last executing test programs:

2m29.039523051s ago: executing program 0 (id=73):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x76421000)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil)
r5 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x1, 0x8c)
fchdir(r6)
openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x2100, 0x102)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000042c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x90, 0x6, 0xa, 0x403, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x24, 0x3, "7339f2f304fdd672bad09dfb040000000001000001f9580dabf95ddc91967c20"}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0xc, 0x1, 'RATEEST\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x20008040)

2m23.947757768s ago: executing program 0 (id=77):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x804e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x8, 0xffe, 0x1ff, 0x42000}, 0x10)
sendmsg$nl_generic(r4, 0x0, 0x0)
close(r4)
r5 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r5, &(0x7f0000000040)={0x2a, 0x1, 0xfffffffe}, 0xc)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x1, 0x100005, 0x5, 0x5, 0x1}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r6}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={r6, 0x0, &(0x7f0000000180)=""/177}, 0x20)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a50000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0c0009800800014000000001080008400000000114000000110001"], 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x40, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "ffd7"}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)

2m13.970387994s ago: executing program 0 (id=88):
epoll_create1(0x80000)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x2, 0x7fffffff}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd, 0x30000008b}, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file0\x00'}, 0xc2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x1, 0x8010000000000084)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r1, 0x0, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000280)={@mcast2}, &(0x7f00000003c0)=0x14)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socket$nl_sock_diag(0x10, 0x3, 0x4)
preadv(0xffffffffffffffff, 0x0, 0x0, 0xb, 0x1000)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
r2 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82002)
ioctl$CEC_S_MODE(r2, 0x40046109, &(0x7f0000000180)=0xf0)
ioctl$CEC_S_MODE(r2, 0x40046109, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a"], 0x122}}, 0x0)
epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0xfffffffd, 0x0, 0x0)
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000040)={0x4, r0, 0x1})
get_mempolicy(&(0x7f0000000040), &(0x7f00000000c0), 0x5, &(0x7f0000ffe000/0x1000)=nil, 0x3)

2m9.352621484s ago: executing program 0 (id=92):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
prlimit64(0x0, 0x7, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$unix(0x1, 0x0, 0x0)
r4 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
connect$bt_l2cap(r1, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000180)='\xe0\x0e\xb3O\xf1J\xf7N\x1c\\\x10\xecg\xb4\xe9\xae\x15\xe6\xf9\x8e\xee\a(\\)\x8c-Y\xd6\\t\xde\x89\xcf\xb5\b\x8e|\xd0\xf5\xa2Qf\xeb\x8eJ\xd5V\xfa[3\xb4\xac\x00\x00+\x15\xbf\xc3\x16?.\x92x\x177\x03rJ\xb3P}\x84\x85SIV\f\xdd\x93\x00\x12\xaeQ\xf1\xbf\xbdt\x85\xab\xfea\x96\b\xc6\x05\tC\x00~\x01\xb0\x9eH5\x8fB\xd4F\xd5\xd2\xb2\xea\xa2\x99\xcd%\x92:\xc6*\x976\n`\xc71/\xa2\xd1\xa5\xd3\xbfN\x952\x9c\x99Y;\xef\xe1\xdc\xbf\xfb\x1c\x9c\x13\x9d\x9d\xa1;\x00\x1e_\xadg|\xb7q6\x84\b\x80\xa00\xd81U\x1eXw\xa8\x9f{k\x8e\xb4\xaci\x82i2\xa3\xb2Mi\xb2e\xb8,0u\x1c\x82p\xe1K\x05\x8e\xbc\x04\x8d\xdaA\x04gr\x885\x14\x9c\a.j\xbe\xe4\xd9B\x88\x89')
sendmmsg$sock(r1, 0x0, 0x0, 0x0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x8000000)

