last executing test programs:

7m6.732545685s ago: executing program 2 (id=3720):
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
sendmsg$alg(r0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}}, {{&(0x7f00000006c0), 0x80, 0x0, 0x0, &(0x7f0000000880)=""/24, 0x18}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
io_getevents(0x0, 0x3, 0x0, 0x0, 0x0)
io_destroy(0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x1c, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x4, 0x1}]}, 0x1c}}, 0xc000)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0)
write$vhost_msg_v2(r2, 0x0, 0x0)
write$vhost_msg_v2(r2, &(0x7f0000000640)={0x2, 0x0, {&(0x7f0000001900)=""/4096, 0x1000, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg(r2, &(0x7f0000000540)={0x1, {&(0x7f0000000040)=""/62, 0x3e, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f0000002b00)={0x2, 0x0, {0x0, 0x0, 0x0, 0x3, 0x2}}, 0x48)
socket$alg(0x26, 0x5, 0x0)

7m6.127221374s ago: executing program 2 (id=3724):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="580000000206010200000000000000000700000805000100070000000900020073797a30000007804ff252800565080012000000b6716d07f6687e9600070500050002000000050004000000000099"], 0x58}, 0x1, 0x0, 0x0, 0x4090}, 0x20000000)
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000060000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0x14}}, 0x0)

7m5.916553535s ago: executing program 2 (id=3725):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x6)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
ptrace(0x10, 0x0)
socket$packet(0x11, 0x3, 0x300)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000c00), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000000)=0x200000000)
write$vhost_msg_v2(r2, &(0x7f0000000140)={0x2, 0x0, {&(0x7f0000000080)=""/124, 0x7c, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f0000000ac0)={0x2, 0x0, {&(0x7f0000000940)=""/81, 0x51, 0x0, 0x3, 0x3}}, 0x48)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x140, 0x82)
r4 = fanotify_init(0x81, 0x40000)
fanotify_mark(r4, 0x105, 0x40001032, r3, 0x0)
read$FUSE(r4, 0x0, 0x0)

7m4.142672194s ago: executing program 2 (id=3727):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
fchdir(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x289c2, 0x1)
fcntl$setlease(r3, 0x400, 0x1)
fremovexattr(r3, &(0x7f0000000040)=@known='system.posix_acl_default\x00')
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000200)=ANY=[], 0x10)

6m48.729112455s ago: executing program 32 (id=3727):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
fchdir(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x289c2, 0x1)
fcntl$setlease(r3, 0x400, 0x1)
fremovexattr(r3, &(0x7f0000000040)=@known='system.posix_acl_default\x00')
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000200)=ANY=[], 0x10)

6m0.891406023s ago: executing program 3 (id=3832):
r0 = socket$kcm(0x10, 0x2, 0x10)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f00000002c0)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r2=>0x0})
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x33e000, 0x1000}, 0x20)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000140)={'batadv_slave_0\x00', <r5=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4)
bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10)
bind$xdp(r1, &(0x7f0000000240)={0x2c, 0x1, r2, 0x0, r3}, 0x60)

5m56.927238032s ago: executing program 3 (id=3843):
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in=@private=0xa010101, @in=@loopback, 0x0, 0x20, 0x2001, 0x2, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x400000000, 0x3, 0x0, 0xffffffffffffffff, 0x40000, 0xffffffff}, {0x0, 0x2d}, 0x0, 0x4}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0xffffffff, 0x6c}, 0x2, @in=@dev={0xac, 0x14, 0x14, 0x37}, 0x3507, 0x0, 0x3, 0x0, 0xe, 0x4000000, 0x3}}, 0xe8)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000002a80)={0x81, 0x0, 0x3})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)

5m55.02246816s ago: executing program 3 (id=3848):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
readv(r0, &(0x7f0000000340)=[{&(0x7f0000000000)=""/9, 0x9}], 0x1)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x124411, 0x0)

5m54.052314529s ago: executing program 3 (id=3851):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
r1 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r1, 0x1)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000180)=0x7)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x8})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec778000)
pipe2(0x0, 0x800)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f00009c1000/0x2000)=nil, 0x2000, &(0x7f00000000c0)='/dev/vbi#\x00')
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xf, 0x8)
r4 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
io_setup(0x6, &(0x7f0000001380)=<r5=>0x0)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r6, 0xc0a85320, &(0x7f0000000340)={{0x80, 0x4}, 'port0\x00', 0x0, 0x60004, 0xffffffff, 0xffffffff, 0x1, 0xfffffffc, 0x0, 0x0, 0x3})
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r6, 0xc0a85320, &(0x7f0000000500)={{0x80, 0x9}, 'port0\x00', 0x57, 0x40800, 0x9, 0x10, 0x0, 0x800, 0x8, 0x0, 0x3, 0x7f})
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r6, 0xc0a85352, &(0x7f0000000200)={{0x80, 0x2}, 'port0\x00', 0x80, 0x100816, 0x4, 0x9, 0x0, 0xc, 0x200000, 0x0, 0x4875c99660ff2b2d})
r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000006c0)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)={0x40, r9, 0x7c7d1e7b9dfaf2c3, 0x70bd2c, 0x25dfdbfe, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x5}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40d5}, 0x20008000)
io_submit(r5, 0x2, &(0x7f0000000380)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}])
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080))

5m52.42231902s ago: executing program 3 (id=3854):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8044}, 0x880)
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = getpgrp(0xffffffffffffffff)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = syz_pidfd_open(r3, 0x0)
pidfd_getfd(r5, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f00000001c0)='romfs\x00', 0x0)

5m51.069921053s ago: executing program 3 (id=3855):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000040), 0x3, r5})

5m35.792608123s ago: executing program 33 (id=3855):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000040), 0x3, r5})

4m38.076282795s ago: executing program 1 (id=3999):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x800000000000001)

4m35.749182965s ago: executing program 1 (id=4004):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x6)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000c00), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000000)=0x200000000)
write$vhost_msg_v2(r2, &(0x7f0000000140)={0x2, 0x0, {&(0x7f0000000080)=""/124, 0x7c, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f00000039c0)={0x2, 0x0, {&(0x7f0000000680)=""/184, 0xfffffefd, 0x0, 0x3, 0x2}}, 0xfe19)
write$vhost_msg_v2(r2, &(0x7f0000000ac0)={0x2, 0x0, {&(0x7f0000000940)=""/81, 0x51, 0x0, 0x3, 0x3}}, 0x48)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x140, 0x82)
r4 = fanotify_init(0x81, 0x40000)
fanotify_mark(r4, 0x105, 0x40001032, r3, 0x0)
read$FUSE(r4, 0x0, 0x0)

4m34.081544612s ago: executing program 1 (id=4007):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="580000000206010200000000000000000700000805000100070000000900020073797a30000007804ff252800565080012000000b6716d07f6687e9600070500050002000000050004000000000099"], 0x58}, 0x1, 0x0, 0x0, 0x4090}, 0x20000000)
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000060000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0x14}}, 0x0)

4m31.941737553s ago: executing program 6 (id=4013):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=@updpolicy={0x1e0, 0x19, 0x1, 0x70bd27, 0x0, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@private2, 0x0, 0xfffd, 0x2, 0x0, 0xa, 0x120, 0x0, 0x8}, {0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8}, {0x0, 0x0, 0x1}}, [@encap={0x1c, 0x4, {0xfffffffffffffffe, 0x4e20, 0x4e20, @in=@remote}}, @replay_thresh={0x8, 0xb, 0x6}, @sec_ctx={0x101, 0x8, {0xfd, 0x8, 0x0, 0x9, 0xf5, "a086e17058a1d9447359f2ebb26ac4d48822228e1ecbad690cec99e931293380cd677c3b982c72b4551a655c574596529fbeccce46563de070e854163048e3e0d1092602ce84db9808cabac82463d7b45e2e4402c2cf9bf3eb608f9a75723ade36df438533ee8dc12987f5361fe35d57e0d1c5bdcf11ca5ae7fd0982a2397f56f3c7a61f3def63c42beef8e8d699b702efb5aca4673cab43433e3bdac54803f1dff52ba77701f7cc79ff98162908a865dd50248b5842e7b6e98f8277cb0674e5b869c03fcc96582985707cf3dc6e3db70fca6949199a704fa705ea527f2030ad8cd1c41827950efde87708abf051714ea801275ae2"}}]}, 0x1e0}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r6, 0x11b, 0x3, &(0x7f0000000040)=0x66, 0x4)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000400)={0xf0f016, 0x3})

4m31.813140365s ago: executing program 1 (id=4014):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x800000000000001)

4m31.413793331s ago: executing program 1 (id=4016):
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
sendmsg$alg(r0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2000000}}, {{&(0x7f00000006c0), 0x80, 0x0, 0x0, &(0x7f0000000880)=""/24, 0x18}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
io_getevents(0x0, 0x3, 0x0, 0x0, 0x0)
io_destroy(0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0xc000)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0)
write$vhost_msg_v2(r2, 0x0, 0x0)
write$vhost_msg_v2(r2, &(0x7f0000000640)={0x2, 0x0, {&(0x7f0000001900)=""/4096, 0x1000, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg(r2, &(0x7f0000000540)={0x1, {&(0x7f0000000040)=""/62, 0x3e, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f0000002b00)={0x2, 0x0, {0x0, 0x0, 0x0, 0x3, 0x2}}, 0x48)
socket$alg(0x26, 0x5, 0x0)

4m30.125926458s ago: executing program 6 (id=4017):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="0200000001000000000000000400000000001b23072a7054b2a300001000020000000000200000000000"], 0x24, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000))
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
socket$netlink(0x10, 0x3, 0x14)
r3 = socket(0x2, 0x3, 0xff)
shutdown(r3, 0x1)

4m27.803861315s ago: executing program 6 (id=4019):
r0 = socket(0xa, 0x5, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc00000019000100000000000000000020010000000000000000000000000000ac1414aa00000000000000000000000000000005000000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000a900000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffff7f00000000e9ffffffffffffff0000000000000000000a00000000000000000000008040000000000000000008000000000000000000000000000000004400050000000000000000000000000000000000000000003c"], 0xfc}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000800000000000003000000000000000000000000000000fdfffffffbffffff0000000000000000ffffffffffffffff053b000000000000000000000000000002000000000000005600000000000000feffffffff7f40000200000000000008000000000000000001"], 0xfc}}, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
sendmsg$inet_sctp(r0, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x4e24, 0xff, @loopback, 0x5}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000100)="e6", 0x1}], 0x1, 0x0, 0x0, 0x4855}, 0x24000052)

4m26.07615543s ago: executing program 1 (id=4023):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020, 0x0, <r0=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000002380)={0x50, 0x0, r0, {0x7, 0x9, 0x0, 0x8000}}, 0x50)

4m24.582233087s ago: executing program 34 (id=4023):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020, 0x0, <r0=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000002380)={0x50, 0x0, r0, {0x7, 0x9, 0x0, 0x8000}}, 0x50)

4m24.556085778s ago: executing program 6 (id=4026):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x800000000000001)

4m23.224733937s ago: executing program 4 (id=4028):
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)

4m22.499439615s ago: executing program 6 (id=4029):
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000bc0)={0xdc, 0x0, 0x2, 0x301, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_EXPECT_NAT={0xb8, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_EXPECT_NAT_TUPLE={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_EXPECT_NAT_TUPLE={0x40, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_EXPECT_NAT_TUPLE={0x5c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xbc}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}]}, @CTA_EXPECT_HELP_NAME={0xe, 0x6, 'sip-20000\x00'}]}, 0xdc}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000580)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f00000007c0)=""/141, 0x8d}, {&(0x7f00000001c0)=""/17, 0x11}], 0x7, &(0x7f0000000600)=""/191, 0xbf}, 0x5}], 0x1, 0x2000, &(0x7f0000003700)={0x77359400})

4m19.524202932s ago: executing program 4 (id=4034):
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x2010, 0xffffffffffffffff, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
write(r1, 0x0, 0x0)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4000004)
r2 = socket(0x11, 0x800000002, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x14}}, 0x0)
read(r3, &(0x7f0000000640)=""/187, 0xbb)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket(0x10, 0x80003, 0x0)
write(r4, &(0x7f0000000000)="240000001a005f0214f9f4e6ff0804000a000000fe0000000000aa0008000f00fd000000", 0x24)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r5, 0xc018643a, &(0x7f0000000080)={0x40000000, 0x0, 0x9661})
r6 = socket$netlink(0x10, 0x3, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
syz_genetlink_get_family_id$smc(&(0x7f00000000c0), r6)
r7 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r7, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x19a1dc757009216e)
close_range(r4, 0xffffffffffffffff, 0x0)

4m17.888418854s ago: executing program 4 (id=4037):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=@updpolicy={0x1e0, 0x19, 0x1, 0x70bd27, 0x0, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@private2, 0x0, 0xfffd, 0x2, 0x0, 0xa, 0x120, 0x0, 0x8}, {0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8}, {0x0, 0x0, 0x1}}, [@encap={0x1c, 0x4, {0xfffffffffffffffe, 0x4e20, 0x4e20, @in=@remote}}, @replay_thresh={0x8, 0xb, 0x6}, @sec_ctx={0x101, 0x8, {0xfd, 0x8, 0x0, 0x9, 0xf5, "a086e17058a1d9447359f2ebb26ac4d48822228e1ecbad690cec99e931293380cd677c3b982c72b4551a655c574596529fbeccce46563de070e854163048e3e0d1092602ce84db9808cabac82463d7b45e2e4402c2cf9bf3eb608f9a75723ade36df438533ee8dc12987f5361fe35d57e0d1c5bdcf11ca5ae7fd0982a2397f56f3c7a61f3def63c42beef8e8d699b702efb5aca4673cab43433e3bdac54803f1dff52ba77701f7cc79ff98162908a865dd50248b5842e7b6e98f8277cb0674e5b869c03fcc96582985707cf3dc6e3db70fca6949199a704fa705ea527f2030ad8cd1c41827950efde87708abf051714ea801275ae2"}}]}, 0x1e0}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r6, 0x11b, 0x3, &(0x7f0000000040)=0x66, 0x4)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000400)={0xf0f016, 0x3})

4m16.803431207s ago: executing program 4 (id=4038):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x800000000000001)

4m16.407938665s ago: executing program 4 (id=4040):
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0)
sched_setscheduler(0x0, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_socket_connect_nvme_tcp()
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f00000005c0)='fd', 0x0, r3)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x2)
r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r6, r6)
fchdir(r5)
r7 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r7, 0x0, 0x0)
syz_clone(0x1100000, 0x0, 0x0, 0x0, 0x0, 0x0)
capset(0x0, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x9})

