last executing test programs:

11m10.97465316s ago: executing program 0 (id=39):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_int(r0, 0x1, 0x4, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r2, 0x0, 0x4000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f0000003c40)=[{{0x0, 0x0, &(0x7f0000002580)=[{0x0}, {&(0x7f0000002480)=""/238, 0xee}], 0x2}, 0x9}], 0x1, 0x40010160, 0x0)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
r7 = accept4(r6, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10)
sendmmsg$unix(r7, &(0x7f0000000680), 0x4924924924925c6, 0x8dff)

11m9.283878582s ago: executing program 0 (id=42):
openat$mice(0xffffffffffffff9c, 0x0, 0x101)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173"], 0x5c}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000000a0601020000000000000000000000000900020073797a31000000000500010007000000180007800c00018008000140fffffffe050003"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

11m8.940078461s ago: executing program 0 (id=43):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = getpid()
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r4, 0x0, 0x0)
syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x3, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "ffb00afe4e70"}}}}}}}, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x80, 0x0)
pipe(0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xb, 0x100, 0x1108, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x50)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000002c0)={0xffffffff, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r5, 0x402c5342, &(0x7f0000000040)={0x0, 0x7a124, 0x60, {0x0, 0x100}})

11m5.385208953s ago: executing program 0 (id=52):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000100)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4c042)
r2 = dup(r0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c)
write$P9_RSETATTR(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x1b, 0x5}, 0xffffffec)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x2, 0xffff1896, 0x3, 0x54, 0xffffffb9, 0x1a}, 0x9c)

11m4.072478778s ago: executing program 0 (id=57):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000240)={0xc})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000280)={0x28, 0x7, r5, 0x0, &(0x7f0000579000/0x2000)=nil, 0x2000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r5, 0x0, <r6=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r4, 0x3ba0, &(0x7f00000005c0)={0x48, 0x7, r6, 0x0, 0x0, 0x0, 0x0, 0x5})
ioctl$IOMMU_TEST_OP_ACCESS_RW(0xffffffffffffffff, 0x3ba0, &(0x7f0000000480)={0x48, 0x8, r6, 0x0, 0x201, 0xdff, &(0x7f0000001480)="31bb4ec77ee0edf5a052e63ec7f79b3ab56d2c206e9c183499df90598e942f13cd9a2903a9d51fe4a07ebe6214d279e733874d16615bcb34cda1a44be72996af769eeebe39142eaf6b3744be4a86853813ae876b741b65c339f76441f04e8c34c428b5c9a6412dfc94af7cc2cb364274c9eb1595a1912dc107b889df1668051e6a27c07cb5f42f2d097acd8b95bf1d07139994056653c3cb83a1f756c5bd79374d81d10fffdd89cf613babd136c2ec27754fde021ecd84f4255881f3272a0f52f3b3ae232b0843e705daf97bd7c625a4f1c7ef9987515c7d33a8790047bb5daab6059e97253c1124b1e097f32cf3be7a04437da98bd749b391d21d374abe25c715604d562a4e163dc3bbc4568d558a04f361846bddc80c988302497546f62c0b1b7fe335af05668f50fc66fc2345f2fb4a13b72e762bcfe8977af9aab95e6d516a98bb0247b4cca89b2896867f81dae584118313c62fce1942952ebc75ff14e583bf1ace2101855cac909c53b2a5e129e6b6b780ecfa98d653aa0105fbd9d5c76906550af7f3f5b8cd612dc3d0823dd1ebf33ada49a82932365b869a0da45db213981589ad56b7b2f897469b1e73b1bd396f413074ad19a18dd095a2d3db75acdae5f5d8d486bff89c59277b0bfb89355d65ed97aadc56e6f81fe6abae5ab6b79e04e26bd7bdae87a68f8f6c9a034bfb7df2adf4dd81c29b57c3f5053a4d05728f148d8770ee7691f96a7c31038fc5285293e3c34c9eeb26e81bb8c95c2b4ae0ca4ccb662e3acfaf651d4798f94439e03d8d1b54fc3faedc43905163d508bd265c41da50aa16b0203a3e34f502124e6c1e8737947ebc95b6f880f6f47bd2660ba0d3d902f3b4256f6b28d4f6b41039c952afe0886b3a351e3c3ce92be7e2b8aec310ba61560bde3954120d15d775c0094eb61cb665c327c25a72ad14ec6731b36fdab273ef785794697a1ad02193dd70619a0389a51219f0a95cd836e9aba775e6ef38e872a1aaad500a9360f1164f3e98ef7a96690248c7b125383de41019f35d1de2a38bd90a5f60c6aa7b6bcc62c951330a49bf9b8932289de5542a143b987c4f01acd2665123d603942cc727757ac16e17ac55f4e39cea7b5da45b13e2b8dc00b60ecb9086f000e197908f81cf3ca8bae652b78bb80357df1e8f5357eff0e5db2541910e645fbcda847e569483c169daea6628f3c942f357757fb327da64cd6cde61e295fa5872bcd6834a06d65a6c253fb7cb004ca971b59e1aece01c544835e48f8ed2c9861aa2390d70dadd02c27b3e308d26f476b34dbdc67444c62ba10ab9646b326bc3ebf0f92c96c64cb6c5f3ed78a3be919a2a983790cf3578602f7b69258b2a6fc58046b08bdbcad58e2c9d7025e20a78fe58520f8e3aafdeb944edfa728a5fba1629dee808bf22e205e797f82c4bb50c40bbe660b899f39944520a58287620c87e766166bcb89f764d81c96f3804c7dbd17408bd7f765aec08dff46ba568073cd45060b646eb3215ec7ff511f769a0e5483f1dca9860ea21767f0fe68c45eb46396e418b25bd1065135e92e74cb8929f526ce293d002c354a9bb22b2dfbfcb5b0612d5f7625a559e85c3ac6f89790f78502df7b02f2affcdbbe2732a8632ae95e7a1a7388b6df19aafb2c6b94e985f26c159e2648ae1ce3cae0d176b060e152d003a439dcbe8463d462eb5e843bfd9c2b1e5b2d89e372100e96443e2e574fefcd2ed899ef6e12cc92dfdc3ff8eeba109fecb0f0f04d55fc148ab026a71976d9479999ee6fec731c144cc106668e703fab82d7061a36035b2221488d6f3d56ff1d552df990ae8a4a34a76bad5b7824bfd38df1065ef61cab967f7dea1a622b06f51b76441a6f218049959e988cc7f7e577a6c40db4dafed7bdc9ea52d4edb79b9d9a55d006d243af481d745ba62f7114d0f8aa14cd4e45899983cfc783c77cdce37cfbbe33fa369147880bfb7dea7e741d6c781eda3b84f383b6f3e0a14e58cf1302d2daebffbba86bebbc30abb16b47ed28f5b8d8a43f9aa9e0692e448a1ef4e16a73507a61cef339c6be89ce95ca399a3139b27bfbd0c93ff276e13345a93ee6a152e03f4dc107f3a862b68f6e6b4267f51903a81cc1b585b211a65307bd5573f13c955c1e179729fb361197bccbd5e4700f49f93a72948634e3b7882724b973b14dc168bed2538f81acd2ddc2bc9265a3729c50f92a1750d058102899cbca79b46cc11aea6363e740ef16587b7c45e685b7a8b7b8c3a7fe83d8e2d81ec86fd7e55d46688fc9002f2abf917062e5d10bf593a4ed80fa891057c8e360efe5cbec03c562cb9d947353cbda57383bf90c471f05e04745ba51b61ab347d04539f43408c3b5a998f71f36dec641fe6e4bb91367ec7d8d6cd3cb730803573b4cad5304ef7c60faa1c3105cea24f4fa65cedec131a814a9ba90d0830eedf9ddb4142bbf83a0609697199eebf1dc85bb5b8a9acc4617788589361d32caa0fa4776f37e11e3081bb3a4f88fdcc86a74d14c66276fe779f36475c902c395901f979a18d1740ac8bd56dcf56365fce544a8e0f7385dbd9e0c45dc93454ede05e8c069fddafd933d661e60f7c05b9efeaf601866eaa31393cad3e77d43401749ddd0690b68f6e785f4fea3dd4e68152ae269a16661f9b64549b974a415d1adc6f63a600d4af9e59473ed15c24bdef127428bf81f86fd4d7e0c0cf2ec29cf90351572e73a557a781322d729e29caddf5b8e49e3e5e27d111cc77c652a9da5d5ecf11ed6ea37b8e4e65ea499f9d084a89054761f46c778d60ef66a235414904a92a566aa9781177dc79aa727ee91aae76fc6f42f68e712db2052fd890ced01237bef531699f640fccef7c76c00d43c0d641be019298f2d18b02e230f1fa97be1ea1a3e9c7b7354d4753a7c5a16cc11efbb8b1ed27fedd9a09dcd4a16e496edb18495473bbc65d00696d572e0168d726d4551b72d6ddaebefa8ffe8eb8ea74e7628d18aac4eefe906217f2f714853834bdcb9098e5aea133787bdf89bd823977e085f00ce42841c2aae50c2d25003fc29cdef9ff63a86ff56a6bf5e4079b99cbe177fcdf83df61cb4f625c4c09adabda8730d343b47123ac7ce8bb2a02a11b76d60cbf12fb4e1d810b5fa4866fe3af57eb95de0f4a2c64b8e47b1ec490d4dac6f0fd8807f1b8de68ec6464c14850a2f5392726a657cb752a9ce1862eaa09edb99eb3361339e47256061296e353fe88c5f0f48adcfd1448ff5147ab72bf079aee5cd5db9a99a7c6dce61026e71bee7eac0c53d59e8b3df92b859dbb7de42c83b06f5351bc185f8f2bdee7576e6997d3c33e1292356803417518eabdc1c4ab9ce48d8225a7a6b6ff345ece2169e1d44ddc265d31d65a1fe424cde95c06ba38db2eaa1b3885c24d4ae406890859a00b6b897a143dd9a9be11701ad56d8c8fea930175980ccc1ca92bba2ead93e07f6e0edaa83217aa6db93c9c0d69bf7e8c95134eda2a9e4c9921f02ffe88adcbeaa9d30d8800187f056c5fb4748ab727c1f985d03e7fa6e32eb82cfd8bc74f3bdee3f9cbbeff224d7be84dc4ec3b18bc09ff618db548ac339284e54aa5479056a25060943ad1e0a8b163af504cbff63421b22559d6bc6c512ea6efa65d205998e16382283dc1bf253937b01166eb5787db87660c0cfcb978d3cc87fed5b0f426275d3efa8ce8fdc43b02793da2db569a65f809007543426ac636d354add7dfef2a630facb07dfe9b68b4fabf0aa08d22fb79c71f2876fdc3fe262f0e69e0bf3bf5809fe8069257e8de47f22cec88632ae148e15647946be3f03acd8481528e84c805b75c1dccd43830a662582d24ff9a826a427b94a3b0f11d96601e5925ecc91946b0984b078503e0a13c88a5d795fa7ac30ce93b477b238cd4092ff7ef9a6ac04f9f8753ef352af50755168119a56437f840e9612cdc17a4f93d3f2fbfd1d61bd40a14730d11238d0bab527f2526597f093070d0a7653660f3c011564691f3ff69e20ec73b0cb9df84b60d11760263735f799465cef870607ac1246f7c38fcdf9f301417ddadc2fc37a8ae59805038beaa98edbdf9f5001f3f7f0e36259b584a9ff6c5526c818c1798432f91e09fc1803d40feec71725122dc7cc7badc5eb67bed50382da58d53632718258c51e1886745d74624ee8ce43ad416908b97f1ccb8e020afedaada0438432a060e8bc6477cfa0d5ba13ca21ea93fbfe977e0e3ab0360aff422bae21c21c61bc3dc895f4ef8c0ad03860aada0eab0e087efa87e34e9269c2d4a3fbdad61fc214dd463c091b28e8265e3c38e53373b577a643e1a2d6e2e477fa1057ede21fb0d29a292780a06f4afde814002b6400e260b1a8fabed0fe20de12fdd4ddcd9863a2f065b6c04d1feb11b1f7c5fda211b17a5a4f2ffa66e15c3c95281ef91a952ae8e6bad9b57fea63f476ddf5cbe4694b662524de66eb49346f5f02b0379ed8f2d41b250d0f340f7cc28b96330778632cf2bb69b9926c055ed352413cfb14bafc57a8bf6dfd7f4fdc9a7d2939e9754d86b5b905387b5dd141cb7354f529c90eb52152bf34cec8cc380aed1e924a124a06d6a68d6df7de9bf699aa170af0f47203d83e89e0ff215e420eaeaa3593a23b41e04a1237b8c3b8123d7e5ce60f4355594d1c2bd2cff8677aa6532019cdb79363452f337bcedb5b12905cf253e22f7e82d7411c55d74525bf761c5529dcae6a7ffeecbdf1b1de19cee2aa18e2a3efebb32b3e023bea2dca94ccd30ce65a0cb0eb030365b71ed1d7762e9136066c006fd32bb9ee2312f6540ebde9d5d96639eba753b9a16ff1a7c25ffbe519e4f2c65abcb1655125f3cb44687455ed339cbb4fa480dc5685ee26a425b3f8732f796467fa230a677c008a3f852ccd45427e68ef972c1b134a43958453687516b805b904ad98b9a0f62bddb786c67572b14a40912776aae6e22ddcd5df40756e264497596de3436089860ba2abd550c14c1d1ecc3e7f86046546ae0661c4e9078f7bc613cdaab5583ace3d212c748c671b39bc94ce61f68b48ae5dfa62698100c06d51fa33d43dde913827fefb5", 0x4})
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
r7 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r7, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x5, 0x1, 0x8000000004007, 0xac, 0x3, 0x4, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xc000, 0x0, 0xee00, 0x0, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0)

11m2.324312736s ago: executing program 0 (id=61):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
r0 = socket$rxrpc(0x21, 0x2, 0x2)
setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x1, 0xfffffffffffffffe, 0x11)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
syz_usb_connect(0x2, 0x36, &(0x7f0000001580)=ANY=[@ANYBLOB="12010000022fb040d80408fdb159000000010902240001080010000904b109020a"], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
r2 = socket(0x2a, 0x5, 0x1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)=ANY=[@ANYRES32=r0, @ANYRES8=r2], 0x50)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0x4)
creat(&(0x7f0000000040)='./file0\x00', 0x4b)
r3 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r3, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
setsockopt$sock_int(r3, 0x1, 0x4b, &(0x7f0000000040)=0xfd87, 0x4)
sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000000)={'batadv_slave_1\x00', 0x500})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000080"], 0x0}, 0x94)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000080)={'ipvlan0\x00', 0x600})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000040)={{0x0, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_STOP(0xffffffffffffffff, 0x54a1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r5, 0xffffffff80000900, 0x0, 0x0)

10m49.642006071s ago: executing program 2 (id=89):
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(0xffffffffffffffff, 0x40044160, 0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000019580)={0x1, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000007911a800b8000000950000000000"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000080), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r1 = socket$kcm(0xa, 0x1, 0x106)
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, &(0x7f0000019340)={0x0, &(0x7f0000019300)="11822e0afc36f8a6e5c847795a3f2ea32b", 0x11})
sendmsg$kcm(r1, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4e23, 0xfac, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefce)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110c230000)
mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000002)
getpid()
syz_open_dev$media(&(0x7f0000000300), 0x3, 0x80800)
r2 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, &(0x7f00000002c0)={0x80000000, 0x0, &(0x7f0000002c40)=[{{}, {<r3=>0x80000000}}]})
ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, &(0x7f0000019380)={r3, 0x0, &(0x7f0000019440)=[{{}, {<r4=>0x80000000}}, {{}, {0x80000000, <r5=>0x0}}]})
ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, &(0x7f0000000280)={r4, 0x0, &(0x7f0000000080)})
r6 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r6, 0xc0287c02, &(0x7f00000002c0)={0x80000000, 0x0, &(0x7f0000002c40)=[{{}, {0x80000000, <r7=>0x0}}]})
sendmsg$ETHTOOL_MSG_FEATURES_GET(0xffffffffffffffff, &(0x7f0000019bc0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000019b80)={&(0x7f00000198c0)=ANY=[@ANYBLOB="a4020000", @ANYRES16=0x0, @ANYBLOB="100028bd7000fbdbdf250b0000000c0001800800030002000000740001801400020070696d726567000000000000000000001400020076657468315f746f5f7465616d0000001400020062726964676530000000000000000000080003000100000008000100", @ANYRES32=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYBLOB="14000200687372300000000000000000000000006c0001801400020076657468305f746f5f626174f778fce5616476001400020076657468305f746f5f68737200000000140002006261746164765f736c6176655f30000008000300020000001400020076657468305f6d6163767461700000000800030000000000", @ANYRES32=0x0, @ANYBLOB="4000018014000200697036677265300000000000000000001400020067656e6576653100000000000000000014000200677265300000000000000000000000007c000180140002006272696467655f736c6176655f31000008000300000000000800030001000000140002006970366772653000000000000000000008000100", @ANYRES64=r7, @ANYBLOB="1400020076657468315f766c616e00000000000008000300000000000800030001000000140002006d61637365633000000000000000000064000180080003000200000008000100", @ANYRES32=0x0, @ANYBLOB="08000300020000001400020064766d7270310000000000000000000008000100", @ANYRES64=r5, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1400020074756e6c300000000000000000000000080003000300000008000100", @ANYRES32, @ANYBLOB], 0x2a4}, 0x1, 0x0, 0x0, 0x24000040}, 0xaf3823ec0b9413d1)
gettid()

10m46.826315178s ago: executing program 32 (id=61):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
r0 = socket$rxrpc(0x21, 0x2, 0x2)
setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x1, 0xfffffffffffffffe, 0x11)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
syz_usb_connect(0x2, 0x36, &(0x7f0000001580)=ANY=[@ANYBLOB="12010000022fb040d80408fdb159000000010902240001080010000904b109020a"], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
r2 = socket(0x2a, 0x5, 0x1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)=ANY=[@ANYRES32=r0, @ANYRES8=r2], 0x50)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0x4)
creat(&(0x7f0000000040)='./file0\x00', 0x4b)
r3 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r3, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
setsockopt$sock_int(r3, 0x1, 0x4b, &(0x7f0000000040)=0xfd87, 0x4)
sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000000)={'batadv_slave_1\x00', 0x500})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000080"], 0x0}, 0x94)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000080)={'ipvlan0\x00', 0x600})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000040)={{0x0, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_STOP(0xffffffffffffffff, 0x54a1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r5, 0xffffffff80000900, 0x0, 0x0)

10m45.684300089s ago: executing program 2 (id=96):
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x50}]}, &(0x7f0000000080)='syzkaller\x00', 0x4}, 0x94)