2m6.025759693s ago: executing program 0 (id=96):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0xc0, 0x1, 0x4, 0x0, 0x9})
socket(0x1, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000200)={0x2, 0x3, 0x0, 0x3, 0x10, 0x0, 0x70bd2c, 0x25dfdbff, [@sadb_key={0x2, 0x9, 0x8, 0x0, "1c"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4e24, 0x8, @mcast1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc, 0x1}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e24, 0x9, @empty, 0x6}}]}, 0x80}, 0x1, 0x7}, 0x0)
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x141000, 0x0)
r5 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000200), 0x35c, 0x0)
pread64(r5, 0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040e04250c20", @ANYRES32], 0x7)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405668, &(0x7f0000000140)={0x9, 0x1, 0x1, "0000087aba10fdfffffbe30b51751bc53051a30000000000000016ebffffff00", 0x34565559})
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
syz_fuse_handle_req(r6, &(0x7f00000062c0)="23db5037805f177d136115e6a1a5903469af39c1fb9cb38215fe64cff9f2f0444a57e22b0cc5cb4f74c9792365400d9e1c68539ea5eff0a5ed0864814d39251bee8dfea69aa052d900bc0c792e1c9752b7d3a3222f6a1ad3e44c1f65617b128aea51911861ca36ba7c96b96b2fba0fdaa49ffb2612f3e81fe565327dd9965a60046442c9dcd0d552c6a00388be3b438a08883c7349761531880294ad9887db97d8c2f74921c57910cf1f5cc528e17bd5c3746b6202f26d621535aac5f7872c2cb3295e42524b5acb249b2d1ac1b53a4e31271decfca3fad2e2f740768adf00875c18cb7d115150f83ceb73f77a1f61f1666c2bb9f6bd9f0fb55b3a619446e32bae2a1d99aa49e5f3822e048f8be44b707f2db10d7916ec9a10a695d573d871cf24959c3d15e61344a68309d186956537c6ea8532fc2e1c7649f8409d8dcde4c8ee1530470ac9c870f9f1837574e444ba6addf5ddb2dec67c0e76df79f265b403818dddb4efc27c90985ed69a48b12056e548f9c99edf80d2b195d26acb1127661727a0600257f4b2546513d03930a0638a71bd3223e51fbb75c832ef737907f2f4d3f0505f431ea02783c798b5c4579c99961fb73dc623a0d99c1b306435464d413b537d42c6444851b36482597140b22fbc0ebc7e795b2f96739bf139f5823bc869ede547da4f394fa1b1787836095e1013264042e53d5006ea059d0488cb2f5ccd44b30d25ea53c2dda71d112d7d441dbfc9f8462c99c098b1958c80b237d83c32f2759c9a9c081d7d7666a477cfda59354309b09f2a8b9f6c3077b0df1e8d0c71ac07232de4f437107cb0eb9b47b2267efe31938a337cf11cadad72ced56895bb14763cca5bdadd245d801e829a1eb3bb4ed851a345918efd2dcf8d38f66badc773068e6a2ef59b2bb838abd8b043cf6ac54550f3fde1bbb9e761095e4b8ef1891757d376be1f778142610c0acbbfc697f51fbb7a1602ed46e82813c74f41ee2bae818174809f3692084bea7310ebec3d6166702ae62aad84313e19b4d145167185ea8d53cb21d099fb592d7d7f8bc305dd375b5c0cd73be44f49ff53cee220085d4706bbf50c6f63b02e7e805e8fa4c73046a57a8700886da29ea53e5a316e7b011c44a0f7be5cc5cb5641ba0069ff591eee18966c7f005ef40046a5fe2bf325b2545b009867761264aa9611d184fa372ba3c5c33d9a50717210f7cec7f6dc4418a87a797eb6aaf6ab3892bd3f559547c88d8c29646c8173fad1588f52beb34ff863be65e7ec1598cfb465f270bd5532fa7035aae077eedbc846058fa19f58ffb1cf0f1863f6d33f2e5c454d18b66be766ca369af2cc9656fa34c6c10e4d4da44ce5e2370aaf60c4e130da331d3489e8f44c600246323409fdd35d11da27128c9d64be65dd3a90c1546a6eb9185cb6d3a4a9cfad0e41ea03896fd2346f745eb3563d7a79fd345b037c040e56f0677840bf9b0d295bcfa98b931464c5ce9fcaf745720deac2d8b4edeffc0fe6f089ed7c3880959fcf8e31f7b7054bc4f5c9d3ed3f66c968d0bc20b2d66c374f030f3f1965f43a98519e527caf693362412d523eeb38c8b016ff77f78f833d7513e4b5a53d5ed5143916673f822ceac9967b8788bc6428283181eaf8d99e48286aacf4f658a903e9f08659450f7f9483807c2e013a1d9d199f18886a8cb4e14d41c71e5731455a4394551281eca12a1bb6ae717f5da2949175d0f1f3d718b761dfc1099c7d9d8928c899ac8e936e69d19fcbfcfdee83b68ef8e15eed41a8ac0d54aa92d7d2ee58bb4799f378225ec9ba4709e5ce2b77208ecc85c22c64967a9ef3360c54d311b8917ceb7b432c90cc5e98de9327c1400f8ec89261b1d77d8874b0bbdd2c5eb59df415705de52b08b0e12c07fb7367c6d461c19f282d51e482cb4fb9ceb0249ac2d6400ca170fbd6c0063224179c616bb030a5c10102aa2eea92f1e6f5828590b250b09e6d1a9535c298a68160b7c281fecdd295dc3396c4e6eb3395d5a677d5fa95a732dfdef81f4346545dd1a74bb3aa9b516699bdf0a59165077ab459a5ffe0dbb3ef8afa7a8382a8441e0c36ffabbed8f93f4bbeb97e5f6a704bf63a0de9ccf8fef643ebc530a80920931002003b027014de317c42f861d98ef4fef66d232d9706e6bd263347384dadadaa43a7e106bbb21bd822d468ace171b3f04b996112135b63dcbd612b5888ec40da583ab549c340ddaf5d7406c3e99322c68874214356c1fd9b5f84348e629cc3487a901d1b7a2fa531b1509ac1c93de3da9f1c3773e3a2aba2b29d2419f240ae6d24ed9f14bf0b9b0f1e740a2db06dab64d6386f950bff4e4c94160ef4b832bbde3af4937b7528658b5c16a51cb22193fe99385721ce5b048d9338e289dcb40683140c413eca52c8e4b64b306f47569477379c864cfb3aa3e349262407d3935ab9a0916eb0f6db2be71a7eb8f9968dfac44995d5bff8ef617fceeaa448f5e5f8d4b39e3512fe7ae9ee1d8a0d5912b6148969ab0325f3f76e2340fbd67ce156bdf638140b3ccdb08e5049db15957915cb05db8901249b10c59cc5c3ff836290e3334eee2df387e44c57b4d6198c3749f5dc57f6c3de115ced6b43cbddd762b58f1fb40b2baf3b381febdc073142e30d2e9a1a69e8d86314221e540f195509d223b206173dc5406865d8064817c30c284c034035a63190ab86df3bae4168c58e01d2251748fd5d9d610024129e83a5730fe83cf0918790e6854ab765c78649b91c06655f0cb9e26d8432df78bbadd99583b6a8afcf177ed6f339e08c0b36a16c6d31d8a24cb6f2bc3ba58d7711b6f8b988dc3e3144be619548457d4f40509f17eeb186cb93a2928ecb951593d1907c8bbb9f4c8999caba3059c8e73dce54ad6f87bcd51d559f7759902b14e68d3b845c0b179b38f4e6f0bd3a89cbcd5ebed9972102048647da1eda5c8456442369f4ae871d4037ba26f27d27371ce57e23adca5af8dc93f934f2ef8d69ad3b2db66657b3868dd839c2b522f5461f24407ef091b77242fc70a48b7eec45f3bcbcfbc6bdc36e4b67295020a345233a32a0a0af4d03a53ef67e69716d5ae35342722afbe7558946475a9ebf5b39c18558a0011f68bc8a78590b0cb63618379a512790c42d94bb239dd3ef5b8d1036cf0391aded8802a7a447c38f231ae611aeeab9bba44cd14369473758b64108d0bc9b6bc9e9b497c2d1d2acbae7c620a55c226cf371331688eaddec61fe961c5fcef71dad45820ed0ac8dc7641d82150f1318ac15aa41e7be585b6a50da1b3cd95239ee61cfde15aba80ae8ebc21ba4540883c6f44cd35b6b97da4640c97f5a2b6efa8d184fec823abc754ab8a0db6c45c2293e90d9c154c4a3e0b9ec2b6113ce6583b80f0d234dec9a9815067244733e2134b9ba93bb9692fb44200bb5501bb109f2401e8baaf0115d795bb0346dfafaf953bed8e9a52a5b9b02d490c55fd89daf311ad5e08b070a9571f696d6df4715c8b69b840e4e03d6f361326e20d9546c47b3a63163e7df9bd260621358c166177ee7c69ed63a8c43dd4a78543aa9f922c0ef527f4aa61ff65bb14595f518412ce25a1e103df89cd4b363593da16c11d80a23a9b5ad8e3a7be8f697cecf82c8fbd889a4f743c839b67f7ba5453b10bbf59b1e4f4e821872c061a4125c0c15c1ca5164efe61a58bb54dcedc849800a6021a448d4660c3b85e2362b7cd8ce95156fbf408a09a30a8ccfc3554004e9f9a35382907eec00617e2ae1f8803146bc8c28b4f3bf3c6b183ae9248e7f05c4adce3e0b7ff29252b5be9b19431e3fe612d471f52c5c34cc12c83049189f4d2e5ca516df78766ba3449d07ef9436c68052c986d9dde8802c931194e2ce34acb8cc26663a09348b15c6c145d26306bded0d1f482803ae6dee26562b03fcb183b69ee4a0491e8776ecdadfca395cb4eac2948d4d64321a4e669f2f663eb54f05f12ed9c685835c3e79f982152dbe701073b9a4ab2932b46ee2424a5e18bbe5f25ce0b898ff6937927f4670defe430ac86021226ae055daf39b535cdc0899fcc99d15e67d66bd2dd89bb21b8d2689a8af10a1b0bd44103c469922c36fc0228d7b6febf5e366dceecf8bb1db385c8ab95d86ff09b76c2fa6282de81fd6864c495a4c8295df61a2548e1b81c3e3f30d7a41216801d6c2d1743f66ae2055756083e8bf403d436b8244ac214f4d84a693d13f299ba267401d094f2df70840e8a980622794212f0992ecf5a47980ab2cf7d5a6f12b0a489af3c3c847ac59bc89f36fbb0e08bf283b68213a17de38b3a45eade6f0b198def408f7711c16367bcc0ded794a9a323c7e7f07fad96ea9c4d7344c26e43844a27c21076b8d7cd07677602d91eac825eb5fd0631755c2dd1dbf7bce3eb3c3f7377fc6080ecd0b894e29769845725943e25932d4249abb4ab78d4e2ff2e2df42c8d884cd6bd13886cef080c6491c217abae0eec6e9d4d49eab6657f15cfd38e6cd6d0bd33198c4685ab302d0f46e42f4a5d5bb7d2840a0a8817b98a856700d4de74351896fe7d7d5a0d1bc57fb4c828aa51f9637807aeb905780f239527ed4affd83f68be8b7ad1e10d9e797ba39cdee24f7be0a0ab0ac22ea3968dac61eb4bdd522c9ce570edf63a439abfd9954bf6a16c88d86157d05477200a83255cde279b454979cee4de00e81cb44acdc4295c877566a749ab5b91d250f03d46ecc14210c196700338eea028c930ce104f20a9e7fabb0ad1d314ec1a2d97d1d1b9e09114dee0e3e513eacede01971ff85dc98634156073df4e8acd6c3aadd615adaffa7a81573813bc4ca21886ddd532021bba5c84b34c34665534db48d61903a03c1cca4ed955ca92c1e33b7664b494e3db6d1e637a49e537808a2669ebeca301691acd4fab0af197b9c7db01b7862466b568ab3a4712a25210264fb297a6b679dfc3fceb65bddd1a23d5b507a0d6da83d73b716d971c5179a92e57b9b93451eb943845a549de737f2d082a83682c32649b4941e787758ead9d2c256b2b4ed1e0255952ce83cccecc39e5bbdd38490f1960b26e5379943be3d9a64b5149c84d577e5fd099560baa292befa06ce9065fb03ed432a9e055ca4ad0e952f8368b3d230fd5239726f79f4c98a0b4a9648382b245d324cb61049562f765f923fc657ef36747658494d78590a1e27a2d09856acf50c3b26271c6d5aa96e8ff9bdb9043859665e21ea53a050c335cac414bbf27b0328ac2c7450acb26b093bf232358afd1135ee50ac3fb26b5f0256ccdd37033c8a59740607cfd549d4c6540afe4a6b4425ae1f633872dcfb5da8d0547cf0c4888817b71fbc7c45b2a641e9c1a76b6a6be124402422ada35edc02ed997d6b87b361aee95a16d2c528d89a52fe40dfd83434969bd86f02e63fc1ae72941209af39a08cfbb4c320bc47d853f5dbaf0cd60ec54608aadbc382fa6b5cab3e9cac57bea26609f4c79f6a6b4eb4a9336fa95783b0c0c366f36d5d6b8310b3cfdb800207919a131bc7f984f7fa11fd0bf2c89e060e9d1286e453fe97363ef72bd6eba29a85ffeccdc3bee72e12284333a5a40622c01619558d2750fc45abfa22059ebdf743f8e50ad29770d19f84d8a34232d6918514769b3bb2a1ea5e59e9556332ba669675764458e9349a1835c501a93e91dd3b31018979880a9913f54ec1e8526b8cffcb776b97fbb9424faa5c5eb60d2ac74955bba4b5182571d0d9f84f0df1baa722b20a78c9c0011c667f688b58489c9e450d83e40ac5eb41c5564b6d76a226448abe4a3f499927074125aa9c0e7e704c36df5bb110a0f15f8433a470e81db414827d5ce21ca1da1c8d51d746d1e1ca110127c15e92afd75d3cd05ce0b632cfa03745de3cdd4b57373d46676583c89f045c26c6fc5793e5489555ced08f83ba351135834a2028113c319af30cc85bc01a7f8208822d7d607aed0d2e12c80aa009100441b75beaccfe0adbda7e8bb870edf4963158794c8c3a5baacf6eec7b5efaefb7602dab8409d161beeb281cba21f1da0ccdc092d0433fb940d79699ffeb87ea775829a6e7e3b308a2ee0b7aec8ac5f35eed61be374c7c77196f7119a8882deff68230f461cb917b0ccb2b8597efcbdd1003b7b77b2c601ebd4b45c35b8426f7b9138ab3df0ec00819604ab8e1e64cf2aa2282b1269585af127a268cd207f964edff172e555398a16df44bdc52889538c3a27f8fbfffb61f7aeb55b259952bbfea81d73058d8b0f78ece9dc08e660437d21d4e3ec38b19e5afda7a6e33023f9158db8a1c14dabd9b8b307ddc66927f7b19df5e0da2237d98ddd890b81f1963808977d02198e8ae2e97419dbb1f8e51cad36a3424b955500fbdaab6ff8dbf028708b1f951fe43864b59b6c2368b816c98023d4480a91b3f1059e9c214bf55a7f8c7da907f79ff5568fd787d3aa022ab9d03cde551f7e3295f02c4f3aa37e4cebdd968c0f82f09eb004fbdb1a4ef3a0d426691bde3964c29ea65622f5d3ffd854053545ba1ec164495e4bef4845439c058f9438d13be7922b656db499c246ee6176a15b97e6a68e42f0c703033b699504e1f92b43054c7237199bd013d96faab47433b6b3f91dc66368706439d4ef7da3942ce8b9c1c9a9d0643fc4540e7d3f1c3821267e866cacd3e904be9f9df80381eec09eb2b0d745ff03ffb199b917a14fdd8fbfbffe8bfb0cf7023aa7183301a8a41e7097ff9f5247f8b78f7d08bbfc596a81047807cf0929677222e7e9e921b294e04088c3746d8dc19294645f1c093a21b4c5e6d92e54dd90465b11dd5d9d42af849070edff4ec63970f4088daaa33afdebb28d01df5ee043a8150ab1b25d864ef31e20c84696596cfbea92d02ea29c4a3933c41ec68aee7d68d7eea7f30d8920e14e62be42bcf856d7a58f46fdb2438b023e974f77281c5a462553627e9614504cbd3f1cae6e0fd9f7e89d9bce48946d0508616fbe542303dc542982c61d7bb4afbf3e76bf1fb2381cdc99f2175ef944dcd826aabdca2b7678db5262733c69ce504c38e7deb7adfb9b6d8bb00d8e4251e0438417ea615cde58bd76c2427b3d7a0578bbbff9fde2abbc5d60307aff0050b18176158aaedb34e283886378ff798b4f74e0a0c95d64271f1916280dd247304d9201c67f5e2640d9706add8703cac81795a0190107e2bb2941ed13738595da1c86ba0f68e2283a435cb5f162c74071a13dfe2266d05abaef080dd6b1dade115e883e04f0bb4be4d91f535ae6f822b02e814e65d2b7807d199a23d3f26209f6c9f93602a3a93ccfdebb5f8161b7928059674e15820d1848a980c8d1af5a73aadc5c402fbb6e730ba51227913ca27f0d78d331d6325d0a7926c238296b2a22b10a69cdffeb087dfe175511ed8e2cde8d7dae140e4ce92f892b129d9940e4a30b19f822ef7611b8750eaea8e55502604b7d2358c09a217af8be6c86d67cf6ff6130c971c9765d56631fe6224fbe1e833d497b534fbf6b030af93691f59295279aa1bdfb5d5d9d4668d5aea70e2b8fc117df0042e91c7e6225f27329727ed6e14a87c7943c040dfee4e5c06a20251c39a45ab4865951b0daefb9c05571fdcc21d1761945bd2b8047ccedd6f1e708646fbe61e75bb2728e8cee893d7e6f642119e786155a6cbab057d6d83b77716145119e974ad7355179d2adc3d748fa249cb58e32e6791d646240c05da4427b2f359976c8fd1486c604cb7ee647e24633d8fca8314cf1f85110ca6351156a2b26e44b040f7d2810acd36f45a3969c1fafd1a7e0bc14fd9b26593375be8e750c3f6534ffb85904d15d75fba05dac4a673de97f7543ee931724cd35474cd7ff5cf3e8abaf206f3030e92895633fa9d8499ea763601560260109dad18bd64b990531fc5377e6eaa5da050b98e1c6515ea48c7de1a15b63283d4a694cbad379356bfdac50e6c343879e29f6b9ab425600d51f257ceb35d0ca00f83cf5bd734223de716747614666ba1f1a8fa756e5f3ff0fc94fa4bd4073bddb0098cf565ee40af5732ee9218d262e5b64ad6b8118c54eeaf7072f2e15514a401779b425fa89d8abb1750e56cc3108dffdcf2d3fd86b8af4560d56f7ff0702154211f9949e3992d93e66892b297fa2d4bfe18de3fd74e96c9d30eb14fd458fdbc9e9a34e00f3280dd732520147fa2a8fa83e91dd0687501466a300015bf888c03fc08190c2753d7719acf6f84885c4c5642f466c1984f15a7716a9b608ee5f1b395726bcc8519766667d24d11e396e62ea39640c9e73e4e9e9e5076d7019ca1bebbd7097807f46b3b6fcb96ed4b433b25ec551fb176a5fa252ed1d81b0350cfdfb8069c9916495bef3a262b6668910896c0b37eee40547c663a901e92f41b417ac50e88d058d021a8f9a5783bd936cca4962bec1c9886689cc547970f9215232596392515182e563f720bb79d29baaabf0e2697de6500bc677e346847011ee3450358c0b16ca528368b5cbb8df5ab974a3cef072d20c9906fa585e0f3083ec6d8507b8561f64e65aa1aecf825fc47ad1459c87771549fd5c9a9cc094e7b1179ee1e90eff7158f28f59f029d90e708f4ec50b4f67d8b4bb7140065528354a7e25d63e92977183a0284ec22aa923210f0bfea89cca53547137381e5de0f60bc484bc2daf129b0380244f1ed4bfb674eb2791e76dce33cae684ad36620d5d67cb587f840caed316b7439b0e8c3de0e065e62680f3997369be3466670278168c9a1a644d870e3a8d0a79b2b720e8c3c51bb9133532beee64319e98714bb2e6d5c0b723962d923b0ef454361d4b3cb470bf8c39031ed4a75267f499741be15aacac92d8e6afdcb01a2e7d2dbf549ceb2a2108c4079c620f05ca1bd31d631c2c8d35ca0d73155f56ed020c25e389db356edf510ae088d11b5e4fed51d0dce4d3aa04924b09c28200ede5bec1a8f38cc5f081055e0f28d75afc4d588ca0e828d00085d150beafdda17b8df9e7d9218ea7d81f2e076412901c5ae04d6929d717fea2fcc8e5a1e69dbd7b5258799a2fa5eb108b6cc35dfab599fb27e6d75f1030b83f452af8137830337141f031942eba83123d3f87b5f01623d4613e5a44b4952c300baf3d4d3dbbfb0ad024a19b3810a174ef8453d85a25822f66e45eba2490f29de1077683ccc32e3517f88b51e010672a982f7c8591450c9ab1573143aefb61c17ebb0c92dcb0494d116b970c2a827a6b3608ae10d583d1f7d092263fa873de9f31cd59bc9491ff012059b63a9120af89477f2ccc34eee7bd66de60af64730c879128b49d31da6400c2471e0d5abf707e560574b477b8e20ca45d92182d639eb434e14aea1a3f91ad8fb60e4859b77389753990513181ea3a82884235e8520294359435cfba220502b591fc28ac36ec697442657d290bd7aad7fce53a3f1766f2bf7d55c24d7c0e9c7a71d6f1282ea1478e0a36378b50e4fee281f686bc53f50138036e2a5d6199d40caff084fde7b63b3c0a47da0791107c3218330f7c2e2c7609aba202fae5290243b6033379eb15edc572eee452008e04c9b53efd5f3d88327317b38934745bc3de4c55bd818febc7a7953bf03c4029f77177c2a974310f0485aa46252f1000dc71934947287c38ea5854f29c7b82f630afb8caf1fd880670307b155a6e7feddc019cfbbbdc18f3bc03da3bd371d93ccbf56bcb39eea55c2d113efc148127c30089d21ce6a5088dbfbcf8f8d75c19456bc962c371548634a95382acb5a0886efc46a87bdc111dc0d1e54084cea0d58054f00762c91d7fe0f0fbcf4c280f29f9cd5999a5e8c6f507f8080d7c7ea9a8685be50722cf1a082f3728dec8d6152cdc72f8da6b1805643c042f4f6780ba79cc8a2165d9d7acec8ab2f421bc3e77b51c62c4bbb262b5674ea7d2dcf9acb894d050e91b052364322a5b08bd9667249571c004fb495da7e24fc5620adda3af6848ccf238911a52bdbff766e4e279ac274afa2c2302faba25b5fe98d972a04aa13f77c0c05d7dd82b0a19f1ded8cf5f99c80e392b0aab1264a29e9fbcf0b69f6b0a9f2332e09ab74dea7277106d0883bb264e279c67e5bc69009225bf4fd1a8532f9392a011b55a73a7cf8d16a59d695b2a65b57fad64a2041f8c28804ee1a48845c5dab757d04f1d95520aa9ddb69904d6529c0e14bd789dfe37067073b3e0e136ae2aebb1c34c55b94ce942f786be4b45f801f35f7c768d91a460b92ffa57ff675f0b4b00437a07f871a8650f21b2bf7c722c1d9e860e8955fef5699ee53a5f6fe46fb9e5e17a1c69fe2538af4718b7215ad2c00c3d420589a8653ee511b809945451fb8205b19ce377c8d0253b05493c557cf2bd8ef208e8fc01beceea1acca38d025f328f28d69bcfaa3adc6d9573a3832dc3f3c758fe08cf9cd0c32acfddae81b3682869e8aa9725b64336252aeb2ee8eb78f0721aa3158217a3009948adb297c5ea45ec26cb6d963c7be47ee1b93fa136ebe73a21936df0148fa311206f8bca2e80719aeca8745ff74ddaad5182644762c66333f942d9a93c467d5f9fd5d0dbbe57480362d4bb0f760294f4eba3e1b08047d256dbda157635d21a43aff3a71f6ad574b402bb36e5270d7ed082c6fbae07771721513ae9ddb22d23b00733046c898ee6ac05ef8a51ce41919e1f241cb98e0592ace68214620ba1a748ef81131661f58f1635713ca2873e150a3e848c8d2ebd039769fda112b73050efa4d1c35dbb46ca5a7b7ccbed1dcded36af272f6838b4c1e7e6778e7e9ca3d794f275d49c9e32e768097349118d2337e7c031ada38d0cc5c04c286ff93083f6d58d73a821118c93432fda9a8c76fa2cbcc093a7decac8e4f001ecc9f67faf1c2f102120f0618469cf653bbd5fcefd4ef2bae86dc4f5393b840f9f47140cf7f46a186c21878a43612a71d3b540b9994f010ab623f878264cf46c7366d0bec5d43d481b47846091fd3cda73a9a28ceb7f839eca695c9f084a16c812475f6575ef2368c88cc6655f47663ef69ce4779fe3ccc4dd85a07a9e4c6f39f42690d231f5727f45c247a53fd8df029fcefda4f328658435892519c17205a3c715ad6bb7387d09a5e387c83f008daf626f5977c66203af1143ef7b59ccd8e3c17bb156bca317861f0b9f222ea63c044075a3a74beaf05c23d0a75caa60397d831bbe507234fff154960faf0f02776d3f9038c955bf0c1ec9c92523cf0b855c18d6ac3b35d437796420ba3dfd581dc6adac64315c1cb1a2c3a45ec4655bb2bd6e0b4a3082281ed0697a213d1d93142e96b4fd57431d2f4547451d008ab58bcd9765ccf3ca3297becd5de9e2be0263cfca09935c9334b5e687bc7e7057dc2ed03873be22200c9fe32a9497dd00a336cf4c723ead302340b5cd1fef8cd88330a9089fc93af4ef739295b94407b291bf33f4f39c936736e1166106428f8796a4b92805f4dfcf46d8692b54e40a9e8584c0eaac4caada87bb33f553eafeef5051b889402176ab766936a38ddd7e5205d2c87e133a02e84ab24ba2d889a4c4db8cbe18b271455e84da716f4a32acdbc0a5aaba25a2ec757c73847dd1c4ccb2967c651e5257692a4553dde227846bfe2977021805f46a287c835ea8dc5", 0x2000, 0x0)
write$FUSE_INIT(r6, 0x0, 0x0)

