last executing test programs:

8m21.172258859s ago: executing program 4 (id=5):
inotify_init1(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000340)={0xd, 0x200200090}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
msgsnd(r1, 0x0, 0x401, 0x0)
msgsnd(r1, 0x0, 0x8, 0x800)
msgrcv(r1, 0x0, 0x0, 0x0, 0x1000)
msgctl$IPC_RMID(r1, 0x0)

8m19.341391856s ago: executing program 4 (id=24):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r4, 0x28, 0x6, 0xfffffffffffffffc, &(0x7f0000000000)=0x5e)
r5 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000040)={0x2, 0x0, 0x20})
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, 0x0, 0x0)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r0, 0xda90)

8m14.047911767s ago: executing program 4 (id=31):
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080), 0x2, 0x1}}, 0x20)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000001a300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r4, &(0x7f0000000040)={0x23, 0x1, 0x9, 0xfe}, 0x10)

8m6.517575022s ago: executing program 4 (id=42):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x4)
sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)

8m3.872842937s ago: executing program 4 (id=45):
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000004c0)={0x18}, 0x18)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',gr', @ANYRESDEC=0x0])
write$FUSE_INIT(r2, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x20200}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}]}})
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
writev(r3, &(0x7f0000000000)=[{&(0x7f00000000c0)="14", 0x1f68}], 0x2)

8m2.74082591s ago: executing program 4 (id=50):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xc, 0x86}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_procfs(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000004d00000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/17], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00'}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="4407000026000104001d0cac5a8084d50000ffff", @ANYRES32=0x0, @ANYBLOB="0000000000010000240012800b00010062726964676500001400028006000600060000000600090005000000"], 0x44}}, 0x4048000)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
clock_gettime(0x0, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f00000001c0))
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, 0x0, &(0x7f0000000240))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNDETACHFILTER(r7, 0x401054d6, 0x0)
r8 = openat$cgroup_freezer_state(r6, &(0x7f0000000140), 0x2, 0x0)
write$cgroup_freezer_state(r8, &(0x7f0000000040)='FROZEN\x00', 0x7)
sendfile(r8, r8, 0x0, 0x9)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r4, 0x84, 0x17, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x8)

7m47.581917249s ago: executing program 32 (id=50):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xc, 0x86}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_procfs(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000004d00000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/17], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00'}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="4407000026000104001d0cac5a8084d50000ffff", @ANYRES32=0x0, @ANYBLOB="0000000000010000240012800b00010062726964676500001400028006000600060000000600090005000000"], 0x44}}, 0x4048000)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
clock_gettime(0x0, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f00000001c0))
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, 0x0, &(0x7f0000000240))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNDETACHFILTER(r7, 0x401054d6, 0x0)
r8 = openat$cgroup_freezer_state(r6, &(0x7f0000000140), 0x2, 0x0)
write$cgroup_freezer_state(r8, &(0x7f0000000040)='FROZEN\x00', 0x7)
sendfile(r8, r8, 0x0, 0x9)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r4, 0x84, 0x17, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x8)

7m13.923137245s ago: executing program 3 (id=113):
sched_setscheduler(0x0, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@random="9115463ecc79", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @remote, @remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @remote}}}}, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14)

7m10.840422451s ago: executing program 3 (id=116):
socket$kcm(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
gettid()
openat$sysfs(0xffffffffffffff9c, 0x0, 0x141a82, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x448201, 0x0)
getdents64(r3, 0x0, 0x0)
write$sysctl(r1, &(0x7f0000000000)='2\x00', 0x2)

7m8.350734107s ago: executing program 3 (id=119):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r5, 0x28, 0x6, 0xfffffffffffffffc, &(0x7f0000000000)=0x5e)
r6 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680))
ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000040)={0x2, 0x0, 0x20})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, 0x0, 0x0)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r0, 0xda90)

7m6.111578751s ago: executing program 3 (id=123):
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x800)
socket$kcm(0x11, 0xa, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$alg(0xffffffffffffffff, 0x0, 0x14000012)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$MSR(0x0, 0x547, 0x0)
r1 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x2000000, 0x3a7}, &(0x7f00000001c0)=<r2=>0x0, &(0x7f0000000200)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000240)=0xffff7c00, 0x0, 0x4)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}})
io_uring_enter(r1, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)

7m0.666732253s ago: executing program 3 (id=125):
openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0)
syz_open_dev$vim2m(&(0x7f0000001580), 0x0, 0x2)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
unshare(0x2040400)
getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x9, 0x0, 0x0)
openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xcf)
sendfile(r0, r0, 0x0, 0x280000)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x80000000005, 0x100000001000087}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x14, &(0x7f0000000040)=0x6)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0xc0, 0x61)
mount(&(0x7f0000000500)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0)

6m58.264835269s ago: executing program 3 (id=127):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r4, 0x28, 0x6, 0xfffffffffffffffc, &(0x7f0000000000)=0x5e)
r5 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680))
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_EXPBUF(r5, 0xc0405610, 0x0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, 0x0, 0x0)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r0, 0xda90)

6m42.753222622s ago: executing program 33 (id=127):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r4, 0x28, 0x6, 0xfffffffffffffffc, &(0x7f0000000000)=0x5e)
r5 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680))
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_EXPBUF(r5, 0xc0405610, 0x0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, 0x0, 0x0)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r0, 0xda90)

12.885660387s ago: executing program 6 (id=882):
prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0)
close_range(r1, r1, 0x0)

12.33617939s ago: executing program 2 (id=886):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"])
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, 0x0)
ioctl$KVM_SMI(r2, 0xaeb7)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

12.323610495s ago: executing program 6 (id=888):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000751c0110e60f00979ad1010203010902240001000000000904290202b48cbb0009050402100000fa000905820240"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000b40)={0x44, &(0x7f0000000900)={0x0, 0x14, 0x6, "3d26dae29004"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

11.954695237s ago: executing program 2 (id=892):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)={0x1c, r1, 0x79f70b28a21117bf, 0x70bd2b, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x4000050)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r0)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r0, 0x0, 0x20000000)

11.811114264s ago: executing program 2 (id=893):
syz_usb_connect(0xc, 0x24, &(0x7f0000000100)=ANY=[], 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x80800)
sendmsg$key(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x10}}, 0x8000)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000005980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x804}, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100"})
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, 0x0)
ppoll(&(0x7f0000000000)=[{}], 0x1, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="12000000070000000b000000220000", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x50)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r5, &(0x7f0000000000), 0xd)

11.759964968s ago: executing program 5 (id=894):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x1a3, 0x655c, 0x4, 0x40, 0x7fffffff, 0x7fffffff, 0x80, 0xffffffff, 0x1}}}}]}, 0x58}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0xe}, {0x0, 0x2}, {0x8, 0xffe0}}}, 0x24}}, 0x4000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

10.824069435s ago: executing program 5 (id=898):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2})

10.609456542s ago: executing program 1 (id=899):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
r2 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x0, 0x2, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2f, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, 0x130)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001080)={0x14, 0x38, 0x301, 0x270bd26, 0x25dfdbfa, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8001}, 0x4)

10.367278013s ago: executing program 0 (id=900):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue0\x00', 0x300000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000140)={0x3, 0xffff, 0x46, 0x0, 0xe})

10.223030834s ago: executing program 0 (id=901):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000010000000500050001000000080004000000000005000600000000000800030001"], 0x34}}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000004d40)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r2}, 0x10)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0)

10.12794485s ago: executing program 1 (id=902):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f00000001c0)="66baf80cb83cecb78cef66bafc0ced66ba400066b8ffff66ef0f78d164646565470fc77d9fb9240b0000b809000000ba000000000f3048b805000000000000000f23c00f21f835010004000f23f80f005300364b0fc729360fc77c8ffd0f20c035000000400f22c0", 0x68}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000005700)={{0x0, 0x0, 0x80, {0x100000, 0xeeee8000}}, "cb31455c9e9d288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97af85a08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d03ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e50100cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa710c3e20fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362eb5bf86fce896dbc2a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca433d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eeae43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b5511ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

9.9999034s ago: executing program 5 (id=903):
sendto$l2tp(0xffffffffffffffff, &(0x7f0000000580), 0x0, 0x800, &(0x7f0000000180)={0x2, 0x0, @broadcast, 0x2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x20302, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
prctl$PR_MCE_KILL(0x21, 0x0, 0x3)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
set_mempolicy(0x8006, &(0x7f0000000340)=0x80000000fff, 0x5)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c401}, 0x4040140)
r3 = socket$kcm(0x25, 0x1, 0x0)
recvmsg$kcm(r3, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x160)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
chdir(&(0x7f0000000280)='./file1\x00')
r4 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
write$qrtrtun(r4, &(0x7f0000000300)="ca", 0x1)
creat(&(0x7f0000001380)='./file0\x00', 0x4)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_HANDLE(r5, 0x113, 0x3, &(0x7f0000000440)=0xde690, 0x4)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})

9.978620253s ago: executing program 1 (id=904):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000140)='GPL\x00'}, 0x94)
r3 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r2}, 0x8)
close(r3)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000005c0)={r1, r0, 0x4, r0}, 0x10)

4.179680963s ago: executing program 0 (id=905):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
r1 = accept4$alg(r0, 0x0, 0x0, 0x80800)
sendmmsg(r1, &(0x7f0000009f40)=[{{0x0, 0x0, 0x0}}], 0x1, 0xc000000)
io_setup(0xff, &(0x7f0000000380)=<r2=>0x0)
io_submit(r2, 0x2000000000000225, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0xfffb, r1, &(0x7f0000000340), 0x2d}])

4.091863555s ago: executing program 5 (id=906):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newlink={0x38, 0x10, 0x439, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r3, 0x9801}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20048001}, 0x4000004)
sendto$packet(r0, &(0x7f0000000000)='1', 0x12, 0x40, &(0x7f0000000200)={0x11, 0x86dd, r3, 0x1, 0x0, 0x6, @local}, 0x14)

3.963788974s ago: executing program 6 (id=907):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="1806000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095000000000000009bb944b1022ea16a72f27ca8170eabe3381c6183230efea316129fbd382db2bf79155f7165e3a387bcf2d7e2b2d4e5d82e4cb4be8f4ada0a14f02fd87f35e6ca78a29e52e557834cce5d4eac211f241e250e317f145af114393a"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r3}, &(0x7f0000000080), &(0x7f00000000c0)=r4}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r3}, &(0x7f0000000040), &(0x7f0000000340)=r4}, 0xfffffffffffffd53)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000007000000020000000400000005000000", @ANYRES32, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
io_setup(0x30, &(0x7f0000000600)=<r5=>0x0)
r6 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
io_cancel(r5, 0x0, 0x0)
io_submit(r5, 0x1, &(0x7f00000001c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x60a, r6, 0x0}])
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="9b150100000000002c0012800e00010069703665727370616e0000001800028004001200080014000002000008000d000001000006e92bb09f458bbf77ac0c30116482c952ed8572264fbfdca9308e2b8e2c7b964a032836a66a1f0f4494be19aa3909fe6436268d81c7b3123e29a4cb70738b397c3d0942d25b11582bac4b647638b0df4cd2e37464963915710d45b214b0a9d5"], 0x4c}}, 0x0)
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)={0x50, r9, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x5, 0x73}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x18, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x400, 0x6, 0x7, 0x1000, 0x4, 0x2, 0x6, 0x7f]}}]}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4080}, 0x40810)
clock_gettime(0x0, &(0x7f0000000240)={<r11=>0x0, <r12=>0x0})
socket$alg(0x26, 0x5, 0x0)
io_getevents(0x0, 0x1, 0x4, &(0x7f0000000480), &(0x7f0000000300)={r11, r12+10000000})

3.962763547s ago: executing program 2 (id=917):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000000)={@loopback, 0x40})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.675682728s ago: executing program 0 (id=908):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
bind$can_raw(r0, &(0x7f00000001c0)={0x1d, r1}, 0x10)
recvmmsg(r0, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000880)=[{0x0}, {&(0x7f0000000b00)=""/71, 0x47}], 0x2}, 0x81}], 0x1, 0x40000002, 0x0)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f00000003c0)=0x1, 0x4)
ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0)
sendmsg$can_raw(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@can={{}, 0x0, 0x0, 0x0, 0x0, "0000000000000003"}, 0x10}}, 0x20000000)

2.638347554s ago: executing program 1 (id=909):
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xff)
getpeername$ax25(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)='ub\xce\x00\x00\x00')
mount(&(0x7f0000000180), &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='ubifs\x00', 0x8000, 0x0)

