f15fcc
[   85.446378][ T6278] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[   85.446388][ T6278] RSP: 002b:00000000f53b550c EFLAGS: 00000292 ORIG_RAX: 0000000000000151
[   85.446401][ T6278] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000d80
[   85.446407][ T6278] RDX: 00000000000001e9 RSI: 0000000000010162 RDI: 0000000000000000
[   85.446413][ T6278] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   85.446419][ T6278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.446425][ T6278] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   85.446437][ T6278]  </TASK>
[   85.705508][ T6284] netlink: 16 bytes leftover after parsing attributes in process `syz.2.46'.
[   86.213506][ T6290] binder: 6286:6290 ioctl c0306201 80000640 returned -22
[   86.425815][ T6295] IPVS: lblc: FWM 3 0x00000003 - no destination available
[   86.633776][ T6297] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   86.641071][ T6297] xt_TPROXY: Can be used only with -p tcp or -p udp
[   86.863967][ T6302] overlayfs: upper fs does not support tmpfile.
[   87.403704][ T1035] cfg80211: failed to load regulatory.db
[   87.700890][   T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   87.813965][ T6321] binder: 6316:6321 ioctl 80345621 80000000 returned -22
[   87.820007][ T6321] binder: 6316:6321 ioctl 4002f516 0 returned -22
[   87.893188][   T24] usb 7-1: Using ep0 maxpacket: 32
[   87.906839][   T24] usb 7-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[   87.912527][   T24] usb 7-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[   87.921224][   T24] usb 7-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   87.933431][   T24] usb 7-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[   87.950565][   T24] usb 7-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[   87.955554][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.958332][   T24] usb 7-1: Product: syz
[   87.959733][   T24] usb 7-1: Manufacturer: syz
[   87.961455][   T24] usb 7-1: SerialNumber: syz
[   88.045427][    C2] imon 7-1:155.0: imon usb_rx_callback_intf0: status(-71)
[   88.097454][   T24] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/input/input5
[   88.293278][   T24] imon 7-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[   88.297151][   T24]  (id 0x00)
[   88.493261][   T24] rc_core: IR keymap rc-imon-pad not found
[   88.495799][   T24] Registered IR keymap rc-empty
[   88.502841][   T24] imon 7-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[   88.506825][   T24] imon 7-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[   88.546689][   T24] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0
[   88.578738][   T24] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0/input6
[   88.654640][   T24] imon 7-1:155.0: iMON device (15c2:ffdc, intf0) on usb<7:2> initialized
[   89.024452][ T6331] random: crng reseeded on system resumption
[   89.188065][ T6338] netlink: 8 bytes leftover after parsing attributes in process `syz.0.56'.
[   89.202691][ T6338] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[   89.209302][ T6338] 8021q: adding VLAN 0 to HW filter on device macsec1
[   89.287345][ T6340] netlink: 68 bytes leftover after parsing attributes in process `syz.0.56'.
[   90.147780][ T6346] binder: 6334:6346 ioctl c0306201 80000640 returned -22
[   90.828281][ T6361] overlayfs: missing 'lowerdir'
[   90.832547][ T6361] gre0: entered promiscuous mode
[   90.833569][ T6360] FAULT_INJECTION: forcing a failure.
[   90.833569][ T6360] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   90.834676][ T6361] gre0: entered allmulticast mode
[   90.839723][ T6360] CPU: 1 UID: 0 PID: 6360 Comm: syz.1.63 Not tainted syzkaller #0 PREEMPT(full) 
[   90.839764][ T6360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   90.839775][ T6360] Call Trace:
[   90.839782][ T6360]  <TASK>
[   90.839789][ T6360]  dump_stack_lvl+0x100/0x190
[   90.839819][ T6360]  should_fail_ex.cold+0x5/0xa
[   90.839845][ T6360]  _copy_from_user+0x2e/0xd0
[   90.839874][ T6360]  get_compat_msghdr+0xb3/0x4b0
[   90.839897][ T6360]  ? __pfx_get_compat_msghdr+0x10/0x10
[   90.839917][ T6360]  ? rcu_is_watching+0x12/0xc0
[   90.839944][ T6360]  ? ___sys_recvmsg+0x177/0x1a0
[   90.839967][ T6360]  ? kfree+0x1dd/0x6c0
[   90.839994][ T6360]  ___sys_recvmsg+0x193/0x1a0
[   90.840017][ T6360]  ? __pfx____sys_recvmsg+0x10/0x10
[   90.840053][ T6360]  ? __pfx___might_resched+0x10/0x10
[   90.840077][ T6360]  do_recvmmsg+0x563/0x760
[   90.840103][ T6360]  ? __pfx_do_recvmmsg+0x10/0x10
[   90.840125][ T6360]  ? lockdep_hardirqs_on+0x78/0x100
[   90.840158][ T6360]  ? rcu_is_watching+0x12/0xc0
[   90.840177][ T6360]  ? trace_sched_exit_tp+0x11c/0x160
[   90.840210][ T6360]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   90.840242][ T6360]  __sys_recvmmsg+0x21f/0x270
[   90.840267][ T6360]  ? __pfx___sys_recvmmsg+0x10/0x10
[   90.840292][ T6360]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[   90.840313][ T6360]  ? __do_fast_syscall_32+0x98/0x950
[   90.840328][ T6360]  ? lockdep_hardirqs_on+0x78/0x100
[   90.840353][ T6360]  __do_fast_syscall_32+0xe7/0x950
[   90.840367][ T6360]  ? lockdep_hardirqs_on+0x78/0x100
[   90.840393][ T6360]  do_fast_syscall_32+0x32/0x70
[   90.840409][ T6360]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   90.840430][ T6360] RIP: 0023:0xf7f32fcc
[   90.840444][ T6360] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[   90.840459][ T6360] RSP: 002b:00000000f53b450c EFLAGS: 00000292 ORIG_RAX: 0000000000000151
[   90.840476][ T6360] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000d80
[   90.840486][ T6360] RDX: 00000000000001e9 RSI: 0000000000010162 RDI: 0000000000000000
[   90.840495][ T6360] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   90.840504][ T6360] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[   90.840514][ T6360] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   90.840535][ T6360]  </TASK>
[   91.212533][ T6337] imon:send_packet: task interrupted
[   91.224953][ T6337] imon:send_packet: packet tx failed (-512)
[   91.250954][ T6337] imon:vfd_write: send packet #1 failed
[   91.672244][ T6370] faux_driver vkms: [drm] Unknown color mode 6; guessing buffer size.
[   91.943151][   T24] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   92.103150][   T24] usb 8-1: Using ep0 maxpacket: 8
[   92.109516][   T24] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   92.119663][   T24] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   92.124354][   T24] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   92.129943][   T24] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   92.139630][   T24] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   92.148670][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.198861][ T6045] usb 7-1: USB disconnect, device number 2
[   92.368658][   T24] usb 8-1: GET_CAPABILITIES returned 0
[   92.370578][   T24] usbtmc 8-1:16.0: can't read capabilities
[   92.430460][ T6381] netlink: 12 bytes leftover after parsing attributes in process `syz.2.69'.
[   92.513285][ T6381] netlink: 12 bytes leftover after parsing attributes in process `syz.2.69'.
[   92.558290][ T6386] netlink: 16 bytes leftover after parsing attributes in process `syz.2.69'.
[   92.589247][ T6381] netlink: 12 bytes leftover after parsing attributes in process `syz.2.69'.
[   92.627858][ T6390] overlayfs: missing 'lowerdir'
[   94.887238][   T50] usb 8-1: USB disconnect, device number 2
[   95.141885][ T6423] gretap1: entered promiscuous mode
[   95.145197][ T6423] batman_adv: batadv0: Adding interface: gretap1
[   95.147866][ T6423] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500.