10m44.556593109s ago: executing program 2 (id=100):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = getpid()
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r4, 0x0, 0x0)
syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x3, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "ffb00afe4e70"}}}}}}}, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x99c822, &(0x7f0000000000)=ANY=[@ANYBLOB='grpquota'])
pipe(0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xb, 0x100, 0x1108, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x50)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000002c0)={0xffffffff, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r5, 0x402c5342, &(0x7f0000000040)={0x0, 0x7a124, 0x60, {0x0, 0x100}})

10m43.039472556s ago: executing program 2 (id=103):
r0 = syz_io_uring_setup(0x835, &(0x7f0000000400)={0x0, 0x679d, 0x400, 0x2000006, 0x3ce}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x2400c893, 0x1})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)
r4 = syz_open_procfs(0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, 0x0)
socket(0x400000000010, 0x3, 0x0)

10m40.390030854s ago: executing program 2 (id=111):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000840)=ANY=[@ANYBLOB="280000001e00431b0000"], 0x28}}, 0x400c110)

10m38.163519925s ago: executing program 2 (id=113):
recvmsg(0xffffffffffffffff, 0x0, 0x40000002)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x841, 0x1)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f0000000380)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x1, 0x3}, 0x0)
sendto$inet6(r1, &(0x7f0000000200)="b9f7961633865c0da9cd61a891685a55c1f68c6e8d2012cb1355a7f77aac29b8f185ba8bd591dc3cee54f5e46c638abd9f756e0c751878f3f616feb45dd649cdb61baecd1007", 0x46, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
recvmmsg(r1, &(0x7f0000007900), 0x847, 0x10162, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r2, r2, 0x0, 0x200000)

10m22.995377716s ago: executing program 33 (id=113):
recvmsg(0xffffffffffffffff, 0x0, 0x40000002)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x841, 0x1)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f0000000380)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x1, 0x3}, 0x0)
sendto$inet6(r1, &(0x7f0000000200)="b9f7961633865c0da9cd61a891685a55c1f68c6e8d2012cb1355a7f77aac29b8f185ba8bd591dc3cee54f5e46c638abd9f756e0c751878f3f616feb45dd649cdb61baecd1007", 0x46, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
recvmmsg(r1, &(0x7f0000007900), 0x847, 0x10162, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r2, r2, 0x0, 0x200000)

6m8.434639658s ago: executing program 6 (id=754):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x240300, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000100)={{0x1, 0x1, 0x18}, './file1\x00'})
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x80098, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x101040, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x4000800)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000140)=@o_path={&(0x7f0000000300)='./file0\x00', 0x0, 0xc000}, 0x18)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmmsg$sock(r2, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r2, 0x1)
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
renameat2(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000840)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3)
r3 = socket(0xa, 0x3, 0x3a)
r4 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000003c0)={'bridge0\x00', <r5=>0x0})
setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000240)={0x4, 0x0, 0x0, r5}, 0xc)
setsockopt$MRT6_INIT(r3, 0x29, 0xc8, 0x0, 0x0)
setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000100)={0x0, 0x1, 0x2, r5}, 0xc)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f00000000c0)={r3})
setsockopt$MRT6_FLUSH(r3, 0x29, 0xd4, &(0x7f0000000000)=0xb, 0x4)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)

6m2.060192184s ago: executing program 6 (id=772):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800)
recvmmsg(r0, &(0x7f0000007700), 0x318, 0xfc0, 0x0)

6m1.37003252s ago: executing program 6 (id=774):
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @private0, @mcast2, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x9e966e64318092aa, 0x0)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000800)=0x8000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
bind$unix(r4, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e)

6m0.245133594s ago: executing program 6 (id=776):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newtaction={0x78, 0x30, 0x1, 0x0, 0x2, {}, [{0x64, 0x1, [@m_tunnel_key={0x60, 0x1, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0xbabd, 0x81, 0x5, 0x1, 0xfff}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @empty}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @remote}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x4040800}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)=ANY=[@ANYBLOB="240000000d0a0108004c0000000000000a00fe000900010073797a310500000004000380"], 0x24}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
r3 = epoll_create1(0x0)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20002017})
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYRES64=r0, @ANYRES64=r0], 0x24}, 0x1, 0x0, 0x0, 0x844}, 0x40)

5m59.093394041s ago: executing program 6 (id=778):
r0 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_control(r0, 0x0, 0x0)
write$6lowpan_control(r0, &(0x7f0000000300)='connect aa:aa:aa:aa:aa:11 1', 0x1b)

5m57.879046038s ago: executing program 6 (id=783):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2003, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r2, 0x0, 0x18, 0x0, 0x0)
setsockopt$sock_int(r2, 0x1, 0x1d, &(0x7f0000000040)=0xfffffc00, 0x4)
sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee7, 0x8031, 0xffffffffffffffff, 0x4af8a000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x4, 0x8, &(0x7f00000002c0)='\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
syz_open_dev$vcsa(&(0x7f0000000080), 0x1, 0x40402)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

5m42.449188335s ago: executing program 34 (id=783):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2003, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r2, 0x0, 0x18, 0x0, 0x0)
setsockopt$sock_int(r2, 0x1, 0x1d, &(0x7f0000000040)=0xfffffc00, 0x4)
sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee7, 0x8031, 0xffffffffffffffff, 0x4af8a000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x4, 0x8, &(0x7f00000002c0)='\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
syz_open_dev$vcsa(&(0x7f0000000080), 0x1, 0x40402)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

4m16.653903027s ago: executing program 1 (id=1028):
pipe(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}})
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffff8000, 0x0)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="0e00"], 0xe)

4m16.427421573s ago: executing program 1 (id=1032):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x28, r1, 0x5, 0x0, 0x1fffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_RANN_INTERVAL={0x6, 0x10, 0x9}]}]}, 0x28}}, 0x0)

4m16.08218845s ago: executing program 1 (id=1034):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0)
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r6=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r5, &(0x7f0000000100)={0x7, 0x8, 0xfa00, {r6, 0x4734}}, 0x10)
close_range(r5, r5, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}]}, 0x58}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)

4m14.385787249s ago: executing program 1 (id=1038):
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x2}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000000c0), 0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[], 0x60}}, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000700)={{0x7, 0x5, 0x2, 0x0, '\x00', 0x4}, 0x6, 0x2, 0x9, 0x0, 0x1, 0x31e, 'syz0\x00', &(0x7f0000000100)=[')(,(:-\x00'], 0x7})
tkill(0x0, 0xb)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, 0x0, 0x8, 0x120052, 0xffffffffffffffff, 0x0)

4m13.49643895s ago: executing program 1 (id=1041):
socket$kcm(0x10, 0x400000002, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000003c0)='net/xfrm_stat\x00')
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, 0x0, 0x0)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x1}, 0x10)
openat(0xffffffffffffff9c, 0x0, 0x80042, 0x50)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$xdp(0x2c, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
syz_emit_ethernet(0xa2, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)=""/234, 0xea}], 0x1, 0xfff, 0x8)

4m11.041207533s ago: executing program 1 (id=1047):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(0x0, 0x0)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="38000000031401002dbd700200000025090002007379fb0000000000080041007278650014003300626f6e645f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x24000811}, 0x0)
r6 = syz_open_dev$vivid(&(0x7f0000002680), 0x2, 0x2)
ioctl$VIDIOC_ENUM_FMT(r6, 0xc0405602, 0x0)
r7 = socket$kcm(0x2, 0x3, 0x2)
recvmsg$kcm(r7, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x18000)
r8 = socket$kcm(0x10, 0x2, 0x4)
close(r7)
sendmsg$kcm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000150097f87059ae08060c040002ff0f020000000000000187ac1414aaa69d35a2cca84708f7abca1bac1414aabd7c493872f750375ed08a560400000003c48f93b82a03000000461e", 0x4c}], 0x1}, 0x30000000)
ioctl$TIOCSTI(r4, 0x5412, 0x0)
ioctl$SNDRV_PCM_IOCTL_LINK(0xffffffffffffffff, 0x40044160, &(0x7f0000000200)=0xfffffffe)
r9 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r9, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
socket$kcm(0x29, 0x5, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3m55.817001854s ago: executing program 35 (id=1047):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(0x0, 0x0)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="38000000031401002dbd700200000025090002007379fb0000000000080041007278650014003300626f6e645f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x24000811}, 0x0)
r6 = syz_open_dev$vivid(&(0x7f0000002680), 0x2, 0x2)
ioctl$VIDIOC_ENUM_FMT(r6, 0xc0405602, 0x0)
r7 = socket$kcm(0x2, 0x3, 0x2)
recvmsg$kcm(r7, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x18000)
r8 = socket$kcm(0x10, 0x2, 0x4)
close(r7)
sendmsg$kcm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000150097f87059ae08060c040002ff0f020000000000000187ac1414aaa69d35a2cca84708f7abca1bac1414aabd7c493872f750375ed08a560400000003c48f93b82a03000000461e", 0x4c}], 0x1}, 0x30000000)
ioctl$TIOCSTI(r4, 0x5412, 0x0)
ioctl$SNDRV_PCM_IOCTL_LINK(0xffffffffffffffff, 0x40044160, &(0x7f0000000200)=0xfffffffe)
r9 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r9, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
socket$kcm(0x29, 0x5, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

10.93715836s ago: executing program 8 (id=1704):
ioprio_set$pid(0x2, 0x0, 0x0)
pipe(0x0)
io_setup(0x3ff, &(0x7f0000000500)=<r0=>0x0)
io_submit(r0, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x7f000000, 0x1, 0x0, 0xffffffffffffffff, 0x0}])

9.881568976s ago: executing program 3 (id=1712):
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x1000000000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001080)={0xf, {"6852ad21e0fd02661b37090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f36006e090890e0878f0efcc5e7049b3b612c416b23240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d077202b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d020000001c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b4a5f3090000000000000075271b060029d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841040014f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f33491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c24ffffffffffffff7fb70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bed0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f643577590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4ed134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146784078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34a1c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e2bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9b05000bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48ca2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889bce3076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b7da2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a35595f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e205ef4a7c43b42aae501b20f7694a035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d558ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427bf6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd6700800000082ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39dd2ea9762639ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769777c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd133d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359deea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e150600d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b2c2fc5d5f0da42c0456ec015f08e5247d33ae2d35623ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e938ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a893664ac70297dc8d62700000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d902952b72c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dc2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec0300068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8075ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b67804cfa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000f700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044dd0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x1000}}, 0x1006)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_open_dev$radio(0x0, 0x1, 0x2)
ioctl$VIDIOC_G_MODULATOR(r2, 0xc0445636, 0x0)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r4, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)

9.766515061s ago: executing program 8 (id=1715):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = getpid()
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r4, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x80, 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x99c822, &(0x7f0000000000)=ANY=[@ANYBLOB='grpquota'])
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xb, 0x100, 0x1108, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000002c0)={0xffffffff, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r5, 0x402c5342, &(0x7f0000000040)={0x0, 0x7a124, 0x60, {0x0, 0x100}})

8.50472611s ago: executing program 3 (id=1717):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
mkdir(&(0x7f00000020c0)='./file0\x00', 0x82)
r0 = open(0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
renameat2(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000300)='./file0\x00', 0x2)

7.623767008s ago: executing program 3 (id=1720):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x42, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, r3}, 0x18)
socket$inet6(0xa, 0x80002, 0x0)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r4, &(0x7f0000000200)=[{{&(0x7f0000000000)={0xa, 0x0, 0x4000000, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1}}, {{&(0x7f0000000080)={0xa, 0x4e24, 0x88, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x1c, 0x0}}], 0x2, 0x6000010)
shutdown(r4, 0x1)
setsockopt$inet_sctp6_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f00000017c0)={0x0, 0x0, 0x10001, 0x9}, 0x10)

7.148127636s ago: executing program 8 (id=1721):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}}, 0x0)

7.033813309s ago: executing program 4 (id=1723):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
mount$9p_rdma(&(0x7f00000013c0), &(0x7f0000001400)='.\x00', &(0x7f0000001440), 0x800, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e'])

6.85558628s ago: executing program 5 (id=1724):
sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="200000005f0001"], 0x20}], 0x1}, 0x0)

6.013367196s ago: executing program 8 (id=1726):
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, 0x0)

5.97092988s ago: executing program 5 (id=1727):
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(0xffffffffffffffff, 0x40044160, 0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000019580)={0x1, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000007911a800b8"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000080), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r1 = socket$kcm(0xa, 0x1, 0x106)
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, &(0x7f0000019340)={0x0, 0x0})
sendmsg$kcm(r1, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4e23, 0xfac, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefce)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110c230000)
syz_open_dev$media(&(0x7f0000000300), 0x3, 0x80800)
ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc0287c02, &(0x7f0000000280)={0x80000000, 0x0, &(0x7f0000000080)})
ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc0287c02, &(0x7f00000002c0)={0x80000000, 0x0, &(0x7f0000002c40)=[{{}, {<r2=>0x80000000, <r3=>0x0}}]})
ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc0287c02, &(0x7f0000000400)={r2, &(0x7f00000007c0), &(0x7f0000000100)})
sendmsg$ETHTOOL_MSG_FEATURES_GET(0xffffffffffffffff, &(0x7f0000019bc0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000019b80)={&(0x7f00000198c0)=ANY=[@ANYBLOB="a4020000", @ANYRES16=0x0, @ANYBLOB="100028bd7000fbdbdf250b0000000c0001800800030002000000740001801400020070696d726567000000000000000000001400020076657468315f746f5f7465616d0000001400020062726964676530000000000000000000080003000100000008000100", @ANYRES32=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYBLOB="14000200687372300000000000000000000000006c0001801400020076657468305f746f5f626174f778fce5616476001400020076657468305f746f5f68737200000000140002006261746164765f736c6176655f30000008000300020000001400020076657468305f6d6163767461700000000800030000000000", @ANYRES32=0x0, @ANYBLOB="4000018014000200697036677265300000000000000000001400020067656e6576653100000000000000000014000200677265300000000000000000000000007c000180140002006272696467655f736c6176655f31000008000300000000000800030001000000140002006970366772653000000000000000000008000100", @ANYRES64=r3, @ANYBLOB="1400020076657468315f766c616e00000000000008000300000000000800030001000000140002006d61637365633000000000000000000064000180080003000200000008000100", @ANYRES32=0x0, @ANYBLOB="08000300020000001400020064766d7270310000000000000000000008000100", @ANYRES64, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1400020074756e6c300000000000000000000000080003000300000008000100", @ANYRES32, @ANYBLOB], 0x2a4}, 0x1, 0x0, 0x0, 0x24000040}, 0xaf3823ec0b9413d1)
gettid()

5.298555507s ago: executing program 4 (id=1729):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\a\x00\x00B\x00'], 0xfe33)
recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001840)=""/4074, 0xfea}, {&(0x7f0000003540)=""/4130, 0x1022}], 0x2}, 0x102)

5.237397961s ago: executing program 8 (id=1730):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
mkdir(&(0x7f00000020c0)='./file0\x00', 0x82)
r0 = open(&(0x7f0000000540)='.\x00', 0x0, 0x0)
r1 = open(0x0, 0x0, 0x0)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
renameat2(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000300)='./file0\x00', 0x2)

5.160160956s ago: executing program 7 (id=1731):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x589b}, 0x50)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x2, 0x201)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x2, 0x0, 0x0, 0xe, 0x2}, @volatile={0x0, 0x0, 0x0, 0x2}]}, {0x0, [0x0, 0x2e]}}, 0x0, 0x38}, 0x20)

5.149151048s ago: executing program 8 (id=1732):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000580)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xffffffff, 0x0, 0xfffffffffffffffc, 0xdc, 0xfffffffffffffffe, 0xff7feffc}, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=ANY=[@ANYBLOB="600000000206010800000000000000100100000a12000300686173683a2b6e65742c706f72740000000900020073797a3000000003000000000790fc00000004000000a4a105000500020000001400ff7f08000840000000df88000085fec0e0778e9935348f57faf8164352807280a593c2ab7a440617d0f71a2343a98533478919a867026e4eb39323872afffdc7d28806ef520facbd91495ec78693c34f96df0a"], 0x60}, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x8000)
r6 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, <r7=>0xffffffffffffffff})
r8 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
pidfd_send_signal(r8, 0x0, &(0x7f0000000300)={0x0, 0x1, 0xfffffffa}, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, [<r9=>0x0], [], [], [0x0, 0x3, 0x400000006]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r7, 0xc00c642d, &(0x7f0000000180)={r9})
r10 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101010000005e1affd5020000000900010073797a300000000008000240000000032c000000030a0103000e97e306e9cf91ed0000000900010073797a30000000000900030073797a3200000000000000000000001ef155ad67991c9c0b47bacf8240c98e"], 0x7c}}, 0x0)
ioctl$EVIOCSFF(r10, 0x40304580, &(0x7f0000000b40)={0x56, 0x0, 0x4007, {0x0, 0x1}, {0x46, 0x400}, @rumble={0xdd, 0x5}})

4.076824412s ago: executing program 7 (id=1733):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)=ANY=[@ANYBLOB="240000000d0a0108004c0000000000000a00fe000900010073797a310500000004000380"], 0x24}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
r2 = epoll_create1(0x0)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20002017})
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYRES64=r0, @ANYRES64=r0], 0x24}, 0x1, 0x0, 0x0, 0x844}, 0x40)

4.068533239s ago: executing program 4 (id=1734):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207)
mount(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000180)='qnx4\x00', 0x0, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0))
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f00000003c0)=@file={0x1, './file2\x00'}, 0x6e)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc22, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
r3 = fcntl$dupfd(r1, 0x406, r1)
sendmsg$AUDIT_DEL_RULE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[], 0x420}, 0x1, 0x0, 0x0, 0x4810}, 0x400c890)
syz_genetlink_get_family_id$devlink(&(0x7f00000012c0), r3)
r4 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_TTY(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="1000000064523e8c83dbcb6407a413af773aeac1c37ba301"], 0x10}, 0x1, 0x0, 0x0, 0x4040001}, 0x0)
r5 = dup(r0)
ioctl$TIOCL_BLANKSCREEN(r5, 0x541c, &(0x7f0000000040))
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})

3.493063628s ago: executing program 5 (id=1735):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWSET={0x40, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x68}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)

2.811607626s ago: executing program 5 (id=1736):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x100080, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000480))
request_key(&(0x7f0000000080)='big_key\x00', &(0x7f0000000180)={'syz', 0x0}, 0x0, r4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x40000d0)
socket$packet(0x11, 0x3, 0x300)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x100}, 'syz1\x00'})
syz_emit_ethernet(0x2a, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa4aa468739b850806000108e006040001aaaaaaf55bca3e01010057330377ba25ac1414ff"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)

2.784859441s ago: executing program 7 (id=1737):
sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="200000005f0001"], 0x20}], 0x1}, 0x0)