2.55580328s ago: executing program 5 (id=910):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f000000e280)={0x2020, 0x0, <r1=>0x0, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, r1, {0x7, 0x27, 0x0, 0x30000, 0x0, 0x0, 0x8, 0x10000}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008280)="03680f2a20da68ab7a58c28b635d19c32b6efabb6ae3b5eee5a74d8943c613539e166c8baef50500824343a2f05093a5c21f746caefe9f9bccd83cca0fc28da20e2706308c61398dfce5f54ea9f266791ba29a4c7da158637def8b816aa296815ff13c06d632df45feaec1fd272ec1b510eaf58fe6b26cc36df3ecc0f5b1f258a190304e2519dd39ba9f5bc1788926ced5202e3b1e3afa16ae0b5d66dc05b36d3a00f72e5f318f8bdfc7eddc94238c50031d0657a22445ad0b3b90a86b086eed837a00bf0a3888bf61b4db57d6d8d6b286bbb13ba3b246def60ac34241eb843f89fe77d7e3e52573e90d791f21d4a8dfcc24ba95db60e2135634c02bd4b14535285df4fbe381ec036d876c4c8057c79371fa9717414590890e182a7b9e0ab927812083acf0d04e04c20c0555c8ceedc5bcf9b0e814be6eca98ce7b2f9f17d098bea541b75a1617c09fa99902ad746811f89a1fc5e6a80d77528247d6c104395715d2c9f9102f070a295f20c4307b9e848d3928b50985bfa2486893139761925b8fab96d26291243db23c4fd4d96864f4db860731a4e3e10b52d8d0487f5a8536cb4507dbdc111570ad0321b918edbc52807c2e0676d3257553702d9c1bd6741e9cd5cdeb3b8f636b6eb02a3b0066d7f677d586de5018850000f000ab3960f6656fb98039ceb6400d0299c356fc22b7298ed157c667bed5563fac2192a8ff7706a9e58d9d2f92632d6b25d8b090642e3f323bf7ff4d8264617a43a97099dd7347fbe3b1c439737913f17eff57f3e1ff4fdac374fb554e9a6a1ff32daa69507698d660d8d5f591801d8e4a9309342c3dc84966dbfcd2652800200bcb0dde9d456b7a07c5409f4f5387d0150daa34dbc865c6108d34dcc51eedb277e9638b43ce3c9afac5d7aa0f8542e58b0a84632a07557b041845d0012cf016ef065f97660b731ce1b79493de71def047277a3ae6d4a0d86591847d3475926039848c5baf6e1b43bc83053855182423156e54cadc8c85089265b49da853d15e5a701fedf2bf7986a723abf72e513fa05cb178345f2fcc859df49e74c8ccef196000a05cb090f22986ffb6f8f74ab41d2d88b6b535507a23b03d2fc2743f6f69fbcd43b8ff52b1ba32fa0137d542c515569b7f486f8ffa02ad1f54767f51701eb4c141437720884d529a57e17bc2837799124f7f112f42bd90f5b435d7a5d7524f7667bb7a6266263e62bf7ebf6896888d584c65a530b766111f078630d8629ffa91acb5ed02498549bd7e042acae0fab7ccb23278088a364be3da9619d91e1061bbaa9b33c3c5fbbcbc725ce8c2cc9ab0f2b4d30078040d3ca79d3ca056c360381ee87e743dea73a25ea2b4843f9ef280feb507f933fb556c718d8bf8f8618db72805b65d381b319f65c745c1e5060dae2f498852e79aff8dd9c88fd939a31871a430d3ba96fb118c79d1b08a397af23b1a188d1802106f588c768a1e6c9d244ac9a38d2a54ed50f19b78bf25e0ae1f9337ceaa8ff5ca8640104b19bcd643b51501d4e03ed5ffb383e7ed0ab78d540ae10bbd64fba1af59a4190215b7d10230992bbb4ff618d8284a2e2446990511fc2bff07cce9ba94a11d3db041e220e3d931fdf129d8ec2c9b17d6587a0044c9e09f52848db43ddc0df94513cc9e94e9d427623502a910deea0f21d86b16366769a46bf0d6d9fc0d2cd6b98ed885e9e2d765bdd051196bf20bd27c46ec902726d96de352c346d904fa00d63b67d272f116dce489f9d636cef61b441b9c113addec983b8b2fbdb2b32049e436c972b2fcf5140dc7b094c5047cb6226da700b72aeb3febdf16a75b6f61a311f606251c99b377c775c8fb3446ccf25dc4cca24290b3939f948019b05c80b5a6382112f63e0990b324c16a087c72aaec08796afc769f678e3634100a5a9da8215cb5d7a6a6b50a81676ef4edca35595b11f9606bef2fb84fe1f0a0703c886579f09986086f0dca6eb8061f9a74c79c1f758684a7363974b14561b9d2efdaba6c4cd8cb70627da1e195fcae3d8b2fa751278e8f220c83e677e14731eccd6fe0c357b011ed88b6df0c266b383f224b8e95384e401b717030b1227582d0d1042bd90377c4f2c7206a19983fc5905e4eb87edb6532b26ca9e28e160202606d19d9f5da34762f4b3fa842d7bff382ad70dcbc411f8b3e4cace8c8e0c72898d24023545e0dfdc4176209276a535491ce11c045c57b45c40f19b12dcf6ffbf78ab23e7fe9bdc404cf47db9855f2b835e1fce57debfa071803ec38da3c77a904080a4c737ce2b20e14e8449762f1ca0b1ce71779d2e6ee5299e1cf230e8070045c23c1d0e52f66fe9039f95cdc0b448dc12d24de39157934270345991948fce921b5d8e739315cc75d4b3b49928437b88672c1a7770365207b43895f45909d5d972f48aa66de609152a5afa2c7d75f0a14189d0409f0b623eab3b6e7d81025cde140893ed71b6f24f5a36d21dafb62af6be9da845403bc8ed36672efa74d7da19d5794cb4b79fa1c86940b1890c012e14b7c3bb261f16bdd99efaa9819b0bc00af842a6b94c6086d15b16ab81af9331ba3a5bd6941ef35239e85455ceab02c598ccee8fbad97ed37daebfe3b26a5a6c9eda5f65a1cfaf7a1f1688267c812a56c552ae11b465dac030e18f9008ad03cad80bf2cb91a7d99dcfa54d323ae0a4c3a6dc0f80d7ff703870610a945eb0ab5b6d14e81869c8872f6b123d98edcf6bba10d76d35cff4b0bb73db8b6695a8351785bcba1e160a42ed367c4da727da38f91562e941e5c4fa90cd585c5f1cd3a7d6892f18a5aa3c74a4fc00bf5909267489b937a928d9d8ff92530b5226eedf8ab9a957e5ffec45bc3a55e6955b38393ce52892655265d1f741e0b744808eb568a08d145a8bc5ada9b079f6d0bec5fc2ace0502b3f926372dff49478fbd10451f0de4b3d1a63b9d4e17ade45628d2e9dca041fcf7fc1e105e1fc44089fde9caf418ba8454dc361df4a59e1bd79143d280613e3c79ad18e922a43e199aa5927bb9553dd31e6223ad19bf8aff6e1dac8b3680feea3138bc61742b03f047b3d77039c1a4c2d05bd89c4bc12a1b83d78b4e7023f690fce6a44608c423d8cbc2e80942b9d9df2f4bf5606640fa47692f3e003885983a73e1dc313b243bbab5c3c6348afab796da766044ba142eda5a9d3713e3eda8c54c1708909c5da89ba67d29cd7f409c9b759cba316c42028754e3cb6eae2cc4f6d66982f212320f199b2e837bb4c54c54bcdcd2ac240ef6295d38e9889b4213819ef0f9aba6ceead4e0fd2c4becdc1f8ee3049831996c9a74a5fd4e12a1fd21ed47cf27e29f9d61e4b673d88914c36eefa53d3c49d94b463b7f8462c1951dfe33c10993d5cfcd0ededd50ad55009528f1e79fbc2fa70c3338b32c40ae3bb45d7079c7ae8433fb1aa19affbd3fbce0cb5ab0d557afb3be036856066eea45c28e93528b35477fc97fe9ff3641e5bb0f0e46069eb653c027daabff38541250081c77e0e3a1d030a73289e771cc41db10819af60599b5df0ad978fcf0b46af821c6b717b265e07d3a85397ea94de26f510290ddb5df8fcff76fe624843c8577802809c145916afce01d9dfdfa8bf07633e98f14fc73d5ef58ae5cb0c308bc74ca38259692a1cd4cf16752786a1c816f24612c27393d7e40a2df9a3dfa23a0c59613c8a7ccdd97c3fc67ecab94dcd8cc4b4517ed2414d41ce574074ffebd156e3d65c4421b0f339bc9f29abbfe49db62122248cf96b74d9639b3ef9d935cd81315a7ecfb0dc6ea1ee053c2e5c3615fbc10782f16a564fcabe1df70da7de989e00eedc346cef5b5cf880e9d563fc15302f056d37f98a939fd1dd5478b4318c256e93b77e31f87d8f7fe31755191b40d778ddb2ada1480bb9fcb96a09783fcf2c2c9fac2c3a2771dd0e2fb113cd460ee2c9cf4a712f04eb1b1a746091109f7ce0655e1ff7781fbe853e3d03bb91c9d8f4f416f5745c6b607bbf72786bd3c0ac4761e6e6d70f12dbefa1b13542086f793b72c6102ac06e75be17bdbb1efbf7e007f07f9bd433fd9d9cbf93e760757b792f15231895561fe49d9d683ccc066f38af581422b71702627162c0f0f35c36a61eaaa92129114b7334281e35fd39576e51d8593c149c9326e0c710ea4dcc9ef39a432a48ae1834f5046b954f9c033d6035cde0dbffe3e97f48a1dc695f4b2f6fe5d4eee83008318def105c37e11c9015670f13417ed036e68f6fbfca2a8289829677feb23079f3f2ee53b26e491924fefc1c50e54f288a8c4b6ba6d319054c3a9e39e14bba81b423acbd44b51279bbea6b0bb2047325837ce8b2191454f52ffa2cd04abe89e3de5bc102e9fdf740d3efd975bc9503af796e6aeee711ef8797de5d507a964730aa70cb9d3840054d4e1ffc57de378b511f7649666a54a6b3d91ed517198d76322bf99d13bef530a43ed3f13196bf2def6dcfb39f76471c75c5779bedf105717e546057fb478bfd24e8fdf3c12d028b542d1f424a9d45bb9e026e6098eb1cb0a77378300ec1b4c9f006aa4dfb7fb5c57cf1b035cbe96009ead1ca25ea1e5fae40312a4e9fe250684a1c8653bb303209e0fc6a498f3a08f6c5b946378a349f3aea45104a2badb8a45f500bb4f0f6cd620ce794e0f390e1cb7f2f1fc0039f4250a577544a6862b47bf89eea3a8c1516b7a9dd111c2ca719190e8feb1a7079e9fdfdb8224dc50791c986825469c087c8f081616edaa4193e161281aa68b7286a364cbb336b2459f0892e57c40afcfda7d16ea1877efb4e4b0d4b5c31e8cba15066903d3a91bdc7fb64452fb9843436110596f0b038da167a86f97d32c807270a1c994fe88e2517e11bdd210dd982d3c8158459440108308a936c9d2370b9d157c3f9caec36ff05bc40b37f095edf33bf4fad440f38c3f52129456936c07014140be5618f4e9d07b66679238023390cd676b1a3a28d0e90d5ad9ef13a31fcdc5a435454309367c437424e340a1f91c6483bce1026d85a16fb854252ea4ede39a4e69702ecff76432de508e064eda0df9f263a25c0f626d1c1ffaa6783be2975451ee936cc2178648935a924f6fb2db2f8ba34e348920d903114520918cc6872b842e3744fc18d1363583a107ec7b89c7792c0d8069e12f873f6d668f6fdeb47b72986914e45c2b061c5c936c73c9bcf1475ea0d25edaad21cf193405c8acef3bff4e4f1b2b321d70dba59e856a8849c2bba9508bad775370669b2bb7f5e53181af8bff525e13a4935d7e28b997b4ff15da9e36f1353a154ab701ad15420786daaf27ba7e122f7b825c668185b685630420378b4142ec4e4242c2cf0bf6e143f7e55cb12fb9dd59a8df9959ce4fc5fff68ae7174977a31ad7fd644bc94a20bae76f0af474034990fdfec8ceca0e6cd93fe21d84837b7e9d74c17b6d3054f0c008ee05764745fd8773a0c1c31bb3eef5b7e261b54805b5c805a4eeef05c812fcdede200442e7340c63490645ebd09c235d5c52a785542526edfe3875ad08267faed1d0a15236f00c6736b94c1a3821302ff610697ad7becdbc96f54b55138b585cd122e0d5aeaf43c9ba373e8aa1c1297e3415552cc57cd60ee1f3c04500ed0eed37775c873de3066c034c176c67c5bfbe9899a47732030855781341374641da058eee61d01d11b9db8f19fd4558957897340e32cdfbc39713f1f439be0638f614cdb5361433a45a6ff024e39c94141dc5403af101404ce5f2efa97b90d9ecdb7c361785dab977feded32554d1a74d5cbfe2435be7f0329ba382455c2ac11fbe29fe3826796d4bea03dc53a37f63f5be2773f83faf282f0ae24d9fe5762b71b499fd37b4ce7e71f93c3a983f80fed477708bbf2261c89893c4b76e34fac9b42671b6cc81678cc867f53e8c3ec47716206212743ca0c4941c2c61ed3177fccf85921e998d2b826df751173944bb07eeaae4001f677a0687a2550eeac8bb5128ecad9c7b6a514596a30b8292fbacc09ab488193507b6785d7a35c979db774b2c413246f1ae88d35d1914b20b8fb501034321642fb0b0baba3378e4c31fb5e247c177e573295df0194462b99079a436400ba1be2e30d39b8714c0fb2bdcd981d5a5cd514f8d4f14e4e0437108630355d8f2b60a6d18cb14ceb2b5d0704aa6e93e180bd79cb17e176bc4f81a03db12a03413de6189896955bb9e3cc69b6f9a50a7eda3742527f98c71d7ea8ba75e253c2b783f7104813c619949e6a0765179b1b9cbe68b703335ab5986928d86384357a2f4189f4b4ffcd61a3d29709bbc93b5371f0e7798cb72ae4c17bcee24f8e566f2777803c3d182d15a63ac40063f0ccdf4bd790404524eae02eafb6b54c699578486490033f0be866c74a134083003d330498658ba973ea674c4a0ff158403987b4c4752b07c8637a119b019fd5093406960144445056f6ffe73eda0235dc1871bb6058d4a9feecac628265689d58a81453d33290ab56eb691f3180d0288449f41844e56f5c6cf522d4a5866b24fb9552fde71946c4d25dcceaa41cfddb5a33c51c54c0a0a5abd31be8fb6ec53c1d14ba648e183979dbd0db01b9e51ba3803be7e7d3dee752668367264c783f74838121797ae5706ef3aa460682d1bf55808c70e69ae29d7683368470d08e7e9a1095305dce250b5b4bd48c02e098d241b1089736e8306a737e3a1a93e554cc3ab24672b8c74bfb8825004ca869e347f873de14575493836662ad741d79269904f905d7df64d0581ab8d76ee51a32d72ccb719f3a25c0a856b5bd2b2a1269e208d70c32e1d5ad0dfdc0ef43f0230e95eb85871eb4d6033abbf0be7025382d878eeaeea73c94270e79bd5757dc1bac95236a62545cd467830b12dcc30d7cc81e889d360d073db40058e9a1c7b41fc53e67740bc984132a1452cf7d000378f14ef93a7eb0dc9bacf23584ad6761139576607f8214757f71fc47b2944127116ca3e83b9d9643bce8d7bb44b4d16b5d5cff70a9e1114cd920b6fc1f409672648ad56ac3136ef0a314adb458faf3d3f171cb2fc513d76e43e6bda2f1a68e6fcf4a4ecbe6bc87716e2a82ea0c4657983ca0caaf8d75fdf5b0d7930e4f3e95eb1271485f938e7ad2bf0c97b7c11745de45518a1e3a74341968588558e7197b407d24eda0671ee28f219e4c5f809a7ea6f9f5b9705f4634a96112eb262bd5967db5237285b865d3f64516495ea6d1ec20dbed7af02362370bcc98671a61241fa1ef5b3095609d66ecc16010f6f67a280d1c6d215ec224ead17d68bbc9bc64b363b5be9b479b7aa2cbc8587a6b48cf653fde7a262a11ab3a10356f55f122310feac77c32ce0994d6e8a70f1c53331cb473a8e29427322fb6da292c4443b1678877f1c981fa05fbdef96520e5895aeb2a3a8e62652f9d8830c3b144b9598873e2ef41b7ade943807766877d609972cca74855eaedce07cda35b50557de96e736ca3107c154d31aeee78db214687b9964517bcd2c6c9ec047514b45c831aee4588166dc3ec9ab36bd1033e74b3d02d731c5bd84f659fa9fe55cac08c12cb999a2e64fac52f6cb7d1fffbf45d9a1126787d0060fd1be563ccbc278ac97dab0c1bee664675f273f5fa429bdc24b21ff1cf0a3ad3c687fb07ffd88bad6ab6c6b422a43b77ff76f96bf405c07f8a667bb8ff54d6714aaa21ceba2e78ce03146b2ab9f49e6d65081119b8e7cf3843e91349790d2b975c9f9c305df0ab4f2b1b2f30f629313cc66a325e4037f38f29842ee5781ba73d2f30f506cf7ff2237a72b4075aefa32cdd5ba0ae4e65cb6fa47a3e06f0d5f684b7172d6b58f5f7d783c4122db4f4b8b4f9d3296c9d115f432710c29d40dfca0010ecbe2f42fac899911d65c84f08aaa1923c8add5af518286211db14e1187a8839f3b2ae8bd914eafc16a576bbe3eba6271a4c5b3170c3f543761f11f1326a05c575bde1b5c6afd3876bea4fbb649071a95caf74de9f7b3421803ec351f934b8d0932ce72a13abf3627d9a396c10875fc167ef1ae98ff92af9ca366033c99d30306fd540a09d67d26ab192504e7c09f9e4d06287a2b1748f1761ba3c16d9d08be7562b7351c4b4679f5d4b38681bfd86c7f2003a9749b20b602112a95803469f5d252c564912b55c4bf3409298dbd066d877cc70a89b484b9ee6bb836c9acd1e53086c4be85e9a3bc5969c7016db9c72b68620c241409d06f4d7f72fe2289c9b4921055922783b8b886bc22926b7d194820af2b90e3c60e87e1a7851f38a970c07c1da120d1da75de2bb994ff7d05a313522373326f160914a9589711e0439d694f5221afe8cc118722ce4927e9543e61a12a76bcf2da1d01a0f258095d32063387349b4e9f253d8b73c6e834b6866f8a56b4797b92d521fa732aa0d55c8e9d6c56011ee6fb450853dc564d18e97c463609c27a63f9c91c46d7bd80ace4edc0615ca342f43ca3b3d0cc36ed52b7d1f457e5b4b26b5eca0d91abe4f1a42a2eec40ec2faff1222f71dc226d6344e947b45155691205c09913fc3c6ab3fe76f4d1b11fa45869e20694b5f0a1074780a07332764212533b797dd24d8df157d4172f91253b77eb2ec90c8222307ed59136463057b7f469116086410b7503b44cef401c47811c1390060da5b3321d34096b67468a7702978d98d4bd721c18a25ed541249638e90281dc8e3565dc33e66d7b832a9bd62c02c5ed0e92935c92472499653d2d842ea6697c733ee80d775884074b3a0c250a4aa021bb6ea93514f9cc5f09feb5719d270cd184e364ca966f1416e10f111bc425f32a993fc5cd75503f99d89d91d7ddc6dee70193057cb946e5fbf8663c53e12cebffe5dbd4a86bfcf5f35f0d8aa43763a60e00356b4f8bc2bca01b02cfddde38f0c4df1e7f98709fdebc5abb5eb9631bdc3dbfcf15517fabcf16931eb7381e83713b081ad1947274d4896ee8953d772e9e71f363b6f1147317bc739ec128e4ec865f8f0ea34cd5ff19fb2c28931d2c85846735358504ae9161535cd7890e8b95c814cfec116b78e6d0eb5097cd4f35888121452e27391d865c15f0b986925d0d0c623bcbb4d8ca66603720253af17853967ea5954eb5ef0dc43de185ec4925026c680464e66d1caff1f4c7c757bd55ec2515ffe7183e3481ff6f626c2228a3fc3d15f63e4bfbec76a2a170206142cbbcf204a1cbfe0ee56eb47dfb79c80894c0a0fbf8a2955d861678fc2f8f9ad7a28052197b5992bced1273658da5b1f42fca48c80883600c24d8515a0c7113deb4c97df918ab64bca16a0c14f2547dc91d5ce4f884978c95fe54899f77ffc20a2c4b27350bc451bef72a46d8e144ad57a8d5f8ac039f58b8a53ea1f3fd5fce612a171bf82ba17c0681cf46ce5c8181a522ed2e986361903903159643046c7be1787dac6ccab09d18a30997541dc6e9efa260f1ff0392bc1890f19d8bb725f4fe7d8bc618f46e0c23be6b9ca67777dd3f5a89b41ccfb11a526a3bed045a2906f86cc5186a1db7a70391261b694b423e5a44d374f9d3720330e083574083f8950b2b35c8bb5b6c0a7fe259f235dc1c069d4581a9f0a7451890561a0829bb290de6aefe4d243ae0b00ca61a1dc4262bb4951242b21d88148eb7b6a9718d6433274f2b3c9bcdbb6d5df67b48ff42692d8cd7f4b7f41728de68ea1ce0f3e4a2843c5b9ffc43f69b8a0445dce44081f5b443a327084b0d00d07cbdbbfd2da5d67bf8d4bb4ee408d17eeee48b61decd06bd3dac9a1adbeb069b49ec96608b9179bb3af4c10f2ade6778b31fd4c22c2961cb949a64e9a8a4879c550f8d8783064cb304511e40e2e562ba83c08ba8ae011a784ed9db03db5527a7aae222c856c8df0a94f9c4def0f94244c5b8e3db9f39dbd337928e24d9d8562f231fea72116c01089163d2c5f4ca17faab20b73c9957fa1a9af20837a804870034d4e64281125b070d8ee0dbf05f95e5fb079e2a57e9af977222e90b664189114dccbca81ee58b7de90a813768a2049052b339a608d3e9966bdb3b584291fbf7694a7d1dea7f72ca604894e6cca5d326ed5e48c15eff5e6a8cc11c40f84ca920d79a5c55d07001909bf6338921c656a39d59d03f62bb5b8870189f0416ec8c317b03ccdcbbeb3e1a9bf2661813f4966b57eb56a2757de5f7745851b5f7bf75e41eb1646e61a41923c5c0e58c2ea478d95b5c39c450744aea0aad3706fce684cb7338ff3dacab60e8d968f0e6fc070693ae3ca16996b34a50afb7e6e377546ae28dc8de7a2ea3a657b4b0003a91a488e347c61971d62f32eaf843d4d4c4f86cc4033c1244c8408def09188dde509c629323f34072f9089a3846680894e8b000a03865438b2ea212b68fdef7f17583f92014eef2c8115a37c9c82dee06213c1407c1433690f68cdc8e91971104039dfe06774b946f43b68b7957a5ca3ee763eafbb7437850eb0a285c413bcf6965232d593d8da47a2a06abc635ae38e596a9dae55b43f341bcc6fe72d79b453ac1c259da37f64cbc1f1508caf280aa6a3f4cd2ff5564cc5a8727f222431454a5ac93398a29fb95b4e057686cd6fcd920992f74e5870749676a36e043bec5fc1b0fce5563affe9addfaa3689e857383ccd1f2924080449d2cfb006e855570b711c1dedd1df2629afaa3806f4ae229a9a8ef1940ddf2c55dac7812d2374c0684b7ba27b2f0849ee4c055d2b8ccc8e41c593378340d7546bb974bc8032f220b37099e3b04c6591c40d2c50a855a491e03c1c9cbb32c400f6104341262d92daaf3e2c04936cf28788fdff8e0a77770a9deb9089a9e32eb5d9e2581aecd98f83881ca8e7d49e603556dc03a9aa19a8f3a4735aaee347b25ea35b36fa57484c0b6d591979b4a3da894fa0c15966d6a5e02e397cccdb9c314b504372b81ef6913877767001263c05dae362b49e5928ef36f554ce245b4111486417634f1e7f4530a760ae6ffd3123f5736ac12c5bf506c5dca03079c0fd0776cdb56c938cdf480fb9b97b1685dfa3be6f712aae107e2dda726bec137b2ebdf56c0fcaecca4350bd7b5c84d57f29c2a2c99ae10c30cece4831d71ae4ee3362983cc816bb6cb9225b9db08503a1be23a26a0425a8628a2e718feae5df91d829f27966f766b623a0a4958a57642aefae259713733670d5b1d027fb8eb2d0d3a0b4acd482076dfa09ffe883f556b2db2262bc0872e1bd713f100dd7a8a8f2d725b46e09c625d513179872bbcc9a41e596a18b2471d977f4ca2bebd06cdaba31b70ef25e098f214fef16f16f725cad4311eb91457fdb70b471eddb65ecafb1e2b03c5ff21356241e3cab2c8ba601f9ef1aec9006b7cd0b81da29be01cb4c1d52e563298e373013886ebb1889bd5616647c6c418ea6bc1f3c0853b65cae48467b35f08318e3a9d034af7224cc3520ab1ece7751ba15407298b21e4f84ef7c23d7993739403d4f116cba2d0ae2d4003a28334c461c734d4555105b986ad0af28aac36c753ab52b91b7e23ae3ab07d3b170fe53a2249efe5b65463a3f237cec72091b04005f95a15ae595191ba39d0ae1d91d8e00b132ae9339884bc57bbb79978a308e1c31c5f213b092f380a7ba58f55869e9c29a5a6e7a7aa4f8d58e5787cc05e5", 0x2000, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x90, 0x0, 0xffffffffffffffff, {0x3, 0x0, 0x0, 0x0, 0x0, 0x2, {0x0, 0x2, 0x2, 0x0, 0x0, 0x9, 0x1ff, 0xff, 0x0, 0xc000, 0x0, 0x0, r2, 0x9}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
rename(&(0x7f0000000100)='./file0/../file0/file0\x00', &(0x7f0000000140)='./file0/../file0/file0\x00')
syz_fuse_handle_req(r0, &(0x7f000000a280)="1695367704d10dd832678e4e2d01860484a69eaac410e2d6cf3b3d3925f9a3cb602592377170dffdc4de86f163e390e21d07459b0f058cfc248c4bcbe896f3c68006f3c2cbe07c55b87170871c1d364d740faeb750c8c8acb76aca18bc0c018ed341b55b0ef80cefe95b85756aac978a0e0b5ce59cae6657643e7ada0c1336bab310888351664553c2faa6dd39054e19e23cc7c4b4d33546407f880194aa0761f2a9360c4ba26de342328b92db81ae84fc9c1e9eefb4b7ec3f58a6d5d23b907327b14480a37f3c84305729a91c28807f8809b997235bfa2d4b6f45ee9568bb4a416df34f4140c5e272bfc068ea61a48b365490ccb02772a906dad457f5d2dd1a57cc1209e8897c8115049d7e4e3c756a7f5ad0c004ef66c8bf91f600910e73b4aa5f516bab5cd62ad93642960ab32b7fdaeacb1a9587a389a529c231f8a47a65fb6d27ba6a0eeb46660cd75dbf47df89e9f578eafa6992a12d9d7de56d69fd0e30b15caabd13c28d63921597466292f8c4e87f23d53d52e6e8f1c9295af0743c8c671a49273074ba44dbce9e9b1136a93dbc19d2b8e60cda5f50eba2d814822a68a0fd4ff5e6a25dd5346f96b26b5e1563ebb97829a76fd8c2aa467499fdced91b05b193b68316494f11f5ce97ed8e13d474b03c6f6eda4eff54b0ec362fda53003e6e2a3868a5d57e2426aed5adccdac8e162c6cc20361dd4709889b79b2810ba42f531fdd3746562a00da65b4211fb7d8f482a3610748d3b80d2942d8432471f98c6e9036cb57f3913b31dd8baddd6d85b44e8463b838fcfb6979628c5fa3dbd30688e10b9ede257ebc7b96d4092f38d11b9e6a4d10490a9df1387b3743cf51e206c7dbc0741c408bbebaae7f36d81b5ce5b21bb9fe992c8a0cb3a91ea2df21e571ff094b53b17c46fe22c0cead29144d203294eb42c984790a6b6348ed8b7b0317ee5b2353cc54bcfd808bf0f61f73917584e17bd9259c8a04d2ba3b4f931571947c77035975933471fb1203088dce478eb4e411ddb7b88caeb02e1cda741245df701a2b5c29c48a631eaf18549bd90c70222fd6dafe5550726bb58dd0fbf84ffeeae683a0379505f03740a652025add8e0e4e6b5bfb4bd0876dfe1ecb639acc110eba97294a4e4642aefbcad04ba50d830e945fd9900ee7e02488694041f43cbaa86280c1df64e8f1f81f7cd5130914efd19b58262f3bd2c43bd8b4a5beac09f1ba27020521994465e62c329debb50efe0716d22cf0056febc7cb95aa818e10639077e91cac3c80b37d6eebc6907dde971b578383ee04086a0dad18750ceff6b8d6d373afa93a51fee65fe1318c1ac291b784e45d66962c8b54571bc1e92a996c11561d94af6ecdd37948d35adbd1ad63c1c05c31c7f4afd707aa1956d1444fec1137fb6d81f56566887131777e5fe3e2fafe8af8f21ed34480afe74afb25d8d16f8089fcb851ac49dd826b7f273aa3d771856d712c62397d49c72d93e3c2a5e6b9767fcff0fc5b3d70dcd70ff8bad5dfd7f5a84c194f99450601f970104f9be026852ead21824152dd8f6536fcd01a69177a65f2af266e619d61d20de0c738680fbec29e7c594cad29f009d46d87908c951b2e4ad8d9a67db8be6f570fe5416d9e4dd22a108140a1c95369731807325ee7f4201209a795fa1609ce8fa27384677816f651a96cc08400e1b647bdddfb851313e3ccaa472b9a6a1da3a0936e119a6d7808f09de244d739c39df3ed36004b77cb54b6b1396b718c87fba28cb1439c7d1d140dae1ee2c2a7d647427b1e7472710c7ac4f1fb0fc0c9d15ecce28167d23e2e42474dbf1c63c0819606be9c9b6dc2eb59bf9932568ef408c20e9498cf105e84eee30460d4348f4cdfab623b416adadb4427887d9b1b6b8db75b224e8a55fa0351d21093b2b7e42e6685491cbfce100d602d0281f4bd086b50612f3ccf055fab1aad97a52695a233c3d458be4536b66b0acdda5ce0aaab48bb7d7f39a8af473c4478991f1c4569839eab0c1d684001ee1772290871653a2293bb7754c1eac178c60f86e2a98e1992dee198c76365f2d04d159d7c210c6cc58764e3b7dfb5bc15190555febd01c69cab8f55926c28a13fa4f9060dde1ca2df7e1f71fd99a0c350d7f0e341ece8e0685e9c205b486ef400910211b688f07fb05b542261c74b45f4ac23ff53e9e620ab12dad7b5131f67128bb8ed6a4a70caec437f2157f8bcb3d080091e5715dfc7d7539dd0320c90d0aab6a6d7a447ebeea893a0efa2176292c648c62cedd4138c9d0535ab0621855484fc43e0e3e84357db6951bb21fe2f4e99fa188ebecbc23f73ea879bd304408acd1c470fd112606ccfd7b7970e950ebd363afbba359a51877248a42845097094ff785dc82264225752f3aefa980d9ed5309b48f47a5b5ef49f69808b91bde955277b6525f55436ffeba0bfa8c13f6314c57ec97eea295afc66a9f4ec844474c0da6ff1ef0c6c65c035f3bb74a70ffa668359b58a46af97600c428626b45c81a4e372e198894c02e2bee8010fb4c2c075ea623a6ee24a99e225f809322df6ea6f39b1566b1aee5403d45ba648f94f70976013199b3241744458d030a5319360780897413289d89267c389e04f23de79adf4b864c5ca76efc225eb1ecf6424887f0d8b3ac13cbe9df4eb69f7b702e85fb396dc4a030d57a8c4edd227ee568fb11a9859935ad53dcfdb01727f106af352c569a020b7e405a1ad4c6b39e2e8796fe9f16db3794550f5ef3ecd6af2b2ab0383e6c198f17ada5840bde84ccbaa661d9c456d9ddaf92763ba450098cd5a971d847fd5030a4c9b066ab3b0096dfdf7e5ce2f8349165f94c493b7e4192e85239bb11552f910fb41c5e96ee10fc8dce711e88e0572ce0bbbd9c9f3b7c9dae89f1dfa6af309c4321755a5b19070c8731ac590c30fffb69feeb75f699aebb101d3a30f784f1745182cb4f0bf63a148b521f0a03c691927694ee453b278523e3ed256c150098a932f62c90ac65faa4b9782c27a3ef6ca2b5ecae6a01d8a1d7096bf6a7d1b317a9eab22ef4907c631bcca224f723f5fb9a44d7e1295186cf37fd71343919aa167fa70a505a73e9f52a11cfbd40d8c1087d4ffdfe45a40ed5aebfa4b0c3622c78a914d68dd92f46478711437ff88803ab28cd9ce2223aa0fa37eb9d9a4a7866dec4ca6bb66e794ccac6bd19b11daa0b6d4d42cbcf7d6426b5718030ca51bf92b3d8ea0b11c46ec5c0c6e3805c88b39731b2b751d9928ed1ddba7c66bcc5273d709fd295aa0792384435b98c1f44575c028ff2869074156713931f7e62f8b0f8c7ee9dfeaeb2e096e77600586a47d6f6a2e13a17dfceae46ad84858bf8873f9f1e35fc700aef0a648af168ab0774a3441a203ef325577f2c76f5f0e5808acdc7965bc65e8ad1ca816bc3b67711ea42e619c957d0f26b394be1f3b0c4ac9af8558eaebf5c1c27b6549022513479b4c28dbe3f1c3131cc9211eee768f96a9c8b5e0e6425bef921a355faccf0072ba19b16d88b75feb5dc8fcfc1b7b5973eb9654ca3dcfd482831ff5d1fe09fe7ae43cf129c8c17a6686685a13ed076f34608b7ac16eb8e9de6a44418c4e3f8162e6a679bc9482df96a04b14575ebf093b99bf5cc26495f5dd6e571129d9760de3f801b001a1f3248d14f579bc519de2b656641a88da758a2ed3baf15fdf2739ddb44f0e5892de7ea48e9302129d0c939137b9d0687b296577675bcbf433a53f6a9816797cbfef1ba0caa2b8602387b5a8bae24d3e15d42b34d81708738fd269c3e8cbacdc3ff5ab1d4816a783d7be0f0a8086e345a6b4c231ffd61745f6c45cfceaf6089e70542aea1574e3c78740f77a08eb55b37f03549c1dd318cb5a76094210e8cf800c350d328fbf9442d0437e7affd54b3bfc33da3f24558f3ea8e59da8e61ae60e7e7b4de7179b8cf941d51d420c8eee69143966800dc4f7bcb50a033331fcac02a65e88de28ab219c68388a9da9196e044dd1ebbd3994bf8cc862f6f8b419fa1f4f4e5427f10866b498935fa28b8e6f9c5e48be8b74b9c2262823390480f71aff6cf72281f526265877d223eef9ad7a4be7438f9afb6aff0e80c5125c2c612ceb83f0470ea04479979c0a10fbbd0bed7379e949cc19fe36fbcbcc59a9fe30a2662d3e4d22862e8841b587b8995ef8482bc60fe0863b41752ef3dd44a387eff101595822bf1ce440ff9e5f73e560e4f7fbfe4754d9dabbcd92de02017eb43d3cf7c75e45ba04009a782a68ce11eefd52253c721daa5f37c6408e37b48d1f2e36d7c1793300f2c9039e69a52057486b63c0fa644d00528ce48f2e551ca88e356ac25ae74c73492ed3e6233490acfbe7ed8244f23e2af86e0ade6b78bb34a75a86f6cbadbd39762680cb0821d6d28f18d427df13d0e747f6da54be970e43ef8ca8285dc8bf44e3cecdbf2d8757a9800bb889b846d58cc636a2648809451a95736a0ecec6ea3fe61fb24dcd8a00ac0b8933918189cda555b17e431d99ee190d6d0d9f769e665ec193ba8889ae72a01e18b98cebb75d20ed778e5778ef657ce85d40eafa44b46f293d64023b877e8c5d58587c3abecf9a1ad8d874a4cdba0bfbea61b7eb19e81f7c932be12a83bacc51017b42dbe2931dc11c742a5a942cb6ed9bd9922ad78f55b0f6cbae0e8d4235140263ed8c83ab22e71a0f0a62b6920b5d5109e415254e527546546bd025cf1583e3e8d9d5bf735a4651fa2e5c3c86a185bb77e9b75224cdda8cb0eb21d9e3bb19e286832aa5dce19f055539a0a5caccfd752742a31d0af882c4f02c29cbd90ac2cdf5cc61c448cd09eb7b82b930ca99962c0e5ed84124fe37f7d30aad0296ee340377a7e0aa7413c495ac8ab0b482c4c5f59872efd5a1ceadbc7606e67d3c79a77d095bd82519db0893b9d2bbc2b2f3a7391826840e49424703c006399cde5f2a52a9383e89dfbfca284be4d75dd3aafd8a43dc6c71bd7fde9460647eb5c97707e96ddb9124d6020da38ee7ad743db8fd0377a8711905194c496e39a2132d7bbf35b79f920b6dcaa73625bf8b5320da250513cd45bf42c8072809ad59d69c02f0554cf82b79ff291e42d9227de1948352b0dba0281b69876ae0ca24972a5e75aee7e0a46bd4fc83f5a0dd3f22d666f2d950ca580c6da6dfaaa293beded10d1328613611b6e01d5d8567541e81466467302d8050a3ae4791fbddc1aec749edb68173be5341166c1d5c42d63e7368473e48bafa43459de3fa3a5550a4ac979711dd9a2d6796b0bcf9b5881124ade4b12bf64fa55724976a0da9d642e76a036c430f5fb2c06d599b0f78e978580f8eb763d2846177ff18b9b5cf8c76197ed809ef24212bc5563a1713214ce78e0e6cced6e41578d46a07839795c83c189610244bc1b680535fce39f290da90d719078015d90020b1d4567a97081b48514709df8e327d814e8c15496d90efacae6b13e297ed520d280203896bbc3a23f3b638adf594de03a782bb292a93ef0b14b8b3e13c01787a0b7bfb3abd8ab15eebbc651b7b054d3e56ebb7808de9b9bd067560ec6a6432455b37054292a3d9d32434506bf84b2907560017089de3f60c2deb4dfb7371f96d65a575d446aa1d2df81867135120df4e24e9227f72ff9f8f015a7754948704ecd084a1a93fbeb5a44af086ef73e9fc1c072b7d5473e92558fc2824acf27f1dbe9b019247d3074bf4256a966ceb674a2c4222632c8e4b6c0736de019ccfe4cca40b9b07f8c4df9753cdfb4ad66643ed71510983e29c2b5f9ae7db4913cb74d9dd0461a900810650d0da73f766aa6882385f3bb40644bf43f01faf2aa4cd187659edb0498527f201442b64349afa814b3dae5ce815971f3b11d177e3e1aaf90c7674c097d475640218ad27e63f9071c9081c06d9b5d1f3a070da3eed4f4080190a74063e7f97b5f35706dd1173dcbfa13a70d5362e50d57d0c5105c8d3beb926d93f61699e737ebe1a935839c3aa5b629dc93aa209d9e7774c40de7f59fca1eb274a8280022a15934e5dd2579a8cf5cd16a3b0a1ff3ea712c4258164fe2fa17a4cbfa5630f4041bad4204605eb2e762d610fa17dafa415ed8a678da1d4b5a6618d71d0066d66e3ac10b3ce65137a5a02344abc57f1be4ce0cbf1a2ac66dcb5e94495e863819c627e4704fb479c232b27aa4a5dfca8896a7eb8e0592b6b392ec9fa2767f569d5c1356d7ef7a909d8ee344ba017c75ca664d98f5288230b7f1ffa2fa7a5d07fab5f4b53b7f19c3fb361795fd632fa8a654004d931b4b7fc0890927aec727160cded3c01b7e40e6b81ce015796895f9c007762a1c22acfb9513eccd93c845e91ea8b0960b299b3ce788cbcce5bea9a94325289d2c3573975c512d56e19c4655f849b3652f8b5f9fa6f49e03202f2031debe3c299c3ceceb1febf4b285da9033493088a36f885ed6d3958b8d05cc6be00f3465de8bf6e41796d17e393067585b459b143d592cea102f584e48676a45f896cf662bd6b3b2309aa7f46d2b8ec6597a063f12bcc88922050c8c1e070134ce77ab1cb7a7f29983a0b30d9b2abeca5cfbfc55e941376c616c2834b1c1c9a9473b531c86c3b708478ee95923fe6a8108c2c4dc8a78a9d5e995f6c815b292b986cab0afa233ef10567a49d4e8dc17f438b90b620df4d291b52549ac8e1b69078b62011ed4bb0e288db740817ff07d01e779e11cb8e0606b5ca3aac6c7b262499f5a115acdad8a67b6eb77503318ef3bf0008347b270aa986d9e79e2af174f38a4743250c1091e6053a7a785464483161aad3ef3ad976e5329b71afe9bbfd93d7541a1014db4cc159ac266021e841c665217fa150e130f921ebd4cfb5accdb87f5f9bc0fd94b402289db4d0ac3f0906a689aef044c09fc2c5a00f7795ea935aeb943eb32826bd2176c1d1cb058195e3229d293595ebc07514c6b038a1d964199c59e59d4fc621c54b7bbd3410ccec22f7fb6751527c2aa0940ed2f0c9dcfc4e99ced91d09ba4a37042b5f48b127439cad24df2951ff1e769d3892dc4788dbbe27cce60f7f0138789444712e84e059ac0a4e87557f6c3369fc61b9a843c816df3cb4ec77a11e16390234da24dc0420f6a44554fc7954cc74d63ec030d4d964898e14500d0dacdbb2959f7a8a191773f66448348f36c3f4904187088bcfeafda7dd721236810d04469e93ca4e7926305c25b1ef1380d775008fd238e33e8dd2dc5a9783f97414487a7ef70eba3dcf71331803fad223f65aadfc87d79512bf311c14926d619a089f5e84c46f4a9ff393969f8eacc8fa20acaa9eb01a8aab625853e415d3871e555a11ee71ee93cba85ee9cde60b3962e294c2c840f0a1ba87714bac54f1ca0ebda74daa3e8e19d382b951d64a22da48c632ec5754f42129214a807427e69a93c128b6b0a8697c9ee375818dd79244a38287fe8f66c7cc3aa18aee2fbf804fc1aadcc7d2daf75be82a60276b6902a51f2bbb64c261915b80053fb9635f405f1fa855d1ec8adc0ebe9648b8151eda70ec5ad5f704fa2a337bcfb7ecbc845a11cae7a68d6bc58f107ac7bb0c2f6b83edc48703ba00c94036b9af4ada51d6d78bfe697df06f47573c14cd7191ec52dc0f208ecdcf54669529bba2c2fb7a6b38f6f2b5ec5fe876f03c096ae092b6f881a84b00edd1e9f67449069d876afaa99eb1a446f20656b5104c72ed28bd8553c724785f4e8bfdc33194409960de4969b708ce26e4cd608d21ace0c38e27d54b55369a9e807cfda9a6240466dd94f6150d4b0105f7b9ae392009b2cf146d1dad5d7c8664463d7d60d11b45f30d01db7364e21ac557d37a4c9ad88926c472e98710d2cbfc4b70d6a5dbb128d46909e634761c6f6952bf9021aa5282c391dcee3278a25e3e2ee31a7f6713979a546084fb2e598214c36a3b7618bf23c57bb23b33e9c98dfe5192ef257dc2d891a6f7c11be334fbdab015eedafe1c4aea95ff1fa6d340d0cade542f3f782c1589470fa64c6fd9ac0c31536ecee0ae312f992733beea6fcaf7562dd6e0f2c016f712ce14d93f02a54f577c75b444fd7f46e9bd2cd9cd1f89195781d88f984eca45c97355095d3b48b0d9bd730c7d6f63b1dc78d2344bdb0f18c4e1554822345c11efa2ba32bcef4f29ed05315cf44617a80d7d1392de077bbda08669c8c3cb6c0b12f872f1247bc1d07634bf5bf4acc3a4ecdae7e6acd7c4af9820147afe55500a7270d7eb511f907339e5af54cfaf33e2364f54091ebee2a245ba048452d383cd441604c4dd1c6376e4df8b83ebf6070d2be248174fc1dc0a1352c103325360aeb3ab71cb73bb646ac6247dd68155fd48b90250c3b0f250a74f827780367e117a94094e5005e2f926accaef0b3e36c25e315c1e80cd4c3481f3465d99025c7de91c45bb8dd0a5577174c1f366017d87d2033239a8b6f399a9095845b5fafe9cca113b93f455bb790709b6c93fcbbd0c4bd7b5d621088dca06802e241836291226ad56d40b3b4e90eb68bd5845742baf4cb4a69b4bdb07f02d0bd6fbb5a5fad3af030816b254725e6db4073b7a0536b884c8985c3a159cdb105c73f7e0e03546248336449eff6afeb96cf8ad3617df18ee2247bc2d11ebbe10e0379f5578c41611872c5461541fb4da5be3f3348e0592982a61c352315370a9b452306c9f31f9040ef755ad096a8733dd9daf6bdbcb7a3521ad2282ae4fa7bfdb9cda5997ba3a6652af46c6d0205bb356dfb411e2b931b357723bb70254211819b74a461ed5c126cec6573cda4f6107fc3ebc76483621e9ab5789a5575ea3a91463f76138ea0f3ec9c44e1cddb2de59bef83333d235e922b920e267453676575b38e6415bd136534b8df2360ab489fb69eefd04b66758ab5dd105be7b0635f7194f9e4b158b22b21ac97fda4e804747a9718b40a32531cd5c3fd1d3c1dd8ba5ef9c86d3c8df8c71f81da1a9756e5db4dddf70755053f7129d656a8069fe83c39ab240cf7a73f0f880ec7a791c5115ab262184839b906c238eaabf2268dfcd6560c5bcb70fea00b580ad52e7de0333e6de63ae351952e6e5dee6edf284de0a2f53e2089db13bd5eca5f98883a24eb2e1a58ae199f8db9c60a5b6b85585b2d2a17d6b5406e5668685d95c4718c375db05f7953b363c25d2ed0906eda70eb659845acd31fec9b8e4d5951d12fd50bbb969dd824a78c72622c8311a980f0f2e6a1ddc368879a1f3a07d3c0780e85a4e5d13223a3424782e3f77bf6a1ebf823f468d41b777ff61345064f1096ed653c277bab90ca5afc8ad6d25f4447236cdd82950afff27763f3fef5308f034379f4ad4955cb8cc5280d51b5427de4eba374f64dde2f1e7a6ae628aa4696160a5cf0ae9fc70e307b4eb19c0a5af2c2855710c8e117211d73a7e7f3f7f2ba55d03a4b73d816c9c3fc1edb86ec95ddcd77884a913805ad6549e7a5f776a1c2385dd6d83877727f128207cda29f83462269a7f606fa31934d06a6e0efd238d0a180c754a9d2e85609fd20c880ea0e79cbe887c442f9f682801da783529e1e45eb3e70195fa2711fa291dca43ee0672b7afc14cf87b9506a7ebe223019c856777e1783f6ae1b0ed90486b32e3b6f7ff77be834c7b6676da6c8052fa49450e3e16a6f90ee33742bbfe3dc025832e0bbc7abeb625077b8c1ea07dee89c7dc26fa42514ff9ac21e848e32309bc2862a873fb57796e05923fce42fa2833c73866e22a04497ec13acebcdff6ae1df71dd8756f1febac04f2034c1f3e1d401ddbdb7f2ef676d5c85437830d527a5fb04c9bbf0d892ee1306d2d2df37008916a3a66e70f865cd6d25de16fdb4bb4f2616204cf86a3ffdbf147223968c092a46dc2aae4aedb32fb850b85d4adb87bfada328bce4c2c70ec42affde442179fcc1d3d9f5e4a848c8ba03b0df3065d1b2d5f1b08d8c25148c51bb54e191a87ea59903084000b4b520fffda111fe831d4bdcf62423c1fcd673b020c5f2c41973dd1b9698054368081f917715e1c1592bc78dd265e051bcda5bf5877821fedfcf7790a58b328cf780f71ee71491e59194504bc800d319251607e53ba0e1ed15cd4fd5c959eaff4d3a1c7cb28c479f2776256633ef7c0f0e98688b54e8c8634cf57e27e5c1ee1e43573ae23bfbb1ff1bef6cabd33c02ff165c44f0f190426ba8391ba4f03458be3351869c5c5c9d5fa5600edbcce523525b9cd9c3bb040e34771ea277d05cb76302c72fac5edc815412dbbbc651371d70d044c4f89a68da7abd836fb3a495e212b5fd13819c41c9a240405582ae69b7c35b30935af3085d457a4d76a94c9272c5eafcecc4c92dd4f314b04b4739864e626a5bab27fa2f345f052afe3bae2ff4c442c42a1c83091bfcc23a3b5e06a511d02cefcd618a6d9761de00af192cf1aacc902cf3ba98f898c48fbc74b6710db7ac890b4f7ed7377e0fa3b4c46a131e775130a80db5014a79e674c8fc8b45495066e88201d2e320320fa4561abab617d0e67e9e879b0080a8ab404f4eb007a088990aa6a7b29afce5b8dd038ce96d43e1271315f6070e761e759c44fba1ce78730e35ca31e0bf5840cc01289c81613a07c497f288ed70a6d10d9f58fe135558b2a862bd877fcc939d7536e7dc988409290cd73da04a3b1399b0a2637f737d5f86bba4a31019546e2000a3ca57f8291cd9af28299eb93909061200c9738cca998add04e7bb0137ecc460fc3ef72872e7d13c159914fcdf577910e6c5d7a1636b13b78c5088551c614e3c75befb0f37fb89b918f4aad0126a9efd3390d6a0cab97ed0e01c7eae0e798a4142345578beb10d6b61a90b4d1fe836022def90bb8e37e07428a4592e7bf30e935951e492234a8db96f081379e7c4e18c3b6ce4ed1f97698dc1da940f14217e877bb8e0f33b392d801a01c48ec62ce2774d2e4e55e9415c063e1bfa31a8f0633443ec19c5fab977c1485147e46c06f86742278fd071de4a165dff7eddd5390a1e031d80e3d44477f6009c9fc27a7d92b865a292b0d586083f681c2d92da7e7f42eabd076fa7d61eba0c2b406c75f1cec561b1a523dd4c6f344b02ed59bd473d7d30a24144e981fc8da434931adeb841d63bb705485f8f58a180da91af64bad1379356787b37467dc9b4a0d12496e5048e7ccb40a978eebee5eaac4e9dd96faf194aa93a22333d7f68cccde147dce26c9ff18d7c8ffe0d1377c70dd1057d54473b2c2b2b3eea82fb223952c0dc3796efd0cd94afea38341ab9a83c6a9ee77f26bf8dea8510dfc964f9b9b4942c08ade50e43f06e5101f2e6b68b6a7f9cc5443c862b1198627461938daf4bd1fc7b21d6d7fd3f775f0e4a1f60434a242b049f159dbe5de145e741c5c9b4e59a7f5d7de54a6d51cd87845dde819ca74e3abf60356fbcf18bfff3b6ae1c545e243c08f9f41b86e55ed6e71be453843e0bffc5b6bdcfeefd33075ee5110627d4f05e008e54ddd62fb6979d9c2a5e4a2cb45fad7b2d77bd17508952889b30df2124cdc2fe6a749a12c9f6dbbd01226cc4ba2693b7e6a858d3c36ac6519ee70e896588a6df81b0e3be3604bbbe1a845088cf1834a04368dde8b6ee76d0492911dc09b05cf6642e0003cd8faafd398872c1a8dc3e85d3658ec8", 0x2000, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={0x90, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x4000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})