1m51.326324006s ago: executing program 0 (id=110):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0xc, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
io_uring_enter(r1, 0xeed, 0xeed, 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/address_bits', 0x202, 0x0)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r3, 0x4)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0)
capset(0x0, 0x0)

1m34.892824675s ago: executing program 32 (id=110):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0xc, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
io_uring_enter(r1, 0xeed, 0xeed, 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/address_bits', 0x202, 0x0)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r3, 0x4)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0)
capset(0x0, 0x0)

27.309157917s ago: executing program 1 (id=177):
r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x8001, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000040)={0xf0f045})
ppoll(&(0x7f0000000000)=[{r0, 0x9f712fd3135d63af}], 0x1, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x38, 0x2, 0x8, 0x3, 0x0, 0x0, {0x3, 0x0, 0x9}, [@CTA_TIMEOUT_DATA={0x24, 0x4, 0x0, 0x1, @icmpv6=[@CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xfeff}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x44000}, 0x200400c0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
socketpair(0x28, 0x5, 0x28, &(0x7f0000000000))
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r3 = syz_io_uring_setup(0x7440, &(0x7f0000000540)={0x0, 0xe85f, 0x8000, 0x3, 0x14c}, &(0x7f00000005c0), &(0x7f0000000600), &(0x7f0000000640))
r4 = syz_io_uring_setup(0x66b2, &(0x7f0000000200)={0x0, 0x3b02, 0x800, 0x80000, 0x1bd, 0x0, r3}, &(0x7f0000000100), &(0x7f0000000000), &(0x7f00000006c0))
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
capset(&(0x7f0000000340)={0x39900612, 0xffffffffffffffff}, &(0x7f00000001c0)={0x2, 0x2, 0x5, 0x0, 0x1, 0x7})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'netdevsim0\x00', <r7=>0x0})
bind$xdp(r5, &(0x7f0000000080)={0x2c, 0x9, r7, 0xc, r5}, 0x10)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000000400)=[{&(0x7f0000000380)=""/113, 0x71}], 0x1)
syz_clone(0x80040000, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc3c0000000c0a01010000000f000000000a0000060900020073797a31000000000900010073797a3100000000100003800c000080080003400000000214000000110001"], 0xa0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x5}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x3c}, 0x1, 0x0, 0x0, 0x8080}, 0x24008040)
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)

22.729905854s ago: executing program 4 (id=182):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f00000000c0)={0xc, r1})
ioctl$IOMMU_VFIO_IOAS$GET(r0, 0x3b88, &(0x7f0000000100)={0xc})
ioctl$IOMMU_VFIO_IOAS$CLEAR(r0, 0x3b88, &(0x7f0000000140)={0xc})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000180)={0x20, r1, 0x0, 0x0, &(0x7f00000001c0)})
ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000200)={0xc, r1})
r2 = socket$key(0xf, 0x3, 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)={0x130, 0x40, 0x1, 0x7fffc, 0x4, {0x1}, [@typed={0x4, 0xb8, 0x0, 0x0, @binary}, @nested={0x10c, 0x1, 0x0, 0x1, [@nested={0x108, 0x10, 0x0, 0x1, [@nested={0x104, 0x8, 0x0, 0x1, [@nested={0x100, 0xa4, 0x0, 0x1, [@typed={0x8, 0x22, 0x0, 0x0, @pid}, @nested={0xf4, 0x13, 0x0, 0x1, [@nested={0x4, 0x37}, @typed={0xb5, 0x15b, 0x0, 0x0, @binary="8c8f81fee024c5a50bafbfe61d79a865886e69f135a6899ac888bbcd1231eaeb236221d8b07eaeec90d769e58989861ccbaebc522eb18707ede76d657a50b37c807cf8c48253925fcd775be3cfb5e7e5b95624a04c7f7b50310f5e43e2b7bf6aa7a7b0ac6eb8fd6bb1f30c4dce6b313a61d5027b955a755a1e35b3bfd2dae66b9a697f67ec4ec3f911752107e1a66d2557967c2150500af6ecda3df8948fc8dfbcfb27e655010632e8e67a72e2cc8bc07e"}, @typed={0xc, 0x3e, 0x0, 0x0, @u64=0x8001}, @typed={0x8, 0xd5, 0x0, 0x0, @ipv4=@loopback}, @typed={0x8, 0x13, 0x0, 0x0, @pid=0xffffffffffffffff}, @typed={0x14, 0x18, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @nested={0x4, 0xc6}]}]}]}]}]}, @typed={0xc, 0x2, 0x0, 0x0, @u64}]}, 0x130}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
sendmsg$key(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x2, 0x16, 0x9, 0x6, 0x7, 0x0, 0x70bd2b, 0x25dfdbfe, [@sadb_address={0x5, 0x7, 0xd33a00e6e992d577, 0x942ef044edd63cd8, 0x0, @in6={0xa, 0x4e24, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0xbc2}}]}, 0x38}}, 0x20000000)
ioctl$IOMMU_VFIO_GET_API_VERSION(r0, 0x3b64)
ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x3)
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r0, 0x3b65, 0x9)
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r0, 0x3b70, &(0x7f0000000240)={0x70, 0x0, 0x0, 0x0, {}, {{}, 0x0, 0x0, [{}]}})
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r0, 0x3b71, &(0x7f0000000280)={0x20, 0x0, &(0x7f00000002c0)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1c, 0x1c})
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r0, 0x3b72, &(0x7f0000000300)={0x18, 0x0, 0x1c, 0x1c})
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000340)={0x18, r1})
ioctl$IOMMU_DESTROY$ioas(r0, 0x3b80, &(0x7f0000000380)={0x8, r1})
r4 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1bd2f087d0403508c2f010203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r4, &(0x7f00000000c0)={0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="0000f50000000341"], 0x0}, 0x0)
syz_usb_control_io$sierra_net(r4, 0x0, 0x0)
syz_usb_control_io$uac3(r4, &(0x7f0000000500)={0x14, &(0x7f00000003c0)={0x20, 0x7, 0xde, {0xde, 0x9, "4028f1f4586d4bb93b10aa8ea8663d7ec021c7880bc5e9fe3860a5520f0060c46ffd139d5998e217923e6d78da6dfdf775d19c285a806acafe02cf0e359a4960d7e4d4512e97cd959d5d84707774089bdd0038b04e748d8ae93f56e9de3cbf732acf747d58e1591a876d7c16d4c8cc0537732ccbde224ea18c429493bcba3ea28d0882727aaf65d5a61d131ff8289a76e5dac2e31ed2b3b5f3aac0d744969bbf93ff1b2317fd10a411dd34d17dcd7f1bc0b1adcad64358e9827740d056d7f753b9efdc1b446ca979ac71a6c32e29d3e4fd9e6e360c3042f7384dc675"}}, &(0x7f00000004c0)={0x0, 0x3, 0x14, @string={0x14, 0x3, "4045ad7e49661b582465985c45910fa58ff3"}}}, &(0x7f00000007c0)={0x44, &(0x7f0000000540)={0x0, 0x11, 0x88, "812d394e98dd57807e2a41bd8be7362040880ef5858c04ce4eb19f6d0e58c2ca6056e08302c2b054b66728bdb315851fa7f67f8675071efccb73f4b6a0167ac47318a7367c1037f6220d01ae9c41fe6ffde7b7d435b0832e6733f04d145e0175dd60066366bf39a9bd8d5844b0e80fe5abc21ca27873c0584998c6006bd5ad403edc0024c5595bd0"}, &(0x7f0000000600)={0x0, 0xa, 0x1, 0xc}, &(0x7f0000000640)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000680)={0x20, 0x81, 0x2, "057a"}, &(0x7f00000006c0)={0x20, 0x82, 0x2, "a6d6"}, &(0x7f0000000700)={0x20, 0x83, 0x1, "10"}, &(0x7f0000000740)={0x20, 0x84, 0x4, "0562665f"}, &(0x7f0000000780)={0x20, 0x85, 0x3, "8c3a8e"}})
close(r0)

22.625460397s ago: executing program 1 (id=183):
socket$inet_sctp(0x2, 0x1, 0x84)
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_INIT(r0, 0x29, 0xc8, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat(0xffffffffffffffff, 0x0, 0xe05c0, 0x81)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x48)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$dvb_demux(0x0, 0x0, 0x101800)
ioctl$DVB_DEMUX_DMX_START(r4, 0x6f29)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x6, 0x0, 0xfffffe0000000001, 0x0, 0xffffffff}, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000840), 0xffffffffffffffff)
mmap$IORING_OFF_CQ_RING(&(0x7f00006ef000/0x4000)=nil, 0x4000, 0x300000c, 0x10010, r1, 0x8000000)
setuid(0x0)
symlinkat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00')
openat$dir(0xffffffffffffff9c, 0x0, 0x2, 0xc9)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x40000000000000, &(0x7f0000000100), 0x106}}, 0x20)
set_mempolicy(0x3, &(0x7f0000000040)=0xe3, 0x8)
r6 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_ENUM_DV_TIMINGS(r6, 0xc0945662, &(0x7f0000000140)={0x7, 0x0, '\x00', {0x0, @bt={0x9, 0x8000, 0x0, 0x1, 0x89, 0x4c, 0x6, 0x80000001, 0xa2f, 0x7d3, 0x8, 0xe292, 0x8, 0x8, 0x0, 0x0, {0x8, 0x9a}, 0x7, 0x80}}})

21.623076462s ago: executing program 2 (id=184):
ioctl$TIOCL_GETMOUSEREPORTING(0xffffffffffffffff, 0x5412, 0x0)
arch_prctl$ARCH_SHSTK_LOCK(0x5003, 0x3)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="05000000040f0002040000000e0000001000000035b316e6fbb30034d746b316057a64d8563914ea94c777c06d66410b7d279c6dcf4942247dc40ff2a9f1754c61ed9a7d4f715576dc9d988ccae772e0bfe07eca679a249a623db0ec2e180c956ac0c55dc3212dd60632b0fc8a69c620d56fd3d07afc3960a4a652298a7f89a4f3ee4006bd3a346e94fb1bbd8f3224e3f39bca1734093db10a75", @ANYRES32, @ANYBLOB="faffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0xff, r0, 0x4}, 0x38)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
getpgrp(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
r3 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r3, &(0x7f0000000000)={&(0x7f00000001c0)={0xa, 0x4e20, 0x80000, @dev={0xfe, 0x80, '\x00', 0x20}}, 0x1c, 0x0, 0x0, &(0x7f00000004c0)=[@rthdr={{0x18, 0x29, 0x39, {0x33, 0x0, 0x1, 0x40}}}], 0x18}, 0x40440c0)
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf5c5d000)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
lseek(r5, 0x7ff, 0x1)
ioctl$PIO_SCRNMAP(r1, 0x4b41, &(0x7f0000000f80))
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000002d0009002abd700000d7e0024e39b3187108e2dc80420bbdd800bb7d8d59ffdadb1b1634ef616bb66e2443e0cde31fe80ea6def8efc8e3ad57df0e2c7b51c86d54e4711a7e7a29c52028e9dcfc026ca2f44291caeea611640ee01263e557f1dc15434709e4bc34e14cccc1b7c32172c35822bce5a31a82d0a6d2f7"], 0x14}, 0x1, 0x0, 0x0, 0x42804}, 0x4000000)
lseek(0xffffffffffffffff, 0x100000009, 0x0)
r6 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x85)
ioctl$SG_SET_RESERVED_SIZE(r6, 0x2275, &(0x7f0000000080)=0x80008000)
syz_emit_vhci(&(0x7f0000000580)=ANY=[@ANYBLOB="040e44012d0c"], 0x47)

19.73167425s ago: executing program 2 (id=186):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
preadv(r2, 0x0, 0x0, 0x4, 0xffff)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0xc}, {0x0, [0x61, 0x0, 0x61, 0x2e, 0x61, 0x61, 0x2e, 0x0, 0x0, 0x5f]}}, 0x0, 0x24}, 0x28)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xc211, 0x1)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
r4 = landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r4, 0x1, 0x0, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, 0x0, 0x0)
syz_emit_ethernet(0x7a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @gre_packet={0x1, 0x6, "954a5b", 0x44, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x2}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8100}, {}, {0x8, 0x88be, 0x3, {{0xc, 0x1, 0x48, 0x1, 0x1, 0x0, 0x4, 0x10}, 0x1, {0x7b40}}}, {0x8, 0x22eb, 0x2, {{0x3, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x9}, 0x2, {0x5, 0xeb, 0x0, 0xd, 0x1, 0x1, 0x1, 0x1, 0x1}}}}}}}}}, 0x0)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
syz_io_uring_setup(0x39d, 0x0, &(0x7f0000000100), 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file1\x00', 0x81c0, 0x0)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)
umount2(&(0x7f0000000240)='./file0\x00', 0x2)

