last executing test programs:

15m14.652887081s ago: executing program 3 (id=8):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_sctp(0x2, 0x5, 0x84)
capset(0x0, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x101842, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
pwrite64(0xffffffffffffffff, &(0x7f0000000400), 0x0, 0x8000c61)
socket$nl_route(0x10, 0x3, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000440)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x58}}, 0x800)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x60caf68a)

15m14.533545087s ago: executing program 0 (id=1):
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(0xffffffffffffffff, 0xc04c5349, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000240)={[0x74, 0x20005, 0x6f8d8e6f, 0x4000000000, 0x6, 0x1000000002, 0x1041, 0x0, 0xfffffffffffffffa, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x9, 0x800005, 0x6a], 0xd000, 0x1000d6})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)

15m13.297398485s ago: executing program 3 (id=11):
r0 = syz_open_dev$media(&(0x7f0000000300), 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$MEDIA_IOC_G_TOPOLOGY(r0, 0xc0487c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x100000e, 0x4018831, 0xffffffffffffffff, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x7bff, &(0x7f0000000180)={&(0x7f0000000140)=@delqdisc={0xfffffffffffffc9b}, 0x49d32d254ae22f79}}, 0x0)

15m11.754914692s ago: executing program 3 (id=12):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
getpid()
ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=<r0=>0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000080)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0)
pread64(r2, &(0x7f0000000200)=""/102, 0x66, 0x2000000fc)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040))
close_range(r3, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r5, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r4], 0x38}}, 0x10)

15m9.990725493s ago: executing program 0 (id=14):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mremap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @time={0x3, 0x8}, {}, {0xfd}, @raw32={[0x0, 0x0, 0x2]}}], 0x1c)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f0000000300))
quotactl$Q_QUOTAOFF(0xffffffff80000302, &(0x7f0000000000)=@nullb, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x1d, &(0x7f0000000180)=0x7, 0x4)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000340)=0x63aa, 0x4)
setsockopt$inet6_int(r2, 0x29, 0x31, &(0x7f0000000100)=0x8, 0x4)
sendmmsg$inet6(r2, &(0x7f0000000080)=[{{&(0x7f0000000040)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x11}}, 0x8}, 0x1c, 0x0}}], 0x1, 0x40040000)
recvmmsg(r2, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f80)=""/117, 0xffffffffffffff62}, 0x6}], 0x1, 0x40002022, 0x0)

15m7.904229213s ago: executing program 3 (id=16):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
unshare(0x400)
socket$inet6_mptcp(0xa, 0x1, 0x106)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
r1 = syz_open_dev$mouse(&(0x7f0000000180), 0x0, 0x2)
readv(r1, &(0x7f0000000980)=[{&(0x7f0000000000)=""/58, 0x3a}], 0x1)
socket$packet(0x11, 0x2, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000100), 0x80000000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000080)=0x2)
ioctl$vim2m_VIDIOC_DQBUF(r3, 0xc0585611, &(0x7f0000000380)=@mmap={0x401, 0x2, 0x4, 0x10, 0x4, {0x77359400}, {0x3, 0x0, 0xf, 0x6, 0x3, 0x1, "a91b63d9"}, 0x4, 0x1, {}, 0x101})
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000240)={0xf0f046, 0x100000})
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)

15m7.85282419s ago: executing program 0 (id=17):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
r2 = socket$inet6_icmp(0xa, 0x2, 0x3a)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', <r3=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r3, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000380)={'vxcan0\x00', <r5=>0x0})
bind$can_j1939(r1, &(0x7f0000000580)={0x1d, r5, 0x1, {0x0, 0x0, 0x2}, 0xfd}, 0x18)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r3, {0x6, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850)

15m1.13608806s ago: executing program 0 (id=22):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xb783, 0x80, 0x0, 0x1b7}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0)
pipe2$9p(0x0, 0x4000)
read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x10)
r3 = syz_init_net_socket$ax25(0x3, 0x5, 0xca)
bind$ax25(r3, &(0x7f0000000540)={{0x3, @default}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]}, 0x48)
sendto$ax25(r3, 0x0, 0x20, 0x40, &(0x7f00000001c0)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x5}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x3, 0x200000000000032a, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
syz_open_dev$radio(0x0, 0x0, 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2003, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(0xffffffffffffffff, 0x4068aea3, &(0x7f00000002c0)={0xc0, 0x0, 0x4000})
ioctl$KVM_RESET_DIRTY_RINGS(0xffffffffffffffff, 0xaec7)

15m1.033221249s ago: executing program 3 (id=23):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b70300000000000085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}})
ioctl$VIDIOC_QBUF(r4, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "8000"}, 0x0, 0x2, {}, 0x20800})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x2, 0x4, 0x3}, 0x50)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x998d, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x7f0b31bbe8cb82f}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000009}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@delqdisc={0x24, 0x25, 0x200, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0xffff}, {0x3, 0xd}, {0x8, 0xf}}}, 0x24}}, 0x84)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)

14m57.37968828s ago: executing program 3 (id=27):
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47bc, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(r0, 0xc0044dff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r4 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
fanotify_mark(0xffffffffffffffff, 0x105, 0x40009975, r4, 0x0)
fallocate(r3, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r3, 0x0)

14m57.378114095s ago: executing program 0 (id=28):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40003})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38})
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6, 0x0, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc})
r7 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00464b4, &(0x7f0000000400)={r6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000140)={0x6, 0x1000, 0x800})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000002c0)={0x8, 0xd7, 0x8})
close_range(r0, 0xffffffffffffffff, 0x0)

14m52.913494282s ago: executing program 0 (id=31):
r0 = socket$kcm(0xa, 0x1, 0x106)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x2, 'dh\x00', 0x1, 0x5, 0x4a}, 0x2c)
ioctl$VFAT_IOCTL_READDIR_BOTH(r1, 0x82187201, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r2, 0x400448ca, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="8000000008021100000108021100000008021100"], 0x36)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000181000010000000000000000000000000a40000000060a010400000000000000000200050000000000000400000000000000796e7365740000180002800900010073797a30000000000800044000000000140000001100010000000000000000000000000a"], 0x68}}, 0x0)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00', @ANYRES16=r3], 0x44}}, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r4, 0x400452c8, &(0x7f0000000100))
sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0}, 0x20000001)

14m34.919680113s ago: executing program 32 (id=27):
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47bc, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(r0, 0xc0044dff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r4 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
fanotify_mark(0xffffffffffffffff, 0x105, 0x40009975, r4, 0x0)
fallocate(r3, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r3, 0x0)

14m34.710856448s ago: executing program 33 (id=31):
r0 = socket$kcm(0xa, 0x1, 0x106)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x2, 'dh\x00', 0x1, 0x5, 0x4a}, 0x2c)
ioctl$VFAT_IOCTL_READDIR_BOTH(r1, 0x82187201, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r2, 0x400448ca, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="8000000008021100000108021100000008021100"], 0x36)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000181000010000000000000000000000000a40000000060a010400000000000000000200050000000000000400000000000000796e7365740000180002800900010073797a30000000000800044000000000140000001100010000000000000000000000000a"], 0x68}}, 0x0)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00', @ANYRES16=r3], 0x44}}, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r4, 0x400452c8, &(0x7f0000000100))
sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0}, 0x20000001)

14m27.502056828s ago: executing program 1 (id=56):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8b}, 0x0)
r0 = socket(0x2a, 0x2, 0x0)
unshare(0x8000600)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
syz_open_procfs(0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='befs\x00', 0x4015, 0x0)
mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x200000000004, 0x0)
r2 = io_uring_setup(0x177f, &(0x7f0000000140)={0x0, 0x7287})
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x200, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4ac2d78a}}, 0x0, 0x0, 0x3f, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback, 0xfffffffd}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)
close_range(r2, 0xffffffffffffffff, 0x0)

14m25.319018316s ago: executing program 1 (id=51):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x2}}, 0x2e)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r3, {}, 0x2, 0x4}}, 0x26)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x625}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYBLOB='\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
r4 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x19, 0x0, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x200c8084, &(0x7f0000000080)={0xa, 0x4e21, 0xffffffff, @mcast1}, 0x1c)
sendto$inet6(r4, &(0x7f0000001cc0)="2501d77b330b7e73d6b1d1b8a473ff7420b4b43ce0861f000000", 0x1a, 0x8000, 0x0, 0x0)
recvmmsg(r4, &(0x7f0000002480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002003, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
socket$nl_route(0x10, 0x3, 0x0)

14m22.434785089s ago: executing program 1 (id=53):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000000)={'\x00', 0x3, 0x0, 0x1, 0xff, 0x9})
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r4 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, 0x0)
r5 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x169, 0x0)
fcntl$setlease(r5, 0x400, 0x0)
mq_unlink(&(0x7f0000000340)='eth0\x00')
ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x0)
mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000580), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="6d706f6c3d64656661756c743d7374617469633a2c00a5565351c03c21a3407b27655d9a5db05be20340a01dfb73947a24ffd8a68d68e78776eff87dbf7471176b34e4ef0301753a0789428946b3a9117da2845a5881287661dbaeaf939a2732b086753362f32a491a8d60040d97eff48407b67846e095b2127cc72310c1bb2dc13b735bb9bb70adb91268fb1e787e2c6c78bea66316ef1ac8a5952b5512656bd73655530b8f06e40ea8913be358b7e138ebfa3ed52570a816"])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x8031, 0xffffffffffffffff, 0x0)

14m17.539676681s ago: executing program 1 (id=59):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet6(0xa, 0x1, 0x8010000000000084)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)

14m15.120937106s ago: executing program 1 (id=61):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x5, 0x8, 0x0, 0xb}, 0x0)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
symlink(0x0, &(0x7f0000000000)='./file0\x00')
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r5, 0x4038ae7a, &(0x7f0000000100)={0x2, 0x40000105, 0x0, 0x0})
openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

14m13.15511028s ago: executing program 1 (id=65):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETOBJ(r1, 0x0, 0x24040808)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x1e, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$bt_hci(r2, 0x84, 0x7f, 0x0, 0x0)
clock_gettime(0x4, 0x0)
clock_settime(0x0, &(0x7f0000000240))
syz_emit_vhci(0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='environ\x00')
socket$unix(0x1, 0x5, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
socket$packet(0x11, 0x2, 0x300)

14m11.396152043s ago: executing program 34 (id=65):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETOBJ(r1, 0x0, 0x24040808)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x1e, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$bt_hci(r2, 0x84, 0x7f, 0x0, 0x0)
clock_gettime(0x4, 0x0)
clock_settime(0x0, &(0x7f0000000240))
syz_emit_vhci(0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='environ\x00')
socket$unix(0x1, 0x5, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
socket$packet(0x11, 0x2, 0x300)

12m21.350758893s ago: executing program 6 (id=130):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x24}}, 0x4000000)
openat$cgroup_pressure(0xffffffffffffffff, 0x0, 0x2, 0x0)
close(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000300)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x5fc, 0x83, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x20}}}}}}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14}, [], {0x14}}, 0x28}}, 0x40880)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents(r3, &(0x7f0000001fc0)=""/184, 0xb8)
r4 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000001200000008000800000000000800090000000000180001801400020076657468305f746f5f626f6e640000000800070000000000080006"], 0x4c}}, 0x0)
mknodat$loop(r4, &(0x7f00000002c0)='./file1\x00', 0x6000, 0x0)
setsockopt$sock_timeval(r4, 0x1, 0x14, &(0x7f0000000100)={0x0, 0xea60}, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)={0x2c, 0x0, 0x1, 0x2, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_LEVEL={0xc, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x2}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4085}, 0x4000)

12m17.910223604s ago: executing program 6 (id=135):
r0 = syz_open_dev$evdev(0x0, 0x1, 0x8c2b01)
ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f00000003c0)=0x1)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x6c, 0x4, 0xfe, 0x9, 0x3f, 0x0, 0x8, 0x8, 0x93, 0x6, 0x4, 0x8, 0x3}, 0xe)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvfrom(r2, 0x0, 0x0, 0x100, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000140)=0x6)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$smc(&(0x7f0000001500), 0xffffffffffffffff)
sendmsg$SMC_PNETID_GET(r6, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001540)={0x14, r7, 0x715, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x228e660f298b4052}, 0x40000)
sendmsg$NFT_MSG_GETSET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x14, 0xa, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0xdef98b386264d0e0}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

12m12.67189521s ago: executing program 6 (id=143):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
waitid$P_PIDFD(0x3, 0xffffffffffffffff, 0x0, 0x8, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
bind$tipc(r4, &(0x7f0000000340)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}, 0x100000}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x7, 0x5, 0x77}, {@private=0xa010101, 0x4e23, 0x1, 0xcd, 0x12d5f, 0x3}}, 0x44)
socket(0x2, 0x80805, 0x0)
r5 = fsopen(&(0x7f0000000080)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)

12m11.446722516s ago: executing program 6 (id=145):
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
io_getevents(0x0, 0x4, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x1, 0x2, &(0x7f0000000640)=ANY=[@ANYBLOB="6110a1000000000095"], &(0x7f0000000200)='GPL\x00'}, 0x94)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r1 = dup(r0)
ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000040)={0x57, 0x1, 0xb})
io_destroy(0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100), 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='quota,grpquota_inode_hardlimit=3,noswap'])
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x57, 0x7fc00100}]})
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000740)={<r4=>0x0})
io_uring_setup(0xaae, 0x0)
r5 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
read$FUSE(r6, &(0x7f00000014c0)={0x2020}, 0x2020)
ioctl$VIDIOC_S_CTRL(r6, 0xc008561c, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f00000000c0)={r4})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000003c0)={<r7=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000080)={r7, 0x3, r2, 0x5})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, 0x0, 0x0)

12m8.363466822s ago: executing program 6 (id=148):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
clock_getres(0x5d2d578ddb601e47, 0x0)
r0 = gettid()
r1 = socket$key(0xf, 0x3, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0xc00, &(0x7f0000000080)={[{@quota}, {@usrquota_inode_hardlimit={'usrquota_inode_hardlimit', 0x3d, [0x37]}}]})
chdir(&(0x7f0000000240)='./file0\x00')
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r2 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r2, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="0203100802"], 0x10}}, 0x0)
recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400})
process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x28012, r3, 0x0)
socket$igmp(0x2, 0x3, 0x2)

12m4.517746302s ago: executing program 6 (id=154):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x200000c1, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e22}, 0x21)
r6 = gettid()
ioctl$int_in(r5, 0x5452, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)=<r7=>0x0)
timer_settime(r7, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
splice(r5, 0x0, r8, 0x0, 0xaf4, 0x0)

11m47.748783072s ago: executing program 35 (id=154):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x200000c1, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e22}, 0x21)
r6 = gettid()
ioctl$int_in(r5, 0x5452, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)=<r7=>0x0)
timer_settime(r7, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
splice(r5, 0x0, r8, 0x0, 0xaf4, 0x0)

10m43.507106007s ago: executing program 7 (id=244):
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280), 0x17)
msgget(0x2, 0x604)
syz_genetlink_get_family_id$tipc(&(0x7f0000000400), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f0000000640)=@framed={{}, [@map_fd={0x18, 0x0, 0x2, 0x0, r0}, @ldst={0x1, 0x2, 0x4}]}, &(0x7f0000000d40)='syzkaller\x00'}, 0x94)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
mknodat$loop(r4, &(0x7f0000000340)='./file1\x00', 0x40, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
linkat(r4, &(0x7f0000000000)='./file0\x00', r4, &(0x7f0000000040)='./bus\x00', 0x1000)
rename(&(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='./bus\x00')
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)

10m42.271439383s ago: executing program 7 (id=246):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0xfe2e, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x24040808)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007a00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x42}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0x42000)
ioctl$SNDRV_PCM_IOCTL_XRUN(r2, 0x4148, 0x0)
r3 = socket(0x2a, 0x4, 0x6949)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0x39, &(0x7f0000000080)={0x0, 0x2, 0x2, 0x1, 0x0, [@mcast2]}, 0x18)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000000)={@private0, 0x6, 0x0, 0xff, 0x1, 0x0, 0x2}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000080)={@dev, 0x400, 0x0, 0xff, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000040)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x200, 0x0, 0x3, 0xb, 0x13ec, 0x1}, 0x20)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[], 0x58}}, 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x7f, 0x0, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xc, 0x0, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000001080))
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000c40)=[{{&(0x7f0000000200)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000000000)=[{&(0x7f00000002c0)='\b\x00\x00\x00(\x00\x00\x00', 0x8}], 0x1}}], 0x1, 0x4802)
recvmsg(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, 0x0}, 0x10000)

10m36.685184585s ago: executing program 7 (id=251):
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, 0x0, &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
sendmmsg$inet6(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000600)}}], 0x1, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0xd94e8ec69dc85bd8)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x1c, 0x9, 0x6, 0x7, 0xa, 0x0, {0x2}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x80)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x42, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008081}, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
syz_open_procfs$namespace(0x0, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
socketpair(0x8000000000001e, 0x1, 0x0, &(0x7f0000000140))
getsockname$inet(r3, &(0x7f0000000000), &(0x7f0000001200)=0x10)
writev(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(r3, &(0x7f0000000080), 0x0, 0x14)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)

10m33.887111547s ago: executing program 7 (id=254):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000040)=@t={0x81, 0x8, 0x0, 0x0, @generic})
preadv(r0, &(0x7f0000000140), 0x0, 0x1c3, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x100, 0x0)
r4 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, 0x0, &(0x7f0000000040))
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000500)={0x0, 0x9}, 0x8)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = gettid()
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0)
read(r7, &(0x7f0000000200)=""/202, 0xca)
tkill(r6, 0x7)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r7, 0xc08c5336, &(0x7f0000000000)={0x1, 0x2, 0x0, 'queue0\x00', 0x3})