2.457269066s ago: executing program 0 (id=911):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
write$tun(r0, &(0x7f0000000080)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x1c}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0xb0, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @multicast1}, {0x4e20, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "31150048d5e06bdc339f0b82e56e05e9a3f461bd8f05c60ff304e7fee8a3221b", "b54970b8807c69e8aba2815e90ed451c3c1a9dff75f0f264e44cbb999c8f292e5aa143fd63ea1886e0cd425df0d8e5e7", "2bed86cd87cd326b66a3ca343e29e347dc61214ad793ad9f48b4d287", {"b15c14be998215153aaf76bbf0aead9a", "5cd7bcd4dc8e1acb0a78f4793cfd119c"}}}}}, 0xbe)

2.232808849s ago: executing program 2 (id=912):
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
write$nbd(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000000000000200ffff0300000082b0cfc4337965941538be02000000000000000000007400a391793ba7f40000000000fdf700000000000000000000003e078b4ea9373c73f5f0d747c3d5b253355dc62ee6de97639a2541327d2576f482f67452af6c45419d074aedf0d2074848a66ba8f197463c961664"], 0x40)
io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000680)={&(0x7f0000001000)={[{&(0x7f0000000040)="9c3ef136e544ea067191ffed0636d1cd50a1f4a700f9dd2b328538a33109b06412e29748b28b77737c3e1b76d808b81fb0b75b65075e2a9469f32673751f88f057d58b44bc14a21d5b7c919562709ae824fc72c7f79e4c474b9ed68281a9a21a8e01747418b8fe13c65ca531b69073e109e23933f894b4eff7d7da4e017911d55a90c7e4a45ce6580e0a384657020db4cacb40baeb330a616e8e5aabc838437f99025cec133f09ec4a56ca449946f585387ea7e52b9574068bc392bf71d95c1fd03e92d31c63510dd8f307a1c929c80c37293e7aa26b936a1a94296ef2b8235ef60a0c1cfd7c", 0xe6}, {&(0x7f0000000140)="36a67c95aa342372951a8025b153b0c126f2356db8039128b411980ae31f8e2bbd8791342fbf9cfd1c35ca163d6e36b49bc210e5704c8b155594a815ad28f01c69", 0x41, 0x3}, {0x0, 0x0, 0x2}, {&(0x7f0000000340)="ee0e6828c9a9dc657d64193171dcda9277153b6cee261b0cd1cf60f805f21721053bf9f92ecb108dbe05fb0da39ebb3ee363588f1c108bdd8902e112ca62946995806234f4da5568f5a7243503fff4c6c4b703fb61fac7ac24dcf0ccd97b4d59db2ee5b11aad1ffc5e92e399951c685565c50c97238ec65e714fb402072755fa0dd2152f4ef6c5767904bdc6df546d09c1049bfb49d43c4a29ae1708534897216b6ce44a8aaacaf30907eb64a74f06a498b9b9b23cc3cc8d33c1994225e92d816b84f6", 0xc3, 0x2}, {&(0x7f00000004c0)="b2d4362b81765ac72d81bb03fb1b868ef96f9c8b3513546d7c007f00db70e75eb4d45118b9c6c49111be76506327c65733e6aa771ee5f68154a0ffd506035d39597013a1dde8b96f28320e080fc09d7dd25d3ab38c06de86682de90da543434379c4ddbcbf4f3d63b7e36031e0977a44a277bc245d473739881fc6ca0f7b45004f2f5da5910dfd93fb135071878c2e8b94d0cd3911752776f5bcbd1b68d10e9ff0c16f3000ca699961edb1143274a009348cf308ae13c192896d93bce2d317d7ba786f", 0xc3, 0x2}, {&(0x7f00000005c0)="6c9a7d2791d022bc6b35867b84ae3736dce532330022405cae155535d9733fc0c68a8d368d72b40d80a0f2d443119c3928ecf27a", 0x34, 0x3}, {0x0}]}, 0x7, 0x3}, 0x1)
r1 = syz_open_procfs(0x0, &(0x7f0000002380)='net/ip_mr_cache\x00')
mkdir(&(0x7f00000002c0)='./bus\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x820009408200a5fe)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r2 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x150)
mknodat$loop(r2, &(0x7f0000000040)='./file1\x00', 0x2000, 0x1)
chdir(&(0x7f00000003c0)='./bus\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{0x0}], 0x1)
read$dsp(0xffffffffffffffff, &(0x7f00000011c0)=""/4117, 0x200021d5)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x8008af26, &(0x7f0000000680))
linkat(r2, &(0x7f0000000100)='./file1\x00', r2, &(0x7f0000000240)='./file0\x00', 0x0)
unlink(&(0x7f0000000280)='./file1\x00')
mknod$loop(&(0x7f00000001c0)='./file0\x00', 0x4, 0x0)
pread64(r1, &(0x7f00000008c0)=""/249, 0xf9, 0x2)
ioctl$COMEDI_SETWSUBD(r0, 0x6411)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000005, 0x3032, 0xffffffffffffffff, 0x0)
unshare(0x2c020400)
msgget$private(0x0, 0x240)
msgsnd(0x0, &(0x7f0000000180)=ANY=[], 0x2000, 0x0)
msgrcv(0x0, &(0x7f00000004c0)={0x0, ""/4}, 0x2000, 0xffffff7f00000000, 0x3000)

2.229691413s ago: executing program 6 (id=913):
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c)
connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000600)="ba", 0x1}], 0x1}}], 0x1, 0xc8040)
sendmmsg(r1, &(0x7f0000004700)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)="94b853cbbcb12ba82ccdc9f6898425577c171142e222db47c8a244c2a90562c0cd9d5a5278a7de67f75d0a670410143b73af12b70671a86d470a53fdb065ac", 0x3f}, {&(0x7f00000000c0)="e27e704a76b2dbb32da285981b4e09518e35f030bea69cd2f3", 0x19}, {&(0x7f0000000100)="8210193d6e04bb76a49e9394fe3f66f516c5d9a0372da5d9136092f818f185b79026aadeea7b2d02edab2fc43a14c7a95fee4b633a2d2ec7a0ad4fcc914c4e87007c95ff4dd7b94f2893", 0x4a}, {&(0x7f00000003c0)="1836793453193404bcd2d220b9f20d3f96f5e280d9a460deba77fc55deef0d80d77fb83d725eb3f0a8532a76aab8a2914969a3b8549f9dc650701d33ac3c460a0f5d6edcd157ae91700cdef43b45db64a438ee67c1f5857ce525caab9ede51c0dc81801ec095f92d718de35758bb4ede12f5ed74c3e55c30aca650a248aecc12b0ad92f8a48e21b41d44", 0x8a}, {&(0x7f0000000480)="ded87e9516350ca73634268789af3544a5dadd4d24c5bf9c6a8ba05d094e8ef97992ac8f57a710bfc34bd6b068bbcf97960bdf28d51bf5a343b7b888b69ff01e1a545cdb37b3594d808e94320f43651bb7d6382a5b6e36e3ce379a6cd86f54ce21196922644664a18191a913334bf8d9ab0204d7960150f55e5bf3458a9184113d4d643516d986579c41920d7eceae89bf0ff72ec94d78209690ef4219248fee5f0b978b647daf5dd3250e211101798e5cf6db97ddc99ad50edadbb9e8f994f8b3d38873caa12f63bb7877bf", 0xcc}, {&(0x7f0000000640)="e1c5128bc806be4a3757998df3d2ad96d3e7a1a44488b0e1cbd0a26841883cbba223866e041f1736eae3ed9c6852e719a38e0993988a90ea41c645e504901bb04e5515f312183efc2a2050eb8e85e08ff37070cf9adf20045455be575c0f35f6bac7438835147cff8cd7d58eb9d343039839dbcd892d38dcc3409d0a30309407e77c25bb61ec4ceecdfd92459aa4b7b0ad260ad4e9", 0x95}, {&(0x7f0000004840)="0cfdb0b60bb64f222f824fbbefba7f946ef20fc79944f1f194ab9e80722118116932cd5fafbb2e3017a63b8ccb2a2d9f60f8d46e38e7912e41810b1d4407d0bfb29a1f5f35c36cfbc00e533de8b2aec85bed42291ede452fd55cb19409118d9e6e3eebbeecfff54997c0354a917c0087ee04a880aa8797ef98365304f0278b86e1687924fdc6233f7ec04abc6bfee77444b5d0d7a8d76cd588aa3e0c85859456ea98100007661bcb3f4a3e6141ef57b6f2e38457f629b9b92b018000f2af9d351059307f6e44314d501afde0994d822fe43f66b0ab2c4daa803aa496a503b946e8635be08f88b751a3cffad6bb40e61f98b9e8b22314ec4640cd6771a1fe69bc72db61e4445856470284e128d2474f24a28b96e7bb200f53268ae7812612efcd69d8c4252de4f4c08761e217d1866279f03c6e788f065f300ba5544e4afd8fefbe952de6d7e687cff113b7130c745779ede72cc968566b", 0x157}, {&(0x7f0000000800)="40e4e908823409768cb2644b8b7b1b26dc6ae4f5bb4e1dc461e5c0fabad297f8f42501241ace49dafc55880358f8ae4fa447989d0ec05944489bc22fde1396cb3f58bac9c02f55138888a08bc7568d16bb5421eb55154eac4d4b6c0317c47e847b20ee8c067e7b4dade517ba025deb1c3e425a99ede38c99d6f1d81cbc83a69965ed8d69218688e08b59ca5fc4d82a6fd4a48ac8a13b268d23caebd37302987256918b2aceb3183f05bf97e53272cd23a82e7f87796d297f16eb9179f3dda2ac23f6658ce15cbde58d436a204cada042ac7aaf646327061a7e4729720be39236c91cba6616123978651c09b482c0ea4bb7588b3d9008bdef036610e875d600fbc8b13bb6c3b721fa09b23977aa7595597323d18570d41c22191abcf8e4150b0667a3afcaf94b6ace12b7fbb30dd21194231476ecb29fafd9cd6dc6579d3718b3a4f905effa1ef650ff10df4a64f2909658162e4882937359acc2636d14f58e69d9fcf22b1b85aa5594c970276503116d5178b33426aa352bfbd3f0eba49165c7283cf311a4a332afc85941940b76033b0857fd540365787a7437f84bd1e6f13cd90771ea775d6a57a5c906789e9e2f38d34f65fa62b54546818796986218cc4145a6af8aa5be75f93fc885b0d828a10ea7e405b8cac90f6cade831ad496b8ce67181d761f86d3893b9ed851531f7e3878061dcefb1a88e39ff5420b1342d48823a508edf4280304975e5cf890d739d243b467185732fb6086e4e67094f524d012efbcd1092f65ab17804b2d5e8eb7b6c4756fb65bddcd0c1c43b71b5df0e521186d2b1abfc0ccf2e48119f14a8b834f94cf27c35d33984840209b635c8877bd07a411fb07d8b09ff0b110eefe9301c6bd3bef2ae7a39490c3b54c42afafcfc0593539ccd037084328183d748e453e10a0fc0da02d1fee87b4b8b881fa7a2414393c321bd845979000314c3c0a25ffcad91faf2c600c609b8a211cd1d3c1d22aa58c2db6c78de03f32c984298f64d350b849f409c6d32574beb17e541347fc206fc354e273f53aa9bc67848f68574da608afc49799c1ffb5b5ea4c0f918c96a3a190b8baaa3c9e894f8973a53240250f0b0bad8084c6c004635065ec366af1fc11ba0d353e23114434cd96eb4b7f094fa7cde5f31379810d8f8a276beb97b22458902bd1177f65536decdf0f375ca590a6a111042b4bafbd39558fa15eba9b4fdaa87a840ecf5348d373b8160ab5ee0eef34cc68f849aae2319c709f305f437830e8389ecf9e4075cc33608d2fd0b901f1909404f6db24951a048db757ffc06860414afd420c84ee88b2ad6ec1237389a5ac20ba351f7b226c36682d7b530c9d6a983260e4caa1b9d82123932214d8b74230bf60216ae0afec71c84e72a5b155e4777b1e540a0e120a42cacf0b838bacb5efa89518db7cd1fd2bec41adc77b0b467fce6c1d70776a025641c5f9748013e897e05ee60e810691c8f2f9c6cf144959660447dc6c1663f0fbbb737ec07bec7a520599d1df19dc22c7e86b81f43d7067b543f589f6f2cc9c57eb7a7b59c03a2a665f26eba052f558aff7f2520bd4c945bf9f052c2e40471b964e2078888cdef431c0d1c6fa3fea3dc9e45d0b2f8600fe9c05c5985de4b2628cc9df2de80607eda09e946c9caa6cb9835ebe7e0501d16f2cbb53d5b3de092633f5d842eb4f652788049830ea44d51f141609f748e07b3db7972892f5bf7bd37d2556b08d19c9d959c31a14795b656f2473d342f1e521ec7c0d9fa739be08c819e65693a0c66241f217982e3281b2cab2c4c5393fa7b4e8e7fb80eaa06b8d033957f6679d82441af59c2e687e0c019b2f382597db9f3590065eb7dcd63dc3d025e2826eaa2fcc835d7fcb2af1d0d5156f4fdecb6af0ebbfcf34798f1c78c643b74740c2dfaa36203c5cddc779acb8a6e8677d07120d61cae32109538a29a28ecc553a42770adfd4f33013dbec32a3978172849b6a74ae890176ff04d84e74a7c4a53fcc147f2dded49f293f196b744c89e8b566d00c6e981971b603c1e008599882860b13a5b8728020e69f8571076eb5d54482de2b1a0da21c036784232848d73a10bfd557cfaffa208f723dd7f118540c55a603f55ab201e882b854ef27a8dfa193a3fc03d6c28080f46acbded80d55c14e46641926a39cff5994b3211a65781195f8bcc94d6109a230a065d2c7c37b66d359743afcec5d5670e91a37e422bec26a4a6082e1665f768022bd761a35986465381ff004340e6bc3c52903db17e02e5b524707a6cb58645d450bee65f23ff8e5083ddae0a5eea87a4e4ee3bf1ee8ae60f18725e609bb320707e490cb6b71c61c0956b06445d93b1c7ff240239f5304e1551756ff009e9b58ce1eb4613c80203723f984e6e312da191031d5f7dc2804640f270a36d4f7306d6666b738a8419ad491efecfb6801955d14dfcc8c9dbcd64dcd1fbd2f5bce73d30da77e50e23d24454035e6466bb5cfb8ed66f04a7dd2232a4dbc1be2fb5096451f52c1a8aaf78e1f98b5dd73038dd456a838d4f50c032e042985c930bea8352033e988303e8b7208ded927f704f83235366fd1a644e8d22760733e0446af776afa448f9718a692055c2f927f6d73ef1db9d0c64e241bff08160e7241f65b9699f656dbde9decb5678b0a0be08ec6e95f0db088f1af5a2650829a81f5d6421d00e85a407ede471e363c90ccc5fc58631eed35a860e15df424b6292343b1b594560e50c76592df21c04c45f306ce35082a6546e4f82873d0e306de3fa5233ff09192bcfa7ce043a51b761c98d51a05f083e780093604fd8bdd5b9ccfb1ee982571494773641e103171b841ce3620c2cd78ab4c1c1625976ce059cf53b52afaef0ec248eb3cd466878a0a4a2ab3fc7d16aa06ff5b1b412d8d99333e6e5ff3246463dc193033aae147b0e244afd6e2cabbacb46711c107689c21ee3698d7e12587b4730e60fa0a413e882b55cde0162f222fcfd96c2866ba3a36015ff654ffee6849e988b8d393f55a356c2f2515def5a53b4d17614146af72ae1444576cea30f789c4d0884c7d162d7fd4bd876e533cc2f62b104e733da0b158a6bf72331562d885dc534fde0955b33c44b63d57422d79697f123bdf55c13a841753fcce6f32924d2653bce7281168d920e1cee593cbaa4ee0767c09658ea4a6a2abf2a2805c0d0878885b64b7cb1995340c01159b19a49563996b12b7130186891f30cec4cc2b8b976fbd48a645ce90e9eeb646d80513ff30a840b764e8da96b104810fab3cda7d00ce38036cdc021f892039c66198817943a8a5dde0713f14d09f73fb95569db94422c8040e2badec67c48d049db0de751b6358eedc2d7b7c343748b930bc6441828172172ff4d9d2ebdec2f9e2c4451072ce7dc4d6c20983cb256fe3ce0415e924d557afccc8a851874c4b5c652c662de99686cd254f3d9de302c1ce1dcaa7bd4aaab75719cfa60d78392edfa6f480826692a173f9f85dc93ab6f833a2d8b77fb05af0c9bc0b38b58e23348b854881900daf555c314e71eb63a2e7a537a0dc92a920f55a5073c4e1376f61fefae36aea3e10e93cc2bbffdfbe574fc2db2f7fb2f62aff0df1e8e35ddc7c260ef3dce680d28c57d5cc7738d56f1983d976c8a6a6bc3b15210b19f450b359d99b05abc0c20d1a043d00e8b95dbc48e2186e8709cac0c70cb3fe21f2f7569ed594ce52df48f55048ed9b6b1c07bbcb89b7ff7cbfa0be06a02d4553b775c66eeb453647667b30ed9cb334ad8e1d115a2ec62e57381139b2f218a62e82ebd87afc42ae79b0da5036a65f0868ea969820243c71ecd0e93c4a90811e63c758e3a0f2e7fd4ffa6786b6d32e114405a76d7e9e1ece0f3e6a1b1f763579542db9e86fdcd72958140497219c37693eb94d09d5902ebc8cd2467085fbc2626ece46a8eb113ad1faa6f7a2f7a422fb01dc6b90b9927751d369474d8dfee28275e83485fbbe81e05498fed5220a44cf2c6d0aa1c94a8531962a0ce48f637fe7255059b72e0f27a52117871d28448abfafb096fcb5fc69f712a4394a588ecc081a7ded59bd6e7d32132c7d543bd9c3c6ffb87c06975daa50e9ee76a8a2a8ff3369fbf5e6620251bd137bf0490ece05062ffa688a576e967210c4774978e0f99f46cd073d4b20806eafd07bb9df90e299d533538b4c6691a93c22f50d183aa48ab645525b1524b1ed4061fc5c85296cbe89e00b803c6a23a461817cf908de0312eb16f186306870e3031fa13888d45d0772d7f8ef5843aadb4f4148d9eec158f0119030994521f54b22bacbecf74311019ffca1596ab93ef589b7e1a26a4ebde2911f44a4cf99396be265cfe9ef01e8dae04f22fb8e2f616aa7c44949c5ebc65ff7e1eb2", 0xc1c}], 0x8}}], 0x1, 0x0)
splice(r1, 0x0, r0, 0x0, 0x7ffff000, 0x6)