[   95.158022][ T6423] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active
[   95.334808][ T6427] warning: `syz.0.80' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   97.605795][ T6449] netlink: 4 bytes leftover after parsing attributes in process `syz.3.85'.
[   97.615682][ T6449] netlink: 12 bytes leftover after parsing attributes in process `syz.3.85'.
[   97.638855][ T6451] syzkaller0: entered promiscuous mode
[   97.640694][ T6451] syzkaller0: entered allmulticast mode
[   99.524559][ T6470] sp0: Synchronizing with TNC
[   99.554623][ T6470] sp0: Found TNC
[   99.559460][ T6469] [U] è`
[   99.677469][ T5967] bond0: (slave syz_tun): Releasing backup interface
[   99.827394][  T217] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.955916][  T217] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.049393][ T5974] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  100.066261][ T5974] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  100.070615][ T5974] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  100.075441][ T5974] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  100.078382][ T5974] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  100.106754][  T217] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.230158][ T6479] chnl_net:caif_netlink_parms(): no params data found
[  100.297002][  T217] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.394458][ T6479] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.398231][ T6479] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.401140][ T6479] bridge_slave_0: entered allmulticast mode
[  100.404653][ T6479] bridge_slave_0: entered promiscuous mode
[  100.414478][ T6479] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.417041][ T6479] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.419566][ T6479] bridge_slave_1: entered allmulticast mode
[  100.473739][ T6479] bridge_slave_1: entered promiscuous mode
[  101.151155][ T6482] infiniband syz0: set active
[  101.157165][ T6482] infiniband syz0: added bridge_slave_1
[  101.223207][ T6482] smbdirect: ib_dev[syz0]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000
[  101.228417][ T6482] smbdirect: ib_dev[syz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32
[  101.234141][ T6482] smbdirect: ib_dev[syz0]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005
[  101.261234][ T6482] RDS/IB: syz0: added
[  101.262892][ T6482] smc: adding ib device syz0 with port count 1
[  101.265336][ T6482] smc:    ib device syz0 port 1 has no pnetid
[  101.380747][  T217] bridge_slave_1: left allmulticast mode
[  101.384096][  T217] bridge_slave_1: left promiscuous mode
[  101.388033][  T217] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.398699][  T217] bridge_slave_0: left allmulticast mode
[  101.401285][  T217] bridge_slave_0: left promiscuous mode
[  101.408344][  T217] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.541952][  T217] gretap0 (unregistering): left promiscuous mode
[  101.546754][  T217] batman_adv: batadv0: Removing interface: gretap1
[  101.632979][  T217] bond0 (unregistering): left promiscuous mode
[  101.636249][  T217] bond_slave_0: left promiscuous mode
[  101.638372][  T217] bond_slave_1: left promiscuous mode
[  101.648457][  T217] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  101.656979][  T217] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  101.661603][  T217] bond0 (unregistering): Released all slaves
[  101.681220][ T6479] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.694954][ T6479] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.712506][ T6479] team0: Port device team_slave_0 added
[  101.720012][ T6479] team0: Port device team_slave_1 added
[  101.770863][ T6479] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.773655][ T6479] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.782712][ T6479] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.793570][ T6479] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.796483][ T6479] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.807645][ T6479] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.866147][ T6479] hsr_slave_0: entered promiscuous mode
[  101.868705][ T6479] hsr_slave_1: entered promiscuous mode
[  101.871080][ T6479] debugfs: 'hsr0' already exists in 'hsr'
[  101.873350][ T6479] Cannot create hsr debugfs directory
[  102.021290][ T6479] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  102.028544][ T6479] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  102.033016][ T5668] 8021q: adding VLAN 0 to HW filter on device eth3
[  102.039086][ T6479] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  102.047763][ T6479] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  102.050661][ T6479] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  102.057445][ T6479] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  102.074568][ T6479] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  102.084953][ T6479] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  102.106625][ T6514] gre0: left promiscuous mode
[  102.108332][ T6514] gre0: left allmulticast mode
[  102.143500][ T6514] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.147837][ T6514] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.163332][ T5317] Bluetooth: hci1: command tx timeout
[  102.200981][ T6514] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  102.212752][ T6514] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  102.312264][ T6514] gretap1: left promiscuous mode
[  102.319743][   T14] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  102.322736][   T14] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  102.339347][   T14] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  102.343378][   T14] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  102.373870][ T6479] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.382406][ T6479] 8021q: adding VLAN 0 to HW filter on device team0
[  102.394265][   T14] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.397401][   T14] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.406276][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.409402][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.449044][ T6479] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  102.496140][ T5668] 8021q: adding VLAN 0 to HW filter on device eth2
[  102.581529][ T6479] 8021q: adding VLAN 0 to HW filter on device batadv0
[  102.632630][ T6548] netlink: 4 bytes leftover after parsing attributes in process `syz.0.104'.
[  102.657592][ T6548] netlink: 12 bytes leftover after parsing attributes in process `syz.0.104'.
[  102.678222][ T5668] 8021q: adding VLAN 0 to HW filter on device eth4
[  102.884156][ T6562] netlink: 'syz.1.106': attribute type 10 has an invalid length.
[  102.885846][  T217] hsr_slave_0: left promiscuous mode
[  102.890847][  T217] hsr_slave_1: left promiscuous mode
[  102.897334][  T217] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  102.900044][  T217] batman_adv: batadv0: Removing interface: batadv_slave_0
[  102.905351][  T217] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  102.908994][  T217] batman_adv: batadv0: Removing interface: batadv_slave_1
[  102.921409][  T217] veth1_macvtap: left promiscuous mode
[  102.923945][  T217] veth0_macvtap: left promiscuous mode
[  102.927361][  T217] veth1_vlan: left promiscuous mode
[  102.930877][  T217] veth0_vlan: left promiscuous mode
[  103.198457][  T217] team0 (unregistering): Port device team_slave_1 removed
[  103.208091][  T217] team0 (unregistering): Port device team_slave_0 removed
[  103.297172][ T6562] syz_tun: entered promiscuous mode
[  103.333160][ T6562] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  103.404377][ T6479] veth0_vlan: entered promiscuous mode
[  103.425727][ T6479] veth1_vlan: entered promiscuous mode
[  103.473845][ T6479] veth0_macvtap: entered promiscuous mode
[  103.486264][ T6479] veth1_macvtap: entered promiscuous mode
[  103.497743][ T6479] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.506237][ T6479] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.517135][   T59] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.528682][   T59] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.540692][   T59] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.550195][   T59] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.953941][ T5668] 8021q: adding VLAN 0 to HW filter on device eth5
[  104.233297][ T5317] Bluetooth: hci1: command tx timeout
[  104.246386][   T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.250521][   T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.272887][   T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.277015][   T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.178665][ T6589] bond_slave_0: entered promiscuous mode
[  105.181686][ T6589] bond_slave_1: entered promiscuous mode
[  105.209411][ T6589] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  105.219755][ T6589] team0: Port device macvlan2 added
[  105.472540][ T6594] netlink: 4 bytes leftover after parsing attributes in process `syz.4.110'.
[  105.976812][ T6615] overlay: Unknown parameter 'fsuuid'
[  106.313329][ T5317] Bluetooth: hci1: command tx timeout
[  106.802342][ T6620] netlink: 'syz.3.116': attribute type 10 has an invalid length.
[  106.832612][ T6620] syz_tun: entered promiscuous mode
[  106.910927][ T6620] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  107.294915][ T6623] netlink: 'syz.1.117': attribute type 10 has an invalid length.
