last executing test programs:

9m12.957337003s ago: executing program 4 (id=5):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000540)='afs_get_tree\x00', r3}, 0x10)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f0000000000)={[{@dyn}]})

9m10.344744795s ago: executing program 4 (id=19):
socket$nl_route(0x10, 0x3, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x8001, 0x0, 0x9, 0x4, 0xfffffe0000000001, 0xfa14, 0xffffffff}, 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x101800, 0x0)
ioctl$FBIOBLANK(r3, 0x4611, 0x3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x2, 0x8, 0x0, 0x3}, 0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0xff00)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_flowlabel\x00')
pread64(r5, &(0x7f0000001600)=""/4103, 0x1007, 0x97)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)

8m54.295577333s ago: executing program 32 (id=19):
socket$nl_route(0x10, 0x3, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x8001, 0x0, 0x9, 0x4, 0xfffffe0000000001, 0xfa14, 0xffffffff}, 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x101800, 0x0)
ioctl$FBIOBLANK(r3, 0x4611, 0x3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x2, 0x8, 0x0, 0x3}, 0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0xff00)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_flowlabel\x00')
pread64(r5, &(0x7f0000001600)=""/4103, 0x1007, 0x97)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)

8m54.230749597s ago: executing program 0 (id=36):
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
r4 = memfd_create(&(0x7f0000000100)='\vem\xda\x99R@m\xfc\xfe\x9b#*\xff', 0x0)
write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000180)=ANY=[], 0xe)
sendfile(r4, r4, &(0x7f0000001000), 0xffff)
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r4, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f000001a000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f000002eff0)={0x135, &(0x7f0000000000)=[{}]}, 0x10)

8m51.360036542s ago: executing program 0 (id=40):
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x103000, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000040), 0x20000000, 0x40800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000080))
close_range(r0, 0xffffffffffffffff, 0x0)

8m48.945969046s ago: executing program 2 (id=44):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0xffffffb3, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000001c0)={0x20201, 0x7, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000380))
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, 0x0)
recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
socket(0x2c, 0x3, 0x0)

8m48.540406644s ago: executing program 0 (id=45):
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/consoles\x00', 0x0, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r3, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000000a499d0000000000000000020000010900010073797a310000000008000240000000030400060014000000110001"], 0x54}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETTABLE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000010a010200000000000800000000"], 0x14}, 0x1, 0x0, 0x0, 0x400c895}, 0x20000000)

8m45.399667926s ago: executing program 0 (id=56):
r0 = memfd_create(&(0x7f0000000380)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xc8}\xac\x06\x9c&\xf5\xe3j\xda*4\x9a1\xa0o\xa0G\xa5\xb8\xf4\x8dy\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x983U@\xf2M\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xd1\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\x9c\xa1&&\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84@\xeag\x94\x84\xd9\x1b\xc3OeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91f\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeU\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x03D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92\x00'/397, 0x3)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGPGRP(r1, 0x8904, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xe, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0), 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x3, [<r5=>0x0], [0x0, 0x7, 0x8], [0x0, 0xe9a0, 0x2], [0x0, 0x0, 0x1, 0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, 0x0)
fcntl$addseals(r0, 0x409, 0x8)

8m45.319406662s ago: executing program 2 (id=48):
socket(0x10, 0x803, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r4}, 0x0, &(0x7f0000000040)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0xce56fe61a68fc369, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv2(r6, &(0x7f0000000380)=[{0x0}], 0x1, 0x0, 0x0, 0x0)
r7 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r7, 0x0, 0x0)
sendmsg$can_bcm(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x5, 0x901, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "d7c139a0d4fe372efa7e8cdba3417665ffb2b92af56c860b29402f8111302ae84c15b9dd43bda8847acbe40605b5ee1c8f0676814afc7e9f0413567e592c7c15"}}, 0x80}}, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x4e21, @remote}})
ioctl$sock_inet_SIOCSIFADDR(r0, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @empty}})

8m43.108392976s ago: executing program 0 (id=50):
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3)
pause()
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40000000)
fcntl$setsig(r3, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r4}], 0x2c, 0xffffffffffbffff8)
dup2(r3, r4)
fcntl$setown(r3, 0x8, r2)
tkill(r2, 0x13)
fanotify_init(0x2, 0x2)

8m42.963882002s ago: executing program 2 (id=51):
socket(0x15, 0x5, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x2040, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000040)={[{0x2d, 'cpu'}]}, 0x5)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
shutdown(r6, 0x1)
r7 = fsopen(&(0x7f0000000080)='sysfs\x00', 0x1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300), 0x84, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r7}})

8m41.062434337s ago: executing program 0 (id=52):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d00000004"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61158800000000006113500000000000bfa000000000000007000000ee0016055e15010000000000160500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000150600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
syz_open_dev$loop(&(0x7f0000000700), 0x10, 0x202a80)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x200, 0x70bd28, 0x0, {0x60, 0x0, 0x0, 0x0, {0x5, 0x10}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_WASH={0x8}, @TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x44}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x28, r6, 0x5, 0x70bd29, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MESH_SETUP={0xc, 0x70, [@NL80211_MESH_SETUP_USERSPACE_AMPE={0x4}, @NL80211_MESH_SETUP_USERSPACE_MPM={0x4}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8004}, 0x0)

8m39.138131247s ago: executing program 2 (id=54):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0)
wait4(0x0, 0x0, 0x40000000, 0x0)
ptrace(0x10, r3)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000400)={{0x3a, @broadcast, 0x4e24, 0x1, 'lblc\x00', 0xb, 0x0, 0x1c}, {@dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x2, 0x8, 0x2, 0x53cc}}, 0x44)
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(0xffffffffffffffff, 0x7af, &(0x7f00000003c0)={@any, 0x1})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
poll(&(0x7f0000000100)=[{0xffffffffffffffff, 0x6086}], 0x1, 0x4)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000040)=0x10000)

8m37.240448496s ago: executing program 2 (id=57):
memfd_create(&(0x7f0000000380)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xc8}\xac\x06\x9c&\xf5\xe3j\xda*4\x9a1\xa0o\xa0G\xa5\xb8\xf4\x8dy\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x983U@\xf2M\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xd1\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\x9c\xa1&&\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84@\xeag\x94\x84\xd9\x1b\xc3OeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91f\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeU\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x03D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92\x00'/397, 0x3)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xe, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0), 0x0, 0x0})

8m35.579656067s ago: executing program 2 (id=60):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x34, 0x0, 0x8, 0x3, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88a8}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @gre}]}, 0x34}}, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000300), 0x40001, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@delnexthop={0x17, 0x69, 0xb, 0x70bd28, 0x0, {}, [{0x8, 0x1, 0x1}, {0x8, 0x1, 0x1}, {0x8, 0x1, 0x1}, {0x8}, {0x8}, {0x8, 0x1, 0x1}, {0x8, 0x1, 0x2}]}, 0x50}}, 0x4000000)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x80, 0x0)
r5 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r5, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x12}, 0x7}, 0x1c)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$kcm(0x29, 0x5, 0x0)
sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800d1}, 0x0)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r6, &(0x7f0000000000)={&(0x7f0000000200)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000280)=[@mask_fadd={0x58, 0x114, 0x8, {{0x7f, 0xfffffc01}, 0xffffffffffffffff, 0x0, 0x8, 0x7c0d08aa, 0x2b, 0xffffffffffffff5d, 0x35, 0x9d}}], 0x58, 0x200080c0}, 0x0)
lseek(0xffffffffffffffff, 0xfffffffffffffff6, 0x1)

8m25.523378346s ago: executing program 33 (id=52):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d00000004"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61158800000000006113500000000000bfa000000000000007000000ee0016055e15010000000000160500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000150600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
syz_open_dev$loop(&(0x7f0000000700), 0x10, 0x202a80)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x200, 0x70bd28, 0x0, {0x60, 0x0, 0x0, 0x0, {0x5, 0x10}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_WASH={0x8}, @TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x44}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x28, r6, 0x5, 0x70bd29, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MESH_SETUP={0xc, 0x70, [@NL80211_MESH_SETUP_USERSPACE_AMPE={0x4}, @NL80211_MESH_SETUP_USERSPACE_MPM={0x4}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8004}, 0x0)

8m18.698240206s ago: executing program 34 (id=60):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x34, 0x0, 0x8, 0x3, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88a8}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @gre}]}, 0x34}}, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000300), 0x40001, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@delnexthop={0x17, 0x69, 0xb, 0x70bd28, 0x0, {}, [{0x8, 0x1, 0x1}, {0x8, 0x1, 0x1}, {0x8, 0x1, 0x1}, {0x8}, {0x8}, {0x8, 0x1, 0x1}, {0x8, 0x1, 0x2}]}, 0x50}}, 0x4000000)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x80, 0x0)
r5 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r5, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x12}, 0x7}, 0x1c)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$kcm(0x29, 0x5, 0x0)
sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800d1}, 0x0)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r6, &(0x7f0000000000)={&(0x7f0000000200)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000280)=[@mask_fadd={0x58, 0x114, 0x8, {{0x7f, 0xfffffc01}, 0xffffffffffffffff, 0x0, 0x8, 0x7c0d08aa, 0x2b, 0xffffffffffffff5d, 0x35, 0x9d}}], 0x58, 0x200080c0}, 0x0)
lseek(0xffffffffffffffff, 0xfffffffffffffff6, 0x1)

7m32.912360621s ago: executing program 3 (id=121):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000201000085000000430000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r5, 0x0, 0x800)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r8}, &(0x7f00000006c0), &(0x7f0000000700)=r7}, 0x20)
sendmsg$inet(r6, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000900)=[{0x0}], 0x1}, 0x3)
r9 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000080)=@framed={{0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r9}, @generic={0x66}, @initr0, @exit, @alu={0x7, 0x0, 0xc, 0x3, 0x0, 0x0, 0x10}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c}, 0x94)

7m31.571381772s ago: executing program 3 (id=123):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000000e850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r4, &(0x7f0000000000)={0x0, 0xfffffffffffffee0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001d00000020000180140002006e657464657673696d30000000000000080003"], 0x34}}, 0x0)
bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0)
msync(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x6)
unshare(0x22020600)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
getcwd(0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_128={{0x304}, "74b4b6f812818157", "fe0f232318769ac69f4d79a23999d0d2", "4110d24f", "9fee0dd3cddeb064"}, 0x28)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8000, 0x0, 0x0)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x8001, 0x6, 0x1, 0x0, 0x0, 0xcc7, 0x8, 0x7, 0xa, 0x100, 0x2, 0x1, 0x8, 0x4, 0x6, 0xffffffff, 0x1, 0x1a449, 0x3, 0x40000003, 0x89, 0x2, 0xf27, 0x6, 0xb, 0x8, 0x5, 0x8, 0x4, 0x10000, 0xfffffff8]})
syz_emit_ethernet(0x66, &(0x7f0000000f80)={@broadcast, @random="6487a2bed3d6", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x66, 0x0, 0x0, 0x6c, 0x0, @private}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0xfffc}, {}, {}, {0x8, 0x88be, 0x0, {{}, 0x1, {0x3}}}}}}}}, 0x0)
prlimit64(0x0, 0xa, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19)

7m29.447711067s ago: executing program 3 (id=125):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000000300)=""/102392, 0x18ff8)
open_tree(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x800, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", <r5=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25", <r6=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014076ab94c1fb10628c46d2e681cdb9e581a38ebb0ddd5f307e56", r6, <r7=>0xffffffffffffffff})
close_range(r3, r4, 0x0)
ioctl$SYNC_IOC_FILE_INFO(r7, 0xc0383e04, &(0x7f00000000c0)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_RINGS_SET(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000100000001800018014000200776c616e30000000000000000000000b08000700e80700000800070001000000080009007f00000008000700090000000800080008000000080006"], 0x5c}, 0x1, 0x0, 0x0, 0x4084}, 0x0)
getsockopt$PNPIPE_IFINDEX(r0, 0x113, 0x2, &(0x7f0000000100), &(0x7f0000000140)=0x4)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f00000004c0)={'ipvlan1\x00', <r12=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r9, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="00010000", @ANYRES16=r10, @ANYBLOB="010028bd7000ffdbdf25080000000c00018008000100", @ANYRES32=r12, @ANYBLOB="e0000280"], 0x100}, 0x1, 0x0, 0x0, 0x802}, 0x0)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, 0x0, 0x10000001)

7m27.398208764s ago: executing program 3 (id=127):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000480)={0xaa, 0x600})
socket$netlink(0x10, 0x3, 0x4)
ioperm(0x6, 0x2, 0x8)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r2}, &(0x7f0000000340))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = mq_open(&(0x7f0000000200)='!se\xf7ih,\x17i\xeb-\xed\xacP\xe6lNn\x00xseqinux\x10', 0x6e93ebbbcc0884f2, 0x2, &(0x7f0000000300)={0x2000, 0x1, 0x6})
mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r3, 0x0, 0x0, 0xff7f000000000000, 0x0)
brk(0x200000ffc000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$kcm(0xa, 0x3, 0x3a)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = socket$netlink(0x10, 0x3, 0x4)
writev(r4, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$inet(0xffffffffffffffff, 0x0, 0x60)
socket(0x10, 0x3, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="240000001800010000000000000000000a37", @ANYRES32=0x0, @ANYBLOB="0000b4"], 0x24}}, 0x0)

7m22.109336669s ago: executing program 3 (id=130):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="180000003d00"], 0x18}}, 0x880)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000001c0)={@dev={0xfe, 0x80, '\x00', 0x2a}, 0x91ee, 0x1, 0x1, 0x0, 0x2, 0x80}, &(0x7f00000002c0)=0x20)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000080)={0x0, 0xddf}, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
io_uring_setup(0x4aec, &(0x7f0000000140)={0x0, 0x81fa, 0x82, 0x1, 0x7a})

7m20.780717761s ago: executing program 3 (id=132):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
fcntl$dupfd(r0, 0x0, r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1, 0x0, 0x7}, 0x18)
openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000300)={0x0, 0x3f00, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)

7m5.256180152s ago: executing program 35 (id=132):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
fcntl$dupfd(r0, 0x0, r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1, 0x0, 0x7}, 0x18)
openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000300)={0x0, 0x3f00, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)

3m52.631282658s ago: executing program 5 (id=983):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="180000003d00"], 0x18}}, 0x880)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000080)={0x0, 0xddf}, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
io_uring_setup(0x4aec, &(0x7f0000000140)={0x0, 0x81fa, 0x82, 0x1, 0x7a})
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

3m51.211319382s ago: executing program 5 (id=991):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0x7fffffff, 0x4)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xfb}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
recvmmsg$unix(r1, &(0x7f0000006e40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)}}], 0x1, 0x10003, 0x0)

3m50.790058784s ago: executing program 5 (id=993):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
readv(r0, &(0x7f0000000580)=[{&(0x7f0000001900)=""/4096, 0x1000}], 0x1)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)

3m50.190819837s ago: executing program 5 (id=997):
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x1032, 0xffffffffffffffff, 0x4000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xa, 0xb, 0x42, 0x3e, 0x42}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000180)}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000280)}, 0x20)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0x1005, &(0x7f00000014c0)=""/4101, 0x0, 0xc}, 0x94)

3m49.765666595s ago: executing program 5 (id=1000):
socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x26020480)
r0 = socket$inet_icmp(0x2, 0x2, 0x1)
setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000380)=0xcd07, 0x4)
sendmmsg$inet(r0, &(0x7f0000000540)=[{{&(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)='\b\x00\x00\x00(\x00\x00\x00', 0x8}], 0x1}}], 0x1, 0x4800)
recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x10020)

3m48.526599503s ago: executing program 7 (id=1011):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x6}, 0x1c, &(0x7f0000001940)=[{&(0x7f0000000300)="97c9", 0x2}], 0x1}, 0x64048853)
r2 = dup(r0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x5, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty, 0x3}}, 0x1000000, 0x71, 0xffff1896, 0x3, 0xae, 0x0, 0x1a}, 0x9c)

3m48.282361099s ago: executing program 8 (id=1014):
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x101, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)

3m48.176047889s ago: executing program 7 (id=1016):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = open(&(0x7f0000000080)='.\x00', 0x80100, 0x78e22799f4a46e8e)
r1 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r2 = openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff)
close(r2)
execveat$binfmt(r0, r1, 0x0, 0x0, 0x0)

3m48.024457916s ago: executing program 5 (id=1017):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e9b3d0007e03dd65193df163e75963f86ddf06712e9001c2f8db0049d90491c3248040000f858dbb8a1", 0x2a}, {&(0x7f0000000200)="c082b44eb524", 0x6a}, {&(0x7f0000000240)="a43b2eaab40000000000800065588002e7f05f", 0x13}], 0x3)

3m47.941048761s ago: executing program 7 (id=1019):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x4, 0x0)

3m47.293147378s ago: executing program 7 (id=1022):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000)
socket$pppl2tp(0x18, 0x1, 0x1)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x4)
futex(0x0, 0x80, 0x1, 0x0, 0x0, 0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x2042, 0x0)
ioctl$sock_bt_bnep_BNEPCONNDEL(0xffffffffffffffff, 0x400442c9, &(0x7f0000000280)={0x5, @multicast})
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0)
gettid()
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
ioctl$VIDIOC_QUERYBUF_DMABUF(0xffffffffffffffff, 0xc04c5609, &(0x7f00000003c0)={0x5, 0x4, 0x4, 0x1, 0x101, {0x77359400}, {0x4, 0x2, 0xf, 0x6, 0x5, 0x8, "2cbe55f7"}, 0x2, 0x4, {}, 0x1})
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
setresuid(0xee00, 0xee00, 0x0)
fchmod(0xffffffffffffffff, 0x0)
pread64(r0, 0x0, 0x0, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x11)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)

3m46.512662451s ago: executing program 8 (id=1028):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r1, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000})
ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000200)={0x28, 0x2, r2, r1, 0x0, 0x0, 0x0, 0x0, 0x0})

3m46.160055106s ago: executing program 8 (id=1030):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x800, 0xffffffff, 0xbfe00000}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x47f6, 0x0, 0x2, 0x0, 0x300)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

3m45.146613409s ago: executing program 8 (id=1034):
r0 = memfd_create(&(0x7f0000000380)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xc8}\xac\x06\x9c&\xf5\xe3j\xda*4\x9a1\xa0o\xa0G\xa5\xb8\xf4\x8dy\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x983U@\xf2M\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xd1\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\x9c\xa1&&\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84@\xeag\x94\x84\xd9\x1b\xc3OeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91f\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeU\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x03D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92\x00'/397, 0x3)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGPGRP(r1, 0x8904, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xe, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0), 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x3, [<r5=>0x0], [0x0, 0x7, 0x8], [0x0, 0xe9a0, 0x2], [0x0, 0x0, 0x1, 0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, 0x0)
fcntl$addseals(r0, 0x409, 0x8)
writev(r0, 0x0, 0x0)
openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000380)={0x82040480, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x0], 0x1}, 0x58)

3m41.756357415s ago: executing program 7 (id=1036):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, 0x0, 0x0)
syz_fuse_handle_req(r1, &(0x7f00000083c0)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001100)={0x1, 0x3, &(0x7f00000013c0)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001400)='syzkaller\x00'}, 0x94)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10001, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})

3m41.754768438s ago: executing program 8 (id=1037):
syz_open_procfs$pagemap(0x0, &(0x7f00000000c0))
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x1, 0x470bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x64e10, 0x36a01}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x4}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x400c080}, 0x8002)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r1, @ANYRES16=r0], 0x0)

3m41.224081026s ago: executing program 7 (id=1040):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x33, 0x790, 0x6000000000000000, 0x17d, 0x10, 0x3, 0xf1, 0x3, 0xfffffffffffffd7e, 0x45, 0x0, 0x3b9, 0xfffffffffffffffe, 0x0, 0x0, 0x8], 0x8000000, 0x2000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3m40.051967568s ago: executing program 8 (id=1048):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x2, @empty}, {0xa, 0x4e20, 0x101, @mcast2, 0x7}, 0xffffffffffffffff, 0x6}}, 0x48)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3m37.923665186s ago: executing program 6 (id=1073):
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0xfffff000)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
getdents64(r1, &(0x7f0000000340)=""/79, 0x4f)

3m37.635456414s ago: executing program 6 (id=1077):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x1, 0x5}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f00000000c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x2, 0xffffffff}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x2, 0x2}, 0x57)
r3 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r3, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4)

3m37.454766012s ago: executing program 6 (id=1079):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000004c0))
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x4ff1, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