1.6160942s ago: executing program 6 (id=914):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_open_dev$cec(0x0, 0x0, 0x101441)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000400000000000000000000850000002c000000850000002a00000095"], &(0x7f0000000400)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={r2, r1, 0x25, 0x0, @val=@netkit={@void, @value=r2}}, 0x1c)
syz_emit_ethernet(0xfdef, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaa"], 0x0)

1.376844188s ago: executing program 1 (id=915):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000206010200000000000000000100000005fa0300000000000900020073797a31"], 0x28}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007003219002bfd000000000000000000af1e4ccfb7b3cad800000800", [0x0, 0x2000000000001]}})

1.328462795s ago: executing program 5 (id=916):
writev(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x1, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x1181}, [@IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}, @IFLA_MTU={0x8, 0x4, 0xd4}, @IFLA_MASTER={0x8}]}, 0x44}}, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r2, @ANYBLOB="00000000000000005c001280110001006272696467655f736c6176650000000044000580050005000000000005002000010000000500080000"], 0x7c}}, 0x0)

1.203216133s ago: executing program 1 (id=918):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x1a, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x3, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffe0, 0xa}, {0xf, 0x2}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0x3}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0x8}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x3, 0x7, @loopback, 0x800000}, 0x1c)

1.135840523s ago: executing program 2 (id=919):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0xfff7fffffffffff5}, 0x18)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
fcntl$setsig(0xffffffffffffffff, 0x3, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000007c0)={r0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000540)='/sys/kernel/debug/sync/info\x00'}, 0x30)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
close(r3)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_WAIT_VBLANK(r4, 0xc018643a, &(0x7f0000000140)={0x1, 0x101})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_genetlink_get_family_id$fou(&(0x7f00000000c0), r3)
ioctl$KDSETMODE(r6, 0x4b3a, 0x1)
ioctl$TCXONC(r6, 0x4b3a, 0x2)
socket$inet_sctp(0x2, 0x5, 0x84)
syz_usb_connect(0x0, 0x36, &(0x7f00000017c0)={{0x12, 0x1, 0x300, 0x4c, 0x4d, 0x70, 0x20, 0x41e, 0x3f19, 0x9b52, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x2, 0x5, 0x30, 0x2, [{{0x9, 0x4, 0xbd, 0xb, 0x1, 0xff, 0xb2, 0x3b, 0x2, [@uac_control={{0xa, 0x24, 0x1, 0x5, 0x7}}], [{{0x9, 0x5, 0xd, 0xd, 0x3ff, 0x3, 0x5, 0x64}}]}}]}}]}}, &(0x7f00000020c0)={0x0, 0x0, 0x0, 0x0})

773.856µs ago: executing program 0 (id=920):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc)
memfd_create(0x0, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000000140)=@abs={0x1}, 0x6e)
sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4000000)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001200)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a8c000000030a0fdb00000000000000000a0000050900030073797a30000000000900010073797a31000000004c0008800c00024000deffff55c3dd9e0c00014000000000000000000c00024000000000000000000c00024000000000000000090c00014000000000000000060c000140000000000000026314000480080002403cb140bb080001400000000314000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
sendmsg$NFT_MSG_GETCHAIN(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)={0x14, 0x4, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x4040004}, 0x0)
mkdir(0x0, 0x0)

0s ago: executing program 6 (id=921):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r0, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0}, 0xa1}], 0x1, 0x0, 0x0)

kernel console output (not intermixed with test programs):

