last executing test programs:

2m10.230100923s ago: executing program 2 (id=342):
r0 = socket$netlink(0x10, 0x3, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBLED(r1, 0x560b, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$cec(0x0, 0x0, 0x0)
ioctl$CEC_S_MODE(r4, 0x40046109, &(0x7f0000000040))
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
fchdir(r6)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r7, &(0x7f0000000140)='2', 0x1, 0x8000c61)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x10)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r8, 0x0)

2m3.268925264s ago: executing program 2 (id=351):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBLED(r1, 0x560b, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$cec(0x0, 0x0, 0x0)
ioctl$CEC_S_MODE(r4, 0x40046109, &(0x7f0000000040))
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
fchdir(r6)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r7, &(0x7f0000000140)='2', 0x1, 0x8000c61)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x10)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r8, 0x0)

1m59.136999186s ago: executing program 2 (id=357):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBLED(r1, 0x560b, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$cec(0x0, 0x0, 0x0)
ioctl$CEC_S_MODE(r4, 0x40046109, &(0x7f0000000040))
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
fchdir(r6)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r7, &(0x7f0000000140)='2', 0x1, 0x8000c61)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x10)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r8, 0x0)

1m50.260003897s ago: executing program 2 (id=368):
socket$packet(0x11, 0x2, 0x300)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r3, 0x2000)
io_uring_register$IORING_UNREGISTER_NAPI(r3, 0x1c, &(0x7f00000001c0), 0x1)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$cgroup_int(r4, &(0x7f0000000000)=0x2b00, 0x12)

1m45.615465926s ago: executing program 2 (id=375):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@newtaction={0x5f8, 0x30, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [{0x58c, 0x1, [@m_skbmod={0x74, 0x13, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x800, 0x9a85, 0x6, 0xd, 0x54}, 0xd}}]}, {0x21, 0x6, "90e3b7d8879cea2f8ba55766497a380a1c32c8afebdee9564440e8e978"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_ife={0xa8, 0x6, 0x0, 0x0, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x5eb6, 0xa, 0x20000000, 0x9, 0x5}, 0x1}}, @TCA_IFE_TYPE={0x6, 0x5, 0x4}, @TCA_IFE_DMAC={0xa, 0x3, @multicast}, @TCA_IFE_TYPE={0x6, 0x5, 0x2}]}, {0x45, 0x6, "3ee43d0e72ad4c341ddf30e8d07bf7743e064dd3b377c84bc037d47680c356711aab96eaca0f6753a9bf31d09e7478547fd459b009f8176a1ad45212c79bbb621c"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_ctinfo={0xc0, 0x6, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0x3}]}, {0x89, 0x6, "28904742a2b51a4e6f2b55fffd22301d425f2d28ae347713f12d5e9d46744689d7244aa1e1798221c6fea6678406396010ad012306fa172e78b016517a3b33ff8e4dbceca5393ff2f20217e03bad25174cdcacbab222f6fae4694bb64a5e824a789a71325857cbaedaf53c78a8f319d1f4a5a6d3fcf76c109e802871bebdd8878f67e0d0fc"}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}, @m_xt={0x27c, 0x2, 0x0, 0x0, {{0x7}, {0x21c, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'security\x00'}, @TCA_IPT_TARG={0xdd, 0x6, {0x8, 'mangle\x00', 0x1, 0x400, "924afd90481778605e5f2eea7e9b5c04463edda7fc3d55507fbb202af5581a2a9b6cbf84937d5b5b99224943dc2bcf48307222234e206443e7b60f42e6cc29cfccde7cd129c30694675168d30e7790ec823422759d53bef4ccf18da882d3f69cc05e149fc53d0908571b014c83c03373f2b4f88514eaf1399749eb52929f6f95c22b4e5b966efcaf792ca542e97927db6a0bf58117bf49dc0f1029cd4677e30c199233c3e2d04dcd8c08cddd9bbdd3c088cc5a"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x8}, @TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_TARG={0x85, 0x6, {0x1, 'filter\x00', 0xa8, 0xa, "79bb29b7134cbd5ac13564109f8304db55b6d971f07f5bd31dfc7fa8028873d10b040681e0e655e8f6a79a16960d85d2f2121865b9263f9732ad28476130da57a32985e82fb8be0628683412cbd043119145a0ef05f5abd4132e52"}}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}, @TCA_IPT_TARG={0x50, 0x6, {0x1, 'nat\x00', 0x4, 0xe8a, "b4b2f0c030d77f49da74c818059136acd6cf59d496bbc2e7029dd388fcc931f43e7a16858cbb"}}, @TCA_IPT_HOOK={0x8}]}, {0x39, 0x6, "e953316a0817b23401a80a38be5e445969116bb7d8a70a6ca771182dea4760bd84d166ef5161aa40d193cb19d0e4b1399cded9c961"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_sample={0xf0, 0x4, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x8, 0x6, 0x2, 0x9, 0x7}}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x7, 0x5, 0x10000000, 0x4, 0x8}}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x6}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x0, 0x5, 0x80000001, 0x4}}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x7}]}, {0x61, 0x6, "fc36f826477e680902707b500274a2f49e6484c516c92a312bf3f7e0fe9f13d1e603fa1fec7f14a3befd3b9bfd433fa9785c200feb22d8abb4fddd608fdcd2ed246c8853dfa66b7129ce9a97e141313bf5296f7f579de41474ff8c1979"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_sample={0x40, 0x10, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x8}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x9}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}, {0x58, 0x1, [@m_ctinfo={0x54, 0x15, 0x0, 0x0, {{0xb}, {0x4}, {0x25, 0x6, "007c0bda1c2d40b853b4df622006243a2aed0b14626178023dc917b115d5078341"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x5, 0x1}}}}]}]}, 0x5f8}, 0x1, 0x0, 0x0, 0x20000084}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x1e8}, {&(0x7f0000000000)=""/108, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/52, 0x14}, {&(0x7f00000007c0)=""/152, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}, 0x400}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

1m44.500922638s ago: executing program 2 (id=378):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBLED(r1, 0x560b, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$cec(0x0, 0x0, 0x0)
ioctl$CEC_S_MODE(r4, 0x40046109, &(0x7f0000000040))
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
fsmount(r5, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r6, &(0x7f0000000140)='2', 0x1, 0x8000c61)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x10)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r7, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r8, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x1c)
connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)

1m27.997241174s ago: executing program 32 (id=378):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBLED(r1, 0x560b, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$cec(0x0, 0x0, 0x0)
ioctl$CEC_S_MODE(r4, 0x40046109, &(0x7f0000000040))
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
fsmount(r5, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r6, &(0x7f0000000140)='2', 0x1, 0x8000c61)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x10)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r7, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r8, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x1c)
connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)

30.209725398s ago: executing program 0 (id=459):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22, 0x0, @rand_addr, 0x99f}, 0x1c)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bind$inet(r2, 0x0, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71006000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)

28.132753103s ago: executing program 0 (id=463):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r3, 0x2000)
io_uring_register$IORING_UNREGISTER_NAPI(r3, 0x1c, &(0x7f00000001c0), 0x1)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$cgroup_int(r4, &(0x7f0000000000)=0x2b00, 0x12)

24.79268691s ago: executing program 1 (id=466):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x78, 0x802)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r2, 0x100000000)
mremap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f00003eb000/0x1000)=nil)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x3, [@var={0x2, 0x0, 0x0, 0x11, 0x3, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x8, 0x2}]}, {0x0, [0x0]}}, 0x0, 0x43}, 0x28)
socket$netlink(0x10, 0x3, 0x12)
r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
read$FUSE(r3, &(0x7f0000005e40)={0x2020, 0x0, <r4=>0x0, <r5=>0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
write$FUSE_ATTR(r3, &(0x7f0000005340)={0x78, 0x0, r4, {0x2000000007, 0x400, 0x0, {0x6, 0xfffe000000000000, 0xfffffffffffffffb, 0xff, 0x694, 0x3, 0x7f, 0x9, 0x800, 0x2000, 0x2, r5, r6, 0xb, 0x8, 0x1000000}}}, 0x78)
lremovexattr(0x0, &(0x7f00000001c0)=@known='system.posix_acl_default\x00')
mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x163)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r8, 0x6, 0x210000000013, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r8, 0x6, 0xd, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_getattr(r7, &(0x7f0000000200)={0x38}, 0x38, 0x0)

22.276676658s ago: executing program 4 (id=470):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000000)='./file1\x00')
syz_open_dev$vim2m(&(0x7f00000006c0), 0x8, 0x2)
open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x53)

21.134541587s ago: executing program 4 (id=472):
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x14, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}}, 0x14}}, 0x20000000)

18.629679413s ago: executing program 1 (id=474):
openat(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x61709000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r5, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r1, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r6, r5, <r7=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r1, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r6, r7, <r8=>0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)})
ioctl$IOMMU_HWPT_INVALIDATE$TEST(r1, 0x3b8d, &(0x7f0000000280)={0x20, r8, 0x0})
syz_io_uring_setup(0x2ddd, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000000), 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002980)={0x2020}, 0x2020)
write$FUSE_INIT(r0, 0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f0000008380)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x68cc, {0x0, 0x14}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r9 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
writev(r9, &(0x7f0000000280)=[{&(0x7f00000049c0)}], 0x1)
close(r0)