[  108.026397][ T6630] bridge1: entered promiscuous mode
[  108.028249][ T6630] bridge1: entered allmulticast mode
[  108.586799][ T6636] netlink: 4 bytes leftover after parsing attributes in process `syz.0.120'.
[  108.633881][ T5317] Bluetooth: hci1: command tx timeout
[  108.688973][ T6636] netlink: 12 bytes leftover after parsing attributes in process `syz.0.120'.
[  110.235288][ T6307] block nbd0: Connection timed out, retrying (0/2 alive)
[  110.242627][ T6307] block nbd0: Dead connection, failed to find a fallback
[  110.246250][ T6307] block nbd0: shutting down sockets
[  110.249707][ T6307] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.255200][ T6307] Buffer I/O error on dev nbd0, logical block 0, async page read
[  110.260686][ T5970] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.267214][ T5970] Buffer I/O error on dev nbd0, logical block 0, async page read
[  110.276953][ T5970] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.280904][ T5970] Buffer I/O error on dev nbd0, logical block 0, async page read
[  110.284819][ T5970] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.288624][ T5970] Buffer I/O error on dev nbd0, logical block 0, async page read
[  110.292039][ T5970] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.296008][ T5970] Buffer I/O error on dev nbd0, logical block 0, async page read
[  110.300888][ T5970] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.305124][ T5970] Buffer I/O error on dev nbd0, logical block 0, async page read
[  110.308535][ T5970] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.312320][ T5970] Buffer I/O error on dev nbd0, logical block 0, async page read
[  110.315969][ T5970] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.320115][ T5970] Buffer I/O error on dev nbd0, logical block 0, async page read
[  110.323800][ T5970] ldm_validate_partition_table(): Disk read failed.
[  110.327089][ T5970] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.330867][ T5970] Buffer I/O error on dev nbd0, logical block 0, async page read
[  110.334484][ T5970] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.338326][ T5970] Buffer I/O error on dev nbd0, logical block 0, async page read
[  110.342444][ T5970] Dev nbd0: unable to read RDB block 0
[  110.345617][ T5970]  nbd0: unable to read partition table
[  110.359519][ T5970] ldm_validate_partition_table(): Disk read failed.
[  110.363415][ T5970] Dev nbd0: unable to read RDB block 0
[  110.366189][ T5970]  nbd0: unable to read partition table
[  110.455193][ T5970] ldm_validate_partition_table(): Disk read failed.
[  110.461498][ T5970] Dev nbd0: unable to read RDB block 0
[  110.466543][ T5970]  nbd0: unable to read partition table
[  110.960675][ T6650] v: renamed from ip6_vti0 (while UP)
[  112.080957][ T6663] process 'syz.3.126' launched './file1' with NULL argv: empty string added
[  112.857482][ T6672] netlink: 16 bytes leftover after parsing attributes in process `syz.0.127'.
[  112.899112][ T6671] gretap1: entered promiscuous mode
[  112.922317][ T6671] batman_adv: batadv0: Adding interface: gretap1
[  112.927139][ T6671] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500.
[  112.946133][ T6671] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active
[  113.067213][ T6030] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  113.224508][ T6030] usb 8-1: Using ep0 maxpacket: 8
[  113.232726][ T6030] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  113.237324][ T6030] usb 8-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  113.242089][ T6030] usb 8-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  113.247825][ T6030] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  113.251525][ T6030] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  113.326029][ T6030] usbtmc 8-1:16.0: bulk endpoints not found
[  113.708043][ T6690] overlay: Unknown parameter 'fsuuid'
[  113.823537][ T6691] gre0: entered promiscuous mode
[  113.837407][ T6691] gre0: entered allmulticast mode
[  115.002711][ T6705] netlink: 4 bytes leftover after parsing attributes in process `syz.1.131'.
[  115.011687][ T6705] netlink: 12 bytes leftover after parsing attributes in process `syz.1.131'.
[  115.744903][ T6030] usb 8-1: USB disconnect, device number 3
[  115.951134][ T6728] binder: 6714:6728 ioctl c0306201 80000640 returned -22
[  116.709622][ T6736] program syz.0.137 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  117.013244][   T34] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  117.036300][ T6752] overlay: Unknown parameter 'fsuuid'
[  117.047317][ T6752] gre0: entered promiscuous mode
[  117.049781][ T6752] gre0: entered allmulticast mode
[  117.164617][   T34] usb 5-1: config 0 has no interfaces?
[  117.167796][   T34] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  117.184031][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.254922][   T34] usb 5-1: config 0 descriptor??
qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0xa8000)
[  117.334749][ T1126] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  117.338160][ T1126] ata1: failed to read log page 10h (errno=-5)
[  117.340871][ T1126] ata1.00: exception Emask 0x1 SAct 0x40000000 SErr 0x0 action 0x0
[  117.349163][ T1126] ata1.00: irq_stat 0x40000008
[  117.359357][ T1126] ata1.00: failed command: READ FPDMA QUEUED
[  117.376053][ T1126] ata1.00: cmd 60/40:f0:ee:3a:01/05:00:00:00:00/40 tag 30 ncq dma 688128 in
[  117.376053][ T1126]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  117.444895][ T1126] ata1.00: status: { DRDY }
[  117.462478][ T1126] ata1.00: error: { ABRT }
[  117.471547][ T1126] ata1.00: configured for UDMA/100
[  117.476613][ T1126] sd 0:0:0:0: [sda] tag#30 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[  117.483381][ T1126] sd 0:0:0:0: [sda] tag#30 Sense Key : Aborted Command [current] 
[  117.493213][ T1126] sd 0:0:0:0: [sda] tag#30 Add. Sense: No additional sense information
[  117.502631][ T1126] sd 0:0:0:0: [sda] tag#30 CDB: Read(10) 28 00 00 01 3a ee 00 05 40 00
[  117.513815][ T1126] blk_print_req_error: 48 callbacks suppressed
[  117.513835][ T1126] I/O error, dev sda, sector 80622 op 0x0:(READ) flags 0x84700 phys_seg 168 prio class 2
[  117.534580][ T6374] usb 5-1: USB disconnect, device number 2
[  117.539086][ T1126] ata1: EH complete
[  119.324853][ T6772] netlink: 'syz.4.147': attribute type 10 has an invalid length.
[  120.088842][ T6772] syz_tun: entered promiscuous mode
[  120.159930][ T6769] netlink: 4 bytes leftover after parsing attributes in process `syz.0.146'.
[  120.169913][ T6769] netlink: 12 bytes leftover after parsing attributes in process `syz.0.146'.
[  120.195212][ T6772] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  120.393617][ T5317] Bluetooth: hci2: unexpected event 0x18 length: 247 > 23
[  122.954991][ T6815] netlink: 32 bytes leftover after parsing attributes in process `syz.1.158'.
[  122.976670][ T6815] netlink: 'syz.1.158': attribute type 10 has an invalid length.
[  124.132580][ T6819] netlink: 32 bytes leftover after parsing attributes in process `syz.0.159'.
[  124.148737][ T6819] netlink: 'syz.0.159': attribute type 10 has an invalid length.
[  124.151588][ T6819] syz_tun: entered promiscuous mode
[  124.186131][ T6819] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  125.894382][ T6838] Zero length message leads to an empty skb
[  126.051451][ T6842] Driver unsupported XDP return value 0 on prog  (id 9) dev N/A, expect packet loss!
[  126.233214][ T6844] syz0: rxe_newlink: already configured on bridge_slave_1
[  127.113248][ T5317] Bluetooth: hci2: command 0x0406 tx timeout
[  127.353406][ T6852] netlink: 32 bytes leftover after parsing attributes in process `syz.0.168'.