0) entered forwarding state
[   98.450879][ T3612] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.451090][ T3612] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.496683][ T5847] 8021q: adding VLAN 0 to HW filter on device team0
[   98.556879][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.557040][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.598686][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.611469][ T3630] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.612500][ T3630] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.691460][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.735091][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[   98.797109][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.797320][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.837193][ T5843] 8021q: adding VLAN 0 to HW filter on device team0
[   98.852248][ T3612] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.852348][ T3612] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.924576][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.929121][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.929339][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.015084][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.015374][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.125645][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[   99.195908][ T3630] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.196055][ T3630] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.281537][ T3612] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.282092][ T3612] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.454250][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.665116][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.829669][ T5846] veth0_vlan: entered promiscuous mode
[   99.933928][ T5846] veth1_vlan: entered promiscuous mode
[  100.054934][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.106071][ T5847] veth0_vlan: entered promiscuous mode
[  100.158813][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.190229][ T5847] veth1_vlan: entered promiscuous mode
[  100.206752][ T5846] veth0_macvtap: entered promiscuous mode
[  100.251370][ T5846] veth1_macvtap: entered promiscuous mode
[  100.325091][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.425540][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.437625][ T5842] veth0_vlan: entered promiscuous mode
[  100.480878][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.520332][ T5847] veth0_macvtap: entered promiscuous mode
[  100.560364][ T5842] veth1_vlan: entered promiscuous mode
[  100.562078][ T3612] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.575353][ T5847] veth1_macvtap: entered promiscuous mode
[  100.588437][ T3612] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.605772][ T3612] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.611735][ T3612] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.781042][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.829550][ T5841] veth0_vlan: entered promiscuous mode
[  100.860877][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.941466][ T5841] veth1_vlan: entered promiscuous mode
[  100.960296][ T3612] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.965849][ T5842] veth0_macvtap: entered promiscuous mode
[  100.967603][ T3612] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.987320][ T3612] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.000368][  T162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.000391][  T162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.031375][ T3612] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.051437][ T5842] veth1_macvtap: entered promiscuous mode
[  101.187576][   T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.187595][   T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.251155][ T5843] veth0_vlan: entered promiscuous mode
[  101.327855][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.379870][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.399512][ T5843] veth1_vlan: entered promiscuous mode
[  101.448791][ T5841] veth0_macvtap: entered promiscuous mode
[  101.481406][ T1153] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.493194][ T1153] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.517356][ T5841] veth1_macvtap: entered promiscuous mode
[  101.518864][ T1463] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.520968][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.520985][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.555600][ T1463] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.447909][ T5959] ptrace attach of "./syz-executor exec"[5960] was attempted by "./syz-executor exec"[5959]
[  102.903287][ T1463] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.903305][ T1463] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.966150][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.964654][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[  104.136473][ T5843] veth0_macvtap: entered promiscuous mode
[  104.169542][ T1497] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  104.184844][ T1497] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  104.204250][ T3612] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.204284][ T3612] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.231440][ T1497] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  104.248269][ T5843] veth1_macvtap: entered promiscuous mode
[  104.265557][ T1497] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.501451][   T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.501468][   T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.563198][ T1233] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  105.623490][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  105.863257][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  105.953647][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  106.260775][ T1233] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  106.261045][ T1233] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  106.261315][ T1233] usb 3-1: config 220 has no interface number 2
[  106.267989][ T1233] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  106.268247][ T1233] usb 3-1: config 220 interface 0 has no altsetting 0
[  106.268618][ T1233] usb 3-1: config 220 interface 76 has no altsetting 0
[  106.268841][ T1233] usb 3-1: config 220 interface 1 has no altsetting 0
[  106.528832][ T1233] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  106.528858][ T1233] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.528875][ T1233] usb 3-1: Product: syz
[  106.528887][ T1233] usb 3-1: Manufacturer: syz
[  106.528899][ T1233] usb 3-1: SerialNumber: syz
[  106.647769][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0
[  106.661760][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.765053][ T1518] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.769451][ T1518] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.769818][ T1518] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.771459][ T1518] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.095928][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.095948][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.096779][ T1233] usb 3-1: selecting invalid altsetting 0
[  107.111302][ T1233] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  107.111346][ T1233] usb 3-1: No valid video chain found.
[  107.242473][ T1233] usb 3-1: selecting invalid altsetting 0
[  107.242510][ T1233] usbtest 3-1:220.1: probe with driver usbtest failed with error -22
[  107.270367][ T1233] usb 3-1: USB disconnect, device number 2
[  107.655515][ T5985] Zero length message leads to an empty skb
[  107.752827][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  107.752880][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  107.752913][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  107.752945][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  107.752977][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  107.753009][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  107.753041][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  108.313596][ T1161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.313612][ T1161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.373510][ T5991] sch_tbf: burst 1023 is lower than device lo mtu (65550) !
[  108.548045][ T3612] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.548065][ T3612] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.337734][ T3630] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.337751][ T3630] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.525693][ T6002] netlink: 'syz.3.15': attribute type 1 has an invalid length.
[  111.500804][ T6006] vlan2: entered allmulticast mode
[  111.500823][ T6006] veth1: entered allmulticast mode
[  114.809468][ T6043] input: syz0 as /devices/virtual/input/input5
[  116.539137][ T6052] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  121.224186][ T6081] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  121.270079][ T6078] tipc: Started in network mode
[  121.270107][ T6078] tipc: Node identity b2bb2bb55642, cluster identity 4711
[  121.270823][ T6078] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  121.271723][ T6078] syzkaller0: entered promiscuous mode
[  121.271747][ T6078] syzkaller0: entered allmulticast mode
[  122.323817][ T5917] tipc: Node number set to 3841534901
[  122.893293][ T6086] tipc: Resetting bearer <eth:syzkaller0>
[  123.013962][ T6081] kvm: MWAIT instruction emulated as NOP!
[  123.181750][ T6075] tipc: Resetting bearer <eth:syzkaller0>
[  124.810361][ T6075] tipc: Disabling bearer <eth:syzkaller0>
[  127.126391][ T6121] netlink: 92 bytes leftover after parsing attributes in process `syz.2.40'.
[  128.740068][ T6126] syz.4.42: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  128.741044][ T6126] CPU: 0 UID: 0 PID: 6126 Comm: syz.4.42 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  128.741066][ T6126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  128.741084][ T6126] Call Trace:
[  128.741092][ T6126]  <TASK>
[  128.741101][ T6126]  dump_stack_lvl+0x189/0x250
[  128.741136][ T6126]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  128.741163][ T6126]  ? __pfx_dump_stack_lvl+0x10/0x10
[  128.741186][ T6126]  ? __pfx__printk+0x10/0x10
[  128.741206][ T6126]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  128.741225][ T6126]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  128.741252][ T6126]  warn_alloc+0x22e/0x3b0
[  128.741287][ T6126]  ? __pfx_warn_alloc+0x10/0x10
[  128.741317][ T6126]  ? __kasan_kmalloc+0x93/0xb0
[  128.741336][ T6126]  ? __kmalloc_cache_noprof+0x1a8/0x320
[  128.741357][ T6126]  ? xskq_create+0x56/0x170
[  128.741376][ T6126]  ? xsk_init_queue+0xb0/0x110
[  128.741393][ T6126]  ? xsk_setsockopt+0x4dc/0x8d0
[  128.741410][ T6126]  ? do_sock_setsockopt+0x17c/0x1b0
[  128.741436][ T6126]  ? __x64_sys_setsockopt+0x145/0x1b0
[  128.741458][ T6126]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.741484][ T6126]  __vmalloc_node_range_noprof+0x125/0x12f0
[  128.741545][ T6126]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  128.741578][ T6126]  ? __kasan_kmalloc+0x93/0xb0
[  128.741602][ T6126]  vmalloc_user_noprof+0xad/0xf0
[  128.741627][ T6126]  ? xskq_create+0xbf/0x170
[  128.741648][ T6126]  xskq_create+0xbf/0x170
[  128.741672][ T6126]  xsk_init_queue+0xb0/0x110
[  128.741696][ T6126]  xsk_setsockopt+0x4dc/0x8d0
[  128.741719][ T6126]  ? __pfx_xsk_setsockopt+0x10/0x10
[  128.741752][ T6126]  ? __fget_files+0x2a/0x420
[  128.741776][ T6126]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  128.741793][ T6126]  ? __pfx_xsk_setsockopt+0x10/0x10
[  128.741814][ T6126]  do_sock_setsockopt+0x17c/0x1b0
[  128.741842][ T6126]  __x64_sys_setsockopt+0x145/0x1b0
[  128.741870][ T6126]  do_syscall_64+0xfa/0x3b0
[  128.741891][ T6126]  ? lockdep_hardirqs_on+0x9c/0x150
[  128.741912][ T6126]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.741930][ T6126]  ? clear_bhb_loop+0x60/0xb0
[  128.741951][ T6126]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.741969][ T6126] RIP: 0033:0x7fd41ecfebe9
[  128.741990][ T6126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  128.742005][ T6126] RSP: 002b:00007fd41cf1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  128.742024][ T6126] RAX: ffffffffffffffda RBX: 00007fd41ef26180 RCX: 00007fd41ecfebe9
[  128.742037][ T6126] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008
[  128.742048][ T6126] RBP: 00007fd41ed81e19 R08: 0000000000000004 R09: 0000000000000000
[  128.742060][ T6126] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  128.742071][ T6126] R13: 00007fd41ef26218 R14: 00007fd41ef26180 R15: 00007fffa2a8bad8
[  128.742103][ T6126]  </TASK>
[  128.742848][ T6126] Mem-Info:
[  128.742863][ T6126] active_anon:251 inactive_anon:8716 isolated_anon:0
[  128.742863][ T6126]  active_file:5162 inactive_file:47098 isolated_file:0
[  128.742863][ T6126]  unevictable:768 dirty:163 writeback:0
[  128.742863][ T6126]  slab_reclaimable:11617 slab_unreclaimable:100753
[  128.742863][ T6126]  mapped:33474 shmem:4226 pagetables:1227
[  128.742863][ T6126]  sec_pagetables:0 bounce:0
[  128.742863][ T6126]  kernel_misc_reclaimable:0
[  128.742863][ T6126]  free:1317603 free_pcp:9610 free_cma:0
[  128.742914][ T6126] Node 0 active_anon:1004kB inactive_anon:34864kB active_file:20448kB inactive_file:188392kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:133896kB dirty:652kB writeback:0kB shmem:15368kB kernel_stack:12988kB pagetables:4764kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  128.742957][ T6126] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:80kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  128.742997][ T6126] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  128.743052][ T6126] lowmem_reserve[]: 0 2512 2513 2513 2513
[  128.743085][ T6126] Node 0 DMA32 free:1354200kB boost:0kB min:3940kB low:6484kB high:9028kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1000kB inactive_anon:34824kB active_file:19432kB inactive_file:188320kB unevictable:1536kB writepending:652kB present:3129332kB managed:2572332kB mlocked:0kB bounce:0kB free_pcp:38440kB local_pcp:13628kB free_cma:0kB
[  128.743255][ T6126] lowmem_reserve[]: 0 0 1 1 1
[  128.743288][ T6126] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:1016kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  128.743340][ T6126] lowmem_reserve[]: 0 0 0 0 0
[  128.743370][ T6126] Node 1 Normal free:3900852kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  128.743423][ T6126] lowmem_reserve[]: 0 0 0 0 0
[  128.743459][ T6126] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  128.743695][ T6126] Node 0 DMA32: 824*4kB (U) 657*8kB (UE) 191*16kB (UM) 3*32kB (UME) 19*64kB (ME) 90*128kB (UM) 70*256kB (UME) 20*512kB (UME) 19*1024kB (ME) 4*2048kB (UM) 311*4096kB (M) = 1354104kB
[  128.743844][ T6126] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  128.743936][ T6126] Node 1 Normal: 221*4kB (UME) 54*8kB (UME) 45*16kB (UME) 208*32kB (UME) 103*64kB (UME) 22*128kB (UME) 15*256kB (UME) 8*512kB (UME) 2*1024kB (UM) 1*2048kB (E) 945*4096kB (M) = 3900852kB
[  128.744088][ T6126] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  128.744104][ T6126] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  128.744119][ T6126] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  128.744134][ T6126] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  128.744149][ T6126] 56482 total pagecache pages
[  128.744261][ T6126] 0 pages in swap cache
[  128.744268][ T6126] Free swap  = 124996kB
[  128.744275][ T6126] Total swap = 124996kB
[  128.744283][ T6126] 2097051 pages RAM
[  128.744290][ T6126] 0 pages HighMem/MovableOnly
[  128.744296][ T6126] 422070 pages reserved
[  128.744303][ T6126] 0 pages cma reserved
[  133.545244][    C1] vkms_vblank_simulate: vblank timer overrun
[  133.814967][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.110161][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.172525][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.630924][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.801446][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.833694][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[  134.833788][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  135.435687][    C1] vkms_vblank_simulate: vblank timer overrun
[  136.405559][    C1] vkms_vblank_simulate: vblank timer overrun
[  136.933736][    C1] vkms_vblank_simulate: vblank timer overrun
[  137.196649][    C1] vkms_vblank_simulate: vblank timer overrun
[  138.356109][    C1] vkms_vblank_simulate: vblank timer overrun
[  138.766885][ T6185] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  144.946971][    C1] vkms_vblank_simulate: vblank timer overrun
[  145.128918][ T6208] input: syz0 as /devices/virtual/input/input6
[  145.558054][    C1] vkms_vblank_simulate: vblank timer overrun
[  145.613302][    C1] vkms_vblank_simulate: vblank timer overrun
[  146.179561][    C1] vkms_vblank_simulate: vblank timer overrun
[  146.849572][    C1] vkms_vblank_simulate: vblank timer overrun
[  147.824541][    C1] vkms_vblank_simulate: vblank timer overrun
[  148.315768][    C1] vkms_vblank_simulate: vblank timer overrun
[  149.020587][    C1] vkms_vblank_simulate: vblank timer overrun
[  149.535792][    C1] vkms_vblank_simulate: vblank timer overrun
[  149.703369][    C1] vkms_vblank_simulate: vblank timer overrun
[  150.693653][    C1] vkms_vblank_simulate: vblank timer overrun
[  150.762852][    C1] vkms_vblank_simulate: vblank timer overrun
[  151.148882][ T5853] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  151.150818][ T5853] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  151.151800][ T5853] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  151.165468][ T5853] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  151.175706][ T5853] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  153.369929][ T5850] Bluetooth: hci5: command tx timeout
[  155.422891][ T5850] Bluetooth: hci5: command tx timeout
[  156.691473][ T6265] syz.3.78 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  157.542884][ T5850] Bluetooth: hci5: command tx timeout
[  158.206069][ T6269] netlink: 48 bytes leftover after parsing attributes in process `syz.1.79'.
[  158.210119][ T6269] netlink: 48 bytes leftover after parsing attributes in process `syz.1.79'.
[  159.582836][ T5850] Bluetooth: hci5: command tx timeout
[  163.739730][ T1170] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.366471][ T6297] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  165.054023][ T5917] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  165.453868][ T5917] usb 4-1: Using ep0 maxpacket: 32
[  165.477802][ T5917] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  165.481691][ T5917] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  165.481716][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  165.481733][ T5917] usb 4-1: Product: syz
[  165.481746][ T5917] usb 4-1: Manufacturer: syz
[  165.481758][ T5917] usb 4-1: SerialNumber: syz
[  165.491935][ T5917] usb 4-1: config 0 descriptor??
[  165.493231][ T6301] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  166.242822][ T5917] usb 4-1: USB disconnect, device number 2
[  166.727244][ T1170] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.908285][ T6323] tipc: Started in network mode
[  167.908315][ T6323] tipc: Node identity deee21a39325, cluster identity 4711
[  167.909514][ T6323] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  168.055109][ T6333] vivid-004: =================  START STATUS  =================
[  168.056117][ T6333] vivid-004: Radio HW Seek Mode: Bounded
[  168.056278][ T6333] vivid-004: Radio Programmable HW Seek: false
[  168.056370][ T6333] vivid-004: RDS Rx I/O Mode: Block I/O
[  168.056498][ T6333] vivid-004: Generate RBDS Instead of RDS: false
[  168.056590][ T6333] vivid-004: RDS Reception: true
[  168.056713][ T6333] vivid-004: RDS Program Type: 0 inactive
[  168.056839][ T6333] vivid-004: RDS PS Name:  inactive
[  168.056993][ T6333] vivid-004: RDS Radio Text:  inactive
[  168.057189][ T6333] vivid-004: RDS Traffic Announcement: false inactive
[  168.057318][ T6333] vivid-004: RDS Traffic Program: false inactive
[  168.057419][ T6333] vivid-004: RDS Music: false inactive
[  168.057520][ T6333] vivid-004: ==================  END STATUS  ==================
[  169.443244][ T5855] tipc: Node number set to 1305158051
[  170.457628][ T1170] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.799484][ T6315] tipc: Disabling bearer <eth:syzkaller0>
[  177.865819][ T6394] netlink: 40 bytes leftover after parsing attributes in process `syz.3.109'.
[  178.310812][ T6400] ubi31: attaching mtd0
[  178.377118][ T6400] ubi31: scanning is finished
[  178.377160][ T6400] ubi31: empty MTD device detected
[  179.298762][ T6400] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  179.298778][ T6400] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  179.298786][ T6400] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  179.298794][ T6400] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  179.298802][ T6400] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  179.298809][ T6400] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  179.298817][ T6400] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 87941955
[  179.298826][ T6400] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  179.299899][ T6405] ubi31: background thread "ubi_bgt31d" started, PID 6405
[  179.398641][ T1170] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.347329][ T6228] chnl_net:caif_netlink_parms(): no params data found
[  181.587584][ T6422] binder: Bad value for 'max'
[  192.919358][ T6228] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.919498][ T6228] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.920007][ T6228] bridge_slave_0: entered allmulticast mode
[  192.922695][ T6228] bridge_slave_0: entered promiscuous mode
[  193.063466][ T6228] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.063609][ T6228] bridge0: port 2(bridge_slave_1) entered disabled state
[  193.063797][ T6228] bridge_slave_1: entered allmulticast mode
[  193.066204][ T6228] bridge_slave_1: entered promiscuous mode
[  193.936763][ T6470] ubi: mtd0 is already attached to ubi31
[  194.753492][ T6467] block nbd3: Attempted send on invalid socket
[  194.753576][ T6467] I/O error, dev nbd3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  194.754994][ T6467] block nbd3: Attempted send on invalid socket
[  194.755010][ T6467] I/O error, dev nbd3, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  194.755112][ T6467] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  194.756213][ T6467] block nbd3: Attempted send on invalid socket
[  194.756229][ T6467] I/O error, dev nbd3, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  194.756319][ T6467] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  194.761015][ T6467] block nbd3: Attempted send on invalid socket
[  194.761032][ T6467] I/O error, dev nbd3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  194.761382][ T6467] block nbd3: Attempted send on invalid socket
[  194.761396][ T6467] I/O error, dev nbd3, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  194.761483][ T6467] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  194.761811][ T6467] block nbd3: Attempted send on invalid socket
[  194.761824][ T6467] I/O error, dev nbd3, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  194.761918][ T6467] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  194.776573][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[  194.776615][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  194.854905][ T6467] block nbd3: Attempted send on invalid socket
[  194.854926][ T6467] I/O error, dev nbd3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  194.857685][ T6467] block nbd3: Attempted send on invalid socket
[  194.857702][ T6467] I/O error, dev nbd3, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  194.869303][ T6467] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  194.869520][ T6467] block nbd3: Attempted send on invalid socket
[  194.869534][ T6467] I/O error, dev nbd3, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  194.869625][ T6467] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  194.870942][ T6467] block nbd3: Attempted send on invalid socket
[  194.870959][ T6467] I/O error, dev nbd3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  194.886418][ T6467] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  194.886568][ T6467] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  194.886578][ T6467] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  196.252238][ T1170] bridge_slave_1: left allmulticast mode
[  196.295988][ T1170] bridge_slave_1: left promiscuous mode
[  196.335361][ T1170] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.489402][ T1170] bridge_slave_0: left allmulticast mode
[  197.489423][ T1170] bridge_slave_0: left promiscuous mode
[  197.489900][ T1170] bridge0: port 1(bridge_slave_0) entered disabled state
[  199.272891][   T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  199.709913][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  199.726314][   T10] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  199.726330][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.726339][   T10] usb 2-1: Product: syz
[  199.726346][   T10] usb 2-1: Manufacturer: syz
[  199.726353][   T10] usb 2-1: SerialNumber: syz
[  199.730761][   T10] usb 2-1: config 0 descriptor??
[  200.144062][ T6498] ieee802154 phy0 wpan0: encryption failed: -22
[  201.911956][   T10] hid-generic 0000:0004:0000.0001: unknown main item tag 0x0
[  201.911982][   T10] hid-generic 0000:0004:0000.0001: unknown main item tag 0x0
[  201.911997][   T10] hid-generic 0000:0004:0000.0001: unknown main item tag 0x0
[  206.451377][   T10] hid-generic 0000:0004:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  208.266974][ T6515] fido_id[6515]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  208.351004][   T10] usb 2-1: USB disconnect, device number 2
[  208.758714][ T1170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  209.810125][ T6522] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  211.209893][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  211.253883][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  211.255676][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  211.274616][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  211.291446][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  211.620480][ T1170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  211.731852][ T1170] bond0 (unregistering): Released all slaves
[  212.052963][ T6530] syz.0.138 (6530) used greatest stack depth: 15192 bytes left
[  212.192625][   T59] Bluetooth: hci0: command 0x0406 tx timeout
[  212.192663][   T59] Bluetooth: hci1: command 0x0406 tx timeout
[  212.192686][   T59] Bluetooth: hci4: command 0x0406 tx timeout
[  212.202850][ T5858] Bluetooth: hci3: command 0x0406 tx timeout
[  213.422906][ T5853] Bluetooth: hci2: command tx timeout
[  214.631090][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.001662][ T5850] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  215.023644][ T5850] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  215.027934][ T5850] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  215.046963][ T5850] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  215.047751][ T5850] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  215.293407][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.342477][ T6552] input: syz0 as /devices/virtual/input/input8
[  215.476413][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.506334][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.506458][ T5852] Bluetooth: hci2: command tx timeout
[  215.577855][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.947777][    C0] vkms_vblank_simulate: vblank timer overrun
[  216.083822][    C0] vkms_vblank_simulate: vblank timer overrun
[  216.686368][    C0] vkms_vblank_simulate: vblank timer overrun
[  217.059910][    C0] vkms_vblank_simulate: vblank timer overrun
[  217.084114][ T6561] binder: BINDER_SET_CONTEXT_MGR already set
[  217.084182][ T6561] binder: 6555:6561 ioctl 4018620d 200000000040 returned -16
[  217.114388][ T5852] Bluetooth: hci6: command tx timeout
[  217.117690][    C0] vkms_vblank_simulate: vblank timer overrun
[  217.204683][    C0] vkms_vblank_simulate: vblank timer overrun
[  217.582814][ T5852] Bluetooth: hci2: command tx timeout
[  217.625907][    C0] vkms_vblank_simulate: vblank timer overrun
[  217.926136][    C0] vkms_vblank_simulate: vblank timer overrun
[  218.169840][ T6566] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  218.240859][    C0] vkms_vblank_simulate: vblank timer overrun
[  219.002597][    C0] vkms_vblank_simulate: vblank timer overrun
[  219.272595][ T5852] Bluetooth: hci6: command tx timeout
[  219.746853][ T5852] Bluetooth: hci2: command tx timeout
[  221.436730][ T5852] Bluetooth: hci6: command tx timeout
[  221.706227][ T6579] hpfs: Bad magic ... probably not HPFS
[  223.921041][ T5852] Bluetooth: hci6: command tx timeout
[  224.286944][ T1233] Process accounting resumed
[  224.969588][ T6606] =======================================================
[  224.969588][ T6606] WARNING: The mand mount option has been deprecated and
[  224.969588][ T6606]          and is ignored by this kernel. Remove the mand
[  224.969588][ T6606]          option from the mount to silence this warning.
[  224.969588][ T6606] =======================================================
[  225.335321][  T992] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  225.734707][ T6038] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  225.838976][  T992] usb 2-1: Using ep0 maxpacket: 8
[  226.151421][  T992] usb 2-1: no configurations
[  226.151440][  T992] usb 2-1: can't read configurations, error -22
[  226.222898][ T6038] usb 3-1: Using ep0 maxpacket: 8
[  226.225854][ T6038] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[  226.225878][ T6038] usb 3-1: config 0 has no interface number 0
[  226.225923][ T6038] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  226.225944][ T6038] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  226.225965][ T6038] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  226.225989][ T6038] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  226.226029][ T6038] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  226.226048][ T6038] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.231563][ T6038] usb 3-1: config 0 descriptor??
[  226.339149][ T6038] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  226.392943][  T992] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  226.654654][  T992] usb 2-1: Using ep0 maxpacket: 8
[  226.925731][  T992] usb 2-1: no configurations
[  226.925749][  T992] usb 2-1: can't read configurations, error -22
[  226.933577][  T992] usb usb2-port1: attempt power cycle
[  227.143361][ T5928] usb 3-1: USB disconnect, device number 3
[  227.143463][    C0] ldusb 3-1:0.55: usb_submit_urb failed (-19)
[  227.293126][  T992] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  227.363818][  T992] usb 2-1: device descriptor read/8, error -71
[  227.440307][ T5928] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[  227.440324][ T6608] ldusb: No device or device unplugged -19
[  229.893609][ T1170] hsr_slave_0: left promiscuous mode
[  229.937865][ T1170] hsr_slave_1: left promiscuous mode
[  229.945835][ T1170] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  229.945912][ T1170] batman_adv: batadv0: Removing interface: batadv_slave_0
[  231.124243][ T6641] syz.1.163 uses obsolete (PF_INET,SOCK_PACKET)
[  231.131565][ T1170] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  231.131596][ T1170] batman_adv: batadv0: Removing interface: batadv_slave_1
[  231.607332][ T1170] veth1_macvtap: left promiscuous mode