1.775015405s ago: executing program 3 (id=1738):
ioprio_set$pid(0x2, 0x0, 0x0)
pipe(0x0)
io_setup(0x3ff, &(0x7f0000000500)=<r0=>0x0)
io_submit(r0, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x7f000000, 0x1, 0x0, 0xffffffffffffffff, 0x0}])

1.737091566s ago: executing program 5 (id=1739):
r0 = socket$inet(0x2, 0x4000000000000001, 0x6)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = fcntl$dupfd(r0, 0x406, r0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='hybla', 0x5)
write$binfmt_elf32(r1, &(0x7f0000000e00)=ANY=[], 0x958)
shutdown(r0, 0x1)

1.7141627s ago: executing program 4 (id=1740):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
mount$9p_rdma(&(0x7f00000013c0), &(0x7f0000001400)='.\x00', &(0x7f0000001440), 0x800, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e'])

1.675629797s ago: executing program 7 (id=1741):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='contention_begin\x00', r0}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
landlock_create_ruleset(&(0x7f0000000080)={0x8000}, 0x18, 0x0)
socket$rds(0x15, 0x5, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000500)={'ip6tnl0\x00', 0x0, 0x4, 0x0, 0x0, 0xcbf, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x8000, 0x8, 0x4, 0xd66}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000800)={'syztnl2\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x4, 0x5, 0x2, 0x4038a09, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2={0xff, 0x5}, 0x40, 0x40, 0x0, 0x5}})
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r2 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r3, 0x1, 0x0, 0x200004, {0x2, 0x2, 0x2}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}]}, 0x2c}, 0x1, 0x40030000000000, 0x0, 0x800}, 0x80)
sendmsg$SMC_PNETID_DEL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x1c, r3, 0x2, 0x70bd2c, 0x25dfdbff, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000c0d1}, 0xc008060)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0x23}, @printk={@d, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x17}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xe, 0x0, &(0x7f0000000300)="0101000071a78326c799dbe888a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000040)=0x1)
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000080)=0x2)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000480)={0x34, r1, 0x1, 0x70bd27, 0x5, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x0)

1.38968071s ago: executing program 4 (id=1742):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
mkdir(&(0x7f00000020c0)='./file0\x00', 0x82)
r0 = open(&(0x7f0000000540)='.\x00', 0x0, 0x0)
r1 = open(0x0, 0x0, 0x0)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
renameat2(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000300)='./file0\x00', 0x2)

1.299257022s ago: executing program 4 (id=1743):
r0 = landlock_create_ruleset(&(0x7f0000000180)={0x2000, 0x0, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0xb, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
mq_open(&(0x7f0000000780)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x136, 0x0)

1.291569528s ago: executing program 3 (id=1744):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x30, 0x2, {{0x1ff, 0x3, 0x635e, 0x5, 0xfffdfffd, 0x40006}, [@TCA_NETEM_DELAY_DIST={0x8, 0x2, "a39ed757"}, @TCA_NETEM_LATENCY64={0xc, 0xa, 0x7}]}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000001}, 0x20040004)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0x2, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x5}}]}, 0x38}, 0x1, 0x0, 0x0, 0x61}, 0x4010004)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

1.208707979s ago: executing program 5 (id=1745):
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(0xffffffffffffffff, 0x40044160, 0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000019580)={0x1, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000007911a800b8"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000080), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r1 = socket$kcm(0xa, 0x1, 0x106)
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, &(0x7f0000019340)={0x0, 0x0})
sendmsg$kcm(r1, 0x0, 0xe07e872420dfefce)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110c230000)
syz_open_dev$media(&(0x7f0000000300), 0x3, 0x80800)
ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc0287c02, &(0x7f0000000280)={0x80000000, 0x0, &(0x7f0000000080)})
ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc0287c02, &(0x7f00000002c0)={0x80000000, 0x0, &(0x7f0000002c40)=[{{}, {<r2=>0x80000000, <r3=>0x0}}]})
ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc0287c02, &(0x7f0000000400)={r2, &(0x7f00000007c0), &(0x7f0000000100)})
sendmsg$ETHTOOL_MSG_FEATURES_GET(0xffffffffffffffff, &(0x7f0000019bc0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000019b80)={&(0x7f00000198c0)=ANY=[@ANYBLOB="a4020000", @ANYRES16=0x0, @ANYBLOB="100028bd7000fbdbdf250b0000000c0001800800030002000000740001801400020070696d726567000000000000000000001400020076657468315f746f5f7465616d0000001400020062726964676530000000000000000000080003000100000008000100", @ANYRES32=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYBLOB="14000200687372300000000000000000000000006c0001801400020076657468305f746f5f626174f778fce5616476001400020076657468305f746f5f68737200000000140002006261746164765f736c6176655f30000008000300020000001400020076657468305f6d6163767461700000000800030000000000", @ANYRES32=0x0, @ANYBLOB="4000018014000200697036677265300000000000000000001400020067656e6576653100000000000000000014000200677265300000000000000000000000007c000180140002006272696467655f736c6176655f31000008000300000000000800030001000000140002006970366772653000000000000000000008000100", @ANYRES64=r3, @ANYBLOB="1400020076657468315f766c616e00000000000008000300000000000800030001000000140002006d61637365633000000000000000000064000180080003000200000008000100", @ANYRES32=0x0, @ANYBLOB="08000300020000001400020064766d7270310000000000000000000008000100", @ANYRES64, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1400020074756e6c300000000000000000000000080003000300000008000100", @ANYRES32, @ANYBLOB], 0x2a4}, 0x1, 0x0, 0x0, 0x24000040}, 0xaf3823ec0b9413d1)
gettid()

1.189992004s ago: executing program 7 (id=1746):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
fallocate(0xffffffffffffffff, 0x3, 0xf00, 0x10000)

529.148571ms ago: executing program 7 (id=1747):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)=ANY=[@ANYBLOB="240000000d0a0108004c0000000000000a00fe000900010073797a310500000004000380"], 0x24}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
r2 = epoll_create1(0x0)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20002017})
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYRES64=r0, @ANYRES64=r0], 0x24}, 0x1, 0x0, 0x0, 0x844}, 0x40)

0s ago: executing program 3 (id=1748):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)

kernel console output (not intermixed with test programs):