17.362339378s ago: executing program 1 (id=475):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r2, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b})
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000240)={0x18, r1})

17.328445644s ago: executing program 0 (id=476):
r0 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_FORWARD(r0, 0x40084149, &(0x7f0000000040)=0x3)

17.02160018s ago: executing program 0 (id=477):
socket$packet(0x11, 0x2, 0x300)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r3, 0x2000)
io_uring_register$IORING_UNREGISTER_NAPI(r3, 0x1c, 0x0, 0x1)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$cgroup_int(r4, &(0x7f0000000000)=0x2b00, 0x12)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
socket$packet(0x11, 0x3, 0x300)
socket$inet_udp(0x2, 0x2, 0x0)

16.494972802s ago: executing program 1 (id=479):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f00000004c0)={0x11c, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x10a, 0x3ff9, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64}, @generic="395d1d5e99b378865650ee72696fdd925abdd47ee59733d126068fa39d424f81d258997cb4c6c3dc55e217d99a4fb1c3864204018709c04ea64b797b46fa17a9fe315e1fbca6ba919485b08ef1d4c8ef95fbd9af12263fc6698b772579a49f18023acc3d7cb33558df262b062463116a8f1c6680a688569a2ff02938f0383bbd647139d9d6b7d434f3a2c0e18d915d256efc077e60770c3eb1f1b761a364d6e73f4cdcfe9401b940fac0961aed6c7500e657e73438221db53a20120526ec969ce51a560bd074a916ce57ef54a821f121fd354f2cb6ce48317133f3437129e2838a445d1f44b184e56eee6bcdde65b539", @generic="50bb2d6f67d29d6fabad"]}]}, 0x11c}], 0x1}, 0x14)

15.336236547s ago: executing program 1 (id=480):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r3)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

13.555509175s ago: executing program 4 (id=482):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = fsopen(&(0x7f0000000400)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000240)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000001680)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000640)='dU|\xcbM\xe6\x91q\xe0\x05\xbes\xc0\xd2\xdb0}\xa6\xc4tly\xe0+\xb8~\xd9ymx\xa1\x06\xb4F\xf3Q:\xfem\xea\xed\xfc\x04\xf88\xe0\xa1&\xa8\xff\x10\xb3\xb2\x92N\f\x00!\xdbV\xc3\xca\r\x8c\xfb\x8esJ\xb3\x1bf\xce\v\x0e\xe3\xd5', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000001ec0)='\\$#[\\/\x00\xd5\xd4^\xa7\xe4\xd4\x1f.yh\x18\xb8s\xe6\f\xaf*4\xe1\xa1e\x04%f\x8f\xde\x91\x04\xbb\xc8\x17\x15\xa4\xf0\x00\x15w\x00\x00\xed\xdd}\x00\x18\xf3\xde\n\xbe\x91\xc4\xc5\xe6\xd3o\xaau\xf34\t\x9d\x80rg\xbc\xee\x96p\x18\x9e(h\xeb\xd9\xde\xa6\xfc\x8e\xe3,\xae\xa8\xf0\x82y\x91\x1c{\x85 \xc7P\xa3\x9c\x06\xc1\xd3\x92\xcd\xcc\x17\xb2}\x13:\xbbh\"%;\b\x7f\x91\x8a\xa5Z\x92~<\xfe3\x19\xdcVJ\f\xd1\x89d\xf9N\xbd\x92\x86\xa2\xa8\xc0:\x1f\n\xc9\x8eUO\x8e\xea\x99\xe1\xbe%Y\x9eH#\xa4\x9d5\xa88m6\x89kE\xce\xc3\aBW\xec_\xea_\x81\xbe\x86~\x84F\xa9\xcd\xba\xfb\xd8\x8f\x01\x81~\x9c#\r\x87\xcf\x19\xb9\xbd \xcb\xff\x88io\xb0\xb1\xa0B\x8cI\x82+\xc4\xcf\xf4!+\x16v\xb6\x8a\xb7k}\x1d\xf2\x1c\x00\x8f\xd7\x84R\x12\xed){SM[\xe6g6\xfeF\x1dJ\x83', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r3, 0x5, &(0x7f0000000ec0)='\xcfD\xbc\xbf\x95@\xd6j\'$\x1d\x14\xb7!\x8b\xff\xdc\x83\xc5$\xb3\xecr\xe4G:\x93\xdfj\x96\x7f\x03\xe5\x94\x04[\x02\xa9[>\xf9\x9c\x83@\x1e\x99\xcah\x85\xb8\xbeSAk\xf4\xb6 \xdf\xa0P\x18\x19\xae\x8c\x9a\x19mm\r<|\xe8\x9e\xa0x\x84p2\xf9\xe2\xed\xb0\f\x7f;\xf6J18G\x84c\x88\x9d{\xf4~\xdby\xe1\xdf\x1a\xae\xd6ez\xe5\xa8\xe1\'', 0x0, r3)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f0000000840)='\x00\x9b~\xd7\xde\x91d\r\xa3e\xec=Z\xce\xb0\xdfr\xbfQ\x85n4\xf5T\xc2\x86;\x03K\x80pF\xeaK\xb4t\xef\'\n\x05\xc9\xcfc\x92\bE\xf9\xf9\xcf\x96\x99\xde\x1e3\xcdA\xf9\x1bj\xc3\x8b\xbe\xee\xb3e\xd8Mk\xf1+\xbf\xd5\x98\x8c\x13\xdc\x85\x17\xcd\xf8\xf5\a\xde9\xd1\x8b\xf0&P\x92\x99u8\xb6,#\x0f\x89\xd9ic\xb5\xba\xe7\x03\x8d-\v\xd3S\x98\x89@\x8aWLU\xb1\xc4i6\xa5\xb7\x1d\xf3s\xaf\x7f\xb16\xa2\xbe\xfa\xfa~2\x1d\xeb\xd0G\xdc\a\xa3\x93n\x82\xa7h\xd7\x83N\x8aW\xaa\xc1\xc7\xec\xea\x13\xbe\xf3fQ\xfa\x8cP\xa7\xc1O,\x83\xec\xa9\xeb\xb2 u\x15A\xde\f8T\x81\xccces\xfa\xef\xf4 =z\xfc\xef]~tY \xef8\r,x~\xa0,\xc7@\xc0\xef\xc1`\xec}\xa2\x8d\x95\xff0c\xcd\x02~\xb7\x1a\x93\xff\xcd\xadB7\x13\x84BPC\xa4\xa2O\xf0\xdd\xde\xc5H.y\xfc\xe9$\xf6\xa6t\xa3\xdbr\x00+\x01{\xfb-\x1f\x1b\xeb\xd9b\xf0\n\x99\x0f4\xfa_\x10\xd0%\xe7o\xc9\bO\xfe\xfb\xca\xf8\x9d]\xa1\x98(Nw\x87\xd15', &(0x7f0000000100)="8d", 0x1)
fsconfig$FSCONFIG_SET_FD(r3, 0x5, &(0x7f0000000200)='\x00', 0x0, r3)
fsconfig$FSCONFIG_SET_FLAG(r3, 0x0, &(0x7f0000000140)='silent\x00', 0x0, 0x0)
close(r3)

9.571203223s ago: executing program 4 (id=484):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r3, 0x3b88, &(0x7f00000002c0)={0xc, r4})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000340)={0x28, 0x2, r4, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x10})
ioctl$IOMMU_VFIO_SET_IOMMU(r3, 0x3b66, 0x1)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r3, 0x3b72, &(0x7f0000000440)=ANY=[@ANYBLOB="1800007f000000000020000000000000000100"])

8.594930107s ago: executing program 1 (id=485):
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, r0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
r3 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f00000004c0)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x3ff9}]}, 0x14}], 0x1}, 0x14)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000edb000/0x3000)=nil)
sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000000800)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x2c, 0x8, 0x6, 0x303, 0x0, 0x0, {0xa, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004084}, 0x4050)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x300000a, 0x10, r3, 0xfffff000)
openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0)

8.454665834s ago: executing program 4 (id=486):
r0 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_FORWARD(r0, 0x40084149, &(0x7f0000000040)=0x3)

8.342922325s ago: executing program 3 (id=487):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket(0x10, 0x3, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet(0x10, 0x3, 0x0)
socket$kcm(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00'], 0x54}, 0x1, 0x0, 0x0, 0x40814}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

8.16601296s ago: executing program 4 (id=488):
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBLED(r0, 0x560b, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$cec(0x0, 0x0, 0x0)
ioctl$CEC_S_MODE(r3, 0x40046109, &(0x7f0000000040))
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
fchdir(r5)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r6, &(0x7f0000000140)='2', 0x1, 0x8000c61)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x10)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r7, 0x0)

7.665179147s ago: executing program 0 (id=489):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc}}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000480)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @val={@val={0x88a8, 0x3, 0x1, 0x3}, {0x8100, 0x2, 0x0, 0x3}}, {@ipv4={0x86dd, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)

7.425905224s ago: executing program 0 (id=490):
socket$packet(0x11, 0x2, 0x300)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r3, 0x2000)
io_uring_register$IORING_UNREGISTER_NAPI(r3, 0x1c, 0x0, 0x1)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$cgroup_int(r4, &(0x7f0000000000)=0x2b00, 0x12)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
socket$packet(0x11, 0x3, 0x300)
socket$inet_udp(0x2, 0x2, 0x0)