10m30.426915666s ago: executing program 7 (id=258):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$packet(0x11, 0x2, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000000c0))
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800"], 0x50)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000019c0)=ANY=[@ANYRES8=r0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x10, 0x1c, &(0x7f0000000580)=ANY=[@ANYBLOB="180800000000000000000000ffffff", @ANYRES32=r2, @ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b705006e190000000000000076000000bf9100000000000076080000010000008500000084000000b700000000000000950000000000000015e3da6a8684e7597ef464a098813fe73f358bb51b01bcd7c4ba8de8731aaeb65635982c0e09a64bf16b8c1af2fdb685332e82d93a8043a5f8354f2e45e10c8f2537985ce8ca0c48f6bd8b256cd640c951067056d1718a7b9b3c1717ee6a3aa72df5bb05a7b351846599b029fb580796d3ab5811e4f8f3323090516be102f4725d2c06997f9842cde53bac32d5842056f103ea54a6ccb8a6f0cd2c"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r4, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002"], 0x44}}, 0x0)
socket(0x10, 0x3, 0x0)
unshare(0x2c060000)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2c, 0x0, 0x0)
unshare(0x24020400)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup.cpu/syz1\x00', 0x1ff)
pipe(&(0x7f0000000480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
r7 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000010000000000000000"], 0x3}}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000580)=ANY=[], 0x7c}}, 0x20000050)
splice(r5, 0x0, r7, 0x0, 0x10d00, 0xf)

10m26.558225041s ago: executing program 7 (id=264):
openat$comedi(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
socket$netlink(0x10, 0x3, 0x0)
syz_open_dev$vbi(&(0x7f0000000b80), 0x3, 0x2)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0x1, &(0x7f0000000140)={0x26da8e97, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r4)
r5 = openat$cgroup_freezer_state(r4, &(0x7f0000000080), 0x2, 0x0)
sendfile(r5, r5, 0x0, 0x8000002)

10m10.708066862s ago: executing program 36 (id=264):
openat$comedi(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
socket$netlink(0x10, 0x3, 0x0)
syz_open_dev$vbi(&(0x7f0000000b80), 0x3, 0x2)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0x1, &(0x7f0000000140)={0x26da8e97, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r4)
r5 = openat$cgroup_freezer_state(r4, &(0x7f0000000080), 0x2, 0x0)
sendfile(r5, r5, 0x0, 0x8000002)

13.976294065s ago: executing program 2 (id=1129):
syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
poll(&(0x7f0000000200)=[{r0, 0x8110}], 0x1, 0x7f)

13.143975951s ago: executing program 2 (id=1134):
socket$kcm(0xa, 0x3, 0x11)
r0 = socket$kcm(0xf, 0x3, 0x2)
setsockopt$sock_attach_bpf(r0, 0x1, 0x23, &(0x7f0000000000), 0x4)
close(r0)

12.910979507s ago: executing program 8 (id=1135):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0xfffffffa)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"})
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000200)={0x1})
r2 = syz_open_pts(r0, 0x0)
ioctl$TCFLSH(r2, 0x540b, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ipvlan0\x00', <r6=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000280)={@local, 0x65, r6})
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x3, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000"], 0x0, 0x26}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, 0x0, 0x5, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x10, 0x1, &(0x7f0000000500)=ANY=[@ANYBLOB="6d9202000116f0dcaf4268bc051b416f58cb0646819cbb7328252c787b"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r9 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x4008890)
listen(r9, 0x0)
getsockopt$inet_mptcp_buf(r9, 0x11c, 0x4, &(0x7f00000000c0)=""/205, &(0x7f0000000080)=0xcd)

12.694238261s ago: executing program 2 (id=1136):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'hsr0\x00'})

11.551240301s ago: executing program 8 (id=1137):
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x9, @mcast2, 0x7}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f0000000180)={0xa, 0x4e21, 0x4080000, @dev={0xfe, 0x80, '\x00', 0x1a}}, 0x1c, 0x0}, 0x40c0)

11.303776068s ago: executing program 8 (id=1138):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8)
sendto$inet6(r0, &(0x7f0000000000)='W7', 0x2, 0x4, &(0x7f0000000100)={0xa, 0x0, 0x3, @loopback, 0x8}, 0x1c)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, 0x0, 0x0)

11.15939204s ago: executing program 2 (id=1140):
r0 = socket(0xa, 0x3, 0xff)
setsockopt$inet6_int(r0, 0x29, 0x4d, &(0x7f0000000040)=0xde8, 0x4)
recvmmsg(r0, &(0x7f0000004700)=[{{0x0, 0x0, 0x0}, 0x4f9}], 0x1, 0x0, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c89000c2c0120010000000000000000000000000001fe8000000000000000000000000000aaff"], 0x0)

11.121970822s ago: executing program 9 (id=279):
socket$l2tp(0x2, 0x2, 0x73)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x90e7d000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
r4 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x40100)
read$midi(r4, 0x0, 0x14)
socket$inet6_tcp(0xa, 0x1, 0x0)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)

10.902944318s ago: executing program 5 (id=1141):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getsockopt(0xffffffffffffffff, 0x28, 0x6, 0xfffffffffffffffc, &(0x7f0000000000)=0x5e)
r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680))
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_EXPBUF(r4, 0xc0405610, &(0x7f0000000040)={0x2, 0x0, 0x20})
syz_open_dev$tty1(0xc, 0x4, 0x1)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, 0x0, 0x0)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r0, 0xda90)

9.843251247s ago: executing program 2 (id=1142):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x7, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
remap_file_pages(&(0x7f00000c7000/0x3000)=nil, 0x3000, 0x2, 0xd, 0x0)

8.747964239s ago: executing program 5 (id=1144):
socket$tipc(0x1e, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x28, r1, 0xc4fc9e906872338b, 0x0, 0x0, {{0x5}, {@val={0x8}, @val={0xc, 0x99, {0x40}}}}}, 0x28}}, 0x0)

8.28692774s ago: executing program 9 (id=1145):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000003c0)='rcu_utilization\x00', r0}, 0x18)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYRES8=r1], 0x14}}, 0x800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x7)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x83f, 0x0, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_EEE_SET(r7, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000540)={0x2c, r8, 0x21, 0x70bd2b, 0x25dfdbfb, {}, [@ETHTOOL_A_EEE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r9 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r9, 0x4020565a, &(0x7f00000000c0)={0x2, 0x8, 0x2})
socket$nl_netfilter(0x10, 0x3, 0xc)

8.286393323s ago: executing program 5 (id=1146):
r0 = socket$alg(0x26, 0x5, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0xffffffffffffffbd, 0x0, 0x2}, 0x8000)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0)
fchmod(0xffffffffffffffff, 0x32)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0xffe4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000000c0), &(0x7f0000000040)=0x4)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000280)={0x0, 0x8, 0xd9}, 0x8)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x8, 0x530, 0xc, 0xfffffffffffffffd, 0x59c})
r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000))
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad", 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
mbind(&(0x7f00000a2000/0x4000)=nil, 0x4000, 0x4002, &(0x7f0000000200)=0x2000000000000008, 0x5, 0x3)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040906097c0c5bc9"], 0x9)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

8.177306917s ago: executing program 8 (id=1148):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f00000001c0)={0x44, r2, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0xc, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x9}]}, @NL80211_ATTR_SCAN_SSIDS={0x1c, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ibss_ssid}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x2404885c}, 0x40000)

5.036618713s ago: executing program 8 (id=1150):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
pipe(0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)}, &(0x7f0000000240)=0xc)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r3, 0x84, 0x7d, &(0x7f0000000000)="03020000008002ff", 0x8)
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
r4 = socket(0xa, 0x1, 0x0)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r4, &(0x7f0000000480)={0xa, 0xe64, 0x3, @empty, 0x2}, 0x1c)
syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x40)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r5 = inotify_init1(0x0)
unshare(0x2a020400)
r6 = fsopen(&(0x7f0000000600)='devpts\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x1, 0x1)
fchdir(r7)
r8 = open(&(0x7f0000000080)='.\x00', 0x480, 0x0)
fremovexattr(r8, &(0x7f0000000000)=@known='user.syz\x00')
inotify_add_watch(r5, &(0x7f0000000180)='./control\x00', 0x64000ae2)

5.032011539s ago: executing program 9 (id=1151):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000007c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_DEL_PMK(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000800)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20040}, 0x40010)

4.127207458s ago: executing program 9 (id=1152):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0xfffffffa)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"})
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000200)={0x1})
r2 = syz_open_pts(r0, 0x0)
ioctl$TCFLSH(r2, 0x540b, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket(0xa, 0x3, 0x87)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'ipvlan0\x00', <r5=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000480)={@private2, 0x3e, r5})
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000280)={@local, 0x65, r5})

3.82940164s ago: executing program 2 (id=1153):
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100004, 0xffff, 0xb, 0x1, 0x1, 0x1}, 0x50)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
preadv(r3, &(0x7f00000000c0)=[{&(0x7f00000010c0)=""/4097, 0x1001}], 0x1, 0x0, 0x0)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=""/40, 0x0, 0x0, 0x1, r2}, 0x38)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1f}, {0x85, 0x0, 0x0, 0x15}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

2.967635234s ago: executing program 9 (id=1155):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0xfffffffa)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"})
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000200)={0x1})
r2 = syz_open_pts(r0, 0x0)
ioctl$TCFLSH(r2, 0x540b, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ipvlan0\x00', <r6=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000280)={@local, 0x65, r6})
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x3, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000"], 0x0, 0x26}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, 0x0, 0x5, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x10, 0x1, &(0x7f0000000500)=ANY=[@ANYBLOB="6d9202000116f0dcaf4268bc051b416f58cb0646819cbb7328252c787b"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r9 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x4008890)
listen(r9, 0x0)
getsockopt$inet_mptcp_buf(r9, 0x11c, 0x4, &(0x7f00000000c0)=""/205, &(0x7f0000000080)=0xcd)

1.807104636s ago: executing program 4 (id=1157):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x2c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16d5}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x2c}}, 0x0)

1.433320592s ago: executing program 4 (id=1158):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)={0x34, r2, 0x5, 0x4000, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="8b"}, @crypto_settings=[@NL80211_ATTR_AKM_SUITES={0x10, 0x4c, [0xfac0c, 0xfac0e, 0xfac11]}]]}, 0x34}}, 0x0)

1.369699248s ago: executing program 5 (id=1159):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x300}, 0x4000)

691.225656ms ago: executing program 4 (id=1160):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, "fbddf0", 0x8, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @mcast2, {[], @echo_reply={0x81, 0x0, 0x0, 0x2, 0x4}}}}}}, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x464, 0x4)
recvmmsg(r0, &(0x7f0000000d00)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x400005aa, 0x0)

573.93305ms ago: executing program 5 (id=1161):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="09000000070000002a00000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000180)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

541.862591ms ago: executing program 4 (id=1162):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregset(0x4205, r0, 0x1, &(0x7f0000000100)={&(0x7f0000000040)="dcef58b7f29c1f7c93d183044aedba283413e674c7719c33a4b17f028f68610a6c55bb2bf8282853f3e16f8394a8676ff55a3507e2ad50248c6130863b0f7433c7fbc9b978a39eae88bffd05d139cedbee444f7c98e1f92b0f64462b4b470bedced2125e0b1f38fbaa348c6d75aa1a4011e9cdae15ecb9309b0101edbf6dd6d111d6132f1821a4e4cbec8438c571a70e7ca7b0451a6cc55c", 0x98})
ptrace$setregset(0x4205, r0, 0x1, &(0x7f0000000180)={0x0})

307.13745ms ago: executing program 5 (id=1163):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff)
recvmmsg(r0, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f00000009c0)=""/151, 0x97}, {&(0x7f00000000c0)=""/192, 0xc0}, {&(0x7f0000000180)=""/154, 0x9a}, {&(0x7f0000000a80)=""/178, 0xb2}, {&(0x7f0000001640)=""/4069, 0xfe5}], 0x5}}], 0x1, 0x2, 0x0)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0)

166.475658ms ago: executing program 4 (id=1164):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r2, &(0x7f0000001bc0)={0x0, 0x0, &(0x7f0000001b80)={&(0x7f0000001b00)={0x30, r1, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000c4}, 0x0)

137.384585ms ago: executing program 8 (id=1165):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0xfffffffa)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"})
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000200)={0x1})
r2 = syz_open_pts(r0, 0x0)
ioctl$TCFLSH(r2, 0x540b, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket(0xa, 0x3, 0x87)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'ipvlan0\x00', <r5=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000480)={@private2, 0x3e, r5})
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000280)={@local, 0x65, r5})

108.557322ms ago: executing program 9 (id=1166):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='bbr\x00', 0x4)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xfffffffd, @empty}, 0x1c)

0s ago: executing program 4 (id=1167):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffc, 0x4, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
clock_getres(0xfffffffffffffff1, 0x0)

kernel console output (not intermixed with test programs):