[  127.358605][ T6852] netlink: 'syz.0.168': attribute type 10 has an invalid length.
[  130.180944][ T6875] random: crng reseeded on system resumption
[  130.791673][ T6879] 9pnet_virtio: no channels available for device syz
[  131.154848][ T6891] overlay: Unknown parameter 'fsuuid'
[  131.816758][ T6899] netlink: 4 bytes leftover after parsing attributes in process `syz.4.182'.
[  131.829037][ T6899] netlink: 12 bytes leftover after parsing attributes in process `syz.4.182'.
[  133.753252][   T39] audit: type=1800 audit(1776932646.070:2): pid=6917 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.188" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  133.953527][   T54] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  134.124432][   T54] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  134.131993][   T54] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  134.138441][   T54] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  134.149134][   T54] usb 6-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  134.155790][   T54] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.161088][   T54] usb 6-1: Product: syz
[  134.162535][   T54] usb 6-1: Manufacturer: syz
[  134.169054][   T54] usb 6-1: SerialNumber: syz
[  134.273897][   T54] usb 6-1: config 0 descriptor??
[  134.493501][   T54] adutux 6-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  134.708814][   T54] usb 6-1: USB disconnect, device number 2
[  135.625706][ T6926] netlink: 12 bytes leftover after parsing attributes in process `syz.0.190'.
[  136.749830][ T6948] netlink: 12 bytes leftover after parsing attributes in process `syz.0.194'.
[  136.755864][ T6948] netlink: 'syz.0.194': attribute type 10 has an invalid length.
[  136.857337][ T6950] overlayfs: conflicting options: nfs_export=on,index=off
[  137.814511][ T1431] ieee802154 phy0 wpan0: encryption failed: -22
[  137.819599][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[  138.144319][ T6970] netlink: 4 bytes leftover after parsing attributes in process `syz.1.200'.
[  138.155614][ T6970] netlink: 12 bytes leftover after parsing attributes in process `syz.1.200'.
[  140.058465][ T6984] netlink: 12 bytes leftover after parsing attributes in process `syz.3.206'.
[  140.063611][ T6984] netlink: 'syz.3.206': attribute type 10 has an invalid length.
[  140.146533][ T5974] Bluetooth: hci2: unexpected event for opcode 0x0c03
[  140.526008][ T6993] overlayfs: conflicting options: nfs_export=on,index=off
[  141.067493][ T6996] rdma_rxe: rxe_newlink: failed to add bridge_slave_1
[  141.394905][ T6992] rdma_rxe: rxe_newlink: failed to add bridge_slave_1
[  141.552277][ T7007] binder: 7004:7007 ioctl c0306201 80000640 returned -22
[  142.409889][ T7021] random: crng reseeded on system resumption
[  143.937490][ T7025] netlink: 32 bytes leftover after parsing attributes in process `syz.3.218'.
[  147.413289][ T7060] random: crng reseeded on system resumption
[  148.065819][ T7069] netlink: 32 bytes leftover after parsing attributes in process `syz.0.229'.
[  148.660814][ T7076] overlay: Unknown parameter 'fsuuid'
[  149.650426][ T7086] overlayfs: conflicting options: nfs_export=on,index=off
[  150.128022][ T7093] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  151.327942][ T7103] gretap1: entered promiscuous mode
[  151.330144][ T7103] batman_adv: batadv0: Adding interface: gretap1
[  151.332325][ T7103] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500.
[  151.339736][ T7103] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active
[  153.110878][ T7116] binder: 7112:7116 ioctl c0306201 80000640 returned -22
[  153.126969][ T7122] netlink: 32 bytes leftover after parsing attributes in process `syz.3.241'.
[  153.328388][ T7125] FAULT_INJECTION: forcing a failure.
[  153.328388][ T7125] name failslab, interval 1, probability 0, space 0, times 0
[  153.332664][ T7125] CPU: 1 UID: 0 PID: 7125 Comm: syz.0.243 Not tainted syzkaller #0 PREEMPT(full) 
[  153.332679][ T7125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  153.332686][ T7125] Call Trace:
[  153.332690][ T7125]  <TASK>
[  153.332695][ T7125]  dump_stack_lvl+0x100/0x190
[  153.332714][ T7125]  should_fail_ex.cold+0x5/0xa
[  153.332728][ T7125]  should_failslab+0xc2/0x120
[  153.332742][ T7125]  kmem_cache_alloc_lru_noprof+0x80/0x6e0
[  153.332763][ T7125]  ? __d_alloc+0x34/0xa40
[  153.332781][ T7125]  __d_alloc+0x34/0xa40
[  153.332794][ T7125]  ? kmem_cache_alloc_noprof+0x292/0x6e0
[  153.332809][ T7125]  ? security_inode_alloc+0x3b/0x2c0
[  153.332826][ T7125]  d_alloc_pseudo+0x1c/0xc0
[  153.332836][ T7125]  alloc_file_pseudo+0xcf/0x230
[  153.332853][ T7125]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  153.332867][ T7125]  ? inode_init_always_gfp+0xce1/0x1000
[  153.332883][ T7125]  sock_alloc_file+0x50/0x210
[  153.332897][ T7125]  do_accept+0x242/0x530
[  153.332913][ T7125]  ? do_raw_spin_lock+0x128/0x260
[  153.332927][ T7125]  ? __pfx_do_accept+0x10/0x10
[  153.332950][ T7125]  __sys_accept4+0x108/0x200
[  153.332966][ T7125]  ? __pfx___sys_accept4+0x10/0x10
[  153.332982][ T7125]  ? ksys_write+0x1ac/0x250
[  153.332996][ T7125]  __ia32_sys_accept4+0x94/0x100
[  153.333013][ T7125]  ? lockdep_hardirqs_on+0x78/0x100
[  153.333030][ T7125]  __do_fast_syscall_32+0xe7/0x950
[  153.333052][ T7125]  ? lockdep_hardirqs_on+0x78/0x100
[  153.333069][ T7125]  do_fast_syscall_32+0x32/0x70
[  153.333079][ T7125]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  153.333093][ T7125] RIP: 0023:0xf7f15fcc
[  153.333103][ T7125] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  153.333113][ T7125] RSP: 002b:00000000f53d650c EFLAGS: 00000292 ORIG_RAX: 000000000000016c
[  153.333125][ T7125] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000
[  153.333131][ T7125] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000000000000000
[  153.333137][ T7125] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  153.333143][ T7125] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  153.333148][ T7125] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  153.333161][ T7125]  </TASK>
[  153.601620][ T7137] netlink: 12 bytes leftover after parsing attributes in process `syz.1.245'.
[  153.817497][ T7137] netlink: 12 bytes leftover after parsing attributes in process `syz.1.245'.
[  153.870985][ T7150] netlink: 4 bytes leftover after parsing attributes in process `syz.0.247'.
[  153.878988][ T7150] netlink: 12 bytes leftover after parsing attributes in process `syz.0.247'.
[  153.922402][ T7137] netlink: 12 bytes leftover after parsing attributes in process `syz.1.245'.
[  154.386312][ T6030] IPVS: starting estimator thread 0...