face: batadv_slave_1
[   87.903560][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   87.930206][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.947226][ T5827] hsr_slave_0: entered promiscuous mode
[   87.953892][ T5827] hsr_slave_1: entered promiscuous mode
[   87.960612][ T5827] debugfs: 'hsr0' already exists in 'hsr'
[   87.967206][ T5827] Cannot create hsr debugfs directory
[   88.019620][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.026682][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   88.052737][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.071858][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.079426][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   88.109958][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.140387][ T5829] hsr_slave_0: entered promiscuous mode
[   88.147150][ T5829] hsr_slave_1: entered promiscuous mode
[   88.153435][ T5829] debugfs: 'hsr0' already exists in 'hsr'
[   88.159292][ T5829] Cannot create hsr debugfs directory
[   88.368044][ T5824] hsr_slave_0: entered promiscuous mode
[   88.384256][ T5824] hsr_slave_1: entered promiscuous mode
[   88.390597][ T5824] debugfs: 'hsr0' already exists in 'hsr'
[   88.397300][ T5824] Cannot create hsr debugfs directory
[   88.428053][ T5825] hsr_slave_0: entered promiscuous mode
[   88.434869][ T5825] hsr_slave_1: entered promiscuous mode
[   88.441098][ T5825] debugfs: 'hsr0' already exists in 'hsr'
[   88.447255][ T5825] Cannot create hsr debugfs directory
[   88.946445][ T5826] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   88.967822][ T5826] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   88.979173][ T5826] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   89.009857][ T5826] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   89.096354][ T5829] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   89.119204][ T5829] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   89.133568][ T5829] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   89.168078][ T5829] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   89.224804][ T5830] Bluetooth: hci2: command tx timeout
[   89.284347][ T5824] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   89.299552][ T5824] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   89.306393][ T5830] Bluetooth: hci3: command tx timeout
[   89.306427][ T5830] Bluetooth: hci0: command tx timeout
[   89.314257][ T5830] Bluetooth: hci4: command tx timeout
[   89.318007][ T5842] Bluetooth: hci1: command tx timeout
[   89.341477][ T5824] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   89.372351][ T5824] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   89.485377][ T5827] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   89.509484][ T5827] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   89.528726][ T5827] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   89.568049][ T5827] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   89.689348][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.706324][ T5825] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   89.721225][ T5825] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   89.735833][ T5825] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   89.748000][ T5825] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   89.820118][ T5826] 8021q: adding VLAN 0 to HW filter on device team0
[   89.855847][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.863139][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.887316][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.898184][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.905365][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.992598][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.014770][ T5829] 8021q: adding VLAN 0 to HW filter on device team0
[   90.052583][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.059818][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.072980][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.080351][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.132577][ T5824] 8021q: adding VLAN 0 to HW filter on device team0
[   90.170256][  T194] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.177545][  T194] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.219344][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.262132][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.269495][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.351412][ T5827] 8021q: adding VLAN 0 to HW filter on device team0
[   90.400423][  T194] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.407716][  T194] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.438671][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.482845][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.490119][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.562418][ T5825] 8021q: adding VLAN 0 to HW filter on device team0
[   90.631079][  T175] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.638545][  T175] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.652085][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.688216][  T175] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.695745][  T175] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.899593][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.961162][ T5826] veth0_vlan: entered promiscuous mode
[   91.018589][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.030955][ T5826] veth1_vlan: entered promiscuous mode
[   91.276632][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.304063][ T5842] Bluetooth: hci2: command tx timeout
[   91.313713][ T5829] veth0_vlan: entered promiscuous mode
[   91.320363][ T5826] veth0_macvtap: entered promiscuous mode
[   91.356031][ T5824] veth0_vlan: entered promiscuous mode
[   91.369258][ T5826] veth1_macvtap: entered promiscuous mode
[   91.386078][ T5842] Bluetooth: hci1: command tx timeout
[   91.389468][ T5837] Bluetooth: hci0: command tx timeout
[   91.391567][ T5842] Bluetooth: hci3: command tx timeout
[   91.401222][ T5830] Bluetooth: hci4: command tx timeout
[   91.441350][ T5829] veth1_vlan: entered promiscuous mode
[   91.453526][ T5824] veth1_vlan: entered promiscuous mode
[   91.496157][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.512378][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.548492][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.594902][ T2117] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.605808][ T2117] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.619753][ T2117] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.648152][ T2117] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.707540][ T5829] veth0_macvtap: entered promiscuous mode
[   91.761324][ T5824] veth0_macvtap: entered promiscuous mode
[   91.775694][ T5829] veth1_macvtap: entered promiscuous mode
[   91.835985][ T5824] veth1_macvtap: entered promiscuous mode
[   91.850003][ T5825] veth0_vlan: entered promiscuous mode
[   91.861775][ T3460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.874630][ T3460] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.882037][ T5825] veth1_vlan: entered promiscuous mode
[   91.934993][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.979797][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.991213][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.999030][ T3460] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.009048][ T3460] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.020407][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.061219][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.072036][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.089849][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.101977][ T5826] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   92.132488][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.156941][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.176392][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.239318][ T5827] veth0_vlan: entered promiscuous mode
[   92.249657][ T5948] Zero length message leads to an empty skb
[   92.258266][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.292579][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.308609][ T5827] veth1_vlan: entered promiscuous mode
[   92.333298][ T5825] veth0_macvtap: entered promiscuous mode
[   92.398971][ T5825] veth1_macvtap: entered promiscuous mode
[   92.474725][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.496498][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.562861][  T194] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.572571][  T194] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.288743][ T5954] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   93.352881][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.384591][ T5830] Bluetooth: hci2: command tx timeout
[   93.460030][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.468689][ T5830] Bluetooth: hci3: command tx timeout
[   93.468734][ T5842] Bluetooth: hci0: command tx timeout
[   93.474271][ T5837] Bluetooth: hci1: command tx timeout
[   93.480680][ T5844] Bluetooth: hci4: command tx timeout
[   93.491443][  T175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.503385][ T1161] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.520514][  T175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.529689][ T1161] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.560353][ T5827] veth0_macvtap: entered promiscuous mode
[   93.573482][ T3460] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.583500][ T3460] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.619459][ T5827] veth1_macvtap: entered promiscuous mode
[   93.641363][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.670443][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.785277][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.851846][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.926996][ T3460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.942916][  T175] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.964194][ T3460] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.015357][ T5969] syz.0.11 uses obsolete (PF_INET,SOCK_PACKET)
[   94.094135][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   94.192683][  T175] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.110019][ T5971] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11'.
[   95.143999][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   95.377932][  T175] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.411474][  T175] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.512407][ T5975] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.568285][ T5975] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.934501][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   95.944023][    T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!!
[   95.952363][    T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!!
[   95.961801][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   95.970874][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   95.979790][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   95.988772][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   96.666723][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   97.285332][  T982] cfg80211: failed to load regulatory.db
[   97.314894][ T2117] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.322924][ T2117] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.780682][ T5998] netlink: 12 bytes leftover after parsing attributes in process `syz.0.16'.
[   98.897475][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.928492][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.660262][ T6056] netlink: 8 bytes leftover after parsing attributes in process `syz.1.28'.
[  104.908685][ T6060] tmpfs: Cannot enable quota on remount
[  105.524488][ T6066] binder: 6064:6066 ioctl c0306201 200000004a40 returned -22
[  107.189742][ T6087] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  109.291370][ T6094] netlink: 36 bytes leftover after parsing attributes in process `syz.4.40'.
[  110.726707][ T6113] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  110.735068][ T6113] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  110.751767][ T6113] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  110.760352][ T6113] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  112.047643][ T6125] binder: 6124:6125 ioctl c0306201 200000004a40 returned -22
[  113.756013][ T6138] Driver unsupported XDP return value 0 on prog  (id 16) dev N/A, expect packet loss!
[  116.429749][ T6164] binder: BINDER_SET_CONTEXT_MGR already set
[  116.487189][ T6167] binder: 6160:6167 ioctl c0306201 200000004a40 returned -22
[  116.672744][ T6164] binder: 6160:6164 ioctl 4018620d 200000004a80 returned -16
[  117.787306][ T6089] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  118.221342][ T6089] usb 1-1: config 8 has an invalid interface number: 177 but max is 0
[  118.234798][ T6089] usb 1-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  118.273769][ T6089] usb 1-1: config 8 has no interface number 0
[  118.293876][ T6089] usb 1-1: config 8 interface 177 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  118.338308][ T6089] usb 1-1: config 8 interface 177 has no altsetting 0
[  118.367683][ T6089] usb 1-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  118.396474][ T6089] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.907743][ T6089] ir_toy 1-1:8.177: required endpoints not found
[  120.229277][ T6198] netlink: 268 bytes leftover after parsing attributes in process `syz.4.67'.
[  122.832858][ T6211] Bluetooth: MGMT ver 1.23
[  123.041541][ T6215] binder: 6212:6215 ioctl c0306201 200000004a40 returned -22
[  128.344762][ T6259] netlink: 12 bytes leftover after parsing attributes in process `syz.3.83'.
[  128.628963][ T6261] block nbd0: shutting down sockets
[  133.874300][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  133.883897][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  133.896040][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  133.918506][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  133.934943][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  134.714705][ T6310] netlink: 12 bytes leftover after parsing attributes in process `syz.1.98'.
[  136.070811][ T5842] Bluetooth: hci5: command tx timeout
[  136.121709][ T6319] netlink: 36 bytes leftover after parsing attributes in process `syz.1.101'.
[  138.082543][ T6296] chnl_net:caif_netlink_parms(): no params data found
[  138.104388][ T5842] Bluetooth: hci5: command tx timeout
[  138.288394][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  138.296155][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  140.194385][ T5842] Bluetooth: hci5: command tx timeout
[  140.666436][ T6362] netlink: 12 bytes leftover after parsing attributes in process `syz.2.111'.
[  142.843736][ T5842] Bluetooth: hci5: command tx timeout
[  143.031485][ T6373] input: syz0 as /devices/virtual/input/input6
[  143.053322][ T6374] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  143.067945][ T6374] Cannot find del_set index 4 as target
[  144.242391][   T43] usb 1-1: USB disconnect, device number 2
[  144.841762][ T2117] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.234144][ T6296] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.263088][ T6296] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.303966][ T6296] bridge_slave_0: entered allmulticast mode
[  145.368917][ T6296] bridge_slave_0: entered promiscuous mode
[  146.264214][   T24] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  146.273789][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout
[  146.307122][ T2117] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.318816][   T24] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  147.898671][ T6296] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.916651][ T6296] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.942212][ T6296] bridge_slave_1: entered allmulticast mode
[  147.974467][ T6296] bridge_slave_1: entered promiscuous mode
[  148.072084][ T6296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  149.864041][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout
[  150.323813][   T24] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  150.330114][   T24] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  150.896717][ T6458] netlink: 4 bytes leftover after parsing attributes in process `syz.4.132'.
[  151.225311][ T2117] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.472150][ T6461] netlink: 8 bytes leftover after parsing attributes in process `syz.3.134'.
[  151.552143][ T6296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  152.384777][ T2117] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.676758][ T6296] team0: Port device team_slave_0 added
[  152.705746][ T6296] team0: Port device team_slave_1 added
[  153.801648][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout
[  153.824121][   T24] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  153.830392][   T24] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  155.177498][ T6296] batman_adv: batadv0: Adding interface: batadv_slave_0
[  155.488205][ T6296] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  156.270635][ T6296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  156.468108][ T6296] batman_adv: batadv0: Adding interface: batadv_slave_1
[  156.519256][ T6296] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  156.593448][ T6296] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  156.610798][ T6501] bridge0: port 3(gretap0) entered blocking state
[  156.619627][ T6501] bridge0: port 3(gretap0) entered disabled state
[  156.630677][ T6501] gretap0: entered allmulticast mode
[  156.652524][ T6501] gretap0: entered promiscuous mode
[  156.833899][ T5842] Bluetooth: hci4: command 0x0c1a tx timeout
[  156.843484][   T24] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  156.892966][   T24] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  156.929306][ T6501] bridge0: port 3(gretap0) entered blocking state
[  156.936073][ T6501] bridge0: port 3(gretap0) entered forwarding state
[  160.125696][ T6296] hsr_slave_0: entered promiscuous mode
[  160.170832][ T6296] hsr_slave_1: entered promiscuous mode
[  160.221285][ T6296] debugfs: 'hsr0' already exists in 'hsr'
[  160.251859][ T6296] Cannot create hsr debugfs directory
[  160.589600][ T2117] bridge_slave_1: left allmulticast mode
[  160.604796][ T2117] bridge_slave_1: left promiscuous mode
[  160.613490][ T2117] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.838666][ T6553] ip6t_srh: unknown srh match flags  4000
[  160.898807][ T2117] bridge_slave_0: left allmulticast mode
[  161.215973][ T2117] bridge_slave_0: left promiscuous mode
[  161.250101][ T2117] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.422157][ T6557] Bluetooth: MGMT ver 1.23
[  162.601223][ T6566] netlink: 12 bytes leftover after parsing attributes in process `syz.4.157'.
[  162.847090][   T43] libceph: connect (1)[c::]:6789 error -101
[  162.869184][   T43] libceph: mon0 (1)[c::]:6789 connect error
[  163.013370][ T2117] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  163.027904][ T2117] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  163.059916][ T2117] bond0 (unregistering): Released all slaves
[  163.178785][   T43] libceph: connect (1)[c::]:6789 error -101
[  163.196085][   T43] libceph: mon0 (1)[c::]:6789 connect error
[  163.262578][ T6568] ceph: No mds server is up or the cluster is laggy
[  167.720415][ T6296] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  167.797677][ T6296] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  167.836605][ T6296] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  167.886021][ T6296] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  167.944682][ T5842] Bluetooth: hci5: command 0x0c1a tx timeout
[  167.945141][   T24] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[  168.036911][   T24] Bluetooth: hci5: Error when powering off device on rfkill (-110)
[  168.162599][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  168.172674][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  168.183224][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  168.191490][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  168.200412][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  168.202553][ T6621] netlink: 'syz.4.169': attribute type 10 has an invalid length.
[  168.233016][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  168.240609][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  168.260931][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  168.270052][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  168.284114][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  168.470769][ T6621] 8021q: adding VLAN 0 to HW filter on device team0
[  168.509154][ T6621] bond0: (slave team0): Enslaving as an active interface with an up link
[  168.636890][ T2117] hsr_slave_0: left promiscuous mode
[  168.653996][ T2117] hsr_slave_1: left promiscuous mode
[  168.670647][ T2117] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  168.690970][ T2117] batman_adv: batadv0: Removing interface: batadv_slave_0
[  168.737888][ T2117] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  168.770006][ T2117] batman_adv: batadv0: Removing interface: batadv_slave_1
[  168.797334][ T6630] netlink: 4 bytes leftover after parsing attributes in process `syz.4.170'.
[  168.851833][ T2117] veth1_macvtap: left promiscuous mode
[  168.879481][ T2117] veth0_macvtap: left promiscuous mode
[  168.898378][ T2117] veth1_vlan: left promiscuous mode
[  168.925641][ T2117] veth0_vlan: left promiscuous mode
[  170.343761][ T5844] Bluetooth: hci2: command tx timeout
[  171.530674][ T6666] process 'syz.1.175' launched './file2' with NULL argv: empty string added
[  172.070500][ T2117] team0 (unregistering): Port device team_slave_1 removed
[  172.115147][ T2117] team0 (unregistering): Port device team_slave_0 removed
[  172.423820][ T5844] Bluetooth: hci2: command tx timeout
[  173.692133][ T6296] 8021q: adding VLAN 0 to HW filter on device bond0
[  174.506771][ T5844] Bluetooth: hci2: command tx timeout
[  174.562600][ T6296] 8021q: adding VLAN 0 to HW filter on device team0
[  174.582092][ T6524] chnl_net:caif_netlink_parms(): no params data found
[  174.615384][   T54] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.622670][   T54] bridge0: port 1(bridge_slave_0) entered forwarding state
[  174.738082][ T6703] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžq
Ó†ØÈÌONEOUT'
[  174.751358][ T6703] ALSA: mixer_oss: invalid index 1374389
[  175.354572][   T54] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.361778][   T54] bridge0: port 2(bridge_slave_1) entered forwarding state
[  175.668145][ T6524] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.694107][ T6524] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.706988][ T6524] bridge_slave_0: entered allmulticast mode
[  175.726267][ T6524] bridge_slave_0: entered promiscuous mode
[  175.824740][ T6524] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.852222][ T6524] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.921960][ T6524] bridge_slave_1: entered allmulticast mode
[  176.072611][ T6524] bridge_slave_1: entered promiscuous mode
[  176.586010][ T5844] Bluetooth: hci2: command tx timeout
[  176.640927][ T6524] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  176.676341][   T43] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  176.701675][ T6524] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  176.787798][ T2117] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.846572][   T43] usb 5-1: config 4 has an invalid interface number: 28 but max is 0
[  176.862276][   T43] usb 5-1: config 4 has no interface number 0
[  176.908415][   T43] usb 5-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a
[  176.954023][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.016421][   T43] usb 5-1: Product: syz
[  177.038525][   T43] usb 5-1: Manufacturer: syz
[  177.062759][   T43] usb 5-1: SerialNumber: syz
[  177.381170][   T43] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:4.28/input/input7
[  177.511983][ T6718] warning: `syz.4.185' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  177.552768][   T43] bcm5974 5-1:4.28: could not read from device
[  177.556738][ T6524] team0: Port device team_slave_0 added
[  177.579552][ T5183] bcm5974 5-1:4.28: could not read from device
[  177.641214][   T43] input: failed to attach handler mousedev to device input7, error: -5
[  177.676932][ T5183] bcm5974 5-1:4.28: could not read from device