18][ T7803] program syz.5.328 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  452.651342][ T7803] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  453.720416][ T7706] lo speed is unknown, defaulting to 1000
[  456.324184][ T1127] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  457.492339][ T7828] input: syz0 as /devices/virtual/input/input7
[  459.296889][ T7836] syz.2.337 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  462.081491][    C0] vkms_vblank_simulate: vblank timer overrun
[  462.326541][    C0] vkms_vblank_simulate: vblank timer overrun
[  462.622605][ T1127] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  462.655856][ T7850] syz.2.340 uses obsolete (PF_INET,SOCK_PACKET)
[  462.691724][    C0] vkms_vblank_simulate: vblank timer overrun
[  463.276572][    C0] vkms_vblank_simulate: vblank timer overrun
[  463.511863][    C0] vkms_vblank_simulate: vblank timer overrun
[  463.550437][ T7851] netlink: 140 bytes leftover after parsing attributes in process `syz.4.341'.
[  463.551009][ T7566] bridge0: port 1(bridge_slave_0) entered blocking state
[  463.551083][ T7566] bridge0: port 1(bridge_slave_0) entered disabled state
[  463.551243][ T7566] bridge_slave_0: entered allmulticast mode
[  463.559536][ T7566] bridge_slave_0: entered promiscuous mode
[  463.604280][ T7566] bridge0: port 2(bridge_slave_1) entered blocking state
[  463.604416][ T7566] bridge0: port 2(bridge_slave_1) entered disabled state
[  463.604592][ T7566] bridge_slave_1: entered allmulticast mode
[  463.627830][ T7566] bridge_slave_1: entered promiscuous mode
[  463.979884][    C0] vkms_vblank_simulate: vblank timer overrun
[  464.266975][    C0] vkms_vblank_simulate: vblank timer overrun
[  465.076805][ T6318] IPVS: starting estimator thread 0...
[  465.109397][    C0] vkms_vblank_simulate: vblank timer overrun
[  465.306955][ T7865] IPVS: using max 7 ests per chain, 16800 per kthread
[  465.358924][    C0] vkms_vblank_simulate: vblank timer overrun
[  466.428274][ T7566] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  466.445392][ T7566] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  466.477122][    C0] vkms_vblank_simulate: vblank timer overrun
[  467.017919][    C0] vkms_vblank_simulate: vblank timer overrun
[  468.361704][ T7890] netlink: 24 bytes leftover after parsing attributes in process `syz.4.349'.
[  468.998794][    C0] vkms_vblank_simulate: vblank timer overrun
[  469.020945][ T7882] ALSA: mixer_oss: invalid OSS volume ''
[  470.267744][    C0] vkms_vblank_simulate: vblank timer overrun
[  470.306149][    C0] vkms_vblank_simulate: vblank timer overrun
[  470.735983][    C0] vkms_vblank_simulate: vblank timer overrun
[  470.813528][    C0] vkms_vblank_simulate: vblank timer overrun
[  470.898387][    C0] vkms_vblank_simulate: vblank timer overrun
[  471.196781][    C0] vkms_vblank_simulate: vblank timer overrun
[  471.241439][    C0] vkms_vblank_simulate: vblank timer overrun
[  471.482388][ T5154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  471.523882][ T5154] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  471.525631][ T5154] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  471.546215][ T5154] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  471.554955][ T5154] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  471.907117][ T1127] bridge_slave_1: left allmulticast mode
[  471.907178][ T1127] bridge_slave_1: left promiscuous mode
[  471.907383][ T1127] bridge0: port 2(bridge_slave_1) entered disabled state
[  472.077188][ T7919] GUP no longer grows the stack in syz.4.357 (7919): 200000004000-20000000a000 (200000002000)
[  472.077237][ T7919] CPU: 1 UID: 0 PID: 7919 Comm: syz.4.357 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  472.077258][ T7919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  472.077272][ T7919] Call Trace:
[  472.077279][ T7919]  <TASK>
[  472.077287][ T7919]  dump_stack_lvl+0x189/0x250
[  472.077319][ T7919]  ? __pfx_dump_stack_lvl+0x10/0x10
[  472.077344][ T7919]  ? __pfx__printk+0x10/0x10
[  472.077361][ T7919]  ? find_vma+0xe7/0x160
[  472.077405][ T7919]  __get_user_pages+0x237e/0x2b60
[  472.077468][ T7919]  get_user_pages_remote+0x2f1/0xad0
[  472.077492][ T7919]  ? __pfx_mtree_load+0x10/0x10
[  472.077521][ T7919]  ? __pfx_get_user_pages_remote+0x10/0x10
[  472.077547][ T7919]  ? __access_remote_vm+0x367/0x7d0
[  472.077577][ T7919]  __access_remote_vm+0x211/0x7d0
[  472.077612][ T7919]  ? __pfx___access_remote_vm+0x10/0x10
[  472.077635][ T7919]  ? set_page_refcounted+0xa0/0x1e0
[  472.077659][ T7919]  ? alloc_pages_noprof+0xe4/0x1e0
[  472.077687][ T7919]  proc_pid_cmdline_read+0x433/0x810
[  472.077711][ T7919]  ? __asan_memset+0x22/0x50
[  472.077737][ T7919]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  472.077766][ T7919]  ? rw_verify_area+0x2ac/0x4e0
[  472.077791][ T7919]  vfs_readv+0x5b3/0x850
[  472.077816][ T7919]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  472.077843][ T7919]  ? __pfx_vfs_readv+0x10/0x10
[  472.077884][ T7919]  ? __fget_files+0x2a/0x420
[  472.077912][ T7919]  ? __fget_files+0x3a6/0x420
[  472.077933][ T7919]  ? __fget_files+0x2a/0x420
[  472.077965][ T7919]  __x64_sys_preadv+0x19a/0x2a0
[  472.077991][ T7919]  ? __pfx___x64_sys_preadv+0x10/0x10
[  472.078012][ T7919]  ? rcu_is_watching+0x15/0xb0
[  472.078042][ T7919]  ? do_syscall_64+0xbe/0x3b0
[  472.078069][ T7919]  do_syscall_64+0xfa/0x3b0
[  472.078090][ T7919]  ? lockdep_hardirqs_on+0x9c/0x150
[  472.078110][ T7919]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.078128][ T7919]  ? clear_bhb_loop+0x60/0xb0
[  472.078150][ T7919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.078172][ T7919] RIP: 0033:0x7f13e2acebe9
[  472.078188][ T7919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  472.078203][ T7919] RSP: 002b:00007f13e0cec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  472.078229][ T7919] RAX: ffffffffffffffda RBX: 00007f13e2cf6180 RCX: 00007f13e2acebe9
[  472.078242][ T7919] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000009
[  472.078254][ T7919] RBP: 00007f13e2b51e19 R08: 0000000000000000 R09: 0000000000000000
[  472.078265][ T7919] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000
[  472.078276][ T7919] R13: 00007f13e2cf6218 R14: 00007f13e2cf6180 R15: 00007ffc56118e18
[  472.078307][ T7919]  </TASK>
[  472.998143][ T7920] netlink: 'syz.2.356': attribute type 4 has an invalid length.
[  474.830438][   T59] Bluetooth: hci0: command tx timeout
[  475.192379][ T7921] tty tty1: ldisc open failed (-12), clearing slot 0
[  475.227605][ T1127] bridge_slave_0: left allmulticast mode
[  475.227626][ T1127] bridge_slave_0: left promiscuous mode
[  475.227788][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state
[  477.760629][ T5154] Bluetooth: hci0: command tx timeout
[  478.237653][ T1127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  478.299276][ T1127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  478.320579][ T1127] bond0 (unregistering): Released all slaves
[  478.472266][ T1127] bond0 (unregistering): Released all slaves
[  479.798177][ T7706] chnl_net:caif_netlink_parms(): no params data found
[  481.002259][ T5154] Bluetooth: hci0: command tx timeout
[  482.658333][ T7948] netlink: 28 bytes leftover after parsing attributes in process `syz.4.362'.
[  484.946765][ T5154] Bluetooth: hci0: command tx timeout
[  485.019949][ T1127] tipc: Left network mode
[  485.036809][ T7910] lo speed is unknown, defaulting to 1000
[  487.168352][ T7969] Bluetooth: MGMT ver 1.23
[  491.057108][ T7706] bridge0: port 1(bridge_slave_0) entered blocking state
[  491.057251][ T7706] bridge0: port 1(bridge_slave_0) entered disabled state
[  491.057488][ T7706] bridge_slave_0: entered allmulticast mode
[  491.060254][ T7706] bridge_slave_0: entered promiscuous mode
[  493.163118][ T8000] netlink: 280 bytes leftover after parsing attributes in process `syz.5.373'.
[  493.974685][   T59] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  493.988971][   T59] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  493.990181][   T59] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  493.991339][   T59] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  493.992581][   T59] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  493.997778][ T7992] IPVS: Error joining to the multicast group
[  494.563311][ T8007] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  496.400880][ T1127] hsr_slave_0: left promiscuous mode
[  496.444306][ T1127] hsr_slave_1: left promiscuous mode
[  496.444954][ T1127] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  496.444972][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_0
[  496.461224][ T1127] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  496.462460][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_1
[  496.585064][ T1127] veth1_macvtap: left promiscuous mode
[  496.585186][ T1127] veth0_macvtap: left promiscuous mode
[  496.585484][ T1127] veth1_vlan: left promiscuous mode
[  496.585693][ T1127] veth0_vlan: left promiscuous mode
[  496.706773][   T59] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  496.788515][ T5154] Bluetooth: hci5: command tx timeout
[  498.866913][ T5154] Bluetooth: hci5: command tx timeout
[  501.390203][ T5154] Bluetooth: hci5: command tx timeout
[  501.749744][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  501.749819][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  501.908360][ T8045] netlink: 124 bytes leftover after parsing attributes in process `syz.2.383'.
[  502.000054][ T8045] IPVS: length: 209 != 24
[  503.080358][    C1] vkms_vblank_simulate: vblank timer overrun
[  503.116930][    C1] vkms_vblank_simulate: vblank timer overrun
[  503.333357][    C1] vkms_vblank_simulate: vblank timer overrun
[  503.379973][    C1] vkms_vblank_simulate: vblank timer overrun
[  503.426998][ T5154] Bluetooth: hci5: command tx timeout
[  504.332737][    C1] vkms_vblank_simulate: vblank timer overrun
[  504.605151][    C1] vkms_vblank_simulate: vblank timer overrun
[  504.688746][ T8068] input: syz0 as /devices/virtual/input/input8
[  505.098236][ T1127] team0 (unregistering): Port device team_slave_1 removed
[  505.247137][ T1127] team0 (unregistering): Port device team_slave_0 removed
[  508.180544][ T8003] lo speed is unknown, defaulting to 1000
[  508.248994][ T7910] chnl_net:caif_netlink_parms(): no params data found
[  512.403942][ T7910] bridge0: port 1(bridge_slave_0) entered blocking state
[  512.404081][ T7910] bridge0: port 1(bridge_slave_0) entered disabled state
[  512.404270][ T7910] bridge_slave_0: entered allmulticast mode
[  512.417070][ T7910] bridge_slave_0: entered promiscuous mode
[  512.422052][ T7910] bridge0: port 2(bridge_slave_1) entered blocking state
[  512.422248][ T7910] bridge0: port 2(bridge_slave_1) entered disabled state
[  512.422426][ T7910] bridge_slave_1: entered allmulticast mode
[  512.476781][ T7910] bridge_slave_1: entered promiscuous mode
[  518.644803][ T7910] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  518.966350][ T7910] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  520.009327][ T7910] team0: Port device team_slave_0 added
[  520.042593][ T7910] team0: Port device team_slave_1 added
[  520.130001][ T8137] kvm: kvm [8128]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x800
[  520.187329][ T8137] kvm: kvm [8128]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0
[  520.191688][ T8137] kvm: kvm [8128]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x800
[  526.170126][ T7910] batman_adv: batadv0: Adding interface: batadv_slave_0
[  526.170136][ T7910] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  526.170149][ T7910] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  527.117096][ T7910] batman_adv: batadv0: Adding interface: batadv_slave_1
[  527.117111][ T7910] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  527.117134][ T7910] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  527.124275][ T8003] chnl_net:caif_netlink_parms(): no params data found
[  527.259973][ T8154] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  531.502530][ T1127] IPVS: stop unused estimator thread 0...
[  532.950218][ T8003] bridge0: port 1(bridge_slave_0) entered blocking state
[  532.950503][ T8003] bridge0: port 1(bridge_slave_0) entered disabled state
[  532.950750][ T8003] bridge_slave_0: entered allmulticast mode
[  532.987230][ T8003] bridge_slave_0: entered promiscuous mode
[  533.010487][ T8003] bridge0: port 2(bridge_slave_1) entered blocking state
[  533.010649][ T8003] bridge0: port 2(bridge_slave_1) entered disabled state
[  533.010851][ T8003] bridge_slave_1: entered allmulticast mode
[  533.013448][ T8003] bridge_slave_1: entered promiscuous mode
[  533.020527][   T59] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  533.032931][   T59] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  533.034230][   T59] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  533.037564][   T59] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  533.038268][   T59] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  533.484883][ T8198] netlink: 56 bytes leftover after parsing attributes in process `syz.5.414'.
[  533.703617][ T8196] trusted_key: syz.5.414 sent an empty control message without MSG_MORE.
[  533.837580][ T8197] veth1_macvtap: left promiscuous mode
[  533.837601][ T8197] macsec0: entered promiscuous mode
[  533.837612][ T8197] macsec0: entered allmulticast mode
[  534.370451][ T8003] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  534.390760][ T8003] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  534.863922][ T1127] bridge_slave_0: left allmulticast mode
[  534.863953][ T1127] bridge_slave_0: left promiscuous mode
[  534.864216][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state
[  535.698730][ T5154] Bluetooth: hci1: command tx timeout
[  536.230700][ T8209] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  536.306987][ T8209] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  536.421942][ T1127] bridge_slave_1: left allmulticast mode
[  536.421973][ T1127] bridge_slave_1: left promiscuous mode
[  536.422230][ T1127] bridge0: port 2(bridge_slave_1) entered disabled state
[  536.480035][ T1127] bridge_slave_0: left allmulticast mode
[  536.480069][ T1127] bridge_slave_0: left promiscuous mode
[  536.480346][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state
[  536.551807][ T1127] bridge_slave_0: left allmulticast mode
[  536.551839][ T1127] bridge_slave_0: left promiscuous mode
[  536.552106][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state
[  536.714095][ T8216] netlink: 12 bytes leftover after parsing attributes in process `syz.2.420'.
[  536.715772][ T8216] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  536.955563][ T1127] bond0 (unregistering): Released all slaves
[  537.751135][ T5154] Bluetooth: hci1: command tx timeout
[  538.428917][ T1127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  538.777450][ T1127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  538.840818][ T1127] bond0 (unregistering): Released all slaves
[  539.990574][ T5154] Bluetooth: hci1: command tx timeout
[  540.085124][ T1127] bond0 (unregistering): Released all slaves
[  540.129669][ T8224] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-": -EINTR
[  545.795735][ T5154] Bluetooth: hci1: command tx timeout
[  546.083698][ T8240] 8021q: adding VLAN 0 to HW filter on device bond0
[  546.091888][ T8240] bond0: (slave rose0): Enslaving as an active interface with an up link
[  546.418831][ T8003] team0: Port device team_slave_0 added
[  546.421738][ T8193] lo speed is unknown, defaulting to 1000
[  548.187459][ T8255] 9pnet_fd: Insufficient options for proto=fd
[  548.613832][ T8003] team0: Port device team_slave_1 added
[  550.080390][ T8263] sctp: failed to load transform for md5: -2
[  550.789327][ T8277] tmpfs: Unsupported parameter 'huge'
[  550.821577][ T8003] batman_adv: batadv0: Adding interface: batadv_slave_0
[  550.821587][ T8003] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  550.821600][ T8003] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  550.948789][ T8003] batman_adv: batadv0: Adding interface: batadv_slave_1
[  550.948804][ T8003] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  550.948827][ T8003] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  554.146683][    C0] vkms_vblank_simulate: vblank timer overrun
[  554.520995][    C0] vkms_vblank_simulate: vblank timer overrun
[  554.606917][    C0] vkms_vblank_simulate: vblank timer overrun
[  555.050244][    C0] vkms_vblank_simulate: vblank timer overrun
[  555.445798][   T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  555.479424][   T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  555.482435][   T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  555.484180][   T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  555.493389][   T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  555.696495][ T8300] netlink: 68 bytes leftover after parsing attributes in process `syz.5.438'.
[  555.866308][    C0] vkms_vblank_simulate: vblank timer overrun
[  556.213989][    C0] vkms_vblank_simulate: vblank timer overrun
[  556.682506][ T8308] netlink: 20 bytes leftover after parsing attributes in process `syz.5.440'.
[  557.591775][   T59] Bluetooth: hci0: command tx timeout
[  557.742528][ T8295] lo speed is unknown, defaulting to 1000
[  557.916723][    C0] vkms_vblank_simulate: vblank timer overrun
[  557.946381][    C0] vkms_vblank_simulate: vblank timer overrun
[  558.173986][    C0] vkms_vblank_simulate: vblank timer overrun
[  558.651435][ T8193] chnl_net:caif_netlink_parms(): no params data found
[  560.082438][   T59] Bluetooth: hci0: command tx timeout
[  560.220835][ T8319] netlink: 20 bytes leftover after parsing attributes in process `syz.4.442'.
[  565.978405][   T59] Bluetooth: hci0: command tx timeout
[  566.001108][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  566.001381][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  568.063729][ T5154] Bluetooth: hci0: command tx timeout
[  568.201861][ T8354] ubi31: attaching mtd0
[  568.275854][ T8354] ubi31: scanning is finished
[  568.275900][ T8354] ubi31: empty MTD device detected
[  568.864106][ T8354] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  568.864129][ T8354] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  568.864156][ T8354] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  568.864170][ T8354] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  568.864184][ T8354] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  568.864198][ T8354] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  568.864213][ T8354] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1454473713
[  568.864230][ T8354] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  568.865391][ T8360] ubi31: background thread "ubi_bgt31d" started, PID 8360
[  569.739577][ T8193] bridge0: port 1(bridge_slave_0) entered blocking state
[  569.739715][ T8193] bridge0: port 1(bridge_slave_0) entered disabled state
[  569.740071][ T8193] bridge_slave_0: entered allmulticast mode
[  569.960596][ T8193] bridge_slave_0: entered promiscuous mode
[  569.968868][ T8193] bridge0: port 2(bridge_slave_1) entered blocking state
[  569.969067][ T8193] bridge0: port 2(bridge_slave_1) entered disabled state
[  569.969252][ T8193] bridge_slave_1: entered allmulticast mode
[  569.978135][ T8193] bridge_slave_1: entered promiscuous mode
[  574.151853][ T8388] ubi: mtd0 is already attached to ubi31
[  574.829248][ T8193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  574.831016][ T8295] chnl_net:caif_netlink_parms(): no params data found
[  574.884786][ T8193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  577.949283][ T8193] team0: Port device team_slave_0 added
[  578.008811][ T8193] team0: Port device team_slave_1 added
[  580.399449][ T8424] netlink: 16 bytes leftover after parsing attributes in process `syz.2.464'.
[  580.399476][ T8424] netlink: 16 bytes leftover after parsing attributes in process `syz.2.464'.
[  582.186988][ T8193] batman_adv: batadv0: Adding interface: batadv_slave_0