[  154.486151][ T7158] IPVS: using max 45 ests per chain, 108000 per kthread
[  156.156521][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  156.413397][ T1035] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  156.553254][ T1035] usb 5-1: device descriptor read/64, error -71
[  156.803374][ T1035] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  157.182545][ T6030] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  157.253192][ T1035] usb 5-1: device descriptor read/64, error -71
[  157.333286][ T6030] usb 8-1: Using ep0 maxpacket: 8
[  157.336963][ T6030] usb 8-1: config 0 has an invalid interface number: 55 but max is 0
[  157.340572][ T6030] usb 8-1: config 0 has no interface number 0
[  157.344182][ T6030] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  157.348836][ T6030] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  157.355820][ T6030] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  157.362178][ T6030] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  157.368096][ T6030] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  157.371621][ T6030] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.376803][ T1035] usb usb5-port1: attempt power cycle
[  157.382010][ T6030] usb 8-1: config 0 descriptor??
[  157.400825][ T6030] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  157.487967][ T7178] netlink: 32 bytes leftover after parsing attributes in process `syz.1.254'.
[  157.799795][    C1] ldusb 8-1:0.55: usb_submit_urb failed (-1)
[  157.812598][  T840] usb 8-1: USB disconnect, device number 4
[  158.022996][  T840] ldusb 8-1:0.55: LD USB Device #0 now disconnected
[  158.684309][ T1035] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  158.718778][ T1035] usb 5-1: device descriptor read/8, error -71
[  158.956021][ T1035] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  158.976034][ T1035] usb 5-1: device descriptor read/8, error -71
[  159.093924][ T1035] usb usb5-port1: unable to enumerate USB device
[  159.478467][ T7195] netlink: 12 bytes leftover after parsing attributes in process `syz.0.258'.
[  159.744740][ T7195] netlink: 12 bytes leftover after parsing attributes in process `syz.0.258'.
[  159.855734][ T7195] netlink: 12 bytes leftover after parsing attributes in process `syz.0.258'.
[  161.483356][ T6030] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  161.633255][ T6030] usb 8-1: Using ep0 maxpacket: 32
[  161.640665][ T6030] usb 8-1: config index 0 descriptor too short (expected 35577, got 27)
[  161.645138][ T6030] usb 8-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  161.649058][ T6030] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  161.653900][ T6030] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 92
[  161.658868][ T6030] usb 8-1: config 1 has no interface number 0
[  161.662214][ T6030] usb 8-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  161.666941][ T6030] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.681208][ T6030] snd_usb_pod 8-1:1.1: Line 6 Pocket POD found
[  161.898887][ T6030] snd_usb_pod 8-1:1.1: set_interface failed
[  161.906150][ T7218] sctp: [Deprecated]: syz.1.262 (pid 7218) Use of int in max_burst socket option deprecated.
[  161.906150][ T7218] Use struct sctp_assoc_value instead
[  161.918341][ T6030] snd_usb_pod 8-1:1.1: Line 6 Pocket POD now disconnected
[  161.926707][ T6030] snd_usb_pod 8-1:1.1: probe with driver snd_usb_pod failed with error -71
[  161.942867][ T6030] usb 8-1: USB disconnect, device number 5
[  161.949567][  T840] libceph: connect (1)[c::]:6789 error -101
[  161.955628][  T840] libceph: mon0 (1)[c::]:6789 connect error
[  161.961375][  T840] libceph: connect (1)[c::]:6789 error -101
[  161.963595][  T840] libceph: mon0 (1)[c::]:6789 connect error
[  162.099443][ T7215] ceph: No mds server is up or the cluster is laggy
[  162.103358][ T7225] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  162.106757][ T7225] overlayfs: overlapping lowerdir path
[  162.159307][ T7226] netlink: 4 bytes leftover after parsing attributes in process `syz.0.263'.
[  162.164733][ T7226] netlink: 12 bytes leftover after parsing attributes in process `syz.0.263'.
[  162.351172][ T7230] netlink: 32 bytes leftover after parsing attributes in process `syz.1.264'.
[  164.092400][ T7243] rdma_rxe: rxe_newlink: failed to add bridge_slave_1
[  164.386333][ T7252] netlink: 12 bytes leftover after parsing attributes in process `syz.3.269'.
[  164.467160][ T7255] netlink: 'syz.3.269': attribute type 8 has an invalid length.
[  164.473183][ T7255] netlink: 4 bytes leftover after parsing attributes in process `syz.3.269'.
[  164.483183][ T7252] netlink: 12 bytes leftover after parsing attributes in process `syz.3.269'.
[  168.834934][ T7294] netlink: 4 bytes leftover after parsing attributes in process `syz.3.276'.
[  168.840091][ T7294] netlink: 12 bytes leftover after parsing attributes in process `syz.3.276'.
[  169.907401][ T7300] syz0: rxe_newlink: already configured on bridge_slave_1
[  169.934713][ T7302] random: crng reseeded on system resumption
[  170.391604][ T7312] overlay: Unknown parameter 'fsuuid'
[  170.765279][ T5974] Bluetooth: hci2: unexpected event for opcode 0x0c03
[  170.837734][ T7319] netlink: 12 bytes leftover after parsing attributes in process `syz.4.284'.
[  170.917496][ T7323] netlink: 'syz.4.284': attribute type 8 has an invalid length.
[  170.922098][ T7323] netlink: 4 bytes leftover after parsing attributes in process `syz.4.284'.
[  170.936550][ T7319] netlink: 12 bytes leftover after parsing attributes in process `syz.4.284'.
[  171.050707][ T7319] netlink: 12 bytes leftover after parsing attributes in process `syz.4.284'.
[  173.253261][ T7347] netlink: 4 bytes leftover after parsing attributes in process `syz.3.290'.
[  173.259568][ T7347] netlink: 12 bytes leftover after parsing attributes in process `syz.3.290'.
[  175.859313][ T7370] netlink: 12 bytes leftover after parsing attributes in process `syz.0.297'.
[  175.946368][ T7372] netlink: 'syz.0.297': attribute type 8 has an invalid length.
[  175.952246][ T7372] netlink: 4 bytes leftover after parsing attributes in process `syz.0.297'.
[  175.975091][ T7370] netlink: 12 bytes leftover after parsing attributes in process `syz.0.297'.
[  176.193228][ T7370] netlink: 12 bytes leftover after parsing attributes in process `syz.0.297'.
[  176.344885][ T7378] netlink: 32 bytes leftover after parsing attributes in process `syz.3.298'.
[  176.374120][ T7380] syzkaller0: entered promiscuous mode
[  176.375821][ T7380] syzkaller0: entered allmulticast mode
[  177.273891][ T6050] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  177.505846][ T6050] usb 6-1: Using ep0 maxpacket: 8
[  177.685241][ T7402] netlink: 4 bytes leftover after parsing attributes in process `syz.0.303'.
[  177.697620][ T7402] netlink: 12 bytes leftover after parsing attributes in process `syz.0.303'.
[  177.818671][ T6050] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  177.821774][ T6050] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  177.836200][ T6050] usb 6-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  177.882856][ T6050] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  177.896008][ T6050] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.674830][ T6050] usbtmc 6-1:16.0: bulk endpoints not found
[  180.152604][ T7414] 9p: Bad value for 'rfdno'
[  180.175742][ T6050] usb 6-1: USB disconnect, device number 3
[  180.443508][ T7421] random: crng reseeded on system resumption
[  180.505223][  T854] IPVS: starting estimator thread 0...
[  180.607179][ T7429] IPVS: using max 27 ests per chain, 64800 per kthread
[  180.677404][ T7433] netlink: 32 bytes leftover after parsing attributes in process `syz.0.313'.