4m13.558081113s ago: executing program 6 (id=4044):
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_script(r0, &(0x7f0000000600), 0xfec8)
recvmmsg(r0, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2000000}}, {{&(0x7f00000006c0), 0x80, 0x0, 0x0, &(0x7f0000000880)=""/24, 0x18}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
io_getevents(0x0, 0x3, 0x0, 0x0, 0x0)
io_destroy(0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x1c, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x4, 0x1}]}, 0x1c}}, 0xc000)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0)
write$vhost_msg_v2(r2, 0x0, 0x0)
write$vhost_msg_v2(r2, &(0x7f0000000640)={0x2, 0x0, {&(0x7f0000001900)=""/4096, 0x1000, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg(r2, &(0x7f0000000540)={0x1, {&(0x7f0000000040)=""/62, 0x3e, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f0000002b00)={0x2, 0x0, {0x0, 0x0, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000280)=""/184, 0x2562bac182d8b35a, 0x0, 0x2, 0x3}}, 0x48)
socket$alg(0x26, 0x5, 0x0)

4m13.53424657s ago: executing program 4 (id=4045):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8044}, 0x880)
r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r2 = getpgrp(0xffffffffffffffff)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
futex(0x0, 0x5, 0x0, 0x0, 0x0, 0xb201ffff)
r6 = syz_pidfd_open(r4, 0x0)
pidfd_getfd(r6, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r7 = fsopen(&(0x7f00000001c0)='romfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
syz_open_dev$dri(0x0, 0x1, 0x400002)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x181801, 0x0)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r8, 0xf504, 0x0)

4m12.610172688s ago: executing program 35 (id=4044):
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_script(r0, &(0x7f0000000600), 0xfec8)
recvmmsg(r0, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2000000}}, {{&(0x7f00000006c0), 0x80, 0x0, 0x0, &(0x7f0000000880)=""/24, 0x18}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
io_getevents(0x0, 0x3, 0x0, 0x0, 0x0)
io_destroy(0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x1c, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x4, 0x1}]}, 0x1c}}, 0xc000)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0)
write$vhost_msg_v2(r2, 0x0, 0x0)
write$vhost_msg_v2(r2, &(0x7f0000000640)={0x2, 0x0, {&(0x7f0000001900)=""/4096, 0x1000, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg(r2, &(0x7f0000000540)={0x1, {&(0x7f0000000040)=""/62, 0x3e, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f0000002b00)={0x2, 0x0, {0x0, 0x0, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000280)=""/184, 0x2562bac182d8b35a, 0x0, 0x2, 0x3}}, 0x48)
socket$alg(0x26, 0x5, 0x0)

4m11.436757462s ago: executing program 36 (id=4045):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8044}, 0x880)
r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r2 = getpgrp(0xffffffffffffffff)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
futex(0x0, 0x5, 0x0, 0x0, 0x0, 0xb201ffff)
r6 = syz_pidfd_open(r4, 0x0)
pidfd_getfd(r6, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r7 = fsopen(&(0x7f00000001c0)='romfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
syz_open_dev$dri(0x0, 0x1, 0x400002)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x181801, 0x0)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r8, 0xf504, 0x0)

2m11.251145513s ago: executing program 9 (id=4232):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380), 0x0})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)=[<r1=>0x0], &(0x7f0000000100)=[0x0, 0x0], 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f0000000040)={0x0, r1})

2m9.941593562s ago: executing program 9 (id=4233):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a0600690000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)=ANY=[], 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000b, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
inotify_rm_watch(0xffffffffffffffff, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000140)={0x20002003})
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x5, 0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="18080000e9ff0000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b70300002bb91a008500000008000000bc0900000000000045080100002000009500000000000000b7020000000000007b9af8ff00000000b5090000000000007baaf0ff00000000bf2700000000000007080000fffdffffbfa400000000000007040000f0ffffffc40200000800000018220000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608efff76000000bf9800000000000056090000000000008500000000a00000b70000000000"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2m8.570052415s ago: executing program 9 (id=4235):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000005300)={0x0, &(0x7f0000000040)={0x18, 0x0, 0xab9, {0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x80000000}, &(0x7f0000002780)={0x78, 0xfffffffffffffff5, 0x6, {0x10000, 0x0, 0x0, {0x0, 0x4, 0x9, 0x1ff, 0x5097, 0x9, 0x0, 0x80000001, 0x6, 0x8000, 0x7, 0x0, 0x0, 0x7, 0x8}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r0 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x6, @mcast2, 0x6}, 0x1c)
sendto$inet6(r0, &(0x7f0000000080)="800037bbfa9ba1ce", 0xffd8, 0x0, 0x0, 0x0)

2m8.271769685s ago: executing program 9 (id=4236):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_X86_SET_MSR_FILTER(r1, 0x4188aec6, &(0x7f0000001900)={0x0, [{0x1, 0x118, 0x9, &(0x7f0000000000)="b618bb3ccb26515ebc9b8f53da2578328a1d08b7e67c7e9c5b5933fe1e9d4859f6401b"}, {0x2, 0x0, 0x3, 0x0}, {0x2, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x7f, 0x0}, {0x0, 0x0, 0xd94, 0x0}, {0x0, 0x0, 0x8, 0x0}, {0x1, 0x0, 0xd03, 0x0}, {0x0, 0x0, 0x0, 0x0}, {0x3, 0x38, 0x6, &(0x7f00000013c0)="8371de046e9c48"}, {0x1, 0x0, 0x3, 0x0}, {0x1, 0x0, 0x9, 0x0}, {0x3, 0x0, 0x47d, 0x0}, {0x2, 0x0, 0x4, 0x0}, {0x0, 0x18, 0xdd, &(0x7f0000001780)="960ec9"}, {0x1, 0x0, 0x7, 0x0}, {0x0, 0x0, 0xe7c, 0x0}]})

2m6.893012419s ago: executing program 9 (id=4241):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000d00), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8044}, 0x880)
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = getpgrp(0xffffffffffffffff)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, 0x0, 0x0)
r5 = syz_pidfd_open(r3, 0x0)
pidfd_getfd(r5, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f00000001c0)='romfs\x00', 0x0)

2m5.454028499s ago: executing program 9 (id=4243):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, 0x0, 0x10, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

1m49.538044363s ago: executing program 37 (id=4243):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, 0x0, 0x10, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

21.144497925s ago: executing program 8 (id=4399):
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008"], 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000100)=@sack_info={0x0, 0x7, 0x4}, 0xc)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0xc45, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x3, 0x4002004c2, 0x7ff, 0x9, 0x6, 0x400, 0x80, 0x89, 0x0, 0x3, 0x8d], 0x100000, 0x2c08c6})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

17.947854881s ago: executing program 8 (id=4406):
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x2}, 0x8)
sendto$inet6(r3, &(0x7f0000000180)="a7", 0x1, 0x44004, &(0x7f0000000040)={0xa, 0x4e24, 0x7, @loopback, 0xc5f}, 0x1c)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e24, @remote}, 0x10)

14.564912325s ago: executing program 5 (id=4410):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0)
memfd_create(&(0x7f0000000040)='\x02A\xbb\xcc\x96\x0e\x00\x00\x00\x00\x00\x00', 0x6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r3 = socket$rds(0x15, 0x5, 0x0)
setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000240)={0x0, 0x9}, 0x8)
bind$rds(r3, 0x0, 0x0)
sendmsg$rds(r3, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r3, 0x114, 0x1, &(0x7f0000000100), 0x10)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0)
recvmmsg(r4, &(0x7f0000001b40)=[{}], 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r5 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x1, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r5, r5, &(0x7f0000000080), 0x7f03)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
socket$nl_netfilter(0x10, 0x3, 0xc)

14.537352337s ago: executing program 7 (id=4411):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
getpgrp(0xffffffffffffffff)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, 0x0, 0x20000000)
unshare(0x62000600)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = syz_io_uring_setup(0xa0, &(0x7f0000000240)={0x0, 0x89b8, 0x8, 0x0, 0x133}, &(0x7f0000000040)=<r4=>0x0, &(0x7f00000000c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)

12.889281033s ago: executing program 0 (id=4412):
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00')
socket$nl_generic(0x11, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x6, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @random="0000fc00", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x16, 0x7c, 0x0, @dev={0xac, 0x14, 0x14, 0x30}}}}}}, 0x0)

12.850631925s ago: executing program 8 (id=4413):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
flock(r0, 0x8)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304}, "970c4c5634fc47d0", "2ed06c0000000000004000", "0000e99a", "bda5f56b66ef8002"}, 0x28)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f00000001c0)={"c718ae3ddd25e4c2826499cb6a055b56a5a7336f377a556f824db28eb6743cf045afd0e932534b9eb3b847abbcef63c85319991745999ed89ff49783a84d57cf175a89f8733d74a1bdddcb0a6c3f7535e7976e79da1b52de6403f6710d606fafaf685ec19f369b7829b12aa2b8cd2ab52f9c688683979cdb9516cb61f2adb9aefd44fee30bddb81ebefa818f31f60d89a4e390920c7ed0e2512fd59f719e734b0a1d1f3ff7babb54258a1585514aac0b000000733671e0543929c06f72fc598939003ac6777f3497523536fd25ac4f1e265f5038fa7455f2cc6131d4a189a16b0f0b89e6a495e1d95b840c36488adc22cb2d1b8af57f6dce7214152ba1b3c0d3ad0a6db821518e44b24cb36a02d76ea11a1c45879fc77e7bb2af8c345ddddf49f41228df2114f2c27d16499fa36097a5015ad61a6a9484c09e0a2dfb50f7b7ca71135dc32804a80380a6e20e0ae03be775e472cd31d6a31e615937c38e746a5cf6c9d8194242990dd497a2c52ab50300000000000000cebbd983c3f86dbe92c4b751c04693cb09af88521ab305ceabf6d2bab40bb1b219fbe95ace2f6c49fea798e76b4ef336dff5ac0f7ab022b800ac1aa42fd231b52465a410177ed85dcc9c6d794e2aa0b90cdc409541aa85fa16e3cbc3a9d6c83ffd4d01e5ba898555eeffccf0cb28ce5df0ba31cb793675276162de2fdcb486455bca57edf4fb14e1533554eb22527d66a28a960c430f6136927f54e670c46292454fe28485f35405025844fd24fe846f6656c77d9b5f2b4750ac4805897b02c85caba80000bb96f71f468c9e746d860238b3b113ab1eef51e1507f8832d5d69528083d44548e491477cda51d7e083a134097438e9d7ea34eae8a2e6b516327db9310c7478a37f5c562037196131cc7c84fa29c3c2576f2ae7570b5a98aaa49ca7ddfd5a8c046ce82e4a2d06082ad7a3ab0dfbe208630b1410b674781855752c9c57c1c5ab0a74a336ce89b3a9c0d37a3ca4e698a798a85faf7f4f1dc020b7dd5750062c9810c4bc1ad7afe338f2b0f29059e684fe16098eb30da105be01ca11a293635dfc6d25ecc770ba72792fd3c6851d951b770d0f9edafb1cb4241350d85b04ed737a9bfd7e8301c43b65a95dda76d6850860ba3195040b14c8ad1a8b52472785521147182352a1dbd93595cbc26e813ccd75e16f9247fe82ed150c121f0041022522ec76476f0a9cffa3be1d3ffffffffffffffff29358bbfd8b7a12fe94a0355beb9420eee0a5c11220100c782b89e9430de84b220e8c0df4bd40be3400c58f149319f891fe86fba751dab3326bf2deb9e782b37ec9c7adf36025a091a4b3600000000000000000000000000000000000000000000000000000000000000000600"})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000340)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000000000000)

12.505109294s ago: executing program 0 (id=4414):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), r5)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c000}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x6, 0x10000, 0x800000, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0xfffffffffffffffe, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x241000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000080)=0x74000000)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x40c03)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r8, 0xc058534f, &(0x7f0000000100)={{0x0, 0x1}, 0x0, 0x0, 0x91, {0x4, 0x1}, 0x3, 0x800})

11.661261639s ago: executing program 8 (id=4415):
socket$kcm(0x10, 0x2, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$AUTOFS_IOC_PROTOVER(r0, 0x80049363, &(0x7f0000000040))
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000180)=0x10000000005)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x400000000001, 0x0, 0x1, 0x0)
r2 = getpid()
bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000300)={r3}, 0xc)
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffd000)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioprio_set$pid(0x0, r4, 0x4007)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1})
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r6, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}})
ioctl$BTRFS_IOC_INO_PATHS(r3, 0xc0389423, &(0x7f00000002c0)={0x8, 0x0, [0x2, 0x80000000, 0x0, 0x7], 0x0})
write$sequencer(0xffffffffffffffff, 0x0, 0x10)
ioctl$VIDIOC_QBUF(r6, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x75, "804000"}, 0x0, 0x2, {}, 0x20800})

10.081515034s ago: executing program 8 (id=4416):
openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80800)
splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x7c1c, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=@base={0x11, 0x4, 0x4, 0x2}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x10, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r3, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPGETCONNINFO(r5, 0x800448d3, &(0x7f0000000400)={@none, 0x2, 0x6800, 0x9, 0x7, 0x35, "6daea5fcb7105de94a8bc43362b531c4b695a8a4d29df6d009291fe8d771c06f171adf499c8a7949afef39e74ee6ce179279451a4b788c9a9ebe874c22ee5590b20acf7e546dcd6cc09d618bce1cdf069d4874ac934d72f198ece8ec19439b17f67f6cc48d305b2e67db1f4658901d4366d04454ce772ad4cdc183b96e14415a"})
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f00000003c0)={0xa, 0x4e24, 0x9, @mcast2, 0x80}, 0x1c)
bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
r7 = syz_open_dev$MSR(&(0x7f0000000180), 0xfffffffffffffc00, 0x0)
fadvise64(r7, 0xd, 0xfffffffffffff800, 0x1)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r8, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x20}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)

9.865462075s ago: executing program 0 (id=4417):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a0600690000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)=ANY=[], 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000b, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
inotify_rm_watch(0xffffffffffffffff, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000140)={0x20002003})
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x5, 0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="18080000e9ff0000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b70300002bb91a008500000008000000bc0900000000000045080100002000009500000000000000b7020000000000007b9af8ff00000000b5090000000000007baaf0ff00000000bf27000000000000070800", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608efff76000000bf9800000000000056090000000000008500000000a00000b70000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

9.855690874s ago: executing program 5 (id=4418):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
read$qrtrtun(r0, 0x0, 0x500)
write$binfmt_script(r1, 0x0, 0x0)
sync_file_range(0xffffffffffffffff, 0x800000000976, 0x80, 0x3)
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