16.455628777s ago: executing program 4 (id=188):
syz_usb_connect(0x3, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010002b8426c104b062578b862010203010902120001087f10080904"], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[], 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
ioctl$EVIOCGMASK(r0, 0x80104592, 0x0)
ioctl$EVIOCGUNIQ(r0, 0x80404508, 0x0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x5543, 0x781, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xff, 0x50, 0xc9, "", [{{0x9, 0x4, 0x0, 0xd, 0x1, 0x3, 0x1, 0x2, 0x0, {0x9, 0x21, 0xff7f, 0x77, 0x1, {0x22, 0xfb1}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x3, 0x5, 0x44}}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r3, 0x80015b1b, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xc6, 0x70, 0x6, 0x10, 0x14f7, 0x500, 0x4485, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1}}]}}, 0x0)
r4 = syz_open_dev$evdev(&(0x7f0000002780), 0x2, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$lan78xx(r1, 0x0, 0x0)
syz_usb_control_io$rtl8150(r1, &(0x7f0000000240)={0x14, &(0x7f0000000040)={0x40, 0x3f, 0x2, {0x2, 0x22}}, &(0x7f0000000140)={0x0, 0x3, 0x33, @string={0x33, 0x3, "f816c888f6cdc737d5e7916de08d1474fd2f4d3ba9b8f7b7bd8bdb4e7328827651d20fc96f542cf3c7a572008b36ed523f"}}}, 0x0)
r5 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xc002, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3, 0x50, 0xc9, "", [{{0x9, 0x4, 0x0, 0xe, 0x1, 0x3, 0x1, 0x1, 0x0, {0x9, 0x21, 0xa, 0x77, 0x1, {0x22, 0xde1}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x3, 0x5, 0x48}}}}}]}}]}}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
ioctl$EVIOCSKEYCODE(r4, 0x40084504, &(0x7f0000000440)=[0xfffffffa, 0xad4f])
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$lan78xx(r5, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000400)={0x0, 0x22, 0x54, {[@main=@item_012={0x0, 0x0, 0x9, "4aa1"}, @global=@item_4={0x3, 0x1, 0x8, "0100"}, @main=@item_4={0x3, 0x0, 0x9, "cdd2f361"}]}}, 0x0}, 0x0)
syz_usb_control_io$rtl8150(r5, &(0x7f0000000240)={0x14, &(0x7f00000000c0)=ANY=[], 0x0}, 0x0)

16.366506098s ago: executing program 3 (id=189):
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x67)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
recvmsg(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, &(0x7f0000000380)=0x10001, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r4=>0x0})
connect$can_bcm(r3, &(0x7f0000001ff0)={0x1d, r4}, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r6, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000080)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "000400", 0x58, 0x6, 0xfe, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x16, 0xc2, 0x2000, 0x0, 0x7, {[@mss={0x1e, 0x4, 0xa104}, @md5sig={0x13, 0x12, "a1cbd12aa50e39de3b5624a87fb75f32"}, @timestamp={0x8, 0xa, 0x6, 0x5}, @md5sig={0x13, 0x12, "e9803cac6913fbfccc18ce5a512eaf73"}, @md5sig={0x13, 0x12, "f2a3c47d2be4dabe21013d40454c15b5"}]}}}}}}}}, 0x0)
sendmsg$can_raw(r3, &(0x7f0000001fc8)={0x0, 0x0, &(0x7f0000000ff0)={0x0}, 0xee}, 0x0)

14.839943026s ago: executing program 3 (id=190):
socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x118}}, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r1, r1, 0x0, 0x200000)
cachestat(r1, &(0x7f0000000000)={0x9}, &(0x7f0000000040), 0x0)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'lo\x00'})
sendmsg$can_raw(r2, 0x0, 0x4040005)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='numa_maps\x00')
preadv(r4, &(0x7f0000000040)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1, 0x0, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r5, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r5, &(0x7f0000000080)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000d00)="27050200590214000600002fb96dbcf706e10500000086ddffff1144ee1611d4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9d9bf1174bbf47ef74d55a99ad39d207cb572bb63dfc8f6098e3251eb181ebb55a0e82b5aa114e78f51a1e0eec04a10c2897204a66afab94dd8de001923467692f87653809bdac2ecd596160bec5c8869a08ecc5bf1561bb7ebf3468a2a212c7107d3c03418321ff77586b723dbfb3f03212aaf9150914bb989ef324957cea1707943a287afd6aa759a30e50f215292e54ebadd", 0xcb}, {&(0x7f0000001240)="1c393502dda1a67d93b1ceccbe972c4fef9c33ecf2d824f3a33513f45f472bbdc8e3a2275f2587f0da0b3ae419bed996116448f90d113ce98aa985f3430858f5cb9a668a1800bf2354b33cdff83033de518580a3080d7f4cc2406e071138439e1566dd17983ee053ab672f362d3292e24a9952f18ec3d8b37bb3391096c1d4442a754899299321c03cbcfb98a26994b2a072c2b9d9c70d619545e5f61b050e40166d2ff57dcc008f24fd5339e7bc21e25863f80d2487c30b6bf781608a31d68e9319ab1712d8f5bdde849c040417c864cbfd3923dcb9fc6bdc2ea53334184b03efcb631dc68f0a7b6e13eea4b80d4237120e32932ca4e2b50bad0a35496d36a191d91f03b477b9587bc0ba489932e34f819fa1524ebad53a3d94b46c6aeff4f42fa067729fbb2862c09d337a75e0c8429d4bfe0dee2e1e23e8c22787178600ecca135623731e4701f35bd4e7c936a8ee274120e7662328a5aba1161b05889b045696721c79bff0547efe051f3c5de77fdd3c77afd41a1a7747a982b7efb013c9d6bac7d3ad1f9b7c3a5a1448b35696f03bca1c87", 0x194}], 0x2}, 0x9cdc2384056b48b8)

14.513523927s ago: executing program 1 (id=191):
socket$nl_xfrm(0x10, 0x3, 0x6)
pipe2(&(0x7f0000000400), 0x80000)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
syz_usb_connect$cdc_ncm(0x5, 0x8d, 0x0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0})
syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822901)
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x76, 0x80)
ioctl$BLKRASET(r0, 0x1262, &(0x7f0000000040)=0xffffffffffffff01)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x3)
readv(0xffffffffffffffff, &(0x7f0000001dc0)=[{0x0}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r5, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000900)={0x34, 0x0, 0x8, 0x101, 0x0, 0x0, {0x3, 0x0, 0x2}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8809}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @fccp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}]}, 0x34}, 0x1, 0x0, 0x0, 0x20024810}, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x5)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000800)=@can_newroute={0x34, 0x18, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@CGW_LIM_HOPS={0x5, 0xd, 0x2}, @CGW_MOD_XOR={0x15, 0x3, {{{0x3, 0x1}, 0x4, 0x3, 0x0, 0x0, "13f90700"}, 0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x805936d41ec618b7}, 0x400c804)

13.330330145s ago: executing program 2 (id=192):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
syz_emit_ethernet(0xae, &(0x7f0000000000)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000308", 0x78, 0x3a, 0x0, @private1, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "5b52ab", 0x0, 0x2b, 0x0, @private0, @private0, [@srh={0x873a84884f5b3ade, 0x7, 0x4, 0x2, 0x1, 0x0, 0x0, [@private2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}, @dstopts={0x88, 0x2, '\x00', [@hao={0xc9, 0x10, @remote}]}]}}}}}}}, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'sit0\x00'})
sendmsg$nl_route(r4, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0x4008081}, 0x4004000)
r5 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r5, 0x2, &(0x7f0000000100)={0x2}, 0x0)
landlock_restrict_self(r5, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000ec0), r6)
syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r6)
landlock_restrict_self(r5, 0x3)
landlock_restrict_self(0xffffffffffffffff, 0x0)
connect$inet6(r3, &(0x7f0000000540)={0xa, 0x8, 0xfffffffd, @loopback, 0xf}, 0x1c)

12.832335106s ago: executing program 4 (id=193):
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000100)={0xfffffff8, "07bbfeb30c52d28881875bac175ccb0d6c446593aa7eaba9a256d98e03ab46af", <r4=>0xffffffffffffffff})
ioctl$SYNC_IOC_FILE_INFO(r4, 0xc0383e04, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_ro(r6, &(0x7f00000000c0)='rdma.current\x00', 0x0, 0x0)
sendmsg$nl_generic(r5, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x16, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
r7 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x458, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r7, 0xc10c5541, &(0x7f0000000040))

10.618295603s ago: executing program 2 (id=194):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
shmctl$IPC_RMID(0x0, 0x0)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r7, 0x800448d7, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000240)={0x73622a85, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000680)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x52, 0x0, &(0x7f0000000780)="a51dd9e70ac4caade579a2903d36962e0a449c9c56509aabd277ac2389ad08fd2d81b1e8e4c55d212487f324b5bf7a0157aa39b27dfee778e1810adf2aa8611fea9d713a87026dc57b42952bb80d45b0f8f9"})

9.334797893s ago: executing program 3 (id=195):
pipe2$9p(&(0x7f00000001c0), 0x0)
r0 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.allow\x00', 0x2, 0x0)
r1 = dup(r0)
r2 = socket(0x28, 0x5, 0x0)
statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1000, 0x1, &(0x7f00000004c0))
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/net\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_PTRACER(0x59616d61, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=r3, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2000003, 0x4082172, 0xffffffffffffffff, 0x418a6000)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x14, 0x0)
accept4$unix(r2, 0x0, 0x0, 0x0)

9.059751072s ago: executing program 4 (id=196):
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000100)={0xfffffff8, "07bbfeb30c52d28881875bac175ccb0d6c446593aa7eaba9a256d98e03ab46af", <r4=>0xffffffffffffffff})
ioctl$SYNC_IOC_FILE_INFO(r4, 0xc0383e04, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_ro(r6, &(0x7f00000000c0)='rdma.current\x00', 0x0, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="180000002e00090027bd70000000000004000000040018004fdcbf0fddae8f7237d0"], 0x18}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x16, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
r7 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x458, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r7, 0xc10c5541, &(0x7f0000000040))

8.621758222s ago: executing program 1 (id=197):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
openat(0xffffffffffffffff, 0x0, 0x414902, 0x80)
mount(&(0x7f0000000240), 0x0, &(0x7f0000000140)='ufs\x00', 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_io_uring_setup(0xc4, &(0x7f0000000100)={0x0, 0x4c69, 0x2000, 0x5, 0x38f}, 0x0, 0x0, 0x0)
ioctl$CEC_RECEIVE(0xffffffffffffffff, 0xc0386106, 0x0)
r0 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000800)={r0, r0, r0}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
geteuid()
syz_open_dev$tty1(0xc, 0x4, 0x4)
shmctl$IPC_SET(0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
madvise(&(0x7f0000b52000/0x3000)=nil, 0x3000, 0x12)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0)
dup(r3)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

7.786930098s ago: executing program 2 (id=198):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x54, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth1_macvtap\x00'}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x4c, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2000}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x20, 0x4, 0x0, 0x1, [@NFTA_HOOK_DEV={0x14, 0x3, 'veth1_macvtap\x00'}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}]}], {0x14}}, 0xe8}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$unix(0x1, 0x2, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r8=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010"], 0x48)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a80)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={0x34, r7, 0x1, 0x70bd28, 0x25dfdc00, {{}, {@void, @val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x7ff, 0x56}}}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)

5.881881913s ago: executing program 3 (id=199):
r0 = syz_open_dev$usbfs(0x0, 0x76, 0x101b01)
ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
lstat(&(0x7f0000000000)='./file0\x00', 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f00000004c0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r2, 0x8)
rt_sigprocmask(0x2, &(0x7f0000000080)={[0xffffffffffffffff]}, 0x0, 0x8)
r3 = gettid()
r4 = getpid()
rt_tgsigqueueinfo(r4, r3, 0x1f, &(0x7f00000003c0)={0x14, 0x1851, 0x2})
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0xfffffffffffffff7]}, 0x8, 0x0)
read$watch_queue(r5, &(0x7f0000000300)=""/176, 0xb0)
r6 = accept4(r2, 0x0, 0x0, 0x0)
write(r6, &(0x7f0000000000)="ea", 0x1)
sendto$inet6(r6, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4000880)
socket(0x1e, 0x4, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000052c0), 0x0, 0x2000, 0x0)

5.628877127s ago: executing program 4 (id=200):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP(0xffffffffffffffff, 0x3b85, &(0x7f0000000200)={0x28, 0x7, 0x0, 0x0, 0x0, 0x0, 0x1c})
ioctl$IOMMU_IOAS_UNMAP$ALL(0xffffffffffffffff, 0x3b86, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f000001d600)=[{{0x0, 0x0, 0x0}, 0x10009}, {{0x0, 0x0, &(0x7f000001d4c0)=[{&(0x7f000001c280)=""/4096, 0x1000}, {&(0x7f0000000240)=""/49, 0x31}, {&(0x7f000001d3c0)=""/157, 0x9d}], 0x3}, 0x580a}], 0x2, 0x41, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, <r3=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, 0x0, 0x0)
dup(r5)
socket$kcm(0xa, 0x2, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000580)={{0x84, @broadcast, 0x4e23, 0x3, 'lc\x00', 0x2, 0x4, 0x7b}, {@private=0xa010102, 0x4e22, 0x2, 0xc8, 0x80012d58, 0x12d5c}}, 0x44)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r7, 0x0, 0x487, 0x0, 0x0)

3.268046214s ago: executing program 3 (id=201):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socket$inet(0x2, 0x2, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x4)
clock_gettime(0x17, 0x0)
ioctl$KDGKBTYPE(r3, 0x4b33, 0x0)
keyctl$join(0x1, 0x0)
keyctl$session_to_parent(0x12)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket(0x10, 0x803, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000002c0)={'ip6gre0\x00', 0x0, 0x29, 0x0, 0x7, 0x6661, 0x6d, @loopback, @mcast1, 0x20, 0x7800, 0x2, 0x81}})
sendmsg$nl_generic(r5, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001480)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c"], 0x20}}, 0x0)
recvmmsg(r5, 0x0, 0x0, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000030000"], 0x0}, 0x94)

3.264026242s ago: executing program 1 (id=202):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$alg(0xffffffffffffffff, 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0xc4, &(0x7f0000000100)={0x0, 0x4c69, 0x2000, 0x5, 0x38f}, 0x0, 0x0, 0x0)
add_key$user(&(0x7f00000003c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
syz_open_dev$sg(0x0, 0x0, 0x8002)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @none, 0x7ff}, 0xe)
r6 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r6, 0x0, 0x0)
sendmmsg(r6, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xe000}, 0x5}], 0x1, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000300), r6)
sendmsg$DEVLINK_CMD_TRAP_GET(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0xff8b}, 0x1, 0x0, 0x0, 0x4008004}, 0x0)