3m36.895946405s ago: executing program 6 (id=1081):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @local}, 0x2}}, 0x2e)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7000040000000500b600080009000200000008000c00a60a0000060001000500004008000b"], 0x40}, 0x1, 0x0, 0x0, 0x94ced4add106a01f}, 0x4040)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x34, r4, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)

3m36.519888008s ago: executing program 6 (id=1084):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0, 0x0, 0x7}, 0x18)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x8000003d)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$notify(r3, 0x402, 0x4)
fcntl$notify(r2, 0x402, 0x4)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x8)

3m36.370997388s ago: executing program 6 (id=1087):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20041, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@textreal={0x8, &(0x7f00000001c0)="0f01cb363e6464670fae880050000066b91406000066b85eacd44e66ba000000000f3066b90d03000066b8d715691966baa1495ef00f300f01370f01cf0f01c266b9be0200000f320f01c40f20c06635000004000f22c0", 0x57}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x14, 0x0, 0x1, 0x70bd27, 0xa, {{}, {@void, @void}}}, 0x14}}, 0x0)

3m32.930801306s ago: executing program 36 (id=1017):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e9b3d0007e03dd65193df163e75963f86ddf06712e9001c2f8db0049d90491c3248040000f858dbb8a1", 0x2a}, {&(0x7f0000000200)="c082b44eb524", 0x6a}, {&(0x7f0000000240)="a43b2eaab40000000000800065588002e7f05f", 0x13}], 0x3)

3m26.139024643s ago: executing program 37 (id=1040):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x33, 0x790, 0x6000000000000000, 0x17d, 0x10, 0x3, 0xf1, 0x3, 0xfffffffffffffd7e, 0x45, 0x0, 0x3b9, 0xfffffffffffffffe, 0x0, 0x0, 0x8], 0x8000000, 0x2000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3m25.019381766s ago: executing program 38 (id=1048):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x2, @empty}, {0xa, 0x4e20, 0x101, @mcast2, 0x7}, 0xffffffffffffffff, 0x6}}, 0x48)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3m21.039505409s ago: executing program 39 (id=1087):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20041, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@textreal={0x8, &(0x7f00000001c0)="0f01cb363e6464670fae880050000066b91406000066b85eacd44e66ba000000000f3066b90d03000066b8d715691966baa1495ef00f300f01370f01cf0f01c266b9be0200000f320f01c40f20c06635000004000f22c0", 0x57}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x14, 0x0, 0x1, 0x70bd27, 0xa, {{}, {@void, @void}}}, 0x14}}, 0x0)

761.060607ms ago: executing program 1 (id=3526):
add_key(&(0x7f0000000040)='ceph\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)="c3b72ce6a8efa89fc1c194d275", 0xd, 0xfffffffffffffffa)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$FIDEDUPERANGE(r2, 0xc0189436, &(0x7f0000000000)=ANY=[@ANYBLOB="0f00000000000000b30000000000000000000091"])
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
getpgid(0xffffffffffffffff)
getsockopt$sock_buf(r0, 0x1, 0x1f, 0x0, &(0x7f0000000000))

646.336512ms ago: executing program 1 (id=3527):
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x4, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x8}, [@call={0x85, 0x0, 0x0, 0x88}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
r1 = io_uring_setup(0x53fb, &(0x7f00000000c0)={0x0, 0xdad1, 0x1000, 0x1, 0x15c}) (async)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) (async)
close_range(r1, 0xffffffffffffffff, 0x0)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_RINGS_SET(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x34, r3, 0x1, 0x0, 0x25dfdbfd, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000200)=0x14)
r6 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff})
getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) (async)
r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r9, 0xc008561c, &(0x7f0000000040)={0xf0f01e, 0x1}) (async)
sendmmsg(r6, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r8}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)='O', 0x28}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000240)={'syztnl1\x00', <r10=>0x0, 0x2f, 0x7, 0xe, 0x80000001, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7800, 0x20, 0x80000, 0x3}}) (async)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000380)={'ip_vti0\x00', &(0x7f0000000300)={'sit0\x00', <r11=>0x0, 0x40, 0x87c0, 0x3, 0x2, {{0x12, 0x4, 0x3, 0x2, 0x48, 0x67, 0x0, 0x0, 0x29, 0x0, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp_prespec={0x44, 0xc, 0x8e, 0x3, 0x1, [{@dev={0xac, 0x14, 0x14, 0x26}, 0x6}]}, @lsrr={0x83, 0x17, 0x31, [@local, @broadcast, @multicast2, @local, @multicast1]}, @end, @generic={0x83, 0xc, "01287eeaf079522cbd8a"}, @noop]}}}}}) (async)
unshare(0x20000400)
r12 = socket$inet6_tcp(0xa, 0x1, 0x0)
splice(r12, 0xffffffffffffffff, r12, 0x0, 0x375, 0xc)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000640)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000600)={&(0x7f00000003c0)={0x220, r3, 0x10, 0x70bd2d, 0x25dfdbff, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}, @HEADER={0x8c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x220}, 0x1, 0x0, 0x0, 0xc0}, 0x20000005)

264.079985ms ago: executing program 1 (id=3528):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$sock_inet_SIOCGIFADDR(r1, 0x8915, &(0x7f00000000c0)={'gre0\x00', {0x2, 0x0, @local}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x4008032, 0xffffffffffffffff, 0xd070000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0xc, &(0x7f0000000700)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x58a5}, 0x94)
sendmsg$IPSET_CMD_GET_BYINDEX(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001040)=ANY=[@ANYBLOB="2400000000835fe863906f3105000000000000000500010007000000"], 0x24}, 0x1, 0x0, 0x0, 0x40050}, 0x880)
unshare(0x62040200)

220.426229ms ago: executing program 1 (id=3529):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001800010000000000000200001d01080008000a00", @ANYRES32, @ANYBLOB='\b\x00\t'], 0x24}}, 0x0)
r0 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x42, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1e)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
fchdir(r4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
prlimit64(0x0, 0x7, &(0x7f0000000040)={0x4, 0x5}, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f00000001c0)={0x43c, 0x9296, 0x9, 0xffff, 0x6, 0xbeac})
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r2], 0x90}}, 0x0)

93.454612ms ago: executing program 1 (id=3530):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
fcntl$dupfd(r0, 0x0, r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1, 0x0, 0x7}, 0x18)
openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000300)={0x0, 0x3f00, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)

0s ago: executing program 1 (id=3531):
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_TSC_KHZ_vm(r1, 0xaea2, 0x0) (fail_nth: 2)

kernel console output (not intermixed with test programs):