[  184.633477][ T6045] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  184.783165][ T6045] usb 6-1: Using ep0 maxpacket: 8
[  184.790269][ T6045] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  184.793905][ T6045] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  184.798192][ T6045] usb 6-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  184.803019][ T6045] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  184.808058][ T6045] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.816783][ T6045] usbtmc 6-1:16.0: bulk endpoints not found
[  185.993795][ T5317] Bluetooth: hci3: command 0x0406 tx timeout
[  185.997483][   T62] Bluetooth: hci0: command 0x0406 tx timeout
[  187.103122][ T7487] overlay: Unknown parameter 'fsuuid'
[  187.116337][   T50] usb 6-1: USB disconnect, device number 4
[  187.589161][ T7499] overlay: Unknown parameter 'fsuuid'
[  189.645376][ T7520] FAULT_INJECTION: forcing a failure.
[  189.645376][ T7520] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  189.655992][ T7520] CPU: 3 UID: 0 PID: 7520 Comm: syz.3.335 Not tainted syzkaller #0 PREEMPT(full) 
[  189.656019][ T7520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  189.656028][ T7520] Call Trace:
[  189.656034][ T7520]  <TASK>
[  189.656041][ T7520]  dump_stack_lvl+0x100/0x190
[  189.656069][ T7520]  should_fail_ex.cold+0x5/0xa
[  189.656090][ T7520]  _copy_to_user+0x32/0xd0
[  189.656116][ T7520]  simple_read_from_buffer+0xcb/0x170
[  189.656138][ T7520]  proc_fail_nth_read+0x1af/0x230
[  189.656165][ T7520]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  189.656189][ T7520]  ? rw_verify_area+0xce/0x6d0
[  189.656205][ T7520]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  189.656228][ T7520]  vfs_read+0x1e4/0xb30
[  189.656250][ T7520]  ? __pfx_vfs_read+0x10/0x10
[  189.656282][ T7520]  ? find_held_lock+0x2b/0x80
[  189.656305][ T7520]  ? __fget_files+0x215/0x3d0
[  189.656328][ T7520]  ? __fget_files+0x21f/0x3d0
[  189.656352][ T7520]  ksys_read+0x12a/0x250
[  189.656369][ T7520]  ? __pfx_ksys_read+0x10/0x10
[  189.656385][ T7520]  ? rcu_is_watching+0x12/0xc0
[  189.656406][ T7520]  ? rcu_is_watching+0x12/0xc0
[  189.656428][ T7520]  do_int80_emulation+0x141/0x700
[  189.656447][ T7520]  asm_int80_emulation+0x1a/0x20
[  189.656464][ T7520] RIP: 0023:0xf71e5cab
[  189.656478][ T7520] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  189.656493][ T7520] RSP: 002b:00000000f547c4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  189.656510][ T7520] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f547c5d0
[  189.656520][ T7520] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  189.656529][ T7520] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  189.656537][ T7520] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  189.656546][ T7520] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  189.656567][ T7520]  </TASK>
[  190.516823][   T50] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  190.763525][   T50] usb 9-1: Using ep0 maxpacket: 8
[  190.830506][   T50] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[  190.853454][   T50] usb 9-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  190.899765][   T50] usb 9-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  191.060260][   T50] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  191.097983][   T50] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.314508][   T50] usbtmc 9-1:16.0: bulk endpoints not found
[  191.909362][ T7536] netlink: 12 bytes leftover after parsing attributes in process `syz.3.340'.
[  192.040497][ T7537] netlink: 8 bytes leftover after parsing attributes in process `syz.3.340'.
[  192.886898][ T7532] netlink: 32 bytes leftover after parsing attributes in process `syz.1.339'.
[  193.059685][   T34] usb 9-1: USB disconnect, device number 2
[  193.175084][ T7550] netlink: 12 bytes leftover after parsing attributes in process `syz.0.341'.
[  193.200216][ T7550] netlink: 12 bytes leftover after parsing attributes in process `syz.0.341'.
[  193.274175][ T7555] netlink: 8 bytes leftover after parsing attributes in process `syz.0.341'.
[  193.300830][ T7550] netlink: 12 bytes leftover after parsing attributes in process `syz.0.341'.
[  193.934975][ T7559] netlink: 32 bytes leftover after parsing attributes in process `syz.1.344'.
[  194.579980][ T7565] random: crng reseeded on system resumption
[  195.084932][ T5974] Bluetooth: hci0: unexpected event for opcode 0x0c03
[  195.347192][ T7578] netfs: Couldn't get user pages (rc=-14)
[  195.706104][ T7587] netfs: Couldn't get user pages (rc=-14)
[  195.822661][ T7591] netlink: 32 bytes leftover after parsing attributes in process `syz.0.352'.
[  196.572383][ T7593] netfs: Couldn't get user pages (rc=-14)
[  198.042123][ T7621] netfs: Couldn't get user pages (rc=-14)
[  198.146579][ T7627] SET target dimension over the limit!
[  198.770754][ T7629] netlink: 12 bytes leftover after parsing attributes in process `syz.3.363'.
[  199.200470][ T1431] ieee802154 phy0 wpan0: encryption failed: -22
[  199.202785][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[  200.292652][ T7647] netlink: 'syz.4.368': attribute type 39 has an invalid length.
[  200.321146][ T5974] Bluetooth: hci0: unexpected event for opcode 0x0c03
[  200.432249][ T7650] binder: 7646:7650 ioctl c0285840 80000000 returned -22
[  203.304991][ T7675] overlay: Unknown parameter 'fsuuid'
[  205.389340][ T7698] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  207.703506][ T7725] binder: 7722:7725 ioctl c0306201 80000640 returned -22
[  207.769018][ T7729] netlink: 12 bytes leftover after parsing attributes in process `syz.3.389'.
[  207.946693][ T7731] netlink: 8 bytes leftover after parsing attributes in process `syz.3.389'.
[  207.983666][ T7729] netlink: 12 bytes leftover after parsing attributes in process `syz.3.389'.
[  208.173585][ T7729] netlink: 12 bytes leftover after parsing attributes in process `syz.3.389'.
[  209.126440][ T7743] random: crng reseeded on system resumption
[  212.174040][ T7774] mmap: syz.4.402 (7774) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  212.208365][ T7771] netlink: 32 bytes leftover after parsing attributes in process `syz.0.398'.
[  212.628442][ T7779] capability: warning: `syz.0.403' uses deprecated v2 capabilities in a way that may be insecure
[  212.935858][ T7789] random: crng reseeded on system resumption
[  214.012296][ T7787] netfs: Couldn't get user pages (rc=-14)
[  214.038158][ T7793] binder: 7790:7793 ioctl c0306201 80000640 returned -22
[  214.314601][ T7798] overlay: Unknown parameter 'fsuuid'
[  214.831714][ T7803] netlink: 32 bytes leftover after parsing attributes in process `syz.4.411'.
[  214.900755][ T7805] FAULT_INJECTION: forcing a failure.