[  231.607588][ T1170] veth0_macvtap: left promiscuous mode
[  231.607907][ T1170] veth1_vlan: left promiscuous mode
[  231.608235][ T1170] veth0_vlan: left promiscuous mode
[  232.109613][ T6646] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  232.109630][ T6646] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  232.137915][ T6646] vhci_hcd vhci_hcd.0: Device attached
[  232.392881][ T5927] usb 33-1: new high-speed USB device number 2 using vhci_hcd
[  232.497078][ T6647] vhci_hcd: connection reset by peer
[  233.010991][ T1518] vhci_hcd: stop threads
[  233.012001][ T1518] vhci_hcd: release socket
[  233.020263][ T1518] vhci_hcd: disconnect device
[  237.303451][ T6668] ubi31: detaching mtd0
[  237.426897][ T6668] ubi31: mtd0 is detached
[  237.493046][ T5927] vhci_hcd: vhci_device speed not set
[  242.743551][ T6688] netlink: 16 bytes leftover after parsing attributes in process `syz.0.175'.
[  244.734766][ T6706] ubi31: attaching mtd0
[  244.761958][ T6706] ubi31: scanning is finished
[  245.758205][ T6706] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  245.758229][ T6706] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  245.758244][ T6706] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  245.758258][ T6706] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  245.758272][ T6706] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  245.758286][ T6706] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  245.758301][ T6706] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 87941955
[  245.758318][ T6706] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  245.758422][ T6716] ubi31: background thread "ubi_bgt31d" started, PID 6716
[  248.853439][ T6738] afs: Unknown parameter 'dynkaller'
[  249.188585][ T6739] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  250.625527][ T1170] team0 (unregistering): Port device team_slave_1 removed
[  250.875460][ T1170] team0 (unregistering): Port device team_slave_0 removed
[  251.393389][    C0] vkms_vblank_simulate: vblank timer overrun
[  251.565076][    C0] vkms_vblank_simulate: vblank timer overrun
[  251.801281][    C0] vkms_vblank_simulate: vblank timer overrun
[  252.212336][    C0] vkms_vblank_simulate: vblank timer overrun
[  253.193095][    C0] vkms_vblank_simulate: vblank timer overrun
[  253.744275][    C0] vkms_vblank_simulate: vblank timer overrun
[  254.448185][    C0] vkms_vblank_simulate: vblank timer overrun
[  255.317111][    C0] vkms_vblank_simulate: vblank timer overrun
[  255.964739][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[  255.964814][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  257.556289][ T6787] netlink: 28 bytes leftover after parsing attributes in process `syz.1.198'.
[  259.091432][ T6064] kernel read not supported for file /snd/controlC0 (pid: 6064 comm: kworker/0:8)
[  261.112470][ T6798] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[6798]
[  261.896601][ T6527] chnl_net:caif_netlink_parms(): no params data found
[  263.849695][ T6807] capability: warning: `syz.0.203' uses deprecated v2 capabilities in a way that may be insecure
[  265.321237][ T6548] chnl_net:caif_netlink_parms(): no params data found
[  271.694214][ T6527] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg2": -EINTR
[  272.209400][ T6845] Invalid source name
[  272.209437][ T6845] UBIFS error (pid: 6845): cannot open "usrquota", error -22
[  274.763193][ T6856] process 'syz.1.213' launched './file0' with NULL argv: empty string added
[  274.829704][ T6856] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  274.829841][ T6856] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  274.830329][ T6856] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  274.830958][ T6856] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[  274.831093][ T6856] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  274.831408][ T6856] comedi comedi3: 8255: I/O port conflict (0x3ff,4)
[  274.831922][ T6856] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  285.677758][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  285.704574][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  285.706279][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  285.722876][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  285.733082][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  286.973152][ T5852] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  286.983979][ T5852] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  286.985312][ T5852] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  286.986552][ T5852] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  286.987769][ T5852] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  287.900300][ T5850] Bluetooth: hci1: command tx timeout
[  289.137007][ T1170] bridge_slave_1: left allmulticast mode
[  289.137039][ T1170] bridge_slave_1: left promiscuous mode
[  289.137304][ T1170] bridge0: port 2(bridge_slave_1) entered disabled state
[  289.226572][ T1170] bridge_slave_0: left allmulticast mode
[  289.226605][ T1170] bridge_slave_0: left promiscuous mode
[  289.226873][ T1170] bridge0: port 1(bridge_slave_0) entered disabled state
[  289.436827][ T5850] Bluetooth: hci5: command tx timeout
[  289.902800][ T5850] Bluetooth: hci1: command tx timeout
[  290.331502][ T1170] bond0 (unregistering): Released all slaves
[  291.823131][ T5850] Bluetooth: hci5: command tx timeout
[  291.854074][ T1170] bond0 (unregistering): Released all slaves
[  291.983044][ T5850] Bluetooth: hci1: command tx timeout
[  292.222923][ T5917] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  293.120809][ T5917] usb 2-1: Using ep0 maxpacket: 32
[  293.124243][ T5917] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  293.124265][ T5917] usb 2-1: config 0 has no interface number 0
[  293.124312][ T5917] usb 2-1: config 0 interface 12 has no altsetting 0
[  293.161658][ T5917] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  293.161684][ T5917] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  293.161702][ T5917] usb 2-1: Product: syz
[  293.161715][ T5917] usb 2-1: Manufacturer: syz
[  293.161727][ T5917] usb 2-1: SerialNumber: syz
[  293.205057][ T5917] usb 2-1: config 0 descriptor??
[  293.896680][ T6920] netlink: 40 bytes leftover after parsing attributes in process `syz.2.226'.
[  294.001708][ T6921] netlink: 'syz.2.226': attribute type 1 has an invalid length.
[  294.905591][ T5850] Bluetooth: hci5: command tx timeout
[  294.905627][ T5850] Bluetooth: hci1: command tx timeout
[  295.983409][ T1170] bond0 (unregistering): Released all slaves
[  296.131896][ T5917] f81534 2-1:0.12: f81534_set_register: reg: 1002 data: 3 failed: -32
[  296.132291][ T5917] f81534 2-1:0.12: f81534_find_config_idx: read failed: -32
[  296.132338][ T5917] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -32
[  296.160619][ T5917] f81534 2-1:0.12: probe with driver f81534 failed with error -32
[  296.956713][ T5852] Bluetooth: hci5: command tx timeout
[  297.070807][ T5928] usb 2-1: USB disconnect, device number 7
[  298.633651][    C1] vkms_vblank_simulate: vblank timer overrun
[  298.704719][    C1] vkms_vblank_simulate: vblank timer overrun
[  299.178323][    C1] vkms_vblank_simulate: vblank timer overrun
[  299.783036][    C1] vkms_vblank_simulate: vblank timer overrun
[  300.052845][ T5928] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  300.182787][ T5928] usb 3-1: device descriptor read/64, error -71
[  301.051027][    C1] vkms_vblank_simulate: vblank timer overrun
[  301.175095][ T6959] comedi comedi0: dac02: I/O port conflict (0x5,8)
[  301.177329][    C1] vkms_vblank_simulate: vblank timer overrun
[  301.690881][    C1] vkms_vblank_simulate: vblank timer overrun
[  302.734056][    C1] vkms_vblank_simulate: vblank timer overrun
[  303.298808][    C1] vkms_vblank_simulate: vblank timer overrun
[  303.465289][ T6968] ntfs3(nullb0): Primary boot signature is not NTFS.
[  303.485956][ T6968] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  303.498710][    C1] vkms_vblank_simulate: vblank timer overrun
[  303.953009][    C1] vkms_vblank_simulate: vblank timer overrun
[  304.880331][ T6970] tipc: Failed to remove unknown binding: 66,1,1/1305158051:125980752/125980754
[  304.880358][ T6970] tipc: Failed to remove unknown binding: 66,1,1/1305158051:125980752/125980754
[  305.063201][    C1] vkms_vblank_simulate: vblank timer overrun
[  305.307504][    C1] vkms_vblank_simulate: vblank timer overrun
[  305.882559][    C1] vkms_vblank_simulate: vblank timer overrun
[  306.321479][    C1] vkms_vblank_simulate: vblank timer overrun
[  307.077555][    C1] vkms_vblank_simulate: vblank timer overrun
[  307.389483][    C1] vkms_vblank_simulate: vblank timer overrun
[  307.829633][ T6989] No source specified
[  307.831654][    C1] vkms_vblank_simulate: vblank timer overrun
[  309.921091][ T7003] Invalid logical block size (16384)
[  310.793517][ T6869] chnl_net:caif_netlink_parms(): no params data found
[  313.418362][ T6876] chnl_net:caif_netlink_parms(): no params data found
[  314.677474][ T7024] Bluetooth: MGMT ver 1.23
[  317.280347][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[  317.280439][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  318.908195][ T7044] No source specified
[  319.390604][ T6869] bridge0: port 1(bridge_slave_0) entered blocking state
[  319.390749][ T6869] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.390937][ T6869] bridge_slave_0: entered allmulticast mode
[  319.407611][ T7048] loop8: detected capacity change from 0 to 7
[  319.434112][ T7048] Dev loop8: unable to read RDB block 7
[  319.434168][ T7048]  loop8: unable to read partition table
[  319.434394][ T7048] loop8: partition table beyond EOD, truncated
[  319.434412][ T7048] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  319.436666][ T6869] bridge_slave_0: entered promiscuous mode
[  319.517164][ T6869] bridge0: port 2(bridge_slave_1) entered blocking state
[  319.517460][ T6869] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.517629][ T6869] bridge_slave_1: entered allmulticast mode
[  319.685403][ T6869] bridge_slave_1: entered promiscuous mode
[  322.717575][ T6869] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  322.910839][    C0] vkms_vblank_simulate: vblank timer overrun
[  323.217944][    C0] vkms_vblank_simulate: vblank timer overrun
[  323.332155][    C0] vkms_vblank_simulate: vblank timer overrun
[  323.863505][    C0] vkms_vblank_simulate: vblank timer overrun
[  324.068257][    C0] vkms_vblank_simulate: vblank timer overrun
[  324.152156][ T6869] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  324.152496][ T6876] bridge0: port 1(bridge_slave_0) entered blocking state
[  324.154679][ T6876] bridge0: port 1(bridge_slave_0) entered disabled state
[  324.154890][ T6876] bridge_slave_0: entered allmulticast mode
[  324.373235][    C0] vkms_vblank_simulate: vblank timer overrun
[  324.444185][    C0] vkms_vblank_simulate: vblank timer overrun
[  324.835725][ T6876] bridge_slave_0: entered promiscuous mode
[  324.978107][    C0] vkms_vblank_simulate: vblank timer overrun
[  325.291302][    C0] vkms_vblank_simulate: vblank timer overrun
[  325.322072][ T6876] bridge0: port 2(bridge_slave_1) entered blocking state
[  325.322210][ T6876] bridge0: port 2(bridge_slave_1) entered disabled state
[  325.322397][ T6876] bridge_slave_1: entered allmulticast mode
[  325.326201][ T6876] bridge_slave_1: entered promiscuous mode
[  326.120643][    C0] vkms_vblank_simulate: vblank timer overrun
[  326.155339][ T5850] Bluetooth: hci5: command 0x0405 tx timeout
[  326.182193][ T7088] netlink: 'syz.0.261': attribute type 21 has an invalid length.
[  326.182213][ T7088] netlink: 128 bytes leftover after parsing attributes in process `syz.0.261'.
[  326.457281][    C0] vkms_vblank_simulate: vblank timer overrun
[  326.817744][ T7088] netlink: 'syz.0.261': attribute type 5 has an invalid length.
[  326.817764][ T7088] netlink: 3 bytes leftover after parsing attributes in process `syz.0.261'.
[  327.061421][    C0] vkms_vblank_simulate: vblank timer overrun
[  327.698076][    C0] vkms_vblank_simulate: vblank timer overrun
[  328.311289][ T5850] Bluetooth: hci5: command 0x0405 tx timeout
[  328.333914][ T6869] team0: Port device team_slave_0 added
[  328.342576][ T7102] tipc: Failed to remove unknown binding: 66,1,1/1305158051:2164802245/2164802247
[  328.342601][ T7102] tipc: Failed to remove unknown binding: 66,1,1/1305158051:2164802245/2164802247
[  328.543090][   T37] audit: type=1326 audit(1756181562.620:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7105 comm="syz.1.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45dc12ebe9 code=0x7ffc0000
[  328.543145][   T37] audit: type=1326 audit(1756181562.620:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7105 comm="syz.1.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f45dc12ebe9 code=0x7ffc0000
[  328.543185][   T37] audit: type=1326 audit(1756181562.620:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7105 comm="syz.1.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45dc12ebe9 code=0x7ffc0000
[  328.543225][   T37] audit: type=1326 audit(1756181562.620:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7105 comm="syz.1.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f45dc12ebe9 code=0x7ffc0000
[  328.543273][   T37] audit: type=1326 audit(1756181562.620:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7105 comm="syz.1.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45dc12ebe9 code=0x7ffc0000
[  328.543312][   T37] audit: type=1326 audit(1756181562.620:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7105 comm="syz.1.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f45dc12ebe9 code=0x7ffc0000
[  328.543351][   T37] audit: type=1326 audit(1756181562.620:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7105 comm="syz.1.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45dc12ebe9 code=0x7ffc0000
[  328.543389][   T37] audit: type=1326 audit(1756181562.620:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7105 comm="syz.1.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7f45dc12ebe9 code=0x7ffc0000
[  328.543428][   T37] audit: type=1326 audit(1756181562.620:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7105 comm="syz.1.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45dc12ebe9 code=0x7ffc0000
[  328.543467][   T37] audit: type=1326 audit(1756181562.620:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7105 comm="syz.1.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f45dc12ebe9 code=0x7ffc0000
[  328.808817][ T6869] team0: Port device team_slave_1 added
[  328.896530][ T6876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  329.239995][ T6876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  331.104388][ T6869] batman_adv: batadv0: Adding interface: batadv_slave_0
[  331.104400][ T6869] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  331.104413][ T6869] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  331.336173][ T6869] batman_adv: batadv0: Adding interface: batadv_slave_1
[  331.336185][ T6869] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  331.336198][ T6869] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  331.356302][ T6876] team0: Port device team_slave_0 added
[  331.449188][ T6876] team0: Port device team_slave_1 added
[  331.916636][ T7123] netlink: 12 bytes leftover after parsing attributes in process `syz.0.271'.
[  337.574038][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  339.558409][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  339.564575][ T5857] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  340.524497][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  340.527682][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  340.528457][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  340.554269][ T5852] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  340.555409][ T5852] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  340.557264][ T5852] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  340.558021][ T5852] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  342.864491][ T5850] Bluetooth: hci2: command tx timeout
[  343.009325][   T37] kauditd_printk_skb: 9 callbacks suppressed
[  343.009341][   T37] audit: type=1326 audit(1756181577.080:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7173 comm="syz.2.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  343.009384][   T37] audit: type=1326 audit(1756181577.110:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7173 comm="syz.2.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  343.334841][   T37] audit: type=1326 audit(1756181577.430:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7173 comm="syz.2.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  343.338111][   T37] audit: type=1326 audit(1756181577.430:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7173 comm="syz.2.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  343.503997][ T5852] Bluetooth: hci6: command tx timeout
[  343.527972][   T37] audit: type=1326 audit(1756181577.630:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7173 comm="syz.2.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  343.528914][   T37] audit: type=1326 audit(1756181577.630:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7173 comm="syz.2.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  343.530245][   T37] audit: type=1326 audit(1756181577.630:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7173 comm="syz.2.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  343.530455][   T37] audit: type=1326 audit(1756181577.630:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7173 comm="syz.2.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  343.626503][   T37] audit: type=1326 audit(1756181577.730:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7173 comm="syz.2.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  343.626699][   T37] audit: type=1326 audit(1756181577.730:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7173 comm="syz.2.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  343.675055][ T7174] o2cb: This node has not been configured.
[  343.675063][ T7174] o2cb: Cluster check failed. Fix errors before retrying.
[  343.675078][ T7174] (syz.2.281,7174,1):user_dlm_register:674 ERROR: status = -22
[  343.675090][ T7174] (syz.2.281,7174,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "bus"
[  345.106887][ T5852] Bluetooth: hci2: command tx timeout
[  345.574418][ T3630] bridge_slave_1: left allmulticast mode
[  345.574449][ T3630] bridge_slave_1: left promiscuous mode
[  345.574708][ T3630] bridge0: port 2(bridge_slave_1) entered disabled state
[  345.583395][ T5852] Bluetooth: hci6: command tx timeout
[  346.576676][ T3630] bridge_slave_0: left allmulticast mode
[  346.576706][ T3630] bridge_slave_0: left promiscuous mode
[  346.576983][ T3630] bridge0: port 1(bridge_slave_0) entered disabled state
[  347.182830][ T5852] Bluetooth: hci2: command tx timeout
[  347.218848][ T3630] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  347.705251][ T5852] Bluetooth: hci6: command tx timeout
[  347.713443][ T3630] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  347.756908][ T3630] bond0 (unregistering): Released all slaves
[  349.215224][ T5920] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  349.304445][ T5852] Bluetooth: hci2: command tx timeout
[  349.418749][ T5920] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  349.418778][ T5920] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  349.418812][ T5920] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  349.418830][ T5920] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.535072][ T5920] usb 3-1: config 0 descriptor??
[  349.710774][ T7153] chnl_net:caif_netlink_parms(): no params data found
[  349.743156][ T5852] Bluetooth: hci6: command tx timeout
[  349.749808][ T3630] batman_adv: batadv0: Removing interface: batadv_slave_0
[  349.792126][ T3630] batman_adv: batadv0: Removing interface: batadv_slave_1
[  350.148315][ T5920] usbhid 3-1:0.0: can't add hid device: -32
[  350.150757][ T5920] usbhid 3-1:0.0: probe with driver usbhid failed with error -32
[  350.285356][ T3630] team0 (unregistering): Port device team_slave_1 removed
[  350.549490][ T3630] team0 (unregistering): Port device team_slave_0 removed
[  351.297285][ T7231] vcan0: Master is either lo or non-ether device
[  351.535609][ T7151] chnl_net:caif_netlink_parms(): no params data found
[  351.658898][ T5920] usb 3-1: USB disconnect, device number 6
[  352.336615][ T7242] fuse: Unknown parameter 'fd0x0000000000000009'
[  353.998243][ T7256] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  355.113210][ T7266] netlink: 'syz.1.301': attribute type 2 has an invalid length.
[  355.113230][ T7266] netlink: 119 bytes leftover after parsing attributes in process `syz.1.301'.
[  355.148135][ T7153] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.148277][ T7153] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.148475][ T7153] bridge_slave_0: entered allmulticast mode
[  355.151552][ T7153] bridge_slave_0: entered promiscuous mode
[  356.646794][ T7153] bridge0: port 2(bridge_slave_1) entered blocking state
[  356.647009][ T7153] bridge0: port 2(bridge_slave_1) entered disabled state
[  356.647252][ T7153] bridge_slave_1: entered allmulticast mode
[  356.649994][ T7153] bridge_slave_1: entered promiscuous mode
[  356.653942][ T7265] netlink: 12 bytes leftover after parsing attributes in process `syz.1.301'.
[  356.704537][ T7151] bridge0: port 1(bridge_slave_0) entered blocking state
[  356.707940][ T7151] bridge0: port 1(bridge_slave_0) entered disabled state
[  356.734132][ T7151] bridge_slave_0: entered allmulticast mode
[  357.199498][ T7151] bridge_slave_0: entered promiscuous mode
[  357.381785][ T7151] bridge0: port 2(bridge_slave_1) entered blocking state
[  357.383854][ T7151] bridge0: port 2(bridge_slave_1) entered disabled state
[  357.384079][ T7151] bridge_slave_1: entered allmulticast mode
[  357.391869][ T7151] bridge_slave_1: entered promiscuous mode
[  358.796393][ T7153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  359.536771][ T7153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  359.552257][ T7151] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  360.542442][ T7151] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  360.636066][ T7303] No source specified
[  361.299208][ T7307] random: crng reseeded on system resumption
[  363.321371][ T7153] team0: Port device team_slave_0 added
[  363.754103][ T3630] bridge_slave_1: left allmulticast mode
[  363.754133][ T3630] bridge_slave_1: left promiscuous mode
[  363.755341][ T3630] bridge0: port 2(bridge_slave_1) entered disabled state
[  364.665430][ T3630] bridge_slave_0: left allmulticast mode
[  364.665460][ T3630] bridge_slave_0: left promiscuous mode
[  364.665717][ T3630] bridge0: port 1(bridge_slave_0) entered disabled state
[  365.652186][ T7335] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  367.243767][ T3630] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  368.060417][ T3630] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  369.009180][ T7359] netlink: 'syz.2.321': attribute type 21 has an invalid length.
[  369.009257][ T7359] IPv6: NLM_F_CREATE should be specified when creating new route
[  369.907381][ T3630] bond0 (unregistering): Released all slaves
[  370.133575][ T7361] No source specified
[  370.169402][ T7153] team0: Port device team_slave_1 added
[  370.187468][ T7151] team0: Port device team_slave_0 added
[  370.446221][ T7151] team0: Port device team_slave_1 added
[  370.513728][ T7364] netfs: Couldn't get user pages (rc=-14)
[  372.170074][ T7153] batman_adv: batadv0: Adding interface: batadv_slave_0
[  372.170090][ T7153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  372.170121][ T7153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  372.461938][ T7153] batman_adv: batadv0: Adding interface: batadv_slave_1
[  372.461953][ T7153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  372.461976][ T7153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  372.463510][ T7151] batman_adv: batadv0: Adding interface: batadv_slave_0
[  372.463521][ T7151] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  372.463543][ T7151] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  373.469078][ T5852] Bluetooth: hci4: unexpected event for opcode 0x2031
[  377.783519][ T3630] team0 (unregistering): Port device team_slave_1 removed
[  378.744596][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[  378.744686][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  378.937934][ T7412] No source specified
[  379.313821][ T3630] team0 (unregistering): Port device team_slave_0 removed
[  380.053630][ T7151] batman_adv: batadv0: Adding interface: batadv_slave_1
[  380.053646][ T7151] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  380.053669][ T7151] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  384.330753][ T7153] hsr_slave_0: entered promiscuous mode
[  384.341361][ T7153] hsr_slave_1: entered promiscuous mode
[  384.342350][ T7153] debugfs: 'hsr0' already exists in 'hsr'
[  384.342373][ T7153] Cannot create hsr debugfs directory
[  384.518290][ T7151] hsr_slave_0: entered promiscuous mode
[  384.523807][ T7151] hsr_slave_1: entered promiscuous mode
[  384.524751][ T7151] debugfs: 'hsr0' already exists in 'hsr'
[  384.524773][ T7151] Cannot create hsr debugfs directory
[  384.573290][ T7446] binder: 7442:7446 unknown command 0
[  384.573302][ T7446] binder: 7442:7446 ioctl c0306201 2000000003c0 returned -22
[  385.093760][ T7451] netlink: 84 bytes leftover after parsing attributes in process `syz.1.342'.
[  387.044511][ T7466] No source specified
[  390.685550][ T7479] netlink: 12 bytes leftover after parsing attributes in process `syz.0.349'.
[  390.685882][ T7479] netlink: 12 bytes leftover after parsing attributes in process `syz.0.349'.
[  390.718428][  T992] IPVS: starting estimator thread 0...
[  390.805590][ T7481] IPVS: using max 7 ests per chain, 16800 per kthread
[  393.832101][ T7503] Invalid source name
[  393.832144][ T7503] UBIFS error (pid: 7503): cannot open "/dev/sg0", error -22
[  393.890650][ T7503] netlink: 36 bytes leftover after parsing attributes in process `syz.0.354'.
[  394.258908][ T7153] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  399.322178][ T7526] mmap: syz.0.357 (7526) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  399.373823][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  399.376643][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  399.380091][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  399.383053][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  399.383931][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  400.054670][ T7533] 9pnet_fd: Insufficient options for proto=fd
[  401.171173][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  401.176195][ T5850] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  401.179270][ T5850] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  401.180018][ T5850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  401.180496][ T5850] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  402.128268][ T5852] Bluetooth: hci1: command tx timeout
[  403.437598][ T7555] IPVS: Error joining to the multicast group
[  404.653562][ T7558] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  404.762691][ T5850] Bluetooth: hci1: command tx timeout
[  404.808818][ T5850] Bluetooth: hci2: command tx timeout
[  410.130211][ T5850] Bluetooth: hci1: command tx timeout
[  410.132035][ T5850] Bluetooth: hci2: command tx timeout
[  411.688182][ T7580] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  412.014337][ T7585] fuse: Bad value for 'fd'
[  412.223519][ T5850] Bluetooth: hci1: command tx timeout
[  412.773541][ T5853] Bluetooth: hci2: command tx timeout
[  412.827433][ T6009] bridge_slave_1: left allmulticast mode
[  412.827465][ T6009] bridge_slave_1: left promiscuous mode
[  412.827783][ T6009] bridge0: port 2(bridge_slave_1) entered disabled state
[  412.925252][ T6009] bridge_slave_0: left allmulticast mode
[  412.925283][ T6009] bridge_slave_0: left promiscuous mode
[  412.925616][ T6009] bridge0: port 1(bridge_slave_0) entered disabled state
[  413.128984][ T7589] tmpfs: Unsupported parameter 'huge'
[  414.292744][ T7594] 9pnet_virtio: no channels available for device º3Aª%vË
[  414.321731][ T5853] Bluetooth: hci4: SCO packet for unknown connection handle 954
[  415.142667][ T5853] Bluetooth: hci2: command tx timeout
[  415.633362][ T6009] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  415.733242][ T6009] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  415.821369][ T6009] bond0 (unregistering): Released all slaves
[  416.917970][ T6009] hsr_slave_0: left promiscuous mode
[  416.961567][ T7604] netlink: 124 bytes leftover after parsing attributes in process `syz.0.377'.
[  416.972073][ T6009] hsr_slave_1: left promiscuous mode
[  416.978279][ T6009] batman_adv: batadv0: Removing interface: batadv_slave_0
[  417.003744][ T6009] batman_adv: batadv0: Removing interface: batadv_slave_1
[  417.064749][ T7604] IPVS: length: 209 != 24
[  419.570995][ T7619] netlink: 12 bytes leftover after parsing attributes in process `syz.1.381'.
[  421.709533][ T7637] netlink: 8 bytes leftover after parsing attributes in process `syz.1.385'.
[  422.436310][ T6009] team0 (unregistering): Port device team_slave_1 removed
[  422.829526][ T7642] overlayfs: failed to clone lowerpath
[  423.437141][ T6009] team0 (unregistering): Port device team_slave_0 removed
[  424.044329][ T7616] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  427.835480][ T7669] netlink: 12 bytes leftover after parsing attributes in process `syz.0.391'.
[  428.440971][ T7527] chnl_net:caif_netlink_parms(): no params data found
[  430.723394][ T7535] chnl_net:caif_netlink_parms(): no params data found
[  432.820238][ T7696] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  433.201631][ T7527] bridge0: port 1(bridge_slave_0) entered blocking state
[  433.201776][ T7527] bridge0: port 1(bridge_slave_0) entered disabled state
[  433.202037][ T7527] bridge_slave_0: entered allmulticast mode
[  433.205072][ T7527] bridge_slave_0: entered promiscuous mode
[  434.334376][ T7527] bridge0: port 2(bridge_slave_1) entered blocking state
[  434.342961][ T7527] bridge0: port 2(bridge_slave_1) entered disabled state
[  434.343222][ T7527] bridge_slave_1: entered allmulticast mode
[  434.352039][ T7527] bridge_slave_1: entered promiscuous mode
[  435.387132][ T7713] Bluetooth: hci0: Opcode 0x080f failed: -4
[  436.270692][ T7724] trusted_key: encrypted_key: insufficient parameters specified
[  436.688974][ T7719] netlink: 16 bytes leftover after parsing attributes in process `syz.1.401'.
[  436.689005][ T7719] netlink: 16 bytes leftover after parsing attributes in process `syz.1.401'.
[  436.799718][ T7527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  437.365426][ T5853] Bluetooth: hci0: command 0x0406 tx timeout
[  437.604118][ T7726] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  437.606196][ T7726] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  439.698235][ T7527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  439.724354][ T7535] bridge0: port 1(bridge_slave_0) entered blocking state
[  439.724499][ T7535] bridge0: port 1(bridge_slave_0) entered disabled state
[  439.724725][ T7535] bridge_slave_0: entered allmulticast mode
[  439.728957][ T7535] bridge_slave_0: entered promiscuous mode
[  440.574380][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[  440.578503][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  441.433159][ T7535] bridge0: port 2(bridge_slave_1) entered blocking state
[  441.433301][ T7535] bridge0: port 2(bridge_slave_1) entered disabled state
[  441.433532][ T7535] bridge_slave_1: entered allmulticast mode
[  441.454541][ T7535] bridge_slave_1: entered promiscuous mode
[  443.226905][ T7527] team0: Port device team_slave_0 added
[  443.368464][ T7527] team0: Port device team_slave_1 added