341.114061][ T6323] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  341.114447][ T6323] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  341.503892][ T6323] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  341.503914][ T6323] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  341.738969][ T7182] binder: BC_ATTEMPT_ACQUIRE not supported
[  341.739034][ T7182] binder: 7176:7182 ioctl c0306201 2000000001c0 returned -22
[  341.838240][ T7182] delete_channel: no stack
[  342.736144][ T7012] 8021q: adding VLAN 0 to HW filter on device batadv0
[  342.821305][   T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  342.821325][   T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  342.974442][  T161] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  342.974470][  T161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  343.310262][ T7202] netlink: 56 bytes leftover after parsing attributes in process `syz.6.192'.
[  343.310330][ T7202] netlink: 96 bytes leftover after parsing attributes in process `syz.6.192'.
[  343.604854][ T7202] lo speed is unknown, defaulting to 1000
[  343.611914][ T7202] lo speed is unknown, defaulting to 1000
[  343.684117][ T7202] lo speed is unknown, defaulting to 1000
[  343.916491][ T7202] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  343.979744][ T7202] lo speed is unknown, defaulting to 1000
[  343.986542][ T7202] lo speed is unknown, defaulting to 1000
[  343.989414][ T7202] lo speed is unknown, defaulting to 1000
[  343.992324][ T7202] lo speed is unknown, defaulting to 1000
[  343.995182][ T7202] lo speed is unknown, defaulting to 1000
[  344.006017][  T161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  344.006037][  T161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  344.522380][ T7214] netlink: 'syz.1.196': attribute type 4 has an invalid length.
[  344.687785][ T7217] random: crng reseeded on system resumption
[  345.829058][ T7224] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  346.696410][ T7012] veth0_vlan: entered promiscuous mode
[  346.749548][ T7012] veth1_vlan: entered promiscuous mode
[  346.771031][ T6010] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  347.058239][ T7240] netlink: 224 bytes leftover after parsing attributes in process `syz.7.200'.
[  348.111811][ T6010] usb 9-1: device descriptor read/all, error -71
[  348.239676][ T7012] veth0_macvtap: entered promiscuous mode
[  348.417960][ T7012] veth1_macvtap: entered promiscuous mode
[  348.493117][ T7250] netlink: 16 bytes leftover after parsing attributes in process `syz.8.203'.
[  348.764391][ T7250] bond1: Removing last arp target with arp_interval on
[  348.774611][ T7250] bond1: entered allmulticast mode
[  348.785430][ T7250] 8021q: adding VLAN 0 to HW filter on device bond1
[  348.895174][ T7012] batman_adv: batadv0: Interface activated: batadv_slave_0
[  349.172546][ T7012] batman_adv: batadv0: Interface activated: batadv_slave_1
[  349.277515][ T5924] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  349.280068][ T5924] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  349.297804][ T5924] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  349.298310][ T5924] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  349.652180][ T7277] Non-string source
[  349.910368][ T7284] vivid-007: =================  START STATUS  =================
[  349.910598][ T7284] vivid-007: Generate PTS: true
[  349.910628][ T7284] vivid-007: Generate SCR: true
[  349.910685][ T7284] tpg source WxH: 320x240 (Y'CbCr)
[  349.910705][ T7284] tpg field: 1
[  349.910712][ T7284] tpg crop: (0,0)/320x240
[  349.910724][ T7284] tpg compose: (0,0)/320x240
[  349.910736][ T7284] tpg colorspace: 8
[  349.910744][ T7284] tpg transfer function: 0/0
[  349.910753][ T7284] tpg Y'CbCr encoding: 0/0
[  349.910762][ T7284] tpg quantization: 0/0
[  349.910771][ T7284] tpg RGB range: 0/2
[  349.910780][ T7284] vivid-007: ==================  END STATUS  ==================
[  350.631436][ T5116] Bluetooth: hci2: command 0x0406 tx timeout
[  350.843468][ T7295] openvswitch: netlink: Message has 1 unknown bytes.
[  350.843506][ T7295] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  350.943191][ T1014] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  350.943211][ T1014] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  351.227335][ T5924] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  351.227354][ T5924] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  351.627085][    C0] vkms_vblank_simulate: vblank timer overrun
[  352.902044][    C0] vkms_vblank_simulate: vblank timer overrun
[  354.521856][ T7334] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  354.541142][    C0] vkms_vblank_simulate: vblank timer overrun
[  354.593913][    C0] vkms_vblank_simulate: vblank timer overrun
[  354.790272][    C0] vkms_vblank_simulate: vblank timer overrun
[  354.794946][   T37] audit: type=1326 audit(1764147863.204:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7331 comm="syz.5.35" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0398dbf749 code=0x0
[  355.836700][    C0] vkms_vblank_simulate: vblank timer overrun
[  357.815225][    C0] vkms_vblank_simulate: vblank timer overrun
[  358.287403][    C0] vkms_vblank_simulate: vblank timer overrun
[  358.581078][    C0] vkms_vblank_simulate: vblank timer overrun
[  358.663345][    C0] vkms_vblank_simulate: vblank timer overrun
[  358.721125][ T1232] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  358.825954][    C0] vkms_vblank_simulate: vblank timer overrun
[  358.932569][ T7402] netlink: 224 bytes leftover after parsing attributes in process `syz.5.250'.
[  359.809921][    C0] vkms_vblank_simulate: vblank timer overrun
[  359.868720][ T1232] usb 7-1: unable to get BOS descriptor or descriptor too short
[  359.876330][ T1232] usb 7-1: config 1 interface 0 altsetting 231 bulk endpoint 0x1 has invalid maxpacket 8
[  359.876360][ T1232] usb 7-1: config 1 interface 0 altsetting 231 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  359.876386][ T1232] usb 7-1: config 1 interface 0 has no altsetting 0
[  359.894646][ T1232] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  359.894676][ T1232] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.894695][ T1232] usb 7-1: Product: syz
[  359.894708][ T1232] usb 7-1: Manufacturer: syz
[  359.894722][ T1232] usb 7-1: SerialNumber: syz
[  359.981117][ T7388] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  361.060537][ T1232] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 231 proto 1 vid 0x0525 pid 0xA4A8
[  361.269665][ T1232] usb 7-1: USB disconnect, device number 2
[  361.298928][ T1232] usblp0: removed
[  361.838065][    C0] vkms_vblank_simulate: vblank timer overrun
[  362.639450][    C0] vkms_vblank_simulate: vblank timer overrun
[  362.925746][ T7442] random: crng reseeded on system resumption
[  362.937593][ T7441] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  362.939903][ T7443] overlayfs: empty lowerdir
[  363.531036][ T5883] usb 7-1: new low-speed USB device number 3 using dummy_hcd
[  363.690363][ T5883] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  363.690427][ T5883] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  363.690593][ T5883] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  363.690618][ T5883] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  363.690643][ T5883] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  363.693374][ T5883] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  363.693440][ T5883] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  363.693465][ T5883] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  363.693488][ T5883] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  363.693512][ T5883] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  363.695469][ T5883] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  363.695522][ T5883] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  363.695547][ T5883] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  363.695570][ T5883] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  363.695594][ T5883] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  363.699575][ T5883] usb 7-1: string descriptor 0 read error: -22
[  363.699717][ T5883] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  363.699739][ T5883] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.050588][ T5883] adutux 7-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  364.265392][ T5883] usb 7-1: USB disconnect, device number 3
[  365.257990][ T7505] program syz.1.289 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  365.296785][ T7509] IPVS: sync thread started: state = BACKUP, mcast_ifn = team0, syncid = 4, id = 0
[  365.428884][ T7512] IPv6: sit1: Disabled Multicast RS
[  367.131245][ T7551] vivid-000: disconnect
[  367.137277][ T7549] tipc: Started in network mode
[  367.137316][ T7549] tipc: Node identity fffffff8, cluster identity 4711
[  367.137328][ T7549] tipc: Node number set to 4294967288
[  367.138429][ T7549] tipc: Cannot configure node identity twice
[  367.171401][ T7547] vivid-000: reconnect
[  367.187336][ T5869] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  367.413510][ T5869] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30
[  367.413558][ T5869] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  367.413580][ T5869] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196
[  367.413625][ T5869] usb 7-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[  367.413647][ T5869] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  367.478392][ T5869] usb 7-1: config 0 descriptor??
[  368.058601][ T7561] netlink: 8 bytes leftover after parsing attributes in process `syz.5.311'.
[  368.146253][ T5869] holtek_kbd 0003:04D9:A055.0001: unknown main item tag 0x0
[  368.146299][ T5869] holtek_kbd 0003:04D9:A055.0001: unknown main item tag 0x0
[  368.146326][ T5869] holtek_kbd 0003:04D9:A055.0001: unknown main item tag 0x0
[  368.146352][ T5869] holtek_kbd 0003:04D9:A055.0001: unknown main item tag 0x0
[  368.146378][ T5869] holtek_kbd 0003:04D9:A055.0001: unknown main item tag 0x0
[  368.146404][ T5869] holtek_kbd 0003:04D9:A055.0001: unknown main item tag 0x0
[  368.146431][ T5869] holtek_kbd 0003:04D9:A055.0001: unknown main item tag 0x0
[  368.161048][ T5116] Bluetooth: hci5: command tx timeout
[  368.234299][ T5869] holtek_kbd 0003:04D9:A055.0001: hidraw0: USB HID v10.00 Device [HID 04d9:a055] on usb-dummy_hcd.6-1/input0
[  368.275920][ T5869] usb 7-1: USB disconnect, device number 4
[  368.391111][    T9] usb 9-1: new full-speed USB device number 4 using dummy_hcd
[  368.507653][ T7569] fido_id[7569]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  368.554110][    T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  368.554142][    T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  368.554162][    T9] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  368.554203][    T9] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  368.554224][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.642582][    T9] usb 9-1: config 0 descriptor??
[  369.119656][    T9] plantronics 0003:047F:FFFF.0002: unbalanced delimiter at end of report description
[  369.120444][    T9] plantronics 0003:047F:FFFF.0002: parse failed
[  369.120544][    T9] plantronics 0003:047F:FFFF.0002: probe with driver plantronics failed with error -22
[  369.264317][ T7590] /dev/nullb0: Can't open blockdev
[  369.306035][ T7585] hpfs: Bad magic ... probably not HPFS
[  369.392034][    T9] usb 9-1: USB disconnect, device number 4
[  369.778807][ T7608] netlink: 64 bytes leftover after parsing attributes in process `syz.6.326'.
[  370.241023][ T5869] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  370.393396][ T5869] usb 2-1: Using ep0 maxpacket: 8
[  370.396432][ T5869] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  370.396458][ T5869] usb 2-1: config 0 has no interface number 0
[  370.396512][ T5869] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  370.396534][ T5869] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  370.396556][ T5869] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  370.396580][ T5869] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  370.396599][ T5869] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  370.396638][ T5869] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  370.396658][ T5869] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.523093][ T5869] usb 2-1: config 0 descriptor??
[  370.547313][ T5869] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  370.803161][ T5884] usb 2-1: USB disconnect, device number 6
[  370.827518][ T5884] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[  372.714611][    C0] vkms_vblank_simulate: vblank timer overrun
[  373.510959][   T37] audit: type=1326 audit(1764147881.954:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7688 comm="syz.6.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  373.511010][   T37] audit: type=1326 audit(1764147881.954:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7688 comm="syz.6.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  373.511047][   T37] audit: type=1326 audit(1764147881.964:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7688 comm="syz.6.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  373.511082][   T37] audit: type=1326 audit(1764147881.964:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7688 comm="syz.6.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  373.511120][   T37] audit: type=1326 audit(1764147881.964:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7688 comm="syz.6.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  373.523299][   T37] audit: type=1326 audit(1764147881.974:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7688 comm="syz.6.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  373.523347][   T37] audit: type=1326 audit(1764147881.984:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7688 comm="syz.6.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  373.523385][   T37] audit: type=1326 audit(1764147881.984:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7688 comm="syz.6.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  373.763171][ T7698] fuse: Bad value for 'user_id'
[  373.763191][ T7698] fuse: Bad value for 'user_id'
[  373.991957][ T5884] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  374.071093][ T5869] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  374.142038][ T5884] usb 8-1: Using ep0 maxpacket: 32
[  374.144346][ T5884] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  374.144391][ T5884] usb 8-1: New USB device found, idVendor=17ef, idProduct=60a3, bcdDevice= 0.00
[  374.144412][ T5884] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.197450][ T5884] usb 8-1: config 0 descriptor??
[  374.358445][ T5869] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  374.358471][ T5869] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  374.381103][ T5869] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  374.381133][ T5869] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.381152][ T5869] usb 6-1: Product: syz
[  374.381164][ T5869] usb 6-1: Manufacturer: syz
[  374.381177][ T5869] usb 6-1: SerialNumber: syz
[  374.686292][ T5869] usb 6-1: 0:2 : does not exist
[  374.701553][ T5869] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  374.781534][ T5884] lenovo 0003:17EF:60A3.0003: hidraw0: USB HID v0.80 Device [HID 17ef:60a3] on usb-dummy_hcd.7-1/input0
[  374.851169][ T5884] usb 8-1: USB disconnect, device number 2
[  375.770740][ T5869] usb 6-1: USB disconnect, device number 2
[  376.066833][ T7723] fido_id[7723]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/report_descriptor': No such file or directory
[  376.172345][ T7735] netlink: 12 bytes leftover after parsing attributes in process `syz.7.378'.
[  377.326476][ T7399] udevd[7399]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  377.541379][ T7767] netlink: 20 bytes leftover after parsing attributes in process `syz.5.389'.
[  377.978772][ T7780] openvswitch: netlink: Missing valid actions attribute.
[  377.978804][ T7780] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  378.155401][ T7784] netlink: 'syz.7.395': attribute type 10 has an invalid length.
[  378.220502][ T7785] netlink: 'syz.7.395': attribute type 10 has an invalid length.
[  378.280212][ T7784] team0: Port device dummy0 added
[  378.412465][ T7785] team0: Port device dummy0 removed
[  378.460807][ T7785] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  378.825998][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  378.826068][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  379.273986][ T7191] udevd[7191]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  379.701477][    C0] vkms_vblank_simulate: vblank timer overrun
[  380.096234][    C0] vkms_vblank_simulate: vblank timer overrun
[  380.763426][    C0] vkms_vblank_simulate: vblank timer overrun
[  382.667027][ T7906] netlink: 8 bytes leftover after parsing attributes in process `syz.7.438'.
[  382.857964][    C0] vkms_vblank_simulate: vblank timer overrun
[  384.201095][  T991] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  384.217981][ T7944] smc: net device bond0 applied user defined pnetid SYZ0
[  384.361172][  T991] usb 8-1: Using ep0 maxpacket: 32
[  384.363559][  T991] usb 8-1: config 0 has an invalid interface number: 67 but max is 0
[  384.363584][  T991] usb 8-1: config 0 has no interface number 0
[  384.363630][  T991] usb 8-1: config 0 interface 67 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1
[  384.402880][  T991] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  384.402904][  T991] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.402921][  T991] usb 8-1: Product: syz
[  384.402934][  T991] usb 8-1: Manufacturer: syz
[  384.402947][  T991] usb 8-1: SerialNumber: syz
[  384.455605][  T991] usb 8-1: config 0 descriptor??
[  384.460779][ T7939] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  384.489205][  T991] smsc95xx v2.0.0
[  384.713019][ T7939] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  384.830340][ T7960] netlink: 'syz.6.457': attribute type 29 has an invalid length.
[  384.863851][ T7960] netlink: 'syz.6.457': attribute type 29 has an invalid length.
[  385.145972][  T991] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71
[  385.146003][  T991] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  385.146622][  T991] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  385.147342][  T991] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -71
[  385.542679][  T991] usb 8-1: USB disconnect, device number 3
[  386.112537][ T5869] kernel write not supported for file /adsp1 (pid: 5869 comm: kworker/1:5)
[  386.631738][ T7999] sch_tbf: burst 0 is lower than device veth1 mtu (1514) !
[  386.780435][ T8005] netlink: 8 bytes leftover after parsing attributes in process `syz.8.474'.
[  386.780456][ T8005] netlink: 8 bytes leftover after parsing attributes in process `syz.8.474'.
[  388.236368][ T8041] netlink: 'syz.5.488': attribute type 3 has an invalid length.
[  388.236389][ T8041] netlink: 'syz.5.488': attribute type 1 has an invalid length.
[  388.236402][ T8041] netlink: 232 bytes leftover after parsing attributes in process `syz.5.488'.
[  388.481084][ T5786] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  388.637894][ T5786] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  388.637927][ T5786] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  388.637965][ T5786] usb 8-1: New USB device found, idVendor=2179, idProduct=0077, bcdDevice= 0.00
[  388.637987][ T5786] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.690039][ T5786] usb 8-1: config 0 descriptor??
[  389.564239][ T5786] uclogic 0003:2179:0077.0004: interface is invalid, ignoring
[  389.642829][ T5786] usb 8-1: USB disconnect, device number 4
[  390.037292][ T5116] Bluetooth: hci5: link tx timeout
[  390.037571][ T5116] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  390.231406][  T991] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[  390.384912][  T991] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  390.384945][  T991] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  390.384986][  T991] usb 7-1: New USB device found, idVendor=0461, idProduct=4e72, bcdDevice= 0.00
[  390.385009][  T991] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.443759][  T991] usb 7-1: config 0 descriptor??
[  390.444573][ T8084] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  390.591030][ T5869] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  390.741041][ T5869] usb 6-1: Using ep0 maxpacket: 32
[  390.748737][ T5869] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  390.748762][ T5869] usb 6-1: config 0 has no interface number 0
[  390.779546][ T5869] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=72.08
[  390.779795][ T5869] usb 6-1: New USB device strings: Mfr=198, Product=120, SerialNumber=3
[  390.779817][ T5869] usb 6-1: Product: syz
[  390.779831][ T5869] usb 6-1: Manufacturer: syz
[  390.779845][ T5869] usb 6-1: SerialNumber: syz
[  390.866203][ T5869] usb 6-1: config 0 descriptor??
[  390.896312][ T5869] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  390.896341][ T5869] usb 6-1: selecting invalid altsetting 1
[  390.896356][ T5869] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  390.944867][ T5869] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  390.945902][ T5869] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  390.945991][ T5869] usb 6-1: media controller created
[  390.979712][  T991] hid-rmi 0003:0461:4E72.0005: hidraw0: USB HID v0.00 Device [HID 0461:4e72] on usb-dummy_hcd.6-1/input0
[  391.053281][ T5869] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  391.121338][    T9] usb 7-1: USB disconnect, device number 5
[  391.921843][ T8124] fido_id[8124]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  392.094638][ T5816] Bluetooth: hci5: command 0x0406 tx timeout
[  392.167545][ T5869] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  392.185273][ T5869] zl10353_read_register: readreg error (reg=127, ret==-110)
[  392.212859][ T8096] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  392.309997][ T5869] usb 6-1: USB disconnect, device number 3
[  392.856847][ T8116] udevd[8116]: failed to send result of seq 16316 to main daemon: Connection refused
[  393.397230][    C0] vkms_vblank_simulate: vblank timer overrun
[  393.674656][ T8180] netlink: 8 bytes leftover after parsing attributes in process `syz.5.537'.
[  393.674681][ T8180] netlink: 4 bytes leftover after parsing attributes in process `syz.5.537'.
[  393.674706][ T8180] netlink: 'syz.5.537': attribute type 15 has an invalid length.
[  393.674721][ T8180] netlink: 'syz.5.537': attribute type 18 has an invalid length.
[  395.171399][ T8246] netlink: 8 bytes leftover after parsing attributes in process `syz.8.561'.
[  395.185936][ T8246] netlink: 8 bytes leftover after parsing attributes in process `syz.8.561'.
[  395.401118][ T5869] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  395.555073][ T5869] usb 6-1: Using ep0 maxpacket: 32
[  395.558174][ T5869] usb 6-1: config 8 has an invalid interface number: 203 but max is 0
[  395.558201][ T5869] usb 6-1: config 8 has no interface number 0
[  395.558240][ T5869] usb 6-1: config 8 interface 203 has no altsetting 0
[  395.567838][ T5869] usb 6-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a
[  395.567865][ T5869] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.567884][ T5869] usb 6-1: Product: syz
