last executing test programs:

2m23.645882808s ago: executing program 0 (id=662):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000000185000000750000009500"], 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x2700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

2m22.933012445s ago: executing program 0 (id=665):
r0 = syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000080)=ANY=[@ANYBLOB="12015001020000102501a1a440000102030109025c0002010000000904000001020d00000524060001052400a2000d240f01f9fffffffdff08000006241a00000809ec8003000400000009040100000000000009040101"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000700)={0x44, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x80, 0x1c, {0x5, 0x3, 0x5, 0xa80, 0x5, 0x9, 0x4, 0x380, 0x2, 0x97, 0x5, 0x8}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

2m21.286041714s ago: executing program 4 (id=675):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0xa}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003640)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="af", 0x1}], 0x1}}], 0x1, 0x4040005)
socket$netlink(0x10, 0x3, 0x9)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0xe8c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r7, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0xe58, 0x2, [@TCA_FW_ACT={0xe54, 0x4, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x4, 0x1ff, 0x20000000, 0xc, 0x6}, 0x7f, 0x5}, [{0x2a9, 0x6, 0x810, 0x4, 0x5}, {0x4a7, 0x1ff, 0x4, 0x1, 0x7, 0xdd}, {0x9, 0x7, 0x3ff, 0x97, 0xfffffffd, 0x4}, {0x8, 0x0, 0x6, 0x2, 0x7fff, 0x3}, {0x4f9a, 0x5, 0x1, 0x1, 0x2, 0x8}, {0x0, 0x5, 0x1437, 0x1, 0xee57, 0x9}, {0x77d, 0x8, 0x9, 0x6, 0x8, 0x1}, {0x5, 0x6, 0x0, 0x2, 0x1, 0x7fff}, {0x0, 0x3, 0x4235da1, 0x9, 0x7ec9, 0x8}, {0x10000, 0x2, 0x0, 0x1, 0x3, 0x9}, {0xd, 0xffff0001, 0x0, 0x6, 0x81, 0x4}, {0xfffffffc, 0x4, 0xffff, 0x2, 0xffffffff, 0xfffffffa}, {0x5, 0xd29, 0x101, 0x3, 0x7, 0xc}, {0x4000000, 0xfffffff7, 0x1, 0x72b2, 0xc874, 0x3}, {0x3, 0xf, 0x5, 0x1, 0x1ff, 0x6}, {0x9b9b, 0xffff, 0x6, 0xb, 0xb3d, 0x812}, {0x5, 0x7, 0x2, 0x5, 0x5, 0x4}, {0x6, 0x0, 0x9, 0x2, 0x82, 0x2}, {0xfffffff7, 0x6, 0x2, 0x9, 0xff}, {0x4, 0x1, 0x371, 0x8, 0x0, 0xeac}, {0x9, 0x2, 0xd77, 0x8, 0x113, 0x8d3f}, {0x7, 0xffffffff, 0x4, 0x92a4, 0x9, 0x10}, {0x1a4a13f0, 0x9, 0xe, 0x3, 0xad47, 0xf83b}, {0x1ff, 0x5, 0x7, 0xfff, 0x9}, {0x100, 0x4, 0x200, 0x9, 0x1, 0x9df}, {0x9, 0x1, 0x65, 0x9, 0x7}, {0x401, 0x10001, 0x9, 0x200, 0x9, 0x1}, {0x6, 0x10, 0xf, 0x2, 0x6, 0x3}, {0xf23, 0x3ff, 0x0, 0x9, 0x7}, {0x80000000, 0x6, 0x0, 0x6, 0x6, 0xd}, {0x0, 0x9, 0xd, 0x8000, 0x3, 0x2}, {0x800, 0x9, 0x6, 0x3, 0x7, 0x8}, {0x7, 0x8, 0x7358, 0x7, 0x8, 0xffffffff}, {0x4d9, 0x45db8bad, 0xb3dd, 0x1, 0xbc, 0x7ff}, {0x7, 0x1, 0x3, 0x3, 0x3, 0x7a}, {0x5a1b, 0x1, 0x1, 0x7ff, 0x3, 0x4}, {0x3, 0x7, 0x4, 0x4, 0xffff, 0x8}, {0xffffffa5, 0x7, 0x0, 0x10, 0x3, 0x5}, {0x8219, 0x0, 0x2, 0x6, 0x3, 0x2}, {0x62, 0xf4, 0x5, 0x4, 0x4, 0x67}, {0x5, 0x4, 0x53, 0x8, 0xc0000000, 0x7}, {0x2, 0x5, 0x2, 0xffff, 0x2, 0x2}, {0x80000001, 0x94c, 0x6, 0xfffffe00, 0x5, 0x7b27}, {0x2, 0x6, 0x1000, 0x9, 0x9}, {0xa, 0x0, 0x9, 0x4, 0xe, 0x9}, {0xdf, 0x7fff, 0x8000, 0x81, 0xff, 0xfffffff8}, {0x2, 0x10000, 0x9, 0x2, 0x2}, {0x2, 0x6, 0x9, 0x1, 0x2, 0x40}, {0xfffffe00, 0x3, 0x74d2, 0x3, 0x80000001, 0x6}, {0x2, 0x8, 0xfffffff7, 0x1, 0x6, 0xa}, {0x8, 0x9, 0x8e, 0x33, 0x10001, 0x22cb}, {0x2, 0x31f5, 0x7, 0x5, 0x7fffffff, 0x1}, {0x9, 0x10001, 0x4, 0x8, 0x7, 0x9}, {0xb, 0x1ff, 0xb, 0x3, 0x5, 0x80000001}, {0x7, 0x80, 0x69b, 0x3, 0x8, 0x339}, {0xee, 0x80000000, 0xfba6, 0x101, 0x5, 0xb}, {0x3, 0x458, 0x6, 0xf, 0x7, 0x8000}, {0x9, 0xfffffffa, 0x1000, 0x8, 0xb, 0xce5a}, {0x400, 0xffff, 0x3, 0xbcbb, 0x7, 0xb}, {0x0, 0xe000, 0x8, 0x8, 0x2, 0x1}, {0x1, 0x0, 0x3, 0x9, 0x0, 0x401}, {0xd, 0x1, 0x2, 0xf, 0x81, 0x5}, {0x6, 0xfff, 0x5, 0x5, 0x3, 0x3649}, {0x7, 0x2, 0x80000000, 0x9, 0x1630, 0x9e73}, {0xb, 0x1b6, 0xc4, 0x7, 0x4, 0xca}, {0x4, 0x5, 0x401, 0x4, 0xfffffff8, 0x40}, {0x8, 0x4594, 0x8, 0x4, 0x0, 0xffff}, {0x100, 0xfffffffb, 0x6, 0x0, 0x9, 0x6}, {0x3, 0xf7b, 0x3, 0x8, 0x6, 0x3}, {0x1, 0x5, 0x3, 0xab9, 0x7, 0x9}, {0xffffffff, 0x0, 0xfc, 0x7, 0x6, 0xc}, {0xf, 0x1, 0xa000000, 0x1, 0x101, 0x1f3}, {0x7ff, 0x9, 0xfffff001, 0x8001, 0x2, 0x2}, {0x4, 0xd9, 0x6, 0x1, 0x9, 0xfffffff8}, {0x3, 0x3, 0x7, 0x9, 0x10, 0x1}, {0x8f000000, 0x100, 0xffffffff, 0x963, 0x2, 0xc}, {0x6, 0x50, 0x6, 0xa, 0x0, 0x3}, {0x649, 0x2, 0x80000001, 0x8, 0x0, 0x1}, {0x8, 0xfff, 0x6, 0x80000001, 0x7fffffff, 0x3}, {0xa3, 0x81, 0x9fcb, 0x1, 0x8, 0x7fff}, {0x0, 0x2, 0x750c, 0x0, 0x1, 0xfffffffc}, {0x7ff, 0x7, 0x10000, 0x9, 0x0, 0x88}, {0x5, 0x10001, 0x7fff, 0x81, 0xfffffff4, 0x7}, {0xfce, 0x80000001, 0x5, 0x4, 0x1ff}, {0x3, 0x0, 0x3ff, 0x7fffffff, 0x9, 0x7}, {0xdac, 0x0, 0x4, 0x80000001, 0x3, 0x8}, {0x7, 0xffffffff, 0x6, 0x8, 0x80000001, 0xa}, {0x2, 0x4, 0x4, 0x401, 0xe32}, {0x5, 0x7, 0x6, 0x8, 0x2, 0x2}, {0x10001, 0x100, 0x3, 0x4, 0x9, 0xfffffffa}, {0x2, 0x0, 0x3, 0x6, 0x800, 0x3}, {0x0, 0x0, 0x3, 0x8, 0x1, 0x3}, {0x3, 0x3, 0xffffffff, 0x3, 0x800, 0xde}, {0x5, 0x66, 0x41d0, 0x8001, 0x1, 0x3}, {0x5, 0x7, 0xfffffffc, 0x4, 0x3, 0x92c}, {0x4, 0xffff, 0x0, 0x101, 0x4, 0x1}, {0x9, 0xf667, 0x5, 0x3, 0x5, 0x4}, {0x1731, 0xa, 0x9960, 0x9, 0x1, 0x7}, {0xd, 0xfffffffa, 0x1, 0x3, 0x40, 0x2}, {0x1, 0x4, 0x80000000, 0x80000001, 0x2, 0x6}, {0x7, 0x2, 0xffffff3a, 0x4cf, 0x800, 0x6}, {0x8000, 0x6, 0x1, 0x0, 0x100, 0x80000000}, {0x3b, 0x5562334a, 0x2, 0x2, 0x6, 0x81}, {0x4, 0x96, 0x81, 0x0, 0x101, 0x7}, {0x4, 0xff, 0x9, 0x0, 0x81, 0x29}, {0xa, 0x5, 0x0, 0x9, 0xffffffff, 0xfb4}, {0x80000000, 0x2, 0xffff, 0x39b4, 0x1, 0x6}, {0x61, 0x2d, 0x6, 0x1fe4c5d2, 0x1, 0x3}, {0x1, 0xe2, 0x7ff, 0x7ff, 0x7f, 0x29d0}, {0x0, 0x4, 0xc, 0xd594, 0x9, 0x7}, {0x6, 0x0, 0x7, 0x9, 0x7, 0x9}, {0x80e9, 0x7, 0x9, 0x1, 0x1, 0x18000}, {0x400, 0x9, 0x0, 0x6f}, {0x2, 0x1, 0x6, 0x3, 0xfffff71b, 0xce}, {0x1, 0xff, 0xb, 0x4, 0x800, 0x1}, {0x6, 0x2, 0x8, 0xfff, 0x4, 0x7fff}, {0x0, 0x0, 0x7f, 0x401, 0x7, 0x7fff}, {0x7, 0xb, 0x10000, 0x1, 0x8000, 0xfffff830}, {0x2, 0x4, 0x2, 0x1, 0x6, 0x2b4}, {0x3cd2dbce, 0x929a, 0x9dc, 0x0, 0x8, 0xfffffffc}, {0x6, 0x0, 0xe71, 0xc5c3, 0x3, 0x1}, {0x7, 0x2, 0x197a, 0x7, 0x1, 0x8}, {0xff, 0x2c, 0xfffffc01, 0x1, 0x3, 0x100}, {0x0, 0x6, 0x10001, 0xce7, 0xec, 0x1000}, {0xffffffff, 0x6, 0xffffffff, 0x9, 0x2, 0x6}, {0xfa, 0x9, 0xbf1d, 0x9, 0x80, 0x5}, {0x1c91, 0x5f27, 0x1, 0x0, 0x6, 0x6}, {0x37, 0x622, 0x2, 0x1, 0x7, 0x2}], [{0x5}, {0xccffbfc290ab3baa}, {}, {0x2}, {0x2}, {0x0, 0x1}, {0x3}, {0x4, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x2}, {0x3}, {0x0, 0x1}, {0x5, 0x1}, {0x2}, {0x3, 0x1}, {0x1}, {0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {}, {0x2, 0x1}, {0x2}, {0x2}, {0x2, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {}, {0x3}, {0x3, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {}, {0x5, 0x1}, {0x3}, {0x2}, {0x4}, {0x5}, {0x5, 0x1}, {0x2}, {0x1, 0x1}, {0x4}, {0x4, 0x1}, {0x4, 0x1}, {0x2}, {0x4, 0x1}, {0x2}, {0x1, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {}, {0x3, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0xed3229170eca159, 0x1}, {0x2, 0x1}, {0x1}, {0x3}, {0x3, 0x1}, {}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x3}, {0x4}, {0x3, 0x1}, {0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x2}, {0x5, 0x1}, {0x4}, {0x5, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x0, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x5}, {0x5}, {0x4, 0x1}, {0x4, 0x1}, {0x4}, {0x5}, {0x54e1b160e6ec45e8, 0x1}, {0x1, 0x1}, {0x2}, {0x3, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {}, {0x4, 0x1}, {0x4}, {0x5}, {0x0, 0x1}, {0x3}, {0x0, 0x1}, {0x2}, {}, {0x2, 0x1}, {0x5, 0x1}, {0x4}, {0x2}, {0x9baeccaf277094c4, 0x1}, {}, {0x2, 0x1}, {}, {}, {0x8f9fc2e2ef57f2f0}, {0x3, 0x1}, {0x2, 0x1}, {0x2}, {0x3}, {0x3}, {0x2, 0x1}, {0x2, 0x1}, {0x1}, {0x1, 0x1}], 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}, @TCA_CHAIN={0x8, 0xb, 0x4}]}, 0xe8c}, 0x1, 0x0, 0x0, 0x81}, 0x800)
r8 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x34, r8, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
setsockopt(0xffffffffffffffff, 0x8, 0x4, 0x0, 0x0)
pipe(&(0x7f0000000400)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
close(r10)

2m20.122716533s ago: executing program 4 (id=677):
r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000062a10b40450c1010fce60102030109021b00010000000009043200019740a40009058203ff"], 0x0)
io_setup(0x30, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="0600004ef865d02f3f8b00081e21cbc77c86163fd0953223c9469c826de1463ecaeff12443a63519d925e85cced1a6b854fcd571d1ebce5dfbdbb9b0f5d0c29938feb6fe01511d46c535e7e4fd15cd239c9a4b3fcdde1eb820991cfd124c1a6c368898a052bfc6184136ced9c7"])
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x111800, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32, 0x0, 0x3}, 0x9c)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x89}, 0x0)
syz_open_dev$dri(0x0, 0x1, 0x22100)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x40, &(0x7f0000000340)={0x77359400})
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
syz_io_uring_setup(0x2280, &(0x7f0000000140)={0x0, 0x6579, 0x4000, 0x2, 0x102}, 0x0, 0x0)
bind$inet6(r2, &(0x7f0000000380)={0xa, 0x4e23, 0xd, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
sendmmsg$inet6(r2, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="af", 0x34000}], 0x1}}], 0x1, 0x0)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r5 = dup(r4)
syz_emit_ethernet(0x76, &(0x7f00000005c0)=ANY=[@ANYBLOB="0180c2000000bbbbbbbbbbbb86dd6003000000403a7ffe8087d0645700000000000000005e55bc5eeb000000148ce9ba3f28e8b802009078040d000095c3bc850004000000000000000000000000000000000000fe8000000000000000000000000000bb3a00000000000000183e7204fb020000001e300d00"/136], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x1ff, 0x3, 0xd000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000180)="420f015f0b0f01f3c461545902410f0766baf80cb82ad9ea8aef66bafc0c66b8b09c66ef0f01f8dcc2b8010000000f01d9410f005b000f07", 0x38}], 0x1, 0x13, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

2m19.774715283s ago: executing program 0 (id=681):
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_clone3(&(0x7f00000006c0)={0x192142100, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = fsopen(&(0x7f0000000400)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000240)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='\xd1S{O', &(0x7f0000000080)='\x1e\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000001680)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000640)='dU|\xcbM\xe6\x91q\xe0\x05\xbes\xc0\xd2\xdb0}\xa6\xc4tly\xe0+\xb8~\xd9ymx\xa1\x06\xb4F\xf3Q:\xfem\xea\xed\xfc\x04\xf88\xe0\xa1&\xa8\xff\x10\xb3\xb2\x92N\f\x00!\xdbV\xc3\xca\r\x8c\xfb\x8esJ\xb3\x1bf\xce\v\x0e\xe3\xd5', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000040)='\x00', &(0x7f0000000340)='dE\x00^\x1b\x19\xabr\xb7a\xa57\xf9\xd5\x8fR\xa0\xf6\xf7IQH\xcdPHSG\x05\x94X\x9d\xb5\xa0\xeb\xa1\xd0\x95j\xf4A\x15y\x83\xeb2\x8e0O\xdaY\xd7\xb8Q\xb4', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000007c0)='{)+}@@!}\x00', &(0x7f0000000800)='dU|\xcbM\xe6\x91q\xe0', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, 0x0, &(0x7f0000000b40)="b2", 0x1)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000840)='\x00\x9b~\xd7\xde\x91d\r\xa3e\xec=Z\xce\xb0\xdfr\xbfQ\x85n4\xf5T\xc2\x86;\x03K\x80pF\xeaK\xb4t\xef\'\n\x05\xc9\xcfc\x92\bE\xf9\xf9\xcf\x96\x99\xde\x1e3\xcdA\xf9\x1bj\xc3\x8b\xbe\xee\xb3e\xd8Mk\xf1+\xbf\xd5\x98\x8c\x13\xdc\x85\x17\xcd\xf8\xf5\a\xde9\xd1\x8b\xf0&P\x92\x99u8\xb6,#\x0f\x89\xd9ic\xb5\xba\xe7\x03\x8d-\v\xd3S\x98\x89@\x8aWLU\xb1\xc4i6\xa5\xb7\x1d\xf3s\xaf\x7f\xb16\xa2\xbe\xfa\xfa~2\x1d\xeb\xd0G\xdc\a\xa3\x93n\x82\xa7h\xd7\x83N\x8aW\xaa\xc1\xc7\xec\xea\x13\xbe\xf3fQ\xfa\x8cP\xa7\xc1O,\x83\xec\xa9\xeb\xb2 u\x15A\xde\f8T\x81\xccces\xfa\xef\xf4 =z\xfc\xef]~tY \xef8\r,x~\xa0,\xc7@\xc0\xef\xc1`\xec}\xa2\x8d\x95\xff0c\xcd\x02~\xb7\x1a\x93\xff\xcd\xadB7\x13\x84BPC\xa4\xa2O\xf0\xdd\xde\xc5H.y\xfc\xe9$\xf6\xa6t\xa3\xdbr\x00+\x01{\xfb-\x1f\x1b\xeb\xd9b\xf0\n\x99\x0f4\xfa_\x10\xd0%\xe7o\xc9\bO\xfe\xfb\xca\xf8\x9d]\xa1\x98(Nw\x87\xd15', &(0x7f0000000100)="8d", 0x1)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000a40)='\xcfD\xbc\xbf\xff\xdc\x83\xc5$\xb3\xecr\xe4G:\x93\xdfj\x96\x7f\x03\xe5\x94\xec\xe6\x04T\xcbn\xa5\xc3\x04[\x02\xa9[=\xf9\x8b\xf7\xc1\x9c\x83@\x1e\x99\xca\xc3\x85\xb8\xbeSAk\xf4\xb6 \xdf\xa0P\x18\x19\xae\x8c\x9a\x19mm\r<|\xe8\x9e\xa0x\x84p2\xf9\xe2\xed\xb0\f\x7f;\xf6J18G\x84c\x88\x9d{\xf4~\xdby:\xd8\xc5\xccrun4\xe0\xca\xc1\x0f\xc3\x03D\xe1\f\xb3O\xa4\x1c\x04]8)}\x83:\x9e\xc0X\xdb\xd9\x89\x94\x9b(\x19\\\xf5!w\xbafo\xea\xe4\xb5Xe\x84\xbc\xcdw\x802\xb4\xb8\x1f\xc2\x97\xbfi\xe8\xf8\xbd\x1d,\xffUX\xbeA\x00{\"\xdbya#I\x03\xec\xed\x8b\x97\xff\x1eiq\xd1n\xf99\xc6\a\a\xed\x0f\x15x\x91\xdc\x05P\xf7\xf3\xad\xa3\xbc\xe4[\xa2\xc7\xfa\x9e\xad\xa2\xad\x86\xc4\aD\xc9\xdf\xf8\xf7\xc1\xc5\xc5.\x8a&:\x90\xb2\x8c\x86\xb2\\\xa8%!\x98TQ\x91\x00\x00\x00\x00$\x99\xbf', &(0x7f00000006c0)='\x01\x8dik\xc2\xed\xf9\x8a\xae\x86\xae)Dn<(\x02:cU\xa0d\xd4\x1f\xd4\x95\x93\xb7\xc1\xcc\x84\x8c\xdd\xbf^]~\xcf\xcb6w\xb3\xfa0b\x88\x04\x10\x9d_\x97\x9f\x89\xb7\xe35C\xf3\x1b\xafV\\wGU\xaf\xa4\f&\xe7m\xf0\xaa{\xb2\xe5\xe2\xeb\x9bN#\x99\xdc\x9f\"\xab&\x8f\x01\x17Y\xaf\xb7\xdc`r\x9c6\\\x0e\x94\xc0a\xf7\xd4u\xdf\xf0\x9b\xb0p\v\xa1\x8a\x145\x9b\xd95\xc8U\xe4V\x81-1\xb0K\x9a\xa3+\x03\xc1\xf0\xeb\xafYI&\x9e\xd0\xe1\x148\xfe\x10\x0f\xbd\xa2\xed}\xe6\x1asT\x1f\x92\xdb\xa1&\'\xc7\xe9\xa5\xd0\x89\x8d\xf1$\"\xdc\xe5\xfcT\xad\fj\xfe\'t', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='$\x00', &(0x7f00000000c0)='{)+}@@!}\x00f\x01\x0e\x00\xadq\x1e\x03uK\x85\xe1\xe3u\xc2\xb9\xce&s$\x9co\xeb\x97o`\r\x83\r\'\x0ff\x04Q*\xe7', 0x0)