7.358091713s ago: executing program 3 (id=491):
openat(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x61709000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r5, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r1, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r6, r5, <r7=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r1, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r6, r7, <r8=>0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)})
ioctl$IOMMU_HWPT_INVALIDATE$TEST(r1, 0x3b8d, &(0x7f0000000280)={0x20, r8, 0x0})
syz_io_uring_setup(0x2ddd, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000000), 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002980)={0x2020}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f0000008380)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x68cc, {0x0, 0x14}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r9 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
writev(r9, &(0x7f0000000280)=[{&(0x7f00000049c0)}], 0x1)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
close(r0)

6.013141639s ago: executing program 3 (id=492):
openat(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x61709000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r5, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r1, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r6, r5, <r7=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r1, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r6, r7, <r8=>0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)})
ioctl$IOMMU_HWPT_INVALIDATE$TEST(r1, 0x3b8d, &(0x7f0000000280)={0x20, r8, 0x0})
syz_io_uring_setup(0x2ddd, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000000), 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0])
syz_fuse_handle_req(r0, &(0x7f0000008380)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x68cc, {0x0, 0x14}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r9 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
writev(r9, &(0x7f0000000280)=[{&(0x7f00000049c0)}], 0x1)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
close(r0)

4.295428121s ago: executing program 3 (id=493):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
unlinkat(0xffffffffffffffff, &(0x7f00000001c0)='./bus\x00', 0x200)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x9735646a3e1ba35, 0x2, 0x0)
futex(0x0, 0xc, 0x1, 0x0, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x20001, 0x0)
ioctl$vim2m_VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000300))
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000800), 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}})
openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)

731.737943ms ago: executing program 3 (id=494):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000240)={0x7, 0x1, 0xa0008000})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0xb, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x5, 0x7})
dup(r2)
close_range(r0, 0xffffffffffffffff, 0x0)

0s ago: executing program 3 (id=495):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
unlinkat(0xffffffffffffffff, &(0x7f00000001c0)='./bus\x00', 0x200)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x9735646a3e1ba35, 0x2, 0x0)
futex(0x0, 0xc, 0x1, 0x0, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x20001, 0x0)
ioctl$vim2m_VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000300))
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000800), 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}})
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$FBIO_WAITFORVSYNC(r3, 0x40044620, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