[  395.567898][ T5869] usb 6-1: Manufacturer: syz
[  395.567911][ T5869] usb 6-1: SerialNumber: syz
[  395.657207][ T8269] netlink: 8 bytes leftover after parsing attributes in process `syz.6.571'.
[  395.657231][ T8269] netlink: 4 bytes leftover after parsing attributes in process `syz.6.571'.
[  395.843942][ T5869] port100 6-1:8.203: NFC: Could not find bulk-in or bulk-out endpoint
[  395.886511][ T5869] usb 6-1: USB disconnect, device number 4
[  396.181031][ T5911] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  396.331040][ T5911] usb 9-1: Using ep0 maxpacket: 32
[  396.346242][ T5911] usb 9-1: config index 0 descriptor too short (expected 35577, got 27)
[  396.346270][ T5911] usb 9-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  396.346290][ T5911] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 92
[  396.346311][ T5911] usb 9-1: config 1 has no interface number 0
[  396.346361][ T5911] usb 9-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  396.346388][ T5911] usb 9-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  396.346430][ T5911] usb 9-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  396.346452][ T5911] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.438490][ T5911] snd_usb_pod 9-1:1.1: Line 6 Pocket POD found
[  396.682058][ T5911] snd_usb_pod 9-1:1.1: Line 6 Pocket POD now attached
[  397.051163][ T5816] Bluetooth: hci0: command 0x1003 tx timeout
[  397.053365][ T5116] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  397.181151][  T991] usb 9-1: USB disconnect, device number 5
[  397.184239][  T991] snd_usb_pod 9-1:1.1: Line 6 Pocket POD now disconnected
[  397.485698][    C0] vkms_vblank_simulate: vblank timer overrun
[  397.671384][ T8347] syz.7.601 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  397.989498][   T37] audit: type=1326 audit(1764147906.444:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8364 comm="syz.7.608" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f46833ef749 code=0x0
[  398.012905][   T37] audit: type=1326 audit(1764147906.474:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8365 comm="syz.6.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  398.014147][   T37] audit: type=1326 audit(1764147906.474:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8365 comm="syz.6.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  398.014437][   T37] audit: type=1326 audit(1764147906.474:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8365 comm="syz.6.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  398.018098][   T37] audit: type=1326 audit(1764147906.474:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8365 comm="syz.6.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  398.018142][   T37] audit: type=1326 audit(1764147906.474:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8365 comm="syz.6.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  398.018988][   T37] audit: type=1326 audit(1764147906.474:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8365 comm="syz.6.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  398.019032][   T37] audit: type=1326 audit(1764147906.474:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8365 comm="syz.6.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  398.019072][   T37] audit: type=1326 audit(1764147906.474:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8365 comm="syz.6.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  398.019788][   T37] audit: type=1326 audit(1764147906.474:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8365 comm="syz.6.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fb180bcf749 code=0x7ffc0000
[  398.031075][ T5911] usb 9-1: new low-speed USB device number 6 using dummy_hcd
[  398.276110][ T5911] usb 9-1: config 0 interface 0 altsetting 252 endpoint 0x81 has invalid maxpacket 64, setting to 8
[  398.276146][ T5911] usb 9-1: config 0 interface 0 has no altsetting 0
[  398.276181][ T5911] usb 9-1: New USB device found, idVendor=17ef, idProduct=60b5, bcdDevice= 0.00
[  398.276203][ T5911] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.326822][ T5911] usb 9-1: config 0 descriptor??
[  398.327759][ T8356] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  398.335078][ T8377] netlink: 4 bytes leftover after parsing attributes in process `syz.5.612'.
[  398.786729][ T5911] lenovo 0003:17EF:60B5.0006: hidraw0: USB HID vff.ff Device [HID 17ef:60b5] on usb-dummy_hcd.8-1/input0
[  398.977328][ T5911] usb 9-1: USB disconnect, device number 6
[  399.706437][ T8438] process 'syz.8.636' launched './file2' with NULL argv: empty string added
[  400.080079][ T8457] loop4: detected capacity change from 0 to 7
[  400.106342][ T8457] Buffer I/O error on dev loop4, logical block 0, async page read
[  400.106487][ T8457] Buffer I/O error on dev loop4, logical block 0, async page read
[  400.106601][ T8457] Buffer I/O error on dev loop4, logical block 0, async page read
[  400.106717][ T8457] Buffer I/O error on dev loop4, logical block 0, async page read
[  400.106848][ T8457] Buffer I/O error on dev loop4, logical block 0, async page read
[  400.107057][ T8457] Buffer I/O error on dev loop4, logical block 0, async page read
[  400.107157][ T8457] Buffer I/O error on dev loop4, logical block 0, async page read
[  400.107242][ T8457] ldm_validate_partition_table(): Disk read failed.
[  400.107290][ T8457] Buffer I/O error on dev loop4, logical block 0, async page read
[  400.107397][ T8457] Buffer I/O error on dev loop4, logical block 0, async page read
[  400.107506][ T8457] Buffer I/O error on dev loop4, logical block 0, async page read
[  400.107674][ T8457] Dev loop4: unable to read RDB block 0
[  400.107986][ T8457]  loop4: unable to read partition table
[  400.108219][ T8457] loop4: partition table beyond EOD, truncated
[  400.108238][ T8457] loop_reread_partitions: partition scan of loop4 (úùƒå¡™‰ü�¾SêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5)
[  400.151022][ T5911] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  400.306776][ T5911] usb 9-1: Using ep0 maxpacket: 16
[  400.318429][ T5911] usb 9-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  400.318462][ T5911] usb 9-1: config 0 interface 0 has no altsetting 0
[  400.318498][ T5911] usb 9-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  400.318521][ T5911] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.370033][ T5911] usb 9-1: config 0 descriptor??
[  400.846025][ T5911] nzxt-smart2 0003:1E71:2009.0007: unknown main item tag 0x0
[  400.846064][ T5911] nzxt-smart2 0003:1E71:2009.0007: unknown main item tag 0x0
[  400.846090][ T5911] nzxt-smart2 0003:1E71:2009.0007: unknown main item tag 0x0
[  400.846115][ T5911] nzxt-smart2 0003:1E71:2009.0007: unknown main item tag 0x0
[  400.846142][ T5911] nzxt-smart2 0003:1E71:2009.0007: unknown main item tag 0x0
[  400.913157][ T5911] nzxt-smart2 0003:1E71:2009.0007: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.8-1/input0
[  401.071579][ T5911] usb 9-1: USB disconnect, device number 7
[  401.756231][ T8506] netlink: 4 bytes leftover after parsing attributes in process `syz.7.658'.
[  402.641326][ T5869] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  402.811283][ T5869] usb 8-1: Using ep0 maxpacket: 32
[  402.835107][ T5869] usb 8-1: New USB device found, idVendor=056a, idProduct=033e, bcdDevice= 0.00
[  402.835137][ T5869] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.853578][ T5869] usb 8-1: config 0 descriptor??
[  402.970687][ T8569] netlink: 4 bytes leftover after parsing attributes in process `syz.8.691'.
[  403.300776][    C0] vkms_vblank_simulate: vblank timer overrun
[  403.560448][ T5884] usb 8-1: USB disconnect, device number 5
[  404.000407][    C0] vkms_vblank_simulate: vblank timer overrun
[  404.621954][    C0] vkms_vblank_simulate: vblank timer overrun
[  405.391805][ T8647] netlink: 332 bytes leftover after parsing attributes in process `syz.7.720'.
[  405.474273][ T5884] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  405.620997][ T5884] usb 7-1: Using ep0 maxpacket: 8
[  405.628100][ T5884] usb 7-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b
[  405.628130][ T5884] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.628150][ T5884] usb 7-1: Product: syz
[  405.628163][ T5884] usb 7-1: Manufacturer: syz
[  405.628177][ T5884] usb 7-1: SerialNumber: syz
[  405.691358][ T5884] usb 7-1: config 0 descriptor??
[  405.698619][ T5884] option 7-1:0.0: GSM modem (1-port) converter detected
[  405.831031][ T1232] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  405.943111][ T5869] usb 7-1: USB disconnect, device number 6
[  405.946281][ T5869] option 7-1:0.0: device disconnected
[  406.003450][ T1232] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  406.003477][ T1232] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  406.003497][ T1232] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  406.003551][ T1232] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  406.003576][ T1232] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  406.005872][ T1232] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  406.005900][ T1232] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  406.005920][ T1232] usb 8-1: Product: syz
[  406.005934][ T1232] usb 8-1: Manufacturer: syz
[  406.117387][ T1232] cdc_wdm 8-1:1.0: skipping garbage
[  406.117406][ T1232] cdc_wdm 8-1:1.0: skipping garbage
[  406.131880][ T1232] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  406.131915][ T1232] cdc_wdm 8-1:1.0: Unknown control protocol
[  406.494501][ T5816] Bluetooth: hci1: command 0x0406 tx timeout
[  406.578067][ T1232] usb 8-1: USB disconnect, device number 6
[  406.721624][ T5884] IPVS: starting estimator thread 0...
[  406.832858][ T8683] IPVS: using max 7 ests per chain, 16800 per kthread
[  407.451043][ T5869] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  407.601940][ T5869] usb 6-1: Using ep0 maxpacket: 16
[  407.604922][ T5869] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  407.604991][ T5869] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 13
[  407.614816][ T5869] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  407.614843][ T5869] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.614860][ T5869] usb 6-1: Product: syz
[  407.614871][ T5869] usb 6-1: Manufacturer: syz
[  407.614884][ T5869] usb 6-1: SerialNumber: syz
[  407.671735][ T8708] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  408.151882][ T8741] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  408.574969][ T5869] cdc_ncm 6-1:1.0: SET_CRC_MODE failed
[  408.579645][ T5869] cdc_ncm 6-1:1.0: SET_NTB_FORMAT failed
[  408.597624][ T5869] cdc_ncm 6-1:1.0: bind() failure
[  408.647925][ T5869] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  408.647971][ T5869] cdc_ncm 6-1:1.1: bind() failure
[  408.708706][ T5869] usb 6-1: USB disconnect, device number 5
[  409.054151][ T8770] netlink: 36 bytes leftover after parsing attributes in process `syz.6.764'.
[  409.054185][ T8770] netlink: 16 bytes leftover after parsing attributes in process `syz.6.764'.
[  410.267238][ T8792] program syz.6.771 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  410.294863][ T8794] netlink: 8 bytes leftover after parsing attributes in process `syz.7.773'.
[  411.215276][ T8831] binder: 8828:8831 ioctl 40046205 0 returned -22
[  411.609827][ T5816] Bluetooth: hci3: command 0x0406 tx timeout
[  411.650156][ T8843] netlink: 8 bytes leftover after parsing attributes in process `syz.8.791'.
[  411.716476][    C0] vkms_vblank_simulate: vblank timer overrun
[  412.483503][ T8868] netlink: 172 bytes leftover after parsing attributes in process `syz.6.799'.
[  412.483527][ T8868] netlink: 16 bytes leftover after parsing attributes in process `syz.6.799'.
[  412.907270][    C0] vkms_vblank_simulate: vblank timer overrun
[  413.303294][ T8898] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  413.303294][ T8898] The task syz.7.806 (8898) triggered the difference, watch for misbehavior.
[  414.185177][ T1232] kernel read not supported for file /dsp1 (pid: 1232 comm: kworker/0:3)
[  414.629095][ T5883] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  414.780982][ T5883] usb 9-1: Using ep0 maxpacket: 32
[  414.784829][ T5883] usb 9-1: config 0 has an invalid interface number: 51 but max is 0
[  414.784857][ T5883] usb 9-1: config 0 has no interface number 0
[  414.790438][ T5883] usb 9-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  414.790467][ T5883] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.790487][ T5883] usb 9-1: Product: syz
[  414.790502][ T5883] usb 9-1: Manufacturer: syz
[  414.790516][ T5883] usb 9-1: SerialNumber: syz
[  414.853086][ T5883] usb 9-1: config 0 descriptor??
[  414.863678][ T5883] quatech2 9-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  415.108482][ T5883] usb 9-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  415.149420][ T5883] usb 9-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  415.312288][ T8949] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  415.312743][ T8949] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  415.544303][    C1] usb 9-1: qt2_read_bulk_callback - non-zero urb status: -71
[  415.625763][ T6010] usb 9-1: USB disconnect, device number 8
[  415.659787][ T6010] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  415.674182][ T6010] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  415.674856][ T6010] quatech2 9-1:0.51: device disconnected
[  416.311208][ T9030] netlink: 'syz.7.863': attribute type 7 has an invalid length.
[  416.311231][ T9030] netlink: 8 bytes leftover after parsing attributes in process `syz.7.863'.
[  416.389838][ T9032] veth0_macvtap: left promiscuous mode
[  416.513308][ T9044] netlink: 27 bytes leftover after parsing attributes in process `syz.7.869'.
[  416.522431][ T9042] vcan0: tx drop: invalid sa for name 0xffffffffffffffff
[  417.317442][ T9079] netlink: 4 bytes leftover after parsing attributes in process `syz.6.882'.
[  418.149222][    C0] vkms_vblank_simulate: vblank timer overrun
[  418.193916][ T9110] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  418.300425][ T9111] siw: device registration error -23
[  419.032204][    C0] vkms_vblank_simulate: vblank timer overrun
[  420.484874][    C0] vkms_vblank_simulate: vblank timer overrun
[  420.565745][    C0] vkms_vblank_simulate: vblank timer overrun
[  421.969980][    C0] vkms_vblank_simulate: vblank timer overrun
[  422.614650][ T9181] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check.
[  422.827772][ T9193] netlink: 12 bytes leftover after parsing attributes in process `syz.7.928'.
[  423.238562][    C0] vkms_vblank_simulate: vblank timer overrun
[  423.266382][    C0] vkms_vblank_simulate: vblank timer overrun
[  423.324664][    C0] vkms_vblank_simulate: vblank timer overrun
[  423.355773][    C0] vkms_vblank_simulate: vblank timer overrun
[  423.384724][    C0] vkms_vblank_simulate: vblank timer overrun
[  423.417798][    C0] vkms_vblank_simulate: vblank timer overrun
[  423.448178][    C0] vkms_vblank_simulate: vblank timer overrun
[  423.975854][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.005901][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.037483][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.068622][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.144461][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.173344][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.203686][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.233972][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.293448][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.323846][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.354713][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.384351][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.414449][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.447719][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.543985][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.575615][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.606426][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.704136][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.733657][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.768494][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.841724][    C0] vkms_vblank_simulate: vblank timer overrun
[  424.915781][    C0] vkms_vblank_simulate: vblank timer overrun
[  425.038645][    C0] vkms_vblank_simulate: vblank timer overrun
[  425.068572][    C0] vkms_vblank_simulate: vblank timer overrun
[  425.274153][ T9236] netlink: 16 bytes leftover after parsing attributes in process `syz.6.948'.
[  425.274186][ T9236] netlink: 16 bytes leftover after parsing attributes in process `syz.6.948'.
[  426.152822][    C0] vkms_vblank_simulate: vblank timer overrun
[  426.182805][    C0] vkms_vblank_simulate: vblank timer overrun
[  426.351568][    C0] vkms_vblank_simulate: vblank timer overrun
[  426.386874][    C0] vkms_vblank_simulate: vblank timer overrun
[  426.417117][    C0] vkms_vblank_simulate: vblank timer overrun
[  426.449162][    C0] vkms_vblank_simulate: vblank timer overrun
[  426.521231][    C0] vkms_vblank_simulate: vblank timer overrun
[  426.751004][    C0] vkms_vblank_simulate: vblank timer overrun
[  426.781223][    C0] vkms_vblank_simulate: vblank timer overrun
[  426.826294][    C0] vkms_vblank_simulate: vblank timer overrun
[  426.853100][    C0] vkms_vblank_simulate: vblank timer overrun
[  426.892961][    C0] vkms_vblank_simulate: vblank timer overrun
[  426.925112][    C0] vkms_vblank_simulate: vblank timer overrun
[  426.955914][    C0] vkms_vblank_simulate: vblank timer overrun
[  426.988149][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.018138][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.021471][ T5816] Bluetooth: hci4: command 0x0406 tx timeout
[  427.047456][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.092546][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.124987][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.155235][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.184646][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.241502][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.270902][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.300091][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.541249][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.570387][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.599857][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.737083][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.789494][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.817693][    C0] vkms_vblank_simulate: vblank timer overrun
[  428.147700][    C0] vkms_vblank_simulate: vblank timer overrun
[  428.669292][    C0] vkms_vblank_simulate: vblank timer overrun
[  428.697393][    C0] vkms_vblank_simulate: vblank timer overrun
[  428.755673][    C0] vkms_vblank_simulate: vblank timer overrun
[  428.858591][    C0] vkms_vblank_simulate: vblank timer overrun
[  428.887552][    C0] vkms_vblank_simulate: vblank timer overrun
[  429.189027][    C0] vkms_vblank_simulate: vblank timer overrun
[  429.217421][    C0] vkms_vblank_simulate: vblank timer overrun
[  429.290053][    C0] vkms_vblank_simulate: vblank timer overrun
[  431.923059][ T9272] usb 8-1: new low-speed USB device number 7 using dummy_hcd
[  432.078287][ T9272] usb 8-1: config 0 has an invalid interface number: 55 but max is 0
[  432.078315][ T9272] usb 8-1: config 0 has no interface number 0
[  432.078370][ T9272] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  432.078393][ T9272] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  432.078418][ T9272] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  432.078443][ T9272] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  432.078468][ T9272] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  432.078495][ T9272] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  432.078538][ T9272] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  432.078560][ T9272] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.275206][ T9272] usb 8-1: config 0 descriptor??
[  432.291859][ T9328] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  432.292108][ T9328] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  432.434715][ T9272] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  432.620192][ T9272] usb 8-1: USB disconnect, device number 7
[  432.655270][ T9272] ldusb 8-1:0.55: LD USB Device #0 now disconnected
[  438.533838][ T9448] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  439.021886][ T9459] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1025'.
[  439.086492][ T9461] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1025'.
[  443.130704][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  443.130770][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  443.560818][ T5786] kernel write not supported for file bpf-prog (pid: 5786 comm: kworker/1:3)
[  443.731045][ T5862] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  443.892612][ T5862] usb 9-1: Using ep0 maxpacket: 16
[  443.933006][ T5862] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  443.936157][ T5862] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  443.936184][ T5862] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.936212][ T5862] usb 9-1: Product: syz
[  443.936225][ T5862] usb 9-1: Manufacturer: syz
[  443.936239][ T5862] usb 9-1: SerialNumber: syz
[  444.239613][ T5862] usb 9-1: 0:2 : does not exist
[  444.278800][ T5862] usb 9-1: 5:0: failed to get current value for ch 0 (-22)
[  444.369710][ T5862] usb 9-1: USB disconnect, device number 9
[  447.546060][    C1] vkms_vblank_simulate: vblank timer overrun
[  447.857884][    C1] vkms_vblank_simulate: vblank timer overrun
[  448.078874][ T9571] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1081'.
[  453.405270][ T5816] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  453.426991][ T5816] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  453.429717][ T5816] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  453.450007][ T5816] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  453.461601][ T5816] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  453.700062][ T9677] lo speed is unknown, defaulting to 1000
[  454.410652][ T9677] chnl_net:caif_netlink_parms(): no params data found
[  455.607970][ T5816] Bluetooth: hci0: command tx timeout
[  457.123058][ T9677] bridge0: port 1(bridge_slave_0) entered blocking state
[  457.123193][ T9677] bridge0: port 1(bridge_slave_0) entered disabled state
[  457.123436][ T9677] bridge_slave_0: entered allmulticast mode
[  457.177478][ T9677] bridge_slave_0: entered promiscuous mode
[  457.192663][ T9677] bridge0: port 2(bridge_slave_1) entered blocking state
[  457.192800][ T9677] bridge0: port 2(bridge_slave_1) entered disabled state
[  457.193057][ T9677] bridge_slave_1: entered allmulticast mode
[  457.199509][ T9677] bridge_slave_1: entered promiscuous mode
[  457.681225][ T5816] Bluetooth: hci0: command tx timeout
[  459.656151][ T5116] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  459.679023][ T9677] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  459.695421][ T5116] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  459.730597][ T5116] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  459.745221][ T5116] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  459.746049][ T5116] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  459.761535][ T5116] Bluetooth: hci0: command tx timeout