[  177.694067][   T43] usb 5-1: USB disconnect, device number 2
[  177.713224][ T2117] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.799685][ T6296] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  177.864976][ T6524] team0: Port device team_slave_1 added
[  177.977578][ T2117] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.567834][ T6747] infiniband syû: set active
[  179.572681][ T6747] infiniband syû: added bond_slave_0
[  179.583571][ T6747] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR
[  179.587664][ T6747] infiniband syû: Couldn't open port 1
[  179.690444][ T6747] RDS/IB: syû: added
[  179.695095][ T6747] smc: adding ib device syû with port count 1
[  179.701597][ T6747] smc:    ib device syû port 1 has no pnetid
[  180.794811][ T2117] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.165084][ T6524] batman_adv: batadv0: Adding interface: batadv_slave_0
[  181.176860][ T6524] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  181.203853][ T6524] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  181.440498][ T6524] batman_adv: batadv0: Adding interface: batadv_slave_1
[  181.456704][ T6524] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  181.509775][ T6524] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  181.633796][ T6014] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  181.770008][ T6524] hsr_slave_0: entered promiscuous mode
[  181.783236][ T6524] hsr_slave_1: entered promiscuous mode
[  181.824914][ T6014] usb 4-1: Using ep0 maxpacket: 16
[  181.839896][ T6014] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  181.860102][ T6014] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  181.892279][ T6014] usb 4-1: config 0 has no interface number 0
[  181.922345][ T6014] usb 4-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d
[  181.955791][ T6014] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.990448][ T6014] usb 4-1: Product: syz
[  182.008659][ T6014] usb 4-1: Manufacturer: syz
[  182.157701][ T6014] usb 4-1: SerialNumber: syz
[  182.173254][ T6014] usb 4-1: config 0 descriptor??
[  182.210280][ T6014] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  182.667568][ T6014] snd-usb-audio 4-1:0.1: probe with driver snd-usb-audio failed with error -2
[  182.713410][ T6014] usb 4-1: USB disconnect, device number 2
[  183.046223][ T2117] bridge_slave_1: left allmulticast mode
[  183.065513][ T2117] bridge_slave_1: left promiscuous mode
[  183.071438][ T2117] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.088611][ T5878] udevd[5878]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  183.123244][ T2117] bridge_slave_0: left allmulticast mode
[  183.153147][ T2117] bridge_slave_0: left promiscuous mode
[  183.175059][ T2117] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.740995][ T6794] input: syz0 as /devices/virtual/input/input8
[  183.997397][ T2117] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  184.016437][ T2117] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  184.047451][ T2117] bond0 (unregistering): Released all slaves
[  184.095208][ T6296] 8021q: adding VLAN 0 to HW filter on device batadv0
[  184.184450][ T5913] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  184.335681][ T5913] usb 4-1: Using ep0 maxpacket: 16
[  184.370015][ T5913] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  184.391676][ T5913] usb 4-1: config 0 has no interface number 0
[  184.411497][ T5913] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  184.435668][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.454491][ T5913] usb 4-1: Product: syz
[  184.459020][ T5913] usb 4-1: Manufacturer: syz
[  184.464421][ T5913] usb 4-1: SerialNumber: syz
[  184.528385][ T5913] usb 4-1: config 0 descriptor??
[  184.572716][ T5913] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  184.758952][ T6796] bridge0: port 3(syz_tun) entered blocking state
[  184.792518][ T6796] bridge0: port 3(syz_tun) entered disabled state
[  184.812122][ T6796] syz_tun: entered allmulticast mode
[  184.863533][ T6796] syz_tun: entered promiscuous mode
[  184.891790][ T6796] bridge0: port 3(syz_tun) entered blocking state
[  184.898546][ T6796] bridge0: port 3(syz_tun) entered forwarding state
[  184.920560][ T6524] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  184.967365][ T2117] hsr_slave_0: left promiscuous mode
[  184.979091][ T5913] gspca_spca1528: reg_w err -71
[  185.000347][ T2117] hsr_slave_1: left promiscuous mode
[  185.024619][ T2117] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  185.032088][ T2117] batman_adv: batadv0: Removing interface: batadv_slave_0
[  185.039418][ T5913] spca1528 4-1:0.1: probe with driver spca1528 failed with error -71
[  185.074455][ T5913] usb 4-1: USB disconnect, device number 3
[  185.086400][ T2117] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  185.099763][ T2117] batman_adv: batadv0: Removing interface: batadv_slave_1
[  185.151024][ T2117] veth1_macvtap: left promiscuous mode
[  185.156998][ T2117] veth0_macvtap: left promiscuous mode
[  185.162751][ T2117] veth1_vlan: left promiscuous mode
[  185.169091][ T2117] veth0_vlan: left promiscuous mode
[  187.816636][ T2117] team0 (unregistering): Port device team_slave_1 removed
[  187.921902][ T2117] team0 (unregistering): Port device team_slave_0 removed
[  189.405175][ T6524] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  189.478551][ T6857] netlink: 8 bytes leftover after parsing attributes in process `syz.3.213'.
[  189.492919][ T6524] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  189.496897][ T6857] netlink: 8 bytes leftover after parsing attributes in process `syz.3.213'.
[  189.604706][ T6524] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  190.668567][ T6296] veth0_vlan: entered promiscuous mode
[  191.176424][ T6296] veth1_vlan: entered promiscuous mode
[  191.465702][ T6524] 8021q: adding VLAN 0 to HW filter on device bond0
[  191.555956][ T6524] 8021q: adding VLAN 0 to HW filter on device team0
[  191.598388][ T6296] veth0_macvtap: entered promiscuous mode
[  191.641576][ T2117] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.648988][ T2117] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.681124][ T6296] veth1_macvtap: entered promiscuous mode
[  191.701961][ T2117] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.709207][ T2117] bridge0: port 2(bridge_slave_1) entered forwarding state
[  192.193252][ T6296] batman_adv: batadv0: Interface activated: batadv_slave_0
[  192.232480][ T6296] batman_adv: batadv0: Interface activated: batadv_slave_1
[  192.293841][ T1139] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  192.302666][ T1139] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  192.537067][ T1139] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  192.598134][ T1139] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  192.722486][ T6908] binder: 6907:6908 ioctl c0306201 200000004a40 returned -22
[  193.085906][ T6524] 8021q: adding VLAN 0 to HW filter on device batadv0
[  193.538959][ T6923] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  194.076325][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  194.086318][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  194.095836][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  194.104158][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  194.112033][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  196.519475][ T5842] Bluetooth: hci1: command tx timeout
[  196.860665][ T6524] veth0_vlan: entered promiscuous mode
[  196.990586][ T4147] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.200227][ T6524] veth1_vlan: entered promiscuous mode
[  197.282543][ T4147] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.387260][ T4147] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.511972][ T4147] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.592412][ T6524] veth0_macvtap: entered promiscuous mode
[  197.641501][ T6524] veth1_macvtap: entered promiscuous mode
[  198.082389][ T6973] binder: BINDER_SET_CONTEXT_MGR already set
[  198.094004][ T6973] binder: 6972:6973 ioctl 4018620d 200000004a80 returned -16
[  198.120447][ T6973] binder: 6972:6973 ioctl c0306201 200000004a40 returned -22
[  198.175277][ T6524] batman_adv: batadv0: Interface activated: batadv_slave_0
[  198.228788][ T6524] batman_adv: batadv0: Interface activated: batadv_slave_1
[  198.326366][  T175] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  198.393209][  T194] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  198.429606][ T6925] chnl_net:caif_netlink_parms(): no params data found
[  198.452595][ T4147] bridge_slave_1: left allmulticast mode
[  198.459234][ T4147] bridge_slave_1: left promiscuous mode
[  198.475460][ T4147] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.498697][ T4147] bridge_slave_0: left allmulticast mode
[  198.513904][ T4147] bridge_slave_0: left promiscuous mode
[  198.519932][ T4147] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.586724][ T5842] Bluetooth: hci1: command tx timeout
[  199.447912][ T4147] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  199.487238][ T4147] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  199.507379][ T4147] bond0 (unregistering): Released all slaves
[  199.554115][  T194] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  199.633493][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  199.640228][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  199.749115][ T3460] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  200.696411][ T5842] Bluetooth: hci1: command tx timeout
[  202.206440][ T6925] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.222700][ T6925] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.273983][ T6925] bridge_slave_0: entered allmulticast mode
[  202.304247][ T6925] bridge_slave_0: entered promiscuous mode
[  202.361736][ T6925] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.376741][ T6925] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.384297][ T6925] bridge_slave_1: entered allmulticast mode
[  202.397738][ T6925] bridge_slave_1: entered promiscuous mode
[  202.482056][ T4147] hsr_slave_0: left promiscuous mode
[  202.511324][ T4147] hsr_slave_1: left promiscuous mode
[  202.532504][ T4147] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  202.565636][ T4147] batman_adv: batadv0: Removing interface: batadv_slave_0
[  202.593428][ T4147] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  202.616569][ T4147] batman_adv: batadv0: Removing interface: batadv_slave_1
[  202.686330][ T4147] veth1_macvtap: left promiscuous mode
[  202.708152][ T4147] veth0_macvtap: left promiscuous mode
[  202.727103][ T4147] veth1_vlan: left promiscuous mode
[  202.743739][ T5842] Bluetooth: hci1: command tx timeout
[  202.765307][ T4147] veth0_vlan: left promiscuous mode
[  204.151728][ T4147] team0 (unregistering): Port device team_slave_1 removed
[  204.245794][ T4147] team0 (unregistering): Port device team_slave_0 removed
[  205.611605][ T7014] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  205.795894][ T6925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  205.897381][ T6925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  205.939634][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  205.958031][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  206.749436][ T6925] team0: Port device team_slave_0 added
[  206.907071][ T6925] team0: Port device team_slave_1 added
[  207.231618][ T6925] batman_adv: batadv0: Adding interface: batadv_slave_0
[  207.324836][ T7061] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  208.376890][ T6925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  208.885103][ T6925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  209.065771][  T175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  209.113719][  T175] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  209.179974][ T6925] batman_adv: batadv0: Adding interface: batadv_slave_1
[  209.237317][ T6925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  209.325350][ T6925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  209.957248][ T6925] hsr_slave_0: entered promiscuous mode
[  210.010875][ T7078] input: syz1 as /devices/virtual/input/input10
[  210.024818][ T6925] hsr_slave_1: entered promiscuous mode
[  210.049052][ T6925] debugfs: 'hsr0' already exists in 'hsr'
[  210.070548][ T6925] Cannot create hsr debugfs directory
[  211.214761][ T6088] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  211.427356][ T6088] usb 7-1: not running at top speed; connect to a high speed hub
[  211.441581][ T6088] usb 7-1: config 138 has an invalid interface number: 254 but max is 1
[  211.452609][ T6088] usb 7-1: config 138 has an invalid interface number: 6 but max is 1
[  211.491651][ T6088] usb 7-1: config 138 has an invalid interface descriptor of length 2, skipping
[  211.522186][ T6088] usb 7-1: config 138 has no interface number 0
[  211.537367][ T6088] usb 7-1: config 138 has no interface number 1
[  211.567101][ T6088] usb 7-1: config 138 interface 254 altsetting 3 endpoint 0x6 has invalid wMaxPacketSize 0
[  211.593900][ T6088] usb 7-1: config 138 interface 254 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  211.655271][ T6088] usb 7-1: config 138 interface 6 altsetting 3 endpoint 0x7 has invalid maxpacket 2031, setting to 64
[  211.671874][ T6088] usb 7-1: config 138 interface 6 altsetting 3 has a duplicate endpoint with address 0xD, skipping
[  211.689116][ T6088] usb 7-1: config 138 interface 6 altsetting 3 endpoint 0x9 has invalid maxpacket 512, setting to 64
[  211.712768][ T6088] usb 7-1: config 138 interface 6 altsetting 3 has 6 endpoint descriptors, different from the interface descriptor's value: 8
[  211.772671][ T6088] usb 7-1: config 138 interface 254 has no altsetting 0
[  211.793056][ T6088] usb 7-1: config 138 interface 6 has no altsetting 0
[  211.841670][ T6088] usb 7-1: New USB device found, idVendor=0403, idProduct=f440, bcdDevice=92.08
[  211.851869][ T6088] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.871767][ T6088] usb 7-1: Product: syz
[  211.887305][ T6088] usb 7-1: Manufacturer: syz
[  211.926124][ T6088] usb 7-1: SerialNumber: syz
[  213.642391][ T6925] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  213.684035][ T6925] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  213.697513][ T6925] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  213.769307][ T6925] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  213.883578][ T6088] ftdi_sio 7-1:138.254: FTDI USB Serial Device converter detected
[  213.914862][ T6088] ftdi_sio ttyUSB0: unknown device type: 0x9208
[  213.947752][ T6088] ftdi_sio 7-1:138.6: FTDI USB Serial Device converter detected
[  213.985421][ T6088] ftdi_sio ttyUSB1: unknown device type: 0x9208
[  214.159279][ T6088] usb 7-1: USB disconnect, device number 2
[  214.171191][ T6088] ftdi_sio 7-1:138.254: device disconnected
[  214.191026][ T6088] ftdi_sio 7-1:138.6: device disconnected
[  215.223412][ T6925] 8021q: adding VLAN 0 to HW filter on device bond0
[  215.396046][ T7145] input: syz0 as /devices/virtual/input/input11
[  215.463006][ T6925] 8021q: adding VLAN 0 to HW filter on device team0
[  215.535351][ T4147] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.542592][ T4147] bridge0: port 1(bridge_slave_0) entered forwarding state
[  215.625495][  T175] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.632777][  T175] bridge0: port 2(bridge_slave_1) entered forwarding state
[  216.796294][ T6925] 8021q: adding VLAN 0 to HW filter on device batadv0
[  217.493410][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout
[  217.513859][ T6426] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  217.520389][ T6426] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  217.788845][ T6925] veth0_vlan: entered promiscuous mode
[  217.847622][ T6925] veth1_vlan: entered promiscuous mode
[  218.034297][ T7186] input: syz1 as /devices/virtual/input/input12
[  218.130018][ T6925] veth0_macvtap: entered promiscuous mode
[  218.192549][ T6925] veth1_macvtap: entered promiscuous mode
[  218.261083][ T6925] batman_adv: batadv0: Interface activated: batadv_slave_0
[  218.331140][ T6925] batman_adv: batadv0: Interface activated: batadv_slave_1
[  218.413604][ T1320] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  218.458608][ T1320] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  218.487890][ T1320] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  218.506567][ T1320] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  219.873740][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout
[  219.879949][ T6426] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  219.907272][ T6426] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  220.287757][ T6025] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  220.321573][ T6025] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  220.352899][ T6025] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  220.373431][ T6025] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  220.663050][ T7220] overlayfs: failed to resolve './file1': -2
[  229.797402][ T7301] netlink: 4 bytes leftover after parsing attributes in process `syz.6.299'.
[  231.046761][ T7313] input: syz1 as /devices/virtual/input/input13
[  232.188666][ T5899] libceph: connect (1)[c::]:6789 error -101
[  232.196071][ T5899] libceph: mon0 (1)[c::]:6789 connect error
[  232.240092][ T7314] ceph: No mds server is up or the cluster is laggy
[  235.482707][ T7370] netlink: 'syz.6.313': attribute type 27 has an invalid length.
[  235.490759][ T7370] netlink: 8 bytes leftover after parsing attributes in process `syz.6.313'.
[  235.716653][ T7369] netlink: 'syz.6.313': attribute type 27 has an invalid length.
[  235.838542][ T7369] netlink: 8 bytes leftover after parsing attributes in process `syz.6.313'.
[  236.672872][ T7386] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  239.934691][ T7427] netlink: 52 bytes leftover after parsing attributes in process `syz.3.323'.
[  240.254784][ T7428] RDS: rds_bind could not find a transport for ::ffff:172.30.1.7, load rds_tcp or rds_rdma?
[  241.830518][ T7431] netlink: 4 bytes leftover after parsing attributes in process `syz.6.324'.
[  241.862622][ T7431] netlink: 4 bytes leftover after parsing attributes in process `syz.6.324'.
[  243.520580][ T7452] tipc: Started in network mode
[  243.568736][ T7452] tipc: Node identity 929648aafd07, cluster identity 4711
[  243.599925][ T7452] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  243.634560][ T7455] syzkaller0: entered promiscuous mode
[  243.664571][ T7455] syzkaller0: entered allmulticast mode
[  243.783359][ T7452] tipc: Resetting bearer <eth:syzkaller0>
[  243.822913][ T7449] tipc: Resetting bearer <eth:syzkaller0>
[  243.888910][ T7449] tipc: Disabling bearer <eth:syzkaller0>
[  244.690672][ T7475] netlink: 'syz.4.334': attribute type 27 has an invalid length.
[  244.699199][ T7475] netlink: 8 bytes leftover after parsing attributes in process `syz.4.334'.
[  246.813232][ T7496] tmpfs: Cannot enable quota on remount
[  247.608296][ T7504] netlink: 4 bytes leftover after parsing attributes in process `syz.4.339'.
[  247.766538][ T7506] netlink: 4 bytes leftover after parsing attributes in process `syz.4.339'.
[  249.300474][ T7525] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  249.308955][ T7525] syzkaller0: entered promiscuous mode
[  249.318927][ T7525] syzkaller0: entered allmulticast mode
[  249.435075][ T7525] tipc: Resetting bearer <eth:syzkaller0>
[  249.500721][ T7523] tipc: Resetting bearer <eth:syzkaller0>
[  250.081566][ T7523] tipc: Disabling bearer <eth:syzkaller0>
[  251.303786][ T6426] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  252.123727][ T6426] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  252.243705][ T6426] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  252.252735][ T6426] usb 5-1: New USB device found, idVendor=0471, idProduct=0329, bcdDevice=db.da
[  252.333931][ T6426] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.352943][ T6426] usb 5-1: config 0 descriptor??
[  254.626307][ T7595] tmpfs: Cannot enable quota on remount
[  255.131452][ T6943] usb 5-1: USB disconnect, device number 3
[  255.289599][ T7603] netlink: 12 bytes leftover after parsing attributes in process `syz.4.362'.
[  260.783774][ T6089] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  261.069736][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  261.076910][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  261.223760][ T6089] usb 6-1: config 0 has no interfaces?
[  261.247391][ T6089] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  261.293940][ T6089] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.302115][ T6089] usb 6-1: Product: syz
[  261.326866][ T6089] usb 6-1: Manufacturer: syz
[  261.332732][ T6089] usb 6-1: SerialNumber: syz
[  261.386740][ T6089] usb 6-1: config 0 descriptor??
[  261.800030][ T6089] usb 6-1: USB disconnect, device number 2
[  262.142431][ T7654] tmpfs: Cannot enable quota on remount
[  262.743907][ T7663] tmpfs: Bad value for 'usrquota_inode_hardlimit'
[  265.280190][ T7687] binder: BINDER_SET_CONTEXT_MGR already set
[  265.327880][ T7687] binder: 7686:7687 ioctl 4018620d 200000004a80 returned -16
[  265.360475][ T7688] binder: 7686:7688 ioctl c0306201 200000004a40 returned -22
[  270.350011][ T7744] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  271.293713][ T6943] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  271.895744][ T6943] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  271.923689][ T6943] usb 6-1: config 0 has no interface number 0
[  271.937982][ T6943] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  272.047505][ T7749] netlink: 512 bytes leftover after parsing attributes in process `syz.6.396'.
[  272.090817][ T6943] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  272.482597][ T6943] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  272.501119][ T6943] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  272.527466][ T6943] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  272.577619][ T6943] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  272.609270][ T6943] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  272.657040][ T6943] usb 6-1: config 0 descriptor??
[  272.679396][ T7738] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  272.761994][ T6943] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  275.198386][   T43] usb 6-1: USB disconnect, device number 3
[  275.329163][   T43] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  277.259941][ T7781] tmpfs: Cannot enable quota on remount
[  278.335540][ T7782] trusted_key: encrypted_key: hex blob is missing
[  278.382387][ T7789] binder: 7787:7789 ioctl c0306201 0 returned -14
[  278.416883][ T7789] binder: 7787:7789 ioctl c0306201 200000004a40 returned -22
[  280.604011][ T6088] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  280.677139][ T7800] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  280.685549][ T7800] syzkaller0: entered promiscuous mode
[  280.691166][ T7800] syzkaller0: entered allmulticast mode
[  280.751680][ T7799] tipc: Resetting bearer <eth:syzkaller0>
[  280.818499][ T6088] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  280.990264][ T6088] usb 4-1: config 0 has no interface number 0
[  281.284993][ T6088] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  281.300216][ T7799] tipc: Disabling bearer <eth:syzkaller0>
[  281.317160][ T6088] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  281.350310][ T6088] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  281.392206][ T6088] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  281.423697][ T6088] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  281.483742][ T6088] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  281.520705][ T6088] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.585543][ T6088] usb 4-1: config 0 descriptor??
[  281.656220][ T7796] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  281.673085][ T6088] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  282.421152][ T7816] tmpfs: Cannot enable quota on remount
[  283.301197][ T6088] usb 4-1: USB disconnect, device number 4
[  283.446825][ T6088] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[  283.516409][ T7822] capability: warning: `syz.5.413' uses deprecated v2 capabilities in a way that may be insecure
[  285.006792][ T7846] tipc: Started in network mode
[  285.033724][ T7846] tipc: Node identity ae790f97ea08, cluster identity 4711
[  285.058385][ T7846] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  285.087259][ T7849] syzkaller0: entered promiscuous mode
[  285.113222][ T7849] syzkaller0: entered allmulticast mode
[  285.219542][ T7845] tipc: Resetting bearer <eth:syzkaller0>