[  582.187003][ T8193] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  582.187026][ T8193] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  582.479736][ T8193] batman_adv: batadv0: Adding interface: batadv_slave_1
[  582.479751][ T8193] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  582.479773][ T8193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  582.480745][ T8295] bridge0: port 1(bridge_slave_0) entered blocking state
[  582.480969][ T8295] bridge0: port 1(bridge_slave_0) entered disabled state
[  582.481159][ T8295] bridge_slave_0: entered allmulticast mode
[  582.484517][ T8295] bridge_slave_0: entered promiscuous mode
[  582.986377][ T8441] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  583.644388][ T8440] netlink: 'syz.4.467': attribute type 10 has an invalid length.
[  583.689977][ T8295] bridge0: port 2(bridge_slave_1) entered blocking state
[  583.690981][ T8295] bridge0: port 2(bridge_slave_1) entered disabled state
[  583.709328][ T8295] bridge_slave_1: entered allmulticast mode
[  583.894959][ T8295] bridge_slave_1: entered promiscuous mode
[  584.882502][ T8440] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  590.329306][ T8295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  590.380703][ T8295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  590.428673][ T8482] binfmt_misc: register: failed to install interpreter file ./file0
[  595.209538][ T8295] team0: Port device team_slave_0 added
[  595.238456][ T8295] team0: Port device team_slave_1 added
[  595.842474][ T8510] block nbd0: server does not support multiple connections per device.
[  595.862365][ T8510] block nbd0: shutting down sockets
[  595.889518][   T59] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  595.921236][   T59] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  595.922558][   T59] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  595.925911][   T59] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  595.930295][   T59] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  598.367452][   T59] Bluetooth: hci5: command tx timeout
[  603.006309][   T59] Bluetooth: hci5: command tx timeout
[  605.160473][   T59] Bluetooth: hci5: command tx timeout
[  605.785352][ T6318] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  606.127323][ T6318] usb 5-1: Using ep0 maxpacket: 32
[  606.617142][ T6318] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  606.617192][ T6318] usb 5-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  606.617212][ T6318] usb 5-1: config 0 interface 0 has no altsetting 0
[  606.662597][ T6318] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  606.662624][ T6318] usb 5-1: New USB device strings: Mfr=229, Product=1, SerialNumber=3
[  606.662641][ T6318] usb 5-1: Product: syz
[  606.662653][ T6318] usb 5-1: Manufacturer: syz
[  606.662665][ T6318] usb 5-1: SerialNumber: syz
[  606.703486][ T6318] usb 5-1: config 0 descriptor??
[  606.713671][ T6318] gs_usb 5-1:0.0: Required endpoints not found
[  607.118308][ T8295] batman_adv: batadv0: Adding interface: batadv_slave_0
[  607.118324][ T8295] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  607.118347][ T8295] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  607.228776][   T59] Bluetooth: hci5: command tx timeout
[  607.278451][ T1127] bridge_slave_1: left allmulticast mode
[  607.278581][ T1127] bridge_slave_1: left promiscuous mode
[  607.305504][ T1127] bridge0: port 2(bridge_slave_1) entered disabled state
[  607.363643][ T8563] netlink: 8 bytes leftover after parsing attributes in process `syz.5.495'.
[  607.418782][ T6318] usb 5-1: USB disconnect, device number 3
[  607.546728][ T8564] netlink: 68 bytes leftover after parsing attributes in process `syz.5.495'.
[  607.673660][ T8566] netlink: 'syz.5.495': attribute type 1 has an invalid length.
[  607.673845][ T8566] netlink: 4 bytes leftover after parsing attributes in process `syz.5.495'.
[  610.501345][ T1127] bridge_slave_0: left allmulticast mode
[  610.501374][ T1127] bridge_slave_0: left promiscuous mode
[  610.501635][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state
[  610.582656][ T1127] bridge_slave_1: left allmulticast mode
[  610.582689][ T1127] bridge_slave_1: left promiscuous mode
[  610.585318][ T1127] bridge0: port 2(bridge_slave_1) entered disabled state
[  610.654369][ T1127] bridge_slave_0: left allmulticast mode
[  610.654399][ T1127] bridge_slave_0: left promiscuous mode
[  610.654644][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state
[  611.116894][ T8582] netlink: 16 bytes leftover after parsing attributes in process `syz.4.498'.
[  613.949245][ T1127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  615.089808][ T1127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  615.295807][ T8599] Device name cannot be null; rc = [-22]
[  616.112884][ T1127] bond0 (unregistering): Released all slaves
[  616.148444][ T5154] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  616.253587][ T5154] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  616.304674][ T5154] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  616.309087][ T5154] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  616.310421][ T5154] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  616.713852][ T1127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  616.837871][ T1127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  616.942367][ T1127] bond0 (unregistering): Released all slaves
[  617.341514][ T8295] batman_adv: batadv0: Adding interface: batadv_slave_1
[  617.341529][ T8295] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  617.341552][ T8295] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  617.581139][ T8601] lo speed is unknown, defaulting to 1000
[  617.648577][ T8511] lo speed is unknown, defaulting to 1000
[  618.274173][ T8619] tipc: Started in network mode
[  618.274201][ T8619] tipc: Node identity ac14140f, cluster identity 4711
[  618.276147][ T8619] tipc: New replicast peer: 255.255.255.255
[  618.326695][ T8619] tipc: Enabled bearer <udp:syz2>, priority 10
[  618.386717][ T5154] Bluetooth: hci1: command tx timeout
[  618.684280][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_0
[  618.833853][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_1
[  618.926497][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_0
[  619.380329][ T5915] tipc: Node number set to 2886997007
[  620.126780][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_1
[  620.468597][ T5154] Bluetooth: hci1: command tx timeout
[  620.847471][ T1127] team0 (unregistering): Port device team_slave_1 removed
[  621.052936][ T1127] team0 (unregistering): Port device team_slave_0 removed
[  621.221599][ T8642] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  622.546802][ T5154] Bluetooth: hci1: command tx timeout
[  623.292704][ T8644] netlink: 8 bytes leftover after parsing attributes in process `syz.4.514'.
[  624.195974][ T1127] team0 (unregistering): Port device team_slave_1 removed
[  624.310399][ T1127] team0 (unregistering): Port device team_slave_0 removed
[  624.357400][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  624.357480][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  624.858763][ T5154] Bluetooth: hci1: command tx timeout
[  625.097829][    C0] vkms_vblank_simulate: vblank timer overrun
[  625.139369][    C0] vkms_vblank_simulate: vblank timer overrun
[  638.726625][ T8689] netlink: 20 bytes leftover after parsing attributes in process `syz.2.525'.
[  640.122810][ T8511] chnl_net:caif_netlink_parms(): no params data found
[  640.692827][ T8698] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  640.692847][ T8698] overlayfs: failed to set xattr on upper
[  640.692851][ T8698] overlayfs: ...falling back to index=off.
[  640.692855][ T8698] overlayfs: ...falling back to uuid=null.
[  640.807468][ T6086] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  640.810703][ T6086] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  640.842168][ T6086] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  640.845665][ T6125] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  641.137916][ T8601] chnl_net:caif_netlink_parms(): no params data found
[  641.747311][ T8718] input: syz1 as /devices/virtual/input/input9
[  642.757578][ T8724] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  648.484967][ T8511] bridge0: port 1(bridge_slave_0) entered blocking state
[  648.485101][ T8511] bridge0: port 1(bridge_slave_0) entered disabled state
[  648.485309][ T8511] bridge_slave_0: entered allmulticast mode
[  648.528089][ T8511] bridge_slave_0: entered promiscuous mode
[  648.755671][ T8511] bridge0: port 2(bridge_slave_1) entered blocking state
[  648.755779][ T8511] bridge0: port 2(bridge_slave_1) entered disabled state
[  648.755941][ T8511] bridge_slave_1: entered allmulticast mode
[  648.761001][ T8511] bridge_slave_1: entered promiscuous mode
[  649.088695][ T8741] netlink: 168 bytes leftover after parsing attributes in process `syz.4.536'.
[  650.127979][ T8741] (unnamed net_device) (uninitialized): peer notification delay (9) is not a multiple of miimon (5), value rounded to 5 ms
[  650.128428][ T8741] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  650.300326][ T8738] Invalid source name
[  654.956883][ T8601] bridge0: port 1(bridge_slave_0) entered blocking state
[  654.957026][ T8601] bridge0: port 1(bridge_slave_0) entered disabled state
[  654.957230][ T8601] bridge_slave_0: entered allmulticast mode
[  654.989057][ T8601] bridge_slave_0: entered promiscuous mode
[  655.217013][ T8601] bridge0: port 2(bridge_slave_1) entered blocking state
[  655.217152][ T8601] bridge0: port 2(bridge_slave_1) entered disabled state
[  655.217394][ T8601] bridge_slave_1: entered allmulticast mode
[  655.220110][ T8601] bridge_slave_1: entered promiscuous mode
[  656.419491][ T8775] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  658.690028][   T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  658.708209][   T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  658.709581][   T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  658.711352][   T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  658.712654][   T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  661.139612][   T59] Bluetooth: hci0: command tx timeout
[  661.154172][ T8601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  661.272341][ T8793] 9pnet_fd: Insufficient options for proto=fd
[  661.326416][ T8601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  662.378485][ T8800] netlink: 'syz.5.549': attribute type 4 has an invalid length.
[  662.378499][ T8800] netlink: 152 bytes leftover after parsing attributes in process `syz.5.549'.
[  662.381682][ T8800] : renamed from bond0 (while UP)
[  663.201929][   T59] Bluetooth: hci0: command tx timeout
[  664.129475][ T8820] Bluetooth: MGMT ver 1.23
[  665.422488][   T59] Bluetooth: hci0: command tx timeout
[  665.526479][ T8601] team0: Port device team_slave_0 added
[  665.562562][ T8784] lo speed is unknown, defaulting to 1000
[  665.573082][ T8601] team0: Port device team_slave_1 added
[  667.440867][   T59] Bluetooth: hci0: command tx timeout
[  672.444688][ T8601] batman_adv: batadv0: Adding interface: batadv_slave_0
[  672.444704][ T8601] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  672.444729][ T8601] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  674.387077][ T8601] batman_adv: batadv0: Adding interface: batadv_slave_1
[  674.387093][ T8601] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  674.387119][ T8601] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  674.450853][ T1127] bridge_slave_1: left allmulticast mode
[  674.450885][ T1127] bridge_slave_1: left promiscuous mode
[  674.459151][ T1127] bridge0: port 2(bridge_slave_1) entered disabled state
[  675.309208][ T8868] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[  675.630694][ T1127] bridge_slave_0: left allmulticast mode
[  675.630728][ T1127] bridge_slave_0: left promiscuous mode
[  675.632469][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state
[  676.140892][ T1127] bridge_slave_1: left allmulticast mode
[  676.140922][ T1127] bridge_slave_1: left promiscuous mode
[  676.141125][ T1127] bridge0: port 2(bridge_slave_1) entered disabled state
[  676.217533][ T1127] bridge_slave_0: left allmulticast mode
[  676.217553][ T1127] bridge_slave_0: left promiscuous mode
[  676.217709][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state
[  676.280868][ T1127] bridge_slave_1: left allmulticast mode
[  676.280899][ T1127] bridge_slave_1: left promiscuous mode
[  676.281134][ T1127] bridge0: port 2(bridge_slave_1) entered disabled state
[  676.322980][ T1127] bridge_slave_0: left allmulticast mode
[  676.322998][ T1127] bridge_slave_0: left promiscuous mode
[  676.323170][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state
[  676.555365][ T1127] bond0 (unregistering): Released all slaves
[  676.737948][ T1127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  676.807313][ T1127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  676.888006][ T1127] bond0 (unregistering): Released all slaves
[  677.358504][ T8880] input: syz1 as /devices/virtual/input/input10
[  677.600891][ T1127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  677.666516][ T5154] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  677.695948][ T5154] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  677.698980][ T1127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  677.705862][ T5154] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  677.709483][ T5154] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  677.710888][ T5154] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  677.752444][ T1127] bond0 (unregistering): Released all slaves
[  677.808207][ T8862] tipc: Started in network mode
[  677.808224][ T8862] tipc: Node identity ac14140f, cluster identity 4711
[  677.808440][ T8862] tipc: New replicast peer: 255.255.255.255
[  677.809196][ T8862] tipc: Enabled bearer <udp:syz2>, priority 10
[  677.880230][ T8864] netlink: 12 bytes leftover after parsing attributes in process `syz.4.567'.
[  677.880250][ T8864] tipc: Disabling bearer <udp:syz2>
[  678.199485][ T8882] lo speed is unknown, defaulting to 1000
[  679.826796][ T5154] Bluetooth: hci5: command tx timeout
[  680.764841][ T8898] sctp: failed to load transform for md5: -4
[  682.012427][ T5154] Bluetooth: hci5: command tx timeout
[  682.428785][ T8918] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  683.521839][ T8925] overlayfs: failed to clone lowerpath
[  684.067048][   T59] Bluetooth: hci5: command tx timeout
[  684.403752][ T8920] Falling back ldisc for ptm0.
[  686.851231][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  686.851307][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  686.853143][   T59] Bluetooth: hci5: command tx timeout
[  689.352459][    C1] vkms_vblank_simulate: vblank timer overrun
[  689.909301][    C1] vkms_vblank_simulate: vblank timer overrun
[  689.933721][ T8957] netlink: 28 bytes leftover after parsing attributes in process `syz.4.586'.
[  690.000415][    C1] vkms_vblank_simulate: vblank timer overrun
[  690.006707][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_0
[  690.074329][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_1
[  690.108588][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_0
[  690.395040][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_1
[  690.887448][ T1127] team0 (unregistering): Port device team_slave_1 removed
[  691.007384][ T1127] team0 (unregistering): Port device team_slave_0 removed
[  691.374614][    C1] vkms_vblank_simulate: vblank timer overrun
[  691.477645][ T1127] team0 (unregistering): Port device team_slave_1 removed
[  691.506209][    C1] vkms_vblank_simulate: vblank timer overrun
[  691.612058][ T1127] team0 (unregistering): Port device team_slave_0 removed
[  692.135347][ T8784] chnl_net:caif_netlink_parms(): no params data found
[  692.425339][    C1] vkms_vblank_simulate: vblank timer overrun
[  693.378518][    C1] vkms_vblank_simulate: vblank timer overrun
[  693.906589][    C1] vkms_vblank_simulate: vblank timer overrun
[  694.200310][    C1] vkms_vblank_simulate: vblank timer overrun
[  694.650485][    C1] vkms_vblank_simulate: vblank timer overrun
[  694.948786][ T8882] chnl_net:caif_netlink_parms(): no params data found
[  695.629613][    C1] vkms_vblank_simulate: vblank timer overrun
[  696.051615][    C1] vkms_vblank_simulate: vblank timer overrun
[  696.702633][ T9003] netlink: 'syz.4.594': attribute type 10 has an invalid length.
[  696.938564][ T9002] loop7: detected capacity change from 0 to 16384
[  697.001138][ T8784] bridge0: port 1(bridge_slave_0) entered blocking state
[  697.001228][ T8784] bridge0: port 1(bridge_slave_0) entered disabled state
[  697.001391][ T8784] bridge_slave_0: entered allmulticast mode
[  697.003086][ T8784] bridge_slave_0: entered promiscuous mode
[  697.298068][ T9003] 8021q: adding VLAN 0 to HW filter on device team0
[  697.299998][ T9003] bond0: (slave team0): Enslaving as an active interface with an up link
[  697.332220][ T8784] bridge0: port 2(bridge_slave_1) entered blocking state
[  697.332295][ T8784] bridge0: port 2(bridge_slave_1) entered disabled state
[  697.332413][ T8784] bridge_slave_1: entered allmulticast mode
[  697.339236][ T8784] bridge_slave_1: entered promiscuous mode
[  699.789304][ T9017] ubi: mtd0 is already attached to ubi31
[  701.043313][ T8784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  701.261182][    C0] vkms_vblank_simulate: vblank timer overrun
[  701.303009][ T8784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  701.303239][ T8882] bridge0: port 1(bridge_slave_0) entered blocking state
[  701.303398][ T8882] bridge0: port 1(bridge_slave_0) entered disabled state
[  701.303576][ T8882] bridge_slave_0: entered allmulticast mode
[  701.305279][ T8882] bridge_slave_0: entered promiscuous mode
[  702.114629][    C0] vkms_vblank_simulate: vblank timer overrun
[  702.194244][    C0] vkms_vblank_simulate: vblank timer overrun
[  702.507466][    C0] vkms_vblank_simulate: vblank timer overrun
[  702.569851][    C0] vkms_vblank_simulate: vblank timer overrun
[  702.713141][ T8882] bridge0: port 2(bridge_slave_1) entered blocking state
[  702.925925][ T8882] bridge0: port 2(bridge_slave_1) entered disabled state
[  702.926073][    C0] vkms_vblank_simulate: vblank timer overrun
[  703.116129][    C0] vkms_vblank_simulate: vblank timer overrun
[  703.417805][ T8882] bridge_slave_1: entered allmulticast mode
[  703.455976][    C0] vkms_vblank_simulate: vblank timer overrun
[  703.456496][ T8882] bridge_slave_1: entered promiscuous mode
[  703.506925][    C0] vkms_vblank_simulate: vblank timer overrun
[  703.715015][   T37] audit: type=1326 audit(1756180526.577:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9040 comm="syz.5.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9484cebe9 code=0x7ffc0000
[  703.735750][   T37] audit: type=1326 audit(1756180526.627:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9040 comm="syz.5.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa9484cebe9 code=0x7ffc0000
[  703.735797][   T37] audit: type=1326 audit(1756180526.627:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9040 comm="syz.5.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9484cebe9 code=0x7ffc0000
[  703.735837][   T37] audit: type=1326 audit(1756180526.627:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9040 comm="syz.5.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fa9484cebe9 code=0x7ffc0000
[  703.735876][   T37] audit: type=1326 audit(1756180526.627:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9040 comm="syz.5.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9484cebe9 code=0x7ffc0000
[  703.735914][   T37] audit: type=1326 audit(1756180526.627:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9040 comm="syz.5.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fa9484cebe9 code=0x7ffc0000
[  703.735960][   T37] audit: type=1326 audit(1756180526.627:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9040 comm="syz.5.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9484cebe9 code=0x7ffc0000