[   92.309358][ T1230] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.98' (ED25519) to the list of known hosts.
[   96.527409][ T5827] cgroup: Unknown subsys name 'net'
[   96.770716][ T5827] cgroup: Unknown subsys name 'cpuset'
[   96.805606][ T5827] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   98.856854][ T5827] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  101.877974][ T5849] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  101.881940][ T5849] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  101.882855][ T5849] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  101.884268][ T5849] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  101.885259][ T5849] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  101.962735][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  101.980074][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  101.993183][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  102.002135][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  102.006498][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  102.070233][   T59] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  102.073017][   T59] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  102.076638][   T59] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  102.078390][   T59] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  102.083649][   T59] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  102.110053][ T5849] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  102.111685][ T5849] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  102.112355][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  102.116947][ T5849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  102.119759][ T5849] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  102.157915][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  102.162620][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  102.164942][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  102.183578][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  102.184871][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  103.097981][ T5844] chnl_net:caif_netlink_parms(): no params data found
[  103.159206][ T5843] chnl_net:caif_netlink_parms(): no params data found
[  103.280822][ T5855] chnl_net:caif_netlink_parms(): no params data found
[  103.542053][ T5854] chnl_net:caif_netlink_parms(): no params data found
[  103.562493][ T5856] chnl_net:caif_netlink_parms(): no params data found
[  103.986634][ T5849] Bluetooth: hci1: command tx timeout
[  104.064886][ T5849] Bluetooth: hci0: command tx timeout
[  104.145712][ T5849] Bluetooth: hci2: command tx timeout
[  104.145822][   T59] Bluetooth: hci3: command tx timeout
[  104.225999][   T59] Bluetooth: hci4: command tx timeout
[  104.243944][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.251337][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.252210][ T5844] bridge_slave_0: entered allmulticast mode
[  104.266841][ T5844] bridge_slave_0: entered promiscuous mode
[  104.283832][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.283932][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.284090][ T5843] bridge_slave_0: entered allmulticast mode
[  104.288228][ T5843] bridge_slave_0: entered promiscuous mode
[  104.396253][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.396381][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.396555][ T5844] bridge_slave_1: entered allmulticast mode
[  104.399044][ T5844] bridge_slave_1: entered promiscuous mode
[  104.414192][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.414354][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.414578][ T5843] bridge_slave_1: entered allmulticast mode
[  104.418622][ T5843] bridge_slave_1: entered promiscuous mode
[  104.726790][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.726926][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.727083][ T5855] bridge_slave_0: entered allmulticast mode
[  104.729051][ T5855] bridge_slave_0: entered promiscuous mode
[  105.046914][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.048109][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.048338][ T5855] bridge_slave_1: entered allmulticast mode
[  105.050867][ T5855] bridge_slave_1: entered promiscuous mode
[  105.067095][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.079931][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.322909][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.336762][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.339426][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.339584][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.339813][ T5854] bridge_slave_0: entered allmulticast mode
[  105.342751][ T5854] bridge_slave_0: entered promiscuous mode
[  105.531300][ T5856] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.531427][ T5856] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.531583][ T5856] bridge_slave_0: entered allmulticast mode
[  105.533581][ T5856] bridge_slave_0: entered promiscuous mode
[  105.769529][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.769677][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.769978][ T5854] bridge_slave_1: entered allmulticast mode
[  105.772975][ T5854] bridge_slave_1: entered promiscuous mode
[  105.803939][ T5856] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.804051][ T5856] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.804255][ T5856] bridge_slave_1: entered allmulticast mode
[  105.807804][ T5856] bridge_slave_1: entered promiscuous mode
[  105.816895][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  106.065022][   T59] Bluetooth: hci1: command tx timeout
[  106.111592][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.115547][ T5843] team0: Port device team_slave_0 added
[  106.120880][ T5844] team0: Port device team_slave_0 added
[  106.144901][   T59] Bluetooth: hci0: command tx timeout
[  106.225102][ T5849] Bluetooth: hci3: command tx timeout
[  106.225199][   T59] Bluetooth: hci2: command tx timeout
[  106.305237][   T59] Bluetooth: hci4: command tx timeout
[  106.379946][ T5843] team0: Port device team_slave_1 added
[  106.382199][ T5844] team0: Port device team_slave_1 added
[  106.389018][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  106.407000][ T5856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  106.601532][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.604208][ T5856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.828783][ T5855] team0: Port device team_slave_0 added
[  107.118167][ T5855] team0: Port device team_slave_1 added
[  107.119581][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.119594][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.119614][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.122376][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.122391][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.122419][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.400032][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.400050][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.400079][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.401344][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.401360][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.401379][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.403655][ T5854] team0: Port device team_slave_0 added
[  107.410124][ T5856] team0: Port device team_slave_0 added
[  107.542224][ T5854] team0: Port device team_slave_1 added
[  107.544377][ T5856] team0: Port device team_slave_1 added
[  107.549805][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.549826][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.549857][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.766893][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.766914][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.766935][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.146129][   T59] Bluetooth: hci1: command tx timeout
[  108.187516][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.187534][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.187562][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.190731][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.190745][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.190764][ T5856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.227175][   T59] Bluetooth: hci0: command tx timeout
[  108.305117][   T59] Bluetooth: hci2: command tx timeout
[  108.305154][   T59] Bluetooth: hci3: command tx timeout
[  108.385124][ T5849] Bluetooth: hci4: command tx timeout
[  108.391092][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.391110][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.391138][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.393251][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.393262][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.393281][ T5856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.496826][ T5843] hsr_slave_0: entered promiscuous mode
[  108.498686][ T5843] hsr_slave_1: entered promiscuous mode
[  108.522651][ T5844] hsr_slave_0: entered promiscuous mode
[  108.523626][ T5844] hsr_slave_1: entered promiscuous mode
[  108.524494][ T5844] debugfs: 'hsr0' already exists in 'hsr'
[  108.524596][ T5844] Cannot create hsr debugfs directory
[  108.753695][ T5855] hsr_slave_0: entered promiscuous mode
[  108.756022][ T5855] hsr_slave_1: entered promiscuous mode
[  108.757161][ T5855] debugfs: 'hsr0' already exists in 'hsr'
[  108.757191][ T5855] Cannot create hsr debugfs directory
[  109.577529][ T5854] hsr_slave_0: entered promiscuous mode
[  109.578845][ T5854] hsr_slave_1: entered promiscuous mode
[  109.579571][ T5854] debugfs: 'hsr0' already exists in 'hsr'
[  109.579598][ T5854] Cannot create hsr debugfs directory
[  109.672566][ T5856] hsr_slave_0: entered promiscuous mode
[  109.673535][ T5856] hsr_slave_1: entered promiscuous mode
[  109.674225][ T5856] debugfs: 'hsr0' already exists in 'hsr'
[  109.674249][ T5856] Cannot create hsr debugfs directory
[  110.225579][ T5849] Bluetooth: hci1: command tx timeout
[  110.304940][ T5849] Bluetooth: hci0: command tx timeout
[  110.384842][ T5849] Bluetooth: hci3: command tx timeout
[  110.384876][ T5849] Bluetooth: hci2: command tx timeout
[  110.464998][   T59] Bluetooth: hci4: command tx timeout
[  111.237542][ T5843] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  111.282717][ T5843] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  111.309777][ T5843] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  111.364519][ T5843] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  111.491972][ T5844] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  111.519024][ T5844] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  111.553828][ T5844] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  111.620561][ T5844] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  111.782235][ T5855] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  111.823983][ T5855] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  111.894455][ T5855] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  111.943601][ T5855] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  112.150748][ T5856] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  112.196367][ T5856] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  112.267919][ T5856] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  112.302488][ T5856] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  112.460395][ T5854] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  112.504441][ T5854] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  112.544150][ T5854] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  112.588232][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.599042][ T5854] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  112.741847][ T5843] 8021q: adding VLAN 0 to HW filter on device team0
[  112.747860][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.816042][ T3609] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.816196][ T3609] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.873315][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.873606][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.924500][ T5844] 8021q: adding VLAN 0 to HW filter on device team0
[  112.993912][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.010371][ T3632] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.010733][ T3632] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.078778][ T3632] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.078965][ T3632] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.161721][ T5855] 8021q: adding VLAN 0 to HW filter on device team0