[  459.803761][ T9677] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  460.383734][ T5816] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  460.409982][ T5816] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  460.419685][ T5816] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  460.431774][ T5816] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  460.432672][ T5816] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  461.718104][ T9677] team0: Port device team_slave_0 added
[  461.739494][ T9677] team0: Port device team_slave_1 added
[  461.841447][ T5816] Bluetooth: hci6: command tx timeout
[  461.842012][ T5816] Bluetooth: hci0: command tx timeout
[  462.481146][ T5116] Bluetooth: hci7: command tx timeout
[  463.503541][ T9677] batman_adv: batadv0: Adding interface: batadv_slave_0
[  463.503558][ T9677] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  463.503583][ T9677] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  463.506075][ T9677] batman_adv: batadv0: Adding interface: batadv_slave_1
[  463.506088][ T9677] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  463.506111][ T9677] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  463.701117][ T9839] lo speed is unknown, defaulting to 1000
[  463.720031][ T9836] lo speed is unknown, defaulting to 1000
[  463.922706][ T5116] Bluetooth: hci6: command tx timeout
[  464.561489][ T5116] Bluetooth: hci7: command tx timeout
[  464.788663][ T5816] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  464.807136][ T5816] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  464.819024][ T5816] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  464.830236][ T5816] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  464.840490][ T5816] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  466.001322][ T5116] Bluetooth: hci6: command tx timeout
[  466.641194][ T5116] Bluetooth: hci7: command tx timeout
[  466.881264][ T5116] Bluetooth: hci4: command tx timeout
[  468.086024][ T5116] Bluetooth: hci6: command tx timeout
[  468.484519][ T9677] hsr_slave_0: entered promiscuous mode
[  468.485990][ T9677] hsr_slave_1: entered promiscuous mode
[  468.486915][ T9677] debugfs: 'hsr0' already exists in 'hsr'
[  468.486938][ T9677] Cannot create hsr debugfs directory
[  468.721057][ T5116] Bluetooth: hci7: command tx timeout
[  468.961605][ T5116] Bluetooth: hci4: command tx timeout
[  470.000062][ T9929] lo speed is unknown, defaulting to 1000
[  471.061051][ T5116] Bluetooth: hci4: command tx timeout
[  473.120977][ T5116] Bluetooth: hci4: command tx timeout
[  473.837178][ T9836] chnl_net:caif_netlink_parms(): no params data found
[  474.131533][ T9839] chnl_net:caif_netlink_parms(): no params data found
[  474.201005][ T9677] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  474.977521][ T9677] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  476.609471][ T9677] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  476.933644][ T9929] chnl_net:caif_netlink_parms(): no params data found
[  477.828106][ T9677] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  483.229620][ T9836] bridge0: port 1(bridge_slave_0) entered blocking state
[  483.229838][ T9836] bridge0: port 1(bridge_slave_0) entered disabled state
[  483.230099][ T9836] bridge_slave_0: entered allmulticast mode
[  483.254917][ T9836] bridge_slave_0: entered promiscuous mode
[  484.969194][ T9836] bridge0: port 2(bridge_slave_1) entered blocking state
[  484.969329][ T9836] bridge0: port 2(bridge_slave_1) entered disabled state
[  484.969559][ T9836] bridge_slave_1: entered allmulticast mode
[  485.003624][ T9836] bridge_slave_1: entered promiscuous mode
[  487.206400][ T9839] bridge0: port 1(bridge_slave_0) entered blocking state
[  487.206571][ T9839] bridge0: port 1(bridge_slave_0) entered disabled state
[  487.206821][ T9839] bridge_slave_0: entered allmulticast mode
[  487.210070][ T9839] bridge_slave_0: entered promiscuous mode
[  489.293316][ T9839] bridge0: port 2(bridge_slave_1) entered blocking state
[  489.293538][ T9839] bridge0: port 2(bridge_slave_1) entered disabled state
[  489.293760][ T9839] bridge_slave_1: entered allmulticast mode
[  489.341213][ T9839] bridge_slave_1: entered promiscuous mode
[  489.364959][ T9836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  490.134682][ T9836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  490.138096][ T9929] bridge0: port 1(bridge_slave_0) entered blocking state
[  490.138230][ T9929] bridge0: port 1(bridge_slave_0) entered disabled state
[  490.138457][ T9929] bridge_slave_0: entered allmulticast mode
[  490.182357][ T9929] bridge_slave_0: entered promiscuous mode
[  491.959048][ T9929] bridge0: port 2(bridge_slave_1) entered blocking state
[  491.959183][ T9929] bridge0: port 2(bridge_slave_1) entered disabled state
[  491.959404][ T9929] bridge_slave_1: entered allmulticast mode
[  492.012328][ T9929] bridge_slave_1: entered promiscuous mode
[  492.038103][ T9839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  494.683544][ T9839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  494.685855][ T9836] team0: Port device team_slave_0 added
[  495.887105][ T9836] team0: Port device team_slave_1 added
[  496.791316][ T9929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  498.694553][ T9929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  499.299446][ T9839] team0: Port device team_slave_0 added
[  500.872968][ T9836] batman_adv: batadv0: Adding interface: batadv_slave_0
[  500.872984][ T9836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  500.873009][ T9836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  500.913019][ T9839] team0: Port device team_slave_1 added
[  501.567806][ T9836] batman_adv: batadv0: Adding interface: batadv_slave_1
[  501.567822][ T9836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  501.567848][ T9836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  501.693591][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  501.693658][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  503.220049][ T9929] team0: Port device team_slave_0 added
[  503.773247][ T9929] team0: Port device team_slave_1 added
[  503.800209][ T9839] batman_adv: batadv0: Adding interface: batadv_slave_0
[  503.800226][ T9839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  503.800251][ T9839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  504.584673][ T9839] batman_adv: batadv0: Adding interface: batadv_slave_1
[  504.584689][ T9839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  504.584715][ T9839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  505.639250][ T9929] batman_adv: batadv0: Adding interface: batadv_slave_0
[  505.639266][ T9929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  505.639290][ T9929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  506.487694][ T9929] batman_adv: batadv0: Adding interface: batadv_slave_1
[  506.487711][ T9929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  506.487737][ T9929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  506.557686][ T9836] hsr_slave_0: entered promiscuous mode
[  506.559167][ T9836] hsr_slave_1: entered promiscuous mode
[  506.560150][ T9836] debugfs: 'hsr0' already exists in 'hsr'
[  506.560174][ T9836] Cannot create hsr debugfs directory
[  509.960236][ T9839] hsr_slave_0: entered promiscuous mode
[  509.987984][ T9839] hsr_slave_1: entered promiscuous mode
[  509.989503][ T9839] debugfs: 'hsr0' already exists in 'hsr'
[  509.989527][ T9839] Cannot create hsr debugfs directory
[  513.741996][ T5816] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  513.764649][ T5816] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  513.766099][ T5816] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  513.767811][ T5816] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  513.769379][ T5816] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  513.832815][ T9929] hsr_slave_0: entered promiscuous mode
[  513.834318][ T9929] hsr_slave_1: entered promiscuous mode
[  513.835378][ T9929] debugfs: 'hsr0' already exists in 'hsr'
[  513.835402][ T9929] Cannot create hsr debugfs directory
[  515.843250][ T5816] Bluetooth: hci5: command tx timeout
[  517.921213][ T5816] Bluetooth: hci5: command tx timeout
[  520.004596][ T5816] Bluetooth: hci5: command tx timeout
[  520.043896][ T5116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  520.084482][ T5116] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  520.085882][ T5116] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  520.087120][ T5116] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  520.087904][ T5116] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  521.318055][ T5816] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  521.338953][ T5816] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  521.340379][ T5816] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  521.367525][ T5816] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  521.368629][ T5816] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  521.774472][T11218] lo speed is unknown, defaulting to 1000
[  522.081525][ T5816] Bluetooth: hci5: command tx timeout
[  522.165673][ T5816] Bluetooth: hci0: command tx timeout
[  522.844166][T11382] lo speed is unknown, defaulting to 1000
[  522.900962][T11371] lo speed is unknown, defaulting to 1000
[  523.442391][ T5816] Bluetooth: hci8: command tx timeout
[  524.244268][ T5816] Bluetooth: hci0: command tx timeout
[  524.806630][ T5116] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  524.827486][ T5116] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  524.828927][ T5116] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  524.830256][ T5116] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  524.858515][ T5116] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  525.522111][ T5116] Bluetooth: hci8: command tx timeout
[  526.321001][ T5116] Bluetooth: hci0: command tx timeout
[  526.961291][ T5116] Bluetooth: hci6: command tx timeout
[  527.601171][ T5116] Bluetooth: hci8: command tx timeout
[  528.411011][ T5116] Bluetooth: hci0: command tx timeout
[  529.053175][ T5116] Bluetooth: hci6: command tx timeout
[  529.690977][ T5116] Bluetooth: hci8: command tx timeout
[  530.283131][T11441] lo speed is unknown, defaulting to 1000
[  530.968103][T11218] chnl_net:caif_netlink_parms(): no params data found
[  531.131208][ T5116] Bluetooth: hci6: command tx timeout
[  532.571484][T11371] chnl_net:caif_netlink_parms(): no params data found
[  533.201294][ T5816] Bluetooth: hci6: command tx timeout
[  533.900377][T11382] chnl_net:caif_netlink_parms(): no params data found
[  535.276609][T11218] bridge0: port 1(bridge_slave_0) entered blocking state
[  535.276712][T11218] bridge0: port 1(bridge_slave_0) entered disabled state
[  535.276879][T11218] bridge_slave_0: entered allmulticast mode
[  535.278493][T11218] bridge_slave_0: entered promiscuous mode
[  535.365115][T11218] bridge0: port 2(bridge_slave_1) entered blocking state
[  535.365248][T11218] bridge0: port 2(bridge_slave_1) entered disabled state
[  535.365488][T11218] bridge_slave_1: entered allmulticast mode
[  535.368303][T11218] bridge_slave_1: entered promiscuous mode
[  538.950721][T11218] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  539.956019][T11218] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  540.850465][T11371] bridge0: port 1(bridge_slave_0) entered blocking state
[  540.862643][T11371] bridge0: port 1(bridge_slave_0) entered disabled state
[  540.863340][T11371] bridge_slave_0: entered allmulticast mode
[  540.897201][T11371] bridge_slave_0: entered promiscuous mode
[  541.857079][T11371] bridge0: port 2(bridge_slave_1) entered blocking state
[  541.858157][T11371] bridge0: port 2(bridge_slave_1) entered disabled state
[  541.858450][T11371] bridge_slave_1: entered allmulticast mode
[  541.891748][T11371] bridge_slave_1: entered promiscuous mode
[  542.126829][T11382] bridge0: port 1(bridge_slave_0) entered blocking state
[  542.126964][T11382] bridge0: port 1(bridge_slave_0) entered disabled state
[  542.127248][T11382] bridge_slave_0: entered allmulticast mode
[  542.130059][T11382] bridge_slave_0: entered promiscuous mode
[  543.258215][T11441] chnl_net:caif_netlink_parms(): no params data found
[  543.314388][T11218] team0: Port device team_slave_0 added
[  543.315074][T11382] bridge0: port 2(bridge_slave_1) entered blocking state
[  543.315209][T11382] bridge0: port 2(bridge_slave_1) entered disabled state
[  543.315420][T11382] bridge_slave_1: entered allmulticast mode
[  543.351385][T11382] bridge_slave_1: entered promiscuous mode
[  544.572914][T11218] team0: Port device team_slave_1 added
[  545.235735][T11371] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  547.582393][T11371] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  552.734574][T11382] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  559.876928][T11218] batman_adv: batadv0: Adding interface: batadv_slave_0
[  559.876945][T11218] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  559.876970][T11218] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  559.950239][T11382] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  562.179621][ T6252] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  562.538213][T11218] batman_adv: batadv0: Adding interface: batadv_slave_1
[  562.538230][T11218] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  562.538255][T11218] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  563.128291][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  563.128372][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  564.296006][T11371] team0: Port device team_slave_0 added
[  564.855701][T11371] team0: Port device team_slave_1 added
[  564.860673][T11382] team0: Port device team_slave_0 added
[  566.159068][T11382] team0: Port device team_slave_1 added
[  571.508938][T11441] bridge0: port 1(bridge_slave_0) entered blocking state
[  571.509077][T11441] bridge0: port 1(bridge_slave_0) entered disabled state
[  571.509320][T11441] bridge_slave_0: entered allmulticast mode
[  571.532693][T11441] bridge_slave_0: entered promiscuous mode
[  573.083145][ T5116] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  573.104342][ T5116] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  573.109281][ T5116] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  573.110394][ T5116] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  573.145806][ T5116] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  573.831913][T11371] batman_adv: batadv0: Adding interface: batadv_slave_0
[  573.831929][T11371] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  573.831954][T11371] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  573.841381][T11441] bridge0: port 2(bridge_slave_1) entered blocking state
[  573.841513][T11441] bridge0: port 2(bridge_slave_1) entered disabled state
[  573.841791][T11441] bridge_slave_1: entered allmulticast mode
[  573.844536][T11441] bridge_slave_1: entered promiscuous mode
[  573.869160][T11382] batman_adv: batadv0: Adding interface: batadv_slave_0
[  573.869176][T11382] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  573.869200][T11382] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  573.880491][T11371] batman_adv: batadv0: Adding interface: batadv_slave_1
[  573.880506][T11371] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  573.880530][T11371] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  575.233581][ T5816] Bluetooth: hci1: command tx timeout
[  575.622030][T11382] batman_adv: batadv0: Adding interface: batadv_slave_1
[  575.622048][T11382] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  575.622073][T11382] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  577.280918][ T5816] Bluetooth: hci1: command tx timeout
[  579.360917][ T5816] Bluetooth: hci1: command tx timeout
[  579.525313][T11441] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  579.630162][T11441] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  579.974883][ T5116] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  579.978258][ T5116] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  580.004239][ T5116] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  580.005493][ T5116] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  580.006315][ T5116] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  581.441189][ T5116] Bluetooth: hci1: command tx timeout
[  581.902313][ T5816] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  581.924184][ T5816] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  581.925554][ T5816] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  581.927221][ T5816] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  581.928049][ T5816] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  582.091332][ T5816] Bluetooth: hci3: command tx timeout
[  583.035770][T11441] team0: Port device team_slave_0 added
[  583.091579][T11441] team0: Port device team_slave_1 added
[  584.001319][ T5816] Bluetooth: hci5: command tx timeout
[  584.199796][ T5816] Bluetooth: hci3: command tx timeout
[  584.616216][ T5116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  584.672259][ T5116] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  584.673780][ T5116] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  584.675414][ T5116] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  584.676192][ T5116] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  585.569706][T12735] lo speed is unknown, defaulting to 1000
[  586.080952][ T5116] Bluetooth: hci5: command tx timeout
[  586.240921][ T5116] Bluetooth: hci3: command tx timeout
[  586.733805][ T5116] Bluetooth: hci0: command tx timeout
[  588.161192][ T5116] Bluetooth: hci5: command tx timeout
[  588.321131][ T5116] Bluetooth: hci3: command tx timeout
[  588.801385][ T5816] Bluetooth: hci0: command tx timeout
[  590.241016][ T5816] Bluetooth: hci5: command tx timeout
[  590.800979][ T5816] Bluetooth: hci4: command 0x0406 tx timeout
[  590.881257][ T5816] Bluetooth: hci0: command tx timeout
[  591.602029][T12890] lo speed is unknown, defaulting to 1000
[  591.640718][T12914] lo speed is unknown, defaulting to 1000
[  591.743824][T12972] lo speed is unknown, defaulting to 1000
[  592.931380][T12735] chnl_net:caif_netlink_parms(): no params data found
[  592.967240][ T5116] Bluetooth: hci0: command tx timeout
[  594.471274][T12890] chnl_net:caif_netlink_parms(): no params data found
[  595.096011][T12914] chnl_net:caif_netlink_parms(): no params data found
[  597.544539][T12972] chnl_net:caif_netlink_parms(): no params data found
[  598.622321][T12735] bridge0: port 1(bridge_slave_0) entered blocking state
[  598.622445][T12735] bridge0: port 1(bridge_slave_0) entered disabled state
[  598.622684][T12735] bridge_slave_0: entered allmulticast mode
[  598.625578][T12735] bridge_slave_0: entered promiscuous mode
[  599.661062][T12735] bridge0: port 2(bridge_slave_1) entered blocking state
[  599.661196][T12735] bridge0: port 2(bridge_slave_1) entered disabled state
[  599.661494][T12735] bridge_slave_1: entered allmulticast mode
[  599.664320][T12735] bridge_slave_1: entered promiscuous mode
[  605.394597][T12735] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  605.397516][T12890] bridge0: port 1(bridge_slave_0) entered blocking state
[  605.397642][T12890] bridge0: port 1(bridge_slave_0) entered disabled state
[  605.397889][T12890] bridge_slave_0: entered allmulticast mode
[  605.458591][T12890] bridge_slave_0: entered promiscuous mode
[  607.469109][T12735] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  607.469575][T12890] bridge0: port 2(bridge_slave_1) entered blocking state
[  607.469705][T12890] bridge0: port 2(bridge_slave_1) entered disabled state
[  607.469972][T12890] bridge_slave_1: entered allmulticast mode
[  607.522621][T12890] bridge_slave_1: entered promiscuous mode
[  607.626562][T12914] bridge0: port 1(bridge_slave_0) entered blocking state
[  607.638435][T12914] bridge0: port 1(bridge_slave_0) entered disabled state
[  607.638756][T12914] bridge_slave_0: entered allmulticast mode
[  607.666331][T12914] bridge_slave_0: entered promiscuous mode
[  609.800125][T12914] bridge0: port 2(bridge_slave_1) entered blocking state
[  609.800257][T12914] bridge0: port 2(bridge_slave_1) entered disabled state
[  609.800502][T12914] bridge_slave_1: entered allmulticast mode
[  609.860015][T12914] bridge_slave_1: entered promiscuous mode
[  615.193552][T12735] team0: Port device team_slave_0 added
[  615.295481][T12890] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  615.295783][T12972] bridge0: port 1(bridge_slave_0) entered blocking state
[  615.295914][T12972] bridge0: port 1(bridge_slave_0) entered disabled state
[  615.296148][T12972] bridge_slave_0: entered allmulticast mode
[  615.353346][T12972] bridge_slave_0: entered promiscuous mode
[  616.313057][T12735] team0: Port device team_slave_1 added
[  616.339778][T12890] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  616.340264][T12972] bridge0: port 2(bridge_slave_1) entered blocking state
[  616.340371][T12972] bridge0: port 2(bridge_slave_1) entered disabled state
[  616.340592][T12972] bridge_slave_1: entered allmulticast mode
[  616.375462][T12972] bridge_slave_1: entered promiscuous mode
[  616.604982][T12914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  618.515870][T12914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  622.078447][T12735] batman_adv: batadv0: Adding interface: batadv_slave_0
[  622.078465][T12735] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  622.078500][T12735] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  622.092639][T12890] team0: Port device team_slave_0 added
[  622.097282][T12972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  622.671364][T12735] batman_adv: batadv0: Adding interface: batadv_slave_1
[  622.671381][T12735] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  622.671406][T12735] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  622.679391][T12890] team0: Port device team_slave_1 added
[  622.693411][T12972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  622.705658][T12914] team0: Port device team_slave_0 added
[  624.572397][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  624.572462][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  625.616004][T12914] team0: Port device team_slave_1 added
[  626.857109][T12890] batman_adv: batadv0: Adding interface: batadv_slave_0
[  626.857126][T12890] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  626.857152][T12890] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  626.859998][T12972] team0: Port device team_slave_0 added
[  627.557368][T12890] batman_adv: batadv0: Adding interface: batadv_slave_1
[  627.557386][T12890] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  627.557412][T12890] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  627.567963][T12972] team0: Port device team_slave_1 added
[  627.571292][T12914] batman_adv: batadv0: Adding interface: batadv_slave_0
[  627.571307][T12914] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  627.571332][T12914] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  630.556501][T12914] batman_adv: batadv0: Adding interface: batadv_slave_1
[  630.556518][T12914] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  630.556544][T12914] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  630.605436][T12735] hsr_slave_0: entered promiscuous mode