[  285.768055][ T7845] tipc: Disabling bearer <eth:syzkaller0>
[  286.003707][ T6426] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  286.317255][ T6426] usb 2-1: Using ep0 maxpacket: 8
[  286.326192][ T6426] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  286.358035][ T6426] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  286.383682][ T6426] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  286.403746][ T6426] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  286.453129][ T6426] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  286.462430][ T6089] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  286.488098][ T6426] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  286.733847][ T6089] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  286.750492][ T6089] usb 4-1: config 0 has no interface number 0
[  287.067118][ T6089] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  287.079006][ T6426] usb 2-1: GET_CAPABILITIES returned 0
[  287.085733][ T6426] usbtmc 2-1:16.0: can't read capabilities
[  287.091904][ T6089] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  287.119215][ T6089] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  287.141354][ T6089] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  287.161874][ T6089] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  287.192299][ T6089] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  287.211165][ T6089] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.232334][ T6089] usb 4-1: config 0 descriptor??
[  287.249008][ T7861] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  287.276520][ T6089] ldusb 4-1:0.55: LD USB Device #1 now attached to major 180 minor 1
[  287.359964][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  287.429968][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  287.439137][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  287.448321][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  287.457500][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  287.475892][ T6014] usb 2-1: USB disconnect, device number 2
[  288.524507][ T7885] fuse: Bad value for 'fd'
[  288.945233][ T7895] netlink: 96 bytes leftover after parsing attributes in process `syz.5.442'.
[  289.283407][ T6426] usb 4-1: USB disconnect, device number 5
[  289.410474][ T6426] ldusb 4-1:0.55: LD USB Device #1 now disconnected
[  290.076083][ T6426] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  290.202080][ T7913] binder: 7912:7913 ioctl c0306201 200000004a40 returned -22
[  290.266578][ T6426] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  290.311952][ T6426] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  291.078318][ T6426] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.207512][ T6426] usb 6-1: config 0 descriptor??
[  291.263456][ T7905] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  291.975656][ T6426] elan 0003:04F3:0755.0001: unknown main item tag 0x0
[  291.982536][ T6426] elan 0003:04F3:0755.0001: unknown main item tag 0x0
[  292.113299][ T6426] elan 0003:04F3:0755.0001: unknown main item tag 0x0
[  292.120862][ T6426] elan 0003:04F3:0755.0001: unknown main item tag 0x0
[  292.131010][ T6426] elan 0003:04F3:0755.0001: unknown main item tag 0x0
[  292.147206][ T6426] elan 0003:04F3:0755.0001: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.5-1/input0
[  292.162667][ T6426] usb 6-1: USB disconnect, device number 4
[  292.256716][ T7936] netlink: 96 bytes leftover after parsing attributes in process `syz.3.457'.
[  292.365814][ T7939] fuse: Bad value for 'fd'
[  292.516494][ T7933] fido_id[7933]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  292.603977][ T7943] netlink: 'syz.3.459': attribute type 27 has an invalid length.
[  292.612097][ T7943] netlink: 8 bytes leftover after parsing attributes in process `syz.3.459'.
[  294.160302][ T7965] netlink: 96 bytes leftover after parsing attributes in process `syz.1.469'.
[  294.718876][ T7975] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  296.223692][ T7984] ceph: No mds server is up or the cluster is laggy
[  296.248567][ T6048] libceph: connect (1)[c::]:6789 error -101
[  296.249878][ T6048] libceph: mon0 (1)[c::]:6789 connect error
[  296.766064][ T7982] fuse: Bad value for 'fd'
[  297.575446][ T8009] netlink: 'syz.1.479': attribute type 10 has an invalid length.
[  297.583287][ T8009] netlink: 40 bytes leftover after parsing attributes in process `syz.1.479'.
[  297.595876][ T8009] batman_adv: batadv0: Adding interface: virt_wifi0
[  297.602619][ T8009] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  297.628393][ T8009] batman_adv: batadv0: Interface activated: virt_wifi0
[  298.975105][ T8012] netlink: 64 bytes leftover after parsing attributes in process `syz.5.482'.
[  302.490098][ T8043] tipc: Started in network mode
[  302.543190][ T8043] tipc: Node identity 3a00fa50d7a1, cluster identity 4711
[  302.582163][ T8043] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  302.685883][ T8040] tipc: Disabling bearer <eth:syzkaller0>
[  305.657155][ T8075] trusted_key: encrypted_key: hex blob is missing
[  309.642181][ T8119] netlink: 4 bytes leftover after parsing attributes in process `syz.6.514'.
[  309.936308][ T8112] syzkaller0: entered promiscuous mode
[  309.941993][ T8112] syzkaller0: entered allmulticast mode
[  311.509078][ T8138] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžq
Ó†ØÈÌONEOUT'
[  311.516593][ T8138] ALSA: mixer_oss: invalid index 1374389
[  311.545417][ T8141] netlink: 16 bytes leftover after parsing attributes in process `syz.6.523'.
[  311.596818][ T8144] netlink: 4 bytes leftover after parsing attributes in process `syz.3.521'.
[  311.716473][ T8143] netlink: 4 bytes leftover after parsing attributes in process `syz.3.521'.
[  312.103678][ T8151] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  313.344015][ T5906] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[  314.067755][ T5906] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  314.539386][ T8164] input: syz1 as /devices/virtual/input/input14
[  314.552189][ T5906] usb 7-1: config 0 has no interface number 0
[  314.591719][ T5906] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  314.676278][ T5906] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  314.713727][ T5906] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  314.769911][ T5906] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  314.806199][ T5906] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  314.861607][ T5906] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  314.871244][ T5906] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.912664][ T5906] usb 7-1: config 0 descriptor??
[  314.919997][ T8159] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  315.131839][ T5906] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  316.267097][   T43] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  316.542011][ T8182] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžq
Ó†ØÈÌONEOUT'
[  316.549528][ T8182] ALSA: mixer_oss: invalid index 1374389
[  316.663685][   T43] usb 5-1: Using ep0 maxpacket: 8
[  316.681979][   T43] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  316.697648][   T43] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  316.714000][   T43] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  316.727668][   T43] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  316.743009][   T43] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  316.765229][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.036178][   T43] usb 5-1: GET_CAPABILITIES returned 0
[  317.041760][   T43] usbtmc 5-1:16.0: can't read capabilities
[  317.816881][ T6943] usb 7-1: USB disconnect, device number 3
[  317.827121][ T6943] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  317.942764][ T6014] usb 5-1: USB disconnect, device number 4
[  319.728181][ T8209] random: crng reseeded on system resumption
[  319.792726][ T8209] Restarting kernel threads ...
[  319.811039][ T8209] Done restarting kernel threads.
[  319.852714][ T8209] netlink: 'syz.4.540': attribute type 1 has an invalid length.
[  319.937568][ T8209] 8021q: adding VLAN 0 to HW filter on device bond1
[  320.026119][ T8216] netlink: 'syz.4.540': attribute type 11 has an invalid length.
[  320.775133][ T8224] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžq
Ó†ØÈÌONEOUT'
[  320.782816][ T8224] ALSA: mixer_oss: invalid index 1374389
[  322.525139][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  322.534964][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  325.264947][ T8269] netlink: 'syz.3.558': attribute type 27 has an invalid length.
[  325.273019][ T8269] netlink: 8 bytes leftover after parsing attributes in process `syz.3.558'.
[  328.043191][ T8282] can0: slcan on ttyS3.
[  328.464636][ T8277] can0 (unregistered): slcan off ttyS3.
[  328.846760][ T8305] binder: 8304:8305 ioctl 4018620d 0 returned -22
[  328.860995][ T8305] binder: 8304:8305 ioctl c0306201 200000004a40 returned -22
[  329.119654][ T8314] tmpfs: Cannot enable quota on remount
[  329.358930][ T8320] overlayfs: failed to resolve './file1': -2
[  329.443822][ T6943] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  329.606205][ T6943] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  329.641496][ T6943] usb 6-1: config 0 has no interface number 0
[  329.658230][ T6943] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  329.679557][ T6943] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  329.704449][ T6943] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  329.752394][ T6943] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  329.806930][ T8330] kvm: MONITOR instruction emulated as NOP!
[  329.821559][ T6943] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  330.491034][ T6943] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  330.500485][ T6943] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.585769][ T6943] usb 6-1: config 0 descriptor??
[  330.593018][ T8315] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  330.606735][ T6943] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  331.017704][   T24] usb 6-1: USB disconnect, device number 5
[  331.157566][   T24] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  332.628346][ T8366] binder: 8364:8366 ioctl 4018620d 0 returned -22
[  332.770236][ T8366] binder: 8364:8366 ioctl c0306201 200000004a40 returned -22
[  334.360757][ T8375] tmpfs: Cannot enable quota on remount
[  337.877452][ T8415] netlink: 4 bytes leftover after parsing attributes in process `syz.5.590'.
[  341.235396][ T8441] tmpfs: Cannot enable quota on remount
[  341.950791][ T8458] binder: 8456:8458 ioctl c0306201 0 returned -14
[  341.960080][ T8458] binder: 8456:8458 ioctl c0306201 200000004a40 returned -22
[  343.000625][ T8469] netlink: 4 bytes leftover after parsing attributes in process `syz.6.603'.
[  345.394718][ T8490] netlink: 12 bytes leftover after parsing attributes in process `syz.5.605'.
[  345.731252][ T8494] tmpfs: Cannot enable quota on remount
[  346.300598][ T8498] binder: 8497:8498 ioctl c0306201 0 returned -14
[  346.309180][ T8498] binder: 8497:8498 ioctl c0306201 200000004a40 returned -22
[  349.054461][ T8519] netlink: 8 bytes leftover after parsing attributes in process `syz.4.618'.
[  349.162850][ T8519] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.618'.
[  350.042866][ T8534] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  350.946023][ T8529] use of bytesused == 0 is deprecated and will be removed in the future,
[  350.956638][ T8529] use the actual size instead.
[  352.545835][ T8539] tmpfs: Cannot enable quota on remount
[  354.321114][ T8547] binder: BINDER_SET_CONTEXT_MGR already set
[  354.341663][ T8547] binder: 8546:8547 ioctl 4018620d 200000004a80 returned -16
[  354.362301][ T8547] binder: 8546:8547 ioctl c0306201 0 returned -14
[  354.382468][ T8547] binder: 8546:8547 ioctl c0306201 200000004a40 returned -22
[  355.444141][ T6088] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  355.777340][ T6088] usb 2-1: Using ep0 maxpacket: 8
[  355.786766][ T6088] usb 2-1: config 8 has an invalid interface number: 3 but max is 0
[  355.795291][ T6088] usb 2-1: config 8 has no interface number 0
[  355.803777][ T6088] usb 2-1: config 8 interface 3 has no altsetting 0
[  355.819706][ T6088] usb 2-1: New USB device found, idVendor=1bc7, idProduct=1101, bcdDevice= b.85
[  355.832280][ T6088] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.841470][ T6088] usb 2-1: Product: syz
[  355.847335][ T6088] usb 2-1: Manufacturer: syz
[  355.853089][ T6088] usb 2-1: SerialNumber: syz
[  357.344296][ T8573] trusted_key: encrypted_key: hex blob is missing
[  357.695652][ T6088] qmi_wwan 2-1:8.3: probe with driver qmi_wwan failed with error -22
[  357.819622][ T6088] usb 2-1: USB disconnect, device number 3
[  358.765788][ T8577] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  358.799304][ T8577] block device autoloading is deprecated and will be removed.
[  361.491079][ T8600] netlink: 'syz.4.636': attribute type 27 has an invalid length.
[  361.499539][ T8600] netlink: 8 bytes leftover after parsing attributes in process `syz.4.636'.
[  362.035933][ T8603] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  364.415942][   T30] audit: type=1804 audit(1764375062.501:2): pid=8626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.649" name="/newroot/135/file0" dev="tmpfs" ino=739 res=1 errno=0
[  364.477702][ T8624] syz.4.649 (8624) used greatest stack depth: 15936 bytes left
[  365.284159][ T8637] netlink: 4 bytes leftover after parsing attributes in process `syz.1.651'.
[  365.713856][ T8632] can0: slcan on ttyS3.
[  365.880320][ T8632] can0 (unregistered): slcan off ttyS3.
[  367.455737][ T8653] netlink: 'syz.4.655': attribute type 27 has an invalid length.
[  367.463753][ T8653] netlink: 8 bytes leftover after parsing attributes in process `syz.4.655'.
[  370.763283][ T8681] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  373.816629][ T8721] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  375.422424][ T8738] fuse: Bad value for 'fd'
[  376.330996][ T8752] trusted_key: encrypted_key: hex blob is missing
[  379.395989][ T8771] netlink: 4 bytes leftover after parsing attributes in process `syz.5.689'.
[  380.032333][ T8770] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  381.755064][ T8789] fuse: Bad value for 'fd'
[  384.025747][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  384.032256][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  384.844544][ T8815] netlink: 4 bytes leftover after parsing attributes in process `syz.3.702'.
[  386.723273][ T8833] netlink: 292 bytes leftover after parsing attributes in process `syz.5.707'.
[  387.068159][ T8831] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  387.102280][ T8839] fuse: Bad value for 'fd'
[  388.827270][ T8866] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  388.926650][ T8866] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  389.323613][ T8868] netlink: 4 bytes leftover after parsing attributes in process `syz.5.716'.
[  392.720004][ T8902] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  394.101870][ T8915] 9p: Bad value for 'rfdno'
[  395.588396][ T8927] netlink: 8 bytes leftover after parsing attributes in process `syz.6.726'.
[  395.675959][ T8927] netlink: 8 bytes leftover after parsing attributes in process `syz.6.726'.
[  395.685370][ T8927] netlink: 8 bytes leftover after parsing attributes in process `syz.6.726'.
[  395.695212][ T8927] netlink: 8 bytes leftover after parsing attributes in process `syz.6.726'.
[  395.704312][ T8927] netlink: 8 bytes leftover after parsing attributes in process `syz.6.726'.
[  400.041108][ T8963] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  405.416430][ T8995] syû: rxe_newlink: already configured on bond_slave_0
[  411.335530][ T9028] bridge0: entered allmulticast mode
[  411.513007][ T9028] pim6reg: entered allmulticast mode
[  412.025635][ T9031] pim6reg: left allmulticast mode
[  412.030866][ T9031] bridge0: left allmulticast mode
[  412.345203][ T9030] netlink: 8 bytes leftover after parsing attributes in process `syz.4.755'.
[  413.946485][ T9064] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  415.006690][ T9068] netlink: 8 bytes leftover after parsing attributes in process `syz.1.763'.
[  415.016380][ T9068] netlink: 8 bytes leftover after parsing attributes in process `syz.1.763'.
[  415.826044][ T9075] trusted_key: encrypted_key: hex blob is missing
[  417.461382][ T9088] netlink: 8 bytes leftover after parsing attributes in process `syz.6.772'.
[  417.490736][ T9088] netlink: 8 bytes leftover after parsing attributes in process `syz.6.772'.
[  417.504001][ T9088] netlink: 8 bytes leftover after parsing attributes in process `syz.6.772'.
[  417.535081][ T9088] netlink: 8 bytes leftover after parsing attributes in process `syz.6.772'.
[  424.723819][ T9147] ALSA: mixer_oss: invalid OSS volume ''
[  426.006991][ T9161] input: syz1 as /devices/virtual/input/input15
[  428.576370][ T9184] netlink: 16 bytes leftover after parsing attributes in process `syz.5.799'.
[  429.331750][ T9188] can0: slcan on ttyS3.
[  430.083779][ T9186] ALSA: mixer_oss: invalid OSS volume ''
[  430.197581][ T9180] can0 (unregistered): slcan off ttyS3.
[  435.627927][   T43] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  435.804006][   T43] usb 2-1: Using ep0 maxpacket: 16
[  435.857252][ T9249] input: syz1 as /devices/virtual/input/input16
[  436.340065][   T43] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  436.364304][   T43] usb 2-1: config 0 has no interface number 0
[  436.396848][   T43] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  436.443684][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.505807][   T43] usb 2-1: Product: syz
[  436.523703][   T43] usb 2-1: Manufacturer: syz
[  436.567477][   T43] usb 2-1: SerialNumber: syz
[  436.590079][   T43] usb 2-1: config 0 descriptor??
[  436.626045][   T43] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  438.288992][   T43] gspca_spca1528: reg_r err -71
[  438.536094][   T43] spca1528 2-1:0.1: probe with driver spca1528 failed with error -71
[  438.624500][   T43] usb 2-1: USB disconnect, device number 4
[  439.557298][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  439.577073][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  439.587631][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  439.597274][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  439.619379][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  440.159134][ T9298] loop6: detected capacity change from 0 to 524288000
[  441.305275][    C0] I/O error, dev loop6, sector 1024 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  441.338877][    C0] I/O error, dev loop6, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  441.348708][    C0] Buffer I/O error on dev loop6, logical block 128, async page read
[  441.390516][ T9303] loop6: detected capacity change from 524288000 to 0
[  441.704828][ T5842] Bluetooth: hci5: command tx timeout
[  442.653638][ T5906] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  443.773615][ T5906] usb 5-1: Using ep0 maxpacket: 16
[  443.784354][ T5842] Bluetooth: hci5: command tx timeout
[  443.833753][ T5906] usb 5-1: unable to get BOS descriptor or descriptor too short
[  443.857803][ T5906] usb 5-1: config 13 has an invalid interface number: 50 but max is 0
[  443.883597][ T5906] usb 5-1: config 13 has no interface number 0
[  443.889867][ T5906] usb 5-1: config 13 interface 50 altsetting 167 bulk endpoint 0x8 has invalid maxpacket 16
[  443.913620][ T5906] usb 5-1: config 13 interface 50 has no altsetting 0
[  443.926136][ T5906] usb 5-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  443.956910][ T5906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=67
[  443.965256][ T5906] usb 5-1: Product: syz
[  443.969562][ T5906] usb 5-1: Manufacturer: syz
[  443.975162][ T5906] usb 5-1: SerialNumber: syz
[  443.985062][ T9318] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  444.070618][ T9329] faux_driver vgem: [drm] Unknown color mode 11173; guessing buffer size.
[  444.204883][ T6025] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.315494][ T5906] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  444.322588][ T5906] usb 5-1: MIDIStreaming interface descriptor not found
[  444.730573][ T5906] usb 5-1: USB disconnect, device number 5
[  445.258705][ T9348] udevd[9348]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  445.404610][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  445.411116][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  445.873744][ T5842] Bluetooth: hci5: command tx timeout
[  446.969599][ T6025] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.001207][ T5842] Bluetooth: hci5: command tx timeout
[  448.331374][ T6025] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.448606][ T6025] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.641621][ T9384] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  449.950072][ T9388] can0: slcan on ttyS3.
[  450.089083][ T9285] chnl_net:caif_netlink_parms(): no params data found
[  450.837893][ T9386] can0 (unregistered): slcan off ttyS3.
[  451.007647][ T6025] bridge_slave_1: left allmulticast mode
[  451.013339][ T6025] bridge_slave_1: left promiscuous mode
[  451.062843][ T6025] bridge0: port 2(bridge_slave_1) entered disabled state
[  451.182843][ T9406] binder: 9405:9406 ioctl c0306201 200000004a40 returned -22
[  451.316575][ T6025] bridge_slave_0: left allmulticast mode
[  451.351321][ T6025] bridge_slave_0: left promiscuous mode
[  451.388441][ T6025] bridge0: port 1(bridge_slave_0) entered disabled state
[  452.850704][ T9421] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  454.177290][ T9423] fuse: Bad value for 'fd'
[  454.558270][ T9429] No control pipe specified
[  457.054132][ T9449] tmpfs: Cannot enable quota on remount
[  457.614877][ T6025] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  457.668795][ T6025] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  457.720742][ T6025] bond0 (unregistering): Released all slaves
[  458.356539][ T9285] bridge0: port 1(bridge_slave_0) entered blocking state
[  458.377232][ T9285] bridge0: port 1(bridge_slave_0) entered disabled state
[  458.404560][ T9285] bridge_slave_0: entered allmulticast mode
[  458.442325][ T9285] bridge_slave_0: entered promiscuous mode
[  458.677080][ T9452] syzkaller1: entered allmulticast mode
[  458.691647][ T9285] bridge0: port 2(bridge_slave_1) entered blocking state
[  458.700376][ T9285] bridge0: port 2(bridge_slave_1) entered disabled state
[  458.708434][ T9285] bridge_slave_1: entered allmulticast mode
[  458.717077][ T9285] bridge_slave_1: entered promiscuous mode
[  458.919402][ T9285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  458.995132][ T9285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  459.696101][ T9285] team0: Port device team_slave_0 added
[  459.813838][ T9285] team0: Port device team_slave_1 added
[  460.221255][ T6025] hsr_slave_0: left promiscuous mode
[  460.250963][ T6025] hsr_slave_1: left promiscuous mode
[  460.258490][ T6025] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  460.290662][ T6025] batman_adv: batadv0: Removing interface: batadv_slave_0
[  460.322298][ T6025] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  460.352154][ T6025] batman_adv: batadv0: Removing interface: batadv_slave_1
[  460.560063][ T6025] veth1_macvtap: left promiscuous mode
[  461.269727][ T6025] veth0_macvtap: left promiscuous mode
[  461.275729][ T6025] veth1_vlan: left promiscuous mode
[  461.281121][ T6025] veth0_vlan: left promiscuous mode
[  463.715383][ T9521] program syz.4.882 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  463.733974][ T9521] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  463.837541][ T6025] team0 (unregistering): Port device team_slave_1 removed
[  463.928031][ T6025] team0 (unregistering): Port device team_slave_0 removed
[  465.673161][ T9508] syzkaller1: entered allmulticast mode
[  465.905616][ T9285] batman_adv: batadv0: Adding interface: batadv_slave_0
[  465.920892][ T9285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  465.977326][ T9285] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  466.120166][ T9285] batman_adv: batadv0: Adding interface: batadv_slave_1
[  466.155674][ T9285] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  466.843781][ T9285] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  468.038071][ T9285] hsr_slave_0: entered promiscuous mode
[  468.065060][ T9285] hsr_slave_1: entered promiscuous mode