[  703.736179][   T37] audit: type=1326 audit(1756180526.627:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9040 comm="syz.5.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9484cebe9 code=0x7ffc0000
[  703.736221][   T37] audit: type=1326 audit(1756180526.627:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9040 comm="syz.5.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa9484cebe9 code=0x7ffc0000
[  703.736260][   T37] audit: type=1326 audit(1756180526.627:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9040 comm="syz.5.604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9484cebe9 code=0x7ffc0000
[  704.023575][    C0] vkms_vblank_simulate: vblank timer overrun
[  704.891365][    C0] vkms_vblank_simulate: vblank timer overrun
[  706.075684][    C0] vkms_vblank_simulate: vblank timer overrun
[  706.175119][ T8784] team0: Port device team_slave_0 added
[  706.392459][ T8784] team0: Port device team_slave_1 added
[  706.401296][ T8882] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  706.626322][ T8882] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  707.818580][    C0] vkms_vblank_simulate: vblank timer overrun
[  708.381324][ T9080] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  708.738607][ T8784] batman_adv: batadv0: Adding interface: batadv_slave_0
[  708.738619][ T8784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  708.738633][ T8784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  709.152691][ T8784] batman_adv: batadv0: Adding interface: batadv_slave_1
[  709.152707][ T8784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  709.152731][ T8784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  710.495373][ T8882] team0: Port device team_slave_0 added
[  710.780802][ T8882] team0: Port device team_slave_1 added
[  711.460184][ T9100] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  712.922721][ T9094] syz.4.616 (9094): drop_caches: 2
[  714.182343][ T9114] netlink: 'syz.4.618': attribute type 2 has an invalid length.
[  714.182365][ T9114] netlink: 'syz.4.618': attribute type 1 has an invalid length.
[  714.182676][ T9114] netlink: 8 bytes leftover after parsing attributes in process `syz.4.618'.
[  714.317867][ T8882] batman_adv: batadv0: Adding interface: batadv_slave_0
[  714.317882][ T8882] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  714.317905][ T8882] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  714.320251][ T8882] batman_adv: batadv0: Adding interface: batadv_slave_1
[  714.320263][ T8882] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  714.320286][ T8882] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  716.609125][ T5154] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  716.614058][ T5154] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  716.615442][ T5154] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  716.641158][ T5154] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  716.642004][ T5154] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  718.035358][ T8882] hsr_slave_0: entered promiscuous mode
[  718.076839][ T8882] hsr_slave_1: entered promiscuous mode
[  719.118420][ T5154] Bluetooth: hci1: command tx timeout
[  720.767866][ T9155] capability: warning: `syz.2.626' uses 32-bit capabilities (legacy support in use)
[  721.393901][ T9157] binder: 9152:9157 ioctl c0306201 0 returned -14
[  721.452710][ T1127] bridge_slave_1: left allmulticast mode
[  721.455810][ T1127] bridge_slave_1: left promiscuous mode
[  721.456082][ T1127] bridge0: port 2(bridge_slave_1) entered disabled state
[  722.262460][   T59] Bluetooth: hci1: command tx timeout
[  722.778549][ T1127] bridge_slave_0: left allmulticast mode
[  722.778580][ T1127] bridge_slave_0: left promiscuous mode
[  722.778840][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state
[  725.404842][   T59] Bluetooth: hci1: command tx timeout
[  725.867138][ T9176] netlink: 4 bytes leftover after parsing attributes in process `syz.2.631'.
[  726.494030][ T9178] ubi: mtd0 is already attached to ubi31
[  726.587495][ T1127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  727.128695][    C1] vkms_vblank_simulate: vblank timer overrun
[  727.197023][ T1127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  727.427046][   T59] Bluetooth: hci1: command tx timeout
[  727.433116][    C1] vkms_vblank_simulate: vblank timer overrun
[  727.512874][ T1127] bond0 (unregistering): Released all slaves
[  727.683907][ T9192] overlayfs: overlapping lowerdir path
[  727.688747][    C1] vkms_vblank_simulate: vblank timer overrun
[  727.887417][ T9193] netlink: 4 bytes leftover after parsing attributes in process `syz.4.635'.
[  728.099662][    C1] vkms_vblank_simulate: vblank timer overrun
[  728.325864][    C1] vkms_vblank_simulate: vblank timer overrun
[  728.579483][    C1] vkms_vblank_simulate: vblank timer overrun
[  728.765959][    C1] vkms_vblank_simulate: vblank timer overrun
[  730.048426][    C1] vkms_vblank_simulate: vblank timer overrun
[  730.179530][    C1] vkms_vblank_simulate: vblank timer overrun
[  730.568392][    C1] vkms_vblank_simulate: vblank timer overrun
[  731.078746][ T9207] ubi: mtd0 is already attached to ubi31
[  731.379994][    C1] vkms_vblank_simulate: vblank timer overrun
[  732.171560][    C1] vkms_vblank_simulate: vblank timer overrun
[  732.567892][ T9213] program syz.5.639 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  732.568679][    C1] vkms_vblank_simulate: vblank timer overrun
[  732.641343][    C1] vkms_vblank_simulate: vblank timer overrun
[  732.692233][    C1] vkms_vblank_simulate: vblank timer overrun
[  732.832182][    C1] vkms_vblank_simulate: vblank timer overrun
[  732.907223][    C1] vkms_vblank_simulate: vblank timer overrun
[  733.092345][    C1] vkms_vblank_simulate: vblank timer overrun
[  733.157954][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_0
[  733.413221][    C1] vkms_vblank_simulate: vblank timer overrun
[  733.457504][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_1
[  733.606040][    C1] vkms_vblank_simulate: vblank timer overrun
[  733.639596][    C1] vkms_vblank_simulate: vblank timer overrun
[  737.624652][ T9230] ubi: mtd0 is already attached to ubi31
[  738.182698][ T1127] team0 (unregistering): Port device team_slave_1 removed
[  738.328494][ T9234] netlink: 36 bytes leftover after parsing attributes in process `syz.2.644'.
[  738.328517][ T9234] netlink: 12 bytes leftover after parsing attributes in process `syz.2.644'.
[  738.329893][ T9234] overlayfs: failed to clone upperpath
[  742.251382][ T1127] team0 (unregistering): Port device team_slave_0 removed
[  742.678765][ T9247] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  744.035435][ T5154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  744.058580][ T5154] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  744.060729][ T5154] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  744.062134][ T5154] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  744.062752][ T5154] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  744.529708][ T9256] No source specified
[  745.255134][ T9139] lo speed is unknown, defaulting to 1000
[  746.316699][   T59] Bluetooth: hci0: command tx timeout
[  747.205440][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  747.205511][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  748.399890][   T59] Bluetooth: hci0: command tx timeout
[  748.693768][ T9264] tipc: Failed to remove unknown binding: 66,1,1/2886997007:571105140/571105142
[  748.693804][ T9264] tipc: Failed to remove unknown binding: 66,1,1/2886997007:571105140/571105142
[  748.782968][ T9250] lo speed is unknown, defaulting to 1000
[  750.000773][ T9276] 9pnet: Unknown protocol version 9p
[  750.900363][   T59] Bluetooth: hci0: command tx timeout
[  750.907942][ T9275] tty tty30: ldisc open failed (-12), clearing slot 29
[  752.708613][ T9288] netlink: 28 bytes leftover after parsing attributes in process `syz.2.657'.
[  753.036769][   T59] Bluetooth: hci0: command tx timeout
[  753.420775][ T9297] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  753.423055][ T9297] netlink: 12 bytes leftover after parsing attributes in process `syz.5.658'.
[  753.448279][ T9139] chnl_net:caif_netlink_parms(): no params data found
[  754.697449][ T9305] No source specified
[  757.054052][ T9311] vivid-003: kernel_thread() failed
[  757.234365][ T9316] overlayfs: failed to clone upperpath
[  757.926443][ T9323] genirq: Flags mismatch irq 5. 00202000 (aio_iiro_16) vs. 00202000 (pcl812)
[  760.905428][ T9331] netlink: 8 bytes leftover after parsing attributes in process `syz.5.667'.
[  761.949911][ T9347] No source specified
[  762.501414][ T9139] bridge0: port 1(bridge_slave_0) entered blocking state
[  762.501881][ T9139] bridge0: port 1(bridge_slave_0) entered disabled state
[  762.505956][ T9139] bridge_slave_0: entered allmulticast mode
[  762.589207][ T9139] bridge_slave_0: entered promiscuous mode
[  762.661603][ T9139] bridge0: port 2(bridge_slave_1) entered blocking state
[  762.662024][ T9139] bridge0: port 2(bridge_slave_1) entered disabled state
[  762.662689][ T9139] bridge_slave_1: entered allmulticast mode
[  762.741942][ T9139] bridge_slave_1: entered promiscuous mode
[  763.311274][ T9355] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  764.662975][ T9250] chnl_net:caif_netlink_parms(): no params data found
[  764.921840][ T9369] overlayfs: failed to clone upperpath
[  765.240862][ T9372] Bluetooth: MGMT ver 1.23
[  766.533000][ T9139] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  766.545834][ T9139] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  767.753371][ T9379] netlink: 'syz.2.676': attribute type 4 has an invalid length.
[  767.753393][ T9379] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.676'.
[  768.027011][ T1127] bridge_slave_1: left allmulticast mode
[  768.027043][ T1127] bridge_slave_1: left promiscuous mode
[  768.027292][ T1127] bridge0: port 2(bridge_slave_1) entered disabled state
[  768.101061][ T9384] overlayfs: failed to clone upperpath
[  768.220800][   T37] kauditd_printk_skb: 16 callbacks suppressed
[  768.220819][   T37] audit: type=1800 audit(1756180596.114:31): pid=9384 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.678" name="nullb0" dev="tmpfs" ino=1176 res=0 errno=0
[  768.456957][ T1127] bridge_slave_0: left allmulticast mode
[  768.456983][ T1127] bridge_slave_0: left promiscuous mode
[  768.457174][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state
[  768.613353][ T9391] No source specified
[  769.721281][ T1127] bridge_slave_1: left allmulticast mode
[  769.721314][ T1127] bridge_slave_1: left promiscuous mode
[  769.721563][ T1127] bridge0: port 2(bridge_slave_1) entered disabled state
[  772.758372][ T1127] bridge_slave_0: left allmulticast mode
[  772.758394][ T1127] bridge_slave_0: left promiscuous mode
[  772.758548][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state
[  773.273883][ T1127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  773.400122][ T1127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  773.510698][ T1127] bond0 (unregistering): Released all slaves
[  774.319009][ T1127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  774.407411][ T1127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  774.490506][ T1127] bond0 (unregistering): Released all slaves
[  774.621685][ T5154] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  774.628057][ T5154] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  774.629759][ T5154] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  774.638370][ T5154] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  774.639604][ T5154] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  776.793050][   T59] Bluetooth: hci5: command tx timeout
[  777.013653][ T9425] netlink: 48 bytes leftover after parsing attributes in process `syz.2.688'.
[  777.013682][ T9425] netlink: 32 bytes leftover after parsing attributes in process `syz.2.688'.
[  778.166066][ T9427] netlink: 'syz.2.690': attribute type 9 has an invalid length.
[  779.606697][ T5154] Bluetooth: hci5: command tx timeout
[  780.070482][ T9446] batman_adv: batadv: cannot create tp meter kthread
[  780.645368][ T9250] bridge0: port 1(bridge_slave_0) entered blocking state
[  780.645575][ T9250] bridge0: port 1(bridge_slave_0) entered disabled state
[  780.645796][ T9250] bridge_slave_0: entered allmulticast mode
[  780.671876][ T9250] bridge_slave_0: entered promiscuous mode
[  781.002466][ T1127] hsr_slave_0: left promiscuous mode
[  781.013336][ T9457] netlink: 200 bytes leftover after parsing attributes in process `wޣ�'.
[  781.125317][ T9461] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  781.938201][ T9457] netlink: 12 bytes leftover after parsing attributes in process `wޣ�'.
[  781.940602][   T59] Bluetooth: hci5: command tx timeout
[  781.974025][ T1127] hsr_slave_1: left promiscuous mode
[  781.974926][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_0
[  782.007117][ T6318] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  782.050929][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_1
[  782.087304][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_0
[  782.127507][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_1
[  782.157008][ T6318] usb 5-1: Using ep0 maxpacket: 16
[  782.160239][ T6318] usb 5-1: too many configurations: 29, using maximum allowed: 8
[  782.246075][ T6318] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  782.246093][ T6318] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  782.246102][ T6318] usb 5-1: Product: syz
[  782.246109][ T6318] usb 5-1: Manufacturer: syz
[  782.246116][ T6318] usb 5-1: SerialNumber: syz
[  782.350091][ T6318] r8152-cfgselector 5-1: Unknown version 0x0000
[  782.350121][ T6318] r8152-cfgselector 5-1: config 0 descriptor??
[  782.618476][   T10] r8152-cfgselector 5-1: USB disconnect, device number 4
[  783.251800][ T1127] team0 (unregistering): Port device team_slave_1 removed
[  783.986848][ T5154] Bluetooth: hci5: command tx timeout
[  784.541229][ T1127] team0 (unregistering): Port device team_slave_0 removed
[  784.803986][ T9472] netlink: 79 bytes leftover after parsing attributes in process `syz.4.698'.
[  784.804103][ T9472] netlink: 79 bytes leftover after parsing attributes in process `syz.4.698'.
[  785.007499][    C1] vkms_vblank_simulate: vblank timer overrun
[  785.298954][    C1] vkms_vblank_simulate: vblank timer overrun
[  785.654722][    C1] vkms_vblank_simulate: vblank timer overrun
[  787.276372][    C1] vkms_vblank_simulate: vblank timer overrun
[  787.500527][    C1] vkms_vblank_simulate: vblank timer overrun
[  788.535223][ T1127] team0 (unregistering): Port device team_slave_1 removed
[  788.657122][ T1127] team0 (unregistering): Port device team_slave_0 removed
[  789.342326][ T9250] bridge0: port 2(bridge_slave_1) entered blocking state
[  789.342492][ T9250] bridge0: port 2(bridge_slave_1) entered disabled state
[  789.342684][ T9250] bridge_slave_1: entered allmulticast mode
[  789.345406][ T9250] bridge_slave_1: entered promiscuous mode
[  789.895552][ T9488] netlink: 'syz.4.701': attribute type 10 has an invalid length.
[  789.895656][ T9488] netlink: 40 bytes leftover after parsing attributes in process `syz.4.701'.
[  790.606966][ T9409] lo speed is unknown, defaulting to 1000
[  790.700588][ T9492] mmap: syz.2.702 (9492) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  791.090362][ T9250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  791.095802][ T9250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  792.022469][ T9499] fuse: root generation should be zero
[  793.371115][ T9504] overlayfs: failed to resolve './file0': -2
[  793.426701][ T9506] netlink: 76 bytes leftover after parsing attributes in process `syz.4.705'.
[  793.485038][ T9250] team0: Port device team_slave_0 added
[  793.513613][ T9250] team0: Port device team_slave_1 added
[  793.539961][ T9508] netlink: 44 bytes leftover after parsing attributes in process `syz.5.704'.
[  794.388163][    C1] vkms_vblank_simulate: vblank timer overrun
[  794.669981][    C1] vkms_vblank_simulate: vblank timer overrun
[  794.958242][    C1] vkms_vblank_simulate: vblank timer overrun
[  795.130378][    C1] vkms_vblank_simulate: vblank timer overrun
[  795.796420][    C1] vkms_vblank_simulate: vblank timer overrun
[  795.990645][    C1] vkms_vblank_simulate: vblank timer overrun
[  796.090513][ T9250] batman_adv: batadv0: Adding interface: batadv_slave_0
[  796.090528][ T9250] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  796.090552][ T9250] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  796.119307][ T9250] batman_adv: batadv0: Adding interface: batadv_slave_1
[  796.119321][ T9250] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  796.119345][ T9250] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  796.297373][    C1] vkms_vblank_simulate: vblank timer overrun
[  797.052296][    C1] vkms_vblank_simulate: vblank timer overrun
[  797.155642][    C1] vkms_vblank_simulate: vblank timer overrun
[  797.656787][    C1] vkms_vblank_simulate: vblank timer overrun
[  797.972377][    C1] vkms_vblank_simulate: vblank timer overrun
[  798.227438][    C1] vkms_vblank_simulate: vblank timer overrun
[  798.345596][ T9250] hsr_slave_0: entered promiscuous mode
[  798.364174][ T9250] hsr_slave_1: entered promiscuous mode
[  798.429611][    C1] vkms_vblank_simulate: vblank timer overrun
[  798.577733][    C1] vkms_vblank_simulate: vblank timer overrun
[  798.929900][    C1] vkms_vblank_simulate: vblank timer overrun
[  799.482877][ T9409] chnl_net:caif_netlink_parms(): no params data found
[  799.979456][ T9550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.713'.
[  800.486460][ T9552] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.713'.
[  800.873414][   T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  800.904068][   T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  800.906031][   T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  800.917472][   T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  800.918259][   T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  802.176466][ T9566] Invalid logical block size (8192)
[  802.613039][ T9570] option changes via remount are deprecated (pid=9568 comm=syz.4.718)
[  802.845344][ T9409] bridge0: port 1(bridge_slave_0) entered blocking state
[  802.845424][ T9409] bridge0: port 1(bridge_slave_0) entered disabled state
[  802.845604][ T9409] bridge_slave_0: entered allmulticast mode
[  802.868441][ T9409] bridge_slave_0: entered promiscuous mode
[  802.871495][ T9409] bridge0: port 2(bridge_slave_1) entered blocking state
[  802.871624][ T9409] bridge0: port 2(bridge_slave_1) entered disabled state
[  802.871811][ T9409] bridge_slave_1: entered allmulticast mode
[  802.874448][ T9409] bridge_slave_1: entered promiscuous mode
[  802.946659][   T59] Bluetooth: hci0: command tx timeout
[  803.639247][ T9579] netlink: 'syz.4.719': attribute type 2 has an invalid length.
[  805.026891][   T59] Bluetooth: hci0: command tx timeout
[  805.373368][    C1] vkms_vblank_simulate: vblank timer overrun
[  805.812679][    C1] vkms_vblank_simulate: vblank timer overrun
[  806.769083][ T9409] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  806.788923][ T9409] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  806.900297][    C1] vkms_vblank_simulate: vblank timer overrun
[  807.102432][    C1] vkms_vblank_simulate: vblank timer overrun
[  807.131644][   T59] Bluetooth: hci0: command tx timeout
[  807.471769][    C1] vkms_vblank_simulate: vblank timer overrun
[  807.616697][    C1] vkms_vblank_simulate: vblank timer overrun
[  807.809356][   T12] bridge_slave_1: left allmulticast mode
[  807.809379][   T12] bridge_slave_1: left promiscuous mode
[  807.809549][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  808.028193][    C1] vkms_vblank_simulate: vblank timer overrun
[  808.913102][    C1] vkms_vblank_simulate: vblank timer overrun