[  214.900755][ T7805] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  214.917074][ T7805] CPU: 0 UID: 0 PID: 7805 Comm: syz.0.412 Not tainted syzkaller #0 PREEMPT(full) 
[  214.917138][ T7805] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  214.917149][ T7805] Call Trace:
[  214.917156][ T7805]  <TASK>
[  214.917164][ T7805]  dump_stack_lvl+0x100/0x190
[  214.917196][ T7805]  should_fail_ex.cold+0x5/0xa
[  214.917223][ T7805]  _copy_from_iter+0x1f4/0x1690
[  214.917261][ T7805]  ? __pfx__copy_from_iter+0x10/0x10
[  214.917288][ T7805]  ? __asan_memset+0x23/0x50
[  214.917319][ T7805]  ? __alloc_skb+0x4e9/0x710
[  214.917340][ T7805]  ? __pfx___alloc_skb+0x10/0x10
[  214.917358][ T7805]  ? __pfx__copy_from_iter+0x10/0x10
[  214.917388][ T7805]  skb_copy_datagram_from_iter+0x11f/0x720
[  214.917425][ T7805]  tun_get_user+0x1889/0x3c20
[  214.917463][ T7805]  ? __pfx_tun_get_user+0x10/0x10
[  214.917490][ T7805]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  214.917519][ T7805]  ? find_held_lock+0x2b/0x80
[  214.917544][ T7805]  ? tun_get+0x191/0x370
[  214.917564][ T7805]  ? tun_get+0x191/0x370
[  214.917592][ T7805]  tun_chr_write_iter+0xdc/0x200
[  214.917619][ T7805]  vfs_write+0x6ac/0x1070
[  214.917642][ T7805]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  214.917669][ T7805]  ? __pfx_vfs_write+0x10/0x10
[  214.917691][ T7805]  ? find_held_lock+0x2b/0x80
[  214.917732][ T7805]  ksys_write+0x12a/0x250
[  214.917752][ T7805]  ? __pfx_ksys_write+0x10/0x10
[  214.917774][ T7805]  ? rcu_is_watching+0x12/0xc0
[  214.917802][ T7805]  __do_fast_syscall_32+0xe7/0x950
[  214.917826][ T7805]  do_fast_syscall_32+0x32/0x70
[  214.917844][ T7805]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  214.917867][ T7805] RIP: 0023:0xf7f15fcc
[  214.917883][ T7805] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  214.917901][ T7805] RSP: 002b:00000000f53d650c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  214.917920][ T7805] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000200
[  214.917931][ T7805] RDX: 0000000000000046 RSI: 0000000000000000 RDI: 0000000000000000
[  214.917942][ T7805] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  214.917952][ T7805] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  214.917962][ T7805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  214.917987][ T7805]  </TASK>
[  215.531247][ T7817] syz0: rxe_newlink: already configured on bridge_slave_1
[  215.580612][ T7814] FAULT_INJECTION: forcing a failure.
[  215.580612][ T7814] name failslab, interval 1, probability 0, space 0, times 0
[  215.586208][ T7814] CPU: 1 UID: 0 PID: 7814 Comm: syz.0.414 Not tainted syzkaller #0 PREEMPT(full) 
[  215.586225][ T7814] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  215.586232][ T7814] Call Trace:
[  215.586237][ T7814]  <TASK>
[  215.586242][ T7814]  dump_stack_lvl+0x100/0x190
[  215.586261][ T7814]  should_fail_ex.cold+0x5/0xa
[  215.586276][ T7814]  should_failslab+0xc2/0x120
[  215.586289][ T7814]  __kmalloc_cache_noprof+0x7a/0x6f0
[  215.586305][ T7814]  ? tcp_sendmsg_fastopen+0x24d/0x750
[  215.586325][ T7814]  tcp_sendmsg_fastopen+0x24d/0x750
[  215.586344][ T7814]  tcp_sendmsg_locked+0x27bb/0x4500
[  215.586362][ T7814]  ? __lock_acquire+0x4a5/0x2630
[  215.586374][ T7814]  ? __pfx___might_resched+0x10/0x10
[  215.586387][ T7814]  ? __lock_acquire+0x4a5/0x2630
[  215.586397][ T7814]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  215.586413][ T7814]  ? do_raw_spin_lock+0x128/0x260
[  215.586425][ T7814]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  215.586445][ T7814]  ? __local_bh_enable_ip+0x9e/0x120
[  215.586461][ T7814]  tcp_sendmsg+0x2e/0x50
[  215.586475][ T7814]  ? __pfx_tcp_sendmsg+0x10/0x10
[  215.586490][ T7814]  inet6_sendmsg+0xb9/0x140
[  215.586503][ T7814]  ____sys_sendmsg+0x704/0xb70
[  215.586521][ T7814]  ? __pfx_____sys_sendmsg+0x10/0x10
[  215.586537][ T7814]  ? _kstrtoull+0x13c/0x1f0
[  215.586549][ T7814]  ? __pfx__kstrtoull+0x10/0x10
[  215.586561][ T7814]  ___sys_sendmsg+0x190/0x1e0
[  215.586577][ T7814]  ? __pfx____sys_sendmsg+0x10/0x10
[  215.586591][ T7814]  ? __lock_acquire+0x4a5/0x2630
[  215.586615][ T7814]  __sys_sendmmsg+0x2ff/0x430
[  215.586628][ T7814]  ? __pfx___sys_sendmmsg+0x10/0x10
[  215.586643][ T7814]  ? __fget_files+0x215/0x3d0
[  215.586662][ T7814]  ? fput+0x79/0x100
[  215.586677][ T7814]  ? ksys_write+0x1ac/0x250
[  215.586690][ T7814]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  215.586704][ T7814]  ? lockdep_hardirqs_on+0x78/0x100
[  215.586726][ T7814]  __do_fast_syscall_32+0xe7/0x950
[  215.586739][ T7814]  ? lockdep_hardirqs_on+0x78/0x100
[  215.586762][ T7814]  do_fast_syscall_32+0x32/0x70
[  215.586778][ T7814]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  215.586796][ T7814] RIP: 0023:0xf7f15fcc
[  215.586810][ T7814] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  215.586825][ T7814] RSP: 002b:00000000f53d650c EFLAGS: 00000292 ORIG_RAX: 0000000000000159
[  215.586841][ T7814] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[  215.586851][ T7814] RDX: 0000000000000001 RSI: 0000000020084800 RDI: 0000000000000000
[  215.586859][ T7814] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  215.586868][ T7814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  215.586876][ T7814] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  215.586896][ T7814]  </TASK>
[  215.705817][  T854] ------------[ cut here ]------------
[  215.712476][  T854] [CRTC:37:crtc-0] vblank wait timed out
[  215.715129][  T854] WARNING: drivers/gpu/drm/drm_atomic_helper.c:1921 at drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0, CPU#2: kworker/2:2/854
[  215.721941][  T854] Modules linked in:
[  215.725263][  T854] CPU: 2 UID: 0 PID: 854 Comm: kworker/2:2 Not tainted syzkaller #0 PREEMPT(full) 
[  215.729295][  T854] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  215.734409][  T854] Workqueue: events drm_fb_helper_damage_work
[  215.737289][  T854] RIP: 0010:drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0
[  215.740690][  T854] Code: 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 0f b6 04 01 84 c0 74 08 3c 03 0f 8e 44 01 00 00 48 8d 3d 48 9a 41 0b 8b b3 d0 00 00 00 <67> 48 0f b9 3a e9 e1 fc ff ff e8 13 cf 62 fc e9 7c fe ff ff e8 39
[  215.749791][  T854] RSP: 0018:ffffc900048376e8 EFLAGS: 00010246
[  215.752779][  T854] RAX: 0000000000000000 RBX: ffff8880264b92e0 RCX: 1ffff11004c97276
[  215.756472][  T854] RDX: ffff888025b091e0 RSI: 0000000000000025 RDI: ffffffff90e79240
[  215.759400][  T854] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000
[  215.762732][  T854] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  215.766182][  T854] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888029dd7300
[  215.768898][  T854] FS:  0000000000000000(0000) GS:ffff8880972e2000(0000) knlGS:0000000000000000