[  630.607353][T12735] hsr_slave_1: entered promiscuous mode
[  630.608667][T12735] debugfs: 'hsr0' already exists in 'hsr'
[  630.608691][T12735] Cannot create hsr debugfs directory
[  631.687323][T12972] batman_adv: batadv0: Adding interface: batadv_slave_0
[  631.687340][T12972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  631.687366][T12972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  632.368125][T12972] batman_adv: batadv0: Adding interface: batadv_slave_1
[  632.368143][T12972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  632.368168][T12972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  633.523233][T14257] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  633.535775][T14257] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  633.537104][T14257] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  633.538659][T14257] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  633.539381][T14257] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  634.408856][T12890] hsr_slave_0: entered promiscuous mode
[  634.421580][T12890] hsr_slave_1: entered promiscuous mode
[  634.424997][T12890] debugfs: 'hsr0' already exists in 'hsr'
[  634.425026][T12890] Cannot create hsr debugfs directory
[  635.262998][T12914] hsr_slave_0: entered promiscuous mode
[  635.272210][T12914] hsr_slave_1: entered promiscuous mode
[  635.288932][T12914] debugfs: 'hsr0' already exists in 'hsr'
[  635.288960][T12914] Cannot create hsr debugfs directory
[  635.690177][ T5116] Bluetooth: hci6: command tx timeout
[  637.761191][ T5116] Bluetooth: hci6: command tx timeout
[  639.820447][T14257] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  639.835708][T14257] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  639.837912][T14257] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  639.839463][T14257] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  639.840621][T14257] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  639.848619][T14257] Bluetooth: hci6: command tx timeout
[  641.675710][T12972] hsr_slave_0: entered promiscuous mode
[  641.677329][T12972] hsr_slave_1: entered promiscuous mode
[  641.678384][T12972] debugfs: 'hsr0' already exists in 'hsr'
[  641.678407][T12972] Cannot create hsr debugfs directory
[  641.895576][T14257] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  641.900734][T14257] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  641.930364][T14257] Bluetooth: hci6: command tx timeout
[  641.930435][T14257] Bluetooth: hci1: command tx timeout
[  641.959441][ T5816] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  641.985832][ T5816] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  641.989117][ T5816] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  642.107880][T14255] lo speed is unknown, defaulting to 1000
[  644.003122][ T5116] Bluetooth: hci1: command tx timeout
[  644.087029][ T5116] Bluetooth: hci7: command tx timeout
[  645.167693][ T5816] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  645.192738][ T5816] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  645.194438][ T5816] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  645.195667][ T5816] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  645.201995][ T5816] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  646.081585][ T5816] Bluetooth: hci1: command tx timeout
[  646.162673][ T5816] Bluetooth: hci7: command tx timeout
[  646.701552][T14515] FAULT_INJECTION: forcing a failure.
[  646.701552][T14515] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  646.701596][T14515] CPU: 1 UID: 0 PID: 14515 Comm: syz.1.3461 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  646.701618][T14515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  646.701635][T14515] Call Trace:
[  646.701646][T14515]  <TASK>
[  646.701654][T14515]  dump_stack_lvl+0x189/0x250
[  646.701691][T14515]  ? __pfx____ratelimit+0x10/0x10
[  646.701716][T14515]  ? __pfx_dump_stack_lvl+0x10/0x10
[  646.701741][T14515]  ? __pfx__printk+0x10/0x10
[  646.701761][T14515]  ? __might_fault+0xb0/0x130
[  646.701796][T14515]  should_fail_ex+0x46c/0x600
[  646.701825][T14515]  _copy_from_user+0x2d/0xb0
[  646.701846][T14515]  __sys_bpf+0x1e3/0x860
[  646.701871][T14515]  ? __pfx___sys_bpf+0x10/0x10
[  646.701891][T14515]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  646.701928][T14515]  ? ksys_write+0x230/0x260
[  646.701953][T14515]  ? __pfx_ksys_write+0x10/0x10
[  646.701980][T14515]  __x64_sys_bpf+0x7c/0x90
[  646.702003][T14515]  do_syscall_64+0xfa/0xfa0
[  646.702024][T14515]  ? lockdep_hardirqs_on+0x9c/0x150
[  646.702047][T14515]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.702065][T14515]  ? clear_bhb_loop+0x60/0xb0
[  646.702087][T14515]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.702105][T14515] RIP: 0033:0x7f5ac676f749
[  646.702133][T14515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  646.702148][T14515] RSP: 002b:00007f5ac49d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  646.702168][T14515] RAX: ffffffffffffffda RBX: 00007f5ac69c5fa0 RCX: 00007f5ac676f749
[  646.702181][T14515] RDX: 0000000000000094 RSI: 0000200000000100 RDI: 0000000000000005
[  646.702193][T14515] RBP: 00007f5ac49d6090 R08: 0000000000000000 R09: 0000000000000000
[  646.702204][T14515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  646.702216][T14515] R13: 00007f5ac69c6038 R14: 00007f5ac69c5fa0 R15: 00007ffce2f289b8
[  646.702246][T14515]  </TASK>
[  647.280952][ T5816] Bluetooth: hci3: command tx timeout
[  648.161672][ T5816] Bluetooth: hci1: command tx timeout
[  648.242327][ T5816] Bluetooth: hci7: command tx timeout
[  649.387571][ T5116] Bluetooth: hci3: command tx timeout
[  650.029292][T14382] lo speed is unknown, defaulting to 1000
[  650.151860][T14547] FAULT_INJECTION: forcing a failure.
[  650.151860][T14547] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  650.151892][T14547] CPU: 1 UID: 0 PID: 14547 Comm: syz.1.3474 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  650.151913][T14547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  650.151924][T14547] Call Trace:
[  650.151931][T14547]  <TASK>
[  650.151939][T14547]  dump_stack_lvl+0x189/0x250
[  650.151970][T14547]  ? __pfx____ratelimit+0x10/0x10
[  650.151994][T14547]  ? __pfx_dump_stack_lvl+0x10/0x10
[  650.152018][T14547]  ? __pfx__printk+0x10/0x10
[  650.152039][T14547]  ? __might_fault+0xb0/0x130
[  650.152074][T14547]  should_fail_ex+0x46c/0x600
[  650.152103][T14547]  _copy_from_user+0x2d/0xb0
[  650.152123][T14547]  ___sys_sendmsg+0x158/0x2a0
[  650.152149][T14547]  ? __pfx____sys_sendmsg+0x10/0x10
[  650.152206][T14547]  ? __fget_files+0x2a/0x420
[  650.152229][T14547]  ? __fget_files+0x3a6/0x420
[  650.152262][T14547]  __x64_sys_sendmsg+0x1a1/0x260
[  650.152287][T14547]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  650.152318][T14547]  ? __pfx_ksys_write+0x10/0x10
[  650.152344][T14547]  ? do_syscall_64+0xbe/0xfa0
[  650.152372][T14547]  do_syscall_64+0xfa/0xfa0
[  650.152394][T14547]  ? lockdep_hardirqs_on+0x9c/0x150
[  650.152417][T14547]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.152435][T14547]  ? clear_bhb_loop+0x60/0xb0
[  650.152457][T14547]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.152474][T14547] RIP: 0033:0x7f5ac676f749
[  650.152490][T14547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  650.152505][T14547] RSP: 002b:00007f5ac49d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  650.152525][T14547] RAX: ffffffffffffffda RBX: 00007f5ac69c5fa0 RCX: 00007f5ac676f749
[  650.152538][T14547] RDX: 0000000000008001 RSI: 0000200000000040 RDI: 0000000000000003
[  650.152550][T14547] RBP: 00007f5ac49d6090 R08: 0000000000000000 R09: 0000000000000000
[  650.152561][T14547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  650.152571][T14547] R13: 00007f5ac69c6038 R14: 00007f5ac69c5fa0 R15: 00007ffce2f289b8
[  650.152603][T14547]  </TASK>
[  650.320855][ T5116] Bluetooth: hci7: command tx timeout
[  651.208415][T14565] FAULT_INJECTION: forcing a failure.
[  651.208415][T14565] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  651.208447][T14565] CPU: 1 UID: 0 PID: 14565 Comm: syz.1.3482 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  651.208469][T14565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  651.208479][T14565] Call Trace:
[  651.208487][T14565]  <TASK>
[  651.208495][T14565]  dump_stack_lvl+0x189/0x250
[  651.208526][T14565]  ? __pfx____ratelimit+0x10/0x10
[  651.208551][T14565]  ? __pfx_dump_stack_lvl+0x10/0x10
[  651.208575][T14565]  ? __pfx__printk+0x10/0x10
[  651.208610][T14565]  should_fail_ex+0x46c/0x600
[  651.208639][T14565]  _copy_to_user+0x31/0xb0
[  651.208661][T14565]  simple_read_from_buffer+0xe1/0x170
[  651.208689][T14565]  proc_fail_nth_read+0x1b6/0x220
[  651.208712][T14565]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  651.208735][T14565]  ? rw_verify_area+0x2ac/0x4e0
[  651.208755][T14565]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  651.208776][T14565]  vfs_read+0x206/0xa30
[  651.208805][T14565]  ? __pfx_vfs_read+0x10/0x10
[  651.208825][T14565]  ? do_sys_openat2+0x154/0x1c0
[  651.208842][T14565]  ? kmem_cache_free+0x19a/0x910
[  651.208869][T14565]  ? do_sys_openat2+0x154/0x1c0
[  651.208892][T14565]  ? do_sys_openat2+0x154/0x1c0
[  651.208919][T14565]  ksys_read+0x14b/0x260
[  651.208942][T14565]  ? __pfx_ksys_read+0x10/0x10
[  651.208967][T14565]  ? do_syscall_64+0xbe/0xfa0
[  651.208995][T14565]  do_syscall_64+0xfa/0xfa0
[  651.209017][T14565]  ? lockdep_hardirqs_on+0x9c/0x150
[  651.209041][T14565]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.209059][T14565]  ? clear_bhb_loop+0x60/0xb0
[  651.209080][T14565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.209098][T14565] RIP: 0033:0x7f5ac676e15c
[  651.209114][T14565] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  651.209129][T14565] RSP: 002b:00007f5ac49d6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  651.209148][T14565] RAX: ffffffffffffffda RBX: 00007f5ac69c5fa0 RCX: 00007f5ac676e15c
[  651.209161][T14565] RDX: 000000000000000f RSI: 00007f5ac49d60a0 RDI: 0000000000000004
[  651.209173][T14565] RBP: 00007f5ac49d6090 R08: 0000000000000000 R09: 0000000000000000
[  651.209184][T14565] R10: 0000000080000000 R11: 0000000000000246 R12: 0000000000000001
[  651.209196][T14565] R13: 00007f5ac69c6038 R14: 00007f5ac69c5fa0 R15: 00007ffce2f289b8
[  651.209226][T14565]  </TASK>
[  651.441037][ T5116] Bluetooth: hci3: command tx timeout
[  652.131861][T14414] lo speed is unknown, defaulting to 1000
[  652.266665][T14477] lo speed is unknown, defaulting to 1000
[  652.886248][T14586] FAULT_INJECTION: forcing a failure.
[  652.886248][T14586] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  652.886279][T14586] CPU: 1 UID: 0 PID: 14586 Comm: syz.1.3489 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  652.886322][T14586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  652.886332][T14586] Call Trace:
[  652.886340][T14586]  <TASK>
[  652.886348][T14586]  dump_stack_lvl+0x189/0x250
[  652.886378][T14586]  ? __pfx____ratelimit+0x10/0x10
[  652.886402][T14586]  ? __pfx_dump_stack_lvl+0x10/0x10
[  652.886427][T14586]  ? __pfx__printk+0x10/0x10
[  652.886448][T14586]  ? __might_fault+0xb0/0x130
[  652.886483][T14586]  should_fail_ex+0x46c/0x600
[  652.886519][T14586]  _copy_from_user+0x2d/0xb0
[  652.886540][T14586]  ___sys_sendmsg+0x158/0x2a0
[  652.886565][T14586]  ? __pfx____sys_sendmsg+0x10/0x10
[  652.886622][T14586]  ? __fget_files+0x2a/0x420
[  652.886645][T14586]  ? __fget_files+0x3a6/0x420
[  652.886678][T14586]  __x64_sys_sendmsg+0x1a1/0x260
[  652.886702][T14586]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  652.886733][T14586]  ? __pfx_ksys_write+0x10/0x10
[  652.886759][T14586]  ? do_syscall_64+0xbe/0xfa0
[  652.886786][T14586]  do_syscall_64+0xfa/0xfa0
[  652.886808][T14586]  ? lockdep_hardirqs_on+0x9c/0x150
[  652.886831][T14586]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.886849][T14586]  ? clear_bhb_loop+0x60/0xb0
[  652.886871][T14586]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.886888][T14586] RIP: 0033:0x7f5ac676f749
[  652.886904][T14586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  652.886920][T14586] RSP: 002b:00007f5ac49d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  652.886939][T14586] RAX: ffffffffffffffda RBX: 00007f5ac69c5fa0 RCX: 00007f5ac676f749
[  652.886953][T14586] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003
[  652.886964][T14586] RBP: 00007f5ac49d6090 R08: 0000000000000000 R09: 0000000000000000
[  652.886975][T14586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  652.886986][T14586] R13: 00007f5ac69c6038 R14: 00007f5ac69c5fa0 R15: 00007ffce2f289b8
[  652.887021][T14586]  </TASK>
[  653.521377][ T5816] Bluetooth: hci3: command tx timeout
[  653.747381][T14602] FAULT_INJECTION: forcing a failure.
[  653.747381][T14602] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  653.747413][T14602] CPU: 1 UID: 0 PID: 14602 Comm: syz.1.3496 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  653.747435][T14602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  653.747446][T14602] Call Trace:
[  653.747453][T14602]  <TASK>
[  653.747461][T14602]  dump_stack_lvl+0x189/0x250
[  653.747492][T14602]  ? __pfx____ratelimit+0x10/0x10
[  653.747516][T14602]  ? __pfx_dump_stack_lvl+0x10/0x10
[  653.747541][T14602]  ? __pfx__printk+0x10/0x10
[  653.747577][T14602]  should_fail_ex+0x46c/0x600
[  653.747615][T14602]  _copy_to_user+0x31/0xb0
[  653.747638][T14602]  simple_read_from_buffer+0xe1/0x170
[  653.747666][T14602]  proc_fail_nth_read+0x1b6/0x220
[  653.747689][T14602]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  653.747712][T14602]  ? rw_verify_area+0x2ac/0x4e0
[  653.747733][T14602]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  653.747754][T14602]  vfs_read+0x206/0xa30
[  653.747784][T14602]  ? __pfx_vfs_read+0x10/0x10
[  653.747801][T14602]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  653.747833][T14602]  ? mutex_lock_nested+0x154/0x1d0
[  653.747851][T14602]  ? fdget_pos+0x253/0x320
[  653.747883][T14602]  ksys_read+0x14b/0x260
[  653.747907][T14602]  ? __pfx_ksys_read+0x10/0x10
[  653.747932][T14602]  ? do_syscall_64+0xbe/0xfa0
[  653.747959][T14602]  do_syscall_64+0xfa/0xfa0
[  653.747982][T14602]  ? lockdep_hardirqs_on+0x9c/0x150
[  653.748005][T14602]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.748023][T14602]  ? clear_bhb_loop+0x60/0xb0
[  653.748045][T14602]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.748062][T14602] RIP: 0033:0x7f5ac676e15c
[  653.748078][T14602] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  653.748094][T14602] RSP: 002b:00007f5ac49d6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  653.748113][T14602] RAX: ffffffffffffffda RBX: 00007f5ac69c5fa0 RCX: 00007f5ac676e15c
[  653.748126][T14602] RDX: 000000000000000f RSI: 00007f5ac49d60a0 RDI: 0000000000000004
[  653.748137][T14602] RBP: 00007f5ac49d6090 R08: 0000000000000000 R09: 0000000000000000
[  653.748148][T14602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  653.748159][T14602] R13: 00007f5ac69c6038 R14: 00007f5ac69c5fa0 R15: 00007ffce2f289b8
[  653.748191][T14602]  </TASK>
[  654.247191][T14255] chnl_net:caif_netlink_parms(): no params data found
[  654.850892][ T5862] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  655.026150][ T5862] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  655.026182][ T5862] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  655.026204][ T5862] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  655.026248][ T5862] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  655.026270][ T5862] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.085749][ T5862] usb 2-1: config 0 descriptor??
[  655.516754][ T5862] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  655.516794][ T5862] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  655.516822][ T5862] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  655.516850][ T5862] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  655.516877][ T5862] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  655.516904][ T5862] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  655.516931][ T5862] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  655.516958][ T5862] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  655.516985][ T5862] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  655.517012][ T5862] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  655.637550][ T5862] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  655.662605][T14382] chnl_net:caif_netlink_parms(): no params data found
[  655.724787][T14612] FAULT_INJECTION: forcing a failure.
[  655.724787][T14612] name failslab, interval 1, probability 0, space 0, times 1
[  655.724904][T14612] CPU: 1 UID: 0 PID: 14612 Comm: syz.1.3500 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  655.724925][T14612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  655.724936][T14612] Call Trace:
[  655.724943][T14612]  <TASK>
[  655.724951][T14612]  dump_stack_lvl+0x189/0x250
[  655.724982][T14612]  ? __pfx____ratelimit+0x10/0x10
[  655.725007][T14612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  655.725031][T14612]  ? __pfx__printk+0x10/0x10
[  655.725059][T14612]  ? __pfx___might_resched+0x10/0x10
[  655.725078][T14612]  ? fs_reclaim_acquire+0x7d/0x100
[  655.725107][T14612]  should_fail_ex+0x46c/0x600
[  655.725134][T14612]  ? getname_flags+0xb8/0x540
[  655.725159][T14612]  should_failslab+0xa8/0x100
[  655.725185][T14612]  ? getname_flags+0xb8/0x540
[  655.725205][T14612]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  655.725229][T14612]  ? __pfx_vfs_write+0x10/0x10
[  655.725255][T14612]  getname_flags+0xb8/0x540
[  655.725283][T14612]  do_sys_openat2+0xbc/0x1c0
[  655.725304][T14612]  ? __pfx_do_sys_openat2+0x10/0x10
[  655.725326][T14612]  ? ksys_write+0x230/0x260
[  655.725349][T14612]  ? __pfx_ksys_write+0x10/0x10
[  655.725372][T14612]  __x64_sys_openat+0x138/0x170
[  655.725395][T14612]  do_syscall_64+0xfa/0xfa0
[  655.725419][T14612]  ? lockdep_hardirqs_on+0x9c/0x150
[  655.725443][T14612]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.725467][T14612]  ? clear_bhb_loop+0x60/0xb0
[  655.725489][T14612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.725506][T14612] RIP: 0033:0x7f5ac676df90
[  655.725522][T14612] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44
[  655.725537][T14612] RSP: 002b:00007f5ac49d5b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  655.725557][T14612] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ac676df90
[  655.725570][T14612] RDX: 0000000000000000 RSI: 00007f5ac49d5c10 RDI: 00000000ffffff9c
[  655.725582][T14612] RBP: 00007f5ac49d5c10 R08: 0000000000000000 R09: 0000000000000000
[  655.725593][T14612] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
[  655.725605][T14612] R13: 00007f5ac69c6038 R14: 00007f5ac69c5fa0 R15: 00007ffce2f289b8
[  655.725637][T14612]  </TASK>
[  655.732960][ T5786] usb 2-1: USB disconnect, device number 7
[  655.992233][T14414] chnl_net:caif_netlink_parms(): no params data found
[  657.275054][T14255] bridge0: port 1(bridge_slave_0) entered blocking state
[  657.275192][T14255] bridge0: port 1(bridge_slave_0) entered disabled state
[  657.275476][T14255] bridge_slave_0: entered allmulticast mode
[  657.278629][T14255] bridge_slave_0: entered promiscuous mode
[  657.423173][T14477] chnl_net:caif_netlink_parms(): no params data found
[  657.815434][T14255] bridge0: port 2(bridge_slave_1) entered blocking state
[  657.815570][T14255] bridge0: port 2(bridge_slave_1) entered disabled state
[  657.815903][T14255] bridge_slave_1: entered allmulticast mode
[  657.866290][T14255] bridge_slave_1: entered promiscuous mode
[  658.935519][T14649] FAULT_INJECTION: forcing a failure.
[  658.935519][T14649] name failslab, interval 1, probability 0, space 0, times 0
[  658.935552][T14649] CPU: 1 UID: 0 PID: 14649 Comm: syz.1.3512 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  658.935573][T14649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  658.935583][T14649] Call Trace:
[  658.935591][T14649]  <TASK>
[  658.935598][T14649]  dump_stack_lvl+0x189/0x250
[  658.935628][T14649]  ? __pfx____ratelimit+0x10/0x10
[  658.935654][T14649]  ? __pfx_dump_stack_lvl+0x10/0x10
[  658.935678][T14649]  ? __pfx__printk+0x10/0x10
[  658.935706][T14649]  ? __pfx___might_resched+0x10/0x10
[  658.935730][T14649]  should_fail_ex+0x46c/0x600
[  658.935760][T14649]  should_failslab+0xa8/0x100
[  658.935787][T14649]  __kmalloc_noprof+0xcc/0x7d0
[  658.935808][T14649]  ? kfree+0x51/0x950
[  658.935825][T14649]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  658.935861][T14649]  tomoyo_realpath_from_path+0xe3/0x5d0
[  658.935884][T14649]  ? tomoyo_domain+0xda/0x130
[  658.935911][T14649]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  658.935939][T14649]  tomoyo_path_number_perm+0x1e8/0x5a0
[  658.935968][T14649]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  658.935999][T14649]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  658.936024][T14649]  ? lockdep_hardirqs_on+0x9c/0x150
[  658.936078][T14649]  ? __fget_files+0x2a/0x420
[  658.936107][T14649]  ? __fget_files+0x3a6/0x420
[  658.936128][T14649]  ? __fget_files+0x2a/0x420
[  658.936155][T14649]  security_file_ioctl+0xcb/0x2d0
[  658.936176][T14649]  __se_sys_ioctl+0x47/0x170
[  658.936199][T14649]  do_syscall_64+0xfa/0xfa0
[  658.936222][T14649]  ? lockdep_hardirqs_on+0x9c/0x150
[  658.936245][T14649]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.936263][T14649]  ? clear_bhb_loop+0x60/0xb0
[  658.936284][T14649]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.936302][T14649] RIP: 0033:0x7f5ac676f749
[  658.936318][T14649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  658.936333][T14649] RSP: 002b:00007f5ac49d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  658.936352][T14649] RAX: ffffffffffffffda RBX: 00007f5ac69c5fa0 RCX: 00007f5ac676f749
[  658.936365][T14649] RDX: 0000200000000000 RSI: 00000000800448d2 RDI: 0000000000000004
[  658.936377][T14649] RBP: 00007f5ac49d6090 R08: 0000000000000000 R09: 0000000000000000
[  658.936389][T14649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  658.936399][T14649] R13: 00007f5ac69c6038 R14: 00007f5ac69c5fa0 R15: 00007ffce2f289b8
[  658.936432][T14649]  </TASK>
[  658.936449][T14649] ERROR: Out of memory at tomoyo_realpath_from_path.
[  659.496295][T14655] FAULT_INJECTION: forcing a failure.
[  659.496295][T14655] name failslab, interval 1, probability 0, space 0, times 0
[  659.496326][T14655] CPU: 1 UID: 0 PID: 14655 Comm: syz.1.3514 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  659.496349][T14655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  659.496360][T14655] Call Trace:
[  659.496367][T14655]  <TASK>
[  659.496374][T14655]  dump_stack_lvl+0x189/0x250
[  659.496406][T14655]  ? __pfx____ratelimit+0x10/0x10
[  659.496430][T14655]  ? __pfx_dump_stack_lvl+0x10/0x10
[  659.496455][T14655]  ? __pfx__printk+0x10/0x10
[  659.496482][T14655]  ? __pfx___might_resched+0x10/0x10
[  659.496506][T14655]  should_fail_ex+0x46c/0x600
[  659.496535][T14655]  should_failslab+0xa8/0x100
[  659.496562][T14655]  __kmalloc_noprof+0xcc/0x7d0
[  659.496583][T14655]  ? kfree+0x51/0x950
[  659.496601][T14655]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  659.496629][T14655]  tomoyo_realpath_from_path+0xe3/0x5d0
[  659.496652][T14655]  ? tomoyo_domain+0xda/0x130
[  659.496680][T14655]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  659.496707][T14655]  tomoyo_path_number_perm+0x1e8/0x5a0