2m19.774039097s ago: executing program 3 (id=682):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x32, 0xf4, 0x49, 0x10, 0x9c0, 0x201, 0xaa4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe5, 0xa5, 0xc8}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000006c0)={0x1c, &(0x7f0000000200)=ANY=[], 0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000)
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0x507002, 0x0)
r2 = open(&(0x7f00000005c0)='./bus\x00', 0x66842, 0x0)
syz_fuse_handle_req(r2, &(0x7f0000000600)="42648f89fb6a71181d3dd2971b0912004d57ab6f8ad06d11ef457ce6728ae9f04834013c4e8ec450d3bf8712039f59fe3f4ea72213f7f8563ca12e3aea33460e7b307e0169939bac734ba044bc6831a3eea276673fd3aff2252958e9dc2aa575a96bd1441d5c35262f44483caed4be404f618ecff924a56afa87e3bd89b430021defe0789b6704cc0320927a53623c7e8dad4cfcd73e600ce139f14c6e32dccd92c86333e4ee0723be59218ddbed40e0a14e76d75cddce7f4be190f3475e8fabd5d62460c292bc9bcc1ff6fb474d97c99a6dab91bf18e60faf1aa61130c102187d32b56ce21549aef61a7e819621005144afd0c118075939d3a7bf6f2366c5b09e956e24dba368ea0cbb8eb57ea068d67a5364ed3649e544c93fff160487985d3cb19e316f34a8d754b43f9e28410df7a37fe2bdc581aabee78b39cfd76de7f99d907586729a36fbdc65125ddfb5117dc14b5a9977777d38cf5f6850a435b91deb86f2e4d2c327e317f9f7e8704053cd35fe938eb0d861ddd0ace2c05dbc888dba5e7a755b33b94255a69395dd72df2307bf0476186b478aa0c4298b44145cdbaca1f1cddc24367d6c333a910d1934f87f57d95a3d4dfff6a9b3e94d13b1e1687b9f2d8a560a82bb6d41b20b76333da7aa40852da121904f4c119248674e8ee32d7712f16bb4baf22e68bced943d00cb34a217dd48d766b9d9473d7744b750d4654c3c0f447ed90a5520d2734e7147d7be0c00d7efe73912068a390df160dea55dfa9c7c5baabd3479711cba1534ba645b5f1b61e27f168fa6ed9fb458755b1271f471bdbee6f42e69f6ff59edb735144057b776ca4d5476bf8399db8d832d54e151d55604e9909b75a2f78359b735077597f67cb540d4172994e06a7359319b01373ae11c7529359d58bfe65fb6bac8dc61818e6c548af5e484e17dc824805a5386c06d0ab318bad64009e5f475b74a7e230930a08b165ca6c41d16bcb38edd64509bf6b673732e3bf1ef9722d2f230ca096e27affc757d4250fe3cbfa6355a978bb92195a5ee936fde8ce5aba4cc1c907973e930ccc19b2b20b42b1f710b929398d5fbcc4ffb2413fbd419648497f123db2499ed12fe25ece61419d2dd1d1cade36cc369ac830531fc86805b88297812088c5c9442b96c4e1f834d7b174d379710ccfd762c2e0caa246e36d558c7a0c241b68ac4171fc7d5286623bfb268d4aaaf7b931a333760324d39177bf659a8a7463f0c9fe92d5ada75b8fb0bf21572b813c966b05d1828cb683208ab8051d41be4f40063c73410c1d627965447b0575851e7f328a250665bf7e1c133daa142a6ae1f38e587ece8193e91ad1bad93a3d17008dcf3c76f2e559eac8d561080c4dbf7de4ccf185044db1db24d54aa5fac8f447eca5b693fcb24d6e5dcaf9fca3c199b01d18cdc308e589869d1f9077f79bd8247500d66492dce65b1c14453698ae96df31349cc46a5d8fc49e8cb45ed139051667ba36fce6c679ef18a4d0f85c75d33100ee5f9fbcf17c344edcfe96c57f024faf8104e34e7d40b0c178a7ce282daaeee14d5dce60753e89cb3ee252d2dedfe50fa099e2275e8a89cb495068926e0aa866a7b53453eeb6b5a2a785a9cb7a244c29bb65c1da6ccf72fce30c55771d1d374abe5c6edbe156a1d8b7e0792c3c88ca2b3e657f69d07c02f154d8a5cf0ae10c8b2407c190fe9f4d26f44612f83947c0423217623628a10c2eb6550b4093ac7ecbd1cc8de99c2360820e787ab82fc16d9fbc2f94dee9c9b0312040e723b0e10d2eb1ee55f234f0554ae0030f91dc2da090c85a59606cf617e5e47b152fe9dc6b2e7dc24c3f0f2ec7c6e74d330ceda8564a986bcfa8196c7946bbabe76b71dff79167819ec11bd65dbb13182691c521655a5b3d48d6bada4a8ef929b05fdd1640e2bc4d1ea600789372c89960f761ab0aabb64d101f903280100388517500912983d0d08c40e5bfcc26f92b22337094d6def16fe59763a71ecb5b3a2d3aebf2fa057dd6fc96cc64f44abe57dfdee819dd1ead813d298e384a1f2e346a854047e1767cb061fcbc66de4efc7b55e069f2aa3e3e578dd4c5c220c4d659d09d6cad388a30d4fd1fed8430ccddd7bc26c1d042d9c1b35f1a902f53eb4a0395cc666f0173cc2f6090fc5c4315859b466ca8cf503fb8e6e4bba1a30c78889a272a0cce212ef94728db045600f990cdb55236ea5a3a6ae4c53198e9f79d27ef4970cc5b9d233c2d701d69f4915e815196b05fc9bc9d47fb8e410e7a2428b50fbbf83b854e8e182e462e6041775a1f71215c37f18b41c920effb8c6b94a7b7ff220f8e30dc3f387aa76d9f64c11cd462599a8a2708d3cacdb752bad4d870f7e187a816b1a5b53e912cd703a7f5fbb9f1ff9c3d3ba27b0a512579e78d267cf28c8ffd79d70b1a6c7be1b26807f388f181173955355792106ed7c0774632279f651dc3fb126951e362ab6c9b8b74d84a80254ac1a8c6f3fff2bf59df608113c9234ec944091af136309f306141f80bcbb33fc255308a4fe94b89411d0f5d97fe2b6a515db55a84478a87d35aeed9f0be9b826071cd0063466b7d417c0074b75eac0e490eb5a63bf6f8de5154f96bf615a2a7693229eb5942d0fc69d71a35b19f788547916ce87e7b9dedb34163c5143bb4a19825ec2606e8718eb32478275bc534910b28a32ff914155fff1a44228bf4fb0c1fb7e47b74ab0822b0da18bb8cb8bbcddb6a71b86065599ec329189feb992e834cd98c0c00f27777d7b14e26ef157a51cca27e2e5ec8290725f27affff066373f1a88482c1577c8b81f4e827f701530627da7ec928629cafcd80436d2b52b1a89e68c1f15ac1c90a1f03aa56d01267bb014dbbae34cafc998bced3ab3f7b98f236e31117c882736a2d78bb5116402638800a46b6f6f04b3845a7fb4e4a13540bd453f7e388dbc55f4da57ba3a05a9f38ff0dba473148337b5ac5bcdd428f0ad2d019419f77ff46036e70b8d4a609ab6f1dd843adb788b361f8b61a3fbb5cd5d53e16f19c916550498f664ddc4dae52eeae56571b1f4e014c83093561c8198a86c7e582dd9aedd946e8d901e15a6b4e6bc86b4517b7922b158cb56b673cde5f6c2d95270ef05be39a9d4d4d3144fb4516ced2281a242f3895d81928a8466046d699ce2dcfe77fa82483919712b7ee3863022274b3cb3c0eea2af6c5f4fc696aed904ed35283f629ef6a9258b4551cda69cf401e772ffbeea00db6f9a610d20203f84cf036b895e0667118f540adcc0b967c1dee3b84447425c2356c3442a7576f9dc551d8c755d81bbf8bea12ddbf3127f6e6bd49c6fb8721ead92a53fe207fe9fa97d4ae4733f79d4abb46d09675ddc426e93442c5a89e8674b068c4a069397db45e6293870311f48ef813b23dd6b72722e37175e42bed33947e304e9ad920c3506b56ca517acb42c8937decb07427c3958d9bbed483bc2aabd24508070d02b7adf256ae5a889e84fca6eb1cf6b563a6fd8a7da58a8e49a6ebf102616cf99cdd4caaf83ef295bdfbca4040847d7af141ff4cee26e40cdfa74ed7b41317a2fa481ae6adf96ec35ecfb433a242bdb827364801f733b7dd84fd087322445d73a027434b5c2f699763b6515bdde8bb8b23dea6667b5efee19d1668ec08e457013ffd3ef090af92f0dff62aba6d634595ad8f3a1c8e8a4b6405959bf2f905659f57cf80b8d8180b9ff5a63595200a6655eb8137b646196933cd835c1e66864c3f7804a737f10cc53902bbff20018f04d6a1c987fb055993d24b57ac7a366dc581d28b7b2ac6fa51a97b3ae91011e0a93a021fd10ab2980284f616187560c07bbb5707ecd71d03be2a972aab54b6fb01a26c108fe1a01e271dfa874b06e69679dc9a91cdef271f0aead7d90d29dd400fcfd84b3393b6178cf3d240f4ffb218adf801c937821a8914bd43b87050c91e8e561ec2b3600e658b99e8eb751f9aef211d1454cb7f10f78f9b78223a55b4674f929a6ef96b55705ea23d3bdf8a0424490261cdacd43662dea71620a7f00ec0d29f74322fb3b45beb91dafafce0bf69ccb0733dce0d6f028065536037f4b74e224ff9171faf3ff803ea40035d3f3b40dc7869d3de37ed0eaf59aa3e9c416f144247c5e41295637541396ed4f16b6454266c464f9ee9d3dcbf6bedfae3869d041cf6b9d97238649df5e8db66140364101119140cb7b5b8f9dc0a2230d16f560736598f7de12119e2bc4ca10bdb042967644b20206ee28527113912797f5ec9146d20f3cd753f650b3ae81e6c474d786829309338b69a6e17924846aae472ec729cd5cb9746c330ff1cc0e7ff9ac558c01b810dbcc51a0e68ee2a2ed592502c919484b411df4914ab75d94254234cc71160ec7fe719f1aa58160c9df78c201e71af4a44610a9b0b1a6fae4e55085c031673cce78f28cdad232f4a518f2e9f236d11f3f6cb4fc53126e005626bd36a4904c1c2674c627bcea99f67a0916f3b27f6cc0057104a4986ebf04c60032aa535b625824504e4b3450676113f898f5edeb9e9d3eb805c1d641f30b50189fddc9c02a364c63a924a40703dfb8f10fb341dda75fcaa5bb30dcf123da98d7e5f37e5a236ae5e26b5e22def1bbf08a03bec933e3e0604a82b744c18f95c90cef3b5bc8ea64fbc7ee84c39b6b4b623078c693e11a23b506443693260ac886e5f204533583de3dda87e63d6ef19a3fb834441b06a7277a18dae65283576d8a169ec88e6966e3f167200f6681f865da25f8df09cd6e14927a37ad009274bf85d92f73e38bc69a1037be325141fd7b356cea5d16a816c829faaff272338bd1835d6aec98e447a3648c24a60bcc0c26837acc197d198a75c3150a7c7ec1d4bcca3802b635f70f92dcdf3f470ac5593067d08032966085599b464c8a91f2098510c2c6a3eb8ab7a6d11b98dcb2fe4849425497eb52ace429c8be5e9c242446a7dfedc403674ea42dfd07883a01c7e6be7e829cfbe4c37f9fc9270bc29676f188a83fa1ba030b99a84459381ff40fb74d757844590b9d98560192ea75cea2f9f901c370ae0795f2ab6481829fc630e7aceb93fbe765c79b1bd61ced99846833bcaafd6977da914a592a81070238c496e895220c8a59d53c761fc9ba16601a30794b9e99cf668c6077471ee4de8e79b7f82933205d3a0c58235485a4f241420e0bfa2e1940e9176126a3f54b50d801152dbedc826db5b22c93e48281b5f0c32aa04cc5ae988a9327517435b4242100229e9c42fb039d4febb4d8ec88eff9b0bf3e16b7554163fd9d53d28ed2275cc3e7af9e03acb9dabcaaf6138517ecef21ff9e6fff8a3c7b9ec90a9e8ee51a87be1bc1b1f5e07682d40fa99e01ac21a8c0cbacbeb02cf057471ba3f018723f12fed8058141358ea6a2a8d8604a1b0e61e81b086514560e1935d4e5b9aab78f7cd181b1ea1177b28baef5bd511fb15e91ea0b7f84d0877a41883280fd417b0f7776242347adbc32aabe72aba4ac394bc3c85a60f4855d68534439383d0e4d7eb2cb6692aac3652db080af167e8b54770498413dde1b387493bdeb96fedb6be16132dc4dc42f733446913fdc3f7edb9ed3306fa0445ca511d71b951efa0492e737e82804c544a4b765f8a7baccabe2b5b795bfa777cbb5de8f64eafceb971eda31f72cf4ab01146cea7ac5c64d8181455ae8946a0c08ef449d22600f82372b23b9fb4782183b19075506148c20a80b64db5b7ae6f9b3ac166e9267eb89dd49b6e602f1337d3fe3c250dca0b7e93ca204321c83e8c848e520195d4879f4f926ce0da9315d5cfd00a8bbfd5f9ca41747dcb4c279619fae14df0030dbf2c4d959b32678a8890221cc6b3ec028fca80903118569ffcd63e868bf3e4467b705dccb2e5a7b15cfd839de6905eb9a3bca28831c20acc468551a726cc3a32c1397002b1ba7eb452dd0da029d3b2ed8c1b3eb74f04994ef874b2ea64ec690eb6a5e46801462691905c250e6fee61392b5e7b51bf202686274a35f140b44c66fefd8b089712e6e8ee9da9829f0ebe7883e828f89601c3f032623c441fe844ca069bb99d15946701553478f75a4f7cab6449103ed1be6e39c9347c7d3a39b7d5888c1d5cd2c64fefa1728f5b74a65594640d811cd4267a64007ead28046c0ed307246bc63ffc719cc22ec7401c0ddc3535cff0ce515ef0c48a15de73a7b478408fd2b8932ce9ad0842a57802597b310d97af471fa0273f125673a2e1123b2596418141b49160f5e6e800e98770e62e71cc70120eb2c1676837be42e48f79ed9d154e682b700eda25eaf79cccdfe1bb8607d33495fbd06b26bcafe575544256eafd6032efaeb676db836340760500c383b8f16979144dcbcca0d8a1fb93a43204cd0c33534cebe68fa0c38088dc48bf3dcee7b2d288e0a6fab6d04130cbcadd77e8619ed71ea93f98dc75596f8878fc428dfe79737a48ab6105ab0eca04dc08ce9b14923eb25040fe861d8ec7f399c43372434a48a84c224a572e2ded446af505631d7f7ecfe39939beb08ff3f6bc086b47ef3c701bee75c84d82bdbb99fe33dd2d5942b2f9f11378f61dc76ee8f815b1028a636ee0e2a15b67edd039693291bfb62573d28e1046525a2a61df1620053114d55b71f7b32934736c9f4b9906bab6011c028eff9d648d3e079e4d704f5fe75756c2e5e6bc36604fe5d8eabcd2ef6ab25578cfc8535ae3c6debcac393054d6a58e0063f8055663a1b1e9cc79e9474ef416be2c5ecbff28ca2476988be25de5c17f84651557a83d05027aa755068b80774eea649d07a4f9d7c4707b048eb869931718edeba7e8280d8f6fbe4bf187b2e872668ac9a0ea3bbd3ab97eb87605341d1666516ed8d66838bc1ecf8c3ff0c3210d5be15b8f2510d800a0ccebf2e378ed8c16057093d3cbabeaf4afdc3b761ef7017c521482ffdb0cc68a080b06a998164d882461583adcbd628b0198a0cdae4d2fd7462520c242cdf73954efced6f5bd474247f8f87446c0f752763b14f30c55709b9b6e795feb533abcbb49654be07601da63edf051ee930c7b3601e88fdfca1fe9ffcf83c47915b7e83255fde08719f97528e70775b15769bfcee76ed69667f73291c4fdec4e649b496aa2985b13bf162570fdc62436e71d090612797f7334299b0463ff7d9324a1cf4a99009c9363bbe4d634f83e5199bd49d4cd5b79a5d9c5f6c7a452836b8b5e0564cf1f7540a451fb7ad8956d8b146f364d12fa8ad2304069b33d4568872bb944eb184b7dcfaad3efe4d1f289ebe129317c87c97acbea8c6324aea02ca040f55a8d18d88e041d7084f6aabff3f5860b908ee413c544acb87c4a74b246b0fa3c3a7eab6cd44fe187687f82577b2970fbd47dbfd4c43a133cb6022b923222f750fb492243704aeb91f0b779e441ad7e00e646a97d326949c8b4c464f16957fc6a6b643e2799925a3d8edad270ef2c56f5f14174e7ad96bc8dcbf3493d59cfdbc938d5feec9feb6bc3693a54fe325fab03d6d2716d4e6c2fc195150e5243524e755a89456260d6ca070f81c09a6fcd790d8c8c2d787b5ef8dc8bbd299fdbf5305669730512321f23ea39fedcfab6352d752a7f5e065e7957627e5a46d7be37bf8af7b22f70e04c41b4b58f0ae5727d89a66099f193cbf51e95487cec76fc51a061a4360b30330de2f36a4edc96d83a3fa0b3967ea08b6676740b4e9784eba1303f7a4904f947e25b1309eb135b1a8f7d08fbb6be9c2ff55d4d78c40eb768432a11b8c070934db1b6294236a60f6dde1dfbf0d784a862774c67f4054a69cf5e63f818f14d530558a6d1ed262c9fde16ca877c04050bc5e6c22173a3fb94c3ad13804ae1105bdd6aedfed5c4fbbd742ac73e3f73eae1f8f56c075ed7b3b4e9959a67bf1037bd4dc47e0a3573056040e66eb9bb6c61d5323af6b3f6df1585137585513fd27a0dff85486e0572c49f41335ef02540e1dbb8aa06668c0efcb9392ad066efdd17b91a1d9f7cd36c106b0ea544c8911a3baee42475dcc9297e8878a72f58e0f9aa8e372fa1036b7d651ad8961eea36619174e60cd3d9cb1e9160025388351572b5f3f13fb871fed3d3f51ff000667c9d438fcb7832b4c637308bd24648b1f413f22c6bdad93d324ab688a3497c6b9e4099eb6f283e195df0e6c2bfbed3687919a012ac7ff7c15e9ec53e6f4559f486fd051297a211231c61d87350d852f5061770d94bb76e2aa1060b76ce3498f7fdfab5d485e0a7940101672de07b7bb28761c76b2cd4976cced8cbf552579670ae689d7a26978d22ceaa747eb84d50da2de9840b679c68758ec94ff4a16a6b76a2b4ca27a4ac1314514ea02e6f2cfc97c6143d81c7246d7f90d0fd2f18e42ea749513a662549ef2491d1ce63cd5d2a9f41d67cac85be2b755e99c3de45e1a4abd51e7215ed200c2cb0951d410008ec786d3b83d39419f70dd8980957953fd8a2b47379047d489236cc35ab922ccf8b0828ac0e23cc0d3ce843c11cb2f96beca95be5a7ce117a6011ba1eb1b2ea43bb10919980ccf9422ba8683a97befcef6f86fef7ba3b7922e3f30fe623a0efaf74d44d8be65cf4e2c51b0e3fbce2f2ddd14ebbb4b390dea904e6eeafcd63c9e85651b87e9e03964c19e9daa700d50bfe677c8a0c0a29e2794c8b6219328b43c65fbf61fbbb92c2cd697a48eb3a529572c4ccde22e559e229cdec298a6e1391c4faa657b300979282aae8e94d0c1449265b3c0bb1062687332bbc575495d6b4a34bedc7710e883a934414a7a7421f5a3c16d60ba3bbbed78c721254641ed753cb42e48e5f1c71ab359e019f85345e846ef911c94f173c7daa70731cc551428275a6b87fdc2c93220cc565a2eca0ba3761981c12645ae24831d9f611c249955a18b4dda30673eeedc27ddb9f2f298a48f93de182331e66d9cd2bf6b7099a9a1275248509a4ebbb6b3194e2c6e3eb43a0f005f161811ba1c537a78b524ebb9f393b8fd552bde11f7ba7e63721a53860ad3653e4924259fd3bc46577eab179b083ef56e0863a1eb699da3a9b2a3747a1d0adcad6bc770e5344e3f075dc215e9b2ae877dae45f0c310150547ee224f13c483abcf8a11d9796883a26bbfa507aec9fc4d8d2adc32c330b1e9ffa851349f83e5b23fa4654fb251fb7b612bf2c15fa5cab0634bf8faf135b3ff200eba468c031bf41e5994876b12dbe49ef503fa3937b70f6cf25f6d0ee50db2a114419e47a26b11ce019ba3251ed0131674761507e075200d9f29f00e0a073b7388fd5a09f76fec489ec252c510ef9ef3e60ac60399335719b2d0606b270c0daf49eb0513fc9eb27d8f872b969040d786118727618032bf82ead7fb4e7bf022ffb5c7ef1b4fb15e4ebcb0a7bf299dbb99045d35812a46856f58e131f533f677ccda2726076aff37645d8406597d98dcd3a714dd8374155820862a2c4034609ff0ea5990451690c37238f97efeaea1637431eaf88bb249e9c75673f112dd29223f1630b2586daf73162eeb7ed0eac47aa0203c7ae9dbe8e0a95e601f7cdf279220f0df97eab6d2167e467a4e9914d191c2b8b59b7fa953c65a9a8a9e01943c8a7333c5c53fcb9d6bd02702c1d58118c977165e9e0992d729ee46128327ce52125e90e8980aaaa2e380c7dae5dd86d12961bacaeacf45ac9d352d8f896c7869cfb8eb3a4fae4a88c473aea4432845ce133f7b9eff2e3b570a3a7b52515db65c9631b4dc92cbd899b381a82f8620d1998f831bda6044bddafe397e24ee969b517a758bf7f6da11be249d928ac89e9205b5e23c74d1c72fbc4787ffac3fbd0d97e60942e6c8179275746f3997e54993aed95514d61284d8cf8d199d160b75b82c04d58f8471035f178832ec7b12c4cf2381a1ea2dccbb97621e7b79d0d6e86e8d6d2c4395b797f4b7954c70cf4554ca1f2ff0e205c949993d4fc5c3373e5fae1a1880e408c860035522506b7303078536a84a183b738e3b192b96ac59c5f1866b1872c84bfd22ef4416cd5495c5d4234ab33e5152483dd55a052f79c2cc1a9186f1381c0057eeeb39caf7cab5fb9b485d08c5bbe674876659f5b6d21bb22936f770288019e6a2994d250cd51f776f2eca730ba8cae37341f8a753aa993e90280d0c188075e358b3aa239dfbd0eaff853a44617f52fa8f0d68d7d76df3f5efaaa0b5fece4288ce66e13ad60f2b42cffde51df8916a47494a52f85e4634e56039b5ae8e1c03f26235361e4ac944d6341374c50833c4069c49e486e1141d7146ba46f05bc8103436bacec77b00802a54804b61154021182cac4dd81c769d1079b46a101a49734bdfda5cb088be4235ec00128e4a6bdd947aaaec1c78c45d86e031a776be7aca94e13eae2f59812b2ab0b5000c38af4335d90acfee752e7411a5fcb66ba31de83dfe10ecd84ca9c85ce1ec2248aaedb8800041b194648168b68fd8d3d13c8a81254025d22a1cb994f03442ff6e86861f237879c23b6c1e594646c2402803f440d58d1524796e2e9076c562516fc7e36b44280451df512c853d636954f2309bcf014518d1db867bb11b3abebddf309dce70c325711bb6296189f82c9416d2d424361fe3fed3a08ecc55b7f9c939c9687d48b03d346f9c6eb8da72858de951002a9f175a6e81186bdcbb034c70292dd09ad863f30256c7273f3e38ec6754a3fb0839aba121bc11b35be6a3288dbf24f05cf823af67754d9fc9b7ed1804e81dcfdce0f391331f09f4d7225504b24960ec46862c435c2aa82a5814983d232c4fce66da2991a01c5f4473c8dcc42ba64ea9e732d63c5fb19c83e7270afb05a22db2b61883556302ffd884703bc6801ee978fe0f60595068d6767f86779f5a7237d1834112bd90909001e32d6991757e7a563c7eaae81b53f331faaa074b53898bc73a592f62cf48a906282086c0721aae160f56689e0d88aea22edb52322ee65f4a83710a104b7df1d5a0d0b7c39fa0bf9cb79777188a517e3acc5d7dc506e2b93e4bd5fb5a60d26b6d58b860adcaef68a3fbbaac7f3245ef0c60cc66a3016ef87059683e452ed966f2690f3b1d095fe60e435283fd9980034699bc1f59d61cdb28e3be2e5acdb13f9275fecb62dd0d1ce2d5782ad818143326651edd9cf40e1171217d41fa0bd72b2954ac94e39f396d71e692877769bc92fc54ed7d46d446efc2f4c70c32ede870deb9d4271d8a4f0d0a4730c37072dcc75d5e64a1e33c3f98b40cdf4d0f88aae902a02f3c78ac93217a065d4ce2ab05bf0413882a1ffc199c63933b8e96c168fdbb8ddb962a94fe7643483a9be1f633c912bcb8f95a91afa4303b4f7c3ac82a424293621d52a1b46c7f6efceacd4cb79b4a1be792f8eba394ff7245ad9c92f97f0eb092bfce34cdc5258374da4d3ab1fef0abbb22b5a0fa8a38a540d27e5bb8c1a0279b8a2482320cc7e01d8db061e402c77c623cd034dc340a44623581d13a0ecf9b50b6e8939f84587093fb62c96a20f86de884584c2e0d4682ecd2985a307f10e2686a4dc522deab4a85704351d2ff6a678d98fc38423476aa9134a8337a70eee2f8160a05f9364bba187674a83b873a96a7ec2b05a71ee9eb3ac2f68f7bd09e7fb469532c9d2cdf3a3923", 0x2000, &(0x7f0000003380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000080)={0x8, r2, 0x1})

2m16.499298243s ago: executing program 3 (id=684):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000400)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x63}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}, 0x1, 0xffff8e88}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000600)=@data_frame={@a_msdu=@type11={{0x0, 0x2, 0x5, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x1}, @broadcast, @broadcast, @initial, {0x4, 0x6}, @broadcast, @void, @value=@ver_80211n={0x0, 0x2, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}}, @a_msdu=[{@device_a, @device_a, 0x58, "84573e7613e7834696aea4fd03fcf11e14a5b5b68e6f1134eb091d0e74282f85dbac81bf6919638316c367c482557c479342d6eecbb2bb391b0e60c4ee63437f80ea3106921b5a9ce11d3d6de0593ecaceba7cab58ce8290"}, {@broadcast, @device_b}, {@broadcast, @device_b, 0x67, "7d4435ae2e2fd3bd62f6f3d825c17b19a862962eebf6fbdd59fdf83977637de3506d833403ecc77939bb9b56c4b34487a7aaefc8a96df57195d7d55d9203df888ccf8413e1d9283fb639d02d0819ff06de91f37c00dd4572fc25acae5fe8478a38c21023987729"}, {@broadcast, @broadcast, 0x58, "97f061ab4fa263aa893948799e63f7306a7a8f5c177339d5e2a6d30b328af204c3dea56f2c66aaea904913200df3150485075e829d2ae0cc75813cc7afab8755608407cf22760631791603bc6d60285835cde86d6b8b6050"}, {@device_a, @broadcast, 0x46, "d25f423a98368962a7780ce3378282d44bd60e6cf3f66173d45c38fd7789d66247fe7544beb610a86abc207d23bb7b432612214574923b0b084040c5a7420304eae62ebc49dd"}]}, 0x1ce)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

2m16.49792788s ago: executing program 4 (id=685):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
ftruncate(0xffffffffffffffff, 0x8001)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x110a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffff0, 0x0, 0x1070, 0x18, &(0x7f0000000800)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x1e}, @ptr={0x70742a85, 0x0, &(0x7f0000000900)=""/206, 0xce, 0x1, 0xffffffffffffffff}, @fda={0x66646185, 0x5, 0x1}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})

2m16.43238791s ago: executing program 2 (id=686):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000240)={0x400, 0x30, 0xf0, 0x0, 0x0, 0x1f, 0x0, 0x0, {}, {0x0, 0x0, 0x1f}, {}, {}, 0x2000, 0x40, 0x0, 0x7, 0x0, 0x5, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x5})

2m16.256179085s ago: executing program 4 (id=688):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000010c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x460, 0x280, 0x268, 0x300, 0x280, 0x268, 0x390, 0x460, 0x460, 0x390, 0x460, 0x9, 0x0, {[{{@uncond, 0x0, 0x240, 0x280, 0x0, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x0, 0xb, 0x0, 0x3, 0x0, 0x5, 0x9}}}, @common=@unspec=@limit={{0x48}, {0xfff, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x2}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x8, 0x21, "6bb6778f9bdec125b0fb4f26be757b1e6f2fb8e9079627dc6726c4bc85e9"}}}, {{@ipv6={@private2, @remote, [], [], 'ip6gretap0\x00', 'ip6_vti0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x511)
r2 = syz_open_dev$loop(&(0x7f0000000080), 0x79, 0x1a6c42)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001ac0)={r0, 0x2000, {0x0, 0x0, 0x0, 0x1, 0x140000, 0x0, 0x0, 0x1e, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}})
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f8613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6c4cd000000000000e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba5917f5d85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8c10d000000000000020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0x1006)

2m16.17473664s ago: executing program 2 (id=690):
r0 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80383, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095", @ANYRESDEC=r0, @ANYRES64=0x0, @ANYRESDEC=0x0, @ANYRES8=r0], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket(0x1, 0x2, 0x3ff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x15)
r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
r6 = fsopen(&(0x7f0000000100)='ecryptfs\x00', 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
close_range(r6, 0xffffffffffffffff, 0x0)
ioctl$IMADDTIMER(r5, 0x80044940, &(0x7f00000001c0)=0xf4254)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
read$midi(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDCTL_SEQ_PANIC(r0, 0x5111)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0)
r8 = socket$kcm(0x2, 0x3, 0x2)
r9 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00')
ioctl$sock_kcm_SIOCKCMATTACH(r8, 0x89e0, &(0x7f0000000040)={r8, r9})

2m15.240800813s ago: executing program 2 (id=692):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x111880, 0x0)
ioctl$F2FS_IOC_SET_COMPRESS_OPTION(r1, 0x4002f516, &(0x7f0000000240)={0x3, 0x5})
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f00000065c0)={0x0, 0x0, &(0x7f0000006580)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001400110200000000fcdbdf2510000800124698d7f65530f564445543022149e4f0bdab89f0b8a00fe30bee07228f4a702c38f2999ce10185a21f52c60d92f8c2a98b588138af0cbcdeb3aac1fbd238d528fde413933f184afcf216a2cf50ebb41dee6c27746f7f85ba723913ec3396e1749d6ca4d1d2dd22b491d553ac111285f91ba76ae76e451cd551a13ae4d08ac60651f6430376615b6a0a869f3bee1402bba2f586955d044d34fadfc64b79d496b06fbd7a4d2fbee4b53bf5dac85298c960daafecaf6914fbbda22561d34dcc59016ebdb52fee7ecb4b1004"], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x48080)
ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f00000000c0)=0x6)
ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000280)=0x7f)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYRESHEX=r0, @ANYBLOB="60ab276e4bceebd283f991af5305fa3600d8ff4af7201d1d34fd34f38e4e42b11f8515703793a64fdee8bd117346de0a1af261a01a4d3c78910d4e93228c9007d113df3f51e1e60ace6a820bff7e3743b38e81c9f1ed2c8e28bb6f595e3fbff161732a4562f1913e9ae3f5d7cc1d562b090130d10849c577a71c7c938bc376b237070ce59fcb6f1870de7b09d68a54df5ca3c254a9d9ab8c2cdc0a63ae4d4ef159dbf541da941598e19f1eb2463bbf823c4b1adeac90418a", @ANYRESOCT=r1], 0x44}, 0x1, 0x0, 0x0, 0x4000091}, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c8, &(0x7f0000000100))
ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c9, &(0x7f0000000100))

2m15.150752181s ago: executing program 4 (id=693):
sendmmsg(0xffffffffffffffff, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000100)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000a40)="118db76e8efb27d530b26a8302bad647e35540226c4052b6d573165d39ad8ead67632e8fe108cf55473bc22914286359c3bb3decf99ed04d34d1a73ae48dae0e69ee69fe", 0x44}], 0x4}}], 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010001fff001201000006000043be4354", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e00000004000280080004"], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
r1 = landlock_create_ruleset(&(0x7f00000004c0)={0x0, 0x1}, 0x10, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r1, 0x0)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r2, 0x2c)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

2m15.127798547s ago: executing program 2 (id=694):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
socket$netlink(0x10, 0x3, 0x10)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f00000003c0)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f288476d2610054c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket(0x10, 0x803, 0x0)
socket$unix(0x1, 0x1, 0x0)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
r3 = syz_open_dev$vcsn(&(0x7f0000000300), 0x4800000000000, 0x440000)
recvfrom$inet(r3, &(0x7f0000000340)=""/125, 0x7d, 0x80012000, &(0x7f00000003c0)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
chroot(&(0x7f0000000000)='./file0/../file0\x00')
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0)
pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='./file0\x00')
r4 = accept$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @initdev}, &(0x7f0000000240)=0x10)
getsockopt$inet_buf(r4, 0x0, 0x30, &(0x7f0000000780)=""/4096, &(0x7f0000000280)=0x1000)
r5 = accept$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000080)=0x14)
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x30e)
setsockopt$packet_int(r5, 0x107, 0xb, &(0x7f00000000c0)=0x7, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r6, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0xfffe, @dev}, 0x2}}, 0x2e)
socket$pppl2tp(0x18, 0x1, 0x1)

2m15.055177252s ago: executing program 0 (id=695):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=ANY=[@ANYRES32=r1, @ANYRES16=r1, @ANYBLOB="010300000000000a0b3e1f"], 0x30}, 0x1, 0x0, 0x0, 0x44005}, 0x0)

2m14.959875642s ago: executing program 0 (id=696):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = syz_open_dev$ndb(&(0x7f0000000180), 0x0, 0x600000)
ioctl$BLKOPENZONE(r1, 0x40101286, &(0x7f0000000300)={0x0, 0x7})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1c, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x40f00, 0x28, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x5, &(0x7f00000004c0), &(0x7f0000000500)=[{0x4, 0x1, 0xc, 0x2}, {0x4, 0x2, 0x2, 0xa}, {0x5, 0x2, 0x1, 0xa}, {0x3, 0x1, 0xc, 0x6}, {0x3, 0x4, 0x4, 0x1}], 0x10, 0x76}, 0x94)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000100)={0x0, &(0x7f0000000040), 0x0, 0x0})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x1c00, &(0x7f0000000040)={&(0x7f0000000c00)=ANY=[@ANYBLOB="140000001000010000000000000000000000f50a20000000000a03080000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021440000000c0a09030000000000000000070000000900020073797a31000000000900010073797a300000000018000380140000800800034000000002050006405200000014000000110001"], 0xc8}}, 0x0)

2m14.856580764s ago: executing program 3 (id=697):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x200001, 0x0) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async, rerun: 32)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) (rerun: 32)
write$binfmt_script(r1, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
preadv(r1, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
connect$unix(r1, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_GET_IRQCHIP(r3, 0xc208ae62, &(0x7f00000005c0)={0x0, 0x0, @ioapic})
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'tunl0\x00', <r5=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000080)=@bridge_setlink={0x4c, 0x10, 0x1, 0x0, 0x25dfdbfb, {0x7, 0x0, 0x0, r5}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_TTL={0x5}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast2}, @IFLA_IPTUN_ENCAP_SPORT={0x6}]}}}]}, 0x4c}}, 0x0)

2m14.726575527s ago: executing program 4 (id=698):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={0x0, &(0x7f0000000080)=""/56, 0x0, 0x38, 0x1, 0x45e5, 0x10000}, 0x28)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000003c0)={0xfff, <r2=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x0, 0xc, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0, @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/14, @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000013000000850000008600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x18)
openat(0xffffffffffffff9c, 0x0, 0x105042, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r8, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r8, 0x0)
connect$unix(r7, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r8, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
sendmmsg$unix(r10, &(0x7f0000004080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r9], 0x18}}], 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r3}, 0x10)
timer_create(0x3, 0x0, &(0x7f0000000300))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
unshare(0x64000600)
epoll_create1(0x0)

2m14.271212552s ago: executing program 2 (id=699):
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
userfaultfd(0x80001)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setuid(0xee00)
close(0xffffffffffffffff)
capset(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7000000ff020000bfa30000fe000000070300c000feffff620af0fff8ffffff71a4f0ff000000002d040200000000001d400200000000004604000001ed000062030000000100001d440000000000007a0a00fe00ffffffc3030000a0000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0465f2f994114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840b08000000f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e82623951743283070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00a5b4f7e9ad0500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffbf}, 0x48)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB='\x00'/13], 0x48)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)