[  215.772427][  T854] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  215.775431][  T854] CR2: 00000000f545aff4 CR3: 000000004e7aa000 CR4: 0000000000352ef0
[  215.780247][  T854] Call Trace:
[  215.781514][  T854]  <TASK>
[  215.782580][  T854]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[  215.785645][  T854]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  215.788445][  T854]  ? lockdep_hardirqs_on+0x78/0x100
[  215.790832][  T854]  ? __pfx_autoremove_wake_function+0x10/0x10
[  215.792996][  T854]  ? drm_atomic_helper_commit_hw_done+0x36d/0x490
[  215.795656][  T854]  drm_atomic_helper_commit_tail+0xff/0x130
[  215.798269][  T854]  commit_tail+0x338/0x430
[  215.800197][  T854]  drm_atomic_helper_commit+0x303/0x380
[  215.802667][  T854]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  215.805266][  T854]  drm_atomic_commit+0x230/0x300
[  215.807632][  T854]  ? __pfx_drm_atomic_commit+0x10/0x10
[  215.809989][  T854]  ? __pfx___drm_printfn_info+0x10/0x10
[  215.812317][  T854]  ? drm_mode_object_get+0x108/0x170
[  215.814512][  T854]  drm_atomic_helper_dirtyfb+0x603/0x790
[  215.817168][  T854]  ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[  215.820151][  T854]  ? do_raw_spin_lock+0x128/0x260
[  215.822592][  T854]  ? find_held_lock+0x2b/0x80
[  215.824891][  T854]  ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[  215.828079][  T854]  drm_fbdev_shmem_helper_fb_dirty+0x1cc/0x310
[  215.830760][  T854]  drm_fb_helper_damage_work+0x348/0x640
[  215.833600][  T854]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  215.836462][  T854]  ? rcu_is_watching+0x12/0xc0
[  215.839066][  T854]  process_one_work+0xa0e/0x1980
[  215.841587][  T854]  ? __pfx_process_one_work+0x10/0x10
[  215.843518][  T854]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  215.845483][  T854]  worker_thread+0x5ef/0xe50
[  215.847186][  T854]  ? __pfx_worker_thread+0x10/0x10
[  215.849358][  T854]  ? kthread+0x13a/0x450
[  215.851226][  T854]  ? __pfx_worker_thread+0x10/0x10
[  215.853505][  T854]  kthread+0x370/0x450
[  215.855266][  T854]  ? __pfx_kthread+0x10/0x10
[  215.857433][  T854]  ret_from_fork+0x72b/0xd50
[  215.859609][  T854]  ? __pfx_ret_from_fork+0x10/0x10
[  215.861861][  T854]  ? __switch_to+0x800/0x1100
[  215.863640][  T854]  ? __pfx_kthread+0x10/0x10
[  215.865125][  T854]  ret_from_fork_asm+0x1a/0x30
[  215.867094][  T854]  </TASK>
[  215.868662][  T854] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  215.872461][  T854] CPU: 2 UID: 0 PID: 854 Comm: kworker/2:2 Not tainted syzkaller #0 PREEMPT(full) 
[  215.876344][  T854] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  215.880479][  T854] Workqueue: events drm_fb_helper_damage_work
[  215.883102][  T854] Call Trace:
[  215.884533][  T854]  <TASK>
[  215.885702][  T854]  dump_stack_lvl+0x100/0x190
[  215.887627][  T854]  vpanic+0x552/0x970
[  215.889632][  T854]  ? __pfx_vpanic+0x10/0x10
[  215.892573][  T854]  panic+0xd1/0xe0
[  215.894596][  T854]  ? __pfx_panic+0x10/0x10
[  215.896911][  T854]  ? check_panic_on_warn+0x1f/0x90
[  215.899103][  T854]  check_panic_on_warn.cold+0x19/0x34
[  215.901486][  T854]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0
[  215.904473][  T854]  __warn.cold+0x191/0x328
[  215.906400][  T854]  __report_bug+0x296/0x3d0
[  215.908347][  T854]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0
[  215.911372][  T854]  ? __pfx___report_bug+0x10/0x10
[  215.913277][  T854]  ? report_bug_entry+0x9d/0x290
[  215.915380][  T854]  report_bug_entry+0xe1/0x290
[  215.917633][  T854]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0
[  215.921275][  T854]  handle_bug+0x1cd/0x2a0
[  215.923271][  T854]  exc_invalid_op+0x17/0x50
[  215.925237][  T854]  asm_exc_invalid_op+0x1a/0x20
[  215.927273][  T854] RIP: 0010:drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0
[  215.930462][  T854] Code: 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 0f b6 04 01 84 c0 74 08 3c 03 0f 8e 44 01 00 00 48 8d 3d 48 9a 41 0b 8b b3 d0 00 00 00 <67> 48 0f b9 3a e9 e1 fc ff ff e8 13 cf 62 fc e9 7c fe ff ff e8 39
[  215.938214][  T854] RSP: 0018:ffffc900048376e8 EFLAGS: 00010246
[  215.941370][  T854] RAX: 0000000000000000 RBX: ffff8880264b92e0 RCX: 1ffff11004c97276
[  215.944796][  T854] RDX: ffff888025b091e0 RSI: 0000000000000025 RDI: ffffffff90e79240
[  215.948092][  T854] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000
[  215.951087][  T854] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  215.954489][  T854] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888029dd7300
[  215.958492][  T854]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x6e6/0x8a0
[  215.961919][  T854]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[  215.965030][  T854]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  215.967556][  T854]  ? lockdep_hardirqs_on+0x78/0x100
[  215.969909][  T854]  ? __pfx_autoremove_wake_function+0x10/0x10
[  215.972624][  T854]  ? drm_atomic_helper_commit_hw_done+0x36d/0x490
[  215.975740][  T854]  drm_atomic_helper_commit_tail+0xff/0x130
[  215.978985][  T854]  commit_tail+0x338/0x430
[  215.981193][  T854]  drm_atomic_helper_commit+0x303/0x380
[  215.983673][  T854]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  215.986267][  T854]  drm_atomic_commit+0x230/0x300
[  215.988372][  T854]  ? __pfx_drm_atomic_commit+0x10/0x10
[  215.990732][  T854]  ? __pfx___drm_printfn_info+0x10/0x10
[  215.993452][  T854]  ? drm_mode_object_get+0x108/0x170
[  215.995976][  T854]  drm_atomic_helper_dirtyfb+0x603/0x790
[  215.998397][  T854]  ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[  216.001007][  T854]  ? do_raw_spin_lock+0x128/0x260
[  216.003283][  T854]  ? find_held_lock+0x2b/0x80
[  216.005669][  T854]  ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[  216.008864][  T854]  drm_fbdev_shmem_helper_fb_dirty+0x1cc/0x310
[  216.011638][  T854]  drm_fb_helper_damage_work+0x348/0x640
[  216.014028][  T854]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  216.016569][  T854]  ? rcu_is_watching+0x12/0xc0
[  216.018626][  T854]  process_one_work+0xa0e/0x1980
[  216.020825][  T854]  ? __pfx_process_one_work+0x10/0x10
[  216.023648][  T854]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  216.026325][  T854]  worker_thread+0x5ef/0xe50
[  216.028149][  T854]  ? __pfx_worker_thread+0x10/0x10
[  216.030334][  T854]  ? kthread+0x13a/0x450
[  216.032146][  T854]  ? __pfx_worker_thread+0x10/0x10
[  216.034325][  T854]  kthread+0x370/0x450
[  216.036442][  T854]  ? __pfx_kthread+0x10/0x10
[  216.038614][  T854]  ret_from_fork+0x72b/0xd50
[  216.040829][  T854]  ? __pfx_ret_from_fork+0x10/0x10
[  216.043178][  T854]  ? __switch_to+0x800/0x1100
[  216.045200][  T854]  ? __pfx_kthread+0x10/0x10
[  216.047211][  T854]  ret_from_fork_asm+0x1a/0x30
[  216.049382][  T854]  </TASK>
[  216.051653][  T854] Kernel Offset: disabled
[  216.053571][  T854] Rebooting in 86400 seconds..