8.699214523s ago: executing program 0 (id=4419):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
getpgrp(0xffffffffffffffff)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, 0x0, 0x20000000)
unshare(0x62000600)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_io_uring_setup(0xa0, &(0x7f0000000240)={0x0, 0x89b8, 0x8, 0x0, 0x133}, &(0x7f0000000040)=<r4=>0x0, &(0x7f00000000c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0xc000000, &(0x7f0000000000), 0x0, 0x12})

8.566517087s ago: executing program 2 (id=4265):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x6)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
ptrace(0x10, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000c00), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000000)=0x200000000)
write$vhost_msg_v2(r2, &(0x7f0000000140)={0x2, 0x0, {&(0x7f0000000080)=""/124, 0x7c, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f00000039c0)={0x2, 0x0, {&(0x7f0000000680)=""/184, 0xfffffefd, 0x0, 0x3, 0x2}}, 0xfe19)
write$vhost_msg_v2(r2, &(0x7f0000000ac0)={0x2, 0x0, {&(0x7f0000000940)=""/81, 0x51, 0x0, 0x3, 0x3}}, 0x48)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x140, 0x82)
r4 = fanotify_init(0x81, 0x40000)
fanotify_mark(r4, 0x105, 0x40001032, r3, 0x0)
read$FUSE(r4, 0x0, 0x0)

8.553676567s ago: executing program 7 (id=4420):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

5.854507407s ago: executing program 2 (id=4421):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0)
memfd_create(&(0x7f0000000040)='\x02A\xbb\xcc\x96\x0e\x00\x00\x00\x00\x00\x00', 0x6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r3 = socket$rds(0x15, 0x5, 0x0)
setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000240)={0x0, 0x9}, 0x8)
bind$rds(r3, 0x0, 0x0)
sendmsg$rds(r3, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r5 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x1, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r5, r5, &(0x7f0000000080), 0x7f03)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
socket$nl_netfilter(0x10, 0x3, 0xc)

5.373307661s ago: executing program 7 (id=4422):
syz_open_dev$midi(&(0x7f00000012c0), 0x2, 0x2)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040))
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket(0x10, 0x803, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x104008d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)

5.316642998s ago: executing program 5 (id=4423):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000100), 0x0, 0x1, 0x0, 0x0, r1})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, 0x0)

4.704702349s ago: executing program 5 (id=4424):
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002)
r0 = syz_io_uring_setup(0x239, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x5, 0x12, 0x0, 0x3}, 0x9c)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd, 0x800, 0x0, 0x0, 0xd, 0x1, {0x2}})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

4.452733105s ago: executing program 0 (id=4425):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

4.38716772s ago: executing program 5 (id=4426):
socket$kcm(0x10, 0x2, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$AUTOFS_IOC_PROTOVER(r0, 0x80049363, &(0x7f0000000040))
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000180)=0x10000000005)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x400000000001, 0x0, 0x1, 0x0)
r2 = getpid()
bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000300)={r3}, 0xc)
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffd000)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioprio_set$pid(0x0, r4, 0x4007)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1})
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r6, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}})
ioctl$BTRFS_IOC_INO_PATHS(r3, 0xc0389423, &(0x7f00000002c0)={0x8, 0x0, [0x2, 0x80000000, 0x0, 0x7], 0x0})
write$sequencer(0xffffffffffffffff, 0x0, 0x10)
ioctl$VIDIOC_QBUF(r6, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x75, "804000"}, 0x0, 0x2, {}, 0x20800})

4.258472545s ago: executing program 0 (id=4427):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), r5)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c000}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x6, 0x10000, 0x800000, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0xfffffffffffffffe, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x241000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000080)=0x74000000)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x40c03)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r8, 0xc058534f, &(0x7f0000000100)={{0x0, 0x1}, 0x0, 0x0, 0x91, {0x4, 0x1}, 0x3, 0x800})

4.232071263s ago: executing program 7 (id=4428):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8a9849519def28691bbc4173c3d6f357d0272b7319130feaab952ac4703cad04be68907e50e997fc26e4c91ea4feb931647fc5393de25000000000000000000", 0x41}, {&(0x7f00000003c0)="641a6a2b863c0dd898013a3f97a834ebb75a925ab4", 0x15}, {&(0x7f00000001c0)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd869", 0x4d}], 0x3}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd747641", 0x9b}, {&(0x7f0000000d00)="31cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6f10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba9547e1e343b451d9025c4e153612d4674b9411fb4de295599abbcb388d291aa839ab0954e6a8dfc19c3c1533a11d81e03a4879bd736f1caacc2bbf1194598a652677efb930a5b6ee292c57402e0cc07a9a26ee794e46e604a9aec550d12af09f782e1f6a996f0756604847689d37ee3047e61531a8672447cb501b2560bc0e0c5fb2c9f341ed3972b30190e930af94642ab1557e286442cfa6a84ad931e99549640705cd6261ca7094910df055747e2e2ae170e7850093bf0aa3370e03222b5de4597ca76f3193d4a45e424b540f292", 0x146}, {&(0x7f0000001300)="e0cda6472d1ccfb4d1d46bf348a3b7ff9e5b6b3e30ef2266c86a085e37271763c50968fe2e2eb13b9472381bade936f9a85e26aac6ebd21115f086751d870434cf07dbd92e0ea2322f163473dad24cffe6d2", 0x52}], 0x3}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000640)="42e013913edbeb683c44e18a52b5a2462064ddd92caaba941de80d06047dedb7eeeff3a27eacf4c416b6979d6c918608807c44d01535dbaab3b390086e4fd43c6b5931187023646d6beac2340fdc7a0d81214ac76a818f64d287311e8828dfd3e3dd67efdb129a6e52745d1540e570891f6bf411cc16a18c4d34e522a1f003498f1a03ea1f8828b6c902286c71a9bc21923972dacfa74fef6a0fd3267e599c1dd33dff5d7b28f134bda4a29962fd5daa4fc9c515a1c3ee25ace1a9948c24b277d0c9c46f948f8a3f98b1a18eff685b7296457ba31632fea4d8f81781", 0xdc}], 0x1}}], 0x3, 0x2090)

3.076275957s ago: executing program 7 (id=4429):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="0200000001000000000000000400000000001b23072a7054b2a300001000020000000000200000000000"], 0x24, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000))
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
socket$netlink(0x10, 0x3, 0x14)
r3 = socket(0x2, 0x3, 0xff)
shutdown(r3, 0x1)
sendmmsg$inet(r3, &(0x7f0000000680)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000000300)=[{0x0}], 0x1}}], 0x1, 0x0)

2.980069689s ago: executing program 5 (id=4430):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
flock(r0, 0x8)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304}, "970c4c5634fc47d0", "2ed06c0000000000004000", "0000e99a", "bda5f56b66ef8002"}, 0x28)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f00000001c0)={"c718ae3ddd25e4c2826499cb6a055b56a5a7336f377a556f824db28eb6743cf045afd0e932534b9eb3b847abbcef63c85319991745999ed89ff49783a84d57cf175a89f8733d74a1bdddcb0a6c3f7535e7976e79da1b52de6403f6710d606fafaf685ec19f369b7829b12aa2b8cd2ab52f9c688683979cdb9516cb61f2adb9aefd44fee30bddb81ebefa818f31f60d89a4e390920c7ed0e2512fd59f719e734b0a1d1f3ff7babb54258a1585514aac0b000000733671e0543929c06f72fc598939003ac6777f3497523536fd25ac4f1e265f5038fa7455f2cc6131d4a189a16b0f0b89e6a495e1d95b840c36488adc22cb2d1b8af57f6dce7214152ba1b3c0d3ad0a6db821518e44b24cb36a02d76ea11a1c45879fc77e7bb2af8c345ddddf49f41228df2114f2c27d16499fa36097a5015ad61a6a9484c09e0a2dfb50f7b7ca71135dc32804a80380a6e20e0ae03be775e472cd31d6a31e615937c38e746a5cf6c9d8194242990dd497a2c52ab50300000000000000cebbd983c3f86dbe92c4b751c04693cb09af88521ab305ceabf6d2bab40bb1b219fbe95ace2f6c49fea798e76b4ef336dff5ac0f7ab022b800ac1aa42fd231b52465a410177ed85dcc9c6d794e2aa0b90cdc409541aa85fa16e3cbc3a9d6c83ffd4d01e5ba898555eeffccf0cb28ce5df0ba31cb793675276162de2fdcb486455bca57edf4fb14e1533554eb22527d66a28a960c430f6136927f54e670c46292454fe28485f35405025844fd24fe846f6656c77d9b5f2b4750ac4805897b02c85caba80000bb96f71f468c9e746d860238b3b113ab1eef51e1507f8832d5d69528083d44548e491477cda51d7e083a134097438e9d7ea34eae8a2e6b516327db9310c7478a37f5c562037196131cc7c84fa29c3c2576f2ae7570b5a98aaa49ca7ddfd5a8c046ce82e4a2d06082ad7a3ab0dfbe208630b1410b674781855752c9c57c1c5ab0a74a336ce89b3a9c0d37a3ca4e698a798a85faf7f4f1dc020b7dd5750062c9810c4bc1ad7afe338f2b0f29059e684fe16098eb30da105be01ca11a293635dfc6d25ecc770ba72792fd3c6851d951b770d0f9edafb1cb4241350d85b04ed737a9bfd7e8301c43b65a95dda76d6850860ba3195040b14c8ad1a8b52472785521147182352a1dbd93595cbc26e813ccd75e16f9247fe82ed150c121f0041022522ec76476f0a9cffa3be1d3ffffffffffffffff29358bbfd8b7a12fe94a0355beb9420eee0a5c11220100c782b89e9430de84b220e8c0df4bd40be3400c58f149319f891fe86fba751dab3326bf2deb9e782b37ec9c7adf36025a091a4b3600000000000000000000000000000000000000000000000000000000000000000600"})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x72, &(0x7f0000000640)={@multicast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @dev, {[@rr={0x7, 0x3}, @rr={0x7, 0x3}, @timestamp_prespec={0x44, 0x2c, 0x0, 0x3, 0x0, [{@private=0xa01012f}, {@multicast1}, {@loopback, 0x200}, {}, {@private}]}]}}}}}}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
socket(0x22, 0x2, 0x24)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000000340)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000000000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000d000000018010000756cff7c00000000002020207b1af8ff00"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

690.026033ms ago: executing program 7 (id=4431):
unshare(0x200)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001740)=ANY=[@ANYRES16=0x0, @ANYRES64=0x0, @ANYBLOB, @ANYRESDEC=r0, @ANYRES16, @ANYRES8=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xc, 0xb9, &(0x7f0000000140)=""/185, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_clock_offset={{0x1c, 0x5}, {0x0, 0xc9, 0x81ad}}}, 0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r4, &(0x7f00000009c0)={0x2, 0x4e24, @loopback}, 0x10)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
writev(r4, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0)
lseek(r5, 0x7fffffffffffffff, 0x0)
io_submit(0x0, 0x2, &(0x7f0000000300)=[&(0x7f0000000200)={0x0, 0x0, 0x8, 0x0, 0x0, r0, &(0x7f0000000000)='/', 0x1}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}])
syz_io_uring_setup(0x43d2, &(0x7f0000000080)={0x0, 0x3670, 0x10100, 0x2, 0x4}, 0x0, &(0x7f0000000040))

0s ago: executing program 8 (id=4432):
unshare(0x200)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
io_setup(0x222, &(0x7f0000000180)=<r1=>0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xc, 0xb9, &(0x7f0000000140)=""/185, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_clock_offset={{0x1c, 0x5}, {0x0, 0xc9, 0x81ad}}}, 0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r5, &(0x7f00000009c0)={0x2, 0x4e24, @loopback}, 0x10)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
writev(r5, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0)
lseek(r6, 0x7fffffffffffffff, 0x0)
io_submit(r1, 0x2, &(0x7f0000000300)=[&(0x7f0000000200)={0x0, 0x0, 0x8, 0x0, 0x0, r0, &(0x7f0000000000)='/', 0x1}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}])
syz_io_uring_setup(0x43d2, &(0x7f0000000080)={0x0, 0x3670, 0x10100, 0x2, 0x4}, 0x0, &(0x7f0000000040))

kernel console output (not intermixed with test programs):