2m14.198931396s ago: executing program 3 (id=700):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000004800), 0x740, 0x0)
ioctl$SNDRV_PCM_IOCTL_HWSYNC(r0, 0x4122, 0x0)
r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000002140), 0x20000, 0x0)
recvmmsg(r1, &(0x7f0000004740)=[{{0x0, 0x0, &(0x7f00000021c0)=[{&(0x7f0000002180)=""/12, 0xc}], 0x1, &(0x7f0000003240)=""/4096, 0x1000}, 0x7}, {{&(0x7f0000004240)=@qipcrtr, 0x80, &(0x7f00000043c0)=[{&(0x7f00000042c0)=""/255, 0xff}], 0x1, &(0x7f0000004400)=""/159, 0x9f}}, {{&(0x7f00000044c0)=@sco, 0x80, &(0x7f0000004640)=[{&(0x7f0000004540)=""/176, 0xb0}, {&(0x7f0000004600)=""/42, 0x2a}], 0x2, &(0x7f0000004680)=""/184, 0xb8}, 0x100}], 0x3, 0x40, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
timer_create(0x1, &(0x7f0000000080)={0x0, 0x33, 0x2, @thr={&(0x7f0000002240)="67af561201c7b3e3ceeaa3e68ea3950e695375f4731de7001bff9a0bd02da64bab69ee9b8cea74eed13d0cf435e4469703c046affbd47bfdac63451feebc0f6251ed56511bdf35f110232e57284842646adca162728185728822bc1e8740a292c74286e7fdb7ecf718f9bd1641fb475877aa89ca17f4652fcc797de8be10e72364bf533880c8c72997a787d45249fb4ec0a1f26740c5dcd9c3b52d511bc17c6ad32e3acb2542531f1b8f489fa057e565ae6991c54b7b2a79fd74622dfc0259275b7254b975b63bf28b4cc2364036d05761720ae03f16c5ca6b80666300eae323f12b58a742e408c7e13ea5121dae3e1e3200f88805893809078676db5e17404ba9ceef21a903b476fc4c1e029c37181eef99dda9cf7d7248b2939d6af6fa085b7450f6d2d77c86e02365675b809eac11ca574d5b7621ce35140262deb6c2ae63a443b70a75477a76ca19454cf3fa6beffa27d95ec55518a870b1d1af4d57502d136a0afe3d7d116e56a944a77be378b8c2157b412ba80a7521cb0261f5720c49ebd205d4ef3695a28c73316085dabbd0ce86a524aea976c03ed1284964f0b24988f7e1610a1a7867fac312a1fa2ea72478c302bc845bf2888b5eb222a23216786596041a1f2798f59148ef921def5bef661910a0ae371676bb69f1d28ef3e722daddccab4fc585d545b349c4332f14d881f5939ce86ed8087a7a409d371415b44501645d929b1bcae2550d47961e0a77a2b08c375fdd186680fb70735a223e315f5195e4934d5ddceb8fd184a4c23f056eaa26e2dc50db8234530e4b52eacfefb6bb1c2631b07d08bc80578d44f79bdecfd8286a72cd9ed4657a4eac113e28d29e5039db257939e79214985f52e265ba80895f7e1c257e2c6df0b515d5212e2421b1b0082ca097dcb32dc038463b0a1009328101a96b344106d192201d943c0cbd24d7c104e39b86e46c285091a6541c25295a54e38f8d0089b6e29ae29dc06e67ffaaff7471520a814874f31dea8b8d22ee601b0f8557646f0e31ada20413bfaeba5290687561ad1e423e431b8942a8c4cd450d712b9e498b73046486b099e806bcc0b8de3c8ef498c31ae0f51d7ac41ed7c7b0d9bd14183e45820a4aef4566e9f76901ed9bcfa4b24232b1a92a7aa0a46a32d5fb5818c85c51f3d16e88e63131c65269c6e418bdc0da662bf9900801f0af4321b06ab9858f325cb6a5844344acbff9d26d27449a20837ceae42a5d176c7cfa085997c1eb7a307f8e5a5a3eda0a765b36fba205a192d54c35b38133f97b6e0d2729fbd5acde150c76faf49fae53c13cf74924e2fe5a4b1e851b8884373497839d171d8b0b38b51b75a8e2d368872f2898d2f5fde3aace5e5e7d5a558384e240d6a87fe774d684aa69662a33776028c35052a428e3d7a06fb6875ed5e14654de0039de369f7f468ca233cdd2caa0a52e5028e992980d9e14ff922dd512ab08784514d0c41a524ae5bd130b95df5a22f1e6d771b2a6612ed7a0faa5deac7ff997173903118b0da415c0a4914c547e7016829a812e5d7ba516270183606826c4623bd79fec933700779e400e454d03540dd5bccb349cdb9d7af2d5affbe5f438f659b0868dc49690f6d60d225bbc6902618e56b673ac7b4cb423519960ad8530583887d62439f5a0209e208371eab498953ed8a603912c36a3516e95d36f867c2baec5e7f84778a9f72fc4445b23876d72a81650041e20d0146e580d9c54f1e6ae44bd50216bd460e33380ac7f773434eb6d763f5b9aa296bcf0a5703b3da9e2296dbc86e62eb56ac18c4bc46b93061e15e3e4d5641a0ba7971d4988eaf8f4fafa12dfb5ea1c4ff038f69d529c3c125608edb667db4663c63e03a79f98b8cebb3e006c2ed621b492db7aa50d658d66d28aff8d9ab130cd4be8314ae7391021c47e87ad39cabad0800a9cd79b6b6624e67d41776693845651e16cbcbbd26325ca05e692d1e473e15da7c5e21a16e5dd5d3ae4f4802a4007c842a00087c3ff279cd85ce66e7ed0fe6f1e23ab38cb9273d7991f1c9f94e5135ccc192f28846199f7b946a8912b93c389ed48d5b1da7f2e804e99d6098118cbf493db59215cc7a08276cb3fd83c7f4e9f5f6fc897e8a6ca4d1da9e7c3f2b440219697b5b3a5fae5415c14684beb39b0af0db7e5451e8ffee5d972919e844079d3f0dd14cffb9f2a8abb2c0070e09dd0271d3fff1df071281c93cc07dd9994ebae4eb651f3d5201f532cb06c9ddbb1ca0d30a42edb17f9e0920c90a59412adc2234963d87aefabe145d3c4dec339307659ee1bff1cb1dab65014a67040d2d858e5809cc9adad166f9d2c91113c81e5cf3c0ef578529a2d8517b1dd58457745a1b9fea26bc0c696df747573e8060b38e51d88e7314ddc41703d1f73de15ccfa7614961fa60ca0f156d61371be0932cbe68bfa0d28757688b6a6cd7611dd2d07303e7bc2f7d197ceb825d9fe1f63ce18a9c2cba1feb5dec6ca0110cc81b384b7cb03c2b10929446dd72385a4800cfce75560c0b61a269d59927b8034ba6cdd187053007b4cb8b5a50b2a949f5989e6fdea7003b42170f3830c9d32d27c058e016ee595764d9c71e158d661501d29486ef4cfe2cf62d06a0a550ac0a2f0c7387e4787fed6146919c0db0affc8168bc2c71784b09428430ef6c9f628b79942de45d80d7737a4e915a5d4b062f35c5a5d22c891db1def65eabf6c778ae3f8ed82e4ac0d3fb694110a69e9c4181e0c2e662cd87d33a4b0d04d2d686973020e9936d984cd4ed2ce6b5dfd05eec4cdaca8d09d7b80b06eba1273c5d8d3178ad8518e891dc7f8b7c8fbd89b53bb8c6048f6500f64d7035edc0eb6742cf30acd7e4aa4d6e0ec62cb28c1b50663a25ef73b00848326ea276ee9d4bcb8457042a24414f11043227aefde9f8837514cc128c6e6ffa1a15d9bd52d2638e3255ac36ba8dba2b1f17e4c5dd67e389306826972abb984dda0cd545e0d35423b2f757f48130fde898f8a66978208cb504cb11f28eddb01e82d543ee41b33f817a6b57c90669bcc3c9a0761c46424e23880852229277ae0ae6cf64d7754945b3dc2687d6ad1f5ef48d016482d10c48509129928f680d49e4df2ddb16d92ab0aebfbf554bdb21edc295021e10c1e9f7c2f723b2d51c647caac3372e94def7f45144e1995350d7f812882fb1c7a1b6828e262046529c759375dc52cbc700963295eb20498e4a5bf3cf2c8637a6e1ea3a495e8a167f3d48a8389f369d394190403264382153c0d08fbfa97bd09ce7b89c5128e58e200ac77e0d79c3d2fa36454273edd1ec3d306f4ed2fdf1d1f93a7c4f5f009ff59e3ce77f34b74bc1f4b12b5440294164feb26307050e1637e5d8851a2195eb41a005410f633ea4f4081bd20625ecbcce6d995caf4713b2ed08a9cd1d904413b54d6194d98b6ad9ebc833557a7efd6b3589f2eb67b4e93016c9a14c576b31323b89b931963e317b2e6aafd7bcfda14d33b18bdb952e6d4f1b3c6d7ab6ce5f6fabe6b4975e5f3ad00b6094f2d9646259bf3c694a48ca3baaaaa8d3704251ac5b10df1906ba149ba5e190be00528955aece75d164a3de36b04e3518114cc1222ca22a4130cec1470fc072a3e6cd00cff5ca4758c0a630756413ba1ff77020814084fc2e5dda6777b482bc4e0ee4e9ee6a6e3ba523a00fe9f94f5f79e3df07af9697f0bc957035207e27bfca15d3921e414ccd82d734dd438d688480dc8bba7a4f30e8bebaab3973b08d167314409e88aa1575f1446213a56643f1e214557b3ab8df4acc0946b96ced704fdb1d5b4fe5f05a6fcb1bbff8a34f9fb92016deaae713f250358b3941b1be75f79d05601a529936cccaa72a3f26e7e4968b3c9cb1b8c33fc29f4bfa1803b12d5cffacfc3129a728b250715b180fb0ec51a2e326517cc48c51b417553f9990822fe219242e782431bdee680b37160028b2ad0650f3b2f83e36832b59830c01d7275fd8c00c8087788d5c2ef353c36510826c9bb9b43482cae6bbd57b79679408f2b20458b5122aa3e5d416606287297c3462c09d1b1a34cd0aa138998c52a5c05fe5bc89ba27f924e24cb0549ccb681519aa045f322c34b07a162b0fc403d0b6ba14d10eefe2aba301b93e7a44b5544d74df1f75698406ca103d6f51ebd778507a473498435d26e61fba1aec34bb3ee6aabc2a6c6befeb8e87574a507734754450e47456f7fc4c12a4b33c904757f9a45e8cb7370605a4494c1dda1a58d42ae000789152797e7730d91f4e830ddae0b9d72a0d3d4044eee48a4729fcc5f1eb792fa71d6213bca24e7f4d1bcc3e6fa06a336c49845560a3bdeaff84a63cb2446ad89a5a040230e6a9ba121859b6c2174e349216971f6c2c7e2d14ba7e3e23dec5b58536001c1df3cf3430f4afa724124cdc630466051022f9bcfc8e2b0c0878ca3a34c559f2b9e8ba9e7f5516d03ca0ead871227dabe6da2366231b71abac8beab90077152f27e68c094abc5b8538279ac6a194f180307797c16f9395e20948009b83b40963d3f2326f43dd7f3bd526d7da6e163c37e9f527a2a52a501cb2e2fea0c08fbc8aad2cb9015e8c17a3f4acf9c52d703ed1473d34c16f5e7613f7e5102772cd45bfb01b1a3a907fedbfbf181cd214de1c9d325dc20ce26607fffb4b3094e4755d23309f5ebfa60722900591a4a93675c84937aef2840a765d8dece5a80738dc63e6fea770888219b3dd14a6daf605371bbcd570b949060c305d67ff643de19e47c0c684dece9e7fd28def10307898ab977cd09a45734b86243947a6422ee59732de2941e0d824f7c5310c213b674095b90ceae81f4dc9d8d812e203d84ab1312f0e335f678f95166f4510bd1e4754ba3b49a1e2dd37eeb635c329311a5cdb0a4a03aad46d6bd7dff62d1b857c735c20cf239890fce3a7ed69d1e1a576bd86e7d064310ee7645309c71b84c7fca8a52fb1d8cf5da6cf3c6e502b84ab571e962c50217cea3efe0fd9a32b684559ef46f836d9b68a3b57a9e26bb5381f925406ad1169c4186d7c17deaab32ed1f5eccf50d13d1ebf26a5fa068e570549e2892d9d7dc4954a53b5c09acdb577813424be6fe2698b37e38e52ac7287f804b7539767a09a340649c887890a0b4e21d68e4b2ede9cafbb1f25f89b35c469684fd7960acf441f2f19829f17b493e9a1d9ae7879fc9381e72ce06cdb3487757709d5c15497f9f394a23166138faa2a20486a5148508b2aa18c7c3a13449323e672938d54c6493d71271e3c8e6d59d5661d8d61310f6a36a49159e9f2dbfea5d5bfa138b613890c533f7c38becda682cc8df7d00493c74e64650a8fd4b563a76f80fd1fca4ee9cf4b66e17b87e398431f7208a387ac809904abae81a5cbac6368d0ed93405c0acbf8e97f25191e40ec0ffa007a42e4fb6eebbb12a667fb5d962d72c67c8bdb7e69c7c0753211aa82f40f1f0ff95c6eb4f1ca1bb30436aec59a87b8a6f2041f9274a572740e305c31a014d6dc21a404e2e806033c3e9f78f5567eb6bb0398520f3c0e7ac53d1b3b4b561e11765d5e43f6f311a31408ec95a17981b9128adc50eb3af26fbf0a10a8593e506d1f0ced116d6aacdda83d9670f7999e6e2a089909171009602afc0c9133b3545f1b4f14d1a6e372e4729460b7a5002784f324940f38ac177cc651bf33e82fd14d0036f1b30e712b90f94510c1afba5b173f290f02c726a5e40a10ef29c620b5b6d5a75b03f0dcac734597a15b0cd96d7c4d02fd9b57650670838e77d2d721dfec3d0e6263f4abc8dc916c9efb0fe652bd80f85aa7260", &(0x7f0000002100)="e1"}}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$kcm(0x29, 0x5, 0x0)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e29, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x16, 0x1}}}}}}, 0x0)
read$FUSE(r4, &(0x7f00000000c0)={0x2020}, 0x2020)
write$FUSE_NOTIFY_RESEND(r4, &(0x7f0000002200)={0x14}, 0x14)
r6 = openat$rtc(0xffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB="ac0100002200010028bd7000040000000100"], 0x1ac}, 0x1, 0x0, 0x0, 0x400c801}, 0xc094)
ioctl$BTRFS_IOC_TREE_SEARCH(r6, 0x7005, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r7 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10)

2m13.514239678s ago: executing program 0 (id=701):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
close(r1)
r2 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x4, 0x0, 0x2})
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000040)=0x1)
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000080)=0x2)
r3 = openat$binfmt(0xffffffffffffff9c, r0, 0x2, 0x0)
close(r3)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x3, 'dh\x00', 0x23, 0x7, 0x49}, 0x2c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e21, 0x3, 'wrr\x00', 0x4, 0x81, 0x5}, {@rand_addr=0xac1414aa, 0x4e22, 0x3, 0x1cb, 0x12d5c, 0x12d5c}}, 0x44)

2m13.247257936s ago: executing program 2 (id=703):
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
io_setup(0x83b, &(0x7f0000000240))
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
syz_open_dev$vim2m(0x0, 0x20003, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x1, 0x401, 0x0, 0x92, 0x55, 0x8, 0x7, 0x8}, 0x0)
fanotify_init(0xa00, 0x0)
clock_gettime(0xfffffffffffffffc, &(0x7f0000003a40))
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000, 0x2, &(0x7f0000ffc000/0x3000)=nil)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r3, &(0x7f0000000000)='2\x00', 0x2)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000001c0)='s|m\x99R\xa9F\xdb\x0e\xe2\xd6-QJsS\x05_.S\x85`\xb0wd\xda\xd4\xa5\xa3\x91urce\x91\x81\x126\xa8\xb8\xb6\xb7\x94\xcd`\xe4=:\xba\xc9\xdeg`<\xa3\x84@\x85\x9aTX\x1c!G~e\x1c\xa2\xf5n.\xbc-\x9e\xa5(\xe7\fL\xa4\xbc<\xea\x84\xf4\xf0\xe3,+\x9c\xe0\xa9\xa6\x19', &(0x7f0000000580)='\\/\xe9\x838\x9d<\f\x91\a\xd4$\xae$\x91&6n @\xf4M\xba\xf2<\xd6A\xdb\xd7\xbe\b\x00g\xcc\xca\n@\x06\xa3\xfe%\x11\xc9\xc5\xc4\x96\xb7b\xa7\x15R.\xa3`fSc\x8b\x18rBl{\x82\\/A\x17\n\f\xcd=\'\x11\x1bZ\x8e\xb1\xc3j$v\xefw\x96\\\xff\xa2\xfc\xe3\xa9\xb7\vS\xae&\xe8\x02T\xd5M4g+\xbd\xd1\xe0R\x9d\x18\x19a:\xaa\xdf\xbe\x8b\x89\x81|l\x93Il\x90\xc9\x98\'OY\x05\xa5M\xf4o\x8b\xf0\xa3\x81\xd6\xbf@\xee\x92\xc8Q\an\xec\x03V\x854\x91s\xbaM\xd6\xafd\xc5\x1a\xdb\xb4=\x14\xed\x18:\x1c\x13\xea\xd4j\x83\x87\tR}<{\x9b\x9b\xc7M\xdf\xbd\xcc\xbb\x9b\xf0\r\x14\xb6\xe06\xae\xcd\xfa\x1b\"\xe4+\xd7\xab\x83\x83\xc9\x9a\xbbN\xbe\xaa\xda\x12{0\x85\xd6\xb0\xd8\'\x04<Yy\xec\xcf\x91\xfbY6\x19\xa9i\xb1Z\x1bW\xad\x9d<\xc5_\x0egroK\xbd1\n\xa3\x98y\xca\xa8Fl\x8f\x98\x97\xf1\x96\x9f\xf5\x022\xb0\xdd\n\xd1\xa8@\x88\xafoqI~]\xb9\x9eC?\x1d\xac,\xd3\xf6\xbbuF0tk\x10\xaf\x88\x7f\x98\x12\xbf\x89\x1c\x10\x1e\x10#Y\x8f\x9d\xe0A\xdc%\xae\x1d\xaf\x9fl\x17\x81\xa6', 0x0)
preadv(r0, &(0x7f0000000740), 0x0, 0x401, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xfffffffffffffe9b, &(0x7f0000000480)={&(0x7f00000008c0)=@newtaction={0x210, 0x30, 0x300, 0x71bd2a, 0x25dfdbff, {}, [{0x1fc, 0x1, [@m_gact={0x148, 0x17, 0x0, 0x0, {{0x9}, {0x4}, {0x119, 0x6, "0f617356f0a663079abe295a350af32575b7576a2846e5b3b3d9b048dc90bac2c3b40552dc14f7774371c98d6e2763d4fda783e36f45e224474cc6a0e6a530d841c87c70bbf3448d6187a58197fa3ffb0b318a51ba59415ac311a355fe1d08f8de9966d8ba89a56bfbc37c6af7d37dcdeb618f98f29bf3b05a23cefbbf51193614c08c162352d9eaad342b2f307dd8babd71ab8a1c4f80bbbbccc8ce4d369a33f9c6fc16198b2cfa20bc906e08c92c0642310e03f00a0ed12baa1df64f1bf0502f23ff4d6a5e05aa81fa19a9b88c32227231211d5d298a3c63d5549b1a72ad3a2c2dbf727e06036e6f15f608bea0e2a8ff93600a6133a9b45faa6924e7b9e8756e78750bdef4103fcd162842f48260e1dbb952cf91"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_sample={0x30, 0x1c, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3}}}}, @m_bpf={0x34, 0xa, 0x0, 0x0, {{0x8}, {0x4}, {0x9, 0x6, "266510c489"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_vlan={0x4c, 0x13, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x6, 0x4, 0x3, 0x7, 0x294cce70}, 0x3}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x210}, 0x1, 0x0, 0x0, 0x4000810}, 0x40)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x18, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x11}]}, 0x18}}, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000540)='vegas\x00', 0x6)
r7 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000840)="89000000120081ae08060cdc030000fe7f030000000000000001ffca1b1f0000000024c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00150c00014003080c00bdad446b31007a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947e", 0x75}, {&(0x7f0000000140)="11d6cb557c8496a2fe7a81f38210bfa9b70ee09c", 0x14}], 0x2}, 0x0)
ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000000)={0x80, 0xa, 0xf, 0xd, 0x0, 0xb021, 0x0})

2m11.807600095s ago: executing program 3 (id=704):
r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000000880)=ANY=[@ANYRES16=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES16, @ANYRES16, @ANYRES32, @ANYRES32=0x0, @ANYRES8=0x0, @ANYRES16=0x0], 0x0)
syz_usb_connect(0x0, 0x1c2, &(0x7f0000000040)={{0x12, 0x1, 0x310, 0xb9, 0x18, 0xef, 0xff, 0xc45, 0x612b, 0x6d97, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b0, 0x2, 0x1, 0x7, 0x40, 0x51, [{{0x9, 0x4, 0x85, 0x2, 0x1, 0x3, 0xa8, 0xfe, 0x4, [@hid_hid={0x9, 0x21, 0x7, 0x6, 0x1, {0x22, 0xae}}, @uac_control={{0xa, 0x24, 0x1, 0x5, 0xf4}}], [{{0x9, 0x5, 0xb, 0x0, 0x10, 0x1, 0x8, 0x9}}]}}, {{0x9, 0x4, 0x5d, 0x0, 0x6, 0x36, 0x99, 0xee, 0x3, [], [{{0x9, 0x5, 0xd, 0x4, 0x3ff, 0x4, 0x0, 0x7}}, {{0x9, 0x5, 0x0, 0x5ab8c7deb45c8a1, 0x20, 0x6d, 0x3, 0x8}}, {{0x9, 0x5, 0x6, 0x3, 0x40, 0x3, 0x0, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x5}, @generic={0x1f, 0x11, "faf7a9b56a0f14022f8ca8568d150f1662182366e7340a20da9515eec2"}]}}, {{0x9, 0x5, 0x1, 0x10, 0x20, 0x3, 0xb8, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x80, 0xb9}, @generic={0x84, 0xf, "651baa7e58380457d9a82823e978fed51612d6f6c69d0aed0f5ec32a6c1e62cdf6bc20e832b28c0ded93aaef4fc14d2e2410d659ccada98a89a5f8f2c3933aa891b27e181445e3f8dba8f6d841d72d826778b5e7fa0889c453d16c54ac6fd4fdf4516ec3eda52264859a1469400349eacc25001b8e1cb2d1eafc2ea152f58be3430b"}]}}, {{0x9, 0x5, 0x2, 0x0, 0x418, 0x4, 0x1, 0x45}}, {{0x9, 0x5, 0xf, 0x0, 0x40, 0x7, 0x2a, 0x1, [@generic={0x93, 0x9, "bd185c495762e44e5f5858efcb2df09feed8413ede52c8e88f5cf1a302c49615bff1e9e51e9b1d4c8655414658a5af57703b9b7067dd513edea9d7f2aedc3332e5967a491d544a06265556bc2a1d31046561ab84d0ee9ba25fa71d76fdd3ea5093e9b3c029d9814f0096ddc0f194d23cee644c4d8aad19c02b87e352cc6b3caa0e44a1ce0d153a99b7487f892eb5b7112e"}]}}]}}]}}]}}, &(0x7f00000007c0)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x310, 0x81, 0x6, 0x26, 0x10, 0x7}, 0x41, &(0x7f0000000280)={0x5, 0xf, 0x41, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0xe9, "274c6633753b5339bfe9f19858c5c80c"}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "5f64e19e391c24566fed5fd11bf9aed4"}, @ss_container_id={0x14, 0x10, 0x4, 0x80, "1137660c7bd544be7e89d28fbab0fcce"}]}, 0x9, [{0x58, &(0x7f0000000380)=@string={0x58, 0x3, "211dad827233923c27e849a3425153e0815591e5e907b31826af3825d91ef03e75b3617518e40a80a1126058016308586b37842e98cb99f2b868d1f51accda3494ace7d75d4a653191258203bc81bc9a3751ee101691"}}, {0x31, &(0x7f0000000300)=@string={0x31, 0x3, "3bf8a19b2bd52e08d7bfe2200b022e33c493f70c0dbe8464043ea9cc7f7fbfa953469f3429c0b9f1f04dd762d7dddb"}}, {0x8e, &(0x7f0000000480)=@string={0x8e, 0x3, "02d99ec522a1b0defb3361060dbfdf6b883f6619cd2a3f098fe8c0ae9f4869945a3ebbd95c02e39dd370c67699be5abafa124a9f9edfa92ea147008e3e61f8a3cceea7e4f9221d199979aa195b251450c84e225186c19ea2bf6ad92d621b05c5d4d55b5f7afd9a0824b4202907c24a4f87bb9f4dbcafbcce4ab969d05d623932abeaf78d2a51203d23283de5"}}, {0x8a, &(0x7f0000000540)=@string={0x8a, 0x3, "d466b7169e8e00737217d511dac25676e66167f407c139670292781fd45a59ee755a636c31d2ca2b8a76812e3f722ebe82f40540c7297755d17ffec4429ad38583c6ade0b418550ac089caea20163db8775c844a1d1787d0627269cf34fad45d4b9c2e3cf7ec8600b16456239d64f37e30e70e48ac78f494dc433da62c127ecaa43945e2999f84c9"}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x443}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0xc04}}, {0xea, &(0x7f0000000640)=@string={0xea, 0x3, "d725fbecd316ad1b6a43bcaece4ed97e7f0a1867cc70f593ca931f270e5ee6b27643475650fb4bcb733ea8c8bf8e4f3368072bd0f132ceb069c083a2bddc731e49d468d1656d27e085b5b88e2c13dbd6b9a4dc300ade8111149bfe10a70cf696209d4699b572f295db8fe6f01a2d9290148efb567267500bb504f133c2e47061d1e9f00a8997964744ad2f122f47b83f13cadf2c4f309eadf3e336fceb83c6fa34077e1f188950dc3076787359659f3d1a234015957b54da14ac97e767317bbaf9aea3081055b36cd9d29d2f289829e2c3cb6b333d534094d0cbc60790df3e68825a70ef7798882b"}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x4c0a}}, {0x4, &(0x7f0000000780)=@string={0x4, 0x3, "27e8"}}]})
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="201006000000065f"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xb, &(0x7f00000009c0)=@framed={{}, [@printk={@p, {0x3, 0x0, 0x6, 0xa, 0x1, 0xfff8, 0x41}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2m5.210606007s ago: executing program 3 (id=705):
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_clone3(&(0x7f00000006c0)={0x192142100, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = fsopen(&(0x7f0000000400)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000240)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='\xd1S{O', &(0x7f0000000080)='\x1e\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000001680)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000640)='dU|\xcbM\xe6\x91q\xe0\x05\xbes\xc0\xd2\xdb0}\xa6\xc4tly\xe0+\xb8~\xd9ymx\xa1\x06\xb4F\xf3Q:\xfem\xea\xed\xfc\x04\xf88\xe0\xa1&\xa8\xff\x10\xb3\xb2\x92N\f\x00!\xdbV\xc3\xca\r\x8c\xfb\x8esJ\xb3\x1bf\xce\v\x0e\xe3\xd5', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000040)='\x00', &(0x7f0000000340)='dE\x00^\x1b\x19\xabr\xb7a\xa57\xf9\xd5\x8fR\xa0\xf6\xf7IQH\xcdPHSG\x05\x94X\x9d\xb5\xa0\xeb\xa1\xd0\x95j\xf4A\x15y\x83\xeb2\x8e0O\xdaY\xd7\xb8Q\xb4', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000007c0)='{)+}@@!}\x00', &(0x7f0000000800)='dU|\xcbM\xe6\x91q\xe0', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, 0x0, &(0x7f0000000b40)="b2", 0x1)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000840)='\x00\x9b~\xd7\xde\x91d\r\xa3e\xec=Z\xce\xb0\xdfr\xbfQ\x85n4\xf5T\xc2\x86;\x03K\x80pF\xeaK\xb4t\xef\'\n\x05\xc9\xcfc\x92\bE\xf9\xf9\xcf\x96\x99\xde\x1e3\xcdA\xf9\x1bj\xc3\x8b\xbe\xee\xb3e\xd8Mk\xf1+\xbf\xd5\x98\x8c\x13\xdc\x85\x17\xcd\xf8\xf5\a\xde9\xd1\x8b\xf0&P\x92\x99u8\xb6,#\x0f\x89\xd9ic\xb5\xba\xe7\x03\x8d-\v\xd3S\x98\x89@\x8aWLU\xb1\xc4i6\xa5\xb7\x1d\xf3s\xaf\x7f\xb16\xa2\xbe\xfa\xfa~2\x1d\xeb\xd0G\xdc\a\xa3\x93n\x82\xa7h\xd7\x83N\x8aW\xaa\xc1\xc7\xec\xea\x13\xbe\xf3fQ\xfa\x8cP\xa7\xc1O,\x83\xec\xa9\xeb\xb2 u\x15A\xde\f8T\x81\xccces\xfa\xef\xf4 =z\xfc\xef]~tY \xef8\r,x~\xa0,\xc7@\xc0\xef\xc1`\xec}\xa2\x8d\x95\xff0c\xcd\x02~\xb7\x1a\x93\xff\xcd\xadB7\x13\x84BPC\xa4\xa2O\xf0\xdd\xde\xc5H.y\xfc\xe9$\xf6\xa6t\xa3\xdbr\x00+\x01{\xfb-\x1f\x1b\xeb\xd9b\xf0\n\x99\x0f4\xfa_\x10\xd0%\xe7o\xc9\bO\xfe\xfb\xca\xf8\x9d]\xa1\x98(Nw\x87\xd15', &(0x7f0000000100)="8d", 0x1)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000a40)='\xcfD\xbc\xbf\xff\xdc\x83\xc5$\xb3\xecr\xe4G:\x93\xdfj\x96\x7f\x03\xe5\x94\xec\xe6\x04T\xcbn\xa5\xc3\x04[\x02\xa9[=\xf9\x8b\xf7\xc1\x9c\x83@\x1e\x99\xca\xc3\x85\xb8\xbeSAk\xf4\xb6 \xdf\xa0P\x18\x19\xae\x8c\x9a\x19mm\r<|\xe8\x9e\xa0x\x84p2\xf9\xe2\xed\xb0\f\x7f;\xf6J18G\x84c\x88\x9d{\xf4~\xdby:\xd8\xc5\xccrun4\xe0\xca\xc1\x0f\xc3\x03D\xe1\f\xb3O\xa4\x1c\x04]8)}\x83:\x9e\xc0X\xdb\xd9\x89\x94\x9b(\x19\\\xf5!w\xbafo\xea\xe4\xb5Xe\x84\xbc\xcdw\x802\xb4\xb8\x1f\xc2\x97\xbfi\xe8\xf8\xbd\x1d,\xffUX\xbeA\x00{\"\xdbya#I\x03\xec\xed\x8b\x97\xff\x1eiq\xd1n\xf99\xc6\a\a\xed\x0f\x15x\x91\xdc\x05P\xf7\xf3\xad\xa3\xbc\xe4[\xa2\xc7\xfa\x9e\xad\xa2\xad\x86\xc4\aD\xc9\xdf\xf8\xf7\xc1\xc5\xc5.\x8a&:\x90\xb2\x8c\x86\xb2\\\xa8%!\x98TQ\x91\x00\x00\x00\x00$\x99\xbf', &(0x7f00000006c0)='\x01\x8dik\xc2\xed\xf9\x8a\xae\x86\xae)Dn<(\x02:cU\xa0d\xd4\x1f\xd4\x95\x93\xb7\xc1\xcc\x84\x8c\xdd\xbf^]~\xcf\xcb6w\xb3\xfa0b\x88\x04\x10\x9d_\x97\x9f\x89\xb7\xe35C\xf3\x1b\xafV\\wGU\xaf\xa4\f&\xe7m\xf0\xaa{\xb2\xe5\xe2\xeb\x9bN#\x99\xdc\x9f\"\xab&\x8f\x01\x17Y\xaf\xb7\xdc`r\x9c6\\\x0e\x94\xc0a\xf7\xd4u\xdf\xf0\x9b\xb0p\v\xa1\x8a\x145\x9b\xd95\xc8U\xe4V\x81-1\xb0K\x9a\xa3+\x03\xc1\xf0\xeb\xafYI&\x9e\xd0\xe1\x148\xfe\x10\x0f\xbd\xa2\xed}\xe6\x1asT\x1f\x92\xdb\xa1&\'\xc7\xe9\xa5\xd0\x89\x8d\xf1$\"\xdc\xe5\xfcT\xad\fj\xfe\'t', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='$\x00', &(0x7f00000000c0)='{)+}@@!}\x00f\x01\x0e\x00\xadq\x1e\x03uK\x85\xe1\xe3u\xc2\xb9\xce&s$\x9co\xeb\x97o`\r\x83\r\'\x0ff\x04Q*\xe7', 0x0)

1m51.329131985s ago: executing program 32 (id=698):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={0x0, &(0x7f0000000080)=""/56, 0x0, 0x38, 0x1, 0x45e5, 0x10000}, 0x28)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000003c0)={0xfff, <r2=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x0, 0xc, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0, @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/14, @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000013000000850000008600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x18)
openat(0xffffffffffffff9c, 0x0, 0x105042, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r8, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r8, 0x0)
connect$unix(r7, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r8, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
sendmmsg$unix(r10, &(0x7f0000004080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r9], 0x18}}], 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r3}, 0x10)
timer_create(0x3, 0x0, &(0x7f0000000300))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
unshare(0x64000600)
epoll_create1(0x0)

1m50.347480749s ago: executing program 33 (id=701):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
close(r1)
r2 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x4, 0x0, 0x2})
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000040)=0x1)
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000080)=0x2)
r3 = openat$binfmt(0xffffffffffffff9c, r0, 0x2, 0x0)
close(r3)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x3, 'dh\x00', 0x23, 0x7, 0x49}, 0x2c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e21, 0x3, 'wrr\x00', 0x4, 0x81, 0x5}, {@rand_addr=0xac1414aa, 0x4e22, 0x3, 0x1cb, 0x12d5c, 0x12d5c}}, 0x44)