[  808.944535][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  808.944623][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  809.083581][    C1] vkms_vblank_simulate: vblank timer overrun
[  809.174820][ T9606] fuse: Unknown parameter ''
[  809.243599][   T59] Bluetooth: hci0: command tx timeout
[  809.258497][   T12] bridge_slave_0: left allmulticast mode
[  809.258525][   T12] bridge_slave_0: left promiscuous mode
[  809.258807][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  809.479133][   T12] bridge_slave_1: left allmulticast mode
[  809.479156][   T12] bridge_slave_1: left promiscuous mode
[  809.479305][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  809.548261][   T12] bridge_slave_0: left allmulticast mode
[  809.548282][   T12] bridge_slave_0: left promiscuous mode
[  809.548462][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  809.929709][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  810.330254][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  810.789494][   T12] bond0 (unregistering): Released all slaves
[  812.172154][    C0] vkms_vblank_simulate: vblank timer overrun
[  812.187518][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  812.663837][ T9626] netlink: 'syz.5.729': attribute type 1 has an invalid length.
[  813.070259][    C0] vkms_vblank_simulate: vblank timer overrun
[  813.128334][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  813.172198][   T12] bond0 (unregistering): Released all slaves
[  813.312594][ T9624] tipc: Enabled bearer <eth:vlan0>, priority 10
[  813.392045][    C0] vkms_vblank_simulate: vblank timer overrun
[  814.753398][ T9409] team0: Port device team_slave_0 added
[  814.753878][ T9557] lo speed is unknown, defaulting to 1000
[  814.888926][ T9409] team0: Port device team_slave_1 added
[  815.498585][    C0] vkms_vblank_simulate: vblank timer overrun
[  815.673741][    C0] vkms_vblank_simulate: vblank timer overrun
[  815.999388][    C0] vkms_vblank_simulate: vblank timer overrun
[  816.074497][    C0] vkms_vblank_simulate: vblank timer overrun
[  816.140913][    C0] vkms_vblank_simulate: vblank timer overrun
[  816.328454][    C0] vkms_vblank_simulate: vblank timer overrun
[  820.712054][ T9654] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[9654]
[  821.737532][ T9409] batman_adv: batadv0: Adding interface: batadv_slave_0
[  821.737548][ T9409] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  821.737573][ T9409] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  821.777512][ T9409] batman_adv: batadv0: Adding interface: batadv_slave_1
[  821.777527][ T9409] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  821.777552][ T9409] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  822.070392][   T12] hsr_slave_0: left promiscuous mode
[  822.205852][   T37] audit: type=1326 audit(1756180650.104:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9656 comm="syz.5.736" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa9484cebe9 code=0x0
[  824.212663][ T9665] netlink: 'syz.4.737': attribute type 7 has an invalid length.
[  824.495503][   T12] hsr_slave_1: left promiscuous mode
[  824.543333][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  825.293235][ T9660] overlayfs: failed to clone upperpath
[  825.647703][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  826.050886][ T9674] input: syz0 as /devices/virtual/input/input11
[  828.465229][ T9689] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  828.465727][ T9689] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  828.467858][ T9689] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  828.468555][ T9689] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[  828.469048][ T9689] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  828.469566][ T9689] comedi comedi3: 8255: I/O port conflict (0x3ff,4)
[  828.471620][ T9689] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  828.472138][ T9689] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  828.472619][ T9689] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  828.478815][ T9689] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  828.479118][ T9689] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  828.479629][ T9689] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  828.480675][ T9689] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4)
[  828.481187][ T9689] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4)
[  830.223983][   T12] team0 (unregistering): Port device team_slave_1 removed
[  830.369677][   T12] team0 (unregistering): Port device team_slave_0 removed
[  831.468530][ T9666] netlink: 16 bytes leftover after parsing attributes in process `syz.4.737'.
[  831.594325][ T9703] netlink: 44 bytes leftover after parsing attributes in process `syz.2.746'.
[  831.645658][ T9704] netlink: 'syz.5.747': attribute type 7 has an invalid length.
[  831.645677][ T9704] netlink: 'syz.5.747': attribute type 8 has an invalid length.
[  831.882857][ T9706] Device name cannot be null; rc = [-22]
[  831.972286][ T9709] openvswitch: netlink: Flow key attr not present in new flow.
[  832.002283][ T9709] Invalid source name
[  832.002323][ T9709] UBIFS error (pid: 9709): cannot open "./file0", error -22
[  834.042451][ T9557] chnl_net:caif_netlink_parms(): no params data found
[  839.477342][    C1] vkms_vblank_simulate: vblank timer overrun
[  839.814756][    C1] vkms_vblank_simulate: vblank timer overrun
[  839.839510][ T5154] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  840.065997][    C1] vkms_vblank_simulate: vblank timer overrun
[  840.482362][    C1] vkms_vblank_simulate: vblank timer overrun
[  840.503866][ T5154] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  840.569661][    C1] vkms_vblank_simulate: vblank timer overrun
[  840.612713][ T9557] bridge0: port 1(bridge_slave_0) entered blocking state
[  840.630504][ T9557] bridge0: port 1(bridge_slave_0) entered disabled state
[  840.635129][ T9557] bridge_slave_0: entered allmulticast mode
[  840.903836][    C1] vkms_vblank_simulate: vblank timer overrun
[  840.918204][ T9557] bridge_slave_0: entered promiscuous mode
[  840.921808][ T9557] bridge0: port 2(bridge_slave_1) entered blocking state
[  840.922043][ T9557] bridge0: port 2(bridge_slave_1) entered disabled state
[  840.922228][ T9557] bridge_slave_1: entered allmulticast mode
[  840.925007][ T9557] bridge_slave_1: entered promiscuous mode
[  840.986742][ T5154] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  841.018242][    C1] vkms_vblank_simulate: vblank timer overrun
[  841.067962][ T5154] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  841.072812][ T5154] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  841.129319][    C1] vkms_vblank_simulate: vblank timer overrun
[  841.947826][    C1] vkms_vblank_simulate: vblank timer overrun
[  842.217942][    C1] vkms_vblank_simulate: vblank timer overrun
[  842.417094][    C1] vkms_vblank_simulate: vblank timer overrun
[  842.951105][    C1] vkms_vblank_simulate: vblank timer overrun
[  843.087681][    C1] vkms_vblank_simulate: vblank timer overrun
[  843.120574][ T9557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  843.227001][ T5154] Bluetooth: hci1: command tx timeout
[  843.423880][ T9557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  843.595952][    C1] vkms_vblank_simulate: vblank timer overrun
[  843.750327][    C1] vkms_vblank_simulate: vblank timer overrun
[  844.039559][    C1] vkms_vblank_simulate: vblank timer overrun
[  844.354658][    C1] vkms_vblank_simulate: vblank timer overrun
[  845.266834][ T5154] Bluetooth: hci1: command tx timeout
[  847.350033][ T5154] Bluetooth: hci1: command tx timeout
[  850.345946][ T5154] Bluetooth: hci1: command tx timeout
[  850.618120][ T9770] program syz.5.759 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  850.843751][ T9739] lo speed is unknown, defaulting to 1000
[  851.294546][ T9557] team0: Port device team_slave_0 added
[  851.374772][ T9557] team0: Port device team_slave_1 added
[  852.799248][ T9773] netlink: 8 bytes leftover after parsing attributes in process `syz.4.760'.
[  852.799265][ T9773] netlink: 8 bytes leftover after parsing attributes in process `syz.4.760'.
[  852.966108][ T9782] random: crng reseeded on system resumption
[  854.833371][ T9797] nbd_handle_cmd: 2 callbacks suppressed
[  854.833455][ T9797] block nbd5: Attempted send on invalid socket
[  854.833530][ T9797] blk_print_req_error: 2 callbacks suppressed
[  854.833573][ T9797] I/O error, dev nbd5, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 1
[  854.839107][ T9797] EXT4-fs (nbd5): unable to read superblock
[  854.939403][ T9798] No control pipe specified
[  855.606231][   T12] bridge_slave_1: left allmulticast mode
[  855.606267][   T12] bridge_slave_1: left promiscuous mode
[  855.606606][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  856.967637][   T12] bridge_slave_0: left allmulticast mode
[  856.967663][   T12] bridge_slave_0: left promiscuous mode
[  856.967863][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  857.553861][ T5850] IPVS: starting estimator thread 0...
[  857.614739][ T9809] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  857.642277][ T9806] IPVS: using max 8 ests per chain, 19200 per kthread
[  857.835398][ T9812] netlink: 8 bytes leftover after parsing attributes in process `syz.5.768'.
[  857.835422][ T9812] netlink: 8 bytes leftover after parsing attributes in process `syz.5.768'.
[  859.743556][ T9824] ubi: mtd0 is already attached to ubi31
[  860.264183][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  861.599802][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  861.987229][   T12] bond0 (unregistering): Released all slaves
[  863.148272][ T9557] batman_adv: batadv0: Adding interface: batadv_slave_0
[  863.148289][ T9557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  863.148312][ T9557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  863.259736][ T9834] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  863.551959][ T9840] netlink: 14 bytes leftover after parsing attributes in process `syz.5.775'.
[  863.830173][   T59] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  864.003348][   T59] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  864.021059][   T59] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  864.024004][   T59] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  864.577467][   T59] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  864.916976][ T9839] ALSA: mixer_oss: invalid OSS volume ''
[  866.937044][   T59] Bluetooth: hci5: command tx timeout
[  869.242591][   T59] Bluetooth: hci5: command tx timeout
[  870.340121][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  870.340196][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  870.681754][ T9840]  (unregistering): Released all slaves
[  870.822314][ T9841] ipvlan0: entered allmulticast mode
[  870.822337][ T9841] veth0_vlan: entered allmulticast mode
[  871.086020][ T9875] netlink: 8 bytes leftover after parsing attributes in process `syz.4.781'.
[  871.086038][ T9875] netlink: 8 bytes leftover after parsing attributes in process `syz.4.781'.
[  871.277935][   T59] Bluetooth: hci5: command tx timeout
[  871.971974][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  872.481109][ T9886] block nbd4: Attempted send on invalid socket
[  872.481126][ T9886] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  872.481336][ T9886] (syz.4.783,9886,1):ocfs2_get_sector:1714 ERROR: status = -5
[  872.481356][ T9886] (syz.4.783,9886,1):ocfs2_sb_probe:753 ERROR: status = -5
[  872.481366][ T9886] (syz.4.783,9886,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  872.481384][ T9886] (syz.4.783,9886,1):ocfs2_fill_super:1177 ERROR: status = -5
[  872.494345][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  873.027114][ T9898] No source specified
[  873.374305][   T59] Bluetooth: hci5: command tx timeout
[  873.777897][   T37] audit: type=1326 audit(1756180701.674:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.2.785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  873.777945][   T37] audit: type=1326 audit(1756180701.684:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.2.785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  873.941964][   T37] audit: type=1326 audit(1756180701.734:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.2.785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  873.942017][   T37] audit: type=1326 audit(1756180701.734:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.2.785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  873.942057][   T37] audit: type=1326 audit(1756180701.744:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.2.785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  873.942096][   T37] audit: type=1326 audit(1756180701.744:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.2.785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  873.942135][   T37] audit: type=1326 audit(1756180701.744:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.2.785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  873.942172][   T37] audit: type=1326 audit(1756180701.744:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.2.785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  873.942210][   T37] audit: type=1326 audit(1756180701.744:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.2.785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  873.942254][   T37] audit: type=1326 audit(1756180701.754:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9891 comm="syz.2.785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  874.376906][ T9904] netlink: 'syz.5.787': attribute type 4 has an invalid length.
[  874.432505][   T12] team0 (unregistering): Port device team_slave_1 removed
[  874.434138][ T9908] netlink: 'syz.5.787': attribute type 4 has an invalid length.
[  874.481869][ T9909] netlink: 24 bytes leftover after parsing attributes in process `syz.4.788'.
[  874.652956][ T9911] 9pnet_fd: Insufficient options for proto=fd
[  874.667897][   T12] team0 (unregistering): Port device team_slave_0 removed
[  876.019521][ T6318] lo speed is unknown, defaulting to 1000
[  876.019566][   T10] lo speed is unknown, defaulting to 1000
[  876.135905][ T9845] lo speed is unknown, defaulting to 1000
[  876.589900][ T9926] netlink: 4 bytes leftover after parsing attributes in process `syz.4.790'.
[  876.826935][    C0] vkms_vblank_simulate: vblank timer overrun
[  876.827206][ T9739] chnl_net:caif_netlink_parms(): no params data found
[  877.234181][    C0] vkms_vblank_simulate: vblank timer overrun
[  878.129402][    C0] vkms_vblank_simulate: vblank timer overrun
[  880.987440][ T9944] No control pipe specified
[  881.461787][ T9739] bridge0: port 1(bridge_slave_0) entered blocking state
[  881.463229][ T9739] bridge0: port 1(bridge_slave_0) entered disabled state
[  881.474116][ T9739] bridge_slave_0: entered allmulticast mode
[  881.810797][ T9739] bridge_slave_0: entered promiscuous mode
[  881.814138][ T9952] netlink: 4 bytes leftover after parsing attributes in process `syz.2.796'.
[  881.814152][ T9952] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  881.814168][ T9952] batman_adv: batadv0: Removing interface: batadv_slave_0
[  881.877561][ T9952] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  881.877583][ T9952] batman_adv: batadv0: Removing interface: batadv_slave_1
[  881.951984][    C0] vkms_vblank_simulate: vblank timer overrun
[  882.108142][ T9739] bridge0: port 2(bridge_slave_1) entered blocking state
[  882.108314][ T9739] bridge0: port 2(bridge_slave_1) entered disabled state
[  882.108529][ T9739] bridge_slave_1: entered allmulticast mode
[  882.110177][ T9739] bridge_slave_1: entered promiscuous mode
[  882.119416][   T12] bridge_slave_1: left allmulticast mode
[  882.119443][   T12] bridge_slave_1: left promiscuous mode
[  882.119693][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  882.273902][   T12] bridge_slave_0: left allmulticast mode
[  882.273933][   T12] bridge_slave_0: left promiscuous mode
[  882.274183][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  884.221857][ T9973] netlink: 8 bytes leftover after parsing attributes in process `syz.4.800'.
[  887.939493][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  888.068126][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  888.535146][   T12] bond0 (unregistering): Released all slaves
[  888.658598][ T9971] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12
[  888.658623][ T9971] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12
[  888.658634][ T9971] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  889.709222][ T9739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  889.713722][ T9739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  889.713793][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  890.315321][T10009] ubi31: detaching mtd0
[  891.122434][T10009] ubi31: mtd0 is detached
[  892.100412][   T12] team0 (unregistering): Port device team_slave_1 removed
[  893.317046][T10012] netlink: 24 bytes leftover after parsing attributes in process `syz.4.811'.
[  893.464722][   T12] team0 (unregistering): Port device team_slave_0 removed
[  899.586587][ T9845] chnl_net:caif_netlink_parms(): no params data found
[  899.990758][ T9845] bridge0: port 1(bridge_slave_0) entered blocking state
[  899.990949][ T9845] bridge0: port 1(bridge_slave_0) entered disabled state
[  899.991159][ T9845] bridge_slave_0: entered allmulticast mode
[  899.993562][ T9845] bridge_slave_0: entered promiscuous mode
[  900.036993][ T9845] bridge0: port 2(bridge_slave_1) entered blocking state
[  900.037137][ T9845] bridge0: port 2(bridge_slave_1) entered disabled state
[  900.037388][ T9845] bridge_slave_1: entered allmulticast mode
[  900.039982][ T9845] bridge_slave_1: entered promiscuous mode
[  902.064578][T10040] CIFS mount error: No usable UNC path provided in device string!
[  902.064578][T10040] 
[  902.064598][T10040] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  904.178074][ T5154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  904.196617][ T5951] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  904.214914][ T5154] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  904.229758][ T5154] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  904.231670][ T5154] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  904.232655][ T5154] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  905.291798][ T5951] usb 5-1: Using ep0 maxpacket: 16
[  905.294181][ T5951] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  905.294207][ T5951] usb 5-1: config 0 interface 0 has no altsetting 0
[  905.294239][ T5951] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  905.294260][ T5951] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  905.321958][T10061] Process accounting resumed
[  905.348327][ T5951] usb 5-1: config 0 descriptor??
[  905.372564][ T9845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  905.373793][ T5951] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  905.408521][ T9845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  907.628737][ T5154] Bluetooth: hci0: command tx timeout
[  907.634419][ T5951] usb 5-1: USB disconnect, device number 5
[  907.883294][T10078] netlink: 128 bytes leftover after parsing attributes in process `syz.5.828'.
[  907.959284][ T9845] team0: Port device team_slave_0 added
[  907.989129][ T9845] team0: Port device team_slave_1 added
[  908.496827][T10086] Unsupported ieee802154 address type: 0
[  908.987075][ T5951] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  909.146820][ T5951] usb 5-1: Using ep0 maxpacket: 16
[  909.149346][ T5951] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  909.153392][ T5951] usb 5-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  909.153418][ T5951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  909.153437][ T5951] usb 5-1: Product: syz
[  909.153449][ T5951] usb 5-1: Manufacturer: syz
[  909.153462][ T5951] usb 5-1: SerialNumber: syz
[  909.228613][ T5951] usb 5-1: config 0 descriptor??
[  909.243020][ T5951] hub 5-1:0.0: bad descriptor, ignoring hub