nterval 0, changing to 7
[  672.389965][  T809] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  672.390005][  T809] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  672.390026][  T809] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  672.480759][  T809] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  673.084566][  T809] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached
[  673.337378][  T809] usb 5-1: USB disconnect, device number 29
[  673.364820][  T809] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  676.494793][ T5894] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  676.664808][ T5894] usb 1-1: Using ep0 maxpacket: 16
[  676.671163][ T5894] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  676.671197][ T5894] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  676.671219][ T5894] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  676.671261][ T5894] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  676.671283][ T5894] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  676.697587][ T5894] usb 1-1: config 0 descriptor??
[  677.151428][ T5894] usbhid 1-1:0.0: can't add hid device: -71
[  677.151600][ T5894] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  677.160191][ T5894] usb 1-1: USB disconnect, device number 33
[  677.615452][ T5803] Bluetooth: hci1: link tx timeout
[  677.615793][ T5803] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa
[  678.666593][T14565] syzkaller0: entered promiscuous mode
[  678.666618][T14565] syzkaller0: entered allmulticast mode
[  679.177958][T14570] [U] üÿ
[  679.801569][T14582] ptrace attach of "./syz-executor exec"[14583] was attempted by "./syz-executor exec"[14582]
[  680.405000][T13958] Bluetooth: hci1: command 0x0406 tx timeout
[  685.710485][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  685.710559][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  685.964298][T14686] netlink: 'syz.4.3160': attribute type 1 has an invalid length.
[  687.096511][T14699] [U] üÿ
[  688.384283][T14719] ptrace attach of "./syz-executor exec"[14720] was attempted by "./syz-executor exec"[14719]
[  691.165247][T14738] sp0: Synchronizing with TNC
[  691.174992][T14737] [U] è``
[  693.939732][T14775] netlink: 'syz.4.3192': attribute type 1 has an invalid length.
[  696.104847][ T5966] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  696.224842][T14798] sp0: Synchronizing with TNC
[  696.259007][ T5966] usb 2-1: Using ep0 maxpacket: 16
[  696.271255][ T5966] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  696.271286][ T5966] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  696.271308][ T5966] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  696.271349][ T5966] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  696.271371][ T5966] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  696.281775][T14795] [U] è``
[  696.340706][ T5966] usb 2-1: config 0 descriptor??
[  697.526448][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[  697.526849][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[  697.527241][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[  697.527403][ T5966] usbhid 2-1:0.0: can't add hid device: -32
[  697.529455][ T5966] usbhid 2-1:0.0: probe with driver usbhid failed with error -32
[  697.584870][ T5966] usb 2-1: USB disconnect, device number 14
[  702.280563][T14867] netlink: 'syz.1.3223': attribute type 1 has an invalid length.
[  702.874609][T14869] sp0: Synchronizing with TNC
[  702.882004][T14868] [U] è``
[  705.425021][ T5914] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  705.574807][ T5914] usb 5-1: Using ep0 maxpacket: 32
[  705.577123][ T5914] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  705.577149][ T5914] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  705.577176][ T5914] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  705.577196][ T5914] usb 5-1: config 1 has no interface number 0
[  705.577238][ T5914] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  705.577263][ T5914] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  705.577303][ T5914] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  705.577323][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  706.287284][ T5914] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  706.400990][ T5914] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached
[  706.503088][ T5845] usb 5-1: USB disconnect, device number 30
[  706.520993][ T5845] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  708.027950][T14968] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3267'.
[  709.489522][T15004] comedi comedi0: Minor 3 could not be opened
[  711.814812][ T6927] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  711.966123][ T6927] usb 5-1: Using ep0 maxpacket: 32
[  711.967992][ T6927] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  711.968018][ T6927] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  711.968038][ T6927] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  711.968057][ T6927] usb 5-1: config 1 has no interface number 0
[  711.968111][ T6927] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  711.968134][ T6927] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  711.968173][ T6927] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  711.968196][ T6927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  712.050893][ T6927] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  712.476153][T15036] comedi comedi0: Minor 3 could not be opened
[  713.302565][ T6927] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached
[  713.533004][ T5881] usb 5-1: USB disconnect, device number 31
[  713.534396][ T5881] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  716.528318][T15072] comedi comedi0: Minor 3 could not be opened
[  718.712184][T15089] netlink: 'syz.3.3308': attribute type 1 has an invalid length.
[  720.466558][T15114] comedi comedi0: Minor 3 could not be opened
[  721.574805][ T5845] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  721.735970][ T5845] usb 2-1: Using ep0 maxpacket: 16
[  721.737875][ T5845] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  721.737906][ T5845] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  721.737928][ T5845] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  721.737969][ T5845] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  721.737991][ T5845] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  721.740967][ T5845] usb 2-1: config 0 descriptor??
[  722.042175][T15129] netlink: 'syz.4.3311': attribute type 1 has an invalid length.
[  722.566094][T15129] 8021q: adding VLAN 0 to HW filter on device bond2
[  725.040714][ T5845] hid_parser_main: 21 callbacks suppressed
[  725.040815][ T5845] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  725.040847][ T5845] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  725.040874][ T5845] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  725.040900][ T5845] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  725.040927][ T5845] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  725.040953][ T5845] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  725.044068][ T5845] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  725.044101][ T5845] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  725.044128][ T5845] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  725.044155][ T5845] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  725.069592][ T5845] microsoft 0003:045E:07DA.0002: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  725.069624][ T5845] microsoft 0003:045E:07DA.0002: no inputs found
[  725.069637][ T5845] microsoft 0003:045E:07DA.0002: could not initialize ff, continuing anyway
[  725.086754][ T5845] usb 2-1: USB disconnect, device number 15
[  725.475871][T15158] comedi comedi0: Minor 3 could not be opened
[  725.684498][T15151] fido_id[15151]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  725.926227][T15132] 8021q: adding VLAN 0 to HW filter on device bond2
[  725.926486][T15132] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[  725.927195][T15132] bond2: (slave vxcan3): Error -95 calling set_mac_address
[  726.400901][T15181] netlink: 'syz.3.3339': attribute type 1 has an invalid length.
[  726.554781][ T5914] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  726.774921][ T5914] usb 2-1: Using ep0 maxpacket: 16
[  726.805578][ T5914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  726.805611][ T5914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  726.805633][ T5914] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  726.805675][ T5914] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  726.805697][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  726.810592][ T5914] usb 2-1: config 0 descriptor??
[  727.398492][T15190] comedi comedi0: Minor 3 could not be opened
[  728.213481][ T5914] microsoft 0003:045E:07DA.0003: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  728.213525][ T5914] microsoft 0003:045E:07DA.0003: no inputs found
[  728.213539][ T5914] microsoft 0003:045E:07DA.0003: could not initialize ff, continuing anyway
[  728.744251][ T5966] usb 2-1: USB disconnect, device number 16
[  728.852411][T15197] fido_id[15197]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  729.541701][T15223] netlink: 'syz.1.3359': attribute type 1 has an invalid length.
[  730.608185][T15223] 8021q: adding VLAN 0 to HW filter on device bond2
[  734.035588][T15224] 8021q: adding VLAN 0 to HW filter on device bond2
[  734.035843][T15224] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[  734.068931][T15224] bond2: (slave vxcan3): Error -95 calling set_mac_address
[  734.189937][ T5803] Bluetooth: hci3: Unknown advertising packet type: 0x3e
[  734.189957][ T5803] Bluetooth: hci3: Unknown advertising packet type: 0x73
[  740.694829][  T809] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  740.844814][  T809] usb 5-1: Using ep0 maxpacket: 16
[  740.847532][  T809] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  740.847570][  T809] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  740.847592][  T809] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  740.847633][  T809] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  740.847656][  T809] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  740.930261][  T809] usb 5-1: config 0 descriptor??
[  742.006681][  T809] hid_parser_main: 58 callbacks suppressed
[  742.006706][  T809] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  742.006737][  T809] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  742.006763][  T809] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  742.006790][  T809] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  742.006817][  T809] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  742.006843][  T809] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  742.006869][  T809] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  742.006895][  T809] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  742.006922][  T809] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  742.006947][  T809] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  742.106633][  T809] microsoft 0003:045E:07DA.0004: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  742.106667][  T809] microsoft 0003:045E:07DA.0004: no inputs found
[  742.106679][  T809] microsoft 0003:045E:07DA.0004: could not initialize ff, continuing anyway
[  742.204059][ T5820] usb 5-1: USB disconnect, device number 32
[  742.245745][T15345] fido_id[15345]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  742.395397][T15354] netlink: 'syz.0.3397': attribute type 1 has an invalid length.
[  742.954312][T15354] 8021q: adding VLAN 0 to HW filter on device bond3
[  743.610670][T13958] Bluetooth: hci1: command 0x0406 tx timeout
[  744.140402][T15357] 8021q: adding VLAN 0 to HW filter on device bond3
[  744.143255][T15357] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  744.154646][T15357] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  746.500664][T15385] netlink: 'syz.1.3415': attribute type 1 has an invalid length.
[  747.163680][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  747.163746][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  747.614999][ T5914] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  748.174805][ T5914] usb 1-1: Using ep0 maxpacket: 16
[  748.180643][ T5914] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  748.180674][ T5914] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  748.180696][ T5914] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  748.180735][ T5914] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  748.180757][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  748.403212][ T5914] usb 1-1: config 0 descriptor??
[  748.837581][ T5914] hid_parser_main: 24 callbacks suppressed
[  748.837606][ T5914] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  748.837637][ T5914] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  748.837665][ T5914] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  748.837692][ T5914] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  748.837719][ T5914] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  748.837746][ T5914] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  748.837773][ T5914] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  748.837800][ T5914] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  748.837827][ T5914] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  748.837853][ T5914] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  748.967602][ T5914] microsoft 0003:045E:07DA.0005: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[  748.967634][ T5914] microsoft 0003:045E:07DA.0005: no inputs found
[  748.967646][ T5914] microsoft 0003:045E:07DA.0005: could not initialize ff, continuing anyway
[  749.982169][ T5914] usb 1-1: USB disconnect, device number 34
[  750.047062][T13958] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  750.063818][T13958] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  750.068434][T13958] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  750.073960][T13958] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  750.079120][T13958] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  750.383725][T15423] fido_id[15423]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  751.948482][T15440] netlink: 'syz.0.3437': attribute type 1 has an invalid length.
[  752.248118][T13958] Bluetooth: hci0: command tx timeout
[  753.514962][T15440] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  754.052751][T15420] chnl_net:caif_netlink_parms(): no params data found
[  754.285006][T13958] Bluetooth: hci0: command tx timeout
[  755.541348][ T1027] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  755.647033][T15468] netlink: 'syz.3.3434': attribute type 1 has an invalid length.
[  756.344892][T13958] Bluetooth: hci0: command tx timeout
[  757.472723][ T1027] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  757.634957][T15420] bridge0: port 1(bridge_slave_0) entered blocking state
[  757.636536][T15420] bridge0: port 1(bridge_slave_0) entered disabled state
[  757.636714][T15420] bridge_slave_0: entered allmulticast mode
[  757.751693][T15486] netlink: 'syz.3.3449': attribute type 1 has an invalid length.
[  757.833723][T15420] bridge_slave_0: entered promiscuous mode
[  758.288947][T15486] 8021q: adding VLAN 0 to HW filter on device bond4
[  758.487727][T13958] Bluetooth: hci0: command tx timeout
[  759.001396][T15487] 8021q: adding VLAN 0 to HW filter on device bond4
[  759.001676][T15487] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address
[  759.002353][T15487] bond4: (slave vxcan3): Error -95 calling set_mac_address
[  759.186131][T15420] bridge0: port 2(bridge_slave_1) entered blocking state
[  759.186279][T15420] bridge0: port 2(bridge_slave_1) entered disabled state
[  759.186500][T15420] bridge_slave_1: entered allmulticast mode
[  759.188985][T15420] bridge_slave_1: entered promiscuous mode
[  759.607278][ T1027] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  759.759161][T15420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  759.761777][T15420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  760.020785][ T1027] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  762.294075][T15420] team0: Port device team_slave_0 added
[  762.299521][T15420] team0: Port device team_slave_1 added
[  762.518923][T15420] batman_adv: batadv0: Adding interface: batadv_slave_0
[  762.518949][T15420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  762.518974][T15420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  762.526593][T15420] batman_adv: batadv0: Adding interface: batadv_slave_1
[  762.526609][T15420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  762.526634][T15420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  763.582998][T15420] hsr_slave_0: entered promiscuous mode
[  763.584225][T15420] hsr_slave_1: entered promiscuous mode
[  763.601884][T15420] debugfs: 'hsr0' already exists in 'hsr'
[  763.601909][T15420] Cannot create hsr debugfs directory
[  763.787602][T15521] netlink: 'syz.4.3454': attribute type 1 has an invalid length.
[  764.033499][ T1027] bridge_slave_1: left allmulticast mode
[  764.033527][ T1027] bridge_slave_1: left promiscuous mode
[  764.033748][ T1027] bridge0: port 2(bridge_slave_1) entered disabled state
[  764.313592][ T1027] bridge_slave_0: left allmulticast mode
[  764.313613][ T1027] bridge_slave_0: left promiscuous mode
[  764.313770][ T1027] bridge0: port 1(bridge_slave_0) entered disabled state
[  765.022171][T15541] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3460'.
[  771.131266][ T1027] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  771.283193][ T1027] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  771.367293][ T1027] bond0 (unregistering): Released all slaves
[  771.372402][ T1027] bond1 (unregistering): Released all slaves
[  774.027620][T15618] netlink: 'syz.3.3474': attribute type 1 has an invalid length.
[  774.324817][   T10] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  774.480571][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  774.480605][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  774.480642][   T10] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  774.480664][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  774.493730][   T10] usb 2-1: config 0 descriptor??
[  774.931550][   T10] hid_parser_main: 24 callbacks suppressed
[  774.931574][   T10] cm6533_jd 0003:0D8C:0022.0006: unknown main item tag 0x0
[  774.931781][   T10] cm6533_jd 0003:0D8C:0022.0006: unknown main item tag 0x0
[  775.003344][   T10] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.0006/input/input19
[  776.084680][   T10] cm6533_jd 0003:0D8C:0022.0006: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0