2.916112221s ago: executing program 4 (id=203):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000018c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000001}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=ANY=[@ANYBLOB="b0000000080211000001080211f5ffff0702110000001000000002000000"], 0x1e)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41000}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
ioctl(0xffffffffffffffff, 0x8b2a, &(0x7f0000000040))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001740)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xd4, 0xd4, 0x7, [@datasec={0x6, 0x7, 0x0, 0xf, 0x2, [{0x5, 0x5}, {0x3, 0x1, 0x2}, {0x1, 0x80000000, 0xb6}, {0x3, 0x1000, 0xc0000000}, {0x5, 0x2911, 0x6}, {0x4, 0x9, 0xfffffffb}, {0x1, 0x6, 0x5}], "a262"}, @var={0x7, 0x0, 0x0, 0xe, 0x5, 0x2}, @datasec={0xa, 0x4, 0x0, 0xf, 0x2, [{0x2, 0x1, 0x7}, {0x2, 0x4, 0x3}, {0x5, 0x7, 0x1}, {0x1, 0x776f, 0x9}], "cf32"}, @fwd={0x6}, @float={0xc, 0x0, 0x0, 0x10, 0x10}, @const={0xa, 0x0, 0x0, 0xa, 0x1}]}, {0x0, [0x2e, 0x2e, 0x30, 0x0, 0x30]}}, &(0x7f0000000740)=""/4096, 0xf3, 0x1000, 0x1, 0x1}, 0x28)
geteuid()
sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f00000005c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x1c, 0x0, 0x4, 0x70bd2a, 0x25dfdbfc, {}, [@GTPA_FAMILY={0x5, 0xd, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4)

468.223613ms ago: executing program 3 (id=204):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4, 0x0, @loopback, 0x4}, 0x1c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000004c0)='setgroups\x00')
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x40, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x40}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r5, 0x0, 0x4800)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304}, "0000000400", "6abc00000000000000000000001000", "f0630400"}, 0x28)
sendto$inet6(r0, &(0x7f0000000240)="c62ee5d6a89f2387cb4093532f7c0a22ce", 0xffffffffffffff69, 0x8040, 0x0, 0x0)
shutdown(r0, 0x1)

369.938615ms ago: executing program 2 (id=205):
socket(0x1, 0x2, 0x3)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
close(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$inet6_udp(0xa, 0x2, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = shmget(0x1, 0x4000, 0xa20, &(0x7f0000ffb000/0x4000)=nil)
shmat(r5, &(0x7f0000ffd000/0x2000)=nil, 0x4000)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r6, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r6, 0x3)
accept4$bt_l2cap(r6, &(0x7f0000000200), 0x0, 0x800)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)