[  470.608435][ T9285] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  470.632458][ T9285] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  470.732218][ T9285] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  471.214237][ T9285] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  471.528072][ T9597] syzkaller1: entered allmulticast mode
[  471.834135][ T9285] 8021q: adding VLAN 0 to HW filter on device bond0
[  471.922914][ T9285] 8021q: adding VLAN 0 to HW filter on device team0
[  471.971236][ T6442] bridge0: port 1(bridge_slave_0) entered blocking state
[  471.978484][ T6442] bridge0: port 1(bridge_slave_0) entered forwarding state
[  472.038705][ T6442] bridge0: port 2(bridge_slave_1) entered blocking state
[  472.045937][ T6442] bridge0: port 2(bridge_slave_1) entered forwarding state
[  472.192111][ T9606] netlink: 12 bytes leftover after parsing attributes in process `syz.4.898'.
[  473.722788][ T9285] 8021q: adding VLAN 0 to HW filter on device batadv0
[  474.816356][ T9285] veth0_vlan: entered promiscuous mode
[  474.866683][ T9285] veth1_vlan: entered promiscuous mode
[  475.005156][ T9285] veth0_macvtap: entered promiscuous mode
[  475.054743][ T9285] veth1_macvtap: entered promiscuous mode
[  475.115337][ T9285] batman_adv: batadv0: Interface activated: batadv_slave_0
[  475.250204][ T9285] batman_adv: batadv0: Interface activated: batadv_slave_1
[  475.390826][ T6025] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  476.091456][ T6025] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  476.100885][ T6025] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  476.114306][ T6025] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  476.943023][  T175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  476.967604][ T9659] trusted_key: encrypted_key: hex blob is missing
[  477.804425][  T175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  477.939491][  T175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  478.017459][  T175] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  481.828012][ T9708] netlink: 12 bytes leftover after parsing attributes in process `syz.1.917'.
[  481.959424][ T9714] netlink: 16 bytes leftover after parsing attributes in process `syz.3.912'.
[  484.582662][ T9731] input: syz1 as /devices/virtual/input/input17
[  486.500127][ T9747] bridge0: entered allmulticast mode
[  487.791119][ T9760] fuse: Bad value for 'rootmode'
[  489.315759][ T9778] 9p: Bad value for 'wfdno'
[  490.265689][ T9788] trusted_key: encrypted_key: hex blob is missing
[  490.492082][ T9789] dummy0: entered promiscuous mode
[  490.565800][ T9789] bond_slave_0: entered promiscuous mode
[  490.571653][ T9789] bond_slave_0: left promiscuous mode
[  490.603963][ T9789] dummy0: left promiscuous mode
[  491.493734][ T5906] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  491.646226][ T5906] usb 6-1: config 0 has no interfaces?
[  491.655302][ T5906] usb 6-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  491.707446][ T5906] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  491.751621][ T5906] usb 6-1: config 0 descriptor??
[  492.468004][ T9792] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  492.483998][ T9792] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  492.516818][ T5913] usb 6-1: USB disconnect, device number 6
[  493.702174][ T9818] tmpfs: Cannot enable quota on remount
[  493.887653][ T9815] fuse: Bad value for 'rootmode'
[  499.082562][ T9881] fuse: Unknown parameter 'use00000000000000000000'
[  503.732086][ T9928] vivid-000: kernel_thread() failed
[  504.267232][ T9940] fuse: Unknown parameter 'use00000000000000000000'
[  504.863120][ T9949] trusted_key: encrypted_key: hex blob is missing
[  506.839498][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  506.853791][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  509.413114][ T9994] fuse: Unknown parameter 'grou00000000000000000000'
[  509.646671][ T9998] fuse: Unknown parameter 'use00000000000000000000'
[  512.388388][T10024] fuse: Unknown parameter 'user_i00000000000000000000'
[  512.712739][T10029] input: syz1 as /devices/virtual/input/input18
[  513.352586][T10037] netlink: 16 bytes leftover after parsing attributes in process `syz.3.996'.
[  513.518706][T10039] fuse: Unknown parameter 'grou00000000000000000000'
[  514.694094][T10048] netlink: 'syz.5.1000': attribute type 27 has an invalid length.
[  514.702113][T10048] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1000'.
[  514.935839][T10056] tipc: Started in network mode
[  514.960257][T10056] tipc: Node identity ee80dc944c15, cluster identity 4711
[  514.995691][T10056] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  515.307237][T10056] tipc: Resetting bearer <eth:syzkaller0>
[  515.327851][T10055] tipc: Disabling bearer <eth:syzkaller0>
[  515.866982][T10071] binder: 10070:10071 unknown command 0
[  515.893297][T10071] binder: 10070:10071 ioctl c0306201 200000000080 returned -22
[  518.214404][ T6014] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  518.224410][T10089] fuse: Unknown parameter 'grou00000000000000000000'
[  518.393595][ T6014] usb 2-1: Using ep0 maxpacket: 8
[  518.407669][ T6014] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  518.424862][ T6014] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  518.456646][ T6014] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  518.485357][ T6014] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  518.504419][ T6014] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  518.514446][ T6014] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.768687][ T6014] usb 2-1: GET_CAPABILITIES returned 0
[  518.783953][ T6014] usbtmc 2-1:16.0: can't read capabilities
[  519.237816][ T6014] IPVS: starting estimator thread 0...
[  519.343665][T10095] IPVS: using max 22 ests per chain, 52800 per kthread
[  519.460941][T10100] 9p: Bad value for 'rfdno'
[  519.474355][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  519.485068][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  519.494212][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  519.503287][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  519.512360][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  519.578912][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  519.588173][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  519.597316][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  519.606451][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  519.622318][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  519.631476][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  519.641042][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  519.650157][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  519.672977][ T6014] usb 2-1: USB disconnect, device number 5
[  522.345182][T10132] overlayfs: failed to resolve './bus': -2
[  522.933926][T10137] 9p: Bad value for 'rfdno'
[  523.944075][T10149] fuse: Unknown parameter 'user_id00000000000000000000'
[  524.603940][ T5906] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  525.102856][T10165] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1025'.
[  525.283901][ T5906] usb 6-1: Using ep0 maxpacket: 8
[  525.291692][ T5906] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  525.347247][ T5906] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  525.364251][ T5906] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  525.841014][T10169] ceph: No mds server is up or the cluster is laggy
[  525.853853][ T5906] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  525.873784][ T5906] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  525.893469][ T5906] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  526.337449][ T5906] usb 6-1: GET_CAPABILITIES returned 0
[  526.343256][ T5906] usbtmc 6-1:16.0: can't read capabilities
[  526.741617][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  526.750769][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  526.759854][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  526.768951][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  526.778060][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  526.878792][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  526.887933][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  526.897051][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  526.906136][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  527.025570][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  527.034686][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  527.043847][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  527.053096][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  527.062190][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  527.208332][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  527.217448][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  527.299332][   T10] usb 6-1: USB disconnect, device number 7
[  529.098837][T10203] syû: rxe_newlink: already configured on bond_slave_0
[  529.357169][T10205] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1048'.
[  530.247227][T10224] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1054'.
[  532.953627][T10251] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1062'.
[  533.919973][T10255] netlink: 'syz.3.1064': attribute type 10 has an invalid length.
[  534.396077][T10255] bridge0: port 3(syz_tun) entered disabled state
[  534.403145][T10255] bridge0: port 2(bridge_slave_1) entered disabled state
[  534.410581][T10255] bridge0: port 1(bridge_slave_0) entered disabled state
[  534.625991][T10255] bridge0: port 3(syz_tun) entered blocking state
[  534.632705][T10255] bridge0: port 3(syz_tun) entered forwarding state
[  534.640582][T10255] bridge0: port 2(bridge_slave_1) entered blocking state
[  534.647784][T10255] bridge0: port 2(bridge_slave_1) entered forwarding state
[  534.655280][T10255] bridge0: port 1(bridge_slave_0) entered blocking state
[  534.662465][T10255] bridge0: port 1(bridge_slave_0) entered forwarding state
[  534.823917][T10255] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  535.512827][ T5913] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  535.556911][ T5913] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  536.069178][T10266] fido_id[10266]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  539.834045][T10291] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1074'.
[  541.789295][T10309] tmpfs: Cannot enable quota on remount
[  544.085199][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  544.096222][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  544.105755][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  544.124496][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  544.138985][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  545.907749][ T9863] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  546.049406][ T9863] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  546.180128][ T9863] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  546.190554][ T5844] Bluetooth: hci2: command tx timeout
[  546.327646][ T9863] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  546.671089][T10345] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1091'.
[  547.064119][T10345] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1091'.
[  547.602436][ T9863] bridge_slave_1: left allmulticast mode
[  547.631189][ T9863] bridge_slave_1: left promiscuous mode
[  547.656399][ T9863] bridge0: port 2(bridge_slave_1) entered disabled state
[  547.764885][ T9863] bridge_slave_0: left allmulticast mode
[  547.770571][ T9863] bridge_slave_0: left promiscuous mode
[  547.804012][ T9863] bridge0: port 1(bridge_slave_0) entered disabled state
[  548.263635][ T5844] Bluetooth: hci2: command tx timeout
[  548.342185][T10356] tmpfs: Cannot enable quota on remount
[  550.343749][ T5844] Bluetooth: hci2: command tx timeout
[  551.154080][T10378] trusted_key: encrypted_key: hex blob is missing
[  552.433583][ T5844] Bluetooth: hci2: command tx timeout
[  553.283634][ T9863] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  554.185738][ T9863] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  554.306813][ T9863] bond0 (unregistering): Released all slaves
[  554.601868][ T5913] syû: Port: 1 Link DOWN
[  554.659498][T10405] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1106'.
[  554.753945][ T9863] tipc: Left network mode
[  554.880811][ T5949] libceph: connect (1)[c::]:6789 error -101
[  554.914856][ T5949] libceph: mon0 (1)[c::]:6789 connect error
[  555.121162][T10325] chnl_net:caif_netlink_parms(): no params data found
[  555.194113][ T6089] libceph: connect (1)[c::]:6789 error -101
[  555.324077][ T6089] libceph: mon0 (1)[c::]:6789 connect error
[  555.439471][T10416] input: syz1 as /devices/virtual/input/input19
[  555.913968][ T6089] libceph: connect (1)[c::]:6789 error -101
[  555.937245][ T6089] libceph: mon0 (1)[c::]:6789 connect error
[  555.977121][T10409] ceph: No mds server is up or the cluster is laggy
[  558.202626][T10325] bridge0: port 1(bridge_slave_0) entered blocking state
[  558.262603][T10325] bridge0: port 1(bridge_slave_0) entered disabled state
[  558.403784][T10325] bridge_slave_0: entered allmulticast mode
[  558.440042][T10325] bridge_slave_0: entered promiscuous mode
[  558.581042][ T9863] hsr_slave_0: left promiscuous mode
[  558.602170][ T9863] hsr_slave_1: left promiscuous mode
[  558.626458][ T9863] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  558.669102][ T9863] batman_adv: batadv0: Removing interface: batadv_slave_0
[  558.712844][ T9863] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  558.737070][ T9863] batman_adv: batadv0: Removing interface: batadv_slave_1
[  558.845444][ T9863] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  558.857666][ T9863] batman_adv: batadv0: Removing interface: virt_wifi0
[  558.989862][ T9863] veth1_macvtap: left promiscuous mode
[  559.016145][ T9863] veth0_macvtap: left promiscuous mode
[  559.026211][ T9863] veth1_vlan: left promiscuous mode
[  559.045010][ T9863] veth0_vlan: left promiscuous mode
[  559.926287][T10466] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1118'.
[  562.737640][ T9863] team0 (unregistering): Port device team_slave_1 removed
[  563.038442][ T9863] team0 (unregistering): Port device team_slave_0 removed
[  564.099073][ T9864] smc: removing ib device syû
[  565.233598][ T5844] Bluetooth: hci5: command 0x0406 tx timeout
[  567.983052][T10450] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1114'.
[  568.001220][T10325] bridge0: port 2(bridge_slave_1) entered blocking state
[  568.011544][T10325] bridge0: port 2(bridge_slave_1) entered disabled state
[  568.031105][T10325] bridge_slave_1: entered allmulticast mode
[  568.055140][T10325] bridge_slave_1: entered promiscuous mode
[  568.078746][T10522] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1134'.
[  568.106361][T10522] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1134'.
[  568.275028][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  568.281506][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  568.678940][T10525] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  568.817547][T10325] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  569.244238][T10325] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  570.524481][T10555] random: crng reseeded on system resumption
[  571.335439][T10561] random: crng reseeded on system resumption
[  571.511827][T10545] syzkaller0: entered promiscuous mode
[  571.554573][T10545] syzkaller0: entered allmulticast mode
[  572.277795][T10325] team0: Port device team_slave_0 added
[  572.323354][T10572] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1144'.
[  572.524731][T10325] team0: Port device team_slave_1 added
[  572.639617][T10579] input: syz1 as /devices/virtual/input/input20
[  572.768239][T10586] input: syz0 as /devices/virtual/input/input21
[  573.015039][T10325] batman_adv: batadv0: Adding interface: batadv_slave_0
[  573.030767][T10325] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  573.095196][T10325] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  573.127818][T10325] batman_adv: batadv0: Adding interface: batadv_slave_1
[  573.142751][T10325] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  574.108771][T10325] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  574.866611][T10325] hsr_slave_0: entered promiscuous mode
[  574.959749][T10325] hsr_slave_1: entered promiscuous mode
[  575.007574][T10325] debugfs: 'hsr0' already exists in 'hsr'
[  575.033019][T10325] Cannot create hsr debugfs directory
[  575.127762][T10621] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1158'.
[  575.900475][T10628] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1156'.
[  576.180582][T10636] syzkaller0: entered promiscuous mode
[  576.193581][T10636] syzkaller0: entered allmulticast mode
[  577.262266][T10655] netlink: 'syz.7.1163': attribute type 9 has an invalid length.
[  577.294245][T10657] fuse: Unknown parameter 'fd0x0000000000000003'
[  578.278147][T10325] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  578.412987][T10325] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  578.538656][T10325] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  578.725953][T10325] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  579.206177][T10689] tmpfs: Cannot enable quota on remount
[  579.695068][T10325] 8021q: adding VLAN 0 to HW filter on device bond0
[  579.764436][T10325] 8021q: adding VLAN 0 to HW filter on device team0
[  579.804235][ T9864] bridge0: port 1(bridge_slave_0) entered blocking state
[  579.811393][ T9864] bridge0: port 1(bridge_slave_0) entered forwarding state
[  579.866791][ T9864] bridge0: port 2(bridge_slave_1) entered blocking state
[  579.873982][ T9864] bridge0: port 2(bridge_slave_1) entered forwarding state
[  580.026187][T10325] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  581.228699][T10698] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1171'.
[  581.240457][T10698] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1171'.
[  581.250570][T10698] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1171'.
[  581.260000][T10698] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1171'.
[  581.277128][T10698] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1171'.
[  582.445898][T10718] vivid-000: kernel_thread() failed
[  583.362531][T10325] 8021q: adding VLAN 0 to HW filter on device batadv0
[  583.673968][T10736] fuse: Unknown parameter 'fd0x0000000000000003'
[  585.051918][T10325] veth0_vlan: entered promiscuous mode
[  585.096037][T10325] veth1_vlan: entered promiscuous mode
[  585.177844][T10325] veth0_macvtap: entered promiscuous mode
[  585.191068][T10325] veth1_macvtap: entered promiscuous mode
[  585.220159][T10325] batman_adv: batadv0: Interface activated: batadv_slave_0
[  585.232883][T10325] batman_adv: batadv0: Interface activated: batadv_slave_1
[  585.297306][ T9863] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  585.364020][ T9863] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  585.454667][ T9863] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  585.463674][ T9863] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  585.526795][T10771] trusted_key: encrypted_key: hex blob is missing
[  586.955446][T10784] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  587.182578][ T1320] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  587.241069][ T1320] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  587.475870][ T8885] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  587.497558][ T8885] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  588.033579][T10793] tmpfs: Cannot enable quota on remount
[  590.485559][T10825] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1194'.
[  591.677013][T10845] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  592.141261][T10844] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  592.348527][T10851] tmpfs: Cannot enable quota on remount
[  595.413183][T10893] tmpfs: Cannot enable quota on remount
[  595.727830][T10895] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  595.913274][T10898] overlayfs: failed to resolve './file0': -2
[  598.915589][T10933] overlayfs: failed to resolve './file0': -2
[  600.242738][T10941] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  600.365605][T10943] kvm: requested 162590 ns i8254 timer period limited to 200000 ns
[  600.730742][T10954] netlink: 48 bytes leftover after parsing attributes in process `syz.8.1232'.
[  601.973846][T10974] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  602.704570][T10979] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1239'.
[  602.737562][T10979] netdevsim netdevsim8 netdevsim0: entered allmulticast mode
[  603.042198][T10984] overlayfs: failed to resolve './file0': -2
[  603.773438][T11006] binder: 11003:11006 unknown command 0
[  603.793705][T11006] binder: 11003:11006 ioctl c0306201 200000000080 returned -22
[  603.835175][T11006] binder: BINDER_SET_CONTEXT_MGR already set
[  603.842143][T11006] binder: 11003:11006 ioctl 4018620d 200000000040 returned -16
[  603.915240][T11006] binder: 11003:11006 ioctl c0306201 200000000300 returned -11
[  604.295178][T11019] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  605.670129][T11025] random: crng reseeded on system resumption
[  607.150585][T11035] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1253'.
[  607.271327][T11038] netlink: 'syz.3.1255': attribute type 27 has an invalid length.
[  607.279224][T11038] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1255'.
[  607.312143][ T5949] libceph: connect (1)[c::]:6789 error -101
[  607.328574][ T5949] libceph: mon0 (1)[c::]:6789 connect error
[  607.842410][ T5949] libceph: connect (1)[c::]:6789 error -101
[  608.021631][ T5949] libceph: mon0 (1)[c::]:6789 connect error
[  608.102556][T11039] ceph: No mds server is up or the cluster is laggy
[  613.571345][T11103] syzkaller0: entered promiscuous mode
[  613.603727][T11103] syzkaller0: entered allmulticast mode
[  615.874259][T11133] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1278'.
[  615.891304][T11133] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1278'.
[  616.004130][T11133] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1278'.
[  616.014541][T11133] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1278'.
[  616.024691][T11133] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1278'.
[  620.176022][T11183] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  620.949807][ T5898] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  621.110359][T11196] batadv_slave_0: entered promiscuous mode
[  621.122606][T11194] batadv_slave_0: left promiscuous mode
[  621.177000][ T5898] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  621.193854][ T5898] usb 5-1: config 0 has no interface number 0
[  621.203548][ T5898] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  621.233564][ T5898] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  621.257102][ T5898] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  621.293572][ T5898] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  621.314028][ T5898] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  621.326593][ T5898] usb 5-1: config 0 descriptor??
[  621.346016][ T5898] ldusb 5-1:0.55: Interrupt in endpoint not found
[  624.142487][T11223] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  624.241834][   T10] usb 5-1: USB disconnect, device number 6
[  625.982159][T11246] =======================================================
[  625.982159][T11246] WARNING: The mand mount option has been deprecated and
[  625.982159][T11246]          and is ignored by this kernel. Remove the mand
[  625.982159][T11246]          option from the mount to silence this warning.
[  625.982159][T11246] =======================================================
[  626.034107][T11246] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  627.172687][T11249] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1313'.
[  627.217861][T11249] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1313'.
[  627.324994][T11249] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1313'.
[  627.344140][T11249] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1313'.
[  627.433640][ T5906] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  627.923155][ T5906] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  628.178766][ T5906] usb 4-1: config 0 has no interface number 0
[  628.203546][ T5906] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  628.234206][ T5906] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  628.245375][ T5906] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  628.259411][ T5906] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  628.268891][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  628.288402][ T5906] usb 4-1: config 0 descriptor??