[  776.096553][   T10] usb 2-1: USB disconnect, device number 17
[  776.510744][T15635] fido_id[15635]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  778.524935][T15654] ptrace attach of "./syz-executor exec"[15658] was attempted by "./syz-executor exec"[15654]
[  778.848586][ T1027] hsr_slave_0: left promiscuous mode
[  779.144895][ T1027] hsr_slave_1: left promiscuous mode
[  779.145765][ T1027] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  779.145781][ T1027] batman_adv: batadv0: Removing interface: batadv_slave_0
[  779.177358][ T1027] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  779.177385][ T1027] batman_adv: batadv0: Removing interface: batadv_slave_1
[  780.343249][ T1027] veth1_macvtap: left promiscuous mode
[  780.343350][ T1027] veth0_macvtap: left promiscuous mode
[  780.343607][ T1027] veth1_vlan: left promiscuous mode
[  780.371239][ T1027] veth0_vlan: left promiscuous mode
[  784.531266][T15696] ptrace attach of ""[15702] was attempted by "./syz-executor exec"[15696]
[  785.354932][T15701] ptrace attach of "./syz-executor exec"[15705] was attempted by "./syz-executor exec"[15701]
[  786.875480][ T1027] team0 (unregistering): Port device team_slave_1 removed
[  786.935466][ T1027] team0 (unregistering): Port device team_slave_0 removed
[  788.286221][T15420] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  788.336497][T15420] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  788.437970][T15420] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  788.513270][T15420] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  789.004408][T15420] 8021q: adding VLAN 0 to HW filter on device bond0
[  790.111868][T15420] 8021q: adding VLAN 0 to HW filter on device team0
[  790.153642][T14198] bridge0: port 1(bridge_slave_0) entered blocking state
[  790.163395][T14198] bridge0: port 1(bridge_slave_0) entered forwarding state
[  790.368935][T14198] bridge0: port 2(bridge_slave_1) entered blocking state
[  790.370191][T14198] bridge0: port 2(bridge_slave_1) entered forwarding state
[  792.942191][T15420] 8021q: adding VLAN 0 to HW filter on device batadv0
[  794.047535][T15420] veth0_vlan: entered promiscuous mode
[  794.237134][T15420] veth1_vlan: entered promiscuous mode
[  794.597852][T15420] veth0_macvtap: entered promiscuous mode
[  794.629466][T15420] veth1_macvtap: entered promiscuous mode
[  794.688234][T15420] batman_adv: batadv0: Interface activated: batadv_slave_0
[  794.715699][T15420] batman_adv: batadv0: Interface activated: batadv_slave_1
[  794.748777][T14198] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  794.753518][T14198] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  794.753563][T14198] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  794.753605][T14198] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  797.652158][  T125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  797.652173][  T125] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  798.392960][ T1490] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  798.392982][ T1490] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  798.465843][T15811] netlink: 'syz.1.3522': attribute type 1 has an invalid length.
[  798.824927][T13958] Bluetooth: hci5: command 0x0406 tx timeout
[  798.888298][T15811] 8021q: adding VLAN 0 to HW filter on device bond3
[  799.764930][T15816] ptrace attach of "./syz-executor exec"[15818] was attempted by "./syz-executor exec"[15816]
[  802.330160][T15813] 8021q: adding VLAN 0 to HW filter on device bond3
[  802.330411][T15813] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  802.333234][T15813] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  803.592691][T15833] fuse: Unknown parameter 'grou00000000000000000000'
[  805.268338][T15857] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3532'.
[  807.554841][T15855] ptrace attach of "./syz-executor exec"[15865] was attempted by "./syz-executor exec"[15855]
[  808.604545][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  808.605485][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  811.736147][T15883] fuse: Unknown parameter 'grou00000000000000000000'
[  814.293761][T15897] ptrace attach of ""[15898] was attempted by "./syz-executor exec"[15897]
[  817.524847][T15900] ptrace attach of "./syz-executor exec"[15914] was attempted by "./syz-executor exec"[15900]
[  818.436268][   T37] audit: type=1800 audit(1773715623.267:8): pid=15920 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.3547" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  819.757155][T15929] fuse: Unknown parameter 'grou00000000000000000000'
[  820.781422][T15932] ptrace attach of ""[15933] was attempted by "./syz-executor exec"[15932]
[  823.764859][T15945] ptrace attach of "./syz-executor exec"[15967] was attempted by "./syz-executor exec"[15945]
[  830.518423][T16027] ptrace attach of "./syz-executor exec"[16029] was attempted by "./syz-executor exec"[16027]
[  838.244970][T16074] ptrace attach of "./syz-executor exec"[16078] was attempted by "./syz-executor exec"[16074]
[  840.504821][T16085] ptrace attach of "./syz-executor exec"[16086] was attempted by "./syz-executor exec"[16085]
[  845.244262][T16112] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3607'.
[  849.801028][ T5803] Bluetooth: hci0: link tx timeout
[  849.802161][ T5803] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  852.620094][T13958] Bluetooth: hci0: command 0x0406 tx timeout
[  863.497997][ T5803] Bluetooth: hci3: Unknown advertising packet type: 0x3e
[  866.924748][T15850] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  867.127738][T15850] usb 4-1: Using ep0 maxpacket: 32
[  867.761460][T15850] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  867.761488][T15850] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  867.761508][T15850] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  867.761530][T15850] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  867.761548][T15850] usb 4-1: config 1 has no interface number 0
[  867.761575][T15850] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  867.761587][T15850] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  867.862354][T15850] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  867.938706][ T5803] Bluetooth: hci4: Unknown advertising packet type: 0x3e
[  868.070099][T15850] snd_usb_pod 4-1:1.1: endpoint not available, using fallback values
[  868.070467][T15850] snd_usb_pod 4-1:1.1: invalid control EP
[  868.070481][T15850] snd_usb_pod 4-1:1.1: cannot start listening: -22
[  868.070755][T15850] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  868.071294][T15850] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -22
[  869.255645][ T5914] usb 4-1: USB disconnect, device number 30
[  870.030878][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  870.030953][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  876.154244][T16347] ptrace attach of ""[16346] was attempted by "./syz-executor exec"[16347]
[  876.185196][ T5914] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  876.434790][ T5914] usb 4-1: Using ep0 maxpacket: 32
[  876.437969][ T5914] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  876.437994][ T5914] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  876.438014][ T5914] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  876.438032][ T5914] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  876.438052][ T5914] usb 4-1: config 1 has no interface number 0
[  876.438095][ T5914] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  876.438117][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  876.532004][ T5914] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  876.734564][ T5914] snd_usb_pod 4-1:1.1: endpoint not available, using fallback values
[  876.743637][ T5914] snd_usb_pod 4-1:1.1: invalid control EP
[  876.743656][ T5914] snd_usb_pod 4-1:1.1: cannot start listening: -22
[  876.743943][ T5914] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  876.764935][ T5914] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -22
[  876.955295][ T5914] usb 4-1: USB disconnect, device number 31
[  881.699477][T16389] ptrace attach of ""[16388] was attempted by "./syz-executor exec"[16389]
[  883.228397][T16401] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3696'.
[  886.857990][T16426] ptrace attach of ""[16425] was attempted by "./syz-executor exec"[16426]
[  889.438855][T16445] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3707'.
[  889.464502][T16446] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3708'.
[  891.870523][T16500] netlink: 'syz.2.3714': attribute type 1 has an invalid length.
[  892.597810][T16500] 8021q: adding VLAN 0 to HW filter on device bond1
[  896.806384][T16504] 8021q: adding VLAN 0 to HW filter on device bond1
[  896.806630][T16504] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  896.807271][T16504] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  898.881828][T16537] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3722'.
[  903.495520][T16599] netlink: 'syz.0.3730': attribute type 1 has an invalid length.
[  904.811381][T16599] 8021q: adding VLAN 0 to HW filter on device bond4
[  915.555318][T16623] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3736'.
[  917.262806][T13958] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  917.276524][T13958] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  917.277840][T13958] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  917.288688][T13958] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  917.305038][T13958] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  919.991145][ T5803] Bluetooth: hci1: command tx timeout
[  920.559876][T16672] chnl_net:caif_netlink_parms(): no params data found
[  921.774208][ T6001] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  922.024796][ T5803] Bluetooth: hci1: command tx timeout
[  923.958364][T16721] netlink: 'syz.4.3747': attribute type 1 has an invalid length.
[  924.138652][ T5803] Bluetooth: hci1: command tx timeout
[  925.057559][ T6001] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  925.147716][T16721] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  926.184779][ T5803] Bluetooth: hci1: command tx timeout
[  926.400215][ T6001] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  926.474799][T16672] bridge0: port 1(bridge_slave_0) entered blocking state
[  926.474863][T16672] bridge0: port 1(bridge_slave_0) entered disabled state
[  926.474968][T16672] bridge_slave_0: entered allmulticast mode
[  926.482719][T16672] bridge_slave_0: entered promiscuous mode
[  926.516016][T16672] bridge0: port 2(bridge_slave_1) entered blocking state
[  926.524468][T16672] bridge0: port 2(bridge_slave_1) entered disabled state
[  926.534796][T16672] bridge_slave_1: entered allmulticast mode
[  926.543484][T16672] bridge_slave_1: entered promiscuous mode
[  926.913891][ T6001] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  927.088873][T16672] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  927.092590][T16672] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  927.289411][T16672] team0: Port device team_slave_0 added
[  927.312331][T16672] team0: Port device team_slave_1 added
[  929.081322][T16672] batman_adv: batadv0: Adding interface: batadv_slave_0
[  929.081338][T16672] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  929.081361][T16672] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  929.163369][T16672] batman_adv: batadv0: Adding interface: batadv_slave_1
[  929.163386][T16672] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  929.163412][T16672] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  929.333364][ T6001] bridge_slave_1: left allmulticast mode
[  929.333391][ T6001] bridge_slave_1: left promiscuous mode
[  929.333722][ T6001] bridge0: port 2(bridge_slave_1) entered disabled state
[  929.437466][ T6001] bridge_slave_0: left allmulticast mode
[  929.437494][ T6001] bridge_slave_0: left promiscuous mode
[  929.437704][ T6001] bridge0: port 1(bridge_slave_0) entered disabled state
[  929.495776][T16778] netlink: 'syz.1.3767': attribute type 1 has an invalid length.
[  931.587106][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  931.587171][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  933.205285][ T6001] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  933.285865][ T6001] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  933.309106][ T6001] bond0 (unregistering): Released all slaves
[  933.390612][ T6001] bond1 (unregistering): Released all slaves
[  934.471155][T16778] 8021q: adding VLAN 0 to HW filter on device bond4
[  934.595127][T16672] hsr_slave_0: entered promiscuous mode
[  934.598712][T16672] hsr_slave_1: entered promiscuous mode
[  934.599591][T16672] debugfs: 'hsr0' already exists in 'hsr'
[  934.599613][T16672] Cannot create hsr debugfs directory
[  939.645403][T16867] ptrace attach of "./syz-executor exec"[16868] was attempted by "./syz-executor exec"[16867]
[  941.082070][T16881] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3783'.
[  942.774703][ T6001] hsr_slave_0: left promiscuous mode
[  942.836079][ T6001] hsr_slave_1: left promiscuous mode
[  942.838699][ T6001] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  942.838722][ T6001] batman_adv: batadv0: Removing interface: batadv_slave_0
[  943.071218][ T6001] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  943.072194][ T6001] batman_adv: batadv0: Removing interface: batadv_slave_1
[  943.306504][ T6001] veth1_macvtap: left promiscuous mode
[  943.311499][ T6001] veth0_macvtap: left promiscuous mode
[  943.312251][ T6001] veth1_vlan: left promiscuous mode
[  943.312428][ T6001] veth0_vlan: left promiscuous mode
[  944.525213][T16899] ptrace attach of "./syz-executor exec"[16900] was attempted by "./syz-executor exec"[16899]
[  945.822062][T16909] ptrace attach of "./syz-executor exec"[16910] was attempted by "./syz-executor exec"[16909]
[  946.625361][ T6001] team0 (unregistering): Port device team_slave_1 removed
[  946.689058][ T6001] team0 (unregistering): Port device team_slave_0 removed
[  949.702978][T16672] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  950.168320][T16672] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  950.754766][T16942] ptrace attach of "./syz-executor exec"[16945] was attempted by "./syz-executor exec"[16942]
[  951.508059][T16672] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  951.620874][T16672] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  953.023577][T16672] 8021q: adding VLAN 0 to HW filter on device bond0
[  953.057682][T16672] 8021q: adding VLAN 0 to HW filter on device team0
[  953.107995][ T1126] bridge0: port 1(bridge_slave_0) entered blocking state
[  953.108259][ T1126] bridge0: port 1(bridge_slave_0) entered forwarding state
[  953.133568][ T1126] bridge0: port 2(bridge_slave_1) entered blocking state
[  953.134097][ T1126] bridge0: port 2(bridge_slave_1) entered forwarding state
[  953.221185][T16672] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  953.221200][T16672] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  955.602011][T16672] 8021q: adding VLAN 0 to HW filter on device batadv0
[  956.448378][T16672] veth0_vlan: entered promiscuous mode
[  956.469269][T16672] veth1_vlan: entered promiscuous mode
[  956.516186][T16672] veth0_macvtap: entered promiscuous mode
[  956.569718][T16672] veth1_macvtap: entered promiscuous mode
[  956.668322][T16672] batman_adv: batadv0: Interface activated: batadv_slave_0
[  956.685453][T16672] batman_adv: batadv0: Interface activated: batadv_slave_1
[  956.717203][T16479] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  956.717482][T16479] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  956.717753][T16479] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  956.719637][T16479] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  957.884856][T17037] ptrace attach of "./syz-executor exec"[17039] was attempted by "./syz-executor exec"[17037]
[  959.565332][ T1023] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  959.565353][ T1023] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  959.772440][  T231] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  959.772460][  T231] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  963.425043][T17090] ptrace attach of "./syz-executor exec"[17091] was attempted by "./syz-executor exec"[17090]
[  964.950425][T17109] fuse: Bad value for 'group_id'
[  964.950444][T17109] fuse: Bad value for 'group_id'
[  967.382015][T17132] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[17132]
[  971.045280][T17159] fuse: Bad value for 'group_id'
[  971.045299][T17159] fuse: Bad value for 'group_id'
[  973.275595][T17179] ptrace attach of "./syz-executor exec"[17180] was attempted by "./syz-executor exec"[17179]
[  974.338547][T17190] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3857'.
[  974.859536][T17203] fuse: Bad value for 'fd'
[  977.141079][T17223] fuse: Bad value for 'group_id'
[  977.141098][T17223] fuse: Bad value for 'group_id'
[  978.082943][T17233] netlink: 'syz.1.3865': attribute type 1 has an invalid length.
[  978.107402][T17233] 8021q: adding VLAN 0 to HW filter on device bond5
[  987.824840][T17242] ptrace attach of "./syz-executor exec"[17244] was attempted by "./syz-executor exec"[17242]
[  989.604690][T15850] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  989.761435][T17284] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  989.764422][T17284] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  989.769275][T17284] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  989.795137][T15850] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  989.795167][T15850] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  989.795202][T15850] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  989.795223][T15850] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  989.799034][T17283] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input24
[  989.799152][T17284] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  989.801847][T17284] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  989.803915][T15850] usb 2-1: config 0 descriptor??
[  990.197859][T17289] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3868'.
[  990.287677][T15850] usbhid 2-1:0.0: can't add hid device: -71
[  990.287809][T15850] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  990.327327][T15850] usb 2-1: USB disconnect, device number 18
[  990.862733][T17297] ptrace attach of "./syz-executor exec"[17299] was attempted by "./syz-executor exec"[17297]
[  991.686758][T17316] netlink: 'syz.5.3881': attribute type 1 has an invalid length.
[  992.027132][ T5803] Bluetooth: hci0: command tx timeout
[  992.428405][T17340] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3887'.