0s ago: executing program 1 (id=206):
r0 = memfd_secret(0x80000)
write$binfmt_register(r0, &(0x7f0000000080)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x4, 0x3a, '\x00', 0x3a, '\'(#6', 0x3a, './file0'}, 0x2c)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000280)={0x20000000, 0x4, 0x815, 0x81, 0xffffffff})
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x40800)
setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xf, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
keyctl$search(0xa, 0x0, 0x0, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x4000000)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x4044800)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000001a40)={0x0, 0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r7, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)=@newsa={0xf0, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in=@multicast2, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0xa, 0x0, 0x20, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0xfe, 0x1000000000000192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffe, 0x3fc}, 0x80, 0x3505, 0x2, 0x1, 0x0, 0x20}}, 0xf0}}, 0x844)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.76' (ED25519) to the list of known hosts.
[   75.903870][ T5589] cgroup: Unknown subsys name 'net'
[   76.146172][ T5589] cgroup: Unknown subsys name 'cpuset'
[   76.220275][ T5589] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   77.916554][ T5589] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   81.584497][ T5615] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   81.610547][ T5615] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   81.639227][ T5615] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   81.654619][ T5616] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   81.669024][ T5615] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   81.682797][ T5616] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   81.683842][ T5616] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   81.687035][ T5616] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   81.687309][ T5616] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   81.691756][ T5619] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   81.693955][ T5619] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   81.695777][ T5619] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   81.696010][ T5619] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   81.698844][   T60] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   81.700113][ T5616] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   81.718494][ T4917] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   81.723084][ T4917] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   81.755505][   T60] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   81.759926][   T60] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   81.793685][ T5608] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   81.846465][ T4917] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   81.858585][ T4917] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   81.870639][   T60] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   81.872779][ T4917] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   81.895852][ T4917] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   83.800852][ T5614] Bluetooth: hci2: command tx timeout
[   83.879772][ T4917] Bluetooth: hci3: command tx timeout
[   83.879916][ T4917] Bluetooth: hci1: command tx timeout
[   83.880102][ T5614] Bluetooth: hci0: command tx timeout
[   83.969786][   T60] Bluetooth: hci4: command tx timeout
[   84.322324][ T5604] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.323199][ T5604] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.323319][ T5604] bridge_slave_0: entered allmulticast mode
[   84.324748][ T5604] bridge_slave_0: entered promiscuous mode
[   84.331604][ T5603] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.331712][ T5603] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.331858][ T5603] bridge_slave_0: entered allmulticast mode
[   84.335692][ T5603] bridge_slave_0: entered promiscuous mode
[   84.339337][ T5605] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.339465][ T5605] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.339605][ T5605] bridge_slave_0: entered allmulticast mode
[   84.345868][ T5605] bridge_slave_0: entered promiscuous mode
[   84.373474][ T5601] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.373568][ T5601] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.373720][ T5601] bridge_slave_0: entered allmulticast mode
[   84.375982][ T5601] bridge_slave_0: entered promiscuous mode
[   84.378219][ T5604] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.378325][ T5604] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.378963][ T5604] bridge_slave_1: entered allmulticast mode
[   84.383584][ T5604] bridge_slave_1: entered promiscuous mode
[   84.386134][ T5603] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.386241][ T5603] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.387164][ T5603] bridge_slave_1: entered allmulticast mode
[   84.389579][ T5603] bridge_slave_1: entered promiscuous mode
[   84.392812][ T5605] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.392917][ T5605] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.393069][ T5605] bridge_slave_1: entered allmulticast mode
[   84.396453][ T5605] bridge_slave_1: entered promiscuous mode
[   84.398378][ T5602] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.398492][ T5602] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.398630][ T5602] bridge_slave_0: entered allmulticast mode
[   84.402921][ T5602] bridge_slave_0: entered promiscuous mode
[   84.406080][ T5601] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.406185][ T5601] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.406685][ T5601] bridge_slave_1: entered allmulticast mode
[   84.409066][ T5601] bridge_slave_1: entered promiscuous mode
[   84.487437][ T5602] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.487548][ T5602] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.487704][ T5602] bridge_slave_1: entered allmulticast mode
[   84.491512][ T5602] bridge_slave_1: entered promiscuous mode
[   84.616509][ T5604] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.619548][ T5603] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.624897][ T5605] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.651413][ T5601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.653878][ T5604] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.655753][ T5603] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.657625][ T5605] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.661404][ T5602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.665137][ T5601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.723171][ T5602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   85.065581][ T5604] team0: Port device team_slave_0 added
[   85.067827][ T5603] team0: Port device team_slave_0 added
[   85.070353][ T5605] team0: Port device team_slave_0 added
[   85.090079][ T5601] team0: Port device team_slave_0 added
[   85.091977][ T5604] team0: Port device team_slave_1 added
[   85.093514][ T5603] team0: Port device team_slave_1 added
[   85.095026][ T5605] team0: Port device team_slave_1 added
[   85.096556][ T5602] team0: Port device team_slave_0 added
[   85.098402][ T5601] team0: Port device team_slave_1 added
[   85.154058][ T5602] team0: Port device team_slave_1 added
[   85.242293][ T5604] batman_adv: batadv0: Adding interface: batadv_slave_0
[   85.242309][ T5604] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   85.242332][ T5604] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   85.245519][ T5603] batman_adv: batadv0: Adding interface: batadv_slave_0
[   85.245534][ T5603] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   85.245557][ T5603] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   85.246811][ T5605] batman_adv: batadv0: Adding interface: batadv_slave_0
[   85.246832][ T5605] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   85.246855][ T5605] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   85.267704][ T5601] batman_adv: batadv0: Adding interface: batadv_slave_0
[   85.267720][ T5601] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   85.267744][ T5601] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   85.271475][ T5604] batman_adv: batadv0: Adding interface: batadv_slave_1
[   85.271488][ T5604] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   85.271513][ T5604] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   85.275183][ T5603] batman_adv: batadv0: Adding interface: batadv_slave_1
[   85.275196][ T5603] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   85.275220][ T5603] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   85.276820][ T5605] batman_adv: batadv0: Adding interface: batadv_slave_1
[   85.276833][ T5605] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   85.276858][ T5605] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   85.278783][ T5602] batman_adv: batadv0: Adding interface: batadv_slave_0
[   85.278799][ T5602] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   85.278823][ T5602] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   85.284011][ T5601] batman_adv: batadv0: Adding interface: batadv_slave_1
[   85.284024][ T5601] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   85.284047][ T5601] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   85.326973][ T5602] batman_adv: batadv0: Adding interface: batadv_slave_1
[   85.326988][ T5602] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   85.327012][ T5602] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   85.563794][ T5603] hsr_slave_0: entered promiscuous mode
[   85.565408][ T5603] hsr_slave_1: entered promiscuous mode
[   85.576958][ T5605] hsr_slave_0: entered promiscuous mode
[   85.578315][ T5605] hsr_slave_1: entered promiscuous mode
[   85.582364][ T5605] debugfs: 'hsr0' already exists in 'hsr'
[   85.582499][ T5605] Cannot create hsr debugfs directory
[   85.617538][ T5604] hsr_slave_0: entered promiscuous mode
[   85.619031][ T5604] hsr_slave_1: entered promiscuous mode
[   85.620804][ T5604] debugfs: 'hsr0' already exists in 'hsr'
[   85.620827][ T5604] Cannot create hsr debugfs directory
[   85.652911][ T5601] hsr_slave_0: entered promiscuous mode
[   85.654163][ T5601] hsr_slave_1: entered promiscuous mode
[   85.655092][ T5601] debugfs: 'hsr0' already exists in 'hsr'
[   85.655114][ T5601] Cannot create hsr debugfs directory
[   85.667519][ T5602] hsr_slave_0: entered promiscuous mode
[   85.669732][ T5602] hsr_slave_1: entered promiscuous mode
[   85.671061][ T5602] debugfs: 'hsr0' already exists in 'hsr'
[   85.671082][ T5602] Cannot create hsr debugfs directory
[   85.881427][   T60] Bluetooth: hci2: command tx timeout
[   85.959863][ T5614] Bluetooth: hci1: command tx timeout
[   85.959892][ T5614] Bluetooth: hci3: command tx timeout
[   85.960019][   T60] Bluetooth: hci0: command tx timeout
[   86.049877][   T60] Bluetooth: hci4: command tx timeout
[   86.689111][   T31] cfg80211: failed to load regulatory.db
[   86.814453][ T5605] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   86.883077][ T5605] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   86.903934][ T5605] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   86.944923][ T5605] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   86.949426][ T5605] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   86.984124][ T5605] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   87.000146][ T5605] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   87.043839][ T5605] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   87.127502][ T5604] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   87.155031][ T5604] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   87.161180][ T5604] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   87.183544][ T5604] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   87.205490][ T5604] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   87.245915][ T5604] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   87.264621][ T5604] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   87.303556][ T5604] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   87.459846][ T5601] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   87.493515][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   87.497800][ T5601] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   87.534588][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   87.539760][ T5601] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   87.579597][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   87.606156][ T5601] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   87.634041][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   87.771175][ T5603] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   87.805951][ T5603] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   87.811788][ T5603] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   87.844341][ T5603] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   87.864130][ T5603] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   87.904181][ T5603] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   87.927418][ T5603] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   87.959897][   T60] Bluetooth: hci2: command tx timeout
[   87.964723][ T5603] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   88.039819][   T60] Bluetooth: hci3: command tx timeout
[   88.039850][   T60] Bluetooth: hci1: command tx timeout
[   88.040100][ T4917] Bluetooth: hci0: command tx timeout
[   88.098845][ T5605] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.118680][ T5602] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   88.120136][ T4917] Bluetooth: hci4: command tx timeout
[   88.154518][ T5602] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   88.168363][ T5602] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   88.193159][ T5602] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   88.197622][ T5602] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   88.235795][ T5602] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   88.243914][ T5602] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   88.283452][ T5602] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   88.331777][ T5605] 8021q: adding VLAN 0 to HW filter on device team0
[   88.398895][ T1430] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.399267][ T1430] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.468936][ T1430] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.469052][ T1430] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.496870][ T5604] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.572975][ T5604] 8021q: adding VLAN 0 to HW filter on device team0
[   88.599114][ T5601] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.632611][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.632727][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.675957][ T3424] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.676090][ T3424] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.724130][ T5601] 8021q: adding VLAN 0 to HW filter on device team0
[   88.755772][ T5603] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.787434][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.787608][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.829017][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.829192][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.906350][ T5603] 8021q: adding VLAN 0 to HW filter on device team0
[   88.946471][ T5602] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.985592][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.985770][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.055943][ T1430] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.056072][ T1430] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.126372][ T5602] 8021q: adding VLAN 0 to HW filter on device team0
[   89.204105][ T3424] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.204275][ T3424] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.262774][ T3424] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.266745][ T3424] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.036581][ T5605] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.039973][ T4917] Bluetooth: hci2: command tx timeout
[   90.123792][ T5614] Bluetooth: hci3: command tx timeout
[   90.123840][ T4917] Bluetooth: hci0: command tx timeout
[   90.131759][ T4917] Bluetooth: hci1: command tx timeout
[   90.199828][ T4917] Bluetooth: hci4: command tx timeout
[   90.413290][ T5604] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.537832][ T5601] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.561003][ T5605] veth0_vlan: entered promiscuous mode
[   90.633058][ T5605] veth1_vlan: entered promiscuous mode
[   90.748587][ T5603] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.788868][ T5604] veth0_vlan: entered promiscuous mode
[   90.850692][ T5604] veth1_vlan: entered promiscuous mode
[   90.891567][ T5605] veth0_macvtap: entered promiscuous mode
[   90.895250][ T5601] veth0_vlan: entered promiscuous mode
[   90.922880][ T5602] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.923657][ T5605] veth1_macvtap: entered promiscuous mode
[   90.958575][ T5601] veth1_vlan: entered promiscuous mode
[   91.047211][ T5605] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.047541][ T5603] veth0_vlan: entered promiscuous mode
[   91.088101][ T5605] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.111947][ T5604] veth0_macvtap: entered promiscuous mode
[   91.147275][ T5603] veth1_vlan: entered promiscuous mode
[   91.158649][ T1137] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.173334][ T5604] veth1_macvtap: entered promiscuous mode
[   91.175537][ T1137] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.207412][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.229303][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.254503][ T5601] veth0_macvtap: entered promiscuous mode
[   91.346051][ T5601] veth1_macvtap: entered promiscuous mode
[   91.393691][ T5604] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.512254][ T5604] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.649252][   T44] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.680477][   T44] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.700871][ T5601] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.701979][   T44] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.738274][ T5603] veth0_macvtap: entered promiscuous mode
[   91.745499][   T44] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.824423][ T5601] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.825725][ T5603] veth1_macvtap: entered promiscuous mode
[   91.958899][ T1430] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.958924][ T1430] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.980364][   T58] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.018090][   T58] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.068989][   T58] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.069174][ T5602] veth0_vlan: entered promiscuous mode
[   92.111454][   T58] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.145624][ T5603] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.246516][ T5603] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.298600][ T5602] veth1_vlan: entered promiscuous mode
[   92.361080][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.361101][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.448215][   T58] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.482493][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.549411][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.568583][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.587967][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.587987][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.811641][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.811658][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.109041][ T5602] veth0_macvtap: entered promiscuous mode
[   93.119227][   T44] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.119246][   T44] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.228187][ T5602] veth1_macvtap: entered promiscuous mode
[   93.244744][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.244762][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.369681][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   93.389690][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   93.399675][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   93.459666][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   93.469690][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   93.489698][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   93.499692][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   93.509693][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   93.519692][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   93.529688][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   93.801878][ T5800] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4'.