1m49.538226829s ago: executing program 34 (id=703):
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
io_setup(0x83b, &(0x7f0000000240))
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
syz_open_dev$vim2m(0x0, 0x20003, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x1, 0x401, 0x0, 0x92, 0x55, 0x8, 0x7, 0x8}, 0x0)
fanotify_init(0xa00, 0x0)
clock_gettime(0xfffffffffffffffc, &(0x7f0000003a40))
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000, 0x2, &(0x7f0000ffc000/0x3000)=nil)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r3, &(0x7f0000000000)='2\x00', 0x2)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000001c0)='s|m\x99R\xa9F\xdb\x0e\xe2\xd6-QJsS\x05_.S\x85`\xb0wd\xda\xd4\xa5\xa3\x91urce\x91\x81\x126\xa8\xb8\xb6\xb7\x94\xcd`\xe4=:\xba\xc9\xdeg`<\xa3\x84@\x85\x9aTX\x1c!G~e\x1c\xa2\xf5n.\xbc-\x9e\xa5(\xe7\fL\xa4\xbc<\xea\x84\xf4\xf0\xe3,+\x9c\xe0\xa9\xa6\x19', &(0x7f0000000580)='\\/\xe9\x838\x9d<\f\x91\a\xd4$\xae$\x91&6n @\xf4M\xba\xf2<\xd6A\xdb\xd7\xbe\b\x00g\xcc\xca\n@\x06\xa3\xfe%\x11\xc9\xc5\xc4\x96\xb7b\xa7\x15R.\xa3`fSc\x8b\x18rBl{\x82\\/A\x17\n\f\xcd=\'\x11\x1bZ\x8e\xb1\xc3j$v\xefw\x96\\\xff\xa2\xfc\xe3\xa9\xb7\vS\xae&\xe8\x02T\xd5M4g+\xbd\xd1\xe0R\x9d\x18\x19a:\xaa\xdf\xbe\x8b\x89\x81|l\x93Il\x90\xc9\x98\'OY\x05\xa5M\xf4o\x8b\xf0\xa3\x81\xd6\xbf@\xee\x92\xc8Q\an\xec\x03V\x854\x91s\xbaM\xd6\xafd\xc5\x1a\xdb\xb4=\x14\xed\x18:\x1c\x13\xea\xd4j\x83\x87\tR}<{\x9b\x9b\xc7M\xdf\xbd\xcc\xbb\x9b\xf0\r\x14\xb6\xe06\xae\xcd\xfa\x1b\"\xe4+\xd7\xab\x83\x83\xc9\x9a\xbbN\xbe\xaa\xda\x12{0\x85\xd6\xb0\xd8\'\x04<Yy\xec\xcf\x91\xfbY6\x19\xa9i\xb1Z\x1bW\xad\x9d<\xc5_\x0egroK\xbd1\n\xa3\x98y\xca\xa8Fl\x8f\x98\x97\xf1\x96\x9f\xf5\x022\xb0\xdd\n\xd1\xa8@\x88\xafoqI~]\xb9\x9eC?\x1d\xac,\xd3\xf6\xbbuF0tk\x10\xaf\x88\x7f\x98\x12\xbf\x89\x1c\x10\x1e\x10#Y\x8f\x9d\xe0A\xdc%\xae\x1d\xaf\x9fl\x17\x81\xa6', 0x0)
preadv(r0, &(0x7f0000000740), 0x0, 0x401, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xfffffffffffffe9b, &(0x7f0000000480)={&(0x7f00000008c0)=@newtaction={0x210, 0x30, 0x300, 0x71bd2a, 0x25dfdbff, {}, [{0x1fc, 0x1, [@m_gact={0x148, 0x17, 0x0, 0x0, {{0x9}, {0x4}, {0x119, 0x6, "0f617356f0a663079abe295a350af32575b7576a2846e5b3b3d9b048dc90bac2c3b40552dc14f7774371c98d6e2763d4fda783e36f45e224474cc6a0e6a530d841c87c70bbf3448d6187a58197fa3ffb0b318a51ba59415ac311a355fe1d08f8de9966d8ba89a56bfbc37c6af7d37dcdeb618f98f29bf3b05a23cefbbf51193614c08c162352d9eaad342b2f307dd8babd71ab8a1c4f80bbbbccc8ce4d369a33f9c6fc16198b2cfa20bc906e08c92c0642310e03f00a0ed12baa1df64f1bf0502f23ff4d6a5e05aa81fa19a9b88c32227231211d5d298a3c63d5549b1a72ad3a2c2dbf727e06036e6f15f608bea0e2a8ff93600a6133a9b45faa6924e7b9e8756e78750bdef4103fcd162842f48260e1dbb952cf91"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_sample={0x30, 0x1c, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3}}}}, @m_bpf={0x34, 0xa, 0x0, 0x0, {{0x8}, {0x4}, {0x9, 0x6, "266510c489"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_vlan={0x4c, 0x13, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x6, 0x4, 0x3, 0x7, 0x294cce70}, 0x3}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x210}, 0x1, 0x0, 0x0, 0x4000810}, 0x40)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x18, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x11}]}, 0x18}}, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000540)='vegas\x00', 0x6)
r7 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000840)="89000000120081ae08060cdc030000fe7f030000000000000001ffca1b1f0000000024c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00150c00014003080c00bdad446b31007a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947e", 0x75}, {&(0x7f0000000140)="11d6cb557c8496a2fe7a81f38210bfa9b70ee09c", 0x14}], 0x2}, 0x0)
ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000000)={0x80, 0xa, 0xf, 0xd, 0x0, 0xb021, 0x0})

1m48.64247333s ago: executing program 35 (id=705):
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_clone3(&(0x7f00000006c0)={0x192142100, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = fsopen(&(0x7f0000000400)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000240)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='\xd1S{O', &(0x7f0000000080)='\x1e\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000001680)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000640)='dU|\xcbM\xe6\x91q\xe0\x05\xbes\xc0\xd2\xdb0}\xa6\xc4tly\xe0+\xb8~\xd9ymx\xa1\x06\xb4F\xf3Q:\xfem\xea\xed\xfc\x04\xf88\xe0\xa1&\xa8\xff\x10\xb3\xb2\x92N\f\x00!\xdbV\xc3\xca\r\x8c\xfb\x8esJ\xb3\x1bf\xce\v\x0e\xe3\xd5', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000040)='\x00', &(0x7f0000000340)='dE\x00^\x1b\x19\xabr\xb7a\xa57\xf9\xd5\x8fR\xa0\xf6\xf7IQH\xcdPHSG\x05\x94X\x9d\xb5\xa0\xeb\xa1\xd0\x95j\xf4A\x15y\x83\xeb2\x8e0O\xdaY\xd7\xb8Q\xb4', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000007c0)='{)+}@@!}\x00', &(0x7f0000000800)='dU|\xcbM\xe6\x91q\xe0', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, 0x0, &(0x7f0000000b40)="b2", 0x1)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000840)='\x00\x9b~\xd7\xde\x91d\r\xa3e\xec=Z\xce\xb0\xdfr\xbfQ\x85n4\xf5T\xc2\x86;\x03K\x80pF\xeaK\xb4t\xef\'\n\x05\xc9\xcfc\x92\bE\xf9\xf9\xcf\x96\x99\xde\x1e3\xcdA\xf9\x1bj\xc3\x8b\xbe\xee\xb3e\xd8Mk\xf1+\xbf\xd5\x98\x8c\x13\xdc\x85\x17\xcd\xf8\xf5\a\xde9\xd1\x8b\xf0&P\x92\x99u8\xb6,#\x0f\x89\xd9ic\xb5\xba\xe7\x03\x8d-\v\xd3S\x98\x89@\x8aWLU\xb1\xc4i6\xa5\xb7\x1d\xf3s\xaf\x7f\xb16\xa2\xbe\xfa\xfa~2\x1d\xeb\xd0G\xdc\a\xa3\x93n\x82\xa7h\xd7\x83N\x8aW\xaa\xc1\xc7\xec\xea\x13\xbe\xf3fQ\xfa\x8cP\xa7\xc1O,\x83\xec\xa9\xeb\xb2 u\x15A\xde\f8T\x81\xccces\xfa\xef\xf4 =z\xfc\xef]~tY \xef8\r,x~\xa0,\xc7@\xc0\xef\xc1`\xec}\xa2\x8d\x95\xff0c\xcd\x02~\xb7\x1a\x93\xff\xcd\xadB7\x13\x84BPC\xa4\xa2O\xf0\xdd\xde\xc5H.y\xfc\xe9$\xf6\xa6t\xa3\xdbr\x00+\x01{\xfb-\x1f\x1b\xeb\xd9b\xf0\n\x99\x0f4\xfa_\x10\xd0%\xe7o\xc9\bO\xfe\xfb\xca\xf8\x9d]\xa1\x98(Nw\x87\xd15', &(0x7f0000000100)="8d", 0x1)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000a40)='\xcfD\xbc\xbf\xff\xdc\x83\xc5$\xb3\xecr\xe4G:\x93\xdfj\x96\x7f\x03\xe5\x94\xec\xe6\x04T\xcbn\xa5\xc3\x04[\x02\xa9[=\xf9\x8b\xf7\xc1\x9c\x83@\x1e\x99\xca\xc3\x85\xb8\xbeSAk\xf4\xb6 \xdf\xa0P\x18\x19\xae\x8c\x9a\x19mm\r<|\xe8\x9e\xa0x\x84p2\xf9\xe2\xed\xb0\f\x7f;\xf6J18G\x84c\x88\x9d{\xf4~\xdby:\xd8\xc5\xccrun4\xe0\xca\xc1\x0f\xc3\x03D\xe1\f\xb3O\xa4\x1c\x04]8)}\x83:\x9e\xc0X\xdb\xd9\x89\x94\x9b(\x19\\\xf5!w\xbafo\xea\xe4\xb5Xe\x84\xbc\xcdw\x802\xb4\xb8\x1f\xc2\x97\xbfi\xe8\xf8\xbd\x1d,\xffUX\xbeA\x00{\"\xdbya#I\x03\xec\xed\x8b\x97\xff\x1eiq\xd1n\xf99\xc6\a\a\xed\x0f\x15x\x91\xdc\x05P\xf7\xf3\xad\xa3\xbc\xe4[\xa2\xc7\xfa\x9e\xad\xa2\xad\x86\xc4\aD\xc9\xdf\xf8\xf7\xc1\xc5\xc5.\x8a&:\x90\xb2\x8c\x86\xb2\\\xa8%!\x98TQ\x91\x00\x00\x00\x00$\x99\xbf', &(0x7f00000006c0)='\x01\x8dik\xc2\xed\xf9\x8a\xae\x86\xae)Dn<(\x02:cU\xa0d\xd4\x1f\xd4\x95\x93\xb7\xc1\xcc\x84\x8c\xdd\xbf^]~\xcf\xcb6w\xb3\xfa0b\x88\x04\x10\x9d_\x97\x9f\x89\xb7\xe35C\xf3\x1b\xafV\\wGU\xaf\xa4\f&\xe7m\xf0\xaa{\xb2\xe5\xe2\xeb\x9bN#\x99\xdc\x9f\"\xab&\x8f\x01\x17Y\xaf\xb7\xdc`r\x9c6\\\x0e\x94\xc0a\xf7\xd4u\xdf\xf0\x9b\xb0p\v\xa1\x8a\x145\x9b\xd95\xc8U\xe4V\x81-1\xb0K\x9a\xa3+\x03\xc1\xf0\xeb\xafYI&\x9e\xd0\xe1\x148\xfe\x10\x0f\xbd\xa2\xed}\xe6\x1asT\x1f\x92\xdb\xa1&\'\xc7\xe9\xa5\xd0\x89\x8d\xf1$\"\xdc\xe5\xfcT\xad\fj\xfe\'t', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='$\x00', &(0x7f00000000c0)='{)+}@@!}\x00f\x01\x0e\x00\xadq\x1e\x03uK\x85\xe1\xe3u\xc2\xb9\xce&s$\x9co\xeb\x97o`\r\x83\r\'\x0ff\x04Q*\xe7', 0x0)

1m10.993723103s ago: executing program 6 (id=708):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e", 0x23}], 0x1}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r0=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000140)=0x14)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
fstat(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000300)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@empty, 0x4e21, 0xfe00, 0x4e23, 0x7, 0x2, 0x0, 0x80, 0xff, r0, r1}, {0xfd, 0x8, 0x1d, 0x1, 0x7f, 0x4, 0x9, 0x80}, {0x8, 0xe, 0x6, 0x48b28cb9}, 0xe, 0x0, 0x1, 0x1, 0x1, 0x2}, {{@in=@private=0xa010101, 0x4d6, 0x6c}, 0xa, @in=@multicast1, 0x3504, 0x0, 0x1, 0x40, 0xa, 0x6, 0xa5}}, 0xe8)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f0000000000)={0x6, 'wlan1\x00', {}, 0x108})
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r4, 0x8982, &(0x7f00000023c0)={0x0, 'veth0_vlan\x00', {0x1}, 0x2b1})
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="12000000120001000200000000000000100000000c00001700000000000000000f10"], 0x30}], 0x1, 0x0, 0x0, 0x20004000}, 0x0)
dup(r5)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x4b)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000000c0)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x6000}})
write$FUSE_NOTIFY_DELETE(r6, &(0x7f0000000400)=ANY=[@ANYBLOB="2a0000000600000000000000000000000100000000000000000100000000000001"], 0x2a)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

1m10.789154949s ago: executing program 1 (id=728):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000007000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000004400050020010000000000000000000000000000000000022b0000000a000000fc0100000000000000000000000000000000000004"], 0xfc}}, 0x0)
r1 = socket(0x2, 0x3, 0xff)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x800, @local}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r5=>0x0})
sendmsg$BATADV_CMD_TP_METER(r3, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000003080)={0x30, r4, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)
connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendmsg$key(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[], 0x18}}, 0x4808)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D'], 0x44}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="110000"], 0x48)
ioctl$FS_IOC_GETFSLABEL(r6, 0x800452d2, &(0x7f0000000100))

1m10.220067701s ago: executing program 1 (id=729):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x1}]}, 0x1c}}, 0x20000000)

1m9.121816896s ago: executing program 1 (id=730):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
r3 = fcntl$getown(r0, 0x9)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r4=>0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r7=>0x0})
accept4(r0, 0x0, &(0x7f0000000300), 0x0)
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
r8 = syz_open_procfs$userns(0x0, &(0x7f0000000100))
fcntl$getownex(r0, 0x10, &(0x7f0000000140)={0x0, <r9=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0x4c, r1, 0x38, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PID={0x8, 0x52, r3}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r4}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r8}, @NL80211_ATTR_PID={0x8, 0x52, r9}]}, 0x4c}}, 0x4000004)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_DISABLE_HT={0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7fff}]]}, 0x40}}, 0x0)

1m8.76090407s ago: executing program 1 (id=731):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0xb1e9, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000080)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_FORCE_PACK_ID(r5, 0x227b, &(0x7f00000000c0)=0x1)
readv(r5, &(0x7f0000000000)=[{&(0x7f0000000100)=""/54, 0x36}], 0x1)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x30}], 0x1, 0x0)

1m8.005680683s ago: executing program 7 (id=709):
r0 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x80, 0x3, 0x25f}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000200)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) (async, rerun: 64)
syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, r0, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}}) (rerun: 64)
io_uring_enter(r0, 0x6e2, 0x600, 0x1, 0x0, 0x0) (async)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000fc7fffff00000000000000"], &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) (async)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0x4, 0x0, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x4}, 0x50)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x58, 0x58, 0x5, [@func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0xd, 0x2}, {0x5, 0x2}, {0x7, 0x1}]}, @decl_tag={0x5, 0x0, 0x0, 0x11, 0x5, 0x3}, @typedef={0x5, 0x0, 0x0, 0x8, 0x3}, @func={0x6, 0x0, 0x0, 0xc, 0x1}, @const={0x2, 0x0, 0x0, 0xa, 0x4}]}, {0x0, [0x2e, 0x30, 0x5f]}}, &(0x7f0000000380)=""/224, 0x75, 0xe0, 0x0, 0x9, 0x10000}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000006c0)={0xffffffffffffffff, 0x20, &(0x7f0000000680)={&(0x7f0000000640)=""/49, 0x31, <r6=>0x0, &(0x7f0000000800)=""/204, 0xcc}}, 0x10)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000900)={0x1b, 0x0, 0x0, 0xb23, 0x0, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x50) (async)
r8 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000740), 0x40000, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@base={0xa, 0x7, 0x9, 0xcc, 0x600, 0x1, 0x63d, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000a80)={{0x1, <r10=>0xffffffffffffffff}, &(0x7f0000000a00), &(0x7f0000000a40)='%+9llu \x00'}, 0x20)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r11, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r11, 0x0) (async)
preadv(r11, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x15, 0x15, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@alu={0x7, 0x0, 0x7, 0xb, 0xa, 0xffffffffffffffe0, 0xfffffffffffffffc}, @exit, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0xdd, 0x0, 0x0, 0x0, 0x7}, @alu={0x7, 0x1, 0x1, 0x4, 0x9, 0xffffffffffffffff, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x49, &(0x7f0000000280)=""/73, 0x41000, 0x1, '\x00', 0x0, @fallback=0xd, r5, 0x8, &(0x7f0000000580)={0xa, 0x2}, 0x8, 0x10, &(0x7f00000005c0)={0x3, 0x8, 0x10, 0x3}, 0x10, r6, r3, 0x3, &(0x7f0000000ac0)=[r7, r8, r9, r10, r11], &(0x7f0000000b00)=[{0x2, 0x1, 0x7, 0x7}, {0x3, 0x1, 0x5, 0xa}, {0x4, 0x3, 0x5, 0xa}], 0x10, 0x7}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x10, &(0x7f0000000780)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0xfff}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@alu={0x4, 0x0, 0x1, 0x3, 0x2, 0xffffffffffffffff, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x4, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r6}, 0x94)

1m7.978113024s ago: executing program 8 (id=710):
open(&(0x7f0000000080)='./bus\x00', 0x1b4900, 0x0)
mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = fsopen(&(0x7f0000000000)='gadgetfs\x00', 0x1)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0x4240a2a0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
pread64(r3, &(0x7f0000000280)=""/243, 0xf3, 0x8000000000000001)
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
getpeername(r2, &(0x7f00000001c0)=@hci, &(0x7f0000000380)=0x80)
sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd21, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0xc, 0xfff2}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
sendmmsg$alg(r1, &(0x7f00000000c0), 0x492492492492627, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x100000}], 0x2, 0x0, 0x0, 0xb)

1m7.57194775s ago: executing program 7 (id=732):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$evdev(&(0x7f0000000180), 0xa, 0x400)
ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f00000001c0)=""/107)
r3 = mq_open(&(0x7f000084dff0)='\xa1sxt\x1a\x00\x00\x00\x00\x00\x00\x00\x01\x88\xbdd', 0x6e93ebbbcc0884f2, 0x100, &(0x7f0000000300)={0x0, 0x1, 0x3})
socket$kcm(0x10, 0x2, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
write$tun(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0x10da)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x24, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000006002000000000000800000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000b512feffb447450bb7a6f0ff0018120000000000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000000546800100f8ffff18440000f8ffffff00000000000000006005000101000000180000000a0000000000000080000000bf91000000000000b7020000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r5 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
r6 = fanotify_init(0xf00, 0x1)
fanotify_mark(r6, 0x105, 0x40009975, r5, 0x0)
fallocate(r4, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r4, 0x0)
mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(r3, &(0x7f0000000180)=""/204, 0xcc, 0x0, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100001000000000000000001a300006f1250b6294a913e1d26ba0cf62fac732a447ebf8819fa210100000000000000000700020014000000100001000000000084000a"], 0x3c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@bloom_filter={0x1e, 0x0, 0x3, 0xffffffff, 0x43403, r4, 0x384, '\x00', 0x0, r5, 0x2, 0x2, 0x3, 0x7}, 0x50)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x80000000)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
r7 = dup(r0)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[], 0x64}}, 0x4020040)

1m6.721794734s ago: executing program 1 (id=733):
socket$inet6(0xa, 0x5, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
syz_open_dev$cec(&(0x7f00000001c0), 0x0, 0x21c000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
shmctl$SHM_INFO(0x0, 0xe, &(0x7f00000003c0)=""/4096)
r4 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000300)={0x5})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x1}]}, 0x1c}}, 0x20000000)

56.555931166s ago: executing program 1 (id=735):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000000c0), 0x1007ffd, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)={0x1c, r3, 0x331, 0x0, 0x25dfdbfb, {0xb}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000000)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000300)={<r6=>0x0, @in6={{0xa, 0x4e22, 0x6, @local, 0x9}}, 0xffffffff, 0x4, 0x3, 0x0, 0xc, 0x80, 0x1}, &(0x7f0000000040)=0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000100)={0x0, 0x2, 0x8, 0x200, r6}, 0x10)
bind$alg(r1, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
close_range(0xffffffffffffffff, r5, 0x0)
r7 = accept(r1, 0x0, 0x0)
r8 = dup2(r7, r1)
sendmmsg$alg(r8, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0x18}], 0x1, &(0x7f0000000480)=[@op={0x18}], 0x18, 0x20000}], 0x1, 0x880)
r9 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
recvmsg(r9, &(0x7f000000b680)={0x0, 0x0, &(0x7f0000000180), 0x10000000000001a6}, 0x0)

56.553762922s ago: executing program 6 (id=736):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="300000001d00010000000000000000000700000050cc6bba2e45b3a1c25a7fff38908f7cca9338ad57bfd096bc7aba93a4018811127f24db95d1ea64055043535a3d07584553da9597170fea291325a2cb25f083c6d33916517277c8193742498ab32af4c4da9f3fe09962c8ff2dad9cbd5f2b5565a8214f524c255db789e48a96155ad1e85d372a6edfc97babd1", @ANYRES32=r2, @ANYBLOB="000000000a0002000080c20000000000070005"], 0x30}}, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000410007010000000007000000027c00000400318087c26ace570bbad6e8fae50850fd4790000000000000008c56aad193606fc7af43770f0fad5de195000000000000"], 0x18}}, 0x4010)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140100001400210200000000fcdbdf25031100800c0002"], 0x114}], 0x1}, 0x40014)
fcntl$getownex(r4, 0x10, &(0x7f00000000c0))
r6 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES8=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x5, 0xc10, 0x34325241, 0x0, 0x0, 0x7ffffffe, 0x3, 0xfeedcafe, 0x1, 0x1, 0x1, 0x1}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

56.553211158s ago: executing program 8 (id=737):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x1}]}, 0x1c}}, 0x20000000)

49.511765056s ago: executing program 36 (id=732):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$evdev(&(0x7f0000000180), 0xa, 0x400)
ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f00000001c0)=""/107)
r3 = mq_open(&(0x7f000084dff0)='\xa1sxt\x1a\x00\x00\x00\x00\x00\x00\x00\x01\x88\xbdd', 0x6e93ebbbcc0884f2, 0x100, &(0x7f0000000300)={0x0, 0x1, 0x3})
socket$kcm(0x10, 0x2, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
write$tun(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0x10da)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x24, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000006002000000000000800000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000b512feffb447450bb7a6f0ff0018120000000000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000000546800100f8ffff18440000f8ffffff00000000000000006005000101000000180000000a0000000000000080000000bf91000000000000b7020000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r5 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
r6 = fanotify_init(0xf00, 0x1)
fanotify_mark(r6, 0x105, 0x40009975, r5, 0x0)
fallocate(r4, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r4, 0x0)
mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(r3, &(0x7f0000000180)=""/204, 0xcc, 0x0, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100001000000000000000001a300006f1250b6294a913e1d26ba0cf62fac732a447ebf8819fa210100000000000000000700020014000000100001000000000084000a"], 0x3c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@bloom_filter={0x1e, 0x0, 0x3, 0xffffffff, 0x43403, r4, 0x384, '\x00', 0x0, r5, 0x2, 0x2, 0x3, 0x7}, 0x50)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x80000000)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
r7 = dup(r0)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[], 0x64}}, 0x4020040)

49.238520409s ago: executing program 5 (id=739):
socket$inet6(0xa, 0x5, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
syz_open_dev$cec(&(0x7f00000001c0), 0x0, 0x21c000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
shmctl$SHM_INFO(0x0, 0xe, &(0x7f00000003c0)=""/4096)
r4 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000300)={0x5})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x1}]}, 0x1c}}, 0x20000000)

43.036324992s ago: executing program 8 (id=740):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0xb1e9, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000080)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_FORCE_PACK_ID(r5, 0x227b, &(0x7f00000000c0)=0x1)
readv(r5, &(0x7f0000000000)=[{&(0x7f0000000100)=""/54, 0x36}], 0x1)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x30}], 0x1, 0x0)

40.878803917s ago: executing program 37 (id=736):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="300000001d00010000000000000000000700000050cc6bba2e45b3a1c25a7fff38908f7cca9338ad57bfd096bc7aba93a4018811127f24db95d1ea64055043535a3d07584553da9597170fea291325a2cb25f083c6d33916517277c8193742498ab32af4c4da9f3fe09962c8ff2dad9cbd5f2b5565a8214f524c255db789e48a96155ad1e85d372a6edfc97babd1", @ANYRES32=r2, @ANYBLOB="000000000a0002000080c20000000000070005"], 0x30}}, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000410007010000000007000000027c00000400318087c26ace570bbad6e8fae50850fd4790000000000000008c56aad193606fc7af43770f0fad5de195000000000000"], 0x18}}, 0x4010)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140100001400210200000000fcdbdf25031100800c0002"], 0x114}], 0x1}, 0x40014)
fcntl$getownex(r4, 0x10, &(0x7f00000000c0))
r6 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES8=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x5, 0xc10, 0x34325241, 0x0, 0x0, 0x7ffffffe, 0x3, 0xfeedcafe, 0x1, 0x1, 0x1, 0x1}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

39.291459547s ago: executing program 38 (id=735):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000000c0), 0x1007ffd, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)={0x1c, r3, 0x331, 0x0, 0x25dfdbfb, {0xb}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000000)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000300)={<r6=>0x0, @in6={{0xa, 0x4e22, 0x6, @local, 0x9}}, 0xffffffff, 0x4, 0x3, 0x0, 0xc, 0x80, 0x1}, &(0x7f0000000040)=0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000100)={0x0, 0x2, 0x8, 0x200, r6}, 0x10)
bind$alg(r1, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
close_range(0xffffffffffffffff, r5, 0x0)
r7 = accept(r1, 0x0, 0x0)
r8 = dup2(r7, r1)
sendmmsg$alg(r8, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0x18}], 0x1, &(0x7f0000000480)=[@op={0x18}], 0x18, 0x20000}], 0x1, 0x880)
r9 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
recvmsg(r9, &(0x7f000000b680)={0x0, 0x0, &(0x7f0000000180), 0x10000000000001a6}, 0x0)

38.105771306s ago: executing program 5 (id=743):
socket$inet6(0xa, 0x5, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x1}]}, 0x1c}}, 0x20000000)

38.10531409s ago: executing program 8 (id=744):
socket$inet6(0xa, 0x5, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x1}]}, 0x1c}}, 0x20000000)

36.246553565s ago: executing program 5 (id=745):
socket$inet6(0xa, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x1}]}, 0x1c}}, 0x20000000)

32.185371725s ago: executing program 5 (id=746):
openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/power/wakeup_count', 0x42, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000000000000001"], 0x14}}, 0x0)
read(r0, &(0x7f0000000080)=""/186, 0xba)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
socket$kcm(0x2, 0xa, 0x2)
write$tun(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xfdef)
openat$tun(0xffffffffffffff9c, 0x0, 0x99580, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x7}, 0x2000000, 0x0, 0x1}, {{@in=@rand_addr=0x64010101, 0x4d5, 0x32}, 0x0, @in6=@loopback, 0x1, 0x3, 0x0, 0xb7, 0x1fb, 0xffffffff}}, 0xe8)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc)
sendmmsg(r4, &(0x7f0000000180), 0x400000000000077, 0x7600)
ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x89101)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0)
setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f00000000c0), 0x4)
socket(0x840000000002, 0x3, 0xff)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRES16=r1], 0xf8)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})

26.643225773s ago: executing program 5 (id=747):
socket$inet6(0xa, 0x5, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
syz_open_dev$cec(&(0x7f00000001c0), 0x0, 0x21c000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
shmctl$SHM_INFO(0x0, 0xe, &(0x7f00000003c0)=""/4096)
r4 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000300)={0x5})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x1}]}, 0x1c}}, 0x20000000)

26.135067482s ago: executing program 8 (id=748):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0xe3, 0xdd, 0xef, 0x20, 0x1d50, 0x60a1, 0xa14f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9d, 0x14, 0x4e}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000000), 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000400)={0x34, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f00000005c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, &(0x7f0000000140)={0x14, &(0x7f0000000040)={0x0, 0x21, 0x86, {0x86, 0x1, "199c271884de32952a452a2823f7fc6339e5852a24326ee834c9420da33462a6bb9be880cd09f71445befd02357a9ec48c515b2435cc568f16758392bc1866fd7c5ef2e4ac4d84ba37d6b7c10306618c4a75eaaa085fa4ba94c51681f40935725700be4a4283c4214c8855babe9ca00fb924888c0bceb400cb80124c081ec9467622ffe1"}}, &(0x7f0000000100)={0x0, 0x3, 0xb, @string={0xb, 0x3, "487a42a380a91b62f8"}}}, &(0x7f0000000680)={0x44, &(0x7f0000000300)={0x60, 0x17, 0x64, "d86037b9c86823712acf17468907faaf7f2ed009ebefc1e91b280f90543edd0c3e22074fd806bddbbfa399af6bc1f8d532b0a674315ba81b54f30b18b0c44b28a02bcceafe6a69fbb9e96004a35aeb505074826df2f2a33dbad35501957403aeecee7411"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x20}, &(0x7f0000000380)={0x0, 0x8, 0x1, 0x1}, &(0x7f00000003c0)={0x20, 0x81, 0x2, "9cc4"}, &(0x7f0000000440)={0x20, 0x82, 0x3, "f1b7ed"}, &(0x7f0000000480)={0x20, 0x83, 0x3, "945fa6"}, &(0x7f00000004c0)={0x20, 0x84, 0x4, "18d1e6d6"}, &(0x7f0000000500)={0x20, 0x85, 0x3, "460f9f"}})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000780)={0x44, &(0x7f0000000580)={0x0, 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000540)={0x34, &(0x7f00000002c0)={0x20, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0})

22.080891401s ago: executing program 5 (id=749):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
userfaultfd(0x1)
r6 = syz_open_dev$media(&(0x7f0000000080), 0x1, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000440)=ANY=[@ANYBLOB="ffffffffffffa1370000000008004500001c0000000000889078ac1e0101ac1414aa1100907800000008"], 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r6, 0x80047c05, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x9, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x9)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x8200, 0x0)
r10 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r10, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_uring_enter(r7, 0x47f6, 0x0, 0x2, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
sendmsg$nl_route_sched(r2, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x0, 0x0, 0x887}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5}}}]}, 0x78}}, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x10, 0x0, 0x20040001, 0x10, 0xe87e, 0x0, 0x3, 0x80000000}})
bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1={0xff, 0x5}}, 0x1c)
getsockname$inet6(r0, 0x0, &(0x7f0000000040))