[  909.243054][ T5951] hub 5-1:0.0: probe with driver hub failed with error -5
[  909.408806][ T5951] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  909.670517][ T5154] Bluetooth: hci0: command tx timeout
[  910.509952][ T5951] usb 5-1: USB disconnect, device number 6
[  911.631064][T10095] netlink: 12 bytes leftover after parsing attributes in process `syz.5.833'.
[  911.662238][T10104] futex_wake_op: syz.4.835 tries to shift op by -33; fix this program
[  911.701539][ T9845] batman_adv: batadv0: Adding interface: batadv_slave_0
[  911.701556][ T9845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  911.701581][ T9845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  911.737689][T10057] lo speed is unknown, defaulting to 1000
[  911.746704][ T5154] Bluetooth: hci0: command tx timeout
[  911.786809][ T9845] batman_adv: batadv0: Adding interface: batadv_slave_1
[  911.786827][ T9845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  911.786850][ T9845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  911.855599][   T12] bridge_slave_1: left allmulticast mode
[  911.855640][   T12] bridge_slave_1: left promiscuous mode
[  911.855936][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  911.994925][   T12] bridge_slave_0: left allmulticast mode
[  911.994958][   T12] bridge_slave_0: left promiscuous mode
[  911.995235][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  912.306773][ T5951] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  912.460255][ T5951] usb 5-1: Using ep0 maxpacket: 32
[  913.523638][ T5951] usb 5-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice= e.22
[  913.523668][ T5951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  913.523685][ T5951] usb 5-1: Product: syz
[  913.523698][ T5951] usb 5-1: Manufacturer: syz
[  913.523710][ T5951] usb 5-1: SerialNumber: syz
[  913.565770][ T5951] usb 5-1: config 0 descriptor??
[  913.633032][ T5951] usb 5-1: selecting invalid altsetting 3
[  913.633055][ T5951] comedi comedi4: could not set alternate setting 3 in high speed
[  913.633064][ T5951] usbdux 5-1:0.0: driver 'usbdux' failed to auto-configure device.
[  913.661333][ T5951] usbdux 5-1:0.0: probe with driver usbdux failed with error -22
[  913.735447][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  913.796958][ T5951] usb 5-1: USB disconnect, device number 7
[  913.826816][ T5154] Bluetooth: hci0: command tx timeout
[  914.050291][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  914.090804][   T12] bond0 (unregistering): Released all slaves
[  914.434714][ T9845] hsr_slave_0: entered promiscuous mode
[  914.435556][ T9845] hsr_slave_1: entered promiscuous mode
[  915.243817][T10136] ubi31: attaching mtd0
[  915.281507][T10136] ubi31: scanning is finished
[  916.170225][T10136] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  916.170251][T10136] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  916.170267][T10136] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  916.170282][T10136] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  916.170297][T10136] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  916.170312][T10136] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  916.170327][T10136] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 1454473713
[  916.170344][T10136] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  916.186600][T10141] ubi31: background thread "ubi_bgt31d" started, PID 10141
[  916.300486][T10142] No source specified
[  919.830927][T10167] netlink: 'syz.2.854': attribute type 9 has an invalid length.
[  920.813448][T10176] No source specified
[  923.871289][T10188] ubi: mtd0 is already attached to ubi31
[  924.706683][T10057] chnl_net:caif_netlink_parms(): no params data found
[  926.160577][T10203] overlayfs: failed to resolve './file1': -2
[  926.275749][T10205] comedi comedi0: dt2801: I/O port conflict (0x3,2)
[  927.198790][   T59] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  927.218202][   T59] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  927.220585][   T59] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  927.221765][   T59] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  927.248094][   T59] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  927.775512][T10224] No source specified
[  928.473241][T10220] bond0: (slave team0): Releasing backup interface
[  928.524989][T10220] bridge_slave_0: left allmulticast mode
[  928.525015][T10220] bridge_slave_0: left promiscuous mode
[  928.525175][T10220] bridge0: port 1(bridge_slave_0) entered disabled state
[  928.609176][T10220] bridge_slave_1: left allmulticast mode
[  928.609208][T10220] bridge_slave_1: left promiscuous mode
[  928.609440][T10220] bridge0: port 2(bridge_slave_1) entered disabled state
[  928.931693][T10220] bond0: (slave bond_slave_0): Releasing backup interface
[  929.382298][ T5154] Bluetooth: hci1: command tx timeout
[  929.707557][T10220] bond0: (slave bond_slave_1): Releasing backup interface
[  929.773482][T10220] team0: Port device team_slave_0 removed
[  929.814609][T10220] team0: Port device team_slave_1 removed
[  929.815526][T10220] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  929.815555][T10220] batman_adv: batadv0: Removing interface: batadv_slave_0
[  929.856713][T10220] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  929.856747][T10220] batman_adv: batadv0: Removing interface: batadv_slave_1
[  929.889757][T10220] batman_adv: batadv0: Interface deactivated: vlan1
[  929.889782][T10220] batman_adv: batadv0: Removing interface: vlan1
[  929.958774][T10220] bond0: (slave wlan1): Releasing backup interface
[  930.093222][T10234] : entered promiscuous mode
[  930.208529][T10239] overlayfs: failed to resolve './file1': -2
[  931.362830][T10057] bridge0: port 1(bridge_slave_0) entered blocking state
[  931.363275][T10057] bridge0: port 1(bridge_slave_0) entered disabled state
[  931.363947][T10057] bridge_slave_0: entered allmulticast mode
[  931.408548][T10057] bridge_slave_0: entered promiscuous mode
[  931.436816][ T6087] bridge_slave_1: left allmulticast mode
[  931.436850][ T6087] bridge_slave_1: left promiscuous mode
[  931.437145][ T6087] bridge0: port 2(bridge_slave_1) entered disabled state
[  931.512127][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  931.512205][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  931.667131][ T5154] Bluetooth: hci1: command tx timeout
[  931.819873][ T6087] bridge_slave_0: left allmulticast mode
[  931.819898][ T6087] bridge_slave_0: left promiscuous mode
[  931.820069][ T6087] bridge0: port 1(bridge_slave_0) entered disabled state
[  932.452820][T10258] No source specified
[  933.299999][ T6087] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  933.382593][ T6087] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  933.433026][ T6087] bond0 (unregistering): Released all slaves
[  933.487989][T10057] bridge0: port 2(bridge_slave_1) entered blocking state
[  933.488141][T10057] bridge0: port 2(bridge_slave_1) entered disabled state
[  933.488390][T10057] bridge_slave_1: entered allmulticast mode
[  933.491188][T10057] bridge_slave_1: entered promiscuous mode
[  933.496181][T10266] netlink: 8 bytes leftover after parsing attributes in process `syz.4.886'.
[  933.496396][T10266] netlink: 8 bytes leftover after parsing attributes in process `syz.4.886'.
[  933.496412][T10266] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  933.685779][T10270] overlayfs: failed to resolve './file1': -2
[  933.876971][ T5154] Bluetooth: hci1: command tx timeout
[  934.249865][T10057] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  934.337027][ T6087] hsr_slave_0: left promiscuous mode
[  934.443683][ T6087] hsr_slave_1: left promiscuous mode
[  934.444652][ T6087] batman_adv: batadv0: Removing interface: batadv_slave_0
[  934.495066][ T6087] batman_adv: batadv0: Removing interface: batadv_slave_1
[  935.467126][ T6087] team0 (unregistering): Port device team_slave_1 removed
[  935.629061][ T6087] team0 (unregistering): Port device team_slave_0 removed
[  935.906580][ T5154] Bluetooth: hci1: command tx timeout
[  936.231938][T10057] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  936.235635][T10213] lo speed is unknown, defaulting to 1000
[  936.236057][T10286] netlink: 'syz.5.894': attribute type 30 has an invalid length.
[  936.369618][T10305] overlayfs: failed to resolve './file0': -2
[  938.519053][T10057] team0: Port device team_slave_0 added
[  938.657701][T10057] team0: Port device team_slave_1 added
[  939.212144][T10330] random: crng reseeded on system resumption
[  940.378858][T10057] batman_adv: batadv0: Adding interface: batadv_slave_0
[  940.378876][T10057] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  940.378900][T10057] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  940.381249][T10057] batman_adv: batadv0: Adding interface: batadv_slave_1
[  940.381263][T10057] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  940.381288][T10057] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  940.816325][T10344] netlink: 'syz.2.915': attribute type 1 has an invalid length.
[  941.058523][T10057] hsr_slave_0: entered promiscuous mode
[  941.059817][T10057] hsr_slave_1: entered promiscuous mode
[  941.903210][T10361] vxfs: WRONG superblock magic 00000000 at 1
[  941.918299][T10361] vxfs: WRONG superblock magic 00000000 at 8
[  941.918345][T10361] vxfs: can't find superblock.
[  943.046579][ T5915] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  943.208447][ T5915] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  943.208474][ T5915] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  943.208490][ T5915] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[  943.217263][ T5915] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  943.217291][ T5915] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  943.217309][ T5915] usb 5-1: Product: 咂웨鐔쉻स躅楼嬪ˉ涋饠줮츑埶㕮Ⅻ荧漀뱲ٿ螜̵浆谊Რꬄ삫칈ꠝ䐍쯦䷻芀ᨛ⳺冝㺗勇艧釦
[  943.217328][ T5915] usb 5-1: Manufacturer: 她䃣ⓤ麔ⵢ쭳ۀ½仙齞鿣ꋇ
[  943.217341][ T5915] usb 5-1: SerialNumber: 攘튱瑩띲㏰ݾ⯄룬靳쯾ܴ쑛奛㊁퀪Ⰸ㿼∺酫㜔䇥杍ﾷ厞鷤〫楂鮬쓣蟘苼뗮꓈劁娅墐䢰맪ᡇ몢희刊ꉉ₽錀銕﫹ỏ鮠
[  944.079115][T10213] chnl_net:caif_netlink_parms(): no params data found
[  944.528360][T10360] ceph: No mds server is up or the cluster is laggy
[  944.799396][ T5915] usb 5-1: USB disconnect, device number 8
[  947.240058][T10403] Bluetooth: MGMT ver 1.23
[  947.520444][T10213] bridge0: port 1(bridge_slave_0) entered blocking state
[  947.520658][T10213] bridge0: port 1(bridge_slave_0) entered disabled state
[  947.520917][T10213] bridge_slave_0: entered allmulticast mode
[  947.525332][T10213] bridge_slave_0: entered promiscuous mode
[  947.567345][T10213] bridge0: port 2(bridge_slave_1) entered blocking state
[  947.570734][T10213] bridge0: port 2(bridge_slave_1) entered disabled state
[  947.570982][T10213] bridge_slave_1: entered allmulticast mode
[  947.573642][T10213] bridge_slave_1: entered promiscuous mode
[  948.449824][T10418] ubi: mtd0 is already attached to ubi31
[  949.673609][T10213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  949.932361][T10213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  950.079182][T10428] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  950.530657][   T37] kauditd_printk_skb: 24 callbacks suppressed
[  950.531623][   T37] audit: type=1326 audit(1756181034.423:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10430 comm="syz.2.946" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4fd319ebe9 code=0x0
[  951.811527][T10057] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  951.870328][T10213] team0: Port device team_slave_0 added
[  951.873079][T10057] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  952.217474][T10213] team0: Port device team_slave_1 added
[  952.253352][T10057] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  952.861072][    C1] vkms_vblank_simulate: vblank timer overrun
[  952.999667][    C1] vkms_vblank_simulate: vblank timer overrun
[  953.232537][    C1] vkms_vblank_simulate: vblank timer overrun
[  953.239761][T10057] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  953.644350][    C1] vkms_vblank_simulate: vblank timer overrun
[  953.756157][T10465] netlink: 44 bytes leftover after parsing attributes in process `syz.4.954'.
[  953.756185][T10465] netlink: 43 bytes leftover after parsing attributes in process `syz.4.954'.
[  953.756201][T10465] netlink: 'syz.4.954': attribute type 5 has an invalid length.
[  953.756213][T10465] netlink: 43 bytes leftover after parsing attributes in process `syz.4.954'.
[  953.860814][T10213] batman_adv: batadv0: Adding interface: batadv_slave_0
[  953.860830][T10213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  953.860856][T10213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  953.894449][T10213] batman_adv: batadv0: Adding interface: batadv_slave_1
[  953.894466][T10213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  953.894491][T10213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  954.162447][T10479] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  954.333016][T10213] hsr_slave_0: entered promiscuous mode
[  954.337550][T10213] hsr_slave_1: entered promiscuous mode
[  954.339745][T10213] debugfs: 'hsr0' already exists in 'hsr'
[  954.339772][T10213] Cannot create hsr debugfs directory
[  955.546208][    C1] vkms_vblank_simulate: vblank timer overrun
[  956.046386][    C1] vkms_vblank_simulate: vblank timer overrun
[  956.494534][    C1] vkms_vblank_simulate: vblank timer overrun
[  957.722405][    T9] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  957.865296][T10057] 8021q: adding VLAN 0 to HW filter on device bond0
[  957.895132][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  957.895183][    T9] usb 5-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00
[  957.895207][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  957.912604][    T9] usb 5-1: config 0 descriptor??
[  958.200914][T10057] 8021q: adding VLAN 0 to HW filter on device team0
[  958.286730][ T1482] bridge0: port 1(bridge_slave_0) entered blocking state
[  958.286873][ T1482] bridge0: port 1(bridge_slave_0) entered forwarding state
[  958.369940][T10213] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  958.460699][    T9] asus 0003:0B05:17E0.0001: item fetching failed at offset 2/5
[  958.461218][    T9] asus 0003:0B05:17E0.0001: Asus hid parse failed: -22
[  958.461276][    T9] asus 0003:0B05:17E0.0001: probe with driver asus failed with error -22
[  958.528211][ T7059] bridge0: port 2(bridge_slave_1) entered blocking state
[  958.528372][ T7059] bridge0: port 2(bridge_slave_1) entered forwarding state
[  958.534948][T10213] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  958.564464][    T9] usb 5-1: USB disconnect, device number 9
[  960.058698][T10213] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  960.090311][T10213] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  960.556868][T10213] 8021q: adding VLAN 0 to HW filter on device bond0
[  960.624393][T10213] 8021q: adding VLAN 0 to HW filter on device team0
[  960.649967][ T6086] bridge0: port 1(bridge_slave_0) entered blocking state
[  960.650183][ T6086] bridge0: port 1(bridge_slave_0) entered forwarding state
[  960.670791][ T6086] bridge0: port 2(bridge_slave_1) entered blocking state
[  960.671016][ T6086] bridge0: port 2(bridge_slave_1) entered forwarding state
[  961.571652][T10213] 8021q: adding VLAN 0 to HW filter on device batadv0
[  961.736812][    T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  961.888138][   T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  961.898903][    T9] usb 5-1: Using ep0 maxpacket: 16
[  961.901357][    T9] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  961.901383][    T9] usb 5-1: config 0 has no interface number 0
[  961.901421][    T9] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  961.901448][    T9] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  961.903519][    T9] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  961.903546][    T9] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  961.903565][    T9] usb 5-1: Product: syz
[  961.903578][    T9] usb 5-1: SerialNumber: syz
[  961.930884][   T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  961.932579][   T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  961.934397][   T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  961.935118][   T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  962.037758][    T9] usb 5-1: config 0 descriptor??
[  962.059967][    T9] cm109 5-1:0.8: invalid payload size 0, expected 4
[  962.065085][    T9] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input12
[  962.318546][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  962.324255][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  962.325639][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  962.327349][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  962.327593][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  962.328444][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  962.328682][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  962.328919][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  962.329150][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  962.329380][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  962.338076][ T9613] usb 5-1: USB disconnect, device number 10
[  962.338187][    C0] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  962.594888][ T9613] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  963.508818][T10561] lo speed is unknown, defaulting to 1000
[  963.986727][ T5154] Bluetooth: hci0: command tx timeout
[  964.475776][ T9613] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  964.669893][ T9613] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  964.671433][ T9613] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  964.671488][ T9613] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  964.671512][ T9613] usb 5-1: config 0 interface 0 has no altsetting 0
[  964.673299][ T9613] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  964.673354][ T9613] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  964.673379][ T9613] usb 5-1: config 0 interface 0 has no altsetting 0
[  964.674799][ T9613] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  964.674851][ T9613] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  964.674876][ T9613] usb 5-1: config 0 interface 0 has no altsetting 0
[  964.697160][ T9613] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  964.697220][ T9613] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  964.697244][ T9613] usb 5-1: config 0 interface 0 has no altsetting 0
[  964.698539][ T9613] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  964.698590][ T9613] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  964.698615][ T9613] usb 5-1: config 0 interface 0 has no altsetting 0
[  964.699854][ T9613] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  964.699903][ T9613] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  964.699926][ T9613] usb 5-1: config 0 interface 0 has no altsetting 0
[  964.703019][ T9613] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  964.703073][ T9613] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  964.703097][ T9613] usb 5-1: config 0 interface 0 has no altsetting 0
[  964.704519][ T9613] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  964.704569][ T9613] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  964.704593][ T9613] usb 5-1: config 0 interface 0 has no altsetting 0
[  964.710601][ T9613] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  964.710629][ T9613] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  964.710647][ T9613] usb 5-1: Product: syz
[  964.710660][ T9613] usb 5-1: Manufacturer: syz
[  964.710672][ T9613] usb 5-1: SerialNumber: syz
[  964.735715][ T9613] usb 5-1: config 0 descriptor??
[  964.913448][ T9613] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0
[  964.967244][    T9] usb 5-1: USB disconnect, device number 11
[  964.994470][    T9] yurex 5-1:0.0: USB YUREX #0 now disconnected
[  965.257033][T10213] veth0_vlan: entered promiscuous mode