[  113.212198][ T3632] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.212942][ T3632] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.242091][ T5856] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.300305][ T4582] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.300473][ T4582] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.485927][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.496593][ T5856] 8021q: adding VLAN 0 to HW filter on device team0
[  113.575773][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.576008][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.688818][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[  113.692278][ T3609] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.692575][ T3609] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.753306][ T3503] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.756041][ T3503] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.799043][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.799203][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.931973][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.288361][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.428437][ T5843] veth0_vlan: entered promiscuous mode
[  114.537388][ T5843] veth1_vlan: entered promiscuous mode
[  114.580730][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.770854][ T5844] veth0_vlan: entered promiscuous mode
[  114.836343][ T5856] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.839017][ T5844] veth1_vlan: entered promiscuous mode
[  114.923833][ T5843] veth0_macvtap: entered promiscuous mode
[  114.969542][ T5843] veth1_macvtap: entered promiscuous mode
[  115.101445][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.117842][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.146756][ T5844] veth0_macvtap: entered promiscuous mode
[  115.183823][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.208247][ T5844] veth1_macvtap: entered promiscuous mode
[  115.247086][  T161] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.270800][ T5856] veth0_vlan: entered promiscuous mode
[  115.273589][  T161] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.291996][  T161] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.306580][  T161] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.409193][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.409944][ T5856] veth1_vlan: entered promiscuous mode
[  115.499030][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.640322][  T161] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.653725][  T161] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.700972][  T161] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.741950][  T161] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.763030][ T5855] veth0_vlan: entered promiscuous mode
[  115.796665][ T5854] veth0_vlan: entered promiscuous mode
[  115.858871][  T161] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.858911][  T161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.010831][ T5855] veth1_vlan: entered promiscuous mode
[  116.035939][ T5854] veth1_vlan: entered promiscuous mode
[  116.107710][ T5856] veth0_macvtap: entered promiscuous mode
[  116.127571][ T3609] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.127594][ T3609] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.190150][ T5856] veth1_macvtap: entered promiscuous mode
[  116.315320][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.315341][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.422425][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.508831][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.509767][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.509787][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.536612][ T5855] veth0_macvtap: entered promiscuous mode
[  116.539396][ T5854] veth0_macvtap: entered promiscuous mode
[  116.631473][ T5854] veth1_macvtap: entered promiscuous mode
[  116.640071][ T5855] veth1_macvtap: entered promiscuous mode
[  116.647589][ T3632] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.652688][ T3632] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.672437][ T3632] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.753188][ T3632] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.871663][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.054676][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  117.055630][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  117.056815][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  117.100995][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.157778][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.310367][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.310483][ T4558] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.342617][ T4558] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.397442][ T4558] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.418451][ T4558] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.512743][ T4558] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.549932][ T4558] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.564734][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  117.565585][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  117.734372][ T4558] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.786386][ T4558] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.812593][ T3632] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.812612][ T3632] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.563446][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.563463][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.739688][ T3503] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.739705][ T3503] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.786225][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  119.014684][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  119.014947][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  119.217435][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.217459][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.534893][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  119.536051][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  119.637700][ T4558] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.637730][ T4558] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.795175][ T5979] syz.2.9 uses obsolete (PF_INET,SOCK_PACKET)
[  120.899014][ T5981] block nbd0: Attempted send on invalid socket
[  120.899102][ T5981] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  121.967181][ T5973] CUSE: info not properly terminated
[  122.362403][   T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.362426][   T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.929130][ T5990] block nbd0: Attempted send on invalid socket
[  123.929151][ T5990] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  125.298834][ T6003] CUSE: info not properly terminated
[  126.040475][ T6008] netlink: 'syz.2.10': attribute type 4 has an invalid length.
[  126.316246][ T6001] sctp: failed to load transform for md5: -2
[  126.806602][ T6013] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  132.024776][ T6048] CUSE: info not properly terminated
[  133.009645][ T6053] CUSE: info not properly terminated
[  136.017285][ T6071] netlink: 'syz.0.24': attribute type 4 has an invalid length.
[  137.105666][ T6069] sctp: failed to load transform for md5: -4
[  138.033502][ T6067] netlink: 16 bytes leftover after parsing attributes in process `syz.4.23'.
[  138.033559][ T6067] netlink: 20 bytes leftover after parsing attributes in process `syz.4.23'.
[  138.407846][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  138.407935][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  138.453761][ T6085] block nbd0: Attempted send on invalid socket
[  138.453783][ T6085] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  140.538066][ T6095] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  140.538993][ T6095] Zero length message leads to an empty skb
[  141.613555][ T6106] block nbd0: Attempted send on invalid socket
[  141.613584][ T6106] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  143.906900][ T6116] netlink: 8 bytes leftover after parsing attributes in process `syz.1.36'.
[  144.232141][ T6119] block nbd0: Attempted send on invalid socket
[  144.232169][ T6119] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  144.606318][ T6116] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  146.524068][ T6130] CUSE: info not properly terminated
[  148.247593][ T6144] block nbd0: Attempted send on invalid socket
[  148.247619][ T6144] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  150.750007][ T6158] netlink: 32 bytes leftover after parsing attributes in process `syz.0.46'.
[  150.912429][ T6159] netlink: 16 bytes leftover after parsing attributes in process `syz.2.44'.
[  150.913081][ T6159] netlink: 20 bytes leftover after parsing attributes in process `syz.2.44'.
[  151.617044][ T6160] netlink: 'syz.0.46': attribute type 10 has an invalid length.
[  151.735301][ T6149] syz.4.42 (6149) used greatest stack depth: 18472 bytes left
[  152.123359][ T6160] team0: Port device netdevsim0 added
[  152.875066][ T6170] usb usb1: usbfs: process 6170 (syz.0.48) did not claim interface 0 before use
[  153.067895][ T6164] block nbd0: Attempted send on invalid socket
[  153.067922][ T6164] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  156.847418][ T3503] Bluetooth: hci5: Frame reassembly failed (-84)
[  157.285324][ T6185] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  157.940959][ T6192] block nbd0: Attempted send on invalid socket
[  157.940987][ T6192] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  158.550560][   T59] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  161.367705][ T6209] block nbd0: Attempted send on invalid socket
[  161.367730][ T6209] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  162.185332][ T5927] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  162.432675][ T5927] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  162.432699][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.432713][ T5927] usb 5-1: Product: syz
[  162.432723][ T5927] usb 5-1: Manufacturer: syz
[  162.432733][ T5927] usb 5-1: SerialNumber: syz
[  162.973645][ T5927] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  162.973700][ T5927] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  162.977021][ T5927] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  163.114847][   T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  163.371267][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  163.371296][   T10] usb 4-1: config 0 has no interfaces?
[  163.371326][   T10] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  163.371343][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.380092][   T10] usb 4-1: config 0 descriptor??
[  163.627321][ T5927] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -32
[  163.951421][ T5915] usb 4-1: USB disconnect, device number 2
[  164.423261][ T5915] usb 5-1: USB disconnect, device number 2
[  169.590763][ T6258] block nbd0: Attempted send on invalid socket
[  169.590815][ T6258] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  171.025405][ T6265] block nbd0: Attempted send on invalid socket
[  171.025431][ T6265] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  174.677928][ T6284] syzkaller1: entered promiscuous mode
[  174.677953][ T6284] syzkaller1: entered allmulticast mode
[  175.548094][ T6295] netlink: 16 bytes leftover after parsing attributes in process `syz.1.80'.
[  175.548235][ T6295] netlink: 20 bytes leftover after parsing attributes in process `syz.1.80'.
[  178.973440][ T6318] block nbd0: Attempted send on invalid socket
[  178.973469][ T6318] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  180.314902][   T59] Bluetooth: hci4: command 0x0405 tx timeout
[  182.075889][ T6328] block nbd0: Attempted send on invalid socket
[  182.075917][ T6328] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  184.999993][ T6341] netlink: 16 bytes leftover after parsing attributes in process `syz.3.92'.
[  185.000037][ T6341] netlink: 20 bytes leftover after parsing attributes in process `syz.3.92'.
[  187.747091][ T6359] netlink: 'syz.3.97': attribute type 4 has an invalid length.
[  187.797425][ T6356] usb usb1: usbfs: process 6356 (syz.0.95) did not claim interface 0 before use
[  190.600711][ T6368] block nbd0: Attempted send on invalid socket