[  659.496737][T14655]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  659.496767][T14655]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  659.496793][T14655]  ? lockdep_hardirqs_on+0x9c/0x150
[  659.496848][T14655]  ? __fget_files+0x2a/0x420
[  659.496876][T14655]  ? __fget_files+0x3a6/0x420
[  659.496898][T14655]  ? __fget_files+0x2a/0x420
[  659.496925][T14655]  security_file_ioctl+0xcb/0x2d0
[  659.496946][T14655]  __se_sys_ioctl+0x47/0x170
[  659.496969][T14655]  do_syscall_64+0xfa/0xfa0
[  659.496992][T14655]  ? lockdep_hardirqs_on+0x9c/0x150
[  659.497016][T14655]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  659.497039][T14655]  ? clear_bhb_loop+0x60/0xb0
[  659.497061][T14655]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  659.497078][T14655] RIP: 0033:0x7f5ac676f749
[  659.497094][T14655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  659.497109][T14655] RSP: 002b:00007f5ac49d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  659.497135][T14655] RAX: ffffffffffffffda RBX: 00007f5ac69c5fa0 RCX: 00007f5ac676f749
[  659.497148][T14655] RDX: 0000000000000000 RSI: 0000000040046208 RDI: 0000000000000003
[  659.497160][T14655] RBP: 00007f5ac49d6090 R08: 0000000000000000 R09: 0000000000000000
[  659.497172][T14655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  659.497182][T14655] R13: 00007f5ac69c6038 R14: 00007f5ac69c5fa0 R15: 00007ffce2f289b8
[  659.497215][T14655]  </TASK>
[  659.497222][T14655] ERROR: Out of memory at tomoyo_realpath_from_path.
[  661.876470][T14255] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  662.315940][T14676] FAULT_INJECTION: forcing a failure.
[  662.315940][T14676] name failslab, interval 1, probability 0, space 0, times 0
[  662.315972][T14676] CPU: 1 UID: 0 PID: 14676 Comm: syz.1.3521 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  662.315994][T14676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  662.316005][T14676] Call Trace:
[  662.316012][T14676]  <TASK>
[  662.316020][T14676]  dump_stack_lvl+0x189/0x250
[  662.316049][T14676]  ? __pfx____ratelimit+0x10/0x10
[  662.316074][T14676]  ? __pfx_dump_stack_lvl+0x10/0x10
[  662.316098][T14676]  ? __pfx__printk+0x10/0x10
[  662.316124][T14676]  ? __pfx___might_resched+0x10/0x10
[  662.316147][T14676]  should_fail_ex+0x46c/0x600
[  662.316176][T14676]  should_failslab+0xa8/0x100
[  662.316202][T14676]  __kmalloc_cache_node_noprof+0x78/0x700
[  662.316225][T14676]  ? __lock_acquire+0xab9/0xd20
[  662.316246][T14676]  ? __get_vm_area_node+0x172/0x350
[  662.316272][T14676]  __get_vm_area_node+0x172/0x350
[  662.316299][T14676]  __vmalloc_node_range_noprof+0x30c/0x12d0
[  662.316322][T14676]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[  662.316348][T14676]  ? is_bpf_text_address+0x26/0x2b0
[  662.316388][T14676]  ? __lock_acquire+0xab9/0xd20
[  662.316416][T14676]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  662.316440][T14676]  ? __might_fault+0xb0/0x130
[  662.316471][T14676]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[  662.316492][T14676]  __vmalloc_noprof+0xb1/0xf0
[  662.316521][T14676]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[  662.316548][T14676]  bpf_prog_alloc_no_stats+0x4a/0x530
[  662.316577][T14676]  bpf_prog_alloc+0x3c/0x1a0
[  662.316603][T14676]  bpf_prog_load+0x735/0x19e0
[  662.316640][T14676]  ? __pfx_bpf_prog_load+0x10/0x10
[  662.316691][T14676]  ? bpf_lsm_bpf+0x9/0x20
[  662.316707][T14676]  ? security_bpf+0x7e/0x300
[  662.316730][T14676]  __sys_bpf+0x507/0x860
[  662.316759][T14676]  ? __pfx___sys_bpf+0x10/0x10
[  662.316778][T14676]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  662.316815][T14676]  ? ksys_write+0x230/0x260
[  662.316840][T14676]  ? __pfx_ksys_write+0x10/0x10
[  662.316867][T14676]  __x64_sys_bpf+0x7c/0x90
[  662.316887][T14676]  do_syscall_64+0xfa/0xfa0
[  662.316907][T14676]  ? lockdep_hardirqs_on+0x9c/0x150
[  662.316930][T14676]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.316948][T14676]  ? clear_bhb_loop+0x60/0xb0
[  662.316969][T14676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.316987][T14676] RIP: 0033:0x7f5ac676f749
[  662.317003][T14676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  662.317018][T14676] RSP: 002b:00007f5ac49d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  662.317037][T14676] RAX: ffffffffffffffda RBX: 00007f5ac69c5fa0 RCX: 00007f5ac676f749
[  662.317051][T14676] RDX: 0000000000000094 RSI: 0000200000000100 RDI: 0000000000000005
[  662.317063][T14676] RBP: 00007f5ac49d6090 R08: 0000000000000000 R09: 0000000000000000
[  662.317074][T14676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  662.317085][T14676] R13: 00007f5ac69c6038 R14: 00007f5ac69c5fa0 R15: 00007ffce2f289b8
[  662.317117][T14676]  </TASK>
[  662.317611][T14676] syz.1.3521: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz1,mems_allowed=0-1
[  662.317958][T14676] CPU: 1 UID: 0 PID: 14676 Comm: syz.1.3521 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  662.317979][T14676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  662.317989][T14676] Call Trace:
[  662.317996][T14676]  <TASK>
[  662.318004][T14676]  dump_stack_lvl+0x189/0x250
[  662.318033][T14676]  ? __pfx_dump_stack_lvl+0x10/0x10
[  662.318058][T14676]  ? __pfx__printk+0x10/0x10
[  662.318076][T14676]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  662.318096][T14676]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  662.318116][T14676]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  662.318139][T14676]  warn_alloc+0x22e/0x3b0
[  662.318162][T14676]  ? should_fail_ex+0x344/0x600
[  662.318190][T14676]  ? __pfx_warn_alloc+0x10/0x10
[  662.318215][T14676]  ? __get_vm_area_node+0x172/0x350
[  662.318241][T14676]  ? __get_vm_area_node+0x2e2/0x350
[  662.318270][T14676]  __vmalloc_node_range_noprof+0x331/0x12d0
[  662.318294][T14676]  ? is_bpf_text_address+0x26/0x2b0
[  662.318334][T14676]  ? __lock_acquire+0xab9/0xd20
[  662.318363][T14676]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  662.318388][T14676]  ? __might_fault+0xb0/0x130
[  662.318418][T14676]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[  662.318439][T14676]  __vmalloc_noprof+0xb1/0xf0
[  662.318461][T14676]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[  662.318487][T14676]  bpf_prog_alloc_no_stats+0x4a/0x530
[  662.318524][T14676]  bpf_prog_alloc+0x3c/0x1a0
[  662.318550][T14676]  bpf_prog_load+0x735/0x19e0
[  662.318586][T14676]  ? __pfx_bpf_prog_load+0x10/0x10
[  662.318632][T14676]  ? bpf_lsm_bpf+0x9/0x20
[  662.318648][T14676]  ? security_bpf+0x7e/0x300
[  662.318670][T14676]  __sys_bpf+0x507/0x860
[  662.318695][T14676]  ? __pfx___sys_bpf+0x10/0x10
[  662.318715][T14676]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  662.318753][T14676]  ? ksys_write+0x230/0x260
[  662.318776][T14676]  ? __pfx_ksys_write+0x10/0x10
[  662.318803][T14676]  __x64_sys_bpf+0x7c/0x90
[  662.318824][T14676]  do_syscall_64+0xfa/0xfa0
[  662.318847][T14676]  ? lockdep_hardirqs_on+0x9c/0x150
[  662.318869][T14676]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.318887][T14676]  ? clear_bhb_loop+0x60/0xb0
[  662.318909][T14676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.318926][T14676] RIP: 0033:0x7f5ac676f749
[  662.318942][T14676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  662.318957][T14676] RSP: 002b:00007f5ac49d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  662.318974][T14676] RAX: ffffffffffffffda RBX: 00007f5ac69c5fa0 RCX: 00007f5ac676f749
[  662.318988][T14676] RDX: 0000000000000094 RSI: 0000200000000100 RDI: 0000000000000005
[  662.318999][T14676] RBP: 00007f5ac49d6090 R08: 0000000000000000 R09: 0000000000000000
[  662.319010][T14676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  662.319021][T14676] R13: 00007f5ac69c6038 R14: 00007f5ac69c5fa0 R15: 00007ffce2f289b8
[  662.319051][T14676]  </TASK>
[  662.319066][T14676] Mem-Info:
[  662.319074][T14676] active_anon:278 inactive_anon:5989 isolated_anon:0
[  662.319074][T14676]  active_file:14022 inactive_file:41310 isolated_file:0
[  662.319074][T14676]  unevictable:768 dirty:96 writeback:0
[  662.319074][T14676]  slab_reclaimable:13065 slab_unreclaimable:148291
[  662.319074][T14676]  mapped:34493 shmem:1376 pagetables:2420
[  662.319074][T14676]  sec_pagetables:0 bounce:0
[  662.319074][T14676]  kernel_misc_reclaimable:0
[  662.319074][T14676]  free:1267359 free_pcp:1706 free_cma:0
[  662.319128][T14676] Node 0 active_anon:1112kB inactive_anon:23956kB active_file:55884kB inactive_file:165240kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:137972kB dirty:384kB writeback:0kB shmem:3968kB kernel_stack:16612kB pagetables:9540kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  662.319172][T14676] Node 1 active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  662.319213][T14676] Node 0 DMA free:15332kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB
[  662.319269][T14676] lowmem_reserve[]: 0 2515 2517 2517 2517
[  662.319300][T14676] Node 0 DMA32 free:1151216kB boost:0kB min:3944kB low:6492kB high:9040kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1112kB inactive_anon:23956kB active_file:55884kB inactive_file:165240kB unevictable:1536kB writepending:384kB zspages:0kB present:3129332kB managed:2576076kB mlocked:0kB bounce:0kB free_pcp:6296kB local_pcp:5592kB free_cma:0kB
[  662.319358][T14676] lowmem_reserve[]: 0 0 1 1 1
[  662.319387][T14676] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  662.319442][T14676] lowmem_reserve[]: 0 0 0 0 0
[  662.319471][T14676] Node 1 Normal free:3902888kB boost:0kB min:6360kB low:10468kB high:14576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:516kB local_pcp:516kB free_cma:0kB
[  662.319532][T14676] lowmem_reserve[]: 0 0 0 0 0
[  662.319561][T14676] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15332kB
[  662.319693][T14676] Node 0 DMA32: 1201*4kB (UM) 981*8kB (UME) 523*16kB (UME) 459*32kB (UME) 217*64kB (UM) 178*128kB (UME) 114*256kB (UME) 72*512kB (UME) 19*1024kB (UME) 11*2048kB (UME) 237*4096kB (M) = 1151164kB
[  662.319839][T14676] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  662.319928][T14676] Node 1 Normal: 87*4kB (UME) 52*8kB (UME) 34*16kB (UME) 188*32kB (UME) 83*64kB (UME) 29*128kB (UME) 14*256kB (UME) 10*512kB (UME) 3*1024kB (UME) 0*2048kB 946*4096kB (M) = 3902940kB
[  662.320072][T14676] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  662.320089][T14676] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  662.320104][T14676] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  662.320119][T14676] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  662.320133][T14676] 56705 total pagecache pages
[  662.320144][T14676] 0 pages in swap cache
[  662.320150][T14676] Free swap  = 124996kB
[  662.320157][T14676] Total swap = 124996kB
[  662.320164][T14676] 2097051 pages RAM
[  662.320171][T14676] 0 pages HighMem/MovableOnly
[  662.320177][T14676] 421006 pages reserved
[  662.320184][T14676] 0 pages cma reserved
[  663.702567][T14255] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  663.703060][T14382] bridge0: port 1(bridge_slave_0) entered blocking state
[  663.703198][T14382] bridge0: port 1(bridge_slave_0) entered disabled state
[  663.703457][T14382] bridge_slave_0: entered allmulticast mode
[  663.706590][T14382] bridge_slave_0: entered promiscuous mode
[  663.821417][T14686] FAULT_INJECTION: forcing a failure.
[  663.821417][T14686] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  663.821450][T14686] CPU: 1 UID: 0 PID: 14686 Comm: syz.1.3525 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  663.821471][T14686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  663.821482][T14686] Call Trace:
[  663.821489][T14686]  <TASK>
[  663.821497][T14686]  dump_stack_lvl+0x189/0x250
[  663.821526][T14686]  ? __pfx____ratelimit+0x10/0x10
[  663.821550][T14686]  ? __pfx_dump_stack_lvl+0x10/0x10
[  663.821574][T14686]  ? __pfx__printk+0x10/0x10
[  663.821608][T14686]  should_fail_ex+0x46c/0x600
[  663.821637][T14686]  _copy_from_user+0x2d/0xb0
[  663.821657][T14686]  __copy_msghdr+0x3c5/0x5b0
[  663.821683][T14686]  ___sys_sendmsg+0x1a5/0x2a0
[  663.821707][T14686]  ? __pfx____sys_sendmsg+0x10/0x10
[  663.821764][T14686]  ? __fget_files+0x2a/0x420
[  663.821787][T14686]  ? __fget_files+0x3a6/0x420
[  663.821820][T14686]  __x64_sys_sendmsg+0x1a1/0x260
[  663.821844][T14686]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  663.821875][T14686]  ? __pfx_ksys_write+0x10/0x10
[  663.821901][T14686]  ? do_syscall_64+0xbe/0xfa0
[  663.821929][T14686]  do_syscall_64+0xfa/0xfa0
[  663.821951][T14686]  ? lockdep_hardirqs_on+0x9c/0x150
[  663.821974][T14686]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  663.821991][T14686]  ? clear_bhb_loop+0x60/0xb0
[  663.822012][T14686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  663.822030][T14686] RIP: 0033:0x7f5ac676f749
[  663.822045][T14686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  663.822060][T14686] RSP: 002b:00007f5ac49d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  663.822080][T14686] RAX: ffffffffffffffda RBX: 00007f5ac69c5fa0 RCX: 00007f5ac676f749
[  663.822093][T14686] RDX: 0000000000008001 RSI: 0000200000000040 RDI: 0000000000000003
[  663.822104][T14686] RBP: 00007f5ac49d6090 R08: 0000000000000000 R09: 0000000000000000
[  663.822115][T14686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  663.822125][T14686] R13: 00007f5ac69c6038 R14: 00007f5ac69c5fa0 R15: 00007ffce2f289b8
[  663.822161][T14686]  </TASK>
[  664.694087][T14382] bridge0: port 2(bridge_slave_1) entered blocking state
[  664.694260][T14382] bridge0: port 2(bridge_slave_1) entered disabled state
[  664.694674][T14382] bridge_slave_1: entered allmulticast mode
[  664.697866][T14382] bridge_slave_1: entered promiscuous mode
[  664.715836][T14414] bridge0: port 1(bridge_slave_0) entered blocking state
[  664.715961][T14414] bridge0: port 1(bridge_slave_0) entered disabled state
[  664.716230][T14414] bridge_slave_0: entered allmulticast mode
[  664.719302][T14414] bridge_slave_0: entered promiscuous mode
[  664.911481][T14703] FAULT_INJECTION: forcing a failure.
[  664.911481][T14703] name failslab, interval 1, probability 0, space 0, times 0
[  664.911516][T14703] CPU: 1 UID: 0 PID: 14703 Comm: syz.1.3531 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  664.911537][T14703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  664.911548][T14703] Call Trace:
[  664.911556][T14703]  <TASK>
[  664.911564][T14703]  dump_stack_lvl+0x189/0x250
[  664.911594][T14703]  ? __pfx____ratelimit+0x10/0x10
[  664.911618][T14703]  ? __pfx_dump_stack_lvl+0x10/0x10
[  664.911644][T14703]  ? __pfx__printk+0x10/0x10
[  664.911671][T14703]  ? __pfx___might_resched+0x10/0x10
[  664.911689][T14703]  ? fs_reclaim_acquire+0x7d/0x100
[  664.911717][T14703]  should_fail_ex+0x46c/0x600
[  664.911747][T14703]  should_failslab+0xa8/0x100
[  664.911774][T14703]  __kmalloc_noprof+0xcc/0x7d0
[  664.911796][T14703]  ? tomoyo_encode+0x28b/0x550
[  664.911823][T14703]  tomoyo_encode+0x28b/0x550
[  664.911849][T14703]  tomoyo_realpath_from_path+0x58d/0x5d0
[  664.911873][T14703]  ? tomoyo_domain+0xda/0x130
[  664.911901][T14703]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  664.911927][T14703]  tomoyo_path_number_perm+0x1e8/0x5a0
[  664.911956][T14703]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  664.911987][T14703]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  664.912012][T14703]  ? lockdep_hardirqs_on+0x9c/0x150
[  664.912068][T14703]  ? __fget_files+0x2a/0x420
[  664.912096][T14703]  ? __fget_files+0x3a6/0x420
[  664.912117][T14703]  ? __fget_files+0x2a/0x420
[  664.912144][T14703]  security_file_ioctl+0xcb/0x2d0
[  664.912166][T14703]  __se_sys_ioctl+0x47/0x170
[  664.912189][T14703]  do_syscall_64+0xfa/0xfa0
[  664.912211][T14703]  ? lockdep_hardirqs_on+0x9c/0x150
[  664.912240][T14703]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  664.912259][T14703]  ? clear_bhb_loop+0x60/0xb0
[  664.912281][T14703]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  664.912297][T14703] RIP: 0033:0x7f5ac676f749
[  664.912314][T14703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  664.912328][T14703] RSP: 002b:00007f5ac49d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  664.912348][T14703] RAX: ffffffffffffffda RBX: 00007f5ac69c5fa0 RCX: 00007f5ac676f749
[  664.912361][T14703] RDX: 0000000000000000 RSI: 000000000000aea2 RDI: 0000000000000004
[  664.912373][T14703] RBP: 00007f5ac49d6090 R08: 0000000000000000 R09: 0000000000000000
[  664.912384][T14703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  664.912394][T14703] R13: 00007f5ac69c6038 R14: 00007f5ac69c5fa0 R15: 00007ffce2f289b8
[  664.912427][T14703]  </TASK>
[  664.912448][T14703] ERROR: Out of memory at tomoyo_realpath_from_path.
[  666.140056][T14414] bridge0: port 2(bridge_slave_1) entered blocking state
[  666.140301][T14414] bridge0: port 2(bridge_slave_1) entered disabled state
[  666.140599][T14414] bridge_slave_1: entered allmulticast mode
[  666.158412][T14414] bridge_slave_1: entered promiscuous mode
[  666.185168][T14255] team0: Port device team_slave_0 added
[  668.822593][T14255] team0: Port device team_slave_1 added
[  669.089847][T14382] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  669.508156][T14477] bridge0: port 1(bridge_slave_0) entered blocking state
[  669.508291][T14477] bridge0: port 1(bridge_slave_0) entered disabled state
[  669.508536][T14477] bridge_slave_0: entered allmulticast mode
[  669.535173][T14477] bridge_slave_0: entered promiscuous mode
[  669.553565][T14382] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  669.578846][T14414] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  669.875173][T14477] bridge0: port 2(bridge_slave_1) entered blocking state
[  669.876512][T14477] bridge0: port 2(bridge_slave_1) entered disabled state
[  669.876794][T14477] bridge_slave_1: entered allmulticast mode
[  669.879821][T14477] bridge_slave_1: entered promiscuous mode
[  670.243379][T14414] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  670.245284][T14255] batman_adv: batadv0: Adding interface: batadv_slave_0
[  670.245299][T14255] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  670.245326][T14255] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  671.414558][T14255] batman_adv: batadv0: Adding interface: batadv_slave_1
[  671.414577][T14255] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  671.414603][T14255] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  673.978476][T14382] team0: Port device team_slave_0 added
[  673.996929][T14477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  674.000715][T14414] team0: Port device team_slave_0 added
[  674.038442][T14382] team0: Port device team_slave_1 added
[  674.058286][T14477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  674.073881][T14414] team0: Port device team_slave_1 added
[  677.681918][   T38] INFO: task syz-executor:9677 blocked for more than 143 seconds.
[  677.681943][   T38]       Not tainted syzkaller #0
[  677.681965][   T38]       Blocked by coredump.
[  677.681979][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  677.682000][   T38] task:syz-executor    state:D stack:19048 pid:9677  tgid:9677  ppid:1      task_flags:0x40054c flags:0x00080003
[  677.682049][   T38] Call Trace:
[  677.682056][   T38]  <TASK>
[  677.682069][   T38]  __schedule+0x16f3/0x4c20
[  677.682126][   T38]  ? __pfx___schedule+0x10/0x10
[  677.682170][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[  677.682198][   T38]  rt_mutex_schedule+0x77/0xf0
[  677.682216][   T38]  rt_mutex_slowlock_block+0x5ba/0x6d0
[  677.682236][   T38]  ? task_blocks_on_rt_mutex+0xf12/0x1380
[  677.682291][   T38]  rt_mutex_slowlock+0x2b1/0x6e0
[  677.682315][   T38]  ? rt_mutex_slowlock+0x1c9/0x6e0
[  677.682338][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  677.682357][   T38]  ? __lock_acquire+0xab9/0xd20
[  677.682392][   T38]  ? rcu_barrier+0x4c/0x570
[  677.682425][   T38]  ? rcu_barrier+0x4c/0x570
[  677.682442][   T38]  mutex_lock_nested+0x16a/0x1d0
[  677.682461][   T38]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  677.682484][   T38]  ? __pfx_tun_chr_close+0x10/0x10
[  677.682508][   T38]  rcu_barrier+0x4c/0x570
[  677.682531][   T38]  ? __pfx_tun_chr_close+0x10/0x10
[  677.682554][   T38]  ? __pfx_tun_chr_close+0x10/0x10
[  677.682577][   T38]  netdev_run_todo+0x327/0xea0
[  677.682604][   T38]  ? __pfx_netif_state_change+0x10/0x10
[  677.682632][   T38]  ? __pfx_netdev_run_todo+0x10/0x10
[  677.682654][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  677.682689][   T38]  ? netdev_state_change+0x1ca/0x220
[  677.682710][   T38]  ? __pfx_tun_chr_close+0x10/0x10
[  677.682730][   T38]  tun_chr_close+0x13f/0x1c0
[  677.682752][   T38]  __fput+0x45b/0xa80
[  677.682783][   T38]  task_work_run+0x1d4/0x260
[  677.682804][   T38]  ? __pfx_task_work_run+0x10/0x10
[  677.682821][   T38]  ? do_exit+0x6b0/0x2300
[  677.682848][   T38]  ? do_exit+0x6b0/0x2300
[  677.682889][   T38]  do_exit+0x6b5/0x2300
[  677.682914][   T38]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  677.682951][   T38]  ? __pfx_do_exit+0x10/0x10
[  677.682973][   T38]  ? rt_mutex_slowunlock+0x493/0x8a0
[  677.682994][   T38]  ? rt_spin_lock+0x1c1/0x3e0
[  677.683028][   T38]  do_group_exit+0x21c/0x2d0
[  677.683045][   T38]  ? rt_spin_unlock+0x161/0x200
[  677.683069][   T38]  get_signal+0x125d/0x1310
[  677.683114][   T38]  arch_do_signal_or_restart+0xa0/0x790
[  677.683134][   T38]  ? fput_close_sync+0x119/0x200
[  677.683154][   T38]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  677.683193][   T38]  ? exit_to_user_mode_loop+0x40/0x130
[  677.683220][   T38]  exit_to_user_mode_loop+0x72/0x130
[  677.683244][   T38]  do_syscall_64+0x2bd/0xfa0
[  677.683277][   T38]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  677.683295][   T38]  ? asm_common_interrupt+0x26/0x40
[  677.683312][   T38]  ? clear_bhb_loop+0x60/0xb0
[  677.683334][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  677.683352][   T38] RIP: 0033:0x7f9e6a1d15dc
[  677.683369][   T38] RSP: 002b:00007fffa7a8b720 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  677.683389][   T38] RAX: 0000000000000040 RBX: 00007f9e6af54620 RCX: 00007f9e6a1d15dc
[  677.683402][   T38] RDX: 0000000000000040 RSI: 00007f9e6af54670 RDI: 0000000000000003
[  677.683414][   T38] RBP: 0000000000000000 R08: 00007fffa7a8b774 R09: 000000000000000c
[  677.683426][   T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  677.683437][   T38] R13: 0000000000000000 R14: 00007f9e6af54670 R15: 0000000000000000
[  677.683469][   T38]  </TASK>
[  677.683486][   T38] INFO: task syz-executor:9836 blocked for more than 143 seconds.
[  677.683504][   T38]       Not tainted syzkaller #0
[  677.683513][   T38]       Blocked by coredump.
[  677.683519][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  677.683527][   T38] task:syz-executor    state:D stack:17032 pid:9836  tgid:9836  ppid:1      task_flags:0x40054c flags:0x00080003
[  677.683569][   T38] Call Trace:
[  677.683575][   T38]  <TASK>
[  677.683592][   T38]  __schedule+0x16f3/0x4c20
[  677.683659][   T38]  ? __pfx___schedule+0x10/0x10
[  677.683703][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[  677.683731][   T38]  rt_mutex_schedule+0x77/0xf0
[  677.683749][   T38]  rt_mutex_slowlock_block+0x5ba/0x6d0
[  677.683780][   T38]  ? task_blocks_on_rt_mutex+0xf12/0x1380
[  677.683819][   T38]  rt_mutex_slowlock+0x2b1/0x6e0
[  677.683860][   T38]  ? rt_mutex_slowlock+0x1c9/0x6e0