[   95.151225][ T3424] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.151242][ T3424] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.340545][ T5602] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.495443][ T5602] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.531700][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.531719][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.691440][ T1430] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.692719][ T1430] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.692763][ T1430] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.692797][ T1430] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.880535][ T5807] comedi comedi2: c6xdigio: I/O base address not correctly aligned
[   99.430315][ T5741] IPVS: starting estimator thread 0...
[   99.457696][  T193] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.457716][  T193] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.549856][ T5822] IPVS: using max 9 ests per chain, 21600 per kthread
[   99.677410][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.677429][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.756750][ T5833] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8'.
[  106.390989][ T5848] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13'.
[  108.495238][ T5845] Zero length message leads to an empty skb
[  111.756802][   T31] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  112.146205][   T31] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  112.454668][ T5872] netlink: 16 bytes leftover after parsing attributes in process `syz.2.17'.
[  113.155784][ T5873] fido_id[5873]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  113.209416][ T5877] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  114.151454][   T31] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[  114.173013][ T5885] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14'.
[  114.658208][ T5612] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  115.118672][   T31] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  115.118708][   T31] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  115.171142][   T31] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  115.171171][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.171189][   T31] usb 3-1: Product: syz
[  115.171203][   T31] usb 3-1: Manufacturer: syz
[  115.171216][   T31] usb 3-1: SerialNumber: syz
[  115.302381][ T5612] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  115.302426][ T5612] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  115.302451][ T5612] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  115.302475][ T5612] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  115.302496][ T5612] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  115.393987][ T5612] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  115.394020][ T5612] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  115.394039][ T5612] usb 2-1: Product: syz
[  115.394053][ T5612] usb 2-1: Manufacturer: syz
[  115.394066][ T5612] usb 2-1: SerialNumber: syz
[  115.748599][   T31] usb 3-1: config 0 descriptor??
[  115.771568][ T5612] usb 2-1: config 0 descriptor??
[  117.487026][ T5612] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -71
[  117.487369][ T5612] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -5
[  117.566116][   T31] usb 3-1: USB disconnect, device number 2
[  117.841719][ T5612] usb 2-1: USB disconnect, device number 2
[  120.761229][ T5913] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  121.530864][ T5922] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  123.526410][ T5950] random: crng reseeded on system resumption
[  123.568289][ T5945] warning: `syz.2.32' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  124.659761][ T5732] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  124.845281][ T5732] usb 3-1: unable to get BOS descriptor or descriptor too short
[  124.846354][ T5732] usb 3-1: config 114 has an invalid interface number: 69 but max is 0
[  124.846377][ T5732] usb 3-1: config 114 has no interface number 0
[  124.846433][ T5732] usb 3-1: config 114 interface 69 altsetting 232 bulk endpoint 0x1 has invalid maxpacket 1023
[  124.846446][ T5732] usb 3-1: config 114 interface 69 altsetting 232 has an endpoint descriptor with address 0xCA, changing to 0x8A
[  124.846459][ T5732] usb 3-1: config 114 interface 69 altsetting 232 bulk endpoint 0x8A has invalid maxpacket 1023
[  124.846471][ T5732] usb 3-1: config 114 interface 69 has no altsetting 0
[  124.848537][ T5732] usb 3-1: New USB device found, idVendor=06a3, idProduct=ff04, bcdDevice=a5.d8
[  124.848563][ T5732] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.848582][ T5732] usb 3-1: Product: syz
[  124.848596][ T5732] usb 3-1: Manufacturer: syz
[  124.848608][ T5732] usb 3-1: SerialNumber: syz
[  125.699889][ T5945] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  125.700044][ T5945] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  126.202961][ T5732] usb 3-1: USB disconnect, device number 3
[  126.982081][ T5614] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  126.982242][ T5614] Bluetooth: hci0: Injecting HCI hardware error event
[  126.995919][   T60] Bluetooth: hci0: hardware error 0x00
[  127.086063][ T5858] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  127.319736][ T5614] Bluetooth: hci4: command 0x0405 tx timeout
[  127.381289][ T5858] usb 5-1: Using ep0 maxpacket: 8
[  127.385233][ T5858] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  127.385303][ T5858] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  127.385325][ T5858] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  127.385349][ T5858] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  127.385372][ T5858] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  127.385412][ T5858] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  127.385435][ T5858] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.687233][ T5971] kernel profiling enabled (shift: 9)
[  129.606010][   T60] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  131.807801][  T820] usb 5-1: USB disconnect, device number 3
[  132.184847][ T5987] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777'
[  132.206188][ T5989] capability: warning: `syz.2.43' uses 32-bit capabilities (legacy support in use)
[  133.709605][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[  133.714482][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[  138.327507][ T6034] input: syz0 as /devices/virtual/input/input6
[  140.131614][ T6038] ceph: No mds server is up or the cluster is laggy
[  140.169400][ T5612] libceph: connect (1)[c::]:6789 error -101
[  140.235981][ T5612] libceph: mon0 (1)[c::]:6789 connect error
[  145.093749][ T6076] netlink: 36 bytes leftover after parsing attributes in process `syz.1.60'.
[  146.493961][   T60] Bluetooth: hci4: unexpected event for opcode 0x0000
[  150.933444][   T60] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  150.933793][   T60] Bluetooth: hci4: Injecting HCI hardware error event
[  150.938258][   T60] Bluetooth: hci4: hardware error 0x00
[  154.284408][   T60] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  154.847918][ T6134] netlink: 'syz.4.71': attribute type 8 has an invalid length.
[  158.856450][ T6148] netlink: 'syz.4.76': attribute type 9 has an invalid length.
[  158.856517][ T6148] netlink: 44 bytes leftover after parsing attributes in process `syz.4.76'.
[  160.870150][ T6159] openvswitch: netlink: Actions may not be safe on all matching packets
[  164.684294][ T5732] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  164.850479][ T5732] usb 5-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  164.850509][ T5732] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.850530][ T5732] usb 5-1: Product: syz
[  164.850544][ T5732] usb 5-1: Manufacturer: syz
[  164.850558][ T5732] usb 5-1: SerialNumber: syz
[  165.693813][ T5732] usb 5-1: config 0 descriptor??
[  165.765187][ T5732] usb 5-1: can't set config #0, error -71
[  165.785201][ T5732] usb 5-1: USB disconnect, device number 4
[  172.369772][ T6209] netlink: 24 bytes leftover after parsing attributes in process `syz.2.90'.
[  173.483330][ T6209] syz.2.90 (6209) used greatest stack depth: 17024 bytes left
[  178.108298][ T6234] vlan1: entered promiscuous mode
[  178.108513][ T6234] vlan1: entered allmulticast mode
[  178.108526][ T6234] veth0_vlan: entered allmulticast mode
[  182.576799][ T6260] nfs: Bad value for 'source'
[  183.283485][ T6252] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nbd2": -EINTR
[  186.312194][   T37] audit: type=1326 audit(1779896194.193:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6285 comm="syz.4.105" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe216b5ce59 code=0x0
[  189.050958][   T31] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  189.761421][   T31] usb 5-1: config index 0 descriptor too short (expected 8192, got 36)
[  189.761449][   T31] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  189.761466][   T31] usb 5-1: config 0 has no interfaces?
[  189.761495][   T31] usb 5-1: New USB device found, idVendor=5443, idProduct=0042, bcdDevice= 0.00
[  189.761517][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.823060][   T31] usb 5-1: config 0 descriptor??
[  196.539207][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[  196.539266][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[  201.419911][ T5732] usb 5-1: USB disconnect, device number 5
[  201.789463][ T6326] input: syz0 as /devices/virtual/input/input7
[  203.332361][ T6330] pimreg: entered allmulticast mode
[  204.009242][ T6330] 9p: Bad value for 'wfdno'
[  204.268242][ T6330] pimreg: left allmulticast mode
[  206.179840][ T6310] syz.0.110 (6310): drop_caches: 2
[  208.517156][ T5608] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  208.555899][ T5608] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  208.573633][ T5608] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  208.588895][ T5608] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  208.589598][ T5608] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  210.055579][ T5611] Bluetooth: hci1: command 0x0406 tx timeout
[  210.056302][ T5608] Bluetooth: hci2: command 0x0406 tx timeout
[  210.056334][ T5608] Bluetooth: hci3: command 0x0406 tx timeout
[  211.810838][ T4917] Bluetooth: hci0: command tx timeout
[  212.892266][ T6313] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.994123][  T145] Bluetooth: hci5: Frame reassembly failed (-84)
[  213.826230][ T6313] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.101653][ T4917] Bluetooth: hci0: command tx timeout
[  215.173848][ T5614] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  216.365566][ T5614] Bluetooth: hci0: command tx timeout
[  216.879721][ T6313] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.719827][ T5614] Bluetooth: hci0: command tx timeout
[  221.178718][ T6435] tipc: Failed to remove unknown binding: 66,0,0/0:3802724053/3802724054
[  221.195667][ T6427] tipc: Failed to remove unknown binding: 66,0,0/0:3802724053/3802724054
[  221.274162][ T6313] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.306544][ T6436] netlink: 244 bytes leftover after parsing attributes in process `syz.2.130'.
[  223.551658][ T6359] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.551829][ T6359] bridge0: port 1(bridge_slave_0) entered disabled state
[  223.552308][ T6359] bridge_slave_0: entered allmulticast mode
[  223.554894][ T6359] bridge_slave_0: entered promiscuous mode
[  223.610183][ T6359] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.610324][ T6359] bridge0: port 2(bridge_slave_1) entered disabled state
[  223.640311][ T6359] bridge_slave_1: entered allmulticast mode
[  223.665159][ T6359] bridge_slave_1: entered promiscuous mode
[  223.738096][ T6359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  223.761731][ T6359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  223.864296][ T6359] team0: Port device team_slave_0 added
[  223.898593][ T6359] team0: Port device team_slave_1 added
[  227.167942][ T6359] batman_adv: batadv0: Adding interface: batadv_slave_0
[  227.167954][ T6359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  227.167967][ T6359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  227.169326][ T6359] batman_adv: batadv0: Adding interface: batadv_slave_1
[  227.169335][ T6359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  227.169359][ T6359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  230.769863][ T6359] hsr_slave_0: entered promiscuous mode
[  230.771102][ T6359] hsr_slave_1: entered promiscuous mode
[  230.771880][ T6359] debugfs: 'hsr0' already exists in 'hsr'
[  230.771900][ T6359] Cannot create hsr debugfs directory
[  232.533863][ T6486] comedi comedi2: c6xdigio: I/O base address not correctly aligned
[  236.981899][ T6313] bridge_slave_1: left allmulticast mode
[  236.982055][ T6313] bridge_slave_1: left promiscuous mode
[  237.097560][ T6512] netlink: 'syz.3.144': attribute type 21 has an invalid length.
[  237.097679][ T6512] IPv6: NLM_F_CREATE should be specified when creating new route
[  237.143540][ T6512] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  237.143588][ T6512] IPv6: NLM_F_CREATE should be set when creating new route
[  237.162588][ T6512] IPv6: NLM_F_CREATE should be set when creating new route
[  237.165041][ T6512] IPv6: NLM_F_CREATE should be set when creating new route
[  237.385235][ T6513] netlink: 8 bytes leftover after parsing attributes in process `syz.3.144'.
[  238.190783][ T6313] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.859745][ T6313] bridge_slave_0: left allmulticast mode
[  238.859778][ T6313] bridge_slave_0: left promiscuous mode
[  238.917889][ T6313] bridge0: port 1(bridge_slave_0) entered disabled state
[  239.470254][ T6529] =======================================================
[  239.470254][ T6529] WARNING: The mand mount option has been deprecated and
[  239.470254][ T6529]          and is ignored by this kernel. Remove the mand
[  239.470254][ T6529]          option from the mount to silence this warning.
[  239.470254][ T6529] =======================================================
[  239.685839][ T6529] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  246.656425][ T6313] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  246.737194][ T6313] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  246.762139][ T6313] bond0 (unregistering): Released all slaves
[  247.002053][ T6510] bond1: Unable to set down delay as MII monitoring is disabled
[  247.706378][ T6510] bond1 (unregistering): Released all slaves
[  247.772327][ T5263] 8021q: adding VLAN 0 to HW filter on device eth1
[  247.790535][ T6541] netlink: 24 bytes leftover after parsing attributes in process `syz.1.148'.
[  252.648560][ T6589] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096
[  252.918024][   T37] audit: type=1326 audit(1779896255.688:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6598 comm="syz.3.157" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f882ad7ce59 code=0x7ffc0000
[  252.918073][   T37] audit: type=1326 audit(1779896255.688:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6598 comm="syz.3.157" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f882ad7ce59 code=0x7ffc0000
[  252.973520][   T37] audit: type=1326 audit(1779896255.743:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6598 comm="syz.3.157" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f882ad7ce59 code=0x7ffc0000
[  252.973568][   T37] audit: type=1326 audit(1779896255.743:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6598 comm="syz.3.157" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f882ad7ce59 code=0x7ffc0000
[  252.973606][   T37] audit: type=1326 audit(1779896255.743:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6598 comm="syz.3.157" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f882ad7ce59 code=0x7ffc0000
[  252.973793][   T37] audit: type=1326 audit(1779896255.697:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6598 comm="syz.3.157" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f882ad7ce59 code=0x7ffc0000
[  252.976605][   T37] audit: type=1326 audit(1779896255.752:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6598 comm="syz.3.157" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f882ad7ce59 code=0x7ffc0000
[  252.976651][   T37] audit: type=1326 audit(1779896255.752:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6598 comm="syz.3.157" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f882ad7ce59 code=0x7ffc0000
[  252.981682][   T37] audit: type=1326 audit(1779896255.752:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6598 comm="syz.3.157" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f882ad7ce59 code=0x7ffc0000
[  253.010490][   T37] audit: type=1326 audit(1779896255.780:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6598 comm="syz.3.157" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f882ad7ce59 code=0x7ffc0000
[  253.076936][ T5614] Bluetooth: hci1: unexpected event for opcode 0x4889
[  253.316662][ T6602] netlink: 44 bytes leftover after parsing attributes in process `syz.3.157'.
[  253.316684][ T6602] netlink: 24 bytes leftover after parsing attributes in process `syz.3.157'.
[  255.016133][ T5263] 8021q: adding VLAN 0 to HW filter on device eth2
[  256.347696][ T6616] Invalid ELF header type: 3 != 1
[  258.766701][ T6635] CUSE: info not properly terminated
[  259.361032][ T6359] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  259.470249][ T6359] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  262.584873][ T5858] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  262.757537][ T5858] usb 5-1: Using ep0 maxpacket: 16
[  262.759706][ T5858] usb 5-1: config 222 has an invalid interface number: 31 but max is 0
[  262.759729][ T5858] usb 5-1: config 222 has no interface number 0
[  262.759767][ T5858] usb 5-1: config 222 interface 31 altsetting 11 endpoint 0xE has an invalid bInterval 255, changing to 11
[  262.759792][ T5858] usb 5-1: config 222 interface 31 altsetting 11 endpoint 0xE has invalid maxpacket 59391, setting to 1024
[  262.759818][ T5858] usb 5-1: config 222 interface 31 has no altsetting 0
[  262.774109][ T6359] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  262.810359][ T6359] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  262.840136][ T5858] usb 5-1: New USB device found, idVendor=0f11, idProduct=2030, bcdDevice=a9.fd
[  262.840165][ T5858] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.840184][ T5858] usb 5-1: Product: syz
[  262.840197][ T5858] usb 5-1: Manufacturer: syz
[  262.840212][ T5858] usb 5-1: SerialNumber: syz
[  262.871511][ T6669] Bluetooth: MGMT ver 1.23
[  262.884886][ T6359] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  262.901026][ T6659] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  263.036876][ T6359] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  263.111792][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[  263.111938][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[  263.281183][ T6359] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  263.453011][ T6359] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  263.490692][ T5263] 8021q: adding VLAN 0 to HW filter on device eth3
[  263.884961][ T5858] ldusb 5-1:222.31: LD USB Device #0 now attached to major 180 minor 0
[  263.912918][ T5858] usb 5-1: USB disconnect, device number 6
[  264.846111][ T6682] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  265.034115][ T6313] hsr_slave_0: left promiscuous mode
[  265.076411][ T6313] hsr_slave_1: left promiscuous mode
[  265.079269][ T6313] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  265.079365][ T6313] batman_adv: batadv0: Removing interface: batadv_slave_0
[  266.942810][ T6313] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  266.942869][ T6313] batman_adv: batadv0: Removing interface: batadv_slave_1
[  267.711913][ T5612] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  267.913581][ T5612] usb 3-1: Using ep0 maxpacket: 8
[  267.950221][ T5612] usb 3-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[  268.068310][ T5612] usb 3-1: New USB device found, idVendor=22b8, idProduct=6425, bcdDevice=d3.6c
[  268.068380][ T5612] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.068430][ T5612] usb 3-1: Product: syz
[  268.068477][ T5612] usb 3-1: Manufacturer: syz
[  268.068491][ T5612] usb 3-1: SerialNumber: syz
[  268.317842][ T5612] usb 3-1: config 0 descriptor??
[  268.496851][ T5612] cdc_ether 3-1:0.0: bad CDC descriptors
[  268.580016][ T6698] netlink: 64 bytes leftover after parsing attributes in process `syz.2.171'.
[  268.594225][ T5858] ldusb 5-1:222.31: LD USB Device #0 now disconnected
[  269.300002][ T5612] usb 3-1: unsupported MDLM descriptors