[  992.823267][ T1126] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  992.873833][T17281] chnl_net:caif_netlink_parms(): no params data found
[  992.885216][T12026] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  992.924444][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  992.924536][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  993.046424][T12026] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  993.046456][T12026] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  993.046492][T12026] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  993.046513][T12026] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  993.213399][T12026] usb 5-1: config 0 descriptor??
[  994.104651][ T5803] Bluetooth: hci0: command tx timeout
[  994.255182][T12026] usbhid 5-1:0.0: can't add hid device: -71
[  994.255293][T12026] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  994.257193][ T1126] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  994.347097][T12026] usb 5-1: USB disconnect, device number 33
[  994.702090][T17366] netlink: 'syz.5.3895': attribute type 1 has an invalid length.
[  995.660733][ T1126] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  995.779014][T17281] bridge0: port 1(bridge_slave_0) entered blocking state
[  995.783830][T17281] bridge0: port 1(bridge_slave_0) entered disabled state
[  995.783970][T17281] bridge_slave_0: entered allmulticast mode
[  995.791812][T17281] bridge_slave_0: entered promiscuous mode
[  995.807459][T17281] bridge0: port 2(bridge_slave_1) entered blocking state
[  995.807590][T17281] bridge0: port 2(bridge_slave_1) entered disabled state
[  995.807761][T17281] bridge_slave_1: entered allmulticast mode
[  995.974397][T17381] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3899'.
[  996.185750][ T5803] Bluetooth: hci0: command tx timeout
[  996.935454][T17281] bridge_slave_1: entered promiscuous mode
[  998.264749][ T5803] Bluetooth: hci0: command tx timeout
[ 1000.766000][T17390] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3903'.
[ 1000.962271][ T1126] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1001.069089][T17394] mmap: syz.4.3903 (17394) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 1002.341228][T17403] fuse: Bad value for 'group_id'
[ 1002.341247][T17403] fuse: Bad value for 'group_id'
[ 1002.573328][T17281] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1002.593409][T17281] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1003.769583][T17412] netlink: 'syz.5.3910': attribute type 1 has an invalid length.
[ 1003.812580][T17281] team0: Port device team_slave_0 added
[ 1003.836439][T17281] team0: Port device team_slave_1 added
[ 1003.973718][T17281] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1003.973753][T17281] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1003.973790][T17281] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1004.340430][T17422] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3908'.
[ 1004.355505][T17281] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1004.355520][T17281] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1004.355545][T17281] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1004.742128][T17435] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3914'.
[ 1005.471877][T17434] bridge_slave_0: left allmulticast mode
[ 1005.472104][T17434] bridge_slave_0: left promiscuous mode
[ 1005.479876][T17434] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1006.648638][T17434] bridge_slave_1: left allmulticast mode
[ 1006.648672][T17434] bridge_slave_1: left promiscuous mode
[ 1006.660237][T17434] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1008.099335][T17434] bond0: (slave bond_slave_0): Releasing backup interface
[ 1008.297299][T17434] bond0: (slave bond_slave_1): Releasing backup interface
[ 1008.487475][T17434] team0: Port device team_slave_0 removed
[ 1008.560999][T17434] team0: Port device team_slave_1 removed
[ 1008.561598][T17434] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1008.561613][T17434] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1008.624166][T17434] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1008.624193][T17434] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1008.818879][T17434] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 1009.647790][T17281] hsr_slave_0: entered promiscuous mode
[ 1009.648505][T17281] hsr_slave_1: entered promiscuous mode
[ 1009.648955][T17281] debugfs: 'hsr0' already exists in 'hsr'
[ 1009.648968][T17281] Cannot create hsr debugfs directory
[ 1010.005936][T17450] fuse: Bad value for 'group_id'
[ 1010.005955][T17450] fuse: Bad value for 'group_id'
[ 1010.118525][ T1126] bridge_slave_1: left allmulticast mode
[ 1010.118552][ T1126] bridge_slave_1: left promiscuous mode
[ 1010.118785][ T1126] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1010.226306][ T1126] bridge_slave_0: left allmulticast mode
[ 1010.226324][ T1126] bridge_slave_0: left promiscuous mode
[ 1010.226476][ T1126] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1010.450813][T17466] netlink: 192 bytes leftover after parsing attributes in process `syz.5.3921'.
[ 1010.802181][   T37] audit: type=1800 audit(1773715815.627:9): pid=17473 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.3923" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[ 1011.106007][T17477] netlink: 'syz.1.3924': attribute type 1 has an invalid length.
[ 1011.746923][ T1126] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1011.788744][ T1126] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1011.807191][ T1126] bond0 (unregistering): Released all slaves
[ 1011.850878][ T1126] bond1 (unregistering): (slave team0): Releasing active interface
[ 1011.887354][ T1126] bond1 (unregistering): Released all slaves
[ 1011.898918][ T1126] bond2 (unregistering): Released all slaves
[ 1011.911497][ T1126] bond3 (unregistering): Released all slaves
[ 1011.924156][ T1126] bond4 (unregistering): Released all slaves
[ 1011.995660][T17477] 8021q: adding VLAN 0 to HW filter on device bond6
[ 1012.257265][T17481] bridge0: port 1(syz_tun) entered blocking state
[ 1012.257375][T17481] bridge0: port 1(syz_tun) entered disabled state
[ 1012.339365][T17481] syz_tun: entered allmulticast mode
[ 1012.395209][T17481] syz_tun: entered promiscuous mode
[ 1012.488763][T17481] bridge0: port 1(syz_tun) entered blocking state
[ 1012.488872][T17481] bridge0: port 1(syz_tun) entered forwarding state
[ 1013.525818][   T37] audit: type=1800 audit(1773715818.347:10): pid=17516 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.3934" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[ 1014.854110][T17532] netlink: 'syz.5.3937': attribute type 1 has an invalid length.
[ 1014.892536][T17532] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1016.287492][ T1126] hsr_slave_0: left promiscuous mode
[ 1016.376241][ T1126] hsr_slave_1: left promiscuous mode
[ 1016.379509][ T1126] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1016.379534][ T1126] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1016.622510][ T1126] veth1_macvtap: left promiscuous mode
[ 1016.622610][ T1126] veth0_macvtap: left promiscuous mode
[ 1016.622858][ T1126] veth1_vlan: left promiscuous mode
[ 1016.623040][ T1126] veth0_vlan: left promiscuous mode
[ 1017.944641][   T37] audit: type=1800 audit(1773715822.757:11): pid=17568 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.3945" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0
[ 1020.714460][T17593] netlink: 'syz.4.3952': attribute type 1 has an invalid length.
[ 1021.158020][T17600] netlink: 192 bytes leftover after parsing attributes in process `syz.5.3953'.
[ 1021.272064][ T1126] team0 (unregistering): Port device team_slave_1 removed
[ 1021.379331][ T1126] team0 (unregistering): Port device team_slave_0 removed
[ 1021.623572][   T37] audit: type=1800 audit(1773715826.447:12): pid=17604 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.3955" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[ 1021.972076][T17281] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1022.156277][T17593] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[ 1022.174798][T17281] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1022.356697][T17613] dns_resolver: Unsupported content type (152)
[ 1023.139857][T17281] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1023.254744][T17281] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1025.686448][T17281] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1025.743835][T17281] 8021q: adding VLAN 0 to HW filter on device team0
[ 1025.768932][  T231] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1025.769240][  T231] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1025.801657][   T80] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1025.801750][   T80] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1027.267964][T17657] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3964'.
[ 1028.463123][T17644] ptrace attach of ""[17658] was attempted by "./syz-executor exec"[17644]
[ 1030.912174][   T37] audit: type=1800 audit(1773715835.707:13): pid=17666 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.3966" name="SYSV00000000" dev="hugetlbfs" ino=4 res=0 errno=0
[ 1031.608512][T17674] netlink: 'syz.0.3968': attribute type 1 has an invalid length.
[ 1031.942169][T17674] 8021q: adding VLAN 0 to HW filter on device bond5
[ 1033.288180][T17281] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1033.631888][ T1126] IPVS: stop unused estimator thread 0...
[ 1033.813015][T17703] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3974'.
[ 1034.719540][T17281] veth0_vlan: entered promiscuous mode
[ 1034.814809][T17281] veth1_vlan: entered promiscuous mode
[ 1034.924917][T17281] veth0_macvtap: entered promiscuous mode
[ 1034.967795][T17281] veth1_macvtap: entered promiscuous mode
[ 1035.051628][T17281] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1035.086965][T17281] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1035.151115][T16479] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1035.155975][T16479] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1035.157063][T16479] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1035.157267][T16479] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1035.291215][T17726] syzkaller0: entered promiscuous mode
[ 1035.291233][T17726] syzkaller0: entered allmulticast mode
[ 1036.346017][T17735] ptrace attach of "./syz-executor exec"[17737] was attempted by "./syz-executor exec"[17735]
[ 1037.674665][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1037.674686][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1037.771055][T17746] netlink: 'syz.1.3979': attribute type 1 has an invalid length.
[ 1038.244737][T17747] netlink: 'syz.5.3981': attribute type 1 has an invalid length.
[ 1038.388726][T16479] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1038.388745][T16479] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1038.765435][T17747] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1042.523344][T17798] overlayfs: failed to resolve './file1': -2
[ 1042.735996][T17799] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3980'.
[ 1045.224119][T17811] netlink: 'syz.4.3996': attribute type 1 has an invalid length.
[ 1045.483034][T17811] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1047.281949][T17830] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4000'.
[ 1049.270735][T17836] ptrace attach of ""[17838] was attempted by "./syz-executor exec"[17836]
[ 1051.649734][T17854] bridge0: port 3(syz_tun) entered blocking state
[ 1051.678720][T17854] bridge0: port 3(syz_tun) entered disabled state
[ 1051.678957][T17854] syz_tun: entered allmulticast mode
[ 1051.804083][T17854] syz_tun: entered promiscuous mode
[ 1051.841492][T17854] bridge0: port 3(syz_tun) entered blocking state
[ 1051.853842][T17854] bridge0: port 3(syz_tun) entered forwarding state
[ 1052.449953][T17865] netlink: 'syz.5.4010': attribute type 1 has an invalid length.
[ 1052.921581][T17865] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1053.056599][T17871] fuse: Bad value for 'fd'
[ 1053.510623][T17886] overlayfs: failed to clone upperpath
[ 1054.744018][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.744085][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.957995][T17892] ptrace attach of "./syz-executor exec"[17899] was attempted by "./syz-executor exec"[17892]
[ 1058.504825][T17915] ptrace attach of "./syz-executor exec"[17917] was attempted by "./syz-executor exec"[17915]
[ 1058.825242][T17919] netlink: 68 bytes leftover after parsing attributes in process `syz.6.4019'.
[ 1060.621632][   T80] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1060.918164][T17966] netlink: 'syz.0.4025': attribute type 1 has an invalid length.
[ 1061.978770][T17284] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1062.014798][T17284] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1062.016473][T17284] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1062.022985][T17284] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1062.078546][T17284] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1062.394009][T17966] 8021q: adding VLAN 0 to HW filter on device bond6
[ 1062.514678][ T5914] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[ 1062.664658][ T5914] usb 5-1: device descriptor read/64, error -71
[ 1062.842341][T17987] fuse: Unknown parameter '0x0000000000000003'
[ 1062.858801][   T80] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1062.914681][ T5914] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[ 1063.453557][T17991] ptrace attach of "./syz-executor exec"[17992] was attempted by "./syz-executor exec"[17991]
[ 1064.205537][T17284] Bluetooth: hci2: command tx timeout
[ 1064.324885][ T5914] usb 5-1: device descriptor read/64, error -71
[ 1064.440953][ T5914] usb usb5-port1: attempt power cycle
[ 1064.819050][   T80] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1064.844671][ T5914] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[ 1064.883077][ T5914] usb 5-1: device descriptor read/8, error -71
[ 1065.135198][ T5914] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[ 1065.195862][ T5914] usb 5-1: device descriptor read/8, error -71
[ 1065.333243][ T5914] usb usb5-port1: unable to enumerate USB device
[ 1066.514796][T18001] ptrace attach of "./syz-executor exec"[18009] was attempted by "./syz-executor exec"[18001]
[ 1066.693282][T17284] Bluetooth: hci2: command tx timeout
[ 1067.120580][T17858] bridge0: port 3(syz_tun) entered disabled state
[ 1067.460506][T17858] syz_tun (unregistering): left allmulticast mode
[ 1067.460531][T17858] syz_tun (unregistering): left promiscuous mode
[ 1067.460616][T17858] bridge0: port 3(syz_tun) entered disabled state
[ 1068.744700][T17284] Bluetooth: hci2: command tx timeout
[ 1070.096449][T18035] ptrace attach of "./syz-executor exec"[18036] was attempted by "./syz-executor exec"[18035]
[ 1070.874462][T17284] Bluetooth: hci2: command tx timeout
[ 1071.007606][   T80] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1071.789034][T18047] overlayfs: failed to resolve './file1': -2
[ 1072.274796][   T80] bridge_slave_1: left allmulticast mode
[ 1072.274832][   T80] bridge_slave_1: left promiscuous mode
[ 1072.275055][   T80] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1072.357283][   T80] bridge_slave_0: left allmulticast mode
[ 1072.357308][   T80] bridge_slave_0: left promiscuous mode
[ 1072.357550][   T80] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1074.002225][T13958] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1074.048073][T13958] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1074.112399][T18076] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4049'.
[ 1074.313451][T18075] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1074.331524][T18075] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1074.412260][T18075] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1074.429473][T18075] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1074.463845][T18075] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1074.491773][T18075] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1074.520572][T18075] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1074.550953][T18075] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1075.195215][   T80] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1075.385144][   T80] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1075.406950][   T80] bond0 (unregistering): Released all slaves
[ 1075.411960][   T80] bond1 (unregistering): Released all slaves
[ 1075.420806][   T80] bond2 (unregistering): Released all slaves
[ 1075.520991][   T80] bond3 (unregistering): Released all slaves
[ 1075.733742][   T80] bond4 (unregistering): Released all slaves
[ 1075.915121][   T80] bond5 (unregistering): Released all slaves
[ 1076.083137][   T80] bond6 (unregistering): Released all slaves
[ 1076.244997][T18076] IPv6: sit1: Disabled Multicast RS
[ 1076.246564][T18076] sit1: entered allmulticast mode
[ 1076.349229][T17970] chnl_net:caif_netlink_parms(): no params data found
[ 1076.928952][T18090] ptrace attach of "./syz-executor exec"[18091] was attempted by "./syz-executor exec"[18090]
[ 1077.762627][T13958] Bluetooth: hci4: command tx timeout
[ 1077.763221][T13958] Bluetooth: hci0: command tx timeout
[ 1079.178890][T17970] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1079.179041][T17970] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1079.179188][T17970] bridge_slave_0: entered allmulticast mode
[ 1079.180609][T17970] bridge_slave_0: entered promiscuous mode
[ 1080.284623][T18075] Bluetooth: hci0: command tx timeout
[ 1080.284655][T18075] Bluetooth: hci4: command tx timeout
[ 1080.431801][T17970] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1080.431866][T17970] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1080.432007][T17970] bridge_slave_1: entered allmulticast mode
[ 1080.435490][T17970] bridge_slave_1: entered promiscuous mode
[ 1080.616354][T18111] netlink: 192 bytes leftover after parsing attributes in process `syz.0.4057'.
[ 1080.696062][T17970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1080.734799][T18113] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4058'.
[ 1081.067520][T17970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1081.302991][T17970] team0: Port device team_slave_0 added
[ 1081.335752][T17970] team0: Port device team_slave_1 added
[ 1081.897064][T18154] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4059'.
[ 1082.375008][T18075] Bluetooth: hci0: command tx timeout
[ 1082.375187][T13958] Bluetooth: hci4: command tx timeout
[ 1082.481202][   T80] hsr_slave_0: left promiscuous mode
[ 1082.499579][   T80] hsr_slave_1: left promiscuous mode