[  677.683882][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  677.683900][   T38]  ? __lock_acquire+0xab9/0xd20
[  677.683935][   T38]  ? rcu_barrier+0x4c/0x570
[  677.683968][   T38]  ? rcu_barrier+0x4c/0x570
[  677.683984][   T38]  mutex_lock_nested+0x16a/0x1d0
[  677.684002][   T38]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  677.684025][   T38]  ? __pfx_tun_chr_close+0x10/0x10
[  677.684048][   T38]  rcu_barrier+0x4c/0x570
[  677.684071][   T38]  ? __pfx_tun_chr_close+0x10/0x10
[  677.684093][   T38]  ? __pfx_tun_chr_close+0x10/0x10
[  677.684115][   T38]  netdev_run_todo+0x327/0xea0
[  677.684142][   T38]  ? __pfx_netif_state_change+0x10/0x10
[  677.684169][   T38]  ? __pfx_netdev_run_todo+0x10/0x10
[  677.684190][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  677.684225][   T38]  ? netdev_state_change+0x1ca/0x220
[  677.684245][   T38]  ? __pfx_tun_chr_close+0x10/0x10
[  677.684275][   T38]  tun_chr_close+0x13f/0x1c0
[  677.684299][   T38]  __fput+0x45b/0xa80
[  677.684330][   T38]  task_work_run+0x1d4/0x260
[  677.684351][   T38]  ? __pfx_task_work_run+0x10/0x10
[  677.684369][   T38]  ? do_exit+0x6b0/0x2300
[  677.684394][   T38]  ? do_exit+0x6b0/0x2300
[  677.684423][   T38]  do_exit+0x6b5/0x2300
[  677.684448][   T38]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  677.684484][   T38]  ? __pfx_do_exit+0x10/0x10
[  677.684506][   T38]  ? rt_mutex_slowunlock+0x493/0x8a0
[  677.684527][   T38]  ? rt_spin_lock+0x1c1/0x3e0
[  677.684562][   T38]  do_group_exit+0x21c/0x2d0
[  677.684580][   T38]  ? rt_spin_unlock+0x161/0x200
[  677.684603][   T38]  get_signal+0x125d/0x1310
[  677.684648][   T38]  arch_do_signal_or_restart+0xa0/0x790
[  677.684667][   T38]  ? fput_close_sync+0x119/0x200
[  677.684688][   T38]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  677.684726][   T38]  ? exit_to_user_mode_loop+0x40/0x130
[  677.684753][   T38]  exit_to_user_mode_loop+0x72/0x130
[  677.684777][   T38]  do_syscall_64+0x2bd/0xfa0
[  677.684800][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  677.684824][   T38]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  677.684842][   T38]  ? clear_bhb_loop+0x60/0xb0
[  677.684865][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  677.684882][   T38] RIP: 0033:0x7f22be3815dc
[  677.684898][   T38] RSP: 002b:00007ffc917f8740 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  677.684916][   T38] RAX: 0000000000000050 RBX: 00007f22bf104620 RCX: 00007f22be3815dc
[  677.684929][   T38] RDX: 0000000000000050 RSI: 00007f22bf104670 RDI: 0000000000000003
[  677.684941][   T38] RBP: 0000000000000000 R08: 00007ffc917f8794 R09: 000000000000000c
[  677.684953][   T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  677.684965][   T38] R13: 0000000000000000 R14: 00007f22bf104670 R15: 0000000000000000
[  677.684996][   T38]  </TASK>
[  677.685004][   T38] INFO: task syz-executor:9839 blocked for more than 143 seconds.
[  677.685017][   T38]       Not tainted syzkaller #0
[  677.685026][   T38]       Blocked by coredump.
[  677.685032][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  677.685040][   T38] task:syz-executor    state:D stack:19176 pid:9839  tgid:9839  ppid:1      task_flags:0x40054c flags:0x00080003
[  677.685085][   T38] Call Trace:
[  677.685091][   T38]  <TASK>
[  677.685103][   T38]  __schedule+0x16f3/0x4c20
[  677.685155][   T38]  ? __pfx___schedule+0x10/0x10
[  677.685198][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[  677.685226][   T38]  rt_mutex_schedule+0x77/0xf0
[  677.685244][   T38]  rt_mutex_slowlock_block+0x5ba/0x6d0
[  677.685271][   T38]  ? task_blocks_on_rt_mutex+0xf12/0x1380
[  677.685310][   T38]  rt_mutex_slowlock+0x2b1/0x6e0
[  677.685333][   T38]  ? rt_mutex_slowlock+0x1c9/0x6e0
[  677.685355][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  677.685374][   T38]  ? __lock_acquire+0xab9/0xd20
[  677.685408][   T38]  ? rcu_barrier+0x4c/0x570
[  677.685442][   T38]  ? rcu_barrier+0x4c/0x570
[  677.685458][   T38]  mutex_lock_nested+0x16a/0x1d0
[  677.685477][   T38]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  677.685500][   T38]  ? __pfx_tun_chr_close+0x10/0x10
[  677.685522][   T38]  rcu_barrier+0x4c/0x570
[  677.685545][   T38]  ? __pfx_tun_chr_close+0x10/0x10
[  677.685568][   T38]  ? __pfx_tun_chr_close+0x10/0x10
[  677.685590][   T38]  netdev_run_todo+0x327/0xea0
[  677.685616][   T38]  ? __pfx_netif_state_change+0x10/0x10
[  677.685643][   T38]  ? __pfx_netdev_run_todo+0x10/0x10
[  677.685665][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  677.685699][   T38]  ? netdev_state_change+0x1ca/0x220
[  677.685721][   T38]  ? __pfx_tun_chr_close+0x10/0x10
[  677.685744][   T38]  tun_chr_close+0x13f/0x1c0
[  677.685767][   T38]  __fput+0x45b/0xa80
[  677.685798][   T38]  task_work_run+0x1d4/0x260
[  677.685820][   T38]  ? __pfx_task_work_run+0x10/0x10
[  677.685837][   T38]  ? do_exit+0x6b0/0x2300
[  677.685862][   T38]  ? do_exit+0x6b0/0x2300
[  677.685892][   T38]  do_exit+0x6b5/0x2300
[  677.685916][   T38]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  677.685953][   T38]  ? __pfx_do_exit+0x10/0x10
[  677.685976][   T38]  ? rt_mutex_slowunlock+0x493/0x8a0
[  677.685996][   T38]  ? rt_spin_lock+0x1c1/0x3e0
[  677.686031][   T38]  do_group_exit+0x21c/0x2d0
[  677.686048][   T38]  ? rt_spin_unlock+0x161/0x200
[  677.686072][   T38]  get_signal+0x125d/0x1310
[  677.686116][   T38]  arch_do_signal_or_restart+0xa0/0x790
[  677.686135][   T38]  ? fput_close_sync+0x119/0x200
[  677.686156][   T38]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  677.686194][   T38]  ? exit_to_user_mode_loop+0x40/0x130
[  677.686221][   T38]  exit_to_user_mode_loop+0x72/0x130
[  677.686245][   T38]  do_syscall_64+0x2bd/0xfa0
[  677.686278][   T38]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  677.686295][   T38]  ? asm_common_interrupt+0x26/0x40
[  677.686312][   T38]  ? clear_bhb_loop+0x60/0xb0
[  677.686334][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  677.686352][   T38] RIP: 0033:0x7f6d32f315dc
[  677.686367][   T38] RSP: 002b:00007ffef3953740 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  677.686386][   T38] RAX: 0000000000000050 RBX: 00007f6d33cb4620 RCX: 00007f6d32f315dc
[  677.686398][   T38] RDX: 0000000000000050 RSI: 00007f6d33cb4670 RDI: 0000000000000003
[  677.686410][   T38] RBP: 0000000000000000 R08: 00007ffef3953794 R09: 000000000000000c
[  677.686423][   T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  677.686434][   T38] R13: 0000000000000000 R14: 00007f6d33cb4670 R15: 0000000000000000
[  677.686465][   T38]  </TASK>
[  677.686473][   T38] INFO: task syz-executor:9929 blocked for more than 143 seconds.
[  677.686486][   T38]       Not tainted syzkaller #0
[  677.686495][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  677.686504][   T38] task:syz-executor    state:D stack:17848 pid:9929  tgid:9929  ppid:1      task_flags:0x480140 flags:0x00080003
[  677.686547][   T38] Call Trace:
[  677.686553][   T38]  <TASK>
[  677.686571][   T38]  __schedule+0x16f3/0x4c20
[  677.686622][   T38]  ? __pfx___schedule+0x10/0x10
[  677.686666][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[  677.686693][   T38]  rt_mutex_schedule+0x77/0xf0
[  677.686711][   T38]  rt_mutex_slowlock_block+0x5ba/0x6d0
[  677.686732][   T38]  ? task_blocks_on_rt_mutex+0xf12/0x1380
[  677.686772][   T38]  rt_mutex_slowlock+0x2b1/0x6e0
[  677.686796][   T38]  ? rt_mutex_slowlock+0x1c9/0x6e0
[  677.686818][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  677.686837][   T38]  ? __lock_acquire+0xab9/0xd20
[  677.686876][   T38]  ? rcu_barrier+0x4c/0x570
[  677.686909][   T38]  ? rcu_barrier+0x4c/0x570
[  677.686926][   T38]  mutex_lock_nested+0x16a/0x1d0
[  677.686944][   T38]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  677.686971][   T38]  rcu_barrier+0x4c/0x570
[  677.686999][   T38]  netdev_run_todo+0x327/0xea0
[  677.687029][   T38]  ? __pfx_netdev_run_todo+0x10/0x10
[  677.687049][   T38]  ? kasan_quarantine_put+0xdd/0x220
[  677.687071][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  677.687100][   T38]  ? nsim_destroy+0x38d/0x680
[  677.687118][   T38]  ? kfree+0x197/0x950
[  677.687136][   T38]  ? nsim_destroy+0x38d/0x680
[  677.687158][   T38]  nsim_destroy+0x3ae/0x680
[  677.687184][   T38]  __nsim_dev_port_del+0x14d/0x1b0
[  677.687210][   T38]  nsim_dev_reload_destroy+0x288/0x490
[  677.687237][   T38]  ? nsim_drv_remove+0x50/0x160
[  677.687267][   T38]  nsim_drv_remove+0x58/0x160
[  677.687286][   T38]  ? __pfx_nsim_bus_remove+0x10/0x10
[  677.687306][   T38]  device_release_driver_internal+0x46f/0x800
[  677.687339][   T38]  bus_remove_device+0x355/0x420
[  677.687368][   T38]  device_del+0x515/0x8e0
[  677.687394][   T38]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  677.687423][   T38]  ? __pfx_device_del+0x10/0x10
[  677.687457][   T38]  device_unregister+0x20/0xc0
[  677.687482][   T38]  del_device_store+0x2aa/0x360
[  677.687503][   T38]  ? __pfx_del_device_store+0x10/0x10
[  677.687521][   T38]  ? sysfs_file_kobj+0x1e4/0x230
[  677.687549][   T38]  ? sysfs_kf_write+0x166/0x260
[  677.687570][   T38]  ? __pfx_sysfs_kf_write+0x10/0x10
[  677.687585][   T38]  kernfs_fop_write_iter+0x3b0/0x540
[  677.687617][   T38]  vfs_write+0x5d5/0xb40
[  677.687644][   T38]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  677.687670][   T38]  ? __pfx_vfs_write+0x10/0x10
[  677.687702][   T38]  ? do_sys_openat2+0x154/0x1c0
[  677.687731][   T38]  ksys_write+0x14b/0x260
[  677.687754][   T38]  ? __pfx_ksys_write+0x10/0x10
[  677.687780][   T38]  ? do_syscall_64+0xbe/0xfa0
[  677.687809][   T38]  do_syscall_64+0xfa/0xfa0
[  677.687832][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  677.687856][   T38]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  677.687874][   T38]  ? clear_bhb_loop+0x60/0xb0
[  677.687896][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  677.687914][   T38] RIP: 0033:0x7f89437ce1ff
[  677.687928][   T38] RSP: 002b:00007ffc5e2c62c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  677.687947][   T38] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f89437ce1ff
[  677.687960][   T38] RDX: 0000000000000001 RSI: 00007ffc5e2c6310 RDI: 0000000000000005
[  677.687971][   T38] RBP: 00007f89438552cb R08: 0000000000000000 R09: 00007ffc5e2c6117
[  677.687984][   T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  677.687995][   T38] R13: 00007ffc5e2c6310 R14: 00007f8944554620 R15: 0000000000000003
[  677.688027][   T38]  </TASK>
[  677.688097][   T38] 
[  677.688097][   T38] Showing all locks held in the system:
[  677.688111][   T38] 3 locks held by kworker/u8:1/13:
[  677.688123][   T38]  #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  677.688176][   T38]  #1: ffffc90000127ba0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  677.688222][   T38]  #2: ffffffff8e863978 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  677.688274][   T38] 8 locks held by ksoftirqd/0/15:
[  677.688286][   T38] 5 locks held by rcuc/0/20:
[  677.688298][   T38] 1 lock held by khungtaskd/38:
[  677.688307][   T38]  #0: ffffffff8d5aa880 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  677.688379][   T38] 2 locks held by getty/5557:
[  677.688389][   T38]  #0: ffff88823bf508a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  677.688435][   T38]  #1: ffffc90003e762e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1400
[  677.688488][   T38] 6 locks held by kworker/u8:18/6252:
[  677.688498][   T38]  #0: ffff888019ad4938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  677.688544][   T38]  #1: ffffc9000baffba0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  677.688587][   T38]  #2: ffffffff8e856a80 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x820
[  677.688630][   T38]  #3: ffff8880369bb0d8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x10a/0x3d0
[  677.688673][   T38]  #4: ffff8880369be300 (&devlink->lock_key#12){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x11c/0x3d0
[  677.688718][   T38]  #5: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.688769][   T38] 1 lock held by syz.5.1017/9421:
[  677.688779][   T38]  #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.688821][   T38] 1 lock held by syz.7.1040/9506:
[  677.688831][   T38]  #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.688873][   T38] 1 lock held by syz.6.1087/9584:
[  677.688883][   T38]  #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.688925][   T38] 1 lock held by syz-executor/9677:
[  677.688944][   T38]  #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.688988][   T38] 1 lock held by syz-executor/9836:
[  677.688998][   T38]  #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.689039][   T38] 1 lock held by syz-executor/9839:
[  677.689057][   T38]  #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.689100][   T38] 7 locks held by syz-executor/9929:
[  677.689110][   T38]  #0: ffff888033fd8480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x217/0xb40
[  677.689158][   T38]  #1: ffff888033ed6878 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540
[  677.689203][   T38]  #2: ffff888026669788 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540
[  677.689260][   T38]  #3: ffffffff8e0f44b8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360
[  677.689301][   T38]  #4: ffff88805cdbb0d8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x800
[  677.689349][   T38]  #5: ffff88805cdbc300 (&devlink->lock_key#3){+.+.}-{4:4}, at: nsim_drv_remove+0x50/0x160
[  677.689398][   T38]  #6: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.689443][   T38] 1 lock held by syz-executor/11218:
[  677.689453][   T38]  #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.689495][   T38] 1 lock held by syz-executor/11371:
[  677.689506][   T38]  #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.689548][   T38] 1 lock held by syz-executor/11382:
[  677.689558][   T38]  #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.689601][   T38] 1 lock held by syz-executor/11441:
[  677.689611][   T38]  #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.689656][   T38] 1 lock held by syz-executor/12735:
[  677.689666][   T38]  #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.689707][   T38] 1 lock held by syz-executor/12890:
[  677.689718][   T38]  #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.689759][   T38] 1 lock held by syz-executor/12914:
[  677.689770][   T38]  #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.689812][   T38] 1 lock held by syz-executor/12972:
[  677.689822][   T38]  #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.689867][   T38] 2 locks held by syz-executor/14255:
[  677.689877][   T38]  #0: ffffffff8ed83080 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  677.689925][   T38]  #1: ffffffff8e863978 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80
[  677.689966][   T38] 1 lock held by syz-executor/14382:
[  677.689976][   T38]  #0: ffffffff8e863978 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80
[  677.690015][   T38] 2 locks held by syz-executor/14414:
[  677.690026][   T38]  #0: ffffffff8dfed780 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  677.690071][   T38]  #1: ffffffff8e863978 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80
[  677.690112][   T38] 2 locks held by syz-executor/14477:
[  677.690123][   T38]  #0: ffffffff8dfed780 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  677.690168][   T38]  #1: ffffffff8e863978 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80
[  677.690211][   T38] 1 lock held by syz.1.3531/14702:
[  677.690221][   T38]  #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  677.690271][   T38] 
[  677.690276][   T38] =============================================
[  677.690276][   T38] 
[  677.690286][   T38] NMI backtrace for cpu 1
[  677.690303][   T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  677.690351][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  677.690370][   T38] Call Trace:
[  677.690377][   T38]  <TASK>
[  677.690385][   T38]  dump_stack_lvl+0x189/0x250
[  677.690414][   T38]  ? __pfx_dump_stack_lvl+0x10/0x10
[  677.690439][   T38]  ? __pfx__printk+0x10/0x10
[  677.690471][   T38]  nmi_cpu_backtrace+0x39e/0x3d0
[  677.690496][   T38]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  677.690519][   T38]  ? __pfx__printk+0x10/0x10
[  677.690544][   T38]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  677.690566][   T38]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  677.690590][   T38]  watchdog+0xf60/0xfa0
[  677.690619][   T38]  ? watchdog+0x1e2/0xfa0
[  677.690648][   T38]  kthread+0x711/0x8a0
[  677.690676][   T38]  ? __pfx_watchdog+0x10/0x10
[  677.690698][   T38]  ? __pfx_kthread+0x10/0x10
[  677.690723][   T38]  ? rt_spin_unlock+0x150/0x200
[  677.690742][   T38]  ? rt_spin_unlock+0x161/0x200
[  677.690756][   T38]  ? __pfx_kthread+0x10/0x10
[  677.690777][   T38]  ret_from_fork+0x4bc/0x870
[  677.690796][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  677.690819][   T38]  ? __switch_to_asm+0x39/0x70
[  677.690834][   T38]  ? __switch_to_asm+0x33/0x70
[  677.690848][   T38]  ? __pfx_kthread+0x10/0x10
[  677.690870][   T38]  ret_from_fork_asm+0x1a/0x30
[  677.690899][   T38]  </TASK>
[  677.690954][   T38] Sending NMI from CPU 1 to CPUs 0:
[  677.690978][    C0] NMI backtrace for cpu 0
[  677.690992][    C0] CPU: 0 UID: 0 PID: 20 Comm: rcuc/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  677.691017][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  677.691026][    C0] RIP: 0010:lockdep_hardirqs_off+0x4b/0x110
[  677.691049][    C0] Code: 91 00 00 00 48 89 fb 65 8b 05 31 fc e1 06 a9 00 00 f0 00 74 69 83 3d 73 2f ed 0d 00 75 15 48 c7 04 24 00 00 00 00 9c 8f 04 24 <f7> 04 24 00 02 00 00 75 7e 65 8b 05 cd 38 e2 06 85 c0 74 57 65 4c
[  677.691063][    C0] RSP: 0018:ffffc90000197708 EFLAGS: 00000046
[  677.691077][    C0] RAX: 0000000000000000 RBX: ffffffff8ac41f32 RCX: b119201b1143d700
[  677.691088][    C0] RDX: ffff88801b6e5a00 RSI: ffffffff8cddb2de RDI: ffffffff8b3ddfe0
[  677.691100][    C0] RBP: ffffc900001977d0 R08: 0000000000000000 R09: ffffffff84b199d1
[  677.691111][    C0] R10: 0000000000000006 R11: ffffffff81aacc60 R12: dffffc0000000000
[  677.691122][    C0] R13: dffffc0000000000 R14: 0000000000000a06 R15: 1ffff92000032ee8
[  677.691134][    C0] FS:  0000000000000000(0000) GS:ffff888126df6000(0000) knlGS:0000000000000000
[  677.691147][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  677.691158][    C0] CR2: 00007f5ac67ce470 CR3: 0000000067cb2000 CR4: 00000000003526f0
[  677.691172][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  677.691182][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  677.691192][    C0] Call Trace:
[  677.691198][    C0]  <TASK>
[  677.691205][    C0]  ? _raw_spin_lock_irqsave+0x82/0xf0
[  677.691224][    C0]  trace_hardirqs_off+0x12/0x40
[  677.691244][    C0]  _raw_spin_lock_irqsave+0x82/0xf0
[  677.691264][    C0]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  677.691289][    C0]  rt_spin_lock+0x14a/0x3e0
[  677.691308][    C0]  ? __pfx_rt_spin_lock+0x10/0x10
[  677.691324][    C0]  ? stack_depot_save_flags+0x40/0x860
[  677.691347][    C0]  ref_tracker_free+0x111/0x7c0
[  677.691369][    C0]  ? __pfx_ref_tracker_free+0x10/0x10
[  677.691387][    C0]  ? dst_destroy+0x10f/0x350
[  677.691405][    C0]  ? rcu_cpu_kthread+0xbf6/0x1b50
[  677.691424][    C0]  ? smpboot_thread_fn+0x542/0xa60
[  677.691441][    C0]  ? kthread+0x711/0x8a0
[  677.691459][    C0]  ? ret_from_fork+0x4bc/0x870
[  677.691474][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  677.691493][    C0]  ? ipv4_dst_destroy+0x10a/0x250
[  677.691513][    C0]  ? ipv4_dst_destroy+0x10a/0x250
[  677.691533][    C0]  ? __pfx_ipv4_dst_destroy+0x10/0x10
[  677.691551][    C0]  dst_destroy+0x10f/0x350
[  677.691569][    C0]  ? __pfx_dst_destroy_rcu+0x10/0x10
[  677.691588][    C0]  rcu_cpu_kthread+0xbf6/0x1b50
[  677.691612][    C0]  ? rcu_cpu_kthread+0x23e/0x1b50
[  677.691638][    C0]  ? __pfx_rcu_cpu_kthread+0x10/0x10
[  677.691658][    C0]  ? __lock_acquire+0xab9/0xd20
[  677.691677][    C0]  ? __pfx___schedule+0x10/0x10
[  677.691704][    C0]  ? schedule+0x91/0x360
[  677.691725][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  677.691742][    C0]  smpboot_thread_fn+0x542/0xa60
[  677.691760][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  677.691782][    C0]  kthread+0x711/0x8a0
[  677.691803][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  677.691820][    C0]  ? __pfx_kthread+0x10/0x10
[  677.691839][    C0]  ? rt_spin_unlock+0x150/0x200
[  677.691857][    C0]  ? rt_spin_unlock+0x161/0x200
[  677.691873][    C0]  ? __pfx_kthread+0x10/0x10
[  677.691892][    C0]  ret_from_fork+0x4bc/0x870
[  677.691910][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  677.691931][    C0]  ? __switch_to_asm+0x39/0x70
[  677.691944][    C0]  ? __switch_to_asm+0x33/0x70
[  677.691959][    C0]  ? __pfx_kthread+0x10/0x10
[  677.691978][    C0]  ret_from_fork_asm+0x1a/0x30
[  677.692009][    C0]  </TASK>
[  680.504961][T14382] batman_adv: batadv0: Adding interface: batadv_slave_0
[  680.504978][T14382] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  680.505003][T14382] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  680.579701][T14255] hsr_slave_0: entered promiscuous mode
[  680.581932][T14255] hsr_slave_1: entered promiscuous mode
[  680.583047][T14255] debugfs: 'hsr0' already exists in 'hsr'
[  680.583071][T14255] Cannot create hsr debugfs directory
[  680.617937][T14477] team0: Port device team_slave_0 added
[  680.619672][T14414] batman_adv: batadv0: Adding interface: batadv_slave_0
[  680.619691][T14414] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  680.619715][T14414] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  680.673182][T14382] batman_adv: batadv0: Adding interface: batadv_slave_1
[  680.673198][T14382] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  680.673223][T14382] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  680.678753][T14477] team0: Port device team_slave_1 added
[  680.680483][T14414] batman_adv: batadv0: Adding interface: batadv_slave_1
[  680.680498][T14414] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  680.680523][T14414] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  682.314227][T14477] batman_adv: batadv0: Adding interface: batadv_slave_0
[  682.314244][T14477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  682.314269][T14477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  682.839818][T14477] batman_adv: batadv0: Adding interface: batadv_slave_1
[  682.839835][T14477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  682.839860][T14477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  683.313746][T14382] hsr_slave_0: entered promiscuous mode
[  683.315675][T14382] hsr_slave_1: entered promiscuous mode
[  683.316918][T14382] debugfs: 'hsr0' already exists in 'hsr'
[  683.316943][T14382] Cannot create hsr debugfs directory
[  684.088307][T14414] hsr_slave_0: entered promiscuous mode
[  684.100519][T14414] hsr_slave_1: entered promiscuous mode
[  684.109486][T14414] debugfs: 'hsr0' already exists in 'hsr'
[  684.109618][T14414] Cannot create hsr debugfs directory
[  685.156669][T14477] hsr_slave_0: entered promiscuous mode
[  685.158557][T14477] hsr_slave_1: entered promiscuous mode
[  685.159829][T14477] debugfs: 'hsr0' already exists in 'hsr'
[  685.159854][T14477] Cannot create hsr debugfs directory
[  686.008393][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  686.008497][ T1323] ieee802154 phy1 wpan1: encryption failed: -22