[  628.302631][ T5906] ldusb 4-1:0.55: Interrupt in endpoint not found
[  628.467972][T11267] syzkaller0: entered promiscuous mode
[  628.473757][T11267] syzkaller0: entered allmulticast mode
[  628.557965][T11270] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  629.728342][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  629.740856][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  631.021889][ T5898] usb 4-1: USB disconnect, device number 6
[  631.551418][T11282] netlink: 9 bytes leftover after parsing attributes in process `syz.7.1323'.
[  631.599174][T11282] netlink: 9 bytes leftover after parsing attributes in process `syz.7.1323'.
[  635.064452][ T5899] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[  635.339857][ T5899] usb 9-1: config 0 has an invalid interface number: 55 but max is 0
[  635.349754][ T5899] usb 9-1: config 0 has no interface number 0
[  635.389712][ T5899] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  635.418223][ T5899] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  635.433029][ T5899] usb 9-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  635.450169][ T5899] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  635.462478][ T5899] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  635.643168][ T5899] usb 9-1: config 0 descriptor??
[  635.760034][ T5899] ldusb 9-1:0.55: Interrupt in endpoint not found
[  637.242711][T11330] syzkaller0: entered promiscuous mode
[  637.248675][T11330] syzkaller0: entered allmulticast mode
[  638.091362][ T5899] usb 9-1: USB disconnect, device number 2
[  640.811642][T11368] random: crng reseeded on system resumption
[  643.728349][T11411] binder: BINDER_SET_CONTEXT_MGR already set
[  643.753668][T11411] binder: 11410:11411 ioctl 4018620d 200000004a80 returned -16
[  645.160494][T11424] random: crng reseeded on system resumption
[  646.464488][ T6088] IPVS: starting estimator thread 0...
[  646.973619][T11430] IPVS: using max 26 ests per chain, 62400 per kthread
[  647.523862][T11443] binder: 11442:11443 unknown command 0
[  647.529539][T11443] binder: 11442:11443 ioctl c0306201 200000000080 returned -22
[  647.564647][T11443] binder: 11442:11443 ioctl c0306201 200000000300 returned -11
[  651.337176][ T6088] IPVS: starting estimator thread 0...
[  652.245286][T11476] IPVS: using max 37 ests per chain, 88800 per kthread
[  652.602657][T11488] binder: 11487:11488 unknown command 0
[  652.615139][T11488] binder: 11487:11488 ioctl c0306201 200000000080 returned -22
[  652.636114][T11488] binder: 11487:11488 ioctl c0306201 200000000300 returned -11
[  655.156268][T11505] fuse: Bad value for 'user_id'
[  655.161385][T11505] fuse: Bad value for 'user_id'
[  655.354308][T11508] fuse: Bad value for 'user_id'
[  655.359200][T11508] fuse: Bad value for 'user_id'
[  657.632771][T11520] tmpfs: Bad value for 'mpol'
[  659.115125][T11537] binder: 11536:11537 unknown command 0
[  659.121038][T11537] binder: 11536:11537 ioctl c0306201 200000000080 returned -22
[  659.138021][T11537] binder: 11536:11537 ioctl c0306201 200000000300 returned -11
[  666.136654][T11599] af_packet: tpacket_rcv: packet too big, clamped from 122 to 4294967286. macoff=82
[  667.625980][ T5842] Bluetooth: hci2: command 0x0406 tx timeout
[  676.307648][T11679] fuse: Bad value for 'fd'
[  676.327573][T11679] fuse: Bad value for 'fd'
[  677.598933][T11700] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1435'.
[  677.607987][T11700] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1435'.
[  678.348404][T11695] md: could not open device unknown-block(117,0).
[  678.533819][T11695] md: md_import_device returned -6
[  678.655540][T11709] overlayfs: failed to resolve './bus': -2
[  679.361879][T11712] fuse: Bad value for 'fd'
[  679.374511][T11712] fuse: Bad value for 'fd'
[  679.474430][T11717] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1443'.
[  679.522580][T11717] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1443'.
[  679.563939][T11717] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1443'.
[  679.777210][T11717] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1443'.
[  682.035346][T11745] overlayfs: missing 'workdir'
[  682.651798][T11753] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  682.675494][T11753] block device autoloading is deprecated and will be removed.
[  682.845861][T11759] overlayfs: failed to resolve './bus': -2
[  683.556253][T11765] input: syz1 as /devices/virtual/input/input23
[  684.110703][T11771] binder: 11769:11771 unknown command 0
[  684.113619][ T5949] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  684.151240][T11771] binder: 11769:11771 ioctl c0306201 200000000080 returned -22
[  684.200738][T11774] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1459'.
[  684.231284][T11774] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1459'.
[  684.262286][T11774] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1459'.
[  684.284106][T11774] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1459'.
[  684.315381][ T5949] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  684.336560][ T5949] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  684.348590][ T5949] usb 6-1: Product: syz
[  684.358913][ T5949] usb 6-1: Manufacturer: syz
[  684.367647][ T5949] usb 6-1: SerialNumber: syz
[  684.899313][ T5949] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  685.022881][ T5899] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  685.110378][T11786] overlayfs: missing 'workdir'
[  685.483237][T11792] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  685.823119][T11793] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1465'.
[  686.249907][ T5899] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  686.296240][ T5949] usb 6-1: USB disconnect, device number 8
[  686.309954][ T5899] ath9k_htc: Failed to initialize the device
[  686.323204][ T5949] usb 6-1: ath9k_htc: USB layer deinitialized
[  688.044174][T11811] overlayfs: failed to resolve './bus': -2
[  688.154903][T11815] input: syz1 as /devices/virtual/input/input24
[  690.616407][T11833] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1477'.
[  690.904994][T11842] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  690.918304][T11842] syzkaller0: entered promiscuous mode
[  690.929823][T11842] syzkaller0: entered allmulticast mode
[  691.154023][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  691.160426][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  691.324479][T11837] ceph: No mds server is up or the cluster is laggy
[  693.431362][T11873] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  693.465655][T11873] syzkaller0: entered promiscuous mode
[  693.471205][T11873] syzkaller0: entered allmulticast mode
[  693.621531][T11880] usb usb8: check_ctrlrecip: process 11880 (syz.3.1493) requesting ep 01 but needs 81
[  693.665348][T11880] usb usb8: usbfs: process 11880 (syz.3.1493) did not claim interface 0 before use
[  694.559413][T11883] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1494'.
[  695.131477][T11897] 9p: Bad value for 'rfdno'
[  695.273284][T11886] ceph: No mds server is up or the cluster is laggy
[  696.404024][T11918] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  696.434668][T11918] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  698.188734][T11929] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  698.661489][T11931] syzkaller0: entered promiscuous mode
[  698.853092][T11931] syzkaller0: entered allmulticast mode
[  700.526830][T11958] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1515'.
[  703.690495][T11979] fuse: Bad value for 'fd'
[  703.776956][   T10] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[  704.431423][   T10] usb 6-1: unable to get BOS descriptor or descriptor too short
[  704.473605][   T10] usb 6-1: not running at top speed; connect to a high speed hub
[  704.920030][   T10] usb 6-1: config 1 has an invalid interface number: 138 but max is 0
[  704.963384][T11989] random: crng reseeded on system resumption
[  705.242949][   T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  705.271790][   T10] usb 6-1: config 1 has no interface number 0
[  705.282434][T11991] binder: 11990:11991 unknown command 0
[  705.288856][T11991] binder: 11990:11991 ioctl c0306201 200000000080 returned -22
[  705.291753][   T10] usb 6-1: config 1 interface 138 altsetting 252 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  705.532462][   T10] usb 6-1: config 1 interface 138 has no altsetting 0
[  705.563318][   T10] usb 6-1: string descriptor 0 read error: -71
[  705.733618][   T10] usb 6-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae
[  705.759595][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  705.782559][   T10] usb 6-1: can't set config #1, error -71
[  705.847639][T12001] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1526'.
[  706.465013][   T10] usb 6-1: USB disconnect, device number 9
[  706.701263][T12003] tmpfs: Unknown parameter 'grpquot'
[  708.937054][T12041] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  709.067694][T12042] random: crng reseeded on system resumption
[  711.627238][T12062] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1544'.
[  714.913713][T12085] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/nbd8": -EINTR
[  714.936205][ T5949] libceph: connect (1)[c::]:6789 error -101
[  714.994999][ T5949] libceph: mon0 (1)[c::]:6789 connect error
[  715.231408][T12089] ceph: No mds server is up or the cluster is laggy
[  715.276448][ T5949] libceph: connect (1)[c::]:6789 error -101
[  715.301846][ T5949] libceph: mon0 (1)[c::]:6789 connect error
[  717.665262][T12135] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1565'.
[  717.933624][T12143] netlink: 324 bytes leftover after parsing attributes in process `syz.5.1567'.
[  718.063934][ T5949] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  718.296635][ T5949] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  718.332390][ T5949] usb 4-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[  718.449670][ T5949] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  718.495333][ T5949] usb 4-1: config 0 descriptor??
[  718.996403][ T5949] hid-picolcd 0003:04D8:C002.0003: unknown main item tag 0x0
[  719.482753][ T5949] hid-picolcd 0003:04D8:C002.0003: unknown main item tag 0x0
[  719.513526][ T5949] hid-picolcd 0003:04D8:C002.0003: unknown main item tag 0x0
[  719.567270][ T5949] hid-picolcd 0003:04D8:C002.0003: unknown main item tag 0x0
[  719.612487][ T5949] hid-picolcd 0003:04D8:C002.0003: unknown main item tag 0x0
[  719.632883][ T5949] hid-picolcd 0003:04D8:C002.0003: unknown main item tag 0x0
[  719.793771][ T5949] hid-picolcd 0003:04D8:C002.0003: unknown main item tag 0x0
[  719.877312][ T5949] hid-picolcd 0003:04D8:C002.0003: No report with id 0x11 found
[  720.685744][ T5949] usb 4-1: USB disconnect, device number 7
[  722.919432][T12189] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1581'.
[  722.974386][T12190] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1581'.
[  723.016569][T12190] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1581'.
[  723.029035][T12190] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1581'.
[  723.708395][T12203] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1586'.
[  724.592855][T12212] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1589'.
[  724.619261][T12212] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1589'.
[  729.748181][T12252] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1597'.
[  729.877079][T12259] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1600'.
[  733.331780][T12283] binder: 12278:12283 ioctl 4018620d 0 returned -22
[  733.342735][T12283] binder: 12278:12283 unknown command 0
[  733.350349][T12283] binder: 12278:12283 ioctl c0306201 200000000080 returned -22
[  733.818765][T12283] binder: 12278:12283 ioctl c0306201 200000000300 returned -11
[  737.619230][T12320] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1613'.
[  737.868547][ T5844] Bluetooth: hci5: unexpected event for opcode 0x202d
[  741.924078][T12363] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1628'.
[  742.013285][T12364] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1628'.
[  742.060104][T12364] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1628'.
[  742.244837][T12364] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1628'.
[  742.574760][T12365] tmpfs: Cannot enable quota on remount
[  746.929311][T12399] overlayfs: failed to resolve './bus': -2
[  749.584082][T12420] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  750.908699][T12419] tmpfs: Cannot enable quota on remount
[  751.569657][T12437] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  751.588918][T12440] fuse: Unknown parameter 'user_id00000000000000000000'
[  751.812020][T12443] fuse: Unknown parameter 'user_id00000000000000000000'
[  752.676091][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  752.683564][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  752.992163][T12452] tmpfs: Cannot enable quota on remount
[  754.346632][T12469] syzkaller0: entered promiscuous mode
[  754.372701][T12469] syzkaller0: entered allmulticast mode
[  754.957770][T12478] fuse: Bad value for 'fd'
[  754.963281][T12478] fuse: Bad value for 'fd'
[  757.264020][T12508] tmpfs: Cannot enable quota on remount
[  759.318657][T12520] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1676'.
[  760.815087][T12544] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  761.617497][T12547] syzkaller0: entered promiscuous mode
[  761.672517][T12547] syzkaller0: entered allmulticast mode
[  762.112706][T12555] tmpfs: Cannot enable quota on remount
[  764.665683][T12577] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1691'.
[  766.666107][T12597] tmpfs: Cannot enable quota on remount
[  769.252976][T12621] binder: 12620:12621 ioctl c0306201 200000000300 returned -11
[  771.291902][T12648] tmpfs: Cannot enable quota on remount
[  778.500393][T12731] mmap: syz.7.1746 (12731) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  779.444188][T12727] ==================================================================
[  779.452288][T12727] BUG: KASAN: slab-use-after-free in locks_remove_posix+0x10f/0x630
[  779.460284][T12727] Read of size 8 at addr ffff8880782e3ec0 by task syz.4.1743/12727
[  779.468199][T12727] 
[  779.470548][T12727] CPU: 0 UID: 0 PID: 12727 Comm: syz.4.1743 Not tainted syzkaller #0 PREEMPT(full) 
[  779.470577][T12727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  779.470593][T12727] Call Trace:
[  779.470600][T12727]  <TASK>
[  779.470607][T12727]  dump_stack_lvl+0x189/0x250
[  779.470629][T12727]  ? __kasan_check_byte+0x12/0x40
[  779.470648][T12727]  ? __pfx_dump_stack_lvl+0x10/0x10
[  779.470666][T12727]  ? lock_release+0x4b/0x3b0
[  779.470683][T12727]  ? __virt_addr_valid+0x4a5/0x5c0
[  779.470704][T12727]  print_report+0xca/0x240
[  779.470719][T12727]  ? locks_remove_posix+0x10f/0x630
[  779.470736][T12727]  kasan_report+0x118/0x150
[  779.470754][T12727]  ? locks_remove_posix+0x10f/0x630
[  779.470774][T12727]  locks_remove_posix+0x10f/0x630
[  779.470793][T12727]  ? __pfx_locks_remove_posix+0x10/0x10
[  779.470820][T12727]  ? do_raw_spin_unlock+0x122/0x240
[  779.470841][T12727]  ? dnotify_flush+0x1db/0x5e0
[  779.470855][T12727]  ? mqueue_flush_file+0x21c/0x270
[  779.470873][T12727]  ? filp_flush+0xae/0x190
[  779.470894][T12727]  filp_flush+0x113/0x190
[  779.470915][T12727]  filp_close+0x1d/0x40
[  779.470934][T12727]  put_files_struct+0x1ba/0x350
[  779.470955][T12727]  do_exit+0x67f/0x2310
[  779.470976][T12727]  ? do_raw_spin_lock+0x121/0x290
[  779.470997][T12727]  ? __pfx_do_exit+0x10/0x10
[  779.471021][T12727]  do_group_exit+0x21c/0x2d0
[  779.471041][T12727]  ? lockdep_hardirqs_on+0x98/0x140
[  779.471058][T12727]  get_signal+0x1285/0x1340
[  779.471080][T12727]  arch_do_signal_or_restart+0x9a/0x7a0
[  779.471102][T12727]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  779.471129][T12727]  ? exit_to_user_mode_loop+0x55/0x4f0
[  779.471145][T12727]  exit_to_user_mode_loop+0x87/0x4f0
[  779.471159][T12727]  ? rcu_is_watching+0x15/0xb0
[  779.471178][T12727]  do_syscall_64+0x2e3/0xf80
[  779.471196][T12727]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  779.471210][T12727]  ? clear_bhb_loop+0x60/0xb0
[  779.471226][T12727]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  779.471243][T12727] RIP: 0033:0x7f52d678f749
[  779.471259][T12727] Code: Unable to access opcode bytes at 0x7f52d678f71f.
[  779.471268][T12727] RSP: 002b:00007f52d7638038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0
[  779.471287][T12727] RAX: 0000000000000005 RBX: 00007f52d69e5fa0 RCX: 00007f52d678f749
[  779.471298][T12727] RDX: 0000000000000136 RSI: 0000000000000001 RDI: 0000200000000780
[  779.471308][T12727] RBP: 00007f52d6813f91 R08: 0000000000000000 R09: 0000000000000000
[  779.471317][T12727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  779.471326][T12727] R13: 00007f52d69e6038 R14: 00007f52d69e5fa0 R15: 00007ffd7d903fc8
[  779.471344][T12727]  </TASK>
[  779.471350][T12727] 
[  779.725669][T12727] Allocated by task 12727:
[  779.730094][T12727]  kasan_save_track+0x3e/0x80
[  779.734790][T12727]  __kasan_slab_alloc+0x6c/0x80
[  779.739662][T12727]  kmem_cache_alloc_noprof+0x37d/0x710
[  779.745138][T12727]  locks_get_lock_context+0x134/0x3b0
[  779.750522][T12727]  generic_setlease+0x528/0x1280
[  779.755468][T12727]  do_fcntl_add_lease+0x34d/0x460
[  779.760532][T12727]  fcntl_setlease+0x123/0x180
[  779.765383][T12727]  do_fcntl+0x867/0x1a50
[  779.769654][T12727]  __se_sys_fcntl+0xc8/0x150
[  779.774287][T12727]  do_syscall_64+0xfa/0xf80
[  779.778810][T12727]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  779.784713][T12727] 
[  779.787043][T12727] Freed by task 12727:
[  779.791112][T12727]  kasan_save_track+0x3e/0x80
[  779.795804][T12727]  kasan_save_free_info+0x46/0x50
[  779.800843][T12727]  __kasan_slab_free+0x5c/0x80
[  779.805615][T12727]  kmem_cache_free+0x197/0x620
[  779.810476][T12727]  __destroy_inode+0x2ea/0x670
[  779.815315][T12727]  evict+0x87d/0xae0
[  779.819221][T12727]  __dentry_kill+0x209/0x660
[  779.823818][T12727]  finish_dput+0xc9/0x480
[  779.828174][T12727]  path_put+0x39/0x60
[  779.832170][T12727]  do_mq_open+0x468/0x7c0
[  779.836509][T12727]  __x64_sys_mq_open+0x16a/0x1c0
[  779.841460][T12727]  do_syscall_64+0xfa/0xf80
[  779.845970][T12727]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  779.851872][T12727] 
[  779.854197][T12727] The buggy address belongs to the object at ffff8880782e3e70
[  779.854197][T12727]  which belongs to the cache file_lock_ctx of size 112
[  779.868515][T12727] The buggy address is located 80 bytes inside of
[  779.868515][T12727]  freed 112-byte region [ffff8880782e3e70, ffff8880782e3ee0)
[  779.882243][T12727] 
[  779.884575][T12727] The buggy address belongs to the physical page:
[  779.891004][T12727] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880782e3dc0 pfn:0x782e3
[  779.901080][T12727] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  779.908198][T12727] page_type: f5(slab)
[  779.912184][T12727] raw: 00fff00000000000 ffff88801c6d2640 dead000000000122 0000000000000000
[  779.920773][T12727] raw: ffff8880782e3dc0 0000000080170016 00000000f5000000 0000000000000000
[  779.929357][T12727] page dumped because: kasan: bad access detected
[  779.935777][T12727] page_owner tracks the page as allocated
[  779.941492][T12727] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5208, tgid 5208 (udevd), ts 53787083602, free_ts 53783810811
[  779.960173][T12727]  post_alloc_hook+0x234/0x290
[  779.964951][T12727]  get_page_from_freelist+0x2365/0x2440
[  779.970508][T12727]  __alloc_frozen_pages_noprof+0x181/0x370
[  779.976339][T12727]  alloc_pages_mpol+0x232/0x4a0
[  779.981206][T12727]  allocate_slab+0x86/0x3b0
[  779.985732][T12727]  ___slab_alloc+0xf2b/0x1960
[  779.990503][T12727]  __slab_alloc+0x65/0x100
[  779.994936][T12727]  kmem_cache_alloc_noprof+0x40f/0x710
[  780.000435][T12727]  locks_get_lock_context+0x134/0x3b0
[  780.005993][T12727]  flock_lock_inode+0xf2/0x1410
[  780.010852][T12727]  locks_lock_inode_wait+0x107/0x410
[  780.016146][T12727]  __se_sys_flock+0x467/0x5b0
[  780.020832][T12727]  do_syscall_64+0xfa/0xf80
[  780.025348][T12727]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  780.031246][T12727] page last free pid 5204 tgid 5204 stack trace:
[  780.037570][T12727]  __free_frozen_pages+0xbc8/0xd30
[  780.042685][T12727]  rcu_core+0xd70/0x1870
[  780.046935][T12727]  handle_softirqs+0x27d/0x850
[  780.051705][T12727]  __irq_exit_rcu+0xca/0x1f0
[  780.056305][T12727]  irq_exit_rcu+0x9/0x30
[  780.060548][T12727]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  780.066184][T12727]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  780.072201][T12727] 
[  780.074541][T12727] Memory state around the buggy address:
[  780.080173][T12727]  ffff8880782e3d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  780.088236][T12727]  ffff8880782e3e00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb
[  780.096300][T12727] >ffff8880782e3e80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  780.104360][T12727]                                            ^
[  780.110519][T12727]  ffff8880782e3f00: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
[  780.118672][T12727]  ffff8880782e3f80: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  780.126730][T12727] ==================================================================
[  780.237176][T12727] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  780.244423][T12727] CPU: 1 UID: 0 PID: 12727 Comm: syz.4.1743 Not tainted syzkaller #0 PREEMPT(full) 
[  780.253834][T12727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  780.263919][T12727] Call Trace:
[  780.267220][T12727]  <TASK>
[  780.270166][T12727]  dump_stack_lvl+0x99/0x250
[  780.274766][T12727]  ? __asan_memcpy+0x40/0x70
[  780.279394][T12727]  ? __pfx_dump_stack_lvl+0x10/0x10
[  780.284613][T12727]  ? __pfx__printk+0x10/0x10
[  780.289265][T12727]  vpanic+0x237/0x6d0
[  780.293285][T12727]  ? __pfx_vpanic+0x10/0x10
[  780.297809][T12727]  ? preempt_schedule+0xae/0xc0
[  780.302693][T12727]  ? __pfx_preempt_schedule+0x10/0x10
[  780.308091][T12727]  panic+0xb9/0xc0
[  780.311830][T12727]  ? __pfx_panic+0x10/0x10
[  780.316266][T12727]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  780.322186][T12727]  ? locks_remove_posix+0x10f/0x630
[  780.327421][T12727]  check_panic_on_warn+0x89/0xb0
[  780.332380][T12727]  ? locks_remove_posix+0x10f/0x630
[  780.337598][T12727]  end_report+0x6f/0x140
[  780.341861][T12727]  kasan_report+0x129/0x150
[  780.346374][T12727]  ? locks_remove_posix+0x10f/0x630
[  780.351587][T12727]  locks_remove_posix+0x10f/0x630
[  780.356623][T12727]  ? __pfx_locks_remove_posix+0x10/0x10
[  780.362196][T12727]  ? do_raw_spin_unlock+0x122/0x240
[  780.367411][T12727]  ? dnotify_flush+0x1db/0x5e0
[  780.372188][T12727]  ? mqueue_flush_file+0x21c/0x270
[  780.377316][T12727]  ? filp_flush+0xae/0x190
[  780.381750][T12727]  filp_flush+0x113/0x190
[  780.386113][T12727]  filp_close+0x1d/0x40
[  780.390288][T12727]  put_files_struct+0x1ba/0x350
[  780.395157][T12727]  do_exit+0x67f/0x2310
[  780.399332][T12727]  ? do_raw_spin_lock+0x121/0x290
[  780.404378][T12727]  ? __pfx_do_exit+0x10/0x10
[  780.409078][T12727]  do_group_exit+0x21c/0x2d0
[  780.413680][T12727]  ? lockdep_hardirqs_on+0x98/0x140
[  780.418903][T12727]  get_signal+0x1285/0x1340
[  780.423425][T12727]  arch_do_signal_or_restart+0x9a/0x7a0
[  780.428992][T12727]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  780.435170][T12727]  ? exit_to_user_mode_loop+0x55/0x4f0
[  780.440665][T12727]  exit_to_user_mode_loop+0x87/0x4f0
[  780.445960][T12727]  ? rcu_is_watching+0x15/0xb0
[  780.450741][T12727]  do_syscall_64+0x2e3/0xf80
[  780.455347][T12727]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  780.461418][T12727]  ? clear_bhb_loop+0x60/0xb0
[  780.466108][T12727]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  780.472030][T12727] RIP: 0033:0x7f52d678f749
[  780.476451][T12727] Code: Unable to access opcode bytes at 0x7f52d678f71f.
[  780.483474][T12727] RSP: 002b:00007f52d7638038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0
[  780.491914][T12727] RAX: 0000000000000005 RBX: 00007f52d69e5fa0 RCX: 00007f52d678f749
[  780.499895][T12727] RDX: 0000000000000136 RSI: 0000000000000001 RDI: 0000200000000780
[  780.507874][T12727] RBP: 00007f52d6813f91 R08: 0000000000000000 R09: 0000000000000000
[  780.515854][T12727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  780.523829][T12727] R13: 00007f52d69e6038 R14: 00007f52d69e5fa0 R15: 00007ffd7d903fc8
[  780.531831][T12727]  </TASK>
[  780.535253][T12727] Kernel Offset: disabled
[  780.539635][T12727] Rebooting in 86400 seconds..