20.121713213s ago: executing program 8 (id=750):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="300000001d00010000000000000000000700000050cc6bba2e45b3a1c25a7fff38908f7cca9338ad57bfd096bc7aba93a4018811127f24db95d1ea64055043535a3d07584553da9597170fea291325a2cb25f083c6d33916517277c8193742498ab32af4c4da9f3fe09962c8ff2dad9cbd5f2b5565a8214f524c255db789e48a96155ad1e85d372a6edfc97babd1", @ANYRES32=r2, @ANYBLOB="000000000a0002000080c20000000000070005"], 0x30}}, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000410007010000000007000000027c00000400318087c26ace570bbad6e8fae50850fd4790000000000000008c56aad193606fc7af43770f0fad5de195000000000000"], 0x18}}, 0x4010)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140100001400210200000000fcdbdf25031100800c0002"], 0x114}], 0x1}, 0x40014)
fcntl$getownex(r4, 0x10, &(0x7f00000000c0))
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES8=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x5, 0xc10, 0x34325241, 0x0, 0x0, 0x7ffffffe, 0x3, 0xfeedcafe, 0x1, 0x1, 0x1, 0x1}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

731.011916ms ago: executing program 39 (id=750):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="300000001d00010000000000000000000700000050cc6bba2e45b3a1c25a7fff38908f7cca9338ad57bfd096bc7aba93a4018811127f24db95d1ea64055043535a3d07584553da9597170fea291325a2cb25f083c6d33916517277c8193742498ab32af4c4da9f3fe09962c8ff2dad9cbd5f2b5565a8214f524c255db789e48a96155ad1e85d372a6edfc97babd1", @ANYRES32=r2, @ANYBLOB="000000000a0002000080c20000000000070005"], 0x30}}, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000410007010000000007000000027c00000400318087c26ace570bbad6e8fae50850fd4790000000000000008c56aad193606fc7af43770f0fad5de195000000000000"], 0x18}}, 0x4010)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140100001400210200000000fcdbdf25031100800c0002"], 0x114}], 0x1}, 0x40014)
fcntl$getownex(r4, 0x10, &(0x7f00000000c0))
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES8=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x5, 0xc10, 0x34325241, 0x0, 0x0, 0x7ffffffe, 0x3, 0xfeedcafe, 0x1, 0x1, 0x1, 0x1}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

0s ago: executing program 40 (id=749):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
userfaultfd(0x1)
r6 = syz_open_dev$media(&(0x7f0000000080), 0x1, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000440)=ANY=[@ANYBLOB="ffffffffffffa1370000000008004500001c0000000000889078ac1e0101ac1414aa1100907800000008"], 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r6, 0x80047c05, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x9, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x9)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x8200, 0x0)
r10 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r10, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_uring_enter(r7, 0x47f6, 0x0, 0x2, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
sendmsg$nl_route_sched(r2, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x0, 0x0, 0x887}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5}}}]}, 0x78}}, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x10, 0x0, 0x20040001, 0x10, 0xe87e, 0x0, 0x3, 0x80000000}})
bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1={0xff, 0x5}}, 0x1c)
getsockname$inet6(r0, 0x0, &(0x7f0000000040))

kernel console output (not intermixed with test programs):

12kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  187.413744][    C0] Node 1 Normal: 164*4kB (UM) 37*8kB (UME) 48*16kB (UME) 86*32kB (UME) 30*64kB (UME) 9*128kB (UME) 4*256kB (UME) 2*512kB (M) 2*1024kB (ME) 2*2048kB (UE) 949*4096kB (M) = 3902840kB
[  187.431606][    C0] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  187.441127][    C0] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  187.450387][    C0] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  187.459907][    C0] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  187.469167][    C0] 50018 total pagecache pages
[  187.473819][    C0] 0 pages in swap cache
[  187.477949][    C0] Free swap  = 124996kB
[  187.482082][    C0] Total swap = 124996kB
[  187.486217][    C0] 2097051 pages RAM
[  187.489999][    C0] 0 pages HighMem/MovableOnly
[  187.494652][    C0] 429930 pages reserved
[  187.498786][    C0] 0 pages cma reserved
[  187.824768][ T7840] netlink: 'syz.1.536': attribute type 7 has an invalid length.
[  187.832842][ T7840] netlink: 8 bytes leftover after parsing attributes in process `syz.1.536'.
[  187.896700][ T7837] capability: warning: `syz.4.535' uses deprecated v2 capabilities in a way that may be insecure
[  188.427049][ T5961] usb 3-1: USB disconnect, device number 13
[  188.537070][   T30] audit: type=1400 audit(1751637125.126:562): avc:  denied  { remount } for  pid=7847 comm="syz.1.538" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  189.631127][    T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  189.897248][   T30] audit: type=1400 audit(1751637126.486:563): avc:  denied  { write } for  pid=7861 comm="syz.3.542" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  190.432156][    T9] usb 2-1: config 0 has no interfaces?
[  190.441414][    T9] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  190.460381][   T30] audit: type=1400 audit(1751637126.486:564): avc:  denied  { open } for  pid=7861 comm="syz.3.542" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  190.483150][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.680934][    T9] usb 2-1: Product: syz
[  190.685500][    T9] usb 2-1: Manufacturer: syz
[  191.210180][    T9] usb 2-1: SerialNumber: syz
[  191.289440][    T9] usb 2-1: config 0 descriptor??
[  191.611810][ T7852] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  193.106365][ T7899] netlink: 8 bytes leftover after parsing attributes in process `syz.2.549'.
[  193.115412][ T7899] openvswitch: netlink: Missing key (keys=40, expected=100)
[  193.883487][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  193.889888][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  194.162093][ T5849] usb 2-1: USB disconnect, device number 15
[  194.474055][ T7909] xt_TCPMSS: Only works on TCP SYN packets
[  194.488754][ T7909] overlayfs: missing 'lowerdir'
[  196.072550][   T30] audit: type=1326 audit(1751637132.336:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7925 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca17f8e929 code=0x7ffc0000
[  196.105732][   T30] audit: type=1326 audit(1751637132.336:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7925 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca17f8e929 code=0x7ffc0000
[  196.130166][   T30] audit: type=1326 audit(1751637132.336:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7925 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7fca17f8e929 code=0x7ffc0000
[  196.130209][   T30] audit: type=1326 audit(1751637132.336:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7925 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca17f8e929 code=0x7ffc0000
[  196.130548][   T30] audit: type=1326 audit(1751637132.336:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7925 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca17f8e929 code=0x7ffc0000
[  196.130589][   T30] audit: type=1326 audit(1751637132.336:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7925 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=450 compat=0 ip=0x7fca17f8e929 code=0x7ffc0000
[  196.130626][   T30] audit: type=1326 audit(1751637132.336:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7925 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca17f8e929 code=0x7ffc0000
[  196.134751][   T30] audit: type=1326 audit(1751637132.336:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7925 comm="syz.3.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca17f8e929 code=0x7ffc0000
[  198.008858][   T30] audit: type=1400 audit(1751637134.576:573): avc:  denied  { create } for  pid=7946 comm="syz.2.565" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  198.180803][   T30] audit: type=1400 audit(1751637134.696:574): avc:  denied  { sys_admin } for  pid=7946 comm="syz.2.565" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  199.944288][ T7979] netlink: 8 bytes leftover after parsing attributes in process `syz.0.570'.
[  200.511204][ T5961] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  200.596854][ T7993] Invalid logical block size (768)
[  200.715323][ T5961] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  200.773698][ T5961] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 255, setting to 64
[  200.833442][ T5961] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  200.914626][ T5961] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.947223][ T5961] usb 5-1: config 0 descriptor??
[  200.978592][ T7985] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  201.040778][ T5895] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  201.367620][ T5895] usb 1-1: Using ep0 maxpacket: 8
[  201.447402][ T5895] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  201.494956][ T5961] ath6kl: Failed to submit usb control message: -71
[  201.514440][ T5895] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.529886][ T5961] ath6kl: unable to send the bmi data to the device: -71
[  201.556157][ T5895] usb 1-1: Product: syz
[  201.568631][ T5961] ath6kl: Unable to send get target info: -71
[  201.576550][ T5895] usb 1-1: Manufacturer: syz
[  201.608120][ T5961] ath6kl: Failed to init ath6kl core: -71
[  201.614515][ T5895] usb 1-1: SerialNumber: syz
[  201.634782][ T5961] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[  201.651262][ T5895] usb 1-1: config 0 descriptor??
[  201.673298][ T5895] gspca_main: sq930x-2.14.0 probing 2770:930c
[  201.690120][ T5961] usb 5-1: USB disconnect, device number 10
[  201.850755][ T5947] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  201.947497][ T8027] netlink: 8 bytes leftover after parsing attributes in process `syz.2.584'.
[  202.021487][ T5947] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  202.106460][ T8029] siw: device registration error -23
[  202.374463][ T5947] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  202.400461][ T5947] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  202.462922][ T5947] usb 4-1: config 0 interface 0 has no altsetting 0
[  202.537371][ T5947] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  202.602574][ T5947] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  202.621235][ T5947] usb 4-1: config 0 interface 0 has no altsetting 0
[  202.629471][ T5947] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  202.639119][ T5947] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  202.654046][ T5947] usb 4-1: config 0 interface 0 has no altsetting 0
[  202.662624][ T5947] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  202.672765][ T5947] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  202.684381][ T5947] usb 4-1: config 0 interface 0 has no altsetting 0
[  202.693643][ T5947] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  202.703260][ T5947] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  202.714544][ T5947] usb 4-1: config 0 interface 0 has no altsetting 0
[  202.724206][ T5947] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  202.737664][ T5947] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  202.748852][ T5947] usb 4-1: config 0 interface 0 has no altsetting 0
[  202.757232][ T5947] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  202.766479][ T5947] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  202.780524][ T5947] usb 4-1: config 0 interface 0 has no altsetting 0
[  202.788769][ T5947] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  202.797925][ T5947] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  202.808898][ T5947] usb 4-1: config 0 interface 0 has no altsetting 0
[  202.818842][ T5947] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  202.827975][ T5947] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  202.836471][ T5947] usb 4-1: Product: syz
[  202.840818][ T5947] usb 4-1: Manufacturer: syz
[  202.845542][ T5947] usb 4-1: SerialNumber: syz
[  202.863551][ T5947] usb 4-1: config 0 descriptor??
[  202.875170][ T5947] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[  203.010708][ T5895] gspca_sq930x: reg_w 0105 0c00 failed -71
[  203.016639][ T5895] sq930x 1-1:0.0: probe with driver sq930x failed with error -71
[  203.027465][ T5895] usb 1-1: USB disconnect, device number 15
[  203.050743][ T5811] Bluetooth: hci4: command 0x0c1a tx timeout
[  203.107257][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  203.107272][   T30] audit: type=1400 audit(1751637139.696:577): avc:  denied  { ioctl } for  pid=8020 comm="syz.3.583" path="socket:[17618]" dev="sockfs" ino=17618 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  203.139646][ T5872] usb 4-1: USB disconnect, device number 17
[  203.148473][ T5872] yurex 4-1:0.0: USB YUREX #0 now disconnected
[  255.212265][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  255.218604][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  316.653447][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  316.659801][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  327.893097][   T30] audit: type=1400 audit(1751637264.486:578): avc:  denied  { ioctl } for  pid=8070 comm="syz.0.586" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=17662 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  328.842017][ T5961] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  328.945238][ T8096] netlink: 'syz.3.591': attribute type 10 has an invalid length.
[  329.896884][ T8096] 8021q: adding VLAN 0 to HW filter on device batadv0
[  329.907558][ T8096] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  329.950415][ T5961] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  329.966201][ T5961] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  329.975370][ T5961] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.037173][ T5961] usb 2-1: config 0 descriptor??
[  330.560696][   T24] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  330.635767][ T8121] FAULT_INJECTION: forcing a failure.
[  330.635767][ T8121] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  330.657622][ T8121] CPU: 1 UID: 0 PID: 8121 Comm: syz.3.598 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) 
[  330.657649][ T8121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  330.657658][ T8121] Call Trace:
[  330.657663][ T8121]  <TASK>
[  330.657668][ T8121]  dump_stack_lvl+0x16c/0x1f0
[  330.657702][ T8121]  should_fail_ex+0x512/0x640
[  330.657728][ T8121]  _copy_from_user+0x2e/0xd0
[  330.657754][ T8121]  move_addr_to_kernel+0x65/0x170
[  330.657773][ T8121]  __sys_sendto+0x1be/0x520
[  330.657793][ T8121]  ? __pfx___sys_sendto+0x10/0x10
[  330.657812][ T8121]  ? lock_acquire+0x179/0x350
[  330.657842][ T8121]  ? bpf_trace_run2+0x265/0x590
[  330.657869][ T8121]  ? __might_fault+0xe3/0x190
[  330.657895][ T8121]  ? __might_fault+0x13b/0x190
[  330.657921][ T8121]  __x64_sys_sendto+0xe0/0x1c0
[  330.657940][ T8121]  ? syscall_trace_enter+0xee/0x260
[  330.657958][ T8121]  do_syscall_64+0xcd/0x4c0
[  330.657984][ T8121]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.658000][ T8121] RIP: 0033:0x7fca17f8e929
[  330.658014][ T8121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  330.658030][ T8121] RSP: 002b:00007fca18dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  330.658047][ T8121] RAX: ffffffffffffffda RBX: 00007fca181b5fa0 RCX: 00007fca17f8e929
[  330.658058][ T8121] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  330.658067][ T8121] RBP: 00007fca18dca090 R08: 00002000000003c0 R09: 000000000000001b
[  330.658076][ T8121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  330.658085][ T8121] R13: 0000000000000000 R14: 00007fca181b5fa0 R15: 00007ffcb1b81948
[  330.658107][ T8121]  </TASK>
[  330.828662][    C1] vkms_vblank_simulate: vblank timer overrun
[  331.038641][   T24] usb 3-1: Using ep0 maxpacket: 8
[  331.154407][   T24] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  331.280306][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  331.299106][ T5961] keytouch 0003:0926:3333.000F: fixing up Keytouch IEC report descriptor
[  331.308912][   T24] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  331.328763][ T5961] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.000F/input/input19
[  331.334568][   T30] audit: type=1400 audit(1751637267.926:579): avc:  denied  { listen } for  pid=8123 comm="syz.4.601" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  331.340509][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  331.462660][ T8078] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  331.487529][ T8078] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  331.494977][ T8078] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  331.495328][ T8078] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  332.146787][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  332.160029][   T24] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  332.175759][ T5961] keytouch 0003:0926:3333.000F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  332.200184][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  332.273670][   T24] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  332.290864][ T5961] usb 2-1: USB disconnect, device number 16
[  332.700430][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  332.744290][ T8137] fido_id[8137]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  332.759499][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  332.788412][   T24] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  332.831049][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  332.845507][   T24] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  332.890715][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  332.917570][ T8143] netlink: 8 bytes leftover after parsing attributes in process `syz.0.606'.
[  332.928003][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  332.970376][   T24] usb 3-1: string descriptor 0 read error: -22
[  332.977009][   T24] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  332.996309][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  333.274681][   T24] usb 3-1: can't set config #168, error -71
[  333.376193][   T24] usb 3-1: USB disconnect, device number 14
[  334.499578][   T30] audit: type=1400 audit(1751637271.086:580): avc:  denied  { bind } for  pid=8171 comm="syz.2.616" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  334.624799][   T24] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  335.133224][   T24] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  335.164707][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  335.313594][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  335.389434][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  335.489338][   T24] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  335.510970][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  335.528363][   T24] usb 4-1: config 0 descriptor??
[  335.860723][ T5961] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  336.032319][   T24] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  336.180107][ T5961] usb 1-1: device descriptor read/64, error -71
[  336.242965][ T8185] netlink: 8 bytes leftover after parsing attributes in process `syz.2.621'.
[  336.452852][ T8189] capability: warning: `syz.1.622' uses 32-bit capabilities (legacy support in use)
[  336.513625][   T30] audit: type=1400 audit(1751637273.106:581): avc:  denied  { bind } for  pid=8187 comm="syz.1.622" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  336.530713][ T5961] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  336.784161][ T5961] usb 1-1: device descriptor read/64, error -71
[  336.920818][ T5861] IPVS: starting estimator thread 0...
[  337.014068][ T5961] usb usb1-port1: attempt power cycle
[  337.022138][ T8199] IPVS: using max 39 ests per chain, 93600 per kthread
[  337.179202][ T8204] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  337.185739][ T8204] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  337.281526][ T8204] vhci_hcd vhci_hcd.0: Device attached
[  337.374373][ T8207] netlink: 'syz.2.626': attribute type 10 has an invalid length.
[  337.428058][ T8208] netlink: 4 bytes leftover after parsing attributes in process `syz.2.626'.
[  337.496806][ T5961] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  337.520681][ T5849] usb 37-1: new high-speed USB device number 2 using vhci_hcd
[  338.368108][   T24] usb 4-1: reset high-speed USB device number 18 using dummy_hcd
[  338.456744][ T5961] usb 1-1: device descriptor read/8, error -71
[  338.496327][ T8212] netlink: 8 bytes leftover after parsing attributes in process `syz.3.627'.
[  338.769270][ T8208] team0 (unregistering): Port device team_slave_0 removed
[  338.793053][ T8208] team0 (unregistering): Port device team_slave_1 removed
[  338.926840][ T8205] vhci_hcd: connection reset by peer
[  338.934415][   T49] vhci_hcd: stop threads
[  338.939290][   T49] vhci_hcd: release socket
[  338.945161][   T49] vhci_hcd: disconnect device
[  338.967213][ T8220] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  339.080784][    T9] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  339.201768][   T48] usb 4-1: USB disconnect, device number 18
[  339.210810][ T5961] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  339.244166][ T5961] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[  339.244720][    T9] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[  339.254595][ T5961] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  339.270436][    T9] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  339.270571][ T5961] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[  339.288345][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[  339.288427][ T5961] usb 1-1: config 1 has no interface number 0
[  339.303567][    T9] usb 2-1: config 1 has no interface number 0
[  339.305904][ T5961] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  339.309847][    T9] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  339.332168][ T5961] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  339.345332][    T9] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  339.358971][    T9] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  339.368211][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.368286][ T5961] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  339.389145][ T5961] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.406649][    T9] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[  339.411766][ T5961] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[  339.784923][ T8227] No source specified
[  339.814724][   T30] audit: type=1400 audit(1751637276.406:582): avc:  denied  { append } for  pid=8228 comm="syz.2.635" name="event0" dev="devtmpfs" ino=918 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  339.818165][ T8227] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.634'.
[  339.848653][ T8227] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  339.961487][ T5961] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached
[  339.962227][    T9] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[  340.495872][ T5961] usb 1-1: USB disconnect, device number 19
[  340.511059][ T5961] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[  340.659135][ T8240] netlink: 16 bytes leftover after parsing attributes in process `syz.4.639'.
[  340.664869][    T9] usb 2-1: USB disconnect, device number 17
[  340.679033][    T9] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[  340.753766][ T8248] binder: BINDER_SET_CONTEXT_MGR already set
[  340.759880][ T8248] binder: 8246:8248 ioctl 4018620d 200000000040 returned -16
[  340.944613][ T8252] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  341.020765][   T24] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  341.216003][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  341.240891][ T8259] netlink: 20 bytes leftover after parsing attributes in process `syz.4.644'.
[  341.255841][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  341.367213][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  341.410787][   T24] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  341.443491][ T8266] netlink: 256 bytes leftover after parsing attributes in process `syz.1.646'.
[  341.453799][ T5861] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  341.462541][   T30] audit: type=1400 audit(1751637278.026:583): avc:  denied  { mount } for  pid=8265 comm="syz.1.646" name="/" dev="ramfs" ino=18084 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  341.489140][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  341.531254][   T24] usb 4-1: config 0 descriptor??
[  341.611215][    T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  341.840220][ T5861] usb 1-1: config 0 has no interfaces?
[  341.858361][ T5861] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  341.875037][ T5861] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.887648][ T5861] usb 1-1: Product: syz
[  341.894577][ T5861] usb 1-1: Manufacturer: syz
[  341.899252][ T5861] usb 1-1: SerialNumber: syz
[  341.917605][ T5861] usb 1-1: config 0 descriptor??
[  342.001431][    T9] usb 5-1: Using ep0 maxpacket: 16
[  342.008445][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  342.020306][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  342.030401][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  342.043369][    T9] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  342.049598][   T24] usbhid 4-1:0.0: can't add hid device: -71
[  342.053633][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  342.069659][   T24] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  342.083143][    T9] usb 5-1: config 0 descriptor??
[  342.088353][   T24] usb 4-1: USB disconnect, device number 19
[  342.210697][ T5961] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  342.226610][ T5861] usb 1-1: USB disconnect, device number 20
[  342.363439][ T5961] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  342.376638][ T5961] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  342.385967][ T5961] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  342.399441][ T5961] usb 3-1: config 0 descriptor??
[  342.451037][   T30] audit: type=1400 audit(1751637279.036:584): avc:  denied  { map } for  pid=8279 comm="syz.1.650" path="socket:[18106]" dev="sockfs" ino=18106 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  342.497603][    T9] shield 0003:0955:7214.0011: unknown main item tag 0x0
[  342.505333][    T9] shield 0003:0955:7214.0011: unknown main item tag 0x0
[  342.512565][    T9] shield 0003:0955:7214.0011: unknown main item tag 0x0
[  342.519964][    T9] shield 0003:0955:7214.0011: unknown main item tag 0x0
[  342.529409][    T9] shield 0003:0955:7214.0011: unknown main item tag 0x0
[  342.538736][    T9] input: HID 0955:7214 Haptics as /devices/virtual/input/input21
[  342.563798][    T9] shield 0003:0955:7214.0011: Registered Thunderstrike controller
[  342.578616][    T9] shield 0003:0955:7214.0011: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0
[  342.633206][ T8284] netlink: 'syz.3.651': attribute type 1 has an invalid length.
[  342.674386][ T8284] 8021q: adding VLAN 0 to HW filter on device bond1
[  342.705732][ T8259] netlink: 'syz.4.644': attribute type 2 has an invalid length.
[  342.713616][ T8259] netlink: 244 bytes leftover after parsing attributes in process `syz.4.644'.
[  342.726728][ T8284] 8021q: adding VLAN 0 to HW filter on device bond1
[  342.734756][ T8284] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  342.751560][ T8284] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  342.874940][ T5861] usb 5-1: USB disconnect, device number 11
[  342.880994][   T10] shield 0003:0955:7214.0011: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  342.906610][ T5961] keytouch 0003:0926:3333.0012: fixing up Keytouch IEC report descriptor
[  342.921624][ T5961] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0012/input/input22
[  342.925077][   T10] shield 0003:0955:7214.0011: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  342.955461][   T10] shield 0003:0955:7214.0011: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  342.971004][   T10] shield 0003:0955:7214.0011: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  343.030222][ T8286] bond1: (slave bridge1): Enslaving as an active interface with a down link
[  343.047593][ T5961] keytouch 0003:0926:3333.0012: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  343.245533][ T8276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  343.254409][ T8276] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  343.279941][ T8276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  343.481719][ T8276] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  343.658839][    C1] Mem-Info:
[  343.661999][    C1] active_anon:8982 inactive_anon:0 isolated_anon:0
[  343.661999][    C1]  active_file:2331 inactive_file:40669 isolated_file:0
[  343.661999][    C1]  unevictable:768 dirty:418 writeback:0
[  343.661999][    C1]  slab_reclaimable:11872 slab_unreclaimable:104443
[  343.661999][    C1]  mapped:30242 shmem:1395 pagetables:1214
[  343.661999][    C1]  sec_pagetables:0 bounce:0
[  343.661999][    C1]  kernel_misc_reclaimable:0
[  343.661999][    C1]  free:1311757 free_pcp:13484 free_cma:0
[  343.707277][    C1] Node 0 active_anon:35928kB inactive_anon:0kB active_file:9324kB inactive_file:162476kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120968kB dirty:1672kB writeback:0kB shmem:4044kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12292kB pagetables:4720kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  343.740557][    C1] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  343.771927][    C1] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  343.800686][    C1] lowmem_reserve[]: 0 2481 2482 2482 2482
[  343.806429][    C1] Node 0 DMA32 free:1328104kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:35916kB inactive_anon:0kB active_file:9324kB inactive_file:161148kB unevictable:1536kB writepending:1672kB present:3129332kB managed:2540572kB mlocked:0kB bounce:0kB free_pcp:38120kB local_pcp:18972kB free_cma:0kB
[  343.838648][    C1] lowmem_reserve[]: 0 0 1 1 1
[  343.843342][    C1] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12kB inactive_anon:0kB active_file:0kB inactive_file:1328kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:8kB free_cma:0kB
[  343.872365][    C1] lowmem_reserve[]: 0 0 0 0 0
[  343.877064][    C1] Node 1 Normal free:3903352kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:16544kB local_pcp:8768kB free_cma:0kB
[  343.908152][    C1] lowmem_reserve[]: 0 0 0 0 0
[  343.912849][    C1] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  343.925469][    C1] Node 0 DMA32: 519*4kB (UME) 558*8kB (UME) 622*16kB (UM) 1535*32kB (UME) 305*64kB (UME) 87*128kB (UME) 38*256kB (UM) 17*512kB (UME) 9*1024kB (UME) 10*2048kB (UME) 289*4096kB (M) = 1328140kB
[  343.944319][    C1] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  343.956570][    C1] Node 1 Normal: 164*4kB (UM) 37*8kB (UME) 48*16kB (UME) 96*32kB (UME) 33*64kB (UME) 9*128kB (UME) 4*256kB (UME) 2*512kB (M) 2*1024kB (ME) 2*2048kB (UE) 949*4096kB (M) = 3903352kB
[  343.974434][    C1] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  343.983977][    C1] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  343.993259][    C1] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  344.002797][    C1] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  344.012071][    C1] 44391 total pagecache pages
[  344.016732][    C1] 0 pages in swap cache
[  344.020866][    C1] Free swap  = 124996kB
[  344.025014][    C1] Total swap = 124996kB
[  344.029167][    C1] 2097051 pages RAM
[  344.032964][    C1] 0 pages HighMem/MovableOnly
[  344.037627][    C1] 429930 pages reserved
[  344.041770][    C1] 0 pages cma reserved
[  344.056089][ T5849] vhci_hcd: vhci_device speed not set
[  344.618510][ T5861] usb 3-1: USB disconnect, device number 15
[  344.708541][ T8308] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  344.816067][ T8311] binder: 8310:8311 ioctl 89e0 200000000240 returned -22
[  344.955042][ T8316] netlink: 28 bytes leftover after parsing attributes in process `syz.3.660'.
[  344.965154][ T8316] netlink: 28 bytes leftover after parsing attributes in process `syz.3.660'.
[  345.828483][   T30] audit: type=1326 audit(1751637282.416:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8330 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb318e929 code=0x7ffc0000
[  345.860766][    T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  345.879544][   T30] audit: type=1326 audit(1751637282.416:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8330 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb318e929 code=0x7ffc0000
[  345.911268][   T30] audit: type=1326 audit(1751637282.416:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8330 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7bb318e929 code=0x7ffc0000
[  345.937232][   T30] audit: type=1326 audit(1751637282.416:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8330 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb318e929 code=0x7ffc0000
[  345.963680][   T30] audit: type=1326 audit(1751637282.416:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8330 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7bb318e929 code=0x7ffc0000
[  345.990766][   T30] audit: type=1326 audit(1751637282.416:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8330 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb318e929 code=0x7ffc0000
[  346.017173][   T30] audit: type=1326 audit(1751637282.416:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8330 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7bb318e929 code=0x7ffc0000
[  346.041500][    T9] usb 3-1: Using ep0 maxpacket: 8
[  346.056499][    T9] usb 3-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d
[  346.071130][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.083902][    T9] usb 3-1: Product: syz
[  346.088144][    T9] usb 3-1: Manufacturer: syz
[  346.093565][    T9] usb 3-1: SerialNumber: syz
[  346.111699][    T9] usb 3-1: config 0 descriptor??
[  346.120396][   T30] audit: type=1326 audit(1751637282.416:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8330 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb318e929 code=0x7ffc0000
[  346.143705][ T5861] usb 1-1: new full-speed USB device number 21 using dummy_hcd
[  346.145211][    T9] gspca_main: sonixj-2.14.0 probing 0c45:614a
[  346.151445][   T30] audit: type=1326 audit(1751637282.416:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8330 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f7bb318e929 code=0x7ffc0000
[  346.191343][   T30] audit: type=1326 audit(1751637282.416:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8330 comm="syz.1.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb318e929 code=0x7ffc0000
[  346.214591][    C0] vkms_vblank_simulate: vblank timer overrun
[  346.312278][ T5861] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  346.323506][ T5861] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  346.340152][ T5861] usb 1-1: New USB device found, idVendor=0125, idProduct=a4a1, bcdDevice= 0.40
[  346.349936][ T5861] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.359103][ T5861] usb 1-1: Product: syz
[  346.365349][ T5861] usb 1-1: Manufacturer: syz
[  346.370049][ T5861] usb 1-1: SerialNumber: syz
[  346.495224][ T5861] cdc_ncm 1-1:1.0: skipping garbage
[  346.539493][ T8328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  346.548192][ T8328] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  346.978339][ T5849] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[  347.014264][ T5849] hid-generic 0000:0000:0000.0013: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  347.178106][ T8360] fido_id[8360]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  347.244864][   T24] usb 3-1: USB disconnect, device number 16
[  347.261460][ T5861] cdc_ncm 1-1:1.0: failed GET_NTB_PARAMETERS
[  347.280537][ T5861] cdc_ncm 1-1:1.0: bind() failure
[  347.420677][ T5849] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  347.591614][ T5849] usb 4-1: Using ep0 maxpacket: 32
[  347.630454][ T5849] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  347.690051][ T5849] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  347.765788][ T5849] usb 4-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice=d2.a2
[  347.832557][ T5849] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.896084][ T5849] usb 4-1: Product: syz
[  347.929535][ T5849] usb 4-1: Manufacturer: syz
[  347.963447][ T5849] usb 4-1: SerialNumber: syz
[  348.029287][ T5849] usb 4-1: config 0 descriptor??
[  348.115892][ T5849] keyspan 4-1:0.0: Keyspan 1 port adapter converter detected
[  348.190163][ T5849] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 87
[  348.270976][ T5849] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 7
[  348.405418][ T5849] keyspan 4-1:0.0: unsupported endpoint type 0
[  348.456548][ T5849] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 1
[  348.538593][ T5849] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 2
[  348.574322][ T5849] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 85
[  348.596177][ T5849] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 5
[  348.633265][ T5849] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  348.692218][ T5849] usb 4-1: USB disconnect, device number 20
[  348.726797][ T5849] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  348.778622][ T5849] keyspan 4-1:0.0: device disconnected
[  348.800834][   T24] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  348.828104][ T8393] sp0: Synchronizing with TNC
[  348.866016][ T5861] usb 1-1: USB disconnect, device number 21
[  348.974051][   T24] usb 5-1: config 0 has an invalid interface number: 50 but max is 0
[  348.983868][   T24] usb 5-1: config 0 has no interface number 0
[  348.997256][   T24] usb 5-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  349.024465][   T24] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  349.035799][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.047522][   T24] usb 5-1: Product: syz
[  349.051818][   T24] usb 5-1: Manufacturer: syz
[  349.056634][   T24] usb 5-1: SerialNumber: syz
[  349.081274][   T24] usb 5-1: config 0 descriptor??
[  349.103118][   T24] yurex 5-1:0.50: USB YUREX device now attached to Yurex #0
[  349.256010][ T2025] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  349.303264][    C1] yurex 5-1:0.50: yurex_interrupt - overflow with length 8, actual length is 8
[  349.340913][   T24] IPVS: starting estimator thread 0...
[  349.440922][ T8404] IPVS: using max 43 ests per chain, 103200 per kthread
[  349.545485][ T2025] usb 4-1: Using ep0 maxpacket: 16
[  349.558574][ T8380] [U] è
[  352.125163][ T2025] usb 4-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  352.134374][ T2025] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.213428][ T2025] usb 4-1: config 0 descriptor??
[  352.234798][ T5861] usb 5-1: USB disconnect, device number 12
[  352.239578][ T2025] usb 4-1: can't set config #0, error -71
[  352.279113][ T5861] yurex 5-1:0.50: USB YUREX #0 now disconnected
[  352.287446][ T2025] usb 4-1: USB disconnect, device number 21
[  352.341427][ T8412] binder: BINDER_SET_CONTEXT_MGR already set
[  352.351935][ T8412] binder: 8409:8412 ioctl 4018620d 200000000040 returned -16
[  352.497055][ T8411] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  352.532165][ T8420] netlink: 8 bytes leftover after parsing attributes in process `syz.1.689'.
[  352.556745][ T8420] netlink: 4 bytes leftover after parsing attributes in process `syz.1.689'.
[  352.562910][ T8422] loop1: detected capacity change from 0 to 2560
[  352.661469][ T8422] Buffer I/O error on dev loop1, logical block 0, async page read
[  352.669800][ T8422] Buffer I/O error on dev loop1, logical block 0, async page read
[  352.686632][ T8422] Buffer I/O error on dev loop1, logical block 0, async page read
[  352.696547][ T8417] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  352.709222][ T8422] Buffer I/O error on dev loop1, logical block 0, async page read
[  352.721034][ T8422] Buffer I/O error on dev loop1, logical block 0, async page read
[  353.186310][ T8411] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  353.193598][ T8422] Buffer I/O error on dev loop1, logical block 0, async page read
[  353.213976][ T8422] Buffer I/O error on dev loop1, logical block 0, async page read
[  353.226793][ T8422] Buffer I/O error on dev loop1, logical block 0, async page read
[  353.235787][ T8422] ldm_validate_partition_table(): Disk read failed.
[  353.244107][ T8422] Buffer I/O error on dev loop1, logical block 0, async page read
[  353.253730][ T8422] Buffer I/O error on dev loop1, logical block 0, async page read
[  353.263468][ T8422] Dev loop1: unable to read RDB block 0
[  353.271262][ T8422]  loop1: unable to read partition table
[  353.278095][ T8422] loop_reread_partitions: partition scan of loop1 (3Ÿ¾‚³˜) failed (rc=-5)
[  353.292100][ T5184] ldm_validate_partition_table(): Disk read failed.
[  353.299246][ T5184] Dev loop1: unable to read RDB block 0
[  353.309402][ T5184]  loop1: unable to read partition table
[  353.315857][ T8431] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  353.356625][ T8431] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  353.570987][ T5872] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  353.637448][ T8437] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  353.646545][ T8437] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  353.655473][ T8437] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  353.664233][ T8437] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  353.675253][ T8437] vxlan0: entered promiscuous mode
[  353.696336][ T8437] vxlan0: entered allmulticast mode
[  353.737712][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  353.758861][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  353.810750][ T5872] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  353.842993][ T5872] usb 2-1: New USB device found, idVendor=12ba, idProduct=0100, bcdDevice= 0.00
[  353.879615][ T5872] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  353.928159][ T5872] usb 2-1: config 0 descriptor??
[  354.179365][ T5872] usbhid 2-1:0.0: can't add hid device: -71
[  354.296783][ T5872] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  354.397123][ T5872] usb 2-1: USB disconnect, device number 18
[  356.738107][   T24] IPVS: starting estimator thread 0...
[  357.203179][   T24] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  357.324059][ T8479] IPVS: using max 74 ests per chain, 177600 per kthread
[  360.460711][   T24] usb 4-1: device descriptor read/64, error -71
[  362.070610][    C0] sched: DL replenish lagged too much
[  378.105470][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  378.111891][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  379.160666][   T30] kauditd_printk_skb: 54 callbacks suppressed
[  379.160687][   T30] audit: type=1400 audit(1751637315.746:649): avc:  denied  { getopt } for  pid=8489 comm="syz.1.706" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  387.953268][   T30] audit: type=1400 audit(1751637324.546:650): avc:  denied  { watch } for  pid=8496 comm="syz.1.711" path="/134/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=778 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  388.189886][ T2025] libceph: connect (1)[c::]:6789 error -101
[  388.400217][ T2025] libceph: mon0 (1)[c::]:6789 connect error
[  388.532811][ T5827] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  388.543490][ T5827] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  388.555174][ T8508] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  388.564229][ T8508] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  388.573040][ T8508] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  388.582214][ T8508] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  388.614435][ T8510] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  388.652302][ T8497] ceph: No mds server is up or the cluster is laggy
[  388.683037][ T8510] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  388.731007][ T8510] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  388.739575][ T8510] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  388.765888][   T30] audit: type=1400 audit(1751637325.026:651): avc:  denied  { bind } for  pid=8496 comm="syz.1.711" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  388.792102][   T30] audit: type=1400 audit(1751637325.186:652): avc:  denied  { mounton } for  pid=8501 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  389.086560][ T8510] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  389.099039][ T8510] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  389.107799][ T8510] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  389.116843][ T8510] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  389.125352][ T8510] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  389.240626][ T5135] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  389.249513][ T5135] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  389.259747][ T5135] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  389.268461][ T5135] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  389.280164][ T5135] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  390.651586][ T5135] Bluetooth: hci6: command tx timeout
[  390.837464][ T5135] Bluetooth: hci5: command tx timeout
[  391.220757][ T5135] Bluetooth: hci3: command tx timeout
[  391.370821][ T5135] Bluetooth: hci7: command tx timeout
[  391.520818][ T5961] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  391.700697][ T5961] usb 2-1: Using ep0 maxpacket: 8
[  391.716014][ T5961] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  391.734725][ T5961] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.744812][ T5961] usb 2-1: Product: syz
[  391.748992][ T5961] usb 2-1: Manufacturer: syz
[  391.770677][ T5961] usb 2-1: SerialNumber: syz
[  391.791184][ T5961] usb 2-1: config 0 descriptor??
[  391.809053][ T5961] gspca_main: sq930x-2.14.0 probing 2770:930c
[  392.057442][ T8501] chnl_net:caif_netlink_parms(): no params data found
[  392.172608][ T8514] chnl_net:caif_netlink_parms(): no params data found
[  392.245667][ T8500] chnl_net:caif_netlink_parms(): no params data found
[  392.334293][ T8513] chnl_net:caif_netlink_parms(): no params data found
[  392.681066][ T8501] bridge0: port 1(bridge_slave_0) entered blocking state
[  392.688607][ T8501] bridge0: port 1(bridge_slave_0) entered disabled state
[  392.701417][ T8501] bridge_slave_0: entered allmulticast mode
[  392.717439][ T8501] bridge_slave_0: entered promiscuous mode
[  392.743699][ T5135] Bluetooth: hci6: command tx timeout
[  392.813947][ T8501] bridge0: port 2(bridge_slave_1) entered blocking state
[  392.826290][ T8501] bridge0: port 2(bridge_slave_1) entered disabled state
[  392.834740][ T8501] bridge_slave_1: entered allmulticast mode
[  392.846453][ T8501] bridge_slave_1: entered promiscuous mode
[  392.895839][ T5135] Bluetooth: hci5: command tx timeout
[  393.070869][ T5961] gspca_sq930x: reg_w 0105 0c00 failed -71
[  393.076784][ T5961] sq930x 2-1:0.0: probe with driver sq930x failed with error -71
[  393.094309][ T8501] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  393.119289][ T5961] usb 2-1: USB disconnect, device number 19
[  393.257398][ T8514] bridge0: port 1(bridge_slave_0) entered blocking state
[  393.269633][ T8514] bridge0: port 1(bridge_slave_0) entered disabled state
[  393.277255][ T8514] bridge_slave_0: entered allmulticast mode
[  393.289167][ T8514] bridge_slave_0: entered promiscuous mode
[  393.298283][ T5135] Bluetooth: hci3: command tx timeout
[  393.364226][ T8501] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  393.376791][ T8513] bridge0: port 1(bridge_slave_0) entered blocking state
[  393.394094][ T8513] bridge0: port 1(bridge_slave_0) entered disabled state
[  393.403806][ T8513] bridge_slave_0: entered allmulticast mode
[  393.416076][ T8513] bridge_slave_0: entered promiscuous mode
[  393.446708][ T8514] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.454087][ T5135] Bluetooth: hci7: command tx timeout
[  393.462310][ T8514] bridge0: port 2(bridge_slave_1) entered disabled state
[  393.469574][ T8514] bridge_slave_1: entered allmulticast mode
[  393.480559][ T8514] bridge_slave_1: entered promiscuous mode
[  393.529100][ T8500] bridge0: port 1(bridge_slave_0) entered blocking state
[  393.549269][ T8500] bridge0: port 1(bridge_slave_0) entered disabled state
[  393.560853][ T8500] bridge_slave_0: entered allmulticast mode
[  393.568232][ T8500] bridge_slave_0: entered promiscuous mode
[  393.728136][ T8513] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.764925][ T8513] bridge0: port 2(bridge_slave_1) entered disabled state
[  393.791660][ T8513] bridge_slave_1: entered allmulticast mode
[  393.820390][ T8513] bridge_slave_1: entered promiscuous mode