[ 1082.500522][   T80] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1082.500543][   T80] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1082.547168][   T80] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1082.547195][   T80] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1082.616156][   T80] veth1_macvtap: left promiscuous mode
[ 1082.616266][   T80] veth0_macvtap: left promiscuous mode
[ 1082.616512][   T80] veth1_vlan: left promiscuous mode
[ 1082.616674][   T80] veth0_vlan: left promiscuous mode
[ 1083.104959][   T80] team0 (unregistering): Port device team_slave_1 removed
[ 1083.130017][   T80] team0 (unregistering): Port device team_slave_0 removed
[ 1084.435666][T18075] Bluetooth: hci0: command tx timeout
[ 1084.435711][T13958] Bluetooth: hci4: command tx timeout
[ 1084.505194][T18174] overlayfs: failed to resolve './file0': -2
[ 1084.727274][T17970] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1084.727286][T17970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1084.727300][T17970] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1084.794183][T17970] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1084.794194][T17970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1084.794209][T17970] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1085.406690][T17970] hsr_slave_0: entered promiscuous mode
[ 1085.407910][T17970] hsr_slave_1: entered promiscuous mode
[ 1085.465355][T18071] chnl_net:caif_netlink_parms(): no params data found
[ 1085.643883][T18069] chnl_net:caif_netlink_parms(): no params data found
[ 1087.173748][T18071] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1087.173861][T18071] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1087.174024][T18071] bridge_slave_0: entered allmulticast mode
[ 1087.207745][T18071] bridge_slave_0: entered promiscuous mode
[ 1087.325029][T18071] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1087.325176][T18071] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1087.325650][T18071] bridge_slave_1: entered allmulticast mode
[ 1087.344729][T18071] bridge_slave_1: entered promiscuous mode
[ 1087.465239][T18069] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1087.465355][T18069] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1087.465541][T18069] bridge_slave_0: entered allmulticast mode
[ 1087.468424][T18069] bridge_slave_0: entered promiscuous mode
[ 1087.488285][T18069] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1087.488394][T18069] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1087.488563][T18069] bridge_slave_1: entered allmulticast mode
[ 1087.490872][T18069] bridge_slave_1: entered promiscuous mode
[ 1087.878372][T18071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1087.935316][T18069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1087.938341][T18071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1088.324045][T18069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1089.037646][T18224] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4068'.
[ 1089.695022][T18225] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4067'.
[ 1091.322995][   T80] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1091.840191][T18071] team0: Port device team_slave_0 added
[ 1091.842995][T18069] team0: Port device team_slave_0 added
[ 1092.451534][T18231] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1093.685505][   T80] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1093.816193][T18069] team0: Port device team_slave_1 added
[ 1093.837293][T18071] team0: Port device team_slave_1 added
[ 1094.131009][   T80] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1094.272411][T18069] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1094.272427][T18069] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1094.272451][T18069] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1094.304955][T18071] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1094.304973][T18071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1094.304997][T18071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1094.366715][T18069] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1094.366731][T18069] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1094.366755][T18069] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1094.371905][T18071] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1094.371927][T18071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1094.371951][T18071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1094.628589][   T80] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1094.722269][T17970] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1094.788683][T17970] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1094.850859][T17970] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1094.980848][T17970] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1095.125801][T18069] hsr_slave_0: entered promiscuous mode
[ 1095.127063][T18069] hsr_slave_1: entered promiscuous mode
[ 1095.127982][T18069] debugfs: 'hsr0' already exists in 'hsr'
[ 1095.128005][T18069] Cannot create hsr debugfs directory
[ 1095.189710][T18071] hsr_slave_0: entered promiscuous mode
[ 1095.190958][T18071] hsr_slave_1: entered promiscuous mode
[ 1095.191827][T18071] debugfs: 'hsr0' already exists in 'hsr'
[ 1095.191847][T18071] Cannot create hsr debugfs directory
[ 1095.542561][T18259] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4076'.
[ 1095.857135][   T80] bridge_slave_1: left allmulticast mode
[ 1095.857168][   T80] bridge_slave_1: left promiscuous mode
[ 1095.857392][   T80] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1095.953503][   T80] bridge_slave_0: left allmulticast mode
[ 1095.953529][   T80] bridge_slave_0: left promiscuous mode
[ 1095.953764][   T80] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1097.926716][   T80] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1097.986408][   T80] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1098.007855][   T80] bond0 (unregistering): Released all slaves
[ 1101.283507][T18310] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4085'.
[ 1101.544832][   T80] hsr_slave_0: left promiscuous mode
[ 1101.572384][   T80] hsr_slave_1: left promiscuous mode
[ 1101.573386][   T80] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1101.573408][   T80] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1101.615799][   T80] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1101.615826][   T80] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1101.691596][   T80] veth1_macvtap: left promiscuous mode
[ 1101.691700][   T80] veth0_macvtap: left promiscuous mode
[ 1101.691945][   T80] veth1_vlan: left promiscuous mode
[ 1101.692113][   T80] veth0_vlan: left promiscuous mode
[ 1102.556620][   T80] team0 (unregistering): Port device team_slave_1 removed
[ 1102.595595][   T80] team0 (unregistering): Port device team_slave_0 removed
[ 1103.209905][T18069] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1103.363492][T18324] overlayfs: failed to clone upperpath
[ 1104.212191][T18069] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1105.129924][T18069] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1105.296388][T18069] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1105.731018][T17970] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1105.829280][T18071] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1106.727638][T18071] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1106.781436][T18071] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1106.835060][T18071] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1106.974139][T17970] 8021q: adding VLAN 0 to HW filter on device team0
[ 1107.062389][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1107.062565][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1107.134476][T16511] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1107.136238][T16511] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1107.408088][T18069] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1107.498120][T18069] 8021q: adding VLAN 0 to HW filter on device team0
[ 1107.538834][ T1346] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1107.539054][ T1346] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1107.570743][T16490] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1107.570865][T16490] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1107.622476][T18071] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1107.756484][T18071] 8021q: adding VLAN 0 to HW filter on device team0
[ 1107.831717][T16498] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1107.831855][T16498] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1107.901751][   T80] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1107.908093][   T80] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1109.308048][T17970] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1110.416155][T18407] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4096'.
[ 1110.544274][T18071] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1110.653916][T18069] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1110.908821][T17970] veth0_vlan: entered promiscuous mode
[ 1110.960186][T17970] veth1_vlan: entered promiscuous mode
[ 1111.116355][T17970] veth0_macvtap: entered promiscuous mode
[ 1111.143772][T17970] veth1_macvtap: entered promiscuous mode
[ 1111.259703][T17970] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1111.314923][T17970] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1111.360301][T16490] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1111.360556][T16490] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1111.360765][T16490] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1111.360977][T16490] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1112.054672][T16482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1112.054691][T16482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1112.092836][T18071] veth0_vlan: entered promiscuous mode
[ 1113.049706][T18069] veth0_vlan: entered promiscuous mode
[ 1113.923754][T18071] veth1_vlan: entered promiscuous mode
[ 1113.935175][T16498] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1113.935197][T16498] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1113.943689][T18069] veth1_vlan: entered promiscuous mode
[ 1114.117976][T18071] veth0_macvtap: entered promiscuous mode
[ 1114.151114][T18071] veth1_macvtap: entered promiscuous mode
[ 1114.192818][T18069] veth0_macvtap: entered promiscuous mode
[ 1114.229386][T18069] veth1_macvtap: entered promiscuous mode
[ 1114.265765][T18071] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1114.454052][T18071] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1114.471901][T18069] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1114.552667][T18069] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1114.554022][T16511] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1114.559732][T16511] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1114.561308][T16511] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1114.563238][T16511] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1114.594596][T16511] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1114.606508][T16511] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1114.671742][T16511] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1114.691571][T16511] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1115.475422][T18471] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4106'.
[ 1115.793282][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.793349][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[ 1117.871023][T13958] Bluetooth: hci1: command 0x0406 tx timeout
[ 1118.116883][T16490] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1118.116906][T16490] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1118.401792][   T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1118.401811][   T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1119.059320][T18488] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4109'.
[ 1119.510593][T18494] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[ 1119.550387][T16488] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1119.550405][T16488] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1119.624976][T12026] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[ 1119.669788][ T1346] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1119.669807][ T1346] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1119.776619][T12026] usb 1-1: Using ep0 maxpacket: 32
[ 1119.778874][T12026] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1119.778929][T12026] usb 1-1: config 0 interface 0 altsetting 128 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1119.778956][T12026] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1119.778992][T12026] usb 1-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[ 1119.779015][T12026] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1119.869900][T12026] usb 1-1: config 0 descriptor??
[ 1119.888095][T12026] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 1122.213779][T18536] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4118'.
[ 1123.189884][T17245] usb 1-1: USB disconnect, device number 35
[ 1129.202004][T13958] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1129.222457][T13958] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1129.223763][T13958] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1129.253763][T13958] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1129.262494][T13958] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1132.092815][T13958] Bluetooth: hci5: command tx timeout
[ 1132.107457][T18563] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:1)
[ 1134.274416][T18075] Bluetooth: hci5: command tx timeout
[ 1135.435272][T18591] overlayfs: failed to resolve './file0': -2
[ 1136.344952][T18075] Bluetooth: hci5: command tx timeout
[ 1136.437743][  T231] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1136.629835][T18602] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4135'.
[ 1138.424815][T18075] Bluetooth: hci5: command tx timeout
[ 1143.942239][  T231] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1150.087070][  T231] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1155.921229][  T231] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1156.334952][T18551] chnl_net:caif_netlink_parms(): no params data found
[ 1159.590769][T18551] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1159.590846][T18551] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1159.591004][T18551] bridge_slave_0: entered allmulticast mode
[ 1159.592348][T18551] bridge_slave_0: entered promiscuous mode
[ 1159.594106][T18551] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1159.594167][T18551] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1159.594285][T18551] bridge_slave_1: entered allmulticast mode
[ 1159.664435][T18551] bridge_slave_1: entered promiscuous mode
[ 1160.114188][T18551] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1160.579763][T18551] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1161.067360][T18778] overlayfs: failed to resolve './file0': -2
[ 1161.482857][T18784] bridge0: port 3(syz_tun) entered blocking state
[ 1161.482969][T18784] bridge0: port 3(syz_tun) entered disabled state
[ 1161.483145][T18784] syz_tun: entered allmulticast mode
[ 1161.486037][T18784] syz_tun: entered promiscuous mode
[ 1161.509283][T18784] bridge0: port 3(syz_tun) entered blocking state
[ 1161.509397][T18784] bridge0: port 3(syz_tun) entered forwarding state
[ 1161.659330][T18551] team0: Port device team_slave_0 added
[ 1162.445491][T18551] team0: Port device team_slave_1 added
[ 1164.785273][T18551] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1164.785284][T18551] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1164.785299][T18551] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1164.788441][T18551] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1164.788451][T18551] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1164.788465][T18551] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1164.998581][  T231] bridge_slave_1: left allmulticast mode
[ 1164.998602][  T231] bridge_slave_1: left promiscuous mode
[ 1164.998746][  T231] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1165.211897][  T231] bridge_slave_0: left allmulticast mode
[ 1165.211921][  T231] bridge_slave_0: left promiscuous mode
[ 1165.212128][  T231] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1167.340432][T18825] netlink: 192 bytes leftover after parsing attributes in process `syz.7.4180'.
[ 1173.105714][T18867] netlink: 192 bytes leftover after parsing attributes in process `syz.9.4193'.
[ 1174.316754][T18871] autofs: Unknown parameter '0x0000000000000000'
[ 1176.375533][  T231] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1177.754101][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.754170][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.780242][  T231] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1177.963279][  T231] bond0 (unregistering): Released all slaves
[ 1178.008973][  T231] bond1 (unregistering): Released all slaves
[ 1178.060549][  T231] bond2 (unregistering): Released all slaves
[ 1178.089128][  T231] bond3 (unregistering): Released all slaves
[ 1178.129188][  T231] bond4 (unregistering): Released all slaves
[ 1178.181557][  T231] bond5 (unregistering): Released all slaves
[ 1178.248387][  T231] bond6 (unregistering): Released all slaves
[ 1178.310596][T18551] hsr_slave_0: entered promiscuous mode
[ 1178.311403][T18551] hsr_slave_1: entered promiscuous mode
[ 1178.311939][T18551] debugfs: 'hsr0' already exists in 'hsr'
[ 1178.311954][T18551] Cannot create hsr debugfs directory
[ 1178.374713][T18850] bridge0: port 3(syz_tun) entered blocking state
[ 1178.374874][T18850] bridge0: port 3(syz_tun) entered disabled state
[ 1178.384817][T18850] syz_tun: entered allmulticast mode
[ 1178.395280][T18850] syz_tun: entered promiscuous mode
[ 1178.397076][T18850] bridge0: port 3(syz_tun) entered blocking state
[ 1178.397194][T18850] bridge0: port 3(syz_tun) entered forwarding state
[ 1179.664758][T18907] ptrace attach of "./syz-executor exec"[18909] was attempted by "./syz-executor exec"[18907]
[ 1179.869909][T18894] delete_channel: no stack
[ 1182.745461][T18929] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1183.407037][ T5894] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[ 1183.567406][ T5894] usb 9-1: Using ep0 maxpacket: 32
[ 1183.573591][ T5894] usb 9-1: config 0 interface 0 altsetting 128 has an invalid descriptor for endpoint zero, skipping
[ 1183.573619][ T5894] usb 9-1: config 0 interface 0 has no altsetting 0
[ 1183.573651][ T5894] usb 9-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[ 1183.573674][ T5894] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1183.620058][ T5894] usb 9-1: config 0 descriptor??