[  190.601359][ T6368] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  192.775761][ T6388] netlink: 16 bytes leftover after parsing attributes in process `syz.0.103'.
[  192.775902][ T6388] netlink: 20 bytes leftover after parsing attributes in process `syz.0.103'.
[  194.431412][ T6403] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  199.834981][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  199.835132][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  202.279751][    C0] vkms_vblank_simulate: vblank timer overrun
[  203.553183][ T6459] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  204.524880][    C0] vkms_vblank_simulate: vblank timer overrun
[  207.798305][ T6483] block nbd0: Attempted send on invalid socket
[  207.798333][ T6483] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  217.193709][ T6530] block nbd0: Attempted send on invalid socket
[  217.193737][ T6530] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  220.189175][ T6543] block nbd0: Attempted send on invalid socket
[  220.189203][ T6543] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  222.910446][ T6557] CUSE: info not properly terminated
[  223.255667][  T161] Bluetooth: hci5: Frame reassembly failed (-84)
[  225.265004][   T59] Bluetooth: hci5: command 0x1003 tx timeout
[  225.265024][ T5849] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  227.544533][ T6581] Bluetooth: hci3: command 0x0406 tx timeout
[  227.545347][ T6581] Bluetooth: hci4: command 0x0405 tx timeout
[  227.545380][ T6581] Bluetooth: hci2: command 0x0406 tx timeout
[  227.545406][ T6581] Bluetooth: hci1: command 0x0406 tx timeout
[  228.690832][ T6594] block nbd0: Attempted send on invalid socket
[  228.690855][ T6594] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  234.385224][ T5156] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  234.405013][   T59] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  236.334263][ T6633] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  242.000214][ T4547] Bluetooth: hci5: Frame reassembly failed (-84)
[  244.064817][   T59] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  244.064852][ T5156] Bluetooth: hci5: command 0x1003 tx timeout
[  248.154735][ T5156] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  249.684207][ T6697] netlink: 16 bytes leftover after parsing attributes in process `syz.0.181'.
[  249.684350][ T6697] netlink: 20 bytes leftover after parsing attributes in process `syz.0.181'.
[  250.625111][ T5156] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  250.851193][ T6703] block nbd0: Attempted send on invalid socket
[  250.851220][ T6703] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  255.284442][ T5156] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  259.818790][ T6753] netlink: 16 bytes leftover after parsing attributes in process `syz.1.194'.
[  259.818823][ T6753] netlink: 20 bytes leftover after parsing attributes in process `syz.1.194'.
[  260.624956][ T5156] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  261.276925][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  261.277005][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  265.107427][ T6778] netlink: 'syz.3.201': attribute type 4 has an invalid length.
[  267.753926][  T161] Bluetooth: hci5: Frame reassembly failed (-84)
[  267.869607][ T6796] netlink: 16 bytes leftover after parsing attributes in process `syz.2.205'.
[  267.869642][ T6796] netlink: 20 bytes leftover after parsing attributes in process `syz.2.205'.
[  269.382800][ T6799] block nbd0: Attempted send on invalid socket
[  269.382829][ T6799] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  270.585520][   T59] Bluetooth: hci5: command 0x1003 tx timeout
[  270.588341][ T5156] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  271.374749][ T6028] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  271.634732][ T6028] usb 2-1: Using ep0 maxpacket: 8
[  271.642903][ T6028] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  271.642941][ T6028] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  271.642968][ T6028] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  271.642993][ T6028] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  271.643040][ T6028] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  271.643065][ T6028] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.914962][ T6028] usb 2-1: GET_CAPABILITIES returned 0
[  271.915018][ T6028] usbtmc 2-1:16.0: can't read capabilities
[  272.734781][ T6028] usb 2-1: USB disconnect, device number 2
[  275.069472][ T6840] netlink: 16 bytes leftover after parsing attributes in process `syz.1.218'.
[  275.069662][ T6840] netlink: 20 bytes leftover after parsing attributes in process `syz.1.218'.
[  276.627586][   T59] Bluetooth: hci5: command 0x1003 tx timeout
[  276.629437][ T5156] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  277.559783][ T6858] netlink: 'syz.4.223': attribute type 4 has an invalid length.
[  277.907439][ T6855] CUSE: info not properly terminated
[  280.330627][  T117] Bluetooth: hci5: Frame reassembly failed (-84)
[  280.954732][ T6028] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  281.204721][ T6028] usb 3-1: Using ep0 maxpacket: 8
[  281.238392][ T6028] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  281.238431][ T6028] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  281.238458][ T6028] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  281.238484][ T6028] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  281.238531][ T6028] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  281.238556][ T6028] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.989754][ T6028] usb 3-1: GET_CAPABILITIES returned 0
[  281.989788][ T6028] usbtmc 3-1:16.0: can't read capabilities
[  282.384879][ T5849] Bluetooth: hci5: command 0x1003 tx timeout
[  282.386725][ T5156] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  282.889219][ T1230] usb 3-1: USB disconnect, device number 2
[  283.985160][ T5156] Bluetooth: hci6: command 0x1003 tx timeout
[  283.985451][   T59] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  284.696069][ T6892] block nbd0: Attempted send on invalid socket
[  284.696098][ T6892] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  289.464868][ T3609] Bluetooth: hci6: Frame reassembly failed (-84)
[  291.265488][ T5849] Bluetooth: hci5: command 0x1003 tx timeout
[  291.265787][   T59] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  291.634489][   T59] Bluetooth: hci6: command 0x1003 tx timeout
[  291.648333][ T5156] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  294.812936][   T12] Bluetooth: hci6: Frame reassembly failed (-84)
[  294.813216][   T12] Bluetooth: hci6: Frame reassembly failed (-84)
[  294.813330][ T3609] Bluetooth: hci6: Frame reassembly failed (-84)
[  295.825356][ T5849] Bluetooth: hci5: command 0x1003 tx timeout
[  295.825670][ T5156] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  297.284346][ T5156] Bluetooth: hci6: command 0x1003 tx timeout
[  297.454783][   T59] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  301.184904][   T59] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  314.864692][   T59] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  314.865157][ T5849] Bluetooth: hci5: command 0x1003 tx timeout
[  315.578484][ T7041] block nbd0: Attempted send on invalid socket
[  315.578512][ T7041] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  316.289471][ T7042] block nbd0: Attempted send on invalid socket
[  316.289501][ T7042] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  319.176634][ T7058] CUSE: info not properly terminated
[  321.994410][ T7078] netlink: 16 bytes leftover after parsing attributes in process `syz.3.281'.
[  321.994592][ T7078] netlink: 20 bytes leftover after parsing attributes in process `syz.3.281'.
[  322.787014][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  322.787098][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  323.208516][ T7084] netlink: 'syz.4.282': attribute type 4 has an invalid length.
[  324.282219][ T7087] netlink: 32 bytes leftover after parsing attributes in process `syz.3.283'.
[  324.420126][ T7087] netlink: 'syz.3.283': attribute type 10 has an invalid length.
[  324.704448][ T7087] team0: Port device netdevsim0 added
[  325.271975][ T5915] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  325.425057][ T5915] usb 4-1: Using ep0 maxpacket: 8
[  325.431478][ T5915] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  325.431516][ T5915] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  325.431542][ T5915] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  325.431567][ T5915] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  325.431620][ T5915] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  325.431645][ T5915] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.897502][ T7100] block nbd0: Attempted send on invalid socket
[  325.897524][ T7100] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  326.264474][ T5915] usb 4-1: usb_control_msg returned -71
[  326.264643][ T5915] usbtmc 4-1:16.0: can't read capabilities
[  326.628802][ T5915] usb 4-1: USB disconnect, device number 3
[  335.824820][   T59] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  337.156611][ T7156] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  337.516689][ T7159] netlink: 28 bytes leftover after parsing attributes in process `syz.3.299'.
[  337.516729][ T7159] netlink: 28 bytes leftover after parsing attributes in process `syz.3.299'.
[  339.343320][ T7167] netlink: 'syz.1.301': attribute type 4 has an invalid length.
[  343.232996][ T7180] block nbd0: Attempted send on invalid socket
[  343.233054][ T7180] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  343.985323][ T5156] Bluetooth: hci5: command 0x1003 tx timeout
[  343.985614][   T59] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  349.241661][ T7210] block nbd0: Attempted send on invalid socket
[  349.241688][ T7210] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  349.795024][    C0] vkms_vblank_simulate: vblank timer overrun
[  350.153433][    C0] vkms_vblank_simulate: vblank timer overrun
[  350.206272][    C0] vkms_vblank_simulate: vblank timer overrun
[  350.276440][    C0] vkms_vblank_simulate: vblank timer overrun
[  351.025955][    C0] vkms_vblank_simulate: vblank timer overrun
[  351.732178][    C0] vkms_vblank_simulate: vblank timer overrun
[  352.127167][    C0] vkms_vblank_simulate: vblank timer overrun
[  352.262423][    C0] vkms_vblank_simulate: vblank timer overrun
[  352.448868][    C0] vkms_vblank_simulate: vblank timer overrun
[  352.534746][ T7225] netlink: 28 bytes leftover after parsing attributes in process `syz.3.320'.
[  352.534775][ T7225] netlink: 28 bytes leftover after parsing attributes in process `syz.3.320'.
[  352.848788][ T7225] bond0: entered promiscuous mode
[  352.848807][ T7225] bond_slave_0: entered promiscuous mode
[  352.848986][ T7225] bond_slave_1: entered promiscuous mode
[  352.978473][ T7225] bond0: left promiscuous mode
[  352.978500][ T7225] bond_slave_0: left promiscuous mode
[  352.978864][ T7225] bond_slave_1: left promiscuous mode
[  358.246451][ T1230] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  358.454686][ T1230] usb 2-1: Using ep0 maxpacket: 32
[  358.457432][ T1230] usb 2-1: config 0 has an invalid interface number: 89 but max is 0
[  358.457460][ T1230] usb 2-1: config 0 has no interface number 0
[  358.457510][ T1230] usb 2-1: config 0 interface 89 has no altsetting 0
[  358.807940][ T1230] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  358.807973][ T1230] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.807995][ T1230] usb 2-1: Product: syz
[  358.808010][ T1230] usb 2-1: Manufacturer: syz
[  358.808025][ T1230] usb 2-1: SerialNumber: syz
[  358.928523][ T1230] usb 2-1: config 0 descriptor??
[  358.999045][ T1230] em28xx 2-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  358.999092][ T1230] em28xx 2-1:0.89: Video interface 89 found: bulk
[  359.588181][ T1230] em28xx 2-1:0.89: unknown em28xx chip ID (0)
[  359.598199][ T7256] CUSE: info not properly terminated
[  360.131838][ T1230] em28xx 2-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  360.131887][ T1230] em28xx 2-1:0.89: board has no eeprom
[  360.465369][ T1230] em28xx 2-1:0.89: Identified as Terratec Grabby (card=67)
[  360.465457][ T1230] em28xx 2-1:0.89: analog set to bulk mode.
[  361.233561][    T9] em28xx 2-1:0.89: Registering V4L2 extension
[  361.654980][    T9] em28xx 2-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  361.679728][    T9] em28xx 2-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  361.682322][    T9] em28xx 2-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[  361.682744][    T9] em28xx 2-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[  361.727228][    T9] em28xx 2-1:0.89: Config register raw data: 0xfffffffb