[  393.919259][ T8514] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  393.958466][ T8500] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.978456][ T8500] bridge0: port 2(bridge_slave_1) entered disabled state
[  394.101564][ T8500] bridge_slave_1: entered allmulticast mode
[  394.115327][ T8500] bridge_slave_1: entered promiscuous mode
[  394.126701][ T8501] team0: Port device team_slave_0 added
[  394.184728][ T8514] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  394.242339][ T8501] team0: Port device team_slave_1 added
[  394.297862][ T8513] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  394.419711][ T8500] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  394.538622][ T8513] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  394.648670][ T8500] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  394.920693][ T5135] Bluetooth: hci6: command tx timeout
[  394.971221][ T5135] Bluetooth: hci5: command tx timeout
[  395.313664][ T8501] batman_adv: batadv0: Adding interface: batadv_slave_0
[  395.324878][ T8501] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  395.357500][ T8501] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  395.371385][ T5135] Bluetooth: hci3: command tx timeout
[  395.423704][ T8514] team0: Port device team_slave_0 added
[  395.520214][ T8501] batman_adv: batadv0: Adding interface: batadv_slave_1
[  395.529700][ T8501] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  395.556277][ T5135] Bluetooth: hci7: command tx timeout
[  395.566907][ T8501] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  395.585969][ T8514] team0: Port device team_slave_1 added
[  395.596207][ T8513] team0: Port device team_slave_0 added
[  395.727718][ T8513] team0: Port device team_slave_1 added
[  395.780442][ T8500] team0: Port device team_slave_0 added
[  395.970418][ T8500] team0: Port device team_slave_1 added
[  396.034055][ T8501] hsr_slave_0: entered promiscuous mode
[  396.040555][ T8501] hsr_slave_1: entered promiscuous mode
[  396.053821][ T8501] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  396.068010][ T8501] Cannot create hsr debugfs directory
[  396.078444][ T8514] batman_adv: batadv0: Adding interface: batadv_slave_0
[  396.092029][ T8514] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  396.123305][ T8514] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  396.137526][ T8513] batman_adv: batadv0: Adding interface: batadv_slave_0
[  396.147735][ T8513] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  396.188665][ T8513] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  396.283185][ T8514] batman_adv: batadv0: Adding interface: batadv_slave_1
[  396.297210][ T8514] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  396.338013][ T8514] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  396.353710][ T8513] batman_adv: batadv0: Adding interface: batadv_slave_1
[  396.362953][ T8513] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  396.427953][ T8513] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  396.762011][ T8500] batman_adv: batadv0: Adding interface: batadv_slave_0
[  396.789352][ T8500] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  396.829036][ T8500] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  396.929417][ T8500] batman_adv: batadv0: Adding interface: batadv_slave_1
[  396.937218][ T8500] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  396.971633][ T5135] Bluetooth: hci6: command tx timeout
[  397.041604][ T8500] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  397.056567][ T5135] Bluetooth: hci5: command tx timeout
[  397.165832][ T8514] hsr_slave_0: entered promiscuous mode
[  397.173965][ T8514] hsr_slave_1: entered promiscuous mode
[  397.180164][ T8514] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  397.195534][ T8514] Cannot create hsr debugfs directory
[  397.242548][ T8513] hsr_slave_0: entered promiscuous mode
[  397.282880][ T8513] hsr_slave_1: entered promiscuous mode
[  397.289111][ T8513] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  397.310042][ T8513] Cannot create hsr debugfs directory
[  397.451028][ T5135] Bluetooth: hci3: command tx timeout
[  397.610846][ T5135] Bluetooth: hci7: command tx timeout
[  397.946806][ T8500] hsr_slave_0: entered promiscuous mode
[  397.953954][ T8500] hsr_slave_1: entered promiscuous mode
[  397.960140][ T8500] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  397.982695][ T8500] Cannot create hsr debugfs directory
[  399.430378][ T8501] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  399.457999][ T8501] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  403.955262][ T8501] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  404.224351][ T8501] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  404.504961][ T6185] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  404.537603][ T8514] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  404.616274][ T8514] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  404.640252][ T8514] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  404.668925][ T8514] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  405.688166][ T8501] 8021q: adding VLAN 0 to HW filter on device bond0
[  406.507365][ T8500] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  407.122601][ T8500] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  407.646870][ T8500] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  407.684090][ T8500] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  407.774725][ T8501] 8021q: adding VLAN 0 to HW filter on device team0
[  408.066112][ T8513] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  408.101898][ T8407] bridge0: port 1(bridge_slave_0) entered blocking state
[  408.109097][ T8407] bridge0: port 1(bridge_slave_0) entered forwarding state
[  408.129710][ T8407] bridge0: port 2(bridge_slave_1) entered blocking state
[  408.136884][ T8407] bridge0: port 2(bridge_slave_1) entered forwarding state
[  408.161159][ T8513] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  408.225326][ T8514] 8021q: adding VLAN 0 to HW filter on device bond0
[  408.241588][ T8513] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  408.329435][ T8513] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  408.361757][ T8514] 8021q: adding VLAN 0 to HW filter on device team0
[  408.773170][ T8407] bridge0: port 1(bridge_slave_0) entered blocking state
[  408.780342][ T8407] bridge0: port 1(bridge_slave_0) entered forwarding state
[  408.795055][ T8407] bridge0: port 2(bridge_slave_1) entered blocking state
[  408.802413][ T8407] bridge0: port 2(bridge_slave_1) entered forwarding state
[  408.936821][ T8500] 8021q: adding VLAN 0 to HW filter on device bond0
[  409.085767][ T8500] 8021q: adding VLAN 0 to HW filter on device team0
[  409.194606][ T8407] bridge0: port 1(bridge_slave_0) entered blocking state
[  409.201780][ T8407] bridge0: port 1(bridge_slave_0) entered forwarding state
[  409.424630][ T8513] 8021q: adding VLAN 0 to HW filter on device bond0
[  409.656192][   T71] bridge0: port 2(bridge_slave_1) entered blocking state
[  409.663368][   T71] bridge0: port 2(bridge_slave_1) entered forwarding state
[  410.166127][ T8513] 8021q: adding VLAN 0 to HW filter on device team0
[  410.228918][ T8501] 8021q: adding VLAN 0 to HW filter on device batadv0
[  410.461221][   T71] bridge0: port 1(bridge_slave_0) entered blocking state
[  410.468362][   T71] bridge0: port 1(bridge_slave_0) entered forwarding state
[  410.679341][   T71] bridge0: port 2(bridge_slave_1) entered blocking state
[  410.686556][   T71] bridge0: port 2(bridge_slave_1) entered forwarding state
[  413.047591][ T8514] 8021q: adding VLAN 0 to HW filter on device batadv0
[  413.450912][   T48] usb 2-1: new full-speed USB device number 20 using dummy_hcd
[  413.679946][   T48] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[  413.755416][   T48] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  413.794785][   T48] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[  413.852372][   T48] usb 2-1: config 1 has no interface number 0
[  413.914213][   T48] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  413.989554][ T8501] veth0_vlan: entered promiscuous mode
[  414.030973][   T48] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  414.082968][   T48] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  414.118455][ T8501] veth1_vlan: entered promiscuous mode
[  414.139921][   T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.236007][   T48] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[  414.275984][ T8500] 8021q: adding VLAN 0 to HW filter on device batadv0
[  414.330095][ T8501] veth0_macvtap: entered promiscuous mode
[  414.400760][ T8513] 8021q: adding VLAN 0 to HW filter on device batadv0
[  414.444397][ T8501] veth1_macvtap: entered promiscuous mode
[  414.782256][   T48] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[  414.848414][ T8501] batman_adv: batadv0: Interface activated: batadv_slave_0
[  414.904734][ T8501] batman_adv: batadv0: Interface activated: batadv_slave_1
[  415.014925][ T8501] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  415.086015][ T8501] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  415.115489][   T48] usb 2-1: USB disconnect, device number 20
[  415.150435][ T8501] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  415.161216][   T48] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[  415.201965][ T8501] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  415.314879][ T8514] veth0_vlan: entered promiscuous mode
[  415.422661][ T8514] veth1_vlan: entered promiscuous mode
[  415.799329][ T6185] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  416.469773][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  416.484989][ T8514] veth0_macvtap: entered promiscuous mode
[  416.504609][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  416.598894][ T8514] veth1_macvtap: entered promiscuous mode
[  416.635440][ T8513] veth0_vlan: entered promiscuous mode
[  416.803339][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  416.851842][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  416.859419][ T8513] veth1_vlan: entered promiscuous mode
[  416.914794][ T8514] batman_adv: batadv0: Interface activated: batadv_slave_0
[  417.495921][ T8513] veth0_macvtap: entered promiscuous mode
[  417.510108][ T8513] veth1_macvtap: entered promiscuous mode
[  417.562543][ T8500] veth0_vlan: entered promiscuous mode
[  417.649831][ T8514] batman_adv: batadv0: Interface activated: batadv_slave_1
[  417.685647][ T8513] batman_adv: batadv0: Interface activated: batadv_slave_0
[  417.886018][ T8514] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  417.935140][ T8514] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  417.969214][ T8514] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  417.990213][   T30] audit: type=1400 audit(1751637354.576:653): avc:  denied  { bind } for  pid=8676 comm="syz.1.728" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  418.019400][ T8514] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  418.064212][ T8513] batman_adv: batadv0: Interface activated: batadv_slave_1
[  418.101235][   T30] audit: type=1400 audit(1751637354.576:654): avc:  denied  { name_bind } for  pid=8676 comm="syz.1.728" src=2048 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  418.148881][ T8500] veth1_vlan: entered promiscuous mode
[  418.209607][   T30] audit: type=1400 audit(1751637354.576:655): avc:  denied  { node_bind } for  pid=8676 comm="syz.1.728" saddr=172.20.20.170 src=2048 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  418.295344][ T8513] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  418.324256][ T8513] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  418.348413][ T8513] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  418.376623][ T8513] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  419.286644][ T8500] veth0_macvtap: entered promiscuous mode
[  419.404314][ T8500] veth1_macvtap: entered promiscuous mode
[  419.625474][ T8500] batman_adv: batadv0: Interface activated: batadv_slave_0
[  419.634771][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  419.658831][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  419.727060][ T8500] batman_adv: batadv0: Interface activated: batadv_slave_1
[  419.752473][   T30] audit: type=1400 audit(1751637356.346:656): avc:  denied  { accept } for  pid=8692 comm="syz.1.730" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  419.787720][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  419.810153][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  419.841468][ T8500] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  419.888793][ T8500] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  419.912790][ T8500] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  419.965054][ T8500] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  420.119412][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  420.158233][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  420.193527][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  420.219370][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  420.645732][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  420.727067][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  421.000709][ T5911] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  421.026126][ T5911] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  424.389108][ T6185] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  426.407379][ T8721] overlayfs: missing 'lowerdir'
[  434.872954][ T8728] netlink: 180 bytes leftover after parsing attributes in process `syz.5.734'.
[  439.551214][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  439.557629][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  444.273109][ T6185] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.620734][ T8732] netlink: 20 bytes leftover after parsing attributes in process `syz.6.736'.
[  457.796141][ T6185] bridge_slave_1: left allmulticast mode
[  457.850831][ T6185] bridge_slave_1: left promiscuous mode
[  457.857900][ T6185] bridge0: port 2(bridge_slave_1) entered disabled state
[  458.477620][ T8510] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  458.487350][ T8510] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  458.499695][ T8510] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  458.507711][ T8510] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  458.515611][ T8510] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  459.371807][ T6185] bridge_slave_0: left allmulticast mode
[  459.377514][ T6185] bridge_slave_0: left promiscuous mode
[  459.525522][ T8510] Bluetooth: hci5: ISO packet for unknown connection handle 2560
[  459.668222][ T6185] bridge0: port 1(bridge_slave_0) entered disabled state
[  459.981467][ T5135] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  459.998012][ T5135] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  460.009231][ T5135] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  460.021330][ T5135] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  460.028978][ T5135] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  461.451245][ T5135] Bluetooth: hci0: command tx timeout
[  461.989498][ T8510] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  462.000690][ T8510] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  462.009283][ T8510] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  462.017713][ T8510] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  462.034283][ T8510] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  462.090727][ T8510] Bluetooth: hci1: command tx timeout
[  463.150948][ T5961] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  463.530951][ T5135] Bluetooth: hci0: command tx timeout
[  464.140694][ T5961] usb 9-1: Using ep0 maxpacket: 32
[  464.174922][ T5135] Bluetooth: hci1: command tx timeout
[  464.211662][ T5961] usb 9-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  464.260978][ T5961] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.303776][ T5961] usb 9-1: Product: syz
[  464.307965][ T5961] usb 9-1: Manufacturer: syz
[  464.469568][ T5961] usb 9-1: SerialNumber: syz
[  464.508815][ T5961] usb 9-1: config 0 descriptor??
[  464.650943][ T5135] Bluetooth: hci2: command tx timeout
[  464.958245][ T5961] airspy 9-1:0.0: Board ID: 00
[  464.973165][ T5961] airspy 9-1:0.0: Firmware version: 
[  465.610903][ T5135] Bluetooth: hci0: command tx timeout
[  466.269027][ T5135] Bluetooth: hci1: command tx timeout
[  466.655217][ T5961] airspy 9-1:0.0: Registered as swradio24
[  466.680831][ T5961] airspy 9-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  466.708188][ T8802] netlink: 4 bytes leftover after parsing attributes in process `syz.5.749'.
[  466.731288][ T5135] Bluetooth: hci2: command tx timeout
[  466.792662][ T8804] netlink: 12 bytes leftover after parsing attributes in process `syz.5.749'.
[  467.720701][ T5135] Bluetooth: hci0: command tx timeout
[  467.803301][ T5849] usb 9-1: USB disconnect, device number 2
[  468.331991][ T5135] Bluetooth: hci1: command tx timeout
[  468.815029][ T5135] Bluetooth: hci2: command tx timeout
[  474.298163][ T5135] Bluetooth: hci2: command tx timeout
[  497.155286][ T6185] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  497.251405][ T6185] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  497.326659][ T6185] bond0 (unregistering): Released all slaves
[  500.974772][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  500.981236][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  502.102428][ T8510] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  502.115214][ T8510] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  502.124050][ T8510] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  502.158952][ T8510] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  502.173452][ T8510] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  502.693291][ T5135] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  502.751141][ T5135] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  502.760250][ T5135] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  502.771032][ T5135] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  502.779866][ T5135] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  505.230812][ T5135] Bluetooth: hci3: command tx timeout
[  505.237013][ T5135] Bluetooth: hci4: command tx timeout
[  514.570646][ T5135] Bluetooth: hci4: command tx timeout
[  514.576147][ T5135] Bluetooth: hci3: command tx timeout
[  517.107787][ T8508] Bluetooth: hci5: command 0x0406 tx timeout
[  517.114033][ T5811] Bluetooth: hci4: command tx timeout
[  517.120656][ T8510] Bluetooth: hci3: command tx timeout
[  518.239027][ T8508] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  518.266936][ T8508] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  518.277383][ T8508] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  518.285673][ T8508] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  518.293771][ T8508] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  518.622062][ T8508] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  518.634192][ T8508] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  518.642559][ T8508] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  518.650432][ T8508] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  518.662053][ T8508] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  518.731787][ T5135] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  518.744378][ T5135] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  518.753638][ T5135] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  518.767722][ T5135] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  518.776627][ T5135] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  519.130908][ T5135] Bluetooth: hci3: command tx timeout
[  519.210943][ T5135] Bluetooth: hci4: command tx timeout
[  520.331185][ T5135] Bluetooth: hci6: command tx timeout
[  520.730947][ T5135] Bluetooth: hci7: command tx timeout
[  520.810717][ T5135] Bluetooth: hci8: command tx timeout
[  522.539020][ T5135] Bluetooth: hci6: command tx timeout
[  524.426330][ T5135] Bluetooth: hci7: command tx timeout
[  524.440685][ T8508] Bluetooth: hci8: command tx timeout
[  526.410838][ T5135] Bluetooth: hci6: command tx timeout
[  526.500623][ T8508] Bluetooth: hci7: command tx timeout
[  526.506136][ T8508] Bluetooth: hci8: command tx timeout
[  529.170741][ T8508] Bluetooth: hci6: command tx timeout
[  529.176227][ T8508] Bluetooth: hci8: command tx timeout
[  529.181796][ T5135] Bluetooth: hci7: command tx timeout
[  531.917368][ T8825] chnl_net:caif_netlink_parms(): no params data found
[  532.336735][ T8827] chnl_net:caif_netlink_parms(): no params data found
[  532.414975][ T8838] chnl_net:caif_netlink_parms(): no params data found
[  532.840213][ T8834] chnl_net:caif_netlink_parms(): no params data found
[  533.085296][ T8836] chnl_net:caif_netlink_parms(): no params data found
[  533.255077][ T8825] bridge0: port 1(bridge_slave_0) entered blocking state
[  533.275598][ T8825] bridge0: port 1(bridge_slave_0) entered disabled state
[  533.309921][ T8825] bridge_slave_0: entered allmulticast mode
[  533.336719][ T8825] bridge_slave_0: entered promiscuous mode
[  533.364820][ T8825] bridge0: port 2(bridge_slave_1) entered blocking state
[  533.409500][ T8825] bridge0: port 2(bridge_slave_1) entered disabled state
[  533.435570][ T8825] bridge_slave_1: entered allmulticast mode
[  533.451042][ T8825] bridge_slave_1: entered promiscuous mode
[  533.991786][ T8825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  534.066447][ T8838] bridge0: port 1(bridge_slave_0) entered blocking state
[  534.080681][ T8838] bridge0: port 1(bridge_slave_0) entered disabled state
[  534.088000][ T8838] bridge_slave_0: entered allmulticast mode
[  534.102738][ T8838] bridge_slave_0: entered promiscuous mode
[  534.216078][ T8834] bridge0: port 1(bridge_slave_0) entered blocking state
[  534.245568][ T8834] bridge0: port 1(bridge_slave_0) entered disabled state
[  534.265682][ T8834] bridge_slave_0: entered allmulticast mode
[  534.278433][ T8834] bridge_slave_0: entered promiscuous mode
[  534.295320][ T8825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  534.347990][ T8838] bridge0: port 2(bridge_slave_1) entered blocking state
[  534.359084][ T8838] bridge0: port 2(bridge_slave_1) entered disabled state
[  534.371614][ T8838] bridge_slave_1: entered allmulticast mode
[  534.379191][ T8838] bridge_slave_1: entered promiscuous mode
[  534.439140][ T8827] bridge0: port 1(bridge_slave_0) entered blocking state
[  534.450657][ T8827] bridge0: port 1(bridge_slave_0) entered disabled state
[  534.466027][ T8827] bridge_slave_0: entered allmulticast mode
[  534.480086][ T8827] bridge_slave_0: entered promiscuous mode
[  534.490477][ T8834] bridge0: port 2(bridge_slave_1) entered blocking state
[  534.509745][ T8834] bridge0: port 2(bridge_slave_1) entered disabled state
[  534.519261][ T8834] bridge_slave_1: entered allmulticast mode
[  534.535646][ T8834] bridge_slave_1: entered promiscuous mode
[  534.782300][ T8827] bridge0: port 2(bridge_slave_1) entered blocking state
[  534.789561][ T8827] bridge0: port 2(bridge_slave_1) entered disabled state
[  534.820812][ T8827] bridge_slave_1: entered allmulticast mode
[  534.844121][ T8827] bridge_slave_1: entered promiscuous mode
[  535.158231][ T8825] team0: Port device team_slave_0 added
[  535.210739][ T8825] team0: Port device team_slave_1 added
[  535.239150][ T8838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  535.289824][ T8838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  535.419636][ T8827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  535.480848][ T8834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  536.077245][ T8827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  536.094662][ T8834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  536.158237][ T8836] bridge0: port 1(bridge_slave_0) entered blocking state
[  536.180404][ T8836] bridge0: port 1(bridge_slave_0) entered disabled state
[  536.195713][ T8836] bridge_slave_0: entered allmulticast mode
[  536.205906][ T8836] bridge_slave_0: entered promiscuous mode
[  536.223045][ T8825] batman_adv: batadv0: Adding interface: batadv_slave_0
[  536.230075][ T8825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  536.266230][ T8825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  536.333331][ T8838] team0: Port device team_slave_0 added
[  536.470039][ T8836] bridge0: port 2(bridge_slave_1) entered blocking state
[  536.479963][ T8836] bridge0: port 2(bridge_slave_1) entered disabled state
[  536.496547][ T8836] bridge_slave_1: entered allmulticast mode
[  536.514218][ T8836] bridge_slave_1: entered promiscuous mode
[  536.578813][ T8825] batman_adv: batadv0: Adding interface: batadv_slave_1
[  536.593304][ T8825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  536.628631][ T8825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  536.648187][ T8838] team0: Port device team_slave_1 added
[  536.973720][ T8834] team0: Port device team_slave_0 added
[  537.046884][ T8836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  537.184190][ T8838] batman_adv: batadv0: Adding interface: batadv_slave_0
[  537.200574][ T8838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  537.277443][ T8838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  537.535357][ T8827] team0: Port device team_slave_0 added
[  537.591092][ T8827] team0: Port device team_slave_1 added
[  537.607818][ T8834] team0: Port device team_slave_1 added
[  537.704528][ T8836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  537.909889][ T8838] batman_adv: batadv0: Adding interface: batadv_slave_1
[  537.940575][ T8838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  538.018853][ T8838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  538.453330][ T8834] batman_adv: batadv0: Adding interface: batadv_slave_0
[  538.461516][ T8834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  538.497429][ T8834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  538.528625][ T8834] batman_adv: batadv0: Adding interface: batadv_slave_1
[  538.537844][ T8834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  538.574919][ T8834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  538.600315][ T8836] team0: Port device team_slave_0 added
[  538.617423][ T8825] hsr_slave_0: entered promiscuous mode
[  538.643060][ T8825] hsr_slave_1: entered promiscuous mode
[  538.649313][ T8825] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  538.660562][ T8825] Cannot create hsr debugfs directory
[  538.684341][ T8838] hsr_slave_0: entered promiscuous mode
[  538.698195][ T8838] hsr_slave_1: entered promiscuous mode
[  538.704458][ T8838] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  538.719363][ T8838] Cannot create hsr debugfs directory
[  538.745260][ T8827] batman_adv: batadv0: Adding interface: batadv_slave_0
[  538.759164][ T8827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  538.798106][ T8827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  538.820060][ T8836] team0: Port device team_slave_1 added
[  538.933138][ T8827] batman_adv: batadv0: Adding interface: batadv_slave_1
[  538.940175][ T8827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  538.977998][ T8827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  539.449807][ T8834] hsr_slave_0: entered promiscuous mode
[  539.468214][ T8834] hsr_slave_1: entered promiscuous mode
[  539.475524][ T8834] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  539.489832][ T8834] Cannot create hsr debugfs directory
[  539.556965][ T8836] batman_adv: batadv0: Adding interface: batadv_slave_0
[  539.573178][ T8836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  539.607418][ T8836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  539.626086][ T8836] batman_adv: batadv0: Adding interface: batadv_slave_1
[  539.640637][ T8836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  539.684771][ T8836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  541.962148][ T8827] hsr_slave_0: entered promiscuous mode
[  541.968651][ T8827] hsr_slave_1: entered promiscuous mode
[  541.983171][ T8827] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  541.997622][ T8827] Cannot create hsr debugfs directory
[  542.709723][ T8836] hsr_slave_0: entered promiscuous mode
[  542.737653][ T8836] hsr_slave_1: entered promiscuous mode
[  542.772407][ T8836] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  542.780065][ T8836] Cannot create hsr debugfs directory
[  543.350057][ T8838] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  550.178186][ T5811] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  550.192397][ T5811] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  550.207756][ T5811] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  550.215741][ T5811] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  550.230752][ T5811] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  550.318445][ T8508] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  550.328602][ T8508] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  550.339260][ T8508] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  550.348058][ T8508] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  550.356354][ T8508] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  550.942924][ T8992] chnl_net:caif_netlink_parms(): no params data found
[  551.124084][ T8994] chnl_net:caif_netlink_parms(): no params data found
[  551.486635][ T8992] bridge0: port 1(bridge_slave_0) entered blocking state
[  551.500973][ T8992] bridge0: port 1(bridge_slave_0) entered disabled state
[  551.508223][ T8992] bridge_slave_0: entered allmulticast mode
[  551.529382][ T8992] bridge_slave_0: entered promiscuous mode
[  551.597072][ T8994] bridge0: port 1(bridge_slave_0) entered blocking state
[  551.609425][ T8994] bridge0: port 1(bridge_slave_0) entered disabled state
[  551.623294][ T8994] bridge_slave_0: entered allmulticast mode
[  551.645171][ T8994] bridge_slave_0: entered promiscuous mode
[  551.664539][ T8992] bridge0: port 2(bridge_slave_1) entered blocking state
[  551.678068][ T8992] bridge0: port 2(bridge_slave_1) entered disabled state
[  551.687988][ T8992] bridge_slave_1: entered allmulticast mode
[  551.713115][ T8992] bridge_slave_1: entered promiscuous mode
[  551.720196][ T8994] bridge0: port 2(bridge_slave_1) entered blocking state
[  551.742936][ T8994] bridge0: port 2(bridge_slave_1) entered disabled state
[  551.750331][ T8994] bridge_slave_1: entered allmulticast mode
[  551.778761][ T8994] bridge_slave_1: entered promiscuous mode
[  551.996872][ T8992] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  552.018420][ T8994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  552.036710][ T8994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  552.057844][ T8992] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  552.317264][ T8994] team0: Port device team_slave_0 added
[  552.330970][ T8508] Bluetooth: hci0: command tx timeout
[  552.411258][ T8508] Bluetooth: hci5: command tx timeout
[  552.423790][ T8994] team0: Port device team_slave_1 added
[  552.507344][ T8992] team0: Port device team_slave_0 added
[  552.578335][ T8994] batman_adv: batadv0: Adding interface: batadv_slave_0
[  552.587813][ T8994] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  552.622414][ T8994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  552.647677][ T8992] team0: Port device team_slave_1 added
[  552.675465][ T8994] batman_adv: batadv0: Adding interface: batadv_slave_1
[  552.687607][ T8994] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  552.723926][ T8994] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  552.879047][ T8992] batman_adv: batadv0: Adding interface: batadv_slave_0
[  552.890371][ T8992] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  552.924851][ T8992] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  553.129728][ T8992] batman_adv: batadv0: Adding interface: batadv_slave_1
[  553.149154][ T8992] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  553.186796][ T8992] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  553.289358][ T8994] hsr_slave_0: entered promiscuous mode
[  553.296525][ T8994] hsr_slave_1: entered promiscuous mode
[  553.315523][ T8994] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  553.333659][ T8994] Cannot create hsr debugfs directory
[  553.538886][ T8992] hsr_slave_0: entered promiscuous mode
[  553.554690][ T8992] hsr_slave_1: entered promiscuous mode
[  553.565551][ T8992] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  553.579939][ T8992] Cannot create hsr debugfs directory
[  554.410825][ T8508] Bluetooth: hci0: command tx timeout
[  554.490973][ T8508] Bluetooth: hci5: command tx timeout
[  556.491049][ T8508] Bluetooth: hci0: command tx timeout
[  556.570818][ T8508] Bluetooth: hci5: command tx timeout
[  557.592811][ T8838] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  558.570857][ T8508] Bluetooth: hci0: command tx timeout
[  558.651233][ T8508] Bluetooth: hci5: command tx timeout
[  562.429176][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  562.438148][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  562.506418][ T5811] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  562.515545][ T5811] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  562.525153][ T5811] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  562.533509][ T5811] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  562.541451][ T5811] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  562.950453][ T9142] chnl_net:caif_netlink_parms(): no params data found
[  563.257900][ T9142] bridge0: port 1(bridge_slave_0) entered blocking state
[  563.273181][ T9142] bridge0: port 1(bridge_slave_0) entered disabled state
[  563.280501][ T9142] bridge_slave_0: entered allmulticast mode
[  563.315771][ T9142] bridge_slave_0: entered promiscuous mode
[  563.338599][ T9142] bridge0: port 2(bridge_slave_1) entered blocking state
[  563.349547][ T9142] bridge0: port 2(bridge_slave_1) entered disabled state
[  563.364834][ T9142] bridge_slave_1: entered allmulticast mode
[  563.384426][ T9142] bridge_slave_1: entered promiscuous mode
[  563.556343][ T9142] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  563.587049][ T9142] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  563.746953][ T9142] team0: Port device team_slave_0 added
[  563.765517][ T9142] team0: Port device team_slave_1 added
[  563.890856][ T9142] batman_adv: batadv0: Adding interface: batadv_slave_0
[  563.897838][ T9142] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  563.946640][ T9142] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  564.033623][ T9142] batman_adv: batadv0: Adding interface: batadv_slave_1
[  564.054413][ T9142] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  564.094369][ T9142] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  564.251444][ T9142] hsr_slave_0: entered promiscuous mode
[  564.258023][ T9142] hsr_slave_1: entered promiscuous mode
[  564.280824][ T9142] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  564.290357][ T9142] Cannot create hsr debugfs directory
[  564.575265][ T8508] Bluetooth: hci9: command tx timeout
[  566.654920][ T8508] Bluetooth: hci9: command tx timeout
[  568.734841][ T8508] Bluetooth: hci9: command tx timeout
[  570.810938][ T8508] Bluetooth: hci9: command tx timeout
[  576.717705][ T5811] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  576.728896][ T5811] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  576.737869][ T5811] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  576.747028][ T5811] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  576.756714][ T5811] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  577.198747][ T9164] chnl_net:caif_netlink_parms(): no params data found
[  577.522319][ T9164] bridge0: port 1(bridge_slave_0) entered blocking state
[  577.529453][ T9164] bridge0: port 1(bridge_slave_0) entered disabled state
[  577.588209][ T9164] bridge_slave_0: entered allmulticast mode
[  577.612052][ T9164] bridge_slave_0: entered promiscuous mode
[  577.718665][ T8838] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.792383][ T9164] bridge0: port 2(bridge_slave_1) entered blocking state
[  577.799587][ T9164] bridge0: port 2(bridge_slave_1) entered disabled state
[  577.832070][ T9164] bridge_slave_1: entered allmulticast mode
[  577.839738][ T9164] bridge_slave_1: entered promiscuous mode
[  577.993966][ T8508] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  578.003592][ T8508] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  578.014551][ T8508] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  578.023078][ T8508] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  578.032209][ T8508] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  578.684995][ T9164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  578.719792][ T9164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  578.810893][ T8508] Bluetooth: hci10: command tx timeout
[  578.863118][ T9164] team0: Port device team_slave_0 added
[  578.919223][ T9164] team0: Port device team_slave_1 added
[  579.096894][ T9164] batman_adv: batadv0: Adding interface: batadv_slave_0
[  579.116862][ T9164] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  579.156801][ T9164] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  579.190193][ T9164] batman_adv: batadv0: Adding interface: batadv_slave_1
[  579.215733][ T9164] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  579.253292][ T9164] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  579.516023][ T9164] hsr_slave_0: entered promiscuous mode
[  579.535115][ T9164] hsr_slave_1: entered promiscuous mode
[  579.552218][ T9164] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  579.568938][ T9164] Cannot create hsr debugfs directory
[  579.785929][ T9177] chnl_net:caif_netlink_parms(): no params data found
[  580.091404][ T8508] Bluetooth: hci11: command tx timeout
[  580.257711][ T9177] bridge0: port 1(bridge_slave_0) entered blocking state
[  580.274349][ T9177] bridge0: port 1(bridge_slave_0) entered disabled state
[  580.287348][ T9177] bridge_slave_0: entered allmulticast mode
[  580.308706][ T9177] bridge_slave_0: entered promiscuous mode
[  580.339192][ T9177] bridge0: port 2(bridge_slave_1) entered blocking state
[  580.353000][ T9177] bridge0: port 2(bridge_slave_1) entered disabled state
[  580.360421][ T9177] bridge_slave_1: entered allmulticast mode
[  580.377381][ T9177] bridge_slave_1: entered promiscuous mode
[  580.479659][ T9177] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  580.499270][ T9177] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  580.632906][ T9177] team0: Port device team_slave_0 added
[  580.651042][ T9177] team0: Port device team_slave_1 added
[  580.757167][ T9177] batman_adv: batadv0: Adding interface: batadv_slave_0
[  580.777041][ T9177] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  580.826261][ T9177] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  580.848573][ T9177] batman_adv: batadv0: Adding interface: batadv_slave_1
[  580.859396][ T9177] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  580.893803][ T8508] Bluetooth: hci10: command tx timeout
[  580.913040][ T9177] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  581.159468][ T9177] hsr_slave_0: entered promiscuous mode
[  581.176280][ T9177] hsr_slave_1: entered promiscuous mode
[  581.188014][ T9177] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  581.201182][ T9177] Cannot create hsr debugfs directory
[  582.170728][ T8508] Bluetooth: hci11: command tx timeout
[  582.971063][ T8510] Bluetooth: hci10: command tx timeout
[  584.255603][ T8510] Bluetooth: hci11: command tx timeout
[  584.980929][ T8510] Bluetooth: hci1: command 0x0406 tx timeout
[  584.986982][ T8510] Bluetooth: hci2: command 0x0406 tx timeout
[  585.061033][ T8510] Bluetooth: hci10: command tx timeout
[  586.331377][ T8508] Bluetooth: hci11: command tx timeout
[  595.170304][ T8838] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  609.999852][ T5811] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  610.009115][ T5811] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  610.017817][ T5811] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  610.048270][ T5811] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  610.056401][ T5811] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  611.038476][ T8508] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  611.048144][ T8508] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  611.057263][ T8508] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  611.065943][ T8508] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  611.084411][ T8508] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  612.090810][ T8508] Bluetooth: hci1: command tx timeout
[  613.130995][ T8508] Bluetooth: hci2: command tx timeout
[  614.170966][ T8508] Bluetooth: hci1: command tx timeout
[  615.210813][ T8508] Bluetooth: hci2: command tx timeout
[  616.250923][ T8508] Bluetooth: hci1: command tx timeout
[  617.290902][ T8508] Bluetooth: hci2: command tx timeout
[  617.753882][ T9306] chnl_net:caif_netlink_parms(): no params data found
[  617.828032][ T9301] chnl_net:caif_netlink_parms(): no params data found
[  618.237404][ T9306] bridge0: port 1(bridge_slave_0) entered blocking state
[  618.253046][ T9306] bridge0: port 1(bridge_slave_0) entered disabled state
[  618.260361][ T9306] bridge_slave_0: entered allmulticast mode
[  618.279846][ T9306] bridge_slave_0: entered promiscuous mode
[  618.331154][ T8508] Bluetooth: hci1: command tx timeout
[  618.348291][ T9306] bridge0: port 2(bridge_slave_1) entered blocking state
[  618.363320][ T9306] bridge0: port 2(bridge_slave_1) entered disabled state
[  618.379488][ T9306] bridge_slave_1: entered allmulticast mode
[  618.396162][ T9306] bridge_slave_1: entered promiscuous mode
[  618.417654][ T9301] bridge0: port 1(bridge_slave_0) entered blocking state
[  618.437155][ T9301] bridge0: port 1(bridge_slave_0) entered disabled state
[  618.455196][ T9301] bridge_slave_0: entered allmulticast mode
[  618.473644][ T9301] bridge_slave_0: entered promiscuous mode
[  618.564327][ T9301] bridge0: port 2(bridge_slave_1) entered blocking state
[  618.580801][ T9301] bridge0: port 2(bridge_slave_1) entered disabled state
[  618.599862][ T9301] bridge_slave_1: entered allmulticast mode
[  618.612348][ T9301] bridge_slave_1: entered promiscuous mode
[  618.806270][ T9301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  618.832861][ T9306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  618.863734][ T9306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  618.886452][ T9301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  619.151148][ T9301] team0: Port device team_slave_0 added
[  619.261972][ T9306] team0: Port device team_slave_0 added
[  619.272734][ T9301] team0: Port device team_slave_1 added
[  619.347132][ T9306] team0: Port device team_slave_1 added
[  619.371563][ T8508] Bluetooth: hci2: command tx timeout
[  619.451214][ T9301] batman_adv: batadv0: Adding interface: batadv_slave_0
[  619.458191][ T9301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  619.508197][ T9301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  619.586798][ T9301] batman_adv: batadv0: Adding interface: batadv_slave_1
[  619.605551][ T9301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  619.650763][ T9301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  619.761731][ T9306] batman_adv: batadv0: Adding interface: batadv_slave_0
[  619.769087][ T9306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  619.813398][ T9306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  619.839377][ T9306] batman_adv: batadv0: Adding interface: batadv_slave_1
[  619.849848][ T9306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  619.894808][ T9306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  620.136235][ T9301] hsr_slave_0: entered promiscuous mode
[  620.154397][ T9301] hsr_slave_1: entered promiscuous mode
[  620.171276][ T9301] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  620.178870][ T9301] Cannot create hsr debugfs directory
[  620.313716][ T9306] hsr_slave_0: entered promiscuous mode
[  620.320298][ T9306] hsr_slave_1: entered promiscuous mode
[  620.348761][ T9306] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  620.360542][ T9306] Cannot create hsr debugfs directory
[  623.272741][ T5811] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  623.283013][ T5811] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  623.292521][ T5811] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  623.300284][ T5811] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  623.312224][ T5811] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  623.724917][ T9321] chnl_net:caif_netlink_parms(): no params data found
[  623.870489][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  623.892916][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  624.076862][ T9321] bridge0: port 1(bridge_slave_0) entered blocking state
[  624.090268][ T9321] bridge0: port 1(bridge_slave_0) entered disabled state
[  624.103872][ T9321] bridge_slave_0: entered allmulticast mode
[  624.123819][ T9321] bridge_slave_0: entered promiscuous mode
[  624.136245][ T9321] bridge0: port 2(bridge_slave_1) entered blocking state
[  624.158678][ T9321] bridge0: port 2(bridge_slave_1) entered disabled state
[  624.180901][ T9321] bridge_slave_1: entered allmulticast mode
[  624.198934][ T9321] bridge_slave_1: entered promiscuous mode
[  624.325784][ T9321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  624.355048][ T9321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  624.512697][ T9321] team0: Port device team_slave_0 added
[  624.533156][ T9321] team0: Port device team_slave_1 added