[  443.417405][ T7535] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  447.220879][ T7535] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  447.459473][ T7782] netlink: 'syz.2.417': attribute type 1 has an invalid length.
[  447.462874][ T7782] trusted_key: encrypted_key: insufficient parameters specified
[  448.007663][ T7527] batman_adv: batadv0: Adding interface: batadv_slave_0
[  448.007678][ T7527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  448.007700][ T7527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  449.809001][ T7527] batman_adv: batadv0: Adding interface: batadv_slave_1
[  449.809023][ T7527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  449.809047][ T7527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  449.902198][ T7535] team0: Port device team_slave_0 added
[  449.960979][ T7535] team0: Port device team_slave_1 added
[  455.794731][ T7527] hsr_slave_0: entered promiscuous mode
[  455.796072][ T7527] hsr_slave_1: entered promiscuous mode
[  455.796978][ T7527] debugfs: 'hsr0' already exists in 'hsr'
[  455.797000][ T7527] Cannot create hsr debugfs directory
[  456.234015][ T7832] blk_print_req_error: 2 callbacks suppressed
[  456.234035][ T7832] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  456.234232][ T7832] (syz.2.428,7832,1):ocfs2_get_sector:1714 ERROR: status = -5
[  456.234259][ T7832] (syz.2.428,7832,1):ocfs2_sb_probe:753 ERROR: status = -5
[  456.234277][ T7832] (syz.2.428,7832,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  456.234294][ T7832] (syz.2.428,7832,1):ocfs2_fill_super:1177 ERROR: status = -5
[  458.353020][ T7847] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  463.307993][ T7845] netlink: 4 bytes leftover after parsing attributes in process `syz.0.430'.
[  463.711793][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  463.731389][ T5850] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  463.741352][ T5850] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  463.742532][ T5850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  463.758582][ T5850] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  464.736875][ T5853] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  464.755490][ T5853] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  464.758972][ T5853] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  464.761099][ T5853] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  464.761973][ T5853] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  465.426770][ T7863] netlink: 16 bytes leftover after parsing attributes in process `syz.0.434'.
[  466.579381][ T5850] Bluetooth: hci2: command tx timeout
[  467.154136][ T5850] Bluetooth: hci5: command tx timeout
[  467.598997][ T7869] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input10
[  468.680712][ T5850] Bluetooth: hci2: command tx timeout
[  469.180140][ T7882] netlink: 48 bytes leftover after parsing attributes in process `syz.2.439'.
[  469.180163][ T7882] netlink: 32 bytes leftover after parsing attributes in process `syz.2.439'.
[  469.264902][ T5850] Bluetooth: hci5: command tx timeout
[  469.315345][ T7885] netlink: 'syz.1.440': attribute type 9 has an invalid length.
[  470.703943][ T5850] Bluetooth: hci2: command tx timeout
[  471.617655][   T37] kauditd_printk_skb: 24 callbacks suppressed
[  471.617671][   T37] audit: type=1107 audit(1756181705.720:55): pid=7896 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=''
[  471.652384][ T5850] Bluetooth: hci5: command tx timeout
[  471.802217][ T7905] netlink: 4 bytes leftover after parsing attributes in process `syz.2.444'.
[  472.035760][ T7907] netlink: 'syz.2.444': attribute type 2 has an invalid length.
[  472.035820][ T7907] netlink: 'syz.2.444': attribute type 2 has an invalid length.
[  472.035876][ T7907] netlink: 'syz.2.444': attribute type 2 has an invalid length.
[  472.035943][ T7907] netlink: 8 bytes leftover after parsing attributes in process `syz.2.444'.
[  472.852536][ T5850] Bluetooth: hci2: command tx timeout
[  473.939249][ T5850] Bluetooth: hci5: command tx timeout
[  476.002643][ T6009] bridge_slave_1: left allmulticast mode
[  476.004538][ T6009] bridge_slave_1: left promiscuous mode
[  476.004821][ T6009] bridge0: port 2(bridge_slave_1) entered disabled state
[  476.448370][ T6009] bridge_slave_0: left allmulticast mode
[  476.448393][ T6009] bridge_slave_0: left promiscuous mode
[  476.448571][ T6009] bridge0: port 1(bridge_slave_0) entered disabled state
[  477.933535][ T6009] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  478.193632][ T6009] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  479.474131][ T6009] bond0 (unregistering): Released all slaves
[  479.505758][ T7934] vlan2: entered promiscuous mode
[  479.505981][ T7934] vlan2: entered allmulticast mode
[  479.505993][ T7934] hsr_slave_1: entered allmulticast mode
[  480.463358][ T7947] comedi comedi3: comedi_config --init_data is deprecated
[  481.210157][ T7949] evm: overlay not supported
[  482.140970][ T6009] hsr_slave_0: left promiscuous mode
[  482.768041][ T6009] hsr_slave_1: left promiscuous mode
[  482.769041][ T6009] batman_adv: batadv0: Removing interface: batadv_slave_0
[  482.845757][ T6009] batman_adv: batadv0: Removing interface: batadv_slave_1
[  483.057709][ T7959] netlink: 44 bytes leftover after parsing attributes in process `syz.2.458'.
[  483.242267][    C1] vkms_vblank_simulate: vblank timer overrun
[  483.300167][    C1] vkms_vblank_simulate: vblank timer overrun
[  483.740657][    C1] vkms_vblank_simulate: vblank timer overrun
[  483.893628][    C1] vkms_vblank_simulate: vblank timer overrun
[  483.957679][    C1] vkms_vblank_simulate: vblank timer overrun
[  484.132736][    C1] vkms_vblank_simulate: vblank timer overrun
[  484.227444][ T6009] team0 (unregistering): Port device team_slave_1 removed
[  484.353513][ T6009] team0 (unregistering): Port device team_slave_0 removed
[  484.379322][    C1] vkms_vblank_simulate: vblank timer overrun
[  484.649849][    C1] vkms_vblank_simulate: vblank timer overrun
[  484.829707][    C1] vkms_vblank_simulate: vblank timer overrun
[  485.461950][    C1] vkms_vblank_simulate: vblank timer overrun
[  485.619907][    C1] vkms_vblank_simulate: vblank timer overrun
[  486.197374][    C1] vkms_vblank_simulate: vblank timer overrun
[  486.318950][    C1] vkms_vblank_simulate: vblank timer overrun
[  486.520485][    C1] vkms_vblank_simulate: vblank timer overrun
[  486.975623][    C1] vkms_vblank_simulate: vblank timer overrun
[  487.272566][    C1] vkms_vblank_simulate: vblank timer overrun
[  487.484616][ T7989] ip6erspan0: entered allmulticast mode
[  487.643629][    C1] vkms_vblank_simulate: vblank timer overrun
[  487.731613][    C1] vkms_vblank_simulate: vblank timer overrun
[  488.280403][    C1] vkms_vblank_simulate: vblank timer overrun
[  488.331641][    C1] vkms_vblank_simulate: vblank timer overrun
[  488.388465][ T7852] chnl_net:caif_netlink_parms(): no params data found
[  490.223828][ T8005] netlink: 52 bytes leftover after parsing attributes in process `syz.2.465'.
[  490.230187][ T8005] netlink: 12 bytes leftover after parsing attributes in process `syz.2.465'.
[  490.230218][ T8005] nbd: must specify a size in bytes for the device
[  490.237385][ T8005] netlink: 12 bytes leftover after parsing attributes in process `syz.2.465'.
[  490.237403][ T8005] netlink: 4 bytes leftover after parsing attributes in process `syz.2.465'.
[  490.354224][ T7856] chnl_net:caif_netlink_parms(): no params data found
[  492.348138][ T8019] vlan1: entered promiscuous mode
[  492.348367][ T8019] vlan1: entered allmulticast mode
[  492.348380][ T8019] veth0_vlan: entered allmulticast mode
[  493.335598][ T8031] netlink: 'syz.1.469': attribute type 4 has an invalid length.
[  493.399124][ T8033] netlink: 'syz.1.469': attribute type 4 has an invalid length.
[  493.508294][ T8035] 9pnet_fd: Insufficient options for proto=fd
[  495.435490][ T7852] bridge0: port 1(bridge_slave_0) entered blocking state
[  495.435568][ T7852] bridge0: port 1(bridge_slave_0) entered disabled state
[  495.435748][ T7852] bridge_slave_0: entered allmulticast mode
[  495.446417][ T7852] bridge_slave_0: entered promiscuous mode
[  495.513536][ T7852] bridge0: port 2(bridge_slave_1) entered blocking state
[  495.513613][ T7852] bridge0: port 2(bridge_slave_1) entered disabled state
[  495.513747][ T7852] bridge_slave_1: entered allmulticast mode
[  495.515450][ T7852] bridge_slave_1: entered promiscuous mode
[  495.797591][ T5850] Bluetooth: hci0: hardware error 0x07
[  496.030315][    C1] vkms_vblank_simulate: vblank timer overrun
[  496.176277][    C1] vkms_vblank_simulate: vblank timer overrun
[  496.822658][    C1] vkms_vblank_simulate: vblank timer overrun
[  497.114549][    C1] vkms_vblank_simulate: vblank timer overrun
[  497.645061][    C1] vkms_vblank_simulate: vblank timer overrun
[  498.018379][    C1] vkms_vblank_simulate: vblank timer overrun
[  498.031426][ T5850] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  498.212833][ T7856] bridge0: port 1(bridge_slave_0) entered blocking state
[  498.212911][ T7856] bridge0: port 1(bridge_slave_0) entered disabled state
[  498.213094][ T7856] bridge_slave_0: entered allmulticast mode
[  498.214631][ T7856] bridge_slave_0: entered promiscuous mode
[  498.265143][ T7856] bridge0: port 2(bridge_slave_1) entered blocking state
[  498.265293][ T7856] bridge0: port 2(bridge_slave_1) entered disabled state
[  498.265535][ T7856] bridge_slave_1: entered allmulticast mode
[  498.279026][ T7856] bridge_slave_1: entered promiscuous mode
[  498.297099][ T7852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  498.534438][    C1] vkms_vblank_simulate: vblank timer overrun
[  500.027602][ T8079] tipc: Started in network mode
[  500.027622][ T8079] tipc: Node identity 4, cluster identity 4711
[  500.027633][ T8079] tipc: Node number set to 4
[  500.146400][ T7852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  500.229815][ T8086] futex_wake_op: syz.2.483 tries to shift op by -33; fix this program
[  500.848965][ T8099] netlink: 384 bytes leftover after parsing attributes in process `syz.0.487'.
[  500.849374][ T8099] netlink: 'syz.0.487': attribute type 2 has an invalid length.
[  501.698474][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[  501.698549][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  503.214042][ T7856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  504.651115][ T7856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  504.938572][ T8116] netlink: 8 bytes leftover after parsing attributes in process `syz.0.491'.
[  504.977928][ T1463] bridge_slave_1: left allmulticast mode
[  504.977958][ T1463] bridge_slave_1: left promiscuous mode
[  504.978221][ T1463] bridge0: port 2(bridge_slave_1) entered disabled state
[  505.218754][ T1463] bridge_slave_0: left allmulticast mode
[  505.218795][ T1463] bridge_slave_0: left promiscuous mode
[  505.222078][ T1463] bridge0: port 1(bridge_slave_0) entered disabled state
[  505.325344][ T1463] bridge_slave_1: left allmulticast mode
[  505.325378][ T1463] bridge_slave_1: left promiscuous mode
[  505.325630][ T1463] bridge0: port 2(bridge_slave_1) entered disabled state
[  506.494309][ T1463] bridge_slave_0: left allmulticast mode
[  506.494337][ T1463] bridge_slave_0: left promiscuous mode
[  506.494629][ T1463] bridge0: port 1(bridge_slave_0) entered disabled state
[  506.521687][ T8125] unsupported nlmsg_type 40
[  508.664505][ T1463] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  509.371060][ T1463] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  509.402550][ T8150] netlink: 'syz.1.504': attribute type 4 has an invalid length.
[  509.402564][ T8150] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.504'.
[  509.426427][ T1463] bond0 (unregistering): Released all slaves
[  510.414524][ T8155] comedi comedi1: pcl812: a I/O base address must be specified
[  510.423836][ T1463] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  510.533652][ T1463] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  510.591357][ T1463] bond0 (unregistering): Released all slaves
[  510.640160][ T7852] team0: Port device team_slave_0 added
[  510.946797][ T5850] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  510.946925][ T5850] Bluetooth: hci3: Injecting HCI hardware error event
[  510.949945][ T5853] Bluetooth: hci3: hardware error 0x00
[  511.043666][ T7852] team0: Port device team_slave_1 added
[  511.979397][ T8165] bridge_slave_0: left allmulticast mode
[  511.979428][ T8165] bridge_slave_0: left promiscuous mode
[  511.979912][ T8165] bridge0: port 1(bridge_slave_0) entered disabled state
[  512.070662][ T8171] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  512.070693][ T8171] CIFS: Unable to determine destination address
[  512.323756][ T5850] Bluetooth: hci4: unexpected cc 0x100c length: 65 > 3
[  512.323869][ T5850] Bluetooth: hci4: unexpected event for opcode 0x100c
[  512.537553][ T8165] bridge_slave_1: left allmulticast mode
[  512.537573][ T8165] bridge_slave_1: left promiscuous mode
[  512.537785][ T8165] bridge0: port 2(bridge_slave_1) entered disabled state
[  512.683656][ T8165] bond0: (slave bond_slave_0): Releasing backup interface
[  512.767317][ T8165] bond0: (slave bond_slave_1): Releasing backup interface
[  512.883602][ T8165] team0: Port device team_slave_0 removed
[  512.954289][ T8165] team0: Port device team_slave_1 removed
[  512.955283][ T8165] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  512.955311][ T8165] batman_adv: batadv0: Removing interface: batadv_slave_0
[  513.308700][ T8165] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  513.308731][ T8165] batman_adv: batadv0: Removing interface: batadv_slave_1
[  514.020638][ T5853] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  514.307102][ T8183] netlink: 'syz.2.515': attribute type 6 has an invalid length.
[  514.333382][ T8183] netlink: 24 bytes leftover after parsing attributes in process `syz.2.515'.
[  514.531666][ T7856] team0: Port device team_slave_0 added
[  514.580933][ T8183] syz.2.515 (8183): attempted to duplicate a private mapping with mremap.  This is not supported.
[  514.677724][   T37] audit: type=1326 audit(1756181748.780:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8180 comm="syz.2.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  514.677775][   T37] audit: type=1326 audit(1756181748.780:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8180 comm="syz.2.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  514.827321][ T7856] team0: Port device team_slave_1 added
[  514.828958][ T7852] batman_adv: batadv0: Adding interface: batadv_slave_0
[  514.828971][ T7852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  514.828994][ T7852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  514.834267][   T37] audit: type=1326 audit(1756181748.880:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8180 comm="syz.2.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  514.903227][   T37] audit: type=1326 audit(1756181749.010:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8180 comm="syz.2.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  514.903764][   T37] audit: type=1326 audit(1756181749.010:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8180 comm="syz.2.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  514.903807][   T37] audit: type=1326 audit(1756181749.010:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8180 comm="syz.2.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  514.904444][   T37] audit: type=1326 audit(1756181749.010:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8180 comm="syz.2.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  514.904486][   T37] audit: type=1326 audit(1756181749.010:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8180 comm="syz.2.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  514.904524][   T37] audit: type=1326 audit(1756181749.010:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8180 comm="syz.2.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  514.904560][   T37] audit: type=1326 audit(1756181749.010:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8180 comm="syz.2.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572918ebe9 code=0x7ffc0000
[  515.104726][ T1463] hsr_slave_0: left promiscuous mode
[  515.337528][ T1463] hsr_slave_1: left promiscuous mode
[  515.338471][ T1463] batman_adv: batadv0: Removing interface: batadv_slave_0
[  516.158894][    C0] vkms_vblank_simulate: vblank timer overrun
[  516.317787][ T1463] batman_adv: batadv0: Removing interface: batadv_slave_1
[  517.204989][    C0] vkms_vblank_simulate: vblank timer overrun
[  518.083017][    C0] vkms_vblank_simulate: vblank timer overrun
[  518.114828][ T1463] team0 (unregistering): Port device team_slave_1 removed
[  518.174423][    C0] vkms_vblank_simulate: vblank timer overrun
[  518.295721][ T1463] team0 (unregistering): Port device team_slave_0 removed
[  518.605145][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  518.609462][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  518.610707][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  518.638037][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  518.655051][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  518.997783][ T5850] Bluetooth: hci4: unexpected event for opcode 0x042c
[  519.123624][ T1463] team0 (unregistering): Port device team_slave_1 removed
[  519.273449][ T1463] team0 (unregistering): Port device team_slave_0 removed
[  519.715142][ T8204] ip6erspan0: entered promiscuous mode
[  519.743439][ T7852] batman_adv: batadv0: Adding interface: batadv_slave_1
[  519.743455][ T7852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  519.743486][ T7852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  519.814207][ T5853] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  519.831405][ T5853] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  519.861858][ T5853] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  519.871119][ T5853] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  519.872506][ T5853] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  520.053181][    C0] vkms_vblank_simulate: vblank timer overrun
[  520.095902][ T8190] netlink: 1010 bytes leftover after parsing attributes in process `syz.0.518'.
[  520.095991][ T8190] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  520.711514][ T5850] Bluetooth: hci1: command tx timeout
[  520.811957][    C0] vkms_vblank_simulate: vblank timer overrun
[  521.002754][ T5928] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  521.168187][ T5928] usb 3-1: Using ep0 maxpacket: 16
[  521.170541][ T5928] usb 3-1: config 0 has an invalid interface number: 126 but max is 0
[  521.170564][ T5928] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  521.170581][ T5928] usb 3-1: config 0 has no interface number 0
[  521.170626][ T5928] usb 3-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87
[  521.170649][ T5928] usb 3-1: config 0 interface 126 altsetting 0 endpoint 0x87 has invalid maxpacket 34328, setting to 1024
[  521.170673][ T5928] usb 3-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64
[  521.170695][ T5928] usb 3-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  521.170715][ T5928] usb 3-1: config 0 interface 126 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  521.170734][ T5928] usb 3-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[  521.170784][ T5928] usb 3-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88
[  521.170804][ T5928] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  521.321915][ T5928] usb 3-1: config 0 descriptor??
[  521.325918][ T8238] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  521.351678][ T5928] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  521.547653][    T9] usb 3-1: USB disconnect, device number 7
[  521.630438][ T5850] Bluetooth: hci4: unexpected event for opcode 0x1009
[  521.983957][ T5850] Bluetooth: hci6: command tx timeout
[  522.013955][ T8262] netlink: 116 bytes leftover after parsing attributes in process `syz.0.544'.
[  522.468436][ T8209] chnl_net:caif_netlink_parms(): no params data found
[  522.784088][ T5850] Bluetooth: hci1: command tx timeout
[  523.008662][ T8283] IPVS: fo: SCTP 172.20.20.187:0 - no destination available
[  523.509789][ T5928] IPVS: starting estimator thread 0...
[  523.592960][ T8284] IPVS: using max 9 ests per chain, 21600 per kthread
[  523.662872][ T1233] usb 3-1: new low-speed USB device number 8 using dummy_hcd
[  523.804887][ T8224] chnl_net:caif_netlink_parms(): no params data found
[  523.839908][ T1233] usb 3-1: unable to get BOS descriptor or descriptor too short
[  523.851852][ T1233] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  523.851877][ T1233] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  524.075712][ T5850] Bluetooth: hci6: command tx timeout
[  524.239045][ T1233] usb 3-1: string descriptor 0 read error: -22
[  524.242065][ T1233] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  524.242146][ T1233] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  524.608445][ T1233] usb 3-1: invalid UAC_HEADER (v1)
[  524.649935][ T1233] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  524.885167][ T5850] Bluetooth: hci1: command tx timeout
[  525.024859][ T8295] netlink: 'syz.1.554': attribute type 11 has an invalid length.
[  525.415011][ T8280] netlink: 4 bytes leftover after parsing attributes in process `syz.0.551'.
[  525.621529][ T8293] : entered promiscuous mode
[  525.635947][ T8209] bridge0: port 1(bridge_slave_0) entered blocking state
[  525.636092][ T8209] bridge0: port 1(bridge_slave_0) entered disabled state
[  525.636343][ T8209] bridge_slave_0: entered allmulticast mode
[  525.647490][ T8209] bridge_slave_0: entered promiscuous mode
[  525.662796][ T5850] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  525.663122][ T5850] Bluetooth: hci4: Injecting HCI hardware error event
[  525.669572][ T5850] Bluetooth: hci4: hardware error 0x00
[  525.776430][ T8209] bridge0: port 2(bridge_slave_1) entered blocking state
[  525.776574][ T8209] bridge0: port 2(bridge_slave_1) entered disabled state
[  525.776795][ T8209] bridge_slave_1: entered allmulticast mode
[  525.790094][ T8209] bridge_slave_1: entered promiscuous mode
[  525.930865][ T8301] netlink: 'syz.1.555': attribute type 1 has an invalid length.
[  526.009602][    T9] usb 3-1: USB disconnect, device number 8
[  526.142726][ T5853] Bluetooth: hci6: command tx timeout
[  526.753257][ T8209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  526.787096][ T8224] bridge0: port 1(bridge_slave_0) entered blocking state
[  526.787237][ T8224] bridge0: port 1(bridge_slave_0) entered disabled state
[  526.787476][ T8224] bridge_slave_0: entered allmulticast mode
[  526.827531][ T8224] bridge_slave_0: entered promiscuous mode
[  526.851505][ T8209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  526.867006][ T8224] bridge0: port 2(bridge_slave_1) entered blocking state
[  526.867147][ T8224] bridge0: port 2(bridge_slave_1) entered disabled state
[  526.867400][ T8224] bridge_slave_1: entered allmulticast mode
[  526.894110][ T8224] bridge_slave_1: entered promiscuous mode
[  527.013789][ T5853] Bluetooth: hci1: command tx timeout
[  528.010340][ T5850] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  528.086137][ T8320] netlink: 'syz.1.561': attribute type 7 has an invalid length.
[  528.246262][ T8320] : entered promiscuous mode
[  528.246958][ T5850] Bluetooth: hci6: command tx timeout
[  528.422545][ T8329] netlink: 20 bytes leftover after parsing attributes in process `syz.0.564'.
[  528.715233][ T8322] netlink: 16 bytes leftover after parsing attributes in process `syz.1.561'.
[  529.124866][ T8209] team0: Port device team_slave_0 added
[  529.148445][ T8224] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  529.150814][ T8209] team0: Port device team_slave_1 added
[  529.169967][ T1463] bridge_slave_1: left allmulticast mode
[  529.169995][ T1463] bridge_slave_1: left promiscuous mode
[  529.170221][ T1463] bridge0: port 2(bridge_slave_1) entered disabled state
[  529.174883][ T8351] netlink: 8 bytes leftover after parsing attributes in process `syz.2.575'.
[  529.174907][ T8351] netlink: 20 bytes leftover after parsing attributes in process `syz.2.575'.
[  529.288249][ T1463] bridge_slave_0: left allmulticast mode
[  529.288280][ T1463] bridge_slave_0: left promiscuous mode
[  529.288558][ T1463] bridge0: port 1(bridge_slave_0) entered disabled state
[  529.336108][ T8353] netlink: 44 bytes leftover after parsing attributes in process `syz.0.576'.
[  529.336132][ T8353] netlink: 43 bytes leftover after parsing attributes in process `syz.0.576'.
[  529.336146][ T8353] netlink: 'syz.0.576': attribute type 5 has an invalid length.
[  529.336157][ T8353] netlink: 43 bytes leftover after parsing attributes in process `syz.0.576'.
[  529.429237][ T1463] bridge_slave_1: left allmulticast mode
[  529.429269][ T1463] bridge_slave_1: left promiscuous mode
[  529.429523][ T1463] bridge0: port 2(bridge_slave_1) entered disabled state
[  529.515809][ T1463] bridge_slave_0: left allmulticast mode
[  529.515839][ T1463] bridge_slave_0: left promiscuous mode
[  529.516107][ T1463] bridge0: port 1(bridge_slave_0) entered disabled state
[  530.954115][ T1463] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  531.074249][ T1463] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  531.158555][ T1463] bond0 (unregistering): Released all slaves
[  531.363166][ T1463] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  531.446883][ T1463] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  531.529994][ T1463] bond0 (unregistering): Released all slaves
[  531.659596][ T8224] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  532.069042][ T8209] batman_adv: batadv0: Adding interface: batadv_slave_0
[  532.069058][ T8209] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  532.069080][ T8209] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  532.204735][ T8209] batman_adv: batadv0: Adding interface: batadv_slave_1
[  532.204750][ T8209] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  532.204770][ T8209] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  532.205452][ T1463] batman_adv: batadv0: Removing interface: batadv_slave_0
[  532.293968][ T1463] batman_adv: batadv0: Removing interface: batadv_slave_1
[  532.518913][ T5928] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  532.574611][ T1463] team0 (unregistering): Port device team_slave_1 removed
[  532.662879][ T5928] usb 3-1: Using ep0 maxpacket: 8
[  532.665319][ T5928] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  532.665341][ T5928] usb 3-1: config 0 has no interface number 0
[  532.665384][ T5928] usb 3-1: config 0 interface 1 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  532.665406][ T5928] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x8F has an invalid bInterval 102, changing to 10
[  532.665430][ T5928] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x8F has invalid maxpacket 24624, setting to 1024
[  532.665468][ T5928] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  532.665487][ T5928] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  532.670829][ T5928] usb 3-1: config 0 descriptor??
[  532.773415][ T5928] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  532.819303][ T1463] team0 (unregistering): Port device team_slave_0 removed
[  532.998681][   T10] usb 3-1: USB disconnect, device number 9
[  533.388809][ T1463] team0 (unregistering): Port device team_slave_1 removed
[  533.508888][ T1463] team0 (unregistering): Port device team_slave_0 removed
[  534.092309][ T8224] team0: Port device team_slave_0 added
[  534.272278][ T8224] team0: Port device team_slave_1 added
[  536.005826][ T8224] batman_adv: batadv0: Adding interface: batadv_slave_0
[  536.005840][ T8224] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  536.005863][ T8224] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  536.245009][ T8224] batman_adv: batadv0: Adding interface: batadv_slave_1
[  536.245025][ T8224] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  536.245047][ T8224] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  536.295841][ T8209] hsr_slave_0: entered promiscuous mode
[  536.297215][ T8209] hsr_slave_1: entered promiscuous mode
[  536.298154][ T8209] debugfs: 'hsr0' already exists in 'hsr'
[  536.298176][ T8209] Cannot create hsr debugfs directory
[  538.125926][ T8447] IPVS: stopping master sync thread 8456 ...
[  538.148190][ T8224] hsr_slave_0: entered promiscuous mode
[  538.158972][ T8224] hsr_slave_1: entered promiscuous mode
[  538.159934][ T8224] debugfs: 'hsr0' already exists in 'hsr'
[  538.159958][ T8224] Cannot create hsr debugfs directory
[  538.918294][ T8465] 9p: Unknown access argument 18446744073709551615: -34
[  539.690413][    C1] vkms_vblank_simulate: vblank timer overrun
[  539.804218][    C1] vkms_vblank_simulate: vblank timer overrun
[  539.944513][    C1] vkms_vblank_simulate: vblank timer overrun
[  540.415690][    C1] vkms_vblank_simulate: vblank timer overrun
[  540.601317][    C1] vkms_vblank_simulate: vblank timer overrun
[  540.707589][ T8492] netlink: 8 bytes leftover after parsing attributes in process `syz.0.631'.
[  540.780942][ T8209] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  541.173060][    C1] vkms_vblank_simulate: vblank timer overrun
[  541.510625][    C1] vkms_vblank_simulate: vblank timer overrun
[  542.063568][    C1] vkms_vblank_simulate: vblank timer overrun
[  542.181614][ T8209] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  542.548506][    C1] vkms_vblank_simulate: vblank timer overrun
[  542.577389][ T8209] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  543.018842][ T8515] ubi: mtd0 is already attached to ubi31
[  543.173549][    C1] vkms_vblank_simulate: vblank timer overrun
[  543.266317][    C1] vkms_vblank_simulate: vblank timer overrun
[  543.351417][    C1] vkms_vblank_simulate: vblank timer overrun
[  543.435921][ T8209] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  543.801036][ T8209] 8021q: adding VLAN 0 to HW filter on device bond0
[  543.855794][ T8209] 8021q: adding VLAN 0 to HW filter on device team0
[  543.877116][ T6525] bridge0: port 1(bridge_slave_0) entered blocking state
[  543.877255][ T6525] bridge0: port 1(bridge_slave_0) entered forwarding state
[  543.911724][ T6525] bridge0: port 2(bridge_slave_1) entered blocking state
[  543.912916][ T6525] bridge0: port 2(bridge_slave_1) entered forwarding state
[  544.215467][ T8224] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  544.254876][ T8224] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  544.295581][ T8224] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  544.351330][ T8224] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  544.626698][ T8224] 8021q: adding VLAN 0 to HW filter on device bond0
[  544.678739][ T8224] 8021q: adding VLAN 0 to HW filter on device team0
[  544.705330][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state
[  544.705486][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state
[  544.753697][ T6009] bridge0: port 2(bridge_slave_1) entered blocking state
[  544.753948][ T6009] bridge0: port 2(bridge_slave_1) entered forwarding state
[  544.889499][ T8209] 8021q: adding VLAN 0 to HW filter on device batadv0
[  545.268345][ T8224] 8021q: adding VLAN 0 to HW filter on device batadv0
[  545.646664][ T8209] veth0_vlan: entered promiscuous mode
[  545.689268][ T8209] veth1_vlan: entered promiscuous mode
[  545.789458][ T8209] veth0_macvtap: entered promiscuous mode
[  545.814372][ T8209] veth1_macvtap: entered promiscuous mode
[  545.872061][ T8224] veth0_vlan: entered promiscuous mode
[  545.889050][ T8209] batman_adv: batadv0: Interface activated: batadv_slave_0
[  545.917966][ T8209] batman_adv: batadv0: Interface activated: batadv_slave_1
[  545.924514][ T8224] veth1_vlan: entered promiscuous mode
[  545.949417][ T6525] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  545.954826][ T6525] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  545.955556][ T6525] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  545.955610][ T6525] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  546.280472][ T8224] veth0_macvtap: entered promiscuous mode