[  361.741994][    T9] em28xx 2-1:0.89: AC97 chip type couldn't be determined
[  361.742015][    T9] em28xx 2-1:0.89: No AC97 audio processor
[  361.763180][ T5915] usb 2-1: USB disconnect, device number 3
[  361.767759][ T5915] em28xx 2-1:0.89: Disconnecting em28xx
[  361.838153][    T9] usb 2-1: Decoder not found
[  361.838170][    T9] em28xx 2-1:0.89: failed to create media graph
[  361.838203][    T9] em28xx 2-1:0.89: V4L2 device video103 deregistered
[  361.880248][    T9] em28xx 2-1:0.89: Registering snapshot button...
[  361.905235][    T9] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.89/input/input5
[  361.953884][    T9] em28xx 2-1:0.89: Remote control support is not available for this card.
[  361.955330][ T5915] em28xx 2-1:0.89: Closing input extension
[  361.956328][ T5915] em28xx 2-1:0.89: Deregistering snapshot button
[  362.533201][ T5915] em28xx 2-1:0.89: Freeing device
[  362.784783][  T991] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  362.835420][ T7277] capability: warning: `syz.2.333' uses deprecated v2 capabilities in a way that may be insecure
[  362.955361][  T991] usb 4-1: Using ep0 maxpacket: 8
[  362.964827][  T991] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  362.964870][  T991] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  362.964899][  T991] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  362.964930][  T991] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  362.964980][  T991] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  362.965010][  T991] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.226761][  T991] usb 4-1: usb_control_msg returned -71
[  363.226814][  T991] usbtmc 4-1:16.0: can't read capabilities
[  363.256007][  T991] usb 4-1: USB disconnect, device number 4
[  364.700292][ T7293] netlink: 16 bytes leftover after parsing attributes in process `syz.1.337'.
[  364.700435][ T7293] netlink: 20 bytes leftover after parsing attributes in process `syz.1.337'.
[  368.481196][ T7308] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  373.765674][ T7340] block nbd0: Attempted send on invalid socket
[  373.765702][ T7340] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  373.894647][    T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  374.094811][    T9] usb 4-1: Using ep0 maxpacket: 8
[  374.101293][    T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  374.101319][    T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  374.101337][    T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  374.101354][    T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  374.101399][    T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  374.101416][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.434883][    T9] usb 4-1: usb_control_msg returned -71
[  374.434934][    T9] usbtmc 4-1:16.0: can't read capabilities
[  374.517644][    T9] usb 4-1: USB disconnect, device number 5
[  378.662825][ T7358] tipc: Started in network mode
[  378.662862][ T7358] tipc: Node identity 9e40b3aee73, cluster identity 4711
[  378.667923][ T7358] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  378.692489][ T7358] tipc: Resetting bearer <eth:syzkaller0>
[  379.245941][ T7357] tipc: Disabling bearer <eth:syzkaller0>
[  380.544936][    T9] tipc: Node number set to 2037429166
[  384.941114][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  384.941180][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  385.927311][ T7402] CUSE: info not properly terminated
[  386.976776][ T7407] block nbd0: Attempted send on invalid socket
[  386.976826][ T7407] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  388.459282][ T7422] block nbd0: Attempted send on invalid socket
[  388.459304][ T7422] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  391.186475][ T7438] block nbd0: Attempted send on invalid socket
[  391.186512][ T7438] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  393.466169][ T7457] block nbd0: Attempted send on invalid socket
[  393.466197][ T7457] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  402.850491][ T7503] block nbd0: Attempted send on invalid socket
[  402.850532][ T7503] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  407.815430][ T7518] block nbd0: Attempted send on invalid socket
[  407.815458][ T7518] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  411.359040][ T5156] Bluetooth: hci5: command 0x1003 tx timeout
[  411.363451][   T59] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  412.826202][ T7547] No control pipe specified
[  414.910403][   T37] Bluetooth: hci5: Frame reassembly failed (-84)
[  415.041937][ T5849] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  415.044218][ T5849] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  415.059444][ T5849] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  415.093522][ T5849] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  415.094386][ T5849] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  416.944703][   T59] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  417.185050][   T59] Bluetooth: hci6: command tx timeout
[  417.272200][ T7554] chnl_net:caif_netlink_parms(): no params data found
[  418.658766][ T7574] netlink: 28 bytes leftover after parsing attributes in process `syz.0.405'.
[  418.658808][ T7574] netlink: 28 bytes leftover after parsing attributes in process `syz.0.405'.
[  418.756062][ T7574] bond0: entered promiscuous mode
[  418.756080][ T7574] bond_slave_0: entered promiscuous mode
[  418.756273][ T7574] bond_slave_1: entered promiscuous mode
[  418.900126][ T7574] bond0: left promiscuous mode
[  418.900147][ T7574] bond_slave_0: left promiscuous mode
[  418.900417][ T7574] bond_slave_1: left promiscuous mode
[  418.903299][ T7575] mmap: syz.4.404 (7575) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  420.055198][   T59] Bluetooth: hci6: command tx timeout
[  422.339587][   T59] Bluetooth: hci6: command tx timeout
[  424.279565][ T3503] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  424.464681][   T59] Bluetooth: hci6: command tx timeout
[  424.485286][ T7554] bridge0: port 1(bridge_slave_0) entered blocking state
[  424.485454][ T7554] bridge0: port 1(bridge_slave_0) entered disabled state
[  424.485717][ T7554] bridge_slave_0: entered allmulticast mode
[  424.535029][ T7554] bridge_slave_0: entered promiscuous mode
[  424.554927][ T7554] bridge0: port 2(bridge_slave_1) entered blocking state
[  424.787181][ T7554] bridge0: port 2(bridge_slave_1) entered disabled state
[  424.787442][ T7554] bridge_slave_1: entered allmulticast mode
[  424.790323][ T7554] bridge_slave_1: entered promiscuous mode
[  428.512939][ T3503] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.644443][ T7554] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  428.684989][ T7554] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  429.047971][    C1] vkms_vblank_simulate: vblank timer overrun
[  430.148137][ T7628] No control pipe specified
[  430.619431][ T7632] netlink: 16 bytes leftover after parsing attributes in process `syz.0.419'.
[  430.619605][ T7632] netlink: 20 bytes leftover after parsing attributes in process `syz.0.419'.
[  431.556663][    C1] vkms_vblank_simulate: vblank timer overrun
[  431.703119][ T7636] netlink: 28 bytes leftover after parsing attributes in process `syz.0.421'.
[  431.703161][ T7636] netlink: 28 bytes leftover after parsing attributes in process `syz.0.421'.
[  431.938263][ T3503] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.030706][ T7554] team0: Port device team_slave_0 added
[  432.057354][ T7636] bond0: entered promiscuous mode
[  432.057377][ T7636] bond_slave_0: entered promiscuous mode
[  432.061186][ T7636] bond_slave_1: entered promiscuous mode
[  432.159668][ T7636] bond0: left promiscuous mode
[  432.159687][ T7636] bond_slave_0: left promiscuous mode
[  432.159889][ T7636] bond_slave_1: left promiscuous mode
[  432.624008][ T7554] team0: Port device team_slave_1 added
[  432.771971][ T7640] CUSE: info not properly terminated
[  433.374107][ T3503] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  433.926143][ T7554] batman_adv: batadv0: Adding interface: batadv_slave_0
[  433.926157][ T7554] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  433.926176][ T7554] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  433.930297][ T7554] batman_adv: batadv0: Adding interface: batadv_slave_1
[  433.930310][ T7554] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  433.930438][ T7554] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  434.850940][   T37] Bluetooth: hci4: Frame reassembly failed (-84)
[  435.049835][ T7554] hsr_slave_0: entered promiscuous mode
[  435.062352][ T7554] hsr_slave_1: entered promiscuous mode
[  435.073989][ T7554] debugfs: 'hsr0' already exists in 'hsr'
[  435.074013][ T7554] Cannot create hsr debugfs directory
[  436.865008][ T5849] Bluetooth: hci4: command 0x1003 tx timeout
[  436.867451][   T59] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  437.385171][ T7663] No control pipe specified
[  438.843616][ T7672] netlink: 16 bytes leftover after parsing attributes in process `syz.4.430'.
[  438.843760][ T7672] netlink: 20 bytes leftover after parsing attributes in process `syz.4.430'.
[  440.027555][ T3503] bridge_slave_1: left allmulticast mode
[  440.028181][ T3503] bridge_slave_1: left promiscuous mode
[  440.029381][ T3503] bridge0: port 2(bridge_slave_1) entered disabled state
[  440.638340][ T3503] bridge_slave_0: left allmulticast mode
[  440.638379][ T3503] bridge_slave_0: left promiscuous mode
[  440.640488][ T3503] bridge0: port 1(bridge_slave_0) entered disabled state
[  441.531851][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  443.594680][ T5849] Bluetooth: hci4: command 0x1003 tx timeout
[  443.594984][   T59] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  444.364297][ T3503] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  444.412423][ T3503] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  444.449829][ T3503] bond0 (unregistering): Released all slaves
[  445.484936][ T7710] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  445.856456][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  445.856530][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  446.062994][ T7712] CUSE: info not properly terminated
[  446.837730][   T31] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  447.298707][   T31] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  447.298728][   T31] usb 5-1: config 0 has no interfaces?
[  447.298752][   T31] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  447.298768][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.302803][   T31] usb 5-1: config 0 descriptor??
[  447.766267][   T31] usb 5-1: USB disconnect, device number 3
[  448.160094][ T7554] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  449.950791][ T7554] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  450.196357][ T7554] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  450.311905][ T7554] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  450.433858][ T7752] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  450.687796][ T3503] hsr_slave_0: left promiscuous mode
[  450.707725][ T5859] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  450.710098][ T3503] hsr_slave_1: left promiscuous mode
[  450.713352][ T3503] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  450.713470][ T3503] batman_adv: batadv0: Removing interface: batadv_slave_0
[  450.953559][ T3503] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  450.953640][ T3503] batman_adv: batadv0: Removing interface: batadv_slave_1
[  451.263778][ T5859] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  451.263806][ T5859] usb 4-1: config 0 has no interfaces?
[  451.263829][ T5859] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  451.263845][ T5859] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  451.277503][ T5859] usb 4-1: config 0 descriptor??
[  451.754683][ T3503] veth1_macvtap: left promiscuous mode
[  451.758977][ T3503] veth0_macvtap: left promiscuous mode
[  451.759369][ T3503] veth1_vlan: left promiscuous mode
[  451.759718][ T3503] veth0_vlan: left promiscuous mode
[  451.954784][ T5859] usb 4-1: USB disconnect, device number 6
[  455.207772][ T7766] netlink: 32 bytes leftover after parsing attributes in process `syz.0.444'.
[  455.260998][ T7767] netlink: 'syz.0.444': attribute type 10 has an invalid length.
[  459.309634][ T3503] team0 (unregistering): Port device team_slave_1 removed