[  269.464065][ T6313] veth1_macvtap: left promiscuous mode
[  269.464249][ T6313] veth0_macvtap: left promiscuous mode
[  269.464450][ T6313] veth1_vlan: left promiscuous mode
[  269.464663][ T6313] veth0_vlan: left promiscuous mode
[  272.267135][ T4917] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  272.349181][ T4917] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  272.358747][ T4917] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  272.390767][ T4917] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  272.391811][ T4917] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  273.867659][ T6313] team0 (unregistering): Port device team_slave_1 removed
[  273.921621][ T6313] team0 (unregistering): Port device team_slave_0 removed
[  274.301112][ T5612] usb 3-1: USB disconnect, device number 4
[  274.586127][ T5746] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  274.609465][ T5614] Bluetooth: hci5: command tx timeout
[  274.793483][ T5746] usb 5-1: config 1 has an invalid descriptor of length 129, skipping remainder of the config
[  274.793509][ T5746] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[  274.822217][ T5746] usb 5-1: New USB device found, idVendor=2b73, idProduct=0013, bcdDevice= 0.40
[  274.822245][ T5746] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.822263][ T5746] usb 5-1: Product: syz
[  274.822277][ T5746] usb 5-1: Manufacturer: syz
[  274.822290][ T5746] usb 5-1: SerialNumber: syz
[  275.043786][ T6730] netlink: 8 bytes leftover after parsing attributes in process `syz.2.178'.
[  275.043826][ T6730] netlink: 8 bytes leftover after parsing attributes in process `syz.2.178'.
[  275.091506][ T6730] netlink: 20 bytes leftover after parsing attributes in process `syz.2.178'.
[  276.177676][ T6720] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  276.215563][ T6720] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  276.616170][ T5746] usb 5-1: USB disconnect, device number 7
[  276.861103][ T5614] Bluetooth: hci5: command tx timeout
[  277.012393][ T6314] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  277.070781][ T6314] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  277.070830][ T6314] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  277.070865][ T6314] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  278.743922][ T5263] 8021q: adding VLAN 0 to HW filter on device eth4
[  279.257588][ T6764] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  279.485787][ T5614] Bluetooth: hci5: command tx timeout
[  279.592477][ T6766] openvswitch: netlink: Geneve option length err (len 256, max 255).
[  279.924293][ T5732] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  280.156451][ T5732] usb 5-1: Using ep0 maxpacket: 8
[  280.172510][ T5732] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  280.172538][ T5732] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.172558][ T5732] usb 5-1: Product: syz
[  280.172571][ T5732] usb 5-1: Manufacturer: syz
[  280.172584][ T5732] usb 5-1: SerialNumber: syz
[  280.227393][ T5732] usb 5-1: config 0 descriptor??
[  280.250296][ T5732] gspca_main: se401-2.14.0 probing 047d:5003
[  280.586282][ T5614] Bluetooth: hci2: unexpected cc 0x0c2d length: 65 > 4
[  280.588010][ T5614] Bluetooth: hci2: unexpected event for opcode 0x0c2d
[  281.812238][ T6789] vlan0: entered promiscuous mode
[  281.843769][ T5614] Bluetooth: hci5: command tx timeout
[  282.821446][ T5732] usb 5-1: reset high-speed USB device number 8 using dummy_hcd
[  283.354075][ T6709] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.354992][ T6709] bridge0: port 1(bridge_slave_0) entered disabled state
[  283.355185][ T6709] bridge_slave_0: entered allmulticast mode
[  283.358968][ T6709] bridge_slave_0: entered promiscuous mode
[  283.375146][ T6709] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.375329][ T6709] bridge0: port 2(bridge_slave_1) entered disabled state
[  283.375527][ T6709] bridge_slave_1: entered allmulticast mode
[  283.378160][ T6709] bridge_slave_1: entered promiscuous mode
[  283.495575][ T6709] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  283.504873][ T6709] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  284.955597][ T6709] team0: Port device team_slave_0 added
[  284.975978][ T6709] team0: Port device team_slave_1 added
[  285.108112][ T5732] gspca_se401: read req failed req 0x06 error -19
[  285.192917][ T6709] batman_adv: batadv0: Adding interface: batadv_slave_0
[  285.192934][ T6709] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  285.192958][ T6709] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  285.196813][ T6709] batman_adv: batadv0: Adding interface: batadv_slave_1
[  285.196827][ T6709] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  285.196851][ T6709] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  285.216986][ T5732] usb 5-1: USB disconnect, device number 8
[  286.771517][ T5732] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  287.888497][ T5732] usb 5-1: Using ep0 maxpacket: 16
[  287.937468][ T5732] usb 5-1: New USB device found, idVendor=064b, idProduct=7825, bcdDevice=62.b8
[  287.937497][ T5732] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.937514][ T5732] usb 5-1: Product: syz
[  287.937526][ T5732] usb 5-1: Manufacturer: syz
[  287.937539][ T5732] usb 5-1: SerialNumber: syz
[  288.375082][ T5732] upd78f0730 5-1:8.0: upd78f0730 converter detected
[  289.610039][ T6709] hsr_slave_0: entered promiscuous mode
[  289.612826][ T6709] hsr_slave_1: entered promiscuous mode
[  289.613588][ T6709] debugfs: 'hsr0' already exists in 'hsr'
[  289.613608][ T6709] Cannot create hsr debugfs directory
[  290.578697][ T5732] usb 5-1: upd78f0730 converter now attached to ttyUSB0
[  290.664644][ T5732] usb 5-1: USB disconnect, device number 9
[  291.978754][ T5732] upd78f0730 ttyUSB0: upd78f0730 converter now disconnected from ttyUSB0
[  291.994742][ T5732] upd78f0730 5-1:8.0: device disconnected
[  301.155830][ T6905] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  301.217342][ T6905] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  302.321383][ T5614] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  302.321710][ T5614] CPU: 1 UID: 0 PID: 5614 Comm: kworker/u9:4 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  302.321742][ T5614] Tainted: [L]=SOFTLOCKUP
[  302.321749][ T5614] Hardware [  302.321749][ T5614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  302.321763][ T5614] Workqueue: hci2 hci_rx_work
[  302.321811][ T5614] Call Trace:
[  302.321819][ T5614]  <TASK>
[  302.321828][ T5614]  dump_stack_lvl+0xe8/0x150
[  302.321856][ T5614]  sysfs_create_dir_ns+0x271/0x2a0
[  302.321890][ T5614]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  302.321916][ T5614]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  302.321947][ T5614]  ? __rcu_read_unlock+0x83/0xe0
[  302.321973][ T5614]  ? rt_spin_unlock+0x160/0x200
[  302.322000][ T5614]  kobject_add_internal+0x631/0xd10
[  302.322030][ T5614]  kobject_add+0x163/0x240
[  302.322055][ T5614]  ? __pfx_kobject_add+0x10/0x10
[  302.322089][ T5614]  device_add+0x408/0xbb0
[  302.322126][ T5614]  hci_conn_add_sysfs+0xd5/0x210
[  302.322155][ T5614]  le_conn_complete_evt+0x10e6/0x16b0
[  302.322187][ T5614]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  302.322210][ T5614]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  302.322239][ T5614]  ? lockdep_hardirqs_on+0x7a/0x110
[  302.322271][ T5614]  ? skb_pull_data+0xfb/0x200
[  302.322296][ T5614]  hci_le_conn_complete_evt+0x187/0x470
[  302.322324][ T5614]  hci_event_packet+0x659/0xef0
[  302.322359][ T5614]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  302.322381][ T5614]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  302.322417][ T5614]  ? __pfx_hci_event_packet+0x10/0x10
[  302.322444][ T5614]  ? rt_spin_unlock+0x14f/0x200
[  302.322477][ T5614]  ? hci_send_to_monitor+0xe2/0x590
[  302.322503][ T5614]  hci_rx_work+0x3ee/0x1040
[  302.322533][ T5614]  ? preempt_schedule_thunk+0x16/0x30
[  302.322566][ T5614]  ? process_scheduled_works+0xa70/0x1860
[  302.322590][ T5614]  process_scheduled_works+0xb5d/0x1860
[  302.322643][ T5614]  ? __pfx_process_scheduled_works+0x10/0x10
[  302.322672][ T5614]  ? assign_work+0x3d5/0x5e0
[  302.322698][ T5614]  worker_thread+0xa53/0xfc0
[  302.322747][ T5614]  kthread+0x388/0x470
[  302.322777][ T5614]  ? __pfx_worker_thread+0x10/0x10
[  302.322797][ T5614]  ? __pfx_kthread+0x10/0x10
[  302.322825][ T5614]  ret_from_fork+0x514/0xb70
[  302.322849][ T5614]  ? __pfx_ret_from_fork+0x10/0x10
[  302.322872][ T5614]  ? __switch_to+0xc79/0x1410
[  302.322904][ T5614]  ? __pfx_kthread+0x10/0x10
[  302.322932][ T5614]  ret_from_fork_asm+0x1a/0x30
[  302.322974][ T5614]  </TASK>
[  302.323330][ T5614] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  302.323939][ T5614] Bluetooth: hci2: failed to register connection device
[  302.529180][ T5614] ==================================================================
[  302.529199][ T5614] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x208/0x2f0
[  302.529234][ T5614] Read of size 8 at addr ffff88805dfb8830 by task kworker/u9:4/5614
[  302.529252][ T5614] 
[  302.529266][ T5614] CPU: 1 UID: 0 PID: 5614 Comm: kworker/u9:4 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  302.529294][ T5614] Tainted: [L]=SOFTLOCKUP
[  302.529302][ T5614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  302.529315][ T5614] Workqueue: hci2 hci_rx_work
[  302.529343][ T5614] Call Trace:
[  302.529351][ T5614]  <TASK>
[  302.529360][ T5614]  dump_stack_lvl+0xe8/0x150
[  302.529384][ T5614]  print_address_description+0x55/0x1e0
[  302.529407][ T5614]  ? l2cap_sock_new_connection_cb+0x208/0x2f0
[  302.529432][ T5614]  print_report+0x58/0x70
[  302.529451][ T5614]  kasan_report+0x117/0x150
[  302.529476][ T5614]  ? l2cap_sock_new_connection_cb+0x208/0x2f0
[  302.529506][ T5614]  l2cap_sock_new_connection_cb+0x208/0x2f0
[  302.529533][ T5614]  l2cap_connect_cfm+0x368/0x1560
[  302.529560][ T5614]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  302.529582][ T5614]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  302.529611][ T5614]  ? lockdep_hardirqs_on+0x7a/0x110
[  302.529638][ T5614]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  302.529665][ T5614]  ? mutex_lock_nested+0x152/0x1d0
[  302.529686][ T5614]  ? hci_connect_cfm+0x2c/0x140
[  302.529704][ T5614]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  302.529727][ T5614]  hci_connect_cfm+0x95/0x140
[  302.529746][ T5614]  le_conn_complete_evt+0x1134/0x16b0
[  302.529771][ T5614]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  302.529792][ T5614]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  302.529820][ T5614]  ? lockdep_hardirqs_on+0x7a/0x110
[  302.529847][ T5614]  ? skb_pull_data+0xfb/0x200
[  302.529876][ T5614]  hci_le_conn_complete_evt+0x187/0x470
[  302.529899][ T5614]  hci_event_packet+0x659/0xef0
[  302.529929][ T5614]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  302.529952][ T5614]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  302.529981][ T5614]  ? __pfx_hci_event_packet+0x10/0x10
[  302.530006][ T5614]  ? rt_spin_unlock+0x14f/0x200
[  302.530033][ T5614]  ? hci_send_to_monitor+0xe2/0x590
[  302.530057][ T5614]  hci_rx_work+0x3ee/0x1040
[  302.530083][ T5614]  ? preempt_schedule_thunk+0x16/0x30
[  302.530112][ T5614]  ? process_scheduled_works+0xa70/0x1860
[  302.530134][ T5614]  process_scheduled_works+0xb5d/0x1860
[  302.530167][ T5614]  ? __pfx_process_scheduled_works+0x10/0x10
[  302.530190][ T5614]  ? assign_work+0x3d5/0x5e0
[  302.530212][ T5614]  worker_thread+0xa53/0xfc0
[  302.530244][ T5614]  kthread+0x388/0x470
[  302.530269][ T5614]  ? __pfx_worker_thread+0x10/0x10
[  302.530289][ T5614]  ? __pfx_kthread+0x10/0x10
[  302.530315][ T5614]  ret_from_fork+0x514/0xb70
[  302.530337][ T5614]  ? __pfx_ret_from_fork+0x10/0x10
[  302.530358][ T5614]  ? __switch_to+0xc79/0x1410
[  302.530387][ T5614]  ? __pfx_kthread+0x10/0x10
[  302.530413][ T5614]  ret_from_fork_asm+0x1a/0x30
[  302.530444][ T5614]  </TASK>
[  302.530452][ T5614] 
[  302.530456][ T5614] Allocated by task 5614:
[  302.530466][ T5614]  kasan_save_track+0x3e/0x80
[  302.530484][ T5614]  __kasan_kmalloc+0x93/0xb0
[  302.530503][ T5614]  __kmalloc_noprof+0x3e7/0x7b0
[  302.530522][ T5614]  sk_prot_alloc+0xe7/0x210
[  302.530547][ T5614]  sk_alloc+0x3a/0x390
[  302.530571][ T5614]  bt_sock_alloc+0x3b/0x340
[  302.530597][ T5614]  l2cap_sock_new_connection_cb+0xf1/0x2f0
[  302.530621][ T5614]  l2cap_connect_cfm+0x368/0x1560
[  302.530640][ T5614]  hci_connect_cfm+0x95/0x140
[  302.530656][ T5614]  le_conn_complete_evt+0x1134/0x16b0
[  302.530673][ T5614]  hci_le_conn_complete_evt+0x187/0x470
[  302.530686][ T5614]  hci_event_packet+0x659/0xef0
[  302.530705][ T5614]  hci_rx_work+0x3ee/0x1040
[  302.530728][ T5614]  process_scheduled_works+0xb5d/0x1860
[  302.530745][ T5614]  worker_thread+0xa53/0xfc0
[  302.530760][ T5614]  kthread+0x388/0x470
[  302.530771][ T5614]  ret_from_fork+0x514/0xb70
[  302.530780][ T5614]  ret_from_fork_asm+0x1a/0x30
[  302.530791][ T5614] 
[  302.530793][ T5614] Freed by task 6906:
[  302.530798][ T5614]  kasan_save_track+0x3e/0x80
[  302.530806][ T5614]  kasan_save_free_info+0x46/0x50
[  302.530819][ T5614]  __kasan_slab_free+0x5c/0x80
[  302.530828][ T5614]  kfree+0x1c5/0x6c0
[  302.530836][ T5614]  __sk_destruct+0x74b/0x9d0
[  302.530848][ T5614]  l2cap_sock_cleanup_listen+0x1d9/0x580
[  302.530891][ T5614]  l2cap_sock_release+0x6e/0x270
[  302.530901][ T5614]  sock_close+0xc3/0x240
[  302.530910][ T5614]  __fput+0x461/0xa70
[  302.530918][ T5614]  task_work_run+0x1d9/0x270
[  302.530930][ T5614]  get_signal+0x11eb/0x1330
[  302.530939][ T5614]  arch_do_signal_or_restart+0xbc/0x840
[  302.530953][ T5614]  exit_to_user_mode_loop+0xa9/0x680
[  302.530964][ T5614]  do_syscall_64+0x353/0x580
[  302.530977][ T5614]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.530986][ T5614] 
[  302.530988][ T5614] The buggy address belongs to the object at ffff88805dfb8000
[  302.530988][ T5614]  which belongs to the cache kmalloc-4k of size 4096
[  302.530998][ T5614] The buggy address is located 2096 bytes inside of
[  302.530998][ T5614]  freed 4096-byte region [ffff88805dfb8000, ffff88805dfb9000)
[  302.531011][ T5614] 
[  302.531015][ T5614] The buggy address belongs to the physical page:
[  302.531037][ T5614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805dfbc000 pfn:0x5dfb8
[  302.531056][ T5614] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  302.531073][ T5614] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[  302.531090][ T5614] page_type: f5(slab)
[  302.531101][ T5614] raw: 0080000000000240 ffff88813fe0a140 ffff88813fe08d88 ffff88813fe08d88
[  302.531110][ T5614] raw: ffff88805dfbc000 0000000800040002 00000000f5000000 0000000000000000
[  302.531119][ T5614] head: 0080000000000240 ffff88813fe0a140 ffff88813fe08d88 ffff88813fe08d88
[  302.531128][ T5614] head: ffff88805dfbc000 0000000800040002 00000000f5000000 0000000000000000
[  302.531137][ T5614] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[  302.531145][ T5614] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  302.531150][ T5614] page dumped because: kasan: bad access detected
[  302.531159][ T5614] page_owner tracks the page as allocated
[  302.531163][ T5614] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 145, tgid 145 (kworker/u8:5), ts 302397081652, free_ts 301385766638
[  302.531182][ T5614]  post_alloc_hook+0x22d/0x280
[  302.531194][ T5614]  get_page_from_freelist+0x28b2/0x2930
[  302.531206][ T5614]  __alloc_frozen_pages_noprof+0x18d/0x380
[  302.531218][ T5614]  allocate_slab+0x77/0x660
[  302.531231][ T5614]  refill_objects+0x33c/0x3d0
[  302.531243][ T5614]  __pcs_replace_empty_main+0x373/0x720
[  302.531261][ T5614]  __kmalloc_node_track_caller_noprof+0x60b/0x7e0
[  302.531272][ T5614]  __alloc_skb+0x2c1/0x7d0
[  302.531283][ T5614]  nsim_dev_trap_report_work+0x29f/0xbd0
[  302.531294][ T5614]  process_scheduled_works+0xb5d/0x1860
[  302.531303][ T5614]  worker_thread+0xa53/0xfc0
[  302.531312][ T5614]  kthread+0x388/0x470
[  302.531323][ T5614]  ret_from_fork+0x514/0xb70
[  302.531331][ T5614]  ret_from_fork_asm+0x1a/0x30
[  302.531343][ T5614] page last free pid 6896 tgid 6896 stack trace:
[  302.531348][ T5614]  __free_frozen_pages+0xfe5/0x10d0
[  302.531364][ T5614]  __slab_free+0x252/0x2a0
[  302.531374][ T5614]  qlist_free_all+0x99/0x100
[  302.531382][ T5614]  kasan_quarantine_reduce+0x148/0x160
[  302.531390][ T5614]  __kasan_slab_alloc+0x22/0x80
[  302.531400][ T5614]  kmem_cache_alloc_noprof+0x33b/0x680
[  302.531409][ T5614]  ptlock_alloc+0x20/0x70
[  302.531419][ T5614]  pte_alloc_one+0x7e/0x380
[  302.531430][ T5614]  do_pte_missing+0x126d/0x2950
[  302.531442][ T5614]  handle_mm_fault+0xd30/0x1400
[  302.531452][ T5614]  __get_user_pages+0x16d4/0x2620
[  302.531461][ T5614]  get_dump_page+0x1b5/0x410
[  302.531469][ T5614]  dump_user_range+0x20a/0x12c0
[  302.531481][ T5614]  elf_core_dump+0x34c2/0x3ad0
[  302.531493][ T5614]  coredump_write+0x12bc/0x19e0
[  302.531504][ T5614]  vfs_coredump+0x380d/0x4540
[  302.531519][ T5614] 
[  302.531521][ T5614] Memory state around the buggy address:
[  302.531527][ T5614]  ffff88805dfb8700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  302.531533][ T5614]  ffff88805dfb8780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  302.531540][ T5614] >ffff88805dfb8800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  302.531545][ T5614]                                      ^
[  302.531550][ T5614]  ffff88805dfb8880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  302.531556][ T5614]  ffff88805dfb8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  302.531561][ T5614] ==================================================================
[  302.531581][ T5614] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  302.531592][ T5614] CPU: 1 UID: 0 PID: 5614 Comm: kworker/u9:4 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  302.531607][ T5614] Tainted: [L]=SOFTLOCKUP
[  302.531610][ T5614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  302.531618][ T5614] Workqueue: hci2 hci_rx_work
[  302.531633][ T5614] Call Trace:
[  302.531637][ T5614]  <TASK>
[  302.531642][ T5614]  vpanic+0x56c/0xa60
[  302.531654][ T5614]  ? rcu_is_watching+0x15/0xb0
[  302.531679][ T5614]  ? __pfx_vpanic+0x10/0x10
[  302.531709][ T5614]  panic+0xc5/0xd0
[  302.531728][ T5614]  ? __pfx_panic+0x10/0x10
[  302.531750][ T5614]  ? l2cap_sock_new_connection_cb+0x208/0x2f0
[  302.531772][ T5614]  ? l2cap_sock_new_connection_cb+0x208/0x2f0
[  302.531785][ T5614]  check_panic_on_warn+0x89/0xb0
[  302.531799][ T5614]  ? l2cap_sock_new_connection_cb+0x208/0x2f0
[  302.531811][ T5614]  end_report+0x73/0x170
[  302.531823][ T5614]  ? l2cap_sock_new_connection_cb+0x208/0x2f0
[  302.531835][ T5614]  kasan_report+0x128/0x150
[  302.531847][ T5614]  ? l2cap_sock_new_connection_cb+0x208/0x2f0
[  302.531869][ T5614]  l2cap_sock_new_connection_cb+0x208/0x2f0
[  302.531883][ T5614]  l2cap_connect_cfm+0x368/0x1560
[  302.531896][ T5614]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  302.531908][ T5614]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  302.531923][ T5614]  ? lockdep_hardirqs_on+0x7a/0x110
[  302.531937][ T5614]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  302.531950][ T5614]  ? mutex_lock_nested+0x152/0x1d0
[  302.531961][ T5614]  ? hci_connect_cfm+0x2c/0x140
[  302.531970][ T5614]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  302.531981][ T5614]  hci_connect_cfm+0x95/0x140
[  302.531991][ T5614]  le_conn_complete_evt+0x1134/0x16b0
[  302.532003][ T5614]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  302.532013][ T5614]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  302.532027][ T5614]  ? lockdep_hardirqs_on+0x7a/0x110
[  302.532041][ T5614]  ? skb_pull_data+0xfb/0x200
[  302.532051][ T5614]  hci_le_conn_complete_evt+0x187/0x470
[  302.532062][ T5614]  hci_event_packet+0x659/0xef0
[  302.532077][ T5614]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  302.532088][ T5614]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  302.532102][ T5614]  ? __pfx_hci_event_packet+0x10/0x10
[  302.532115][ T5614]  ? rt_spin_unlock+0x14f/0x200
[  302.532128][ T5614]  ? hci_send_to_monitor+0xe2/0x590
[  302.532140][ T5614]  hci_rx_work+0x3ee/0x1040
[  302.532154][ T5614]  ? preempt_schedule_thunk+0x16/0x30
[  302.532168][ T5614]  ? process_scheduled_works+0xa70/0x1860
[  302.532179][ T5614]  process_scheduled_works+0xb5d/0x1860
[  302.532196][ T5614]  ? __pfx_process_scheduled_works+0x10/0x10
[  302.532207][ T5614]  ? assign_work+0x3d5/0x5e0
[  302.532218][ T5614]  worker_thread+0xa53/0xfc0
[  302.532234][ T5614]  kthread+0x388/0x470
[  302.532246][ T5614]  ? __pfx_worker_thread+0x10/0x10
[  302.532256][ T5614]  ? __pfx_kthread+0x10/0x10
[  302.532268][ T5614]  ret_from_fork+0x514/0xb70
[  302.532280][ T5614]  ? __pfx_ret_from_fork+0x10/0x10
[  302.532290][ T5614]  ? __switch_to+0xc79/0x1410
[  302.532305][ T5614]  ? __pfx_kthread+0x10/0x10
[  302.532317][ T5614]  ret_from_fork_asm+0x1a/0x30
[  302.532333][ T5614]  </TASK>
[  302.532768][ T5614] Kernel Offset: disabled