[ 1183.693678][  T231] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1183.693706][  T231] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1183.747699][  T231] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1183.747734][  T231] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1183.890302][  T231] veth1_macvtap: left promiscuous mode
[ 1183.890401][  T231] veth0_macvtap: left promiscuous mode
[ 1183.890660][  T231] veth1_vlan: left promiscuous mode
[ 1183.890834][  T231] veth0_vlan: left promiscuous mode
[ 1184.071496][ T5894] corsair-cpro 0003:1B1C:0C10.0007: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.8-1/input0
[ 1184.329690][ T5894] corsair-cpro 0003:1B1C:0C10.0007: probe with driver corsair-cpro failed with error -38
[ 1184.373069][ T5894] usb 9-1: USB disconnect, device number 2
[ 1184.605536][T18940] fido_id[18940]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[ 1187.164745][T18962] ptrace attach of "./syz-executor exec"[18967] was attempted by "./syz-executor exec"[18962]
[ 1187.974741][T18965] ptrace attach of "./syz-executor exec"[18969] was attempted by "./syz-executor exec"[18965]
[ 1188.725285][  T231] team0 (unregistering): Port device team_slave_1 removed
[ 1188.750042][T13958] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1188.773547][T13958] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1188.778232][T13958] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1188.782212][T13958] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1188.782943][T13958] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1188.900648][  T231] team0 (unregistering): Port device team_slave_0 removed
[ 1188.977982][T18975] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:1)
[ 1190.572793][T18992] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1190.919356][T18075] Bluetooth: hci3: command tx timeout
[ 1192.610786][T18971] chnl_net:caif_netlink_parms(): no params data found
[ 1192.964744][  T231] IPVS: stop unused estimator thread 0...
[ 1192.984580][T18075] Bluetooth: hci3: command tx timeout
[ 1193.403857][T19016] ptrace attach of "./syz-executor exec"[19034] was attempted by "./syz-executor exec"[19016]
[ 1193.710867][T18971] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1193.710984][T18971] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1193.711218][T18971] bridge_slave_0: entered allmulticast mode
[ 1193.713858][T18971] bridge_slave_0: entered promiscuous mode
[ 1193.774685][T18971] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1193.774804][T18971] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1193.775005][T18971] bridge_slave_1: entered allmulticast mode
[ 1193.781113][T18971] bridge_slave_1: entered promiscuous mode
[ 1193.863701][  T231] bridge_slave_1: left allmulticast mode
[ 1193.863725][  T231] bridge_slave_1: left promiscuous mode
[ 1193.863911][  T231] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1194.142437][  T231] bridge_slave_0: left allmulticast mode
[ 1194.142464][  T231] bridge_slave_0: left promiscuous mode
[ 1194.142702][  T231] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1195.380353][T18075] Bluetooth: hci3: command tx timeout
[ 1197.118276][  T231] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1197.365245][  T231] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1197.398637][T18075] Bluetooth: hci3: command tx timeout
[ 1197.713249][T13958] Bluetooth: hci1: hardware error 0x07
[ 1198.220250][  T231] bond0 (unregistering): Released all slaves
[ 1198.477031][T18971] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1198.488975][T18971] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1199.126493][T18971] team0: Port device team_slave_0 added
[ 1199.133459][T18971] team0: Port device team_slave_1 added
[ 1199.244748][T19079] ptrace attach of "./syz-executor exec"[19081] was attempted by "./syz-executor exec"[19079]
[ 1200.017958][T18971] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1200.017973][T18971] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1200.017986][T18971] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1200.028298][T18971] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1200.028314][T18971] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1200.028338][T18971] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1200.128774][T18074] Bluetooth: hci4: command 0x0406 tx timeout
[ 1200.130939][T18074] Bluetooth: hci0: command 0x0406 tx timeout
[ 1200.264687][T13958] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[ 1200.419888][  T231] hsr_slave_0: left promiscuous mode
[ 1200.468052][  T231] hsr_slave_1: left promiscuous mode
[ 1200.469031][  T231] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1200.519897][  T231] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1200.606465][T19099] overlayfs: overlapping lowerdir path
[ 1203.244181][  T231] team0 (unregistering): Port device team_slave_1 removed
[ 1204.074761][  T231] team0 (unregistering): Port device team_slave_0 removed
[ 1204.904729][T19128] ptrace attach of "./syz-executor exec"[19130] was attempted by "./syz-executor exec"[19128]
[ 1207.542946][T18971] hsr_slave_0: entered promiscuous mode
[ 1207.544172][T18971] hsr_slave_1: entered promiscuous mode
[ 1207.585220][T18971] debugfs: 'hsr0' already exists in 'hsr'
[ 1207.585250][T18971] Cannot create hsr debugfs directory
[ 1215.054741][T19192] ptrace attach of "./syz-executor exec"[19194] was attempted by "./syz-executor exec"[19192]
[ 1215.924595][ T5866] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1216.084891][ T5866] usb 6-1: Using ep0 maxpacket: 16
[ 1216.089410][ T5866] usb 6-1: config 0 has an invalid interface number: 251 but max is 0
[ 1216.089433][ T5866] usb 6-1: config 0 has no interface number 0
[ 1216.089480][ T5866] usb 6-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1216.089505][ T5866] usb 6-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1216.098515][ T5866] usb 6-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1216.098542][ T5866] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1216.098560][ T5866] usb 6-1: Product: syz
[ 1216.098572][ T5866] usb 6-1: Manufacturer: syz
[ 1216.098586][ T5866] usb 6-1: SerialNumber: syz
[ 1216.122603][ T5866] usb 6-1: config 0 descriptor??
[ 1216.123533][T19201] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1216.123706][T19201] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1216.422278][T19208] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1216.422387][T19208] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1216.482575][T18075] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1216.540517][T18075] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1216.545272][T18075] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1216.550041][T18075] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1216.552302][T18075] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1216.726668][T19208] overlayfs: failed to resolve './file1': -2
[ 1219.762909][ T5803] Bluetooth: hci5: command tx timeout
[ 1219.768782][ T5866] asix 6-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 1219.768808][ T5866] asix 6-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -71
[ 1219.770619][ T5866] asix 6-1:0.251: probe with driver asix failed with error -5
[ 1219.823579][ T5866] usb 6-1: USB disconnect, device number 2
[ 1220.153789][T19232] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:1)
[ 1221.800753][ T5803] Bluetooth: hci5: command tx timeout
[ 1222.587248][  T231] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1223.131073][T19253] ptrace attach of "./syz-executor exec"[19254] was attempted by "./syz-executor exec"[19253]
[ 1223.904535][ T5803] Bluetooth: hci5: command tx timeout
[ 1224.947012][  T231] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1225.334887][T18971] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1225.374650][T18971] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1225.424819][T18971] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1225.730794][  T231] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1225.793538][T18971] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1225.956178][ T5803] Bluetooth: hci5: command tx timeout
[ 1226.198966][  T231] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1226.939924][ T5803] Bluetooth: hci0: hardware error 0x07
[ 1227.179029][  T231] bridge_slave_1: left allmulticast mode
[ 1227.179056][  T231] bridge_slave_1: left promiscuous mode
[ 1227.179292][  T231] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1227.287351][  T231] bridge_slave_0: left allmulticast mode
[ 1227.287370][  T231] bridge_slave_0: left promiscuous mode
[ 1227.287512][  T231] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1229.316698][ T5803] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[ 1229.375062][  T231] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1229.455155][  T231] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1229.498688][  T231] bond0 (unregistering): Released all slaves
[ 1229.670529][T18971] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1229.671122][T19206] chnl_net:caif_netlink_parms(): no params data found
[ 1229.903115][T18971] 8021q: adding VLAN 0 to HW filter on device team0
[ 1229.972311][T16488] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1229.972851][T16488] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1229.974277][T16488] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1229.974343][T16488] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1230.551651][T19318] ptrace attach of "./syz-executor exec"[19319] was attempted by "./syz-executor exec"[19318]
[ 1236.020433][ T5803] Bluetooth: hci2: command 0x0406 tx timeout
[ 1236.847172][T19206] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1236.847295][T19206] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1236.847522][T19206] bridge_slave_0: entered allmulticast mode
[ 1236.850645][T19206] bridge_slave_0: entered promiscuous mode
[ 1236.871471][T19206] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1236.871636][T19206] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1236.871816][T19206] bridge_slave_1: entered allmulticast mode
[ 1236.874178][T19206] bridge_slave_1: entered promiscuous mode
[ 1238.598001][T19206] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1238.648426][T19206] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1238.702344][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.702410][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[ 1239.260713][T19366] ptrace attach of "./syz-executor exec"[19367] was attempted by "./syz-executor exec"[19366]
[ 1240.274660][  T231] hsr_slave_0: left promiscuous mode
[ 1240.339632][  T231] hsr_slave_1: left promiscuous mode
[ 1240.340621][  T231] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1240.340644][  T231] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1240.420025][  T231] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1240.420053][  T231] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1240.537041][  T231] veth1_macvtap: left promiscuous mode
[ 1240.537139][  T231] veth0_macvtap: left promiscuous mode
[ 1240.537373][  T231] veth1_vlan: left promiscuous mode
[ 1240.537536][  T231] veth0_vlan: left promiscuous mode
[ 1241.494661][ T5881] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[ 1241.630105][  T231] team0 (unregistering): Port device team_slave_1 removed
[ 1241.664567][ T5881] usb 9-1: Using ep0 maxpacket: 32
[ 1241.666228][ T5881] usb 9-1: config 0 interface 0 altsetting 128 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1241.666254][ T5881] usb 9-1: config 0 interface 0 has no altsetting 0
[ 1241.666285][ T5881] usb 9-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[ 1241.666296][ T5881] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1241.670837][ T5881] usb 9-1: config 0 descriptor??
[ 1241.725592][  T231] team0 (unregistering): Port device team_slave_0 removed
[ 1241.978400][T19206] team0: Port device team_slave_0 added
[ 1242.011804][T19206] team0: Port device team_slave_1 added
[ 1242.103256][ T5881] usbhid 9-1:0.0: can't add hid device: -71
[ 1242.103383][ T5881] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[ 1242.145033][ T5881] usb 9-1: USB disconnect, device number 3
[ 1242.213714][T19206] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1242.213727][T19206] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1242.213744][T19206] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1242.266375][T19206] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1242.266389][T19206] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1242.266424][T19206] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1242.465006][T19206] hsr_slave_0: entered promiscuous mode
[ 1242.466313][T19206] hsr_slave_1: entered promiscuous mode
[ 1242.467286][T19206] debugfs: 'hsr0' already exists in 'hsr'
[ 1242.467315][T19206] Cannot create hsr debugfs directory
[ 1242.556147][T18971] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1244.034623][ T5866] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1244.224590][ T5866] usb 6-1: Using ep0 maxpacket: 32
[ 1244.242979][ T5866] usb 6-1: config 0 has an invalid interface number: 85 but max is 0
[ 1244.243031][ T5866] usb 6-1: config 0 has no interface number 0
[ 1244.243214][ T5866] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1244.243276][ T5866] usb 6-1: config 0 interface 85 has no altsetting 0
[ 1244.285229][ T5866] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1244.285287][ T5866] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1244.285336][ T5866] usb 6-1: Product: syz
[ 1244.285350][ T5866] usb 6-1: Manufacturer: syz
[ 1244.285399][ T5866] usb 6-1: SerialNumber: syz
[ 1244.411028][ T5866] usb 6-1: config 0 descriptor??
[ 1244.945717][ T5866] appletouch 6-1:0.85: Failed to read mode from device.
[ 1244.946450][ T5866] appletouch 6-1:0.85: probe with driver appletouch failed with error -5
[ 1245.999339][ T5866] usb 6-1: USB disconnect, device number 3
[ 1246.822513][T18971] veth0_vlan: entered promiscuous mode
[ 1247.697771][   T10] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1248.825110][   T10] usb 6-1: Using ep0 maxpacket: 32
[ 1248.828462][   T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1248.828512][   T10] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1248.828553][   T10] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1248.828575][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1248.837690][   T10] usb 6-1: config 0 descriptor??
[ 1248.916479][   T10] hub 6-1:0.0: bad descriptor, ignoring hub
[ 1248.916515][   T10] hub 6-1:0.0: probe with driver hub failed with error -5
[ 1249.145947][ T5803] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1249.157108][ T5803] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1249.158402][ T5803] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1249.159428][ T5803] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1249.160370][ T5803] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1249.716425][   T10] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[ 1249.755347][   T10] usb 6-1: USB disconnect, device number 4
[ 1250.667169][ T5803] Bluetooth: hci2: hardware error 0x07
[ 1251.225067][T18075] Bluetooth: hci4: command tx timeout
[ 1252.756953][ T5803] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[ 1252.809405][T19457] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[ 1253.378892][ T5803] Bluetooth: hci4: command tx timeout
[ 1256.067051][ T5803] Bluetooth: hci4: command tx timeout
[ 1256.226210][ T5966] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[ 1256.374605][ T5966] usb 8-1: Using ep0 maxpacket: 32
[ 1256.376939][ T5966] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1256.376986][ T5966] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1256.377027][ T5966] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1256.377049][ T5966] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1256.381750][ T5966] usb 8-1: config 0 descriptor??
[ 1256.386440][ T5966] hub 8-1:0.0: bad descriptor, ignoring hub
[ 1256.386474][ T5966] hub 8-1:0.0: probe with driver hub failed with error -5
[ 1256.389547][ T5966] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[ 1256.592447][ T5966] usb 8-1: USB disconnect, device number 2
[ 1257.448575][T19501] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[ 1258.692087][ T5803] Bluetooth: hci4: command tx timeout
[ 1259.888953][T19512] kvm: requested 79619 ns i8254 timer period limited to 200000 ns
[ 1259.891454][T19512] kvm: requested 167619 ns i8254 timer period limited to 200000 ns
[ 1259.891639][T19512] kvm: requested 37714 ns i8254 timer period limited to 200000 ns
[ 1259.918568][T19512] kvm: requested 116495 ns i8254 timer period limited to 200000 ns
[ 1259.918832][T19512] kvm: requested 169295 ns i8254 timer period limited to 200000 ns
[ 1259.918984][T19512] kvm: requested 9219 ns i8254 timer period limited to 200000 ns
[ 1259.920002][T19512] kvm: requested 196952 ns i8254 timer period limited to 200000 ns
[ 1259.920167][T19512] kvm: requested 53638 ns i8254 timer period limited to 200000 ns
[ 1259.920381][T19512] kvm: requested 111466 ns i8254 timer period limited to 200000 ns
[ 1259.920754][T19512] kvm: requested 65371 ns i8254 timer period limited to 200000 ns
[ 1260.482161][T19206] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1260.729471][T19527] netlink: 16 bytes leftover after parsing attributes in process `syz.8.4325'.
[ 1260.741438][T19527] IPv6: sit1: Disabled Multicast RS
[ 1260.742925][T19527] sit1: entered allmulticast mode
[ 1260.761708][T19206] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1260.878812][T19206] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1260.939903][T19438] chnl_net:caif_netlink_parms(): no params data found
[ 1261.112604][T19206] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1261.354918][ T5866] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[ 1261.514993][ T5866] usb 6-1: Using ep0 maxpacket: 32
[ 1261.516999][ T5866] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1261.517047][ T5866] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1261.517090][ T5866] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1261.517113][ T5866] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1261.633411][ T5866] usb 6-1: config 0 descriptor??
[ 1261.686240][ T5866] hub 6-1:0.0: bad descriptor, ignoring hub
[ 1261.686276][ T5866] hub 6-1:0.0: probe with driver hub failed with error -5
[ 1261.689228][ T5866] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[ 1263.371398][ T1023] bridge_slave_1: left allmulticast mode
[ 1263.371426][ T1023] bridge_slave_1: left promiscuous mode
[