[  546.318214][ T8224] veth1_macvtap: entered promiscuous mode
[  546.352772][ T1518] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  546.352790][ T1518] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  546.385646][ T8224] batman_adv: batadv0: Interface activated: batadv_slave_0
[  546.431070][ T8224] batman_adv: batadv0: Interface activated: batadv_slave_1
[  546.443877][ T6009] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  546.443893][ T6009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  546.461295][   T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  546.464617][   T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  546.465268][   T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  546.465300][   T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  546.949930][ T1518] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  546.949949][ T1518] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  548.098476][ T6605] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  548.098509][ T6605] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  550.774665][ T5929] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  550.942825][ T5929] usb 6-1: Using ep0 maxpacket: 8
[  550.955264][ T5929] usb 6-1: unable to get BOS descriptor or descriptor too short
[  550.963357][ T5929] usb 6-1: config 4 has an invalid interface number: 30 but max is 0
[  550.963380][ T5929] usb 6-1: config 4 has no interface number 0
[  550.963411][ T5929] usb 6-1: config 4 interface 30 has no altsetting 0
[  550.993549][ T5929] usb 6-1: string descriptor 0 read error: -22
[  550.993703][ T5929] usb 6-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88
[  550.993723][ T5929] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  551.040780][ T5929] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state.
[  551.040837][ T5929] dw2102: su3000_power_ctrl: 1, initialized 0
[  551.060723][ T5929] dvb-usb: bulk message failed: -22 (2/0)
[  551.112988][ T5929] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  551.118401][ T5929] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2))
[  551.118488][ T5929] usb 6-1: media controller created
[  551.122366][ T5929] dvb-usb: bulk message failed: -22 (6/0)
[  551.122387][ T5929] dw2102: i2c transfer failed.
[  551.122412][ T5929] dvb-usb: bulk message failed: -22 (6/0)
[  551.122424][ T5929] dw2102: i2c transfer failed.
[  551.122439][ T5929] dvb-usb: bulk message failed: -22 (6/0)
[  551.122451][ T5929] dw2102: i2c transfer failed.
[  551.122465][ T5929] dvb-usb: bulk message failed: -22 (6/0)
[  551.122478][ T5929] dw2102: i2c transfer failed.
[  551.122493][ T5929] dvb-usb: bulk message failed: -22 (6/0)
[  551.122506][ T5929] dw2102: i2c transfer failed.
[  551.122520][ T5929] dvb-usb: bulk message failed: -22 (6/0)
[  551.122531][ T5929] dw2102: i2c transfer failed.
[  551.122540][ T5929] dvb-usb: MAC address: 02:02:02:02:02:02
[  551.217774][ T8597] dvb-usb: bulk message failed: -22 (3/0)
[  551.217793][ T8597] dw2102: i2c transfer failed.
[  551.305098][ T5929] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  551.350837][ T5929] dvb-usb: bulk message failed: -22 (3/0)
[  551.350859][ T5929] dw2102: command 0x0e transfer failed.
[  551.350868][ T5929] dvb-usb: bulk message failed: -22 (3/0)
[  551.350881][ T5929] dw2102: command 0x0e transfer failed.
[  551.408095][ T8612] netlink: 'syz.1.661': attribute type 21 has an invalid length.
[  551.408175][ T8612] netlink: 'syz.1.661': attribute type 6 has an invalid length.
[  551.408189][ T8612] netlink: 64 bytes leftover after parsing attributes in process `syz.1.661'.
[  551.655357][ T5929] dvb-usb: bulk message failed: -22 (3/0)
[  551.655380][ T5929] dw2102: command 0x0e transfer failed.
[  551.655389][ T5929] dvb-usb: bulk message failed: -22 (3/0)
[  551.655402][ T5929] dw2102: command 0x0e transfer failed.
[  551.655410][ T5929] dvb-usb: bulk message failed: -22 (1/0)
[  551.655422][ T5929] dw2102: command 0x51 transfer failed.
[  551.655430][ T5929] dvb-usb: bulk message failed: -22 (5/0)
[  551.655449][ T5929] dw2102: i2c probe for address 0x68 failed.
[  551.655460][ T5929] dvb-usb: bulk message failed: -22 (5/0)
[  551.655471][ T5929] dw2102: i2c probe for address 0x69 failed.
[  551.655481][ T5929] dvb-usb: bulk message failed: -22 (5/0)
[  551.655493][ T5929] dw2102: i2c probe for address 0x6a failed.
[  551.655503][ T5929] dw2102: probing for demodulator failed. Is the external power switched on?
[  551.655512][ T5929] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)'
[  551.822759][ T5929] rc_core: IR keymap rc-tt-1500 not found
[  551.822778][ T5929] Registered IR keymap rc-empty
[  551.825589][ T5929] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0
[  551.828811][ T5929] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0/input11
[  551.873254][ T5929] dvb-usb: schedule remote query interval to 250 msecs.
[  551.873351][ T5929] dw2102: su3000_power_ctrl: 0, initialized 1
[  551.873364][ T5929] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected.
[  551.905087][ T5929] usb 6-1: USB disconnect, device number 2
[  551.932815][   T49] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  552.082927][   T49] usb 7-1: Using ep0 maxpacket: 16
[  552.085350][   T49] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 8
[  552.094179][   T49] usb 7-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  552.094209][   T49] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  552.094226][   T49] usb 7-1: Product: syz
[  552.094238][   T49] usb 7-1: Manufacturer: syz
[  552.094251][   T49] usb 7-1: SerialNumber: syz
[  552.106285][   T49] usb 7-1: config 0 descriptor??
[  552.114839][   T49] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected
[  552.198130][   T49] usb 7-1: Detected FT232R
[  552.213274][ T5929] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected.
[  552.347054][   T49] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  552.349430][   T49] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  552.349943][   T49] ftdi_sio 7-1:0.0: GPIO initialisation failed: -71
[  552.365376][   T49] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  552.399882][   T49] usb 7-1: USB disconnect, device number 2
[  552.455835][   T49] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  552.456421][   T49] ftdi_sio 7-1:0.0: device disconnected
[  552.583645][ T8638] program syz.5.673 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  552.984852][   T49] kernel write not supported for file /snd/midiC2D0 (pid: 49 comm: kworker/1:1)
[  553.322836][ T5929] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  554.296354][ T5929] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  554.296385][ T5929] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  554.296408][ T5929] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  554.299587][ T5929] usb 6-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  554.299613][ T5929] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  554.299631][ T5929] usb 6-1: Product: syz
[  554.299644][ T5929] usb 6-1: Manufacturer: syz
[  554.299656][ T5929] usb 6-1: SerialNumber: syz
[  554.384789][ T5929] usb 6-1: config 0 descriptor??
[  554.385637][ T8652] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  554.385776][ T8652] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  554.392270][ T5929] usb 6-1: ucan: probing device on interface #0
[  555.003443][ T5929] ucan 6-1:0.0: probe with driver ucan failed with error -71
[  555.004004][    T9] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  555.031283][ T5929] usb 6-1: USB disconnect, device number 3
[  555.152846][    T9] usb 7-1: Using ep0 maxpacket: 8
[  555.156292][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  555.156331][    T9] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  555.156343][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  555.160200][    T9] usb 7-1: config 0 descriptor??
[  556.559833][    T9] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  557.048943][    T9] usb 7-1: USB disconnect, device number 3
[  557.483187][ T8695] netlink: 60 bytes leftover after parsing attributes in process `syz.1.694'.
[  557.488582][ T8694] netlink: 60 bytes leftover after parsing attributes in process `syz.1.694'.
[  557.583139][ T8696] netlink: 60 bytes leftover after parsing attributes in process `syz.1.694'.
[  561.282831][ T8735] ubi: mtd0 is already attached to ubi31
[  563.027590][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[  563.027694][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  563.154581][ T5920] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  563.302879][ T5920] usb 7-1: Using ep0 maxpacket: 16
[  563.305982][ T5920] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  563.306013][ T5920] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  563.306033][ T5920] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  563.306079][ T5920] usb 7-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00
[  563.306099][ T5920] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.317264][ T5920] usb 7-1: config 0 descriptor??
[  563.775639][ T8760] Driver unsupported XDP return value 0 on prog  (id 169) dev N/A, expect packet loss!
[  564.713137][ T5920] ryos 0003:1E7D:31CE.0002: unbalanced delimiter at end of report description
[  564.713995][ T5920] ryos 0003:1E7D:31CE.0002: parse failed
[  564.714061][ T5920] ryos 0003:1E7D:31CE.0002: probe with driver ryos failed with error -22
[  565.901029][ T8770] ubi: mtd0 is already attached to ubi31
[  566.605177][ T1233] usb 7-1: USB disconnect, device number 4
[  568.919673][ T8798] sp0: Synchronizing with TNC
[  568.980821][ T8803] ipvlan2: entered promiscuous mode
[  568.987601][ T8803] bridge0: port 1(ipvlan2) entered blocking state
[  568.991269][ T8803] bridge0: port 1(ipvlan2) entered disabled state
[  568.991481][ T8803] ipvlan2: entered allmulticast mode
[  568.991494][ T8803] bridge0: entered allmulticast mode
[  569.013128][ T8803] ipvlan2: left allmulticast mode
[  569.013146][ T8803] bridge0: left allmulticast mode
[  569.402755][ T6642] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  569.566344][ T6642] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  569.566375][ T6642] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  569.566397][ T6642] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  569.566416][ T6642] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  569.566462][ T6642] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  569.566482][ T6642] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  569.671004][ T6642] usb 7-1: config 0 descriptor??
[  570.109584][ T6642] plantronics 0003:047F:FFFF.0003: ignoring exceeding usage max
[  570.148837][ T6642] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  570.990088][ T8835] ubi: mtd0 is already attached to ubi31
[  571.574371][ T6642] usb 7-1: USB disconnect, device number 5
[  574.709644][ T8862] netlink: 8 bytes leftover after parsing attributes in process `syz.6.753'.
[  574.755502][   T49] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  574.905265][   T49] usb 3-1: config 0 has no interfaces?
[  574.905308][   T49] usb 3-1: New USB device found, idVendor=5543, idProduct=3031, bcdDevice= 0.00
[  574.905330][   T49] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  574.911648][   T49] usb 3-1: config 0 descriptor??
[  575.461591][ T8882] netlink: 'syz.5.759': attribute type 10 has an invalid length.
[  575.568942][ T8882] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  575.736880][ T8884] overlayfs: failed to clone upperpath
[  575.951771][ T8890] tmpfs: Unsupported parameter 'huge'
[  576.644005][  T992] usb 3-1: USB disconnect, device number 10
[  577.135278][ T8908] input: syz1 as /devices/virtual/input/input12
[  577.618905][ T8914] block nbd0: server does not support multiple connections per device.
[  577.660864][ T8914] block nbd0: shutting down sockets
[  578.022589][    C0] vkms_vblank_simulate: vblank timer overrun
[  578.133307][    C0] vkms_vblank_simulate: vblank timer overrun
[  578.175588][ T8925] netlink: 384 bytes leftover after parsing attributes in process `syz.5.774'.
[  578.175820][ T8925] netlink: 'syz.5.774': attribute type 2 has an invalid length.
[  578.773150][    C0] vkms_vblank_simulate: vblank timer overrun
[  578.958958][    C0] vkms_vblank_simulate: vblank timer overrun
[  579.226012][    C0] vkms_vblank_simulate: vblank timer overrun
[  579.260660][    C0] vkms_vblank_simulate: vblank timer overrun
[  579.348362][    C0] vkms_vblank_simulate: vblank timer overrun
[  580.113253][    C0] vkms_vblank_simulate: vblank timer overrun
[  580.313827][ T8941] syzkaller1: entered promiscuous mode
[  580.313857][ T8941] syzkaller1: entered allmulticast mode
[  580.879323][    C0] vkms_vblank_simulate: vblank timer overrun
[  581.115789][    C0] vkms_vblank_simulate: vblank timer overrun
[  581.260772][    C0] vkms_vblank_simulate: vblank timer overrun
[  581.382642][    C0] vkms_vblank_simulate: vblank timer overrun
[  581.500685][    C0] vkms_vblank_simulate: vblank timer overrun
[  581.570264][    C0] vkms_vblank_simulate: vblank timer overrun
[  581.919079][ T8966] syzkaller1: entered promiscuous mode
[  581.919108][ T8966] syzkaller1: entered allmulticast mode
[  582.520724][ T8981] syzkaller1: entered promiscuous mode
[  582.520752][ T8981] syzkaller1: entered allmulticast mode
[  583.492730][    T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  583.655466][    T9] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[  583.655526][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  583.655550][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  583.655574][    T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  583.655613][    T9] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  583.655633][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.666802][    T9] usb 6-1: config 0 descriptor??
[  583.667904][ T9004] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  584.233919][    T9] plantronics 0003:047F:FFFF.0004: reserved main item tag 0xd
[  585.378719][    T9] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  585.420274][    T9] usb 6-1: USB disconnect, device number 4
[  586.242766][    T9] usb 7-1: new full-speed USB device number 6 using dummy_hcd
[  586.437021][    T9] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  586.437055][    T9] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  586.437095][    T9] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  586.437115][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.739784][    T9] usb 7-1: usb_control_msg returned -32
[  586.739858][    T9] usbtmc 7-1:16.0: can't read capabilities
[  588.794038][ T9069] IPVS: stopping master sync thread 9072 ...
[  588.972775][    T9] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  589.019812][  T992] usb 7-1: USB disconnect, device number 6
[  589.145370][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  589.145402][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  589.145423][    T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  589.145464][    T9] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  589.145484][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  589.254602][    T9] usb 6-1: config 0 descriptor??
[  589.462725][ T9087] ubi: mtd0 is already attached to ubi31
[  589.787862][ T9092] ubi: mtd0 is already attached to ubi31
[  590.987335][    T9] plantronics 0003:047F:FFFF.0005: reserved main item tag 0xe
[  590.987381][    T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  591.055087][    T9] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  591.082744][    T9] usb 6-1: USB disconnect, device number 5
[  591.246960][ T9098] netlink: 12 bytes leftover after parsing attributes in process `syz.1.832'.
[  592.607990][ T9135] 9pnet_fd: Insufficient options for proto=fd
[  596.043030][ T9166] ubi: mtd0 is already attached to ubi31
[  601.552707][ T5929] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  601.565185][ T9260] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  601.762690][ T5929] usb 7-1: Using ep0 maxpacket: 16
[  601.782487][ T5929] usb 7-1: config 0 has an invalid interface number: 41 but max is 0
[  601.782512][ T5929] usb 7-1: config 0 has no interface number 0
[  601.782743][ T5929] usb 7-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  601.782766][ T5929] usb 7-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  601.782788][ T5929] usb 7-1: config 0 interface 41 has no altsetting 0
[  601.828580][ T5929] usb 7-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  601.828607][ T5929] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  601.828625][ T5929] usb 7-1: Product: syz
[  601.828637][ T5929] usb 7-1: Manufacturer: syz
[  601.828649][ T5929] usb 7-1: SerialNumber: syz
[  601.891492][ T5929] usb 7-1: config 0 descriptor??
[  601.892368][ T9253] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  601.892495][ T9253] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  602.021121][ T9273] Bluetooth: hci0: load_link_keys: too big key_count value 2816
[  602.377415][ T9253] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  602.427947][ T9253] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  602.885514][ T5929] Error reading MAC address
[  602.890967][ T9253] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  602.891089][ T9253] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  609.487894][ T5929] sr9700 7-1:0.41 eth5: register 'sr9700' at usb-dummy_hcd.6-1, CoreChip SR9700 USB Ethernet, 4a:0c:d3:69:ac:11
[  609.490557][ T5929] usb 7-1: USB disconnect, device number 7
[  609.512205][ T5929] sr9700 7-1:0.41 eth5: unregister 'sr9700' usb-dummy_hcd.6-1, CoreChip SR9700 USB Ethernet
[  610.707951][ T9309] ip6erspan0: entered promiscuous mode
[  611.376454][ T9324] Invalid source name
[  612.215795][ T9332] syzkaller1: entered promiscuous mode
[  612.215824][ T9332] syzkaller1: entered allmulticast mode
[  613.001093][    C1] vkms_vblank_simulate: vblank timer overrun
[  613.151491][ T9347] 
[  613.151503][ T9347] ======================================================
[  613.151513][ T9347] WARNING: possible circular locking dependency detected
[  613.151527][ T9347] syzkaller #0 Not tainted
[  613.151538][ T9347] ------------------------------------------------------
[  613.151546][ T9347] syz.2.919/9347 is trying to acquire lock:
[  613.151557][ T9347] ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[  613.151617][ T9347] 
[  613.151617][ T9347] but task is already holding lock:
[  613.151624][ T9347] ffff88814337e3a0 (&dev->vblank_time_lock){+.+.}-{3:3}, at: drm_vblank_disable_and_save+0x7f/0x380
[  613.151668][ T9347] 
[  613.151668][ T9347] which lock already depends on the new lock.
[  613.151668][ T9347] 
[  613.151675][ T9347] 
[  613.151675][ T9347] the existing dependency chain (in reverse order) is:
[  613.151682][ T9347] 
[  613.151682][ T9347] -> #4 (&dev->vblank_time_lock){+.+.}-{3:3}:
[  613.151707][ T9347]        lock_acquire+0x120/0x360
[  613.151728][ T9347]        rt_spin_lock+0x88/0x2c0
[  613.151743][ T9347]        drm_crtc_vblank_on_config+0x2cd/0x860
[  613.151761][ T9347]        drm_crtc_vblank_on+0x88/0xc0
[  613.151777][ T9347]        drm_atomic_helper_commit_modeset_enables+0x602/0xe10
[  613.151797][ T9347]        vkms_atomic_commit_tail+0x69/0x210
[  613.151815][ T9347]        commit_tail+0x281/0x3a0
[  613.151831][ T9347]        drm_atomic_helper_commit+0xa6b/0xb10
[  613.151849][ T9347]        drm_atomic_commit+0x262/0x2c0
[  613.151864][ T9347]        drm_client_modeset_commit_atomic+0x620/0x760
[  613.151886][ T9347]        drm_client_modeset_commit_locked+0xce/0x4d0
[  613.151909][ T9347]        drm_client_modeset_commit+0x4a/0x70
[  613.151931][ T9347]        __drm_fb_helper_restore_fbdev_mode_unlocked+0x9d/0x1b0
[  613.151949][ T9347]        drm_fb_helper_set_par+0xaf/0x100
[  613.151966][ T9347]        fbcon_init+0x1255/0x2370
[  613.151985][ T9347]        visual_init+0x2ef/0x650
[  613.152004][ T9347]        do_bind_con_driver+0x890/0xf70
[  613.152023][ T9347]        do_take_over_console+0x899/0xa10
[  613.152043][ T9347]        do_fbcon_takeover+0x118/0x200
[  613.152062][ T9347]        fbcon_fb_registered+0x35e/0x610
[  613.152081][ T9347]        register_framebuffer+0x70f/0x890
[  613.152102][ T9347]        __drm_fb_helper_initial_config_and_unlock+0x130a/0x18a0
[  613.152122][ T9347]        drm_fbdev_client_hotplug+0x16f/0x230
[  613.152141][ T9347]        drm_client_register+0x16f/0x210
[  613.152161][ T9347]        drm_fbdev_client_setup+0x19f/0x3f0
[  613.152179][ T9347]        drm_client_setup+0x10a/0x230
[  613.152196][ T9347]        vkms_init+0x3e0/0x4b0
[  613.152215][ T9347]        do_one_initcall+0x233/0x820
[  613.152230][ T9347]        do_initcall_level+0x104/0x190
[  613.152252][ T9347]        do_initcalls+0x59/0xa0
[  613.152273][ T9347]        kernel_init_freeable+0x334/0x4b0
[  613.152296][ T9347]        kernel_init+0x1d/0x1d0
[  613.152310][ T9347]        ret_from_fork+0x3fc/0x770
[  613.152329][ T9347]        ret_from_fork_asm+0x1a/0x30
[  613.152343][ T9347] 
[  613.152343][ T9347] -> #3 (&dev->vbl_lock){+.+.}-{3:3}:
[  613.152367][ T9347]        lock_acquire+0x120/0x360
[  613.152386][ T9347]        rt_spin_lock+0x88/0x2c0
[  613.152401][ T9347]        vblank_disable_fn+0x72/0x190
[  613.152417][ T9347]        call_timer_fn+0x17b/0x5f0
[  613.152436][ T9347]        __run_timer_base+0x648/0x970
[  613.152453][ T9347]        run_timer_softirq+0xb7/0x180
[  613.152471][ T9347]        handle_softirqs+0x22c/0x710
[  613.152489][ T9347]        run_ktimerd+0xcf/0x190
[  613.152509][ T9347]        smpboot_thread_fn+0x542/0xa60
[  613.152531][ T9347]        kthread+0x711/0x8a0
[  613.152549][ T9347]        ret_from_fork+0x3fc/0x770
[  613.152565][ T9347]        ret_from_fork_asm+0x1a/0x30
[  613.152580][ T9347] 
[  613.152580][ T9347] -> #2 ((&vblank->disable_timer)){+...}-{0:0}:
[  613.152612][ T9347]        lock_acquire+0x120/0x360
[  613.152630][ T9347]        call_timer_fn+0xdb/0x5f0
[  613.152650][ T9347]        __run_timer_base+0x648/0x970
[  613.152667][ T9347]        run_timer_softirq+0xb7/0x180
[  613.152685][ T9347]        handle_softirqs+0x22c/0x710
[  613.152704][ T9347]        run_ktimerd+0xcf/0x190
[  613.152724][ T9347]        smpboot_thread_fn+0x542/0xa60
[  613.152743][ T9347]        kthread+0x711/0x8a0
[  613.152764][ T9347]        ret_from_fork+0x3fc/0x770
[  613.152783][ T9347]        ret_from_fork_asm+0x1a/0x30
[  613.152799][ T9347] 
[  613.152799][ T9347] -> #1 (&base->expiry_lock){+...}-{3:3}:
[  613.152824][ T9347]        lock_acquire+0x120/0x360
[  613.152842][ T9347]        rt_spin_lock+0x88/0x2c0
[  613.152856][ T9347]        __run_timer_base+0x114/0x970
[  613.152873][ T9347]        run_timer_softirq+0x67/0x180
[  613.152891][ T9347]        handle_softirqs+0x22c/0x710
[  613.152910][ T9347]        run_ktimerd+0xcf/0x190
[  613.152929][ T9347]        smpboot_thread_fn+0x542/0xa60
[  613.152947][ T9347]        kthread+0x711/0x8a0
[  613.152968][ T9347]        ret_from_fork+0x3fc/0x770
[  613.152986][ T9347]        ret_from_fork_asm+0x1a/0x30
[  613.153001][ T9347] 
[  613.153001][ T9347] -> #0 ((softirq_ctrl.lock)){+.+.}-{3:3}:
[  613.153025][ T9347]        validate_chain+0xb9b/0x2140
[  613.153046][ T9347]        __lock_acquire+0xab9/0xd20
[  613.153065][ T9347]        reacquire_held_locks+0x127/0x1d0
[  613.153087][ T9347]        lock_release+0x1b4/0x3e0
[  613.153105][ T9347]        __local_bh_enable_ip+0x10c/0x270
[  613.153123][ T9347]        hrtimer_cancel+0x39/0x60
[  613.153143][ T9347]        drm_vblank_disable_and_save+0x1bc/0x380
[  613.153160][ T9347]        drm_crtc_vblank_off+0x22e/0x820
[  613.153177][ T9347]        drm_atomic_helper_commit_modeset_disables+0xc89/0x2010
[  613.153196][ T9347]        vkms_atomic_commit_tail+0x51/0x210
[  613.153214][ T9347]        commit_tail+0x281/0x3a0
[  613.153230][ T9347]        drm_atomic_helper_commit+0xa6b/0xb10
[  613.153247][ T9347]        drm_atomic_commit+0x262/0x2c0
[  613.153262][ T9347]        drm_atomic_helper_set_config+0xe2/0x160
[  613.153280][ T9347]        drm_mode_setcrtc+0x9a4/0x1c50
[  613.153301][ T9347]        drm_ioctl_kernel+0x2d2/0x3a0
[  613.153320][ T9347]        drm_ioctl+0x685/0xb20
[  613.153337][ T9347]        __se_sys_ioctl+0xfc/0x170
[  613.153354][ T9347]        do_syscall_64+0xfa/0x3b0
[  613.153373][ T9347]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.153390][ T9347] 
[  613.153390][ T9347] other info that might help us debug this:
[  613.153390][ T9347] 
[  613.153396][ T9347] Chain exists of:
[  613.153396][ T9347]   (softirq_ctrl.lock) --> &dev->vbl_lock --> &dev->vblank_time_lock
[  613.153396][ T9347] 
[  613.153426][ T9347]  Possible unsafe locking scenario:
[  613.153426][ T9347] 
[  613.153432][ T9347]        CPU0                    CPU1
[  613.153438][ T9347]        ----                    ----
[  613.153443][ T9347]   lock(&dev->vblank_time_lock);
[  613.153456][ T9347]                                lock(&dev->vbl_lock);
[  613.153469][ T9347]                                lock(&dev->vblank_time_lock);
[  613.153483][ T9347]   lock((softirq_ctrl.lock));
[  613.153495][ T9347] 
[  613.153495][ T9347]  *** DEADLOCK ***
[  613.153495][ T9347] 
[  613.153501][ T9347] 8 locks held by syz.2.919/9347:
[  613.153512][ T9347]  #0: ffffc9000cf9fb20 (crtc_ww_class_acquire){+.+.}-{0:0}, at: drm_mode_setcrtc+0x555/0x1c50
[  613.153559][ T9347]  #1: ffffc9000cf9fb48 (crtc_ww_class_mutex){+.+.}-{4:4}, at: drm_mode_setcrtc+0x555/0x1c50
[  613.153612][ T9347]  #2: ffff88814337e4b8 (&dev->event_lock){+.+.}-{3:3}, at: drm_crtc_vblank_off+0xe4/0x820
[  613.153656][ T9347]  #3: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[  613.153697][ T9347]  #4: ffff88814337e420 (&dev->vbl_lock){+.+.}-{3:3}, at: drm_crtc_vblank_off+0xf5/0x820
[  613.153741][ T9347]  #5: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[  613.153783][ T9347]  #6: ffff88814337e3a0 (&dev->vblank_time_lock){+.+.}-{3:3}, at: drm_vblank_disable_and_save+0x7f/0x380
[  613.153827][ T9347]  #7: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[  613.153869][ T9347] 
[  613.153869][ T9347] stack backtrace:
[  613.153890][ T9347] CPU: 1 UID: 0 PID: 9347 Comm: syz.2.919 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  613.153912][ T9347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  613.153928][ T9347] Call Trace:
[  613.153936][ T9347]  <TASK>
[  613.153944][ T9347]  dump_stack_lvl+0x189/0x250
[  613.153970][ T9347]  ? __pfx_dump_stack_lvl+0x10/0x10
[  613.153994][ T9347]  ? __pfx__printk+0x10/0x10
[  613.154014][ T9347]  ? print_lock_name+0xde/0x100
[  613.154033][ T9347]  print_circular_bug+0x2ee/0x310
[  613.154053][ T9347]  check_noncircular+0x134/0x160
[  613.154080][ T9347]  validate_chain+0xb9b/0x2140
[  613.154106][ T9347]  ? preempt_schedule+0xae/0xc0
[  613.154125][ T9347]  ? preempt_schedule_common+0x83/0xd0
[  613.154145][ T9347]  ? preempt_schedule+0xae/0xc0
[  613.154164][ T9347]  ? __pfx_preempt_schedule+0x10/0x10
[  613.154187][ T9347]  __lock_acquire+0xab9/0xd20
[  613.154211][ T9347]  reacquire_held_locks+0x127/0x1d0
[  613.154234][ T9347]  ? __local_bh_disable_ip+0x264/0x400
[  613.154257][ T9347]  lock_release+0x1b4/0x3e0
[  613.154278][ T9347]  ? __local_bh_enable_ip+0x100/0x270
[  613.154300][ T9347]  __local_bh_enable_ip+0x10c/0x270
[  613.154320][ T9347]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  613.154341][ T9347]  ? rt_spin_unlock+0x65/0x80
[  613.154359][ T9347]  ? hrtimer_cancel_wait_running+0xe5/0x180
[  613.154383][ T9347]  ? hrtimer_cancel_wait_running+0x142/0x180
[  613.154407][ T9347]  ? __pfx_vkms_disable_vblank+0x10/0x10
[  613.154428][ T9347]  hrtimer_cancel+0x39/0x60
[  613.154450][ T9347]  drm_vblank_disable_and_save+0x1bc/0x380
[  613.154471][ T9347]  drm_crtc_vblank_off+0x22e/0x820
[  613.154493][ T9347]  ? drm_atomic_bridge_chain_disable+0x157/0x180
[  613.154517][ T9347]  ? __pfx_vkms_crtc_atomic_disable+0x10/0x10
[  613.154539][ T9347]  drm_atomic_helper_commit_modeset_disables+0xc89/0x2010
[  613.154565][ T9347]  vkms_atomic_commit_tail+0x51/0x210
[  613.154593][ T9347]  ? read_tsc+0x9/0x20
[  613.154612][ T9347]  ? __pfx_vkms_atomic_commit_tail+0x10/0x10
[  613.154632][ T9347]  commit_tail+0x281/0x3a0
[  613.154654][ T9347]  drm_atomic_helper_commit+0xa6b/0xb10
[  613.154677][ T9347]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  613.154697][ T9347]  drm_atomic_commit+0x262/0x2c0
[  613.154716][ T9347]  ? __pfx_drm_atomic_commit+0x10/0x10
[  613.154732][ T9347]  ? __pfx___drm_printfn_info+0x10/0x10
[  613.154762][ T9347]  ? drm_atomic_state_init+0x231/0x310
[  613.154789][ T9347]  drm_atomic_helper_set_config+0xe2/0x160
[  613.154812][ T9347]  drm_mode_setcrtc+0x9a4/0x1c50
[  613.154845][ T9347]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  613.154866][ T9347]  ? lockdep_hardirqs_on+0x9c/0x150
[  613.154890][ T9347]  ? __pfx_drm_mode_setcrtc+0x10/0x10
[  613.154922][ T9347]  ? rt_spin_unlock+0x65/0x80
[  613.154941][ T9347]  ? drm_is_current_master+0x1a2/0x210
[  613.154961][ T9347]  drm_ioctl_kernel+0x2d2/0x3a0
[  613.154983][ T9347]  ? __pfx_drm_mode_setcrtc+0x10/0x10
[  613.155005][ T9347]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  613.155030][ T9347]  drm_ioctl+0x685/0xb20
[  613.155050][ T9347]  ? smk_tskacc+0x2fc/0x370
[  613.155075][ T9347]  ? __pfx_drm_mode_setcrtc+0x10/0x10
[  613.155099][ T9347]  ? __pfx_drm_ioctl+0x10/0x10
[  613.155126][ T9347]  ? __fget_files+0x2a/0x420
[  613.155150][ T9347]  ? bpf_lsm_file_ioctl+0x9/0x20
[  613.155169][ T9347]  ? __pfx_drm_ioctl+0x10/0x10
[  613.155190][ T9347]  __se_sys_ioctl+0xfc/0x170
[  613.155209][ T9347]  do_syscall_64+0xfa/0x3b0
[  613.155231][ T9347]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.155249][ T9347]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  613.155266][ T9347]  ? clear_bhb_loop+0x60/0xb0
[  613.155285][ T9347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.155306][ T9347] RIP: 0033:0x7f572918ebe9
[  613.155324][ T9347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  613.155339][ T9347] RSP: 002b:00007f5726f89038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  613.155358][ T9347] RAX: ffffffffffffffda RBX: 00007f57293b6270 RCX: 00007f572918ebe9
[  613.155373][ T9347] RDX: 0000200000000740 RSI: 00000000c06864a2 RDI: 0000000000000005
[  613.155386][ T9347] RBP: 00007f5729211e19 R08: 0000000000000000 R09: 0000000000000000
[  613.155398][ T9347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  613.155410][ T9347] R13: 00007f57293b6308 R14: 00007f57293b6270 R15: 00007ffff0ce0758
[  613.155431][ T9347]  </TASK>
[  614.129922][ T9336] bridge_slave_0: left allmulticast mode
[  614.130178][ T9336] bridge0: port 1(bridge_slave_0) entered disabled state
[  614.338747][ T9338] sch_tbf: burst 19869 is lower than device lo mtu (11337746) !
[  614.422625][  T992] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  614.810175][ T9339] netlink: 40 bytes leftover after parsing attributes in process `syz.5.916'.
[  614.832614][  T992] usb 3-1: Using ep0 maxpacket: 32
[  614.886860][  T992] usb 3-1: unable to get BOS descriptor or descriptor too short
[  614.912640][  T992] usb 3-1: config 2 has an invalid interface number: 189 but max is 0
[  614.912665][  T992] usb 3-1: config 2 has no interface number 0
[  614.912697][  T992] usb 3-1: config 2 interface 189 altsetting 11 has an invalid endpoint descriptor of length 3, skipping
[  614.912718][  T992] usb 3-1: config 2 interface 189 has no altsetting 0
[  614.950029][  T992] usb 3-1: New USB device found, idVendor=041e, idProduct=3f19, bcdDevice=9b.52
[  614.950046][  T992] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  614.950056][  T992] usb 3-1: Product: syz
[  614.950062][  T992] usb 3-1: Manufacturer: syz
[  614.950069][  T992] usb 3-1: SerialNumber: syz
[  616.256059][  T992] usb 3-1: unknown interface protocol 0x3b, assuming v1
[  616.256083][  T992] usb 3-1: 189:2 : does not exist
[  616.260508][  T992] usb 3-1: USB disconnect, device number 11