[  965.298406][T10213] veth1_vlan: entered promiscuous mode
[  965.394885][T10213] veth0_macvtap: entered promiscuous mode
[  966.066697][ T5154] Bluetooth: hci0: command tx timeout
[  966.080089][T10213] veth1_macvtap: entered promiscuous mode
[  966.169296][T10213] batman_adv: batadv0: Interface activated: batadv_slave_0
[  966.204175][T10213] batman_adv: batadv0: Interface activated: batadv_slave_1
[  966.238729][   T12] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  966.239374][   T67] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  966.239606][   T67] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  966.239640][   T67] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  966.338150][T10561] chnl_net:caif_netlink_parms(): no params data found
[  968.148074][ T5154] Bluetooth: hci0: command tx timeout
[  968.238124][T10635] syz.4.1002 (10635): /proc/10634/oom_adj is deprecated, please use /proc/10634/oom_score_adj instead.
[  970.002975][T10656] overlayfs: missing 'lowerdir'
[  970.250856][ T5154] Bluetooth: hci0: command tx timeout
[  970.459751][T10561] bridge0: port 1(bridge_slave_0) entered blocking state
[  970.460278][T10561] bridge0: port 1(bridge_slave_0) entered disabled state
[  970.461235][T10561] bridge_slave_0: entered allmulticast mode
[  970.560190][T10561] bridge_slave_0: entered promiscuous mode
[  970.739014][ T1482] bridge_slave_1: left allmulticast mode
[  970.739054][ T1482] bridge_slave_1: left promiscuous mode
[  970.754294][ T1482] bridge0: port 2(bridge_slave_1) entered disabled state
[  971.278982][ T1482] bridge_slave_0: left allmulticast mode
[  971.279016][ T1482] bridge_slave_0: left promiscuous mode
[  971.279280][ T1482] bridge0: port 1(bridge_slave_0) entered disabled state
[  972.303705][T10689] overlayfs: missing 'lowerdir'
[  972.430637][T10690] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1019'.
[  972.430800][T10690] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1019'.
[  976.380000][ T1482] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  976.457532][ T1482] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  976.493165][ T1482] bond0 (unregistering): Released all slaves
[  976.542525][T10561] bridge0: port 2(bridge_slave_1) entered blocking state
[  976.542674][T10561] bridge0: port 2(bridge_slave_1) entered disabled state
[  976.542928][T10561] bridge_slave_1: entered allmulticast mode
[  976.545770][T10561] bridge_slave_1: entered promiscuous mode
[  976.778202][T10733] sd 0:0:1:0: device reset
[  976.780802][   T37] audit: type=1400 audit(1756181060.673:68): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=10729 comm="syz.4.1036" src=1 dest=20000 netif=wpan0
[  977.349131][T10743] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1039'.
[  977.419268][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  977.419289][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  977.425380][T10561] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  977.714816][ T1482] hsr_slave_0: left promiscuous mode
[  977.750666][ T1482] hsr_slave_1: left promiscuous mode
[  977.783923][ T1482] batman_adv: batadv0: Removing interface: batadv_slave_0
[  977.797566][ T1482] batman_adv: batadv0: Removing interface: batadv_slave_1
[  979.377721][ T1482] team0 (unregistering): Port device team_slave_1 removed
[  979.727228][ T1482] team0 (unregistering): Port device team_slave_0 removed
[  982.331644][T10561] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  982.419916][   T37] audit: type=1326 audit(1756181066.323:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10761 comm="syz.2.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  982.420209][   T37] audit: type=1326 audit(1756181066.323:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10761 comm="syz.2.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  982.421807][   T37] audit: type=1326 audit(1756181066.323:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10761 comm="syz.2.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  982.422067][   T37] audit: type=1326 audit(1756181066.323:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10761 comm="syz.2.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  982.422297][   T37] audit: type=1326 audit(1756181066.323:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10761 comm="syz.2.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  982.422602][   T37] audit: type=1326 audit(1756181066.323:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10761 comm="syz.2.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  982.422716][   T37] audit: type=1326 audit(1756181066.323:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10761 comm="syz.2.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  982.422900][   T37] audit: type=1326 audit(1756181066.323:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10761 comm="syz.2.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fd319ebe9 code=0x7ffc0000
[  982.737544][T10561] team0: Port device team_slave_0 added
[  982.761118][T10561] team0: Port device team_slave_1 added
[  982.765041][ T6126] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  982.765060][ T6126] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  983.076689][T10562] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  983.222144][T10561] batman_adv: batadv0: Adding interface: batadv_slave_0
[  983.222160][T10561] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  983.222186][T10561] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  983.271609][T10561] batman_adv: batadv0: Adding interface: batadv_slave_1
[  983.271625][T10561] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  983.271649][T10561] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  983.272530][T10562] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  983.272562][T10562] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  983.272578][T10562] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  983.272621][T10562] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  983.272641][T10562] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  983.289143][T10562] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  983.289172][T10562] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  983.289191][T10562] usb 5-1: Product: syz
[  983.289204][T10562] usb 5-1: Manufacturer: syz
[  983.430462][T10562] cdc_wdm 5-1:1.0: skipping garbage
[  983.430481][T10562] cdc_wdm 5-1:1.0: skipping garbage
[  983.456680][T10562] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  983.456714][T10562] cdc_wdm 5-1:1.0: Unknown control protocol
[  983.639560][ T5951] usb 5-1: USB disconnect, device number 12
[  984.895389][T10561] hsr_slave_0: entered promiscuous mode
[  984.904579][T10561] hsr_slave_1: entered promiscuous mode
[  985.486593][ T6318] usb 5-1: new low-speed USB device number 13 using dummy_hcd
[  985.653240][ T6318] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  985.653267][ T6318] usb 5-1: config 0 has no interface number 0
[  985.653308][ T6318] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  985.653330][ T6318] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  985.653352][ T6318] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  985.653374][ T6318] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  985.653395][ T6318] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  985.653414][ T6318] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  985.653453][ T6318] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  985.653473][ T6318] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  985.669088][ T6318] usb 5-1: config 0 descriptor??
[  985.675238][T10795] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  985.675435][T10795] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  985.696800][ T6318] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  986.008259][    T9] usb 5-1: USB disconnect, device number 13
[  986.887984][    T9] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  987.551657][T10832] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  988.395483][T10841] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1075'.
[  996.560958][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  996.561046][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  996.930512][T10561] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  996.961159][T10894] netlink: 'syz.2.1097': attribute type 21 has an invalid length.
[  996.968061][T10895] netlink: 'syz.8.1098': attribute type 3 has an invalid length.
[  996.968082][T10895] netlink: 199836 bytes leftover after parsing attributes in process `syz.8.1098'.
[  996.973779][T10894] netlink: 'syz.2.1097': attribute type 6 has an invalid length.
[  996.973799][T10894] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1097'.
[  997.017029][T10561] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  997.130865][T10561] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  997.194156][T10561] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  997.386873][ T6318] usb 9-1: new low-speed USB device number 2 using dummy_hcd
[  997.618910][ T6318] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  997.618964][ T6318] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  997.618988][ T6318] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  997.619013][ T6318] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  997.619035][ T6318] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  998.711901][ T6318] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  998.711962][ T6318] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  998.711985][ T6318] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  998.712005][ T6318] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  998.712027][ T6318] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  998.714799][ T6318] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  998.714861][ T6318] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  998.714886][ T6318] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  998.714910][ T6318] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  998.714933][ T6318] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  998.759168][ T6318] usb 9-1: string descriptor 0 read error: -22
[  998.759325][ T6318] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  998.759347][ T6318] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  998.903474][ T6318] adutux 9-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  999.137241][T10561] 8021q: adding VLAN 0 to HW filter on device bond0
[  999.150991][    T9] usb 9-1: USB disconnect, device number 2
[  999.199987][T10561] 8021q: adding VLAN 0 to HW filter on device team0
[  999.297807][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  999.300185][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  999.303171][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  999.303327][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1000.395582][T10561] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1000.489163][T10957] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[ 1002.222589][T10561] veth0_vlan: entered promiscuous mode
[ 1002.273521][T10561] veth1_vlan: entered promiscuous mode
[ 1002.404865][T10561] veth0_macvtap: entered promiscuous mode
[ 1002.422221][T10561] veth1_macvtap: entered promiscuous mode
[ 1002.450454][T10988] program syz.8.1127 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1002.451619][T10988] program syz.8.1127 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1002.451943][T10988] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1002.548270][T10561] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1002.635808][T10561] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1002.686935][ T1433] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1002.696701][ T1433] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1002.716612][ T1433] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1002.716689][ T1433] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1002.970827][T10996] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1130'.
[ 1003.373854][ T6126] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1003.373875][ T6126] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1003.468689][T11004] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[ 1003.655801][ T6086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1003.655822][ T6086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1009.846837][   T37] audit: type=1326 audit(1756181092.793:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11043 comm="syz.9.1145" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb93884ebe9 code=0x0
[ 1011.865671][T11061] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[ 1014.657676][T11086] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1156'.
[ 1015.314035][T11096] netdevsim netdevsim5 netdevsim0: entered promiscuous mode
[ 1015.314235][T11096] macsec1: entered allmulticast mode
[ 1015.315073][T11096] netdevsim netdevsim5 netdevsim0: entered allmulticast mode
[ 1015.430687][T11096] netdevsim netdevsim5 netdevsim0: left allmulticast mode
[ 1015.430915][T11096] netdevsim netdevsim5 netdevsim0: left promiscuous mode
[ 1016.627644][    C1] ------------[ cut here ]------------
[ 1016.627670][    C1] WARNING: CPU: 1 PID: 29 at ./include/linux/seqlock.h:221 est_timer+0x6dc/0x9f0
[ 1016.627712][    C1] Modules linked in:
[ 1016.627733][    C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1016.627758][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1016.627773][    C1] RIP: 0010:est_timer+0x6dc/0x9f0
[ 1016.627794][    C1] Code: ff c7 42 80 3c 23 00 74 08 4c 89 f7 e8 7d 3b 41 f9 4d 89 3e 42 80 3c 23 00 0f 85 54 ff ff ff e9 57 ff ff ff e8 95 03 e2 f8 90 <0f> 0b 90 e9 63 fd ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 65 fa ff ff
[ 1016.627814][    C1] RSP: 0018:ffffc90000a3f7a0 EFLAGS: 00010246
[ 1016.627833][    C1] RAX: ffffffff88dc58bb RBX: 0000000000000001 RCX: ffff88801caf1dc0
[ 1016.627849][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
[ 1016.627863][    C1] RBP: ffffc90000a3f8b0 R08: 0000000000000000 R09: 0000000000000100
[ 1016.627902][    C1] R10: dffffc0000000000 R11: fffff52000147f0a R12: 0000000000000005
[ 1016.627917][    C1] R13: 0000000000000000 R14: 0000000000000010 R15: ffff8880207fac68
[ 1016.627933][    C1] FS:  0000000000000000(0000) GS:ffff8881269c2000(0000) knlGS:0000000000000000
[ 1016.627952][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1016.627967][    C1] CR2: 0000001b3031eff8 CR3: 0000000060100000 CR4: 00000000003526f0
[ 1016.627986][    C1] Call Trace:
[ 1016.627994][    C1]  <TASK>
[ 1016.628018][    C1]  ? __pfx_est_timer+0x10/0x10
[ 1016.628050][    C1]  call_timer_fn+0x17b/0x5f0
[ 1016.628078][    C1]  ? __pfx_est_timer+0x10/0x10
[ 1016.628099][    C1]  ? call_timer_fn+0xbe/0x5f0
[ 1016.628125][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[ 1016.628164][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1016.628198][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1016.628222][    C1]  ? __pfx_est_timer+0x10/0x10
[ 1016.628247][    C1]  __run_timer_base+0x648/0x970
[ 1016.628292][    C1]  ? __pfx___run_timer_base+0x10/0x10
[ 1016.628348][    C1]  run_timer_softirq+0xb7/0x180
[ 1016.628376][    C1]  handle_softirqs+0x22c/0x710
[ 1016.628418][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1016.628457][    C1]  run_ktimerd+0xcf/0x190
[ 1016.628484][    C1]  ? __pfx_run_ktimerd+0x10/0x10
[ 1016.628510][    C1]  ? schedule+0x91/0x360
[ 1016.628544][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[ 1016.628570][    C1]  smpboot_thread_fn+0x542/0xa60
[ 1016.628597][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[ 1016.628634][    C1]  kthread+0x711/0x8a0
[ 1016.628669][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1016.628694][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.628731][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.628763][    C1]  ret_from_fork+0x3fc/0x770
[ 1016.628794][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1016.628829][    C1]  ? __switch_to_asm+0x39/0x70
[ 1016.628848][    C1]  ? __switch_to_asm+0x33/0x70
[ 1016.628867][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.628898][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1016.628939][    C1]  </TASK>
[ 1016.628949][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1016.628966][    C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1016.628990][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1016.629003][    C1] Call Trace:
[ 1016.629011][    C1]  <TASK>
[ 1016.629020][    C1]  dump_stack_lvl+0x99/0x250
[ 1016.629050][    C1]  ? __asan_memcpy+0x40/0x70
[ 1016.629073][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1016.629102][    C1]  ? __pfx__printk+0x10/0x10
[ 1016.629142][    C1]  vpanic+0x281/0x750
[ 1016.629173][    C1]  ? __pfx__printk+0x10/0x10
[ 1016.629196][    C1]  ? __pfx_vpanic+0x10/0x10
[ 1016.629225][    C1]  ? is_bpf_text_address+0x26/0x2b0
[ 1016.629267][    C1]  panic+0xb9/0xc0
[ 1016.629294][    C1]  ? __pfx_panic+0x10/0x10
[ 1016.629348][    C1]  __warn+0x31b/0x4b0
[ 1016.629375][    C1]  ? est_timer+0x6dc/0x9f0
[ 1016.629400][    C1]  ? est_timer+0x6dc/0x9f0
[ 1016.629422][    C1]  report_bug+0x2be/0x4f0
[ 1016.629447][    C1]  ? est_timer+0x6dc/0x9f0
[ 1016.629470][    C1]  ? est_timer+0x6dc/0x9f0
[ 1016.629491][    C1]  ? est_timer+0x6de/0x9f0
[ 1016.629513][    C1]  handle_bug+0x84/0x160
[ 1016.629544][    C1]  exc_invalid_op+0x1a/0x50
[ 1016.629573][    C1]  asm_exc_invalid_op+0x1a/0x20
[ 1016.629594][    C1] RIP: 0010:est_timer+0x6dc/0x9f0
[ 1016.629616][    C1] Code: ff c7 42 80 3c 23 00 74 08 4c 89 f7 e8 7d 3b 41 f9 4d 89 3e 42 80 3c 23 00 0f 85 54 ff ff ff e9 57 ff ff ff e8 95 03 e2 f8 90 <0f> 0b 90 e9 63 fd ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 65 fa ff ff
[ 1016.629634][    C1] RSP: 0018:ffffc90000a3f7a0 EFLAGS: 00010246
[ 1016.629652][    C1] RAX: ffffffff88dc58bb RBX: 0000000000000001 RCX: ffff88801caf1dc0
[ 1016.629668][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
[ 1016.629682][    C1] RBP: ffffc90000a3f8b0 R08: 0000000000000000 R09: 0000000000000100
[ 1016.629697][    C1] R10: dffffc0000000000 R11: fffff52000147f0a R12: 0000000000000005
[ 1016.629712][    C1] R13: 0000000000000000 R14: 0000000000000010 R15: ffff8880207fac68
[ 1016.629737][    C1]  ? est_timer+0x6db/0x9f0
[ 1016.629784][    C1]  ? __pfx_est_timer+0x10/0x10
[ 1016.629817][    C1]  call_timer_fn+0x17b/0x5f0
[ 1016.629840][    C1]  ? __pfx_est_timer+0x10/0x10
[ 1016.629861][    C1]  ? call_timer_fn+0xbe/0x5f0
[ 1016.629885][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[ 1016.629922][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1016.629947][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1016.629969][    C1]  ? __pfx_est_timer+0x10/0x10
[ 1016.629989][    C1]  __run_timer_base+0x648/0x970
[ 1016.630022][    C1]  ? __pfx___run_timer_base+0x10/0x10
[ 1016.630064][    C1]  run_timer_softirq+0xb7/0x180
[ 1016.630088][    C1]  handle_softirqs+0x22c/0x710
[ 1016.630122][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1016.630160][    C1]  run_ktimerd+0xcf/0x190
[ 1016.630188][    C1]  ? __pfx_run_ktimerd+0x10/0x10
[ 1016.630214][    C1]  ? schedule+0x91/0x360
[ 1016.630246][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[ 1016.630271][    C1]  smpboot_thread_fn+0x542/0xa60
[ 1016.630299][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[ 1016.630342][    C1]  kthread+0x711/0x8a0
[ 1016.630376][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1016.630401][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.630438][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.630470][    C1]  ret_from_fork+0x3fc/0x770
[ 1016.630500][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1016.630535][    C1]  ? __switch_to_asm+0x39/0x70
[ 1016.630555][    C1]  ? __switch_to_asm+0x33/0x70
[ 1016.630573][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.630605][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1016.630644][    C1]  </TASK>
[ 1016.630810][    C1] Kernel Offset: disabled