[  624.748860][ T9321] batman_adv: batadv0: Adding interface: batadv_slave_0
[  624.763999][ T9321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  624.803721][ T9321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  624.835837][ T9321] batman_adv: batadv0: Adding interface: batadv_slave_1
[  624.853460][ T9321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  624.891542][ T9321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  625.073119][ T9321] hsr_slave_0: entered promiscuous mode
[  625.092111][ T9321] hsr_slave_1: entered promiscuous mode
[  625.098390][ T9321] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  625.117835][ T9321] Cannot create hsr debugfs directory
[  625.381411][ T5135] Bluetooth: hci8: command tx timeout
[  625.933952][ T5135] Bluetooth: hci3: command 0x0406 tx timeout
[  625.940024][ T5135] Bluetooth: hci4: command 0x0406 tx timeout
[  627.451267][ T5811] Bluetooth: hci8: command tx timeout
[  629.531493][ T5811] Bluetooth: hci8: command tx timeout
[  631.621018][ T5811] Bluetooth: hci8: command tx timeout
[  637.753778][ T8508] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  637.764678][ T8508] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  637.778718][ T8508] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  637.792165][ T8508] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  637.799975][ T8508] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  638.408373][ T9448] chnl_net:caif_netlink_parms(): no params data found
[  638.476131][ T5811] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[  638.485149][ T5811] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[  638.501846][ T5811] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[  638.512583][ T5811] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[  638.521804][ T5811] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[  638.823861][ T9448] bridge0: port 1(bridge_slave_0) entered blocking state
[  638.840639][ T9448] bridge0: port 1(bridge_slave_0) entered disabled state
[  638.847931][ T9448] bridge_slave_0: entered allmulticast mode
[  638.867752][ T9448] bridge_slave_0: entered promiscuous mode
[  638.920273][ T9448] bridge0: port 2(bridge_slave_1) entered blocking state
[  638.936213][ T9448] bridge0: port 2(bridge_slave_1) entered disabled state
[  638.951288][ T9448] bridge_slave_1: entered allmulticast mode
[  638.967365][ T9448] bridge_slave_1: entered promiscuous mode
[  639.143040][ T9448] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  639.168443][ T9448] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  639.399132][ T9448] team0: Port device team_slave_0 added
[  639.473244][ T9448] team0: Port device team_slave_1 added
[  639.851174][ T8510] Bluetooth: hci12: command tx timeout
[  640.574669][ T5135] Bluetooth: hci13: command tx timeout
[  641.291225][ T5135] Bluetooth: hci6: command 0x0406 tx timeout
[  641.297326][ T5135] Bluetooth: hci7: command 0x0406 tx timeout
[  641.931180][ T5135] Bluetooth: hci12: command tx timeout
[  642.654949][ T5135] Bluetooth: hci13: command tx timeout
[  644.011097][ T5135] Bluetooth: hci12: command tx timeout
[  644.734778][ T5135] Bluetooth: hci13: command tx timeout
[  646.091001][ T5135] Bluetooth: hci12: command tx timeout
[  646.589549][ T6185] hsr_slave_0: left promiscuous mode
[  646.613500][ T6185] hsr_slave_1: left promiscuous mode
[  646.619552][ T6185] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  646.630972][ T6185] batman_adv: batadv0: Removing interface: batadv_slave_0
[  646.662775][ T6185] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  646.670265][ T6185] batman_adv: batadv0: Removing interface: batadv_slave_1
[  646.740861][ T6185] veth1_macvtap: left promiscuous mode
[  646.746703][ T6185] veth0_macvtap: left promiscuous mode
[  646.768621][ T6185] veth1_vlan: left promiscuous mode
[  646.790126][ T6185] veth0_vlan: left promiscuous mode
[  646.814954][ T8508] Bluetooth: hci13: command tx timeout
[  649.630441][ T9448] batman_adv: batadv0: Adding interface: batadv_slave_0
[  649.650386][ T9448] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  649.688910][ T9448] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  649.724966][ T9448] batman_adv: batadv0: Adding interface: batadv_slave_1
[  649.761028][ T9448] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  649.817763][ T9448] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  649.847702][ T9455] chnl_net:caif_netlink_parms(): no params data found
[  650.116270][ T9448] hsr_slave_0: entered promiscuous mode
[  650.138307][ T9448] hsr_slave_1: entered promiscuous mode
[  650.153593][ T9448] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  650.176788][ T9448] Cannot create hsr debugfs directory
[  650.470096][ T9455] bridge0: port 1(bridge_slave_0) entered blocking state
[  650.483897][ T9455] bridge0: port 1(bridge_slave_0) entered disabled state
[  650.499867][ T9455] bridge_slave_0: entered allmulticast mode
[  650.526446][ T9455] bridge_slave_0: entered promiscuous mode
[  650.562378][ T9455] bridge0: port 2(bridge_slave_1) entered blocking state
[  650.569524][ T9455] bridge0: port 2(bridge_slave_1) entered disabled state
[  650.591046][ T9455] bridge_slave_1: entered allmulticast mode
[  650.601659][ T9455] bridge_slave_1: entered promiscuous mode
[  650.809078][ T9455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  650.829864][ T9455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  651.043647][ T9455] team0: Port device team_slave_0 added
[  651.100273][ T9455] team0: Port device team_slave_1 added
[  651.223733][ T9455] batman_adv: batadv0: Adding interface: batadv_slave_0
[  651.240674][ T9455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  651.284341][ T9455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  651.309156][ T9455] batman_adv: batadv0: Adding interface: batadv_slave_1
[  651.324394][ T9455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  651.367623][ T9455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  651.534515][ T9455] hsr_slave_0: entered promiscuous mode
[  651.551574][ T9455] hsr_slave_1: entered promiscuous mode
[  651.569494][ T9455] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  651.579967][ T9455] Cannot create hsr debugfs directory
[  670.981867][ T5811] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[  670.994465][ T5811] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[  671.003057][ T5811] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[  671.011241][ T5811] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[  671.018850][ T5811] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[  671.440693][ T9575] chnl_net:caif_netlink_parms(): no params data found
[  671.710078][ T9575] bridge0: port 1(bridge_slave_0) entered blocking state
[  671.731211][ T9575] bridge0: port 1(bridge_slave_0) entered disabled state
[  671.738570][ T9575] bridge_slave_0: entered allmulticast mode
[  671.801259][ T9575] bridge_slave_0: entered promiscuous mode
[  671.822108][ T9575] bridge0: port 2(bridge_slave_1) entered blocking state
[  671.829228][ T9575] bridge0: port 2(bridge_slave_1) entered disabled state
[  671.870837][ T9575] bridge_slave_1: entered allmulticast mode
[  671.903137][ T9575] bridge_slave_1: entered promiscuous mode
[  672.088021][ T9575] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  672.142912][ T9575] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  672.289578][ T5811] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1
[  672.299396][ T5811] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9
[  672.308167][ T5811] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9
[  672.316513][ T5811] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4
[  672.327013][ T5811] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2
[  672.440129][ T9575] team0: Port device team_slave_0 added
[  672.506860][ T9575] team0: Port device team_slave_1 added
[  672.645957][ T9575] batman_adv: batadv0: Adding interface: batadv_slave_0
[  672.660672][ T9575] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  672.711996][ T9575] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  672.744158][ T9575] batman_adv: batadv0: Adding interface: batadv_slave_1
[  672.770289][ T9575] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  672.835591][ T9575] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  673.051090][ T5811] Bluetooth: hci14: command tx timeout
[  673.079234][ T9575] hsr_slave_0: entered promiscuous mode
[  673.097852][ T9575] hsr_slave_1: entered promiscuous mode
[  673.109865][ T9575] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  673.124903][ T9575] Cannot create hsr debugfs directory
[  673.723404][ T9586] chnl_net:caif_netlink_parms(): no params data found
[  674.035450][ T9586] bridge0: port 1(bridge_slave_0) entered blocking state
[  674.057151][ T9586] bridge0: port 1(bridge_slave_0) entered disabled state
[  674.078007][ T9586] bridge_slave_0: entered allmulticast mode
[  674.092456][ T9586] bridge_slave_0: entered promiscuous mode
[  674.117969][ T9586] bridge0: port 2(bridge_slave_1) entered blocking state
[  674.130590][ T9586] bridge0: port 2(bridge_slave_1) entered disabled state
[  674.139964][ T9586] bridge_slave_1: entered allmulticast mode
[  674.171167][ T9586] bridge_slave_1: entered promiscuous mode
[  674.307791][ T9586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  674.339394][ T9586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  674.421813][ T5811] Bluetooth: hci15: command tx timeout
[  674.581942][ T9586] team0: Port device team_slave_0 added
[  674.603786][ T9586] team0: Port device team_slave_1 added
[  674.850289][ T9586] batman_adv: batadv0: Adding interface: batadv_slave_0
[  674.879648][ T9586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  674.939292][ T9586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  674.959312][ T9586] batman_adv: batadv0: Adding interface: batadv_slave_1
[  674.981080][ T9586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  675.039408][ T9586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  675.131429][ T8510] Bluetooth: hci14: command tx timeout
[  675.279974][ T9586] hsr_slave_0: entered promiscuous mode
[  675.297893][ T9586] hsr_slave_1: entered promiscuous mode
[  675.317105][ T9586] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  675.337702][ T9586] Cannot create hsr debugfs directory
[  676.496931][ T8510] Bluetooth: hci15: command tx timeout
[  677.146320][ T8510] Bluetooth: hci0: command 0x0406 tx timeout
[  677.152468][ T5135] Bluetooth: hci5: command 0x0406 tx timeout
[  677.210733][ T5811] Bluetooth: hci14: command tx timeout
[  678.570958][ T8508] Bluetooth: hci15: command tx timeout
[  679.291367][ T8508] Bluetooth: hci14: command tx timeout
[  680.650913][ T8508] Bluetooth: hci15: command tx timeout
[  684.736849][ T5811] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1
[  684.746364][ T5811] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9
[  684.761191][ T5811] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9
[  684.770415][ T5811] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4
[  684.778312][ T5811] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2
[  685.253417][ T9597] chnl_net:caif_netlink_parms(): no params data found
[  685.316307][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  685.330801][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  685.621449][ T9597] bridge0: port 1(bridge_slave_0) entered blocking state
[  685.628686][ T9597] bridge0: port 1(bridge_slave_0) entered disabled state
[  685.640961][ T9597] bridge_slave_0: entered allmulticast mode
[  685.660867][ T9597] bridge_slave_0: entered promiscuous mode
[  685.674689][ T9597] bridge0: port 2(bridge_slave_1) entered blocking state
[  685.690948][ T9597] bridge0: port 2(bridge_slave_1) entered disabled state
[  685.698312][ T9597] bridge_slave_1: entered allmulticast mode
[  685.731079][ T9597] bridge_slave_1: entered promiscuous mode
[  685.893617][ T9597] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  685.914386][ T9597] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  686.111680][ T9597] team0: Port device team_slave_0 added
[  686.130883][ T9597] team0: Port device team_slave_1 added
[  686.401623][ T9597] batman_adv: batadv0: Adding interface: batadv_slave_0
[  686.408598][ T9597] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  686.456372][ T9597] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  686.493644][ T9597] batman_adv: batadv0: Adding interface: batadv_slave_1
[  686.510901][ T9597] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  686.555054][ T9597] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  686.755728][ T9597] hsr_slave_0: entered promiscuous mode
[  686.775681][ T9597] hsr_slave_1: entered promiscuous mode
[  686.799016][ T9597] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  686.811062][ T8510] Bluetooth: hci16: command tx timeout
[  686.836802][ T9597] Cannot create hsr debugfs directory
[  687.375999][ T8510] Bluetooth: hci9: command 0x0406 tx timeout
[  688.891012][ T8508] Bluetooth: hci16: command tx timeout
[  690.970842][ T8508] Bluetooth: hci16: command tx timeout
[  693.061089][ T8508] Bluetooth: hci16: command tx timeout
[  698.996228][ T8510] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1
[  699.008317][ T8510] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9
[  699.040671][ T8510] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9
[  699.056252][ T8510] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4
[  699.070982][ T8510] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2
[  699.701681][ T8508] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1
[  699.714893][ T8508] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9
[  699.730179][ T8508] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9
[  699.741988][ T8508] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4
[  699.749759][ T8508] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2
[  700.072989][ T9679] chnl_net:caif_netlink_parms(): no params data found
[  700.652923][   T31] INFO: task syz-executor:8827 blocked for more than 143 seconds.
[  700.671716][   T31]       Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0
[  700.679384][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  700.721132][   T31] task:syz-executor    state:D stack:24424 pid:8827  tgid:8827  ppid:1      task_flags:0x400140 flags:0x00004004
[  700.790622][   T31] Call Trace:
[  700.793948][   T31]  <TASK>
[  700.796884][   T31]  __schedule+0x116a/0x5de0
[  700.920611][   T31]  ? is_bpf_text_address+0x94/0x1a0
[  700.928423][   T31]  ? __lock_acquire+0x622/0x1c90
[  700.976784][   T31]  ? __pfx___schedule+0x10/0x10
[  701.001711][   T31]  ? find_held_lock+0x2b/0x80
[  701.006446][   T31]  ? schedule+0x2d7/0x3a0
[  701.050531][   T31]  schedule+0xe7/0x3a0
[  701.054668][   T31]  schedule_preempt_disabled+0x13/0x30
[  701.060142][   T31]  __mutex_lock+0x6c7/0xb90
[  701.111453][   T31]  ? del_device_store+0xd1/0x4a0
[  701.116449][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  701.140850][ T5135] Bluetooth: hci17: command tx timeout
[  701.150826][   T31]  ? __pfx_sscanf+0x10/0x10
[  701.155374][   T31]  ? __lock_acquire+0x622/0x1c90
[  701.160334][   T31]  ? del_device_store+0xd1/0x4a0
[  701.210176][   T31]  del_device_store+0xd1/0x4a0
[  701.220517][   T31]  ? __pfx_del_device_store+0x10/0x10
[  701.226470][   T31]  ? find_held_lock+0x2b/0x80
[  701.270939][   T31]  ? sysfs_file_kobj+0xe4/0x290
[  701.275849][   T31]  ? __pfx_del_device_store+0x10/0x10
[  701.300999][   T31]  bus_attr_store+0x71/0xb0
[  701.305552][   T31]  ? __pfx_bus_attr_store+0x10/0x10
[  701.330953][   T31]  sysfs_kf_write+0xef/0x150
[  701.335601][   T31]  kernfs_fop_write_iter+0x354/0x510
[  701.371600][   T31]  ? __pfx_sysfs_kf_write+0x10/0x10
[  701.376853][   T31]  vfs_write+0x6c4/0x1150
[  701.400599][   T31]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  701.409166][   T31]  ? __pfx_vfs_write+0x10/0x10
[  701.441680][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  701.446939][   T31]  ksys_write+0x12a/0x250
[  701.480622][   T31]  ? __pfx_ksys_write+0x10/0x10
[  701.485539][   T31]  do_syscall_64+0xcd/0x4c0
[  701.490073][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  701.525487][   T31] RIP: 0033:0x7fb365f8d3df
[  701.529945][   T31] RSP: 002b:00007ffed0fa6700 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  701.563384][   T31] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fb365f8d3df
[  701.593850][   T31] RDX: 0000000000000001 RSI: 00007ffed0fa6750 RDI: 0000000000000005
[  701.630639][   T31] RBP: 00007fb366011d8d R08: 0000000000000000 R09: 00007ffed0fa6557
[  701.638652][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  701.681112][   T31] R13: 00007ffed0fa6750 R14: 00007fb366ce4620 R15: 0000000000000003
[  701.689152][   T31]  </TASK>
[  701.720740][   T31] INFO: task syz-executor:8834 blocked for more than 144 seconds.
[  701.730991][   T31]       Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0
[  701.738818][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  701.790927][   T31] task:syz-executor    state:D stack:24696 pid:8834  tgid:8834  ppid:1      task_flags:0x400140 flags:0x00004004
[  701.830859][   T31] Call Trace:
[  701.834173][   T31]  <TASK>
[  701.837112][   T31]  __schedule+0x116a/0x5de0
[  701.861326][ T5135] Bluetooth: hci18: command tx timeout
[  701.870984][   T31]  ? is_bpf_text_address+0x94/0x1a0
[  701.876240][   T31]  ? __lock_acquire+0x622/0x1c90
[  701.907609][   T31]  ? __pfx___schedule+0x10/0x10
[  701.924769][   T31]  ? find_held_lock+0x2b/0x80
[  701.929498][   T31]  ? schedule+0x2d7/0x3a0
[  701.960247][   T31]  schedule+0xe7/0x3a0
[  701.974137][   T31]  schedule_preempt_disabled+0x13/0x30
[  701.979653][   T31]  __mutex_lock+0x6c7/0xb90
[  702.010697][   T31]  ? del_device_store+0xd1/0x4a0
[  702.031043][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  702.036133][   T31]  ? __pfx_sscanf+0x10/0x10
[  702.060676][   T31]  ? __lock_acquire+0x622/0x1c90
[  702.065692][   T31]  ? del_device_store+0xd1/0x4a0
[  702.091402][   T31]  del_device_store+0xd1/0x4a0
[  702.096227][   T31]  ? __pfx_del_device_store+0x10/0x10
[  702.128784][   T31]  ? find_held_lock+0x2b/0x80
[  702.145207][   T31]  ? sysfs_file_kobj+0xe4/0x290
[  702.150113][   T31]  ? __pfx_del_device_store+0x10/0x10
[  702.184459][   T31]  bus_attr_store+0x71/0xb0
[  702.189028][   T31]  ? __pfx_bus_attr_store+0x10/0x10
[  702.230848][   T31]  sysfs_kf_write+0xef/0x150
[  702.235502][   T31]  kernfs_fop_write_iter+0x354/0x510
[  702.262413][   T31]  ? __pfx_sysfs_kf_write+0x10/0x10
[  702.267678][   T31]  vfs_write+0x6c4/0x1150
[  702.300526][   T31]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  702.306397][   T31]  ? __pfx_vfs_write+0x10/0x10
[  702.326921][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  702.362788][   T31]  ksys_write+0x12a/0x250
[  702.367175][   T31]  ? __pfx_ksys_write+0x10/0x10
[  702.385261][   T31]  do_syscall_64+0xcd/0x4c0
[  702.389828][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.420528][   T31] RIP: 0033:0x7fb28f98d3df
[  702.425606][   T31] RSP: 002b:00007fffecb5de80 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  702.470738][   T31] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fb28f98d3df
[  702.478756][   T31] RDX: 0000000000000001 RSI: 00007fffecb5ded0 RDI: 0000000000000005
[  702.521482][   T31] RBP: 00007fb28fa11d8d R08: 0000000000000000 R09: 00007fffecb5dcd7
[  702.529502][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  702.591413][   T31] R13: 00007fffecb5ded0 R14: 00007fb2906e4620 R15: 0000000000000003
[  702.599446][   T31]  </TASK>
[  702.620864][   T31] INFO: task syz-executor:8836 blocked for more than 145 seconds.
[  702.628711][   T31]       Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0
[  702.671228][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  702.679940][   T31] task:syz-executor    state:D stack:24760 pid:8836  tgid:8836  ppid:1      task_flags:0x400140 flags:0x00004004
[  702.733575][ T5135] Bluetooth: hci10: command 0x0406 tx timeout
[  702.739726][ T5135] Bluetooth: hci11: command 0x0406 tx timeout
[  702.746592][   T31] Call Trace:
[  702.749887][   T31]  <TASK>
[  702.783286][   T31]  __schedule+0x116a/0x5de0
[  702.787850][   T31]  ? is_bpf_text_address+0x94/0x1a0
[  702.810546][   T31]  ? __lock_acquire+0x622/0x1c90
[  702.815546][   T31]  ? __pfx___schedule+0x10/0x10
[  702.846675][   T31]  ? find_held_lock+0x2b/0x80
[  702.866954][   T31]  ? schedule+0x2d7/0x3a0
[  702.895884][   T31]  schedule+0xe7/0x3a0
[  702.900015][   T31]  schedule_preempt_disabled+0x13/0x30
[  702.936881][   T31]  __mutex_lock+0x6c7/0xb90
[  702.960721][   T31]  ? del_device_store+0xd1/0x4a0
[  702.965724][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  703.000747][   T31]  ? __pfx_sscanf+0x10/0x10
[  703.005305][   T31]  ? __lock_acquire+0x622/0x1c90
[  703.010262][   T31]  ? del_device_store+0xd1/0x4a0
[  703.042720][   T31]  del_device_store+0xd1/0x4a0
[  703.066129][   T31]  ? __pfx_del_device_store+0x10/0x10
[  703.080424][   T31]  ? find_held_lock+0x2b/0x80
[  703.101091][   T31]  ? sysfs_file_kobj+0xe4/0x290
[  703.106001][   T31]  ? __pfx_del_device_store+0x10/0x10
[  703.145278][   T31]  bus_attr_store+0x71/0xb0
[  703.149829][   T31]  ? __pfx_bus_attr_store+0x10/0x10
[  703.182500][   T31]  sysfs_kf_write+0xef/0x150
[  703.187144][   T31]  kernfs_fop_write_iter+0x354/0x510
[  703.211246][ T9724] Bluetooth: hci17: command tx timeout
[  703.216858][   T31]  ? __pfx_sysfs_kf_write+0x10/0x10
[  703.230536][   T31]  vfs_write+0x6c4/0x1150
[  703.234908][   T31]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  703.260522][   T31]  ? __pfx_vfs_write+0x10/0x10
[  703.265344][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  703.310598][   T31]  ? find_held_lock+0x2b/0x80
[  703.315342][   T31]  ksys_write+0x12a/0x250
[  703.319683][   T31]  ? __pfx_ksys_write+0x10/0x10
[  703.350973][   T31]  do_syscall_64+0xcd/0x4c0
[  703.355546][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  703.391737][   T31] RIP: 0033:0x7f0c9638d3df
[  703.396209][   T31] RSP: 002b:00007ffcd46752b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  703.430623][   T31] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f0c9638d3df
[  703.438641][   T31] RDX: 0000000000000001 RSI: 00007ffcd4675300 RDI: 0000000000000005
[  703.486071][   T31] RBP: 00007f0c96411d8d R08: 0000000000000000 R09: 00007ffcd4675107
[  703.517978][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  703.546252][   T31] R13: 00007ffcd4675300 R14: 00007f0c970e4620 R15: 0000000000000003
[  703.580972][   T31]  </TASK>
[  703.802061][   T31] INFO: task syz-executor:8992 blocked for more than 146 seconds.
[  703.809927][   T31]       Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0
[  703.900512][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  703.909226][   T31] task:syz-executor    state:D stack:24472 pid:8992  tgid:8992  ppid:1      task_flags:0x400140 flags:0x00004004
[  703.950806][ T9724] Bluetooth: hci18: command tx timeout
[  704.010040][   T31] Call Trace:
[  704.040839][   T31]  <TASK>
[  704.043829][   T31]  __schedule+0x116a/0x5de0
[  704.048346][   T31]  ? is_bpf_text_address+0x94/0x1a0
[  704.090536][   T31]  ? kernel_text_address+0x8d/0x100
[  704.095795][   T31]  ? __lock_acquire+0x622/0x1c90
[  704.129954][   T31]  ? __pfx___schedule+0x10/0x10
[  704.140588][   T31]  ? find_held_lock+0x2b/0x80
[  704.145313][   T31]  ? schedule+0x2d7/0x3a0
[  704.149660][   T31]  schedule+0xe7/0x3a0
[  704.200849][   T31]  schedule_preempt_disabled+0x13/0x30
[  704.209331][   T31]  __mutex_lock+0x6c7/0xb90
[  704.231097][   T31]  ? del_device_store+0xd1/0x4a0
[  704.236084][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  704.261601][   T31]  ? __pfx_sscanf+0x10/0x10
[  704.266155][   T31]  ? __lock_acquire+0x622/0x1c90
[  704.292946][   T31]  ? del_device_store+0xd1/0x4a0
[  704.297933][   T31]  del_device_store+0xd1/0x4a0
[  704.320746][   T31]  ? __pfx_del_device_store+0x10/0x10
[  704.326175][   T31]  ? find_held_lock+0x2b/0x80
[  704.340703][   T31]  ? sysfs_file_kobj+0xe4/0x290
[  704.345608][   T31]  ? __pfx_del_device_store+0x10/0x10
[  704.366946][   T31]  bus_attr_store+0x71/0xb0
[  704.372170][   T31]  ? __pfx_bus_attr_store+0x10/0x10
[  704.377388][   T31]  sysfs_kf_write+0xef/0x150
[  704.395699][   T31]  kernfs_fop_write_iter+0x354/0x510
[  704.416539][   T31]  ? __pfx_sysfs_kf_write+0x10/0x10
[  704.430745][   T31]  vfs_write+0x6c4/0x1150
[  704.435116][   T31]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  704.457028][   T31]  ? __pfx_vfs_write+0x10/0x10
[  704.470527][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  704.475782][   T31]  ksys_write+0x12a/0x250
[  704.480124][   T31]  ? __pfx_ksys_write+0x10/0x10
[  704.500535][   T31]  do_syscall_64+0xcd/0x4c0
[  704.505099][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  704.530809][   T31] RIP: 0033:0x7f4dd5f8d3df
[  704.535255][   T31] RSP: 002b:00007fffaccb30c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  704.557834][   T31] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f4dd5f8d3df
[  704.572434][   T31] RDX: 0000000000000001 RSI: 00007fffaccb3110 RDI: 0000000000000005
[  704.580430][   T31] RBP: 00007f4dd6011d8d R08: 0000000000000000 R09: 00007fffaccb2f17
[  704.600640][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  704.608654][   T31] R13: 00007fffaccb3110 R14: 00007f4dd6ce4620 R15: 0000000000000003
[  704.641882][   T31]  </TASK>
[  704.735738][   T31] INFO: task syz-executor:8994 blocked for more than 147 seconds.
[  704.783491][   T31]       Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0
[  704.820913][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  704.829618][   T31] task:syz-executor    state:D stack:24472 pid:8994  tgid:8994  ppid:1      task_flags:0x400140 flags:0x00004004
[  704.910590][   T31] Call Trace:
[  704.913918][   T31]  <TASK>
[  704.916853][   T31]  __schedule+0x116a/0x5de0
[  704.961079][   T31]  ? is_bpf_text_address+0x94/0x1a0
[  704.966333][   T31]  ? kernel_text_address+0x8d/0x100
[  705.025546][   T31]  ? __lock_acquire+0x622/0x1c90
[  705.060739][   T31]  ? __pfx___schedule+0x10/0x10
[  705.065654][   T31]  ? find_held_lock+0x2b/0x80
[  705.070345][   T31]  ? schedule+0x2d7/0x3a0
[  705.131483][   T31]  schedule+0xe7/0x3a0
[  705.135627][   T31]  schedule_preempt_disabled+0x13/0x30
[  705.189299][   T31]  __mutex_lock+0x6c7/0xb90
[  705.215323][   T31]  ? del_device_store+0xd1/0x4a0
[  705.220327][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  705.260671][   T31]  ? __pfx_sscanf+0x10/0x10
[  705.265233][   T31]  ? __lock_acquire+0x622/0x1c90
[  705.270193][   T31]  ? del_device_store+0xd1/0x4a0
[  705.291135][ T8510] Bluetooth: hci17: command tx timeout
[  705.325029][   T31]  del_device_store+0xd1/0x4a0
[  705.360527][   T31]  ? __pfx_del_device_store+0x10/0x10
[  705.365958][   T31]  ? find_held_lock+0x2b/0x80
[  705.402817][   T31]  ? sysfs_file_kobj+0xe4/0x290
[  705.407760][   T31]  ? __pfx_del_device_store+0x10/0x10
[  705.460650][   T31]  bus_attr_store+0x71/0xb0
[  705.465204][   T31]  ? __pfx_bus_attr_store+0x10/0x10
[  705.470409][   T31]  sysfs_kf_write+0xef/0x150
[  705.504409][   T31]  kernfs_fop_write_iter+0x354/0x510
[  705.509753][   T31]  ? __pfx_sysfs_kf_write+0x10/0x10
[  705.532208][   T31]  vfs_write+0x6c4/0x1150
[  705.540726][   T31]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  705.546579][   T31]  ? __pfx_vfs_write+0x10/0x10
[  705.570832][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  705.576090][   T31]  ksys_write+0x12a/0x250
[  705.580430][   T31]  ? __pfx_ksys_write+0x10/0x10
[  705.595676][   T31]  do_syscall_64+0xcd/0x4c0
[  705.600232][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.620714][   T31] RIP: 0033:0x7f3d6158d3df
[  705.633811][   T31] RSP: 002b:00007ffe3a1ed250 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  705.658878][   T31] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f3d6158d3df
[  705.676449][   T31] RDX: 0000000000000001 RSI: 00007ffe3a1ed2a0 RDI: 0000000000000005
[  705.693979][   T31] RBP: 00007f3d61611d8d R08: 0000000000000000 R09: 00007ffe3a1ed0a7
[  705.714274][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  705.730668][   T31] R13: 00007ffe3a1ed2a0 R14: 00007f3d622e4620 R15: 0000000000000003
[  705.747367][   T31]  </TASK>
[  705.755756][   T31] 
[  705.755756][   T31] Showing all locks held in the system:
[  705.774531][   T31] 2 locks held by kworker/0:1/10:
[  705.779584][   T31] 3 locks held by kworker/u8:1/13:
[  705.804290][   T31] 1 lock held by khungtaskd/31:
[  705.809339][   T31]  #0: ffffffff8e5c4940 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  705.831824][   T31] 3 locks held by kworker/1:1/48:
[  705.836927][   T31]  #0: ffff88805bc79548 ((wq_completion)wg-kex-wg1#14){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  705.865059][   T31]  #1: ffffc90000b87d10 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  705.926545][   T31]  #2: ffff88802a6d8520 (&cookie->lock){++++}-{4:4}, at: wg_cookie_add_mac_to_packet+0x37/0x1c0
[  705.957580][   T31] 2 locks held by getty/5574:
[  705.969102][   T31]  #0: ffff88814cde00a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  705.986188][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  706.004330][   T31] 3 locks held by kworker/0:3/5849:
[  706.009554][   T31] 6 locks held by kworker/0:6/5872:
[  706.015861][ T8510] Bluetooth: hci18: command tx timeout
[  706.031443][   T31] 3 locks held by kworker/0:8/5896:
[  706.036673][   T31] 5 locks held by kworker/u8:9/6185:
[  706.060753][   T31]  #0: ffff88801c6f3948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  706.080506][   T31]  #1: ffffc9000533fd10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  706.100503][   T31]  #2: ffffffff90336c10 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890
[  706.120504][   T31]  #3: ffff8880294254e8 (&wg->device_update_lock){+.+.}-{4:4}, at: wg_destruct+0x151/0x3d0
[  706.140521][   T31]  #4: ffffffff8e5cfe00 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0
[  706.171447][   T31] 2 locks held by kworker/0:5/8704:
[  706.176676][   T31] 2 locks held by kworker/0:7/8724:
[  706.190513][   T31] 2 locks held by kworker/0:10/8776:
[  706.195818][   T31] 7 locks held by syz-executor/8825:
[  706.210511][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  706.219536][   T31]  #1: ffff88803b1d0c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  706.261528][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  706.286299][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  706.305954][   T31]  #4: ffff88805c46b0e8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xa4/0x620
[  706.324602][   T31]  #5: ffff88805c46c250 (&devlink->lock_key#2){+.+.}-{4:4}, at: nsim_drv_remove+0x4a/0x1d0
[  706.346473][   T31]  #6: ffffffff8e5cfe00 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0
[  706.371607][   T31] 4 locks held by syz-executor/8827:
[  706.376919][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  706.401224][   T31]  #1: ffff88803b8f0c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  706.430776][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  706.450760][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  706.478467][   T31] 4 locks held by syz-executor/8834:
[  706.484328][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  706.510779][   T31]  #1: ffff8880404a1488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  706.530511][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  706.550565][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  706.580138][   T31] 4 locks held by syz-executor/8836:
[  706.586016][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  706.609274][   T31]  #1: ffff88803b8f2088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  706.629881][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  706.648808][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  706.671466][   T31] 3 locks held by kworker/0:13/8840:
[  706.676806][   T31] 2 locks held by kworker/0:14/8984:
[  706.690823][   T31] 4 locks held by syz-executor/8992:
[  706.696130][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  706.721604][   T31]  #1: ffff88803b1d2488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  706.750764][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  706.770511][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  706.791678][   T31] 4 locks held by syz-executor/8994:
[  706.796984][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  706.819820][   T31]  #1: ffff88803bedd888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  706.835275][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  706.860151][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  706.880638][   T31] 4 locks held by syz-executor/9142:
[  706.885974][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  706.911730][   T31]  #1: ffff8880813d7c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  706.933216][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  706.961585][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  706.988205][   T31] 4 locks held by syz-executor/9164:
[  706.999373][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  707.016855][   T31]  #1: ffff88806115fc88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  707.030499][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  707.056077][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  707.081610][   T31] 4 locks held by syz-executor/9177:
[  707.086925][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  707.109871][   T31]  #1: ffff8880551ce088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  707.124380][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  707.150910][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  707.176135][   T31] 4 locks held by syz-executor/9301:
[  707.191419][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  707.200451][   T31]  #1: ffff88803c472488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  707.231262][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  707.256227][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  707.270519][   T31] 4 locks held by syz-executor/9306:
[  707.292506][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  707.310723][   T31]  #1: ffff88803cd2fc88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  707.330508][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  707.354884][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  707.370513][   T31] 4 locks held by syz-executor/9321:
[  707.375813][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  707.390514][ T8510] Bluetooth: hci17: command tx timeout
[  707.420512][   T31]  #1: ffff88807172d088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  707.430314][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  707.458673][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  707.483040][   T31] 2 locks held by kworker/0:16/9385:
[  707.488355][   T31] 4 locks held by syz-executor/9448:
[  707.500802][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  707.509819][   T31]  #1: ffff888087888488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  707.544638][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  707.560505][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  707.585095][   T31] 4 locks held by syz-executor/9455:
[  707.590416][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  707.609600][   T31]  #1: ffff88804800a088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  707.640309][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  707.665400][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  707.687649][   T31] 4 locks held by syz-executor/9575:
[  707.700506][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  707.709612][   T31]  #1: ffff8880892bd088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  707.738838][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  707.761750][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  707.782327][   T31] 4 locks held by syz-executor/9586:
[  707.820515][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  707.829555][   T31]  #1: ffff888035918088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  707.858557][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  707.879321][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  707.908002][   T31] 4 locks held by syz-executor/9597:
[  707.919759][   T31]  #0: ffff888033b2a428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  707.936663][   T31]  #1: ffff88805b71c488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  707.957622][   T31]  #2: ffff888028e59d28 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  707.977730][   T31]  #3: ffffffff8f8e95c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  708.001930][   T31] 
[  708.004279][   T31] =============================================
[  708.004279][   T31] 
[  708.030830][   T31] NMI backtrace for cpu 1
[  708.030847][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) 
[  708.030870][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  708.030880][   T31] Call Trace:
[  708.030886][   T31]  <TASK>
[  708.030893][   T31]  dump_stack_lvl+0x116/0x1f0
[  708.030925][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  708.030946][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  708.030971][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  708.030993][   T31]  watchdog+0xf70/0x12c0
[  708.031016][   T31]  ? __pfx_watchdog+0x10/0x10
[  708.031033][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  708.031059][   T31]  ? __kthread_parkme+0x19e/0x250
[  708.031085][   T31]  ? __pfx_watchdog+0x10/0x10
[  708.031104][   T31]  kthread+0x3c2/0x780
[  708.031120][   T31]  ? __pfx_kthread+0x10/0x10
[  708.031136][   T31]  ? rcu_is_watching+0x12/0xc0
[  708.031157][   T31]  ? __pfx_kthread+0x10/0x10
[  708.031174][   T31]  ret_from_fork+0x5d4/0x6f0
[  708.031197][   T31]  ? __pfx_kthread+0x10/0x10
[  708.031213][   T31]  ret_from_fork_asm+0x1a/0x30
[  708.031242][   T31]  </TASK>
[  708.031248][   T31] Sending NMI from CPU 1 to CPUs 0:
[  708.152416][    C0] NMI backtrace for cpu 0
[  708.152432][    C0] CPU: 0 UID: 0 PID: 5872 Comm: kworker/0:6 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) 
[  708.152450][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  708.152460][    C0] Workqueue: wg-kex-wg0 wg_packet_handshake_receive_worker
[  708.152482][    C0] RIP: 0010:__kasan_check_byte+0xa/0x50
[  708.152503][    C0] Code: 48 0f 45 da e9 9c fe ff ff 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 41 54 49 89 f4 55 <48> 89 fd 53 e8 bd 24 00 00 89 c3 84 c0 74 0b 89 d8 5b 5d 41 5c e9
[  708.152517][    C0] RSP: 0018:ffffc90000007740 EFLAGS: 00000202
[  708.152528][    C0] RAX: 0000000000000001 RBX: ffffffff8e5c4880 RCX: 0000000000000002
[  708.152537][    C0] RDX: 0000000000000000 RSI: ffffffff816c9af3 RDI: ffffffff8e5c4880
[  708.152551][    C0] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  708.152560][    C0] R10: 0000000000000000 R11: 0000000000002c00 R12: ffffffff816c9af3
[  708.152569][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  708.152578][    C0] FS:  0000000000000000(0000) GS:ffff888124752000(0000) knlGS:0000000000000000
[  708.152593][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  708.152602][    C0] CR2: 0000562de2275c80 CR3: 000000000e382000 CR4: 00000000003526f0
[  708.152612][    C0] Call Trace:
[  708.152617][    C0]  <IRQ>
[  708.152623][    C0]  lock_acquire+0xfc/0x350
[  708.152647][    C0]  __virt_addr_valid+0x213/0x610
[  708.152663][    C0]  ? __virt_addr_valid+0x1f7/0x610
[  708.152679][    C0]  kasan_addr_to_slab+0xd/0x80
[  708.152695][    C0]  kasan_record_aux_stack+0xe/0xc0
[  708.152709][    C0]  kmem_cache_free+0x15a/0x4d0
[  708.152726][    C0]  ? __pfx_hash_conntrack_raw+0x10/0x10
[  708.152741][    C0]  ? nf_conntrack_free+0x113/0x460
[  708.152756][    C0]  nf_conntrack_free+0x113/0x460
[  708.152771][    C0]  nf_ct_destroy+0x18b/0x2a0
[  708.152785][    C0]  nf_conntrack_in+0x392/0x1950
[  708.152803][    C0]  ? __pfx_nf_conntrack_in+0x10/0x10
[  708.152822][    C0]  ? lock_acquire+0x179/0x350
[  708.152842][    C0]  ? __pfx_ipv4_conntrack_in+0x10/0x10
[  708.152862][    C0]  nf_hook_slow+0xbb/0x200
[  708.152882][    C0]  nf_hook.constprop.0+0x422/0x750
[  708.152902][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  708.152923][    C0]  ? __pfx_nf_hook.constprop.0+0x10/0x10
[  708.152944][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  708.152963][    C0]  ? ip_rcv_core+0x934/0xe80
[  708.152983][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  708.153002][    C0]  ip_rcv+0x7d/0x5d0
[  708.153021][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  708.153039][    C0]  __netif_receive_skb_one_core+0x197/0x1e0
[  708.153058][    C0]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  708.153077][    C0]  ? lock_acquire+0x179/0x350
[  708.153098][    C0]  ? process_backlog+0x3f0/0x15e0
[  708.153114][    C0]  __netif_receive_skb+0x1d/0x160
[  708.153132][    C0]  process_backlog+0x442/0x15e0
[  708.153150][    C0]  __napi_poll.constprop.0+0xba/0x550
[  708.153169][    C0]  net_rx_action+0xa9f/0xfe0
[  708.153190][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  708.153207][    C0]  ? mark_held_locks+0x49/0x80
[  708.153226][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  708.153247][    C0]  ? tmigr_handle_remote+0x132/0x380
[  708.153266][    C0]  ? run_timer_base+0x121/0x190
[  708.153285][    C0]  ? __pfx_run_timer_base+0x10/0x10
[  708.153306][    C0]  handle_softirqs+0x219/0x8e0
[  708.153324][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  708.153340][    C0]  ? irqtime_account_irq+0x18d/0x2e0
[  708.153360][    C0]  ? kernel_fpu_end+0x59/0x70
[  708.153374][    C0]  do_softirq+0xb2/0xf0
[  708.153387][    C0]  </IRQ>
[  708.153392][    C0]  <TASK>
[  708.153397][    C0]  __local_bh_enable_ip+0x100/0x120
[  708.153413][    C0]  kernel_fpu_end+0x5e/0x70
[  708.153425][    C0]  blake2s_compress+0x7f/0xe0
[  708.153441][    C0]  blake2s_update+0xef/0x360
[  708.153460][    C0]  hmac.constprop.0+0x23f/0x420
[  708.153479][    C0]  ? __pfx_hmac.constprop.0+0x10/0x10
[  708.153503][    C0]  ? kdf.constprop.0+0x223/0x280
[  708.153521][    C0]  ? __pfx_curve25519_arch+0x10/0x10
[  708.153544][    C0]  kdf.constprop.0+0x1f2/0x280
[  708.153563][    C0]  ? __pfx_kdf.constprop.0+0x10/0x10
[  708.153580][    C0]  ? __crypto_memneq+0x203/0x430
[  708.153597][    C0]  ? mix_dh+0xf7/0x150
[  708.153612][    C0]  ? mix_dh+0x103/0x150
[  708.153632][    C0]  wg_noise_handshake_create_response+0x448/0x640
[  708.153654][    C0]  ? __pfx_wg_noise_handshake_create_response+0x10/0x10
[  708.153677][    C0]  ? ktime_get_coarse_with_offset+0x1af/0x240
[  708.153696][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  708.153714][    C0]  ? ktime_get_coarse_with_offset+0x1c1/0x240
[  708.153733][    C0]  ? ktime_get_coarse_with_offset+0x150/0x240
[  708.153754][    C0]  wg_packet_send_handshake_response+0xe0/0x310
[  708.153769][    C0]  ? wg_socket_set_peer_endpoint+0x5f6/0xbd0
[  708.153785][    C0]  ? __pfx_wg_packet_send_handshake_response+0x10/0x10
[  708.153806][    C0]  wg_receive_handshake_packet+0x247/0xbf0
[  708.153822][    C0]  ? __pfx_wg_receive_handshake_packet+0x10/0x10
[  708.153840][    C0]  ? __local_bh_enable_ip+0xa4/0x120
[  708.153857][    C0]  wg_packet_handshake_receive_worker+0x17f/0x3a0
[  708.153876][    C0]  process_one_work+0x9cf/0x1b70
[  708.153893][    C0]  ? __pfx_wg_packet_handshake_receive_worker+0x10/0x10
[  708.153910][    C0]  ? __pfx_process_one_work+0x10/0x10
[  708.153926][    C0]  ? assign_work+0x1a0/0x250
[  708.153947][    C0]  worker_thread+0x6c8/0xf10
[  708.153964][    C0]  ? __kthread_parkme+0x19e/0x250
[  708.153982][    C0]  ? __pfx_worker_thread+0x10/0x10
[  708.153996][    C0]  kthread+0x3c2/0x780
[  708.154008][    C0]  ? __pfx_kthread+0x10/0x10
[  708.154021][    C0]  ? rcu_is_watching+0x12/0xc0
[  708.154038][    C0]  ? __pfx_kthread+0x10/0x10
[  708.154051][    C0]  ret_from_fork+0x5d4/0x6f0
[  708.154070][    C0]  ? __pfx_kthread+0x10/0x10
[  708.154082][    C0]  ret_from_fork_asm+0x1a/0x30
[  708.154101][    C0]  </TASK>
[  708.839702][ T8510] Bluetooth: hci18: command tx timeout
[  708.958140][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  708.965031][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) 
[  708.976838][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  708.986906][   T31] Call Trace:
[  708.990213][   T31]  <TASK>
[  708.993147][   T31]  dump_stack_lvl+0x3d/0x1f0
[  708.997750][   T31]  panic+0x71c/0x800
[  709.001658][   T31]  ? __pfx___irq_work_queue_local+0x10/0x10
[  709.007558][   T31]  ? __pfx_panic+0x10/0x10
[  709.011982][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  709.017365][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  709.023353][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  709.028732][   T31]  ? watchdog+0xdda/0x12c0
[  709.033150][   T31]  ? watchdog+0xdcd/0x12c0
[  709.037666][   T31]  watchdog+0xdeb/0x12c0
[  709.041940][   T31]  ? __pfx_watchdog+0x10/0x10
[  709.046626][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  709.051840][   T31]  ? __kthread_parkme+0x19e/0x250
[  709.056876][   T31]  ? __pfx_watchdog+0x10/0x10
[  709.061570][   T31]  kthread+0x3c2/0x780
[  709.065656][   T31]  ? __pfx_kthread+0x10/0x10
[  709.070260][   T31]  ? rcu_is_watching+0x12/0xc0
[  709.075034][   T31]  ? __pfx_kthread+0x10/0x10
[  709.079627][   T31]  ret_from_fork+0x5d4/0x6f0
[  709.084227][   T31]  ? __pfx_kthread+0x10/0x10
[  709.088817][   T31]  ret_from_fork_asm+0x1a/0x30
[  709.093600][   T31]  </TASK>
[  709.096841][   T31] Kernel Offset: disabled
[  709.101149][   T31] Rebooting in 86400 seconds..