[  459.543419][ T7782] CUSE: info not properly terminated
[  459.715562][ T3503] team0 (unregistering): Port device team_slave_0 removed
[  464.271151][ T7799] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  464.297962][ T7805] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  466.136770][ T7819] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  467.981042][ T7554] 8021q: adding VLAN 0 to HW filter on device bond0
[  468.052605][ T7554] 8021q: adding VLAN 0 to HW filter on device team0
[  468.090547][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  468.094751][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  468.129139][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  468.129300][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  468.503660][ T7554] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  468.753841][    C0] vkms_vblank_simulate: vblank timer overrun
[  468.899554][ T7845] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  469.070096][    C0] vkms_vblank_simulate: vblank timer overrun
[  469.207845][    C0] vkms_vblank_simulate: vblank timer overrun
[  469.665481][    C0] vkms_vblank_simulate: vblank timer overrun
[  469.829298][ T7852] netlink: 32 bytes leftover after parsing attributes in process `syz.3.462'.
[  469.871165][ T7852] netlink: 'syz.3.462': attribute type 10 has an invalid length.
[  470.721704][ T7869] block nbd0: Attempted send on invalid socket
[  470.721725][ T7869] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  471.090295][    C0] vkms_vblank_simulate: vblank timer overrun
[  471.291535][    C0] vkms_vblank_simulate: vblank timer overrun
[  472.160159][    C0] vkms_vblank_simulate: vblank timer overrun
[  473.897748][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  473.903530][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  473.919811][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  473.985595][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  473.997132][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  474.466340][ T7895] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  474.875588][ T7896] syz.3.467 (7896) used greatest stack depth: 16952 bytes left
[  475.323394][ T7900] CUSE: info not properly terminated
[  476.066531][ T5849] Bluetooth: hci4: command tx timeout
[  478.166693][ T5849] Bluetooth: hci4: command tx timeout
[  480.133565][ T7934] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  480.802081][ T5849] Bluetooth: hci4: command tx timeout
[  481.153286][ T7926] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  482.865666][   T59] Bluetooth: hci4: command tx timeout
[  482.948968][ T7958] block nbd0: Attempted send on invalid socket
[  482.949009][ T7958] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  483.685741][ T7890] chnl_net:caif_netlink_parms(): no params data found
[  483.728517][ T7961] syzkaller0: entered promiscuous mode
[  483.728542][ T7961] syzkaller0: entered allmulticast mode
[  484.144753][ T5849] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  485.841719][ T7971] random: crng reseeded on system resumption
[  486.615123][    C1] vkms_vblank_simulate: vblank timer overrun
[  486.729324][    C1] vkms_vblank_simulate: vblank timer overrun
[  487.432126][    C1] vkms_vblank_simulate: vblank timer overrun
[  487.742249][    C1] vkms_vblank_simulate: vblank timer overrun
[  487.779851][    C1] vkms_vblank_simulate: vblank timer overrun
[  488.599208][    C1] vkms_vblank_simulate: vblank timer overrun
[  491.237420][    C1] vkms_vblank_simulate: vblank timer overrun
[  491.413525][ T8016] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  491.535749][    C1] vkms_vblank_simulate: vblank timer overrun
[  493.072519][ T8026] block nbd0: Attempted send on invalid socket
[  493.072547][ T8026] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  493.185079][ T8027] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  494.001982][ T7890] bridge0: port 1(bridge_slave_0) entered blocking state
[  494.002128][ T7890] bridge0: port 1(bridge_slave_0) entered disabled state
[  494.002380][ T7890] bridge_slave_0: entered allmulticast mode
[  494.061945][ T7890] bridge_slave_0: entered promiscuous mode
[  495.202910][ T8036] random: crng reseeded on system resumption
[  497.624861][ T7890] bridge0: port 2(bridge_slave_1) entered blocking state
[  497.625016][ T7890] bridge0: port 2(bridge_slave_1) entered disabled state
[  497.625298][ T7890] bridge_slave_1: entered allmulticast mode
[  497.628215][ T7890] bridge_slave_1: entered promiscuous mode
[  498.367258][ T7890] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  498.925190][ T8046] random: crng reseeded on system resumption
[  498.925190][ T8046] random: crng reseeded on system resumption
[  499.066097][ T8046] PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
[  499.066154][ T8046] PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
[  499.066293][ T8046] PM: hibernation: Marking nosave pages: [mem 0xbfffd000-0xffffffff]
[  499.066369][ T8046] PM: hibernation: Basic memory bitmaps created
[  499.624902][ T8047] PM: hibernation: Basic memory bitmaps freed
[  499.638820][ T8046] ------------[ cut here ]------------
[  499.638832][ T8046] faux_driver vkms: [drm] vblank wait timed out on crtc 0
[  499.639386][ T8046] WARNING: CPU: 1 PID: 8046 at drivers/gpu/drm/drm_vblank.c:1308 drm_wait_one_vblank+0x571/0x5b0
[  499.639429][ T8046] Modules linked in:
[  499.639466][ T8046] CPU: 1 UID: 0 PID: 8046 Comm: syz.3.495 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  499.639484][ T8046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  499.639499][ T8046] RIP: 0010:drm_wait_one_vblank+0x571/0x5b0
[  499.639521][ T8046] Code: ff df 80 3c 08 00 74 08 4c 89 e7 e8 e9 4f be fc 4d 8b 2c 24 48 c7 c7 a0 a2 74 8b 4c 89 fe 4c 89 ea 44 89 f1 e8 10 da 23 fc 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 a7 fc ff ff 44 89 f9
[  499.639533][ T8046] RSP: 0018:ffffc90004497ae0 EFLAGS: 00010246
[  499.639546][ T8046] RAX: 07f8c71543ddbf00 RBX: 1ffff11028665001 RCX: 0000000000080000
[  499.639558][ T8046] RDX: ffffc90011ab1000 RSI: 000000000000155b RDI: 000000000000155c
[  499.639568][ T8046] RBP: ffffc90004497be0 R08: 0000000000000000 R09: 0000000000000000
[  499.639578][ T8046] R10: dffffc0000000000 R11: ffffed1017124863 R12: ffff888143314000
[  499.639590][ T8046] R13: ffffffff8b785260 R14: 0000000000000000 R15: ffffffff8b79eea0
[  499.639601][ T8046] FS:  00007faa9fba96c0(0000) GS:ffff8881269bc000(0000) knlGS:0000000000000000
[  499.639614][ T8046] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  499.639625][ T8046] CR2: 0000001b32312ff8 CR3: 000000005ef68000 CR4: 00000000003526f0
[  499.639639][ T8046] Call Trace:
[  499.639645][ T8046]  <TASK>
[  499.639656][ T8046]  ? __pfx_drm_wait_one_vblank+0x10/0x10
[  499.639677][ T8046]  ? __pfx_autoremove_wake_function+0x10/0x10
[  499.639701][ T8046]  ? __rcu_read_unlock+0x84/0xe0
[  499.639724][ T8046]  ? drm_vblank_get+0x148/0x260
[  499.639743][ T8046]  ? __pfx_drm_fb_helper_ioctl+0x10/0x10
[  499.639765][ T8046]  drm_fb_helper_ioctl+0x116/0x140
[  499.639788][ T8046]  do_fb_ioctl+0x45c/0x750
[  499.639811][ T8046]  ? __pfx_do_fb_ioctl+0x10/0x10
[  499.639841][ T8046]  ? rcu_is_watching+0x15/0xb0
[  499.639865][ T8046]  ? trace_irq_disable+0x37/0x110
[  499.639885][ T8046]  ? preempt_schedule_irq+0xde/0x150
[  499.639923][ T8046]  ? irqentry_exit+0x74/0x90
[  499.639947][ T8046]  ? lockdep_hardirqs_on+0x9c/0x150
[  499.639976][ T8046]  ? __pfx_fb_ioctl+0x10/0x10
[  499.639995][ T8046]  ? __se_sys_ioctl+0xed/0x170
[  499.640015][ T8046]  ? __pfx_fb_ioctl+0x10/0x10
[  499.640033][ T8046]  __se_sys_ioctl+0xff/0x170
[  499.640052][ T8046]  do_syscall_64+0xfa/0x3b0
[  499.640068][ T8046]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.640083][ T8046]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  499.640098][ T8046]  ? clear_bhb_loop+0x60/0xb0
[  499.640117][ T8046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.640132][ T8046] RIP: 0033:0x7faaa1daec29
[  499.640150][ T8046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  499.640162][ T8046] RSP: 002b:00007faa9fba9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  499.640177][ T8046] RAX: ffffffffffffffda RBX: 00007faaa1ff6270 RCX: 00007faaa1daec29
[  499.640188][ T8046] RDX: 0000000000000000 RSI: 0000000040044620 RDI: 0000000000000007
[  499.640197][ T8046] RBP: 00007faaa1e31e41 R08: 0000000000000000 R09: 0000000000000000
[  499.640207][ T8046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  499.640216][ T8046] R13: 00007faaa1ff6308 R14: 00007faaa1ff6270 R15: 00007fff1126eec8
[  499.640240][ T8046]  </TASK>
[  499.640250][ T8046] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  499.640261][ T8046] CPU: 1 UID: 0 PID: 8046 Comm: syz.3.495 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  499.640278][ T8046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  499.640287][ T8046] Call Trace:
[  499.640293][ T8046]  <TASK>
[  499.640299][ T8046]  dump_stack_lvl+0x99/0x250
[  499.640323][ T8046]  ? __asan_memcpy+0x40/0x70
[  499.640340][ T8046]  ? __pfx_dump_stack_lvl+0x10/0x10
[  499.640364][ T8046]  ? __pfx__printk+0x10/0x10
[  499.640391][ T8046]  vpanic+0x281/0x750
[  499.640415][ T8046]  ? __pfx__printk+0x10/0x10
[  499.640431][ T8046]  ? __pfx_vpanic+0x10/0x10
[  499.640454][ T8046]  ? is_bpf_text_address+0x26/0x2b0
[  499.640485][ T8046]  panic+0xb9/0xc0
[  499.640508][ T8046]  ? __pfx_panic+0x10/0x10
[  499.640542][ T8046]  __warn+0x31b/0x4b0
[  499.640564][ T8046]  ? drm_wait_one_vblank+0x571/0x5b0
[  499.640587][ T8046]  ? drm_wait_one_vblank+0x571/0x5b0
[  499.640607][ T8046]  report_bug+0x2be/0x4f0
[  499.640629][ T8046]  ? drm_wait_one_vblank+0x571/0x5b0
[  499.640650][ T8046]  ? drm_wait_one_vblank+0x571/0x5b0
[  499.640670][ T8046]  ? drm_wait_one_vblank+0x573/0x5b0
[  499.640690][ T8046]  handle_bug+0x84/0x160
[  499.640707][ T8046]  exc_invalid_op+0x1a/0x50
[  499.640723][ T8046]  asm_exc_invalid_op+0x1a/0x20
[  499.640737][ T8046] RIP: 0010:drm_wait_one_vblank+0x571/0x5b0
[  499.640758][ T8046] Code: ff df 80 3c 08 00 74 08 4c 89 e7 e8 e9 4f be fc 4d 8b 2c 24 48 c7 c7 a0 a2 74 8b 4c 89 fe 4c 89 ea 44 89 f1 e8 10 da 23 fc 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 a7 fc ff ff 44 89 f9
[  499.640770][ T8046] RSP: 0018:ffffc90004497ae0 EFLAGS: 00010246
[  499.640782][ T8046] RAX: 07f8c71543ddbf00 RBX: 1ffff11028665001 RCX: 0000000000080000
[  499.640794][ T8046] RDX: ffffc90011ab1000 RSI: 000000000000155b RDI: 000000000000155c
[  499.640804][ T8046] RBP: ffffc90004497be0 R08: 0000000000000000 R09: 0000000000000000
[  499.640814][ T8046] R10: dffffc0000000000 R11: ffffed1017124863 R12: ffff888143314000
[  499.640825][ T8046] R13: ffffffff8b785260 R14: 0000000000000000 R15: ffffffff8b79eea0
[  499.640853][ T8046]  ? __pfx_drm_wait_one_vblank+0x10/0x10
[  499.640874][ T8046]  ? __pfx_autoremove_wake_function+0x10/0x10
[  499.640896][ T8046]  ? __rcu_read_unlock+0x84/0xe0
[  499.640927][ T8046]  ? drm_vblank_get+0x148/0x260
[  499.640946][ T8046]  ? __pfx_drm_fb_helper_ioctl+0x10/0x10
[  499.640967][ T8046]  drm_fb_helper_ioctl+0x116/0x140
[  499.640990][ T8046]  do_fb_ioctl+0x45c/0x750
[  499.641011][ T8046]  ? __pfx_do_fb_ioctl+0x10/0x10
[  499.641041][ T8046]  ? rcu_is_watching+0x15/0xb0
[  499.641066][ T8046]  ? trace_irq_disable+0x37/0x110
[  499.641085][ T8046]  ? preempt_schedule_irq+0xde/0x150
[  499.641115][ T8046]  ? irqentry_exit+0x74/0x90
[  499.641139][ T8046]  ? lockdep_hardirqs_on+0x9c/0x150
[  499.641168][ T8046]  ? __pfx_fb_ioctl+0x10/0x10
[  499.641186][ T8046]  ? __se_sys_ioctl+0xed/0x170
[  499.641206][ T8046]  ? __pfx_fb_ioctl+0x10/0x10
[  499.641224][ T8046]  __se_sys_ioctl+0xff/0x170
[  499.641243][ T8046]  do_syscall_64+0xfa/0x3b0
[  499.641259][ T8046]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.641273][ T8046]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  499.641289][ T8046]  ? clear_bhb_loop+0x60/0xb0
[  499.641307][ T8046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.641322][ T8046] RIP: 0033:0x7faaa1daec29
[  499.641334][ T8046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  499.641346][ T8046] RSP: 002b:00007faa9fba9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  499.641361][ T8046] RAX: ffffffffffffffda RBX: 00007faaa1ff6270 RCX: 00007faaa1daec29
[  499.641372][ T8046] RDX: 0000000000000000 RSI: 0000000040044620 RDI: 0000000000000007
[  499.641381][ T8046] RBP: 00007faaa1e31e41 R08: 0000000000000000 R09: 0000000000000000
[  499.641391][ T8046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  499.641399][ T8046] R13: 00007faaa1ff6308 R14: 00007faaa1ff6270 R15: 00007fff1126eec8
[  499.641423][ T8046]  </TASK>
[  499.641804][ T8046] Kernel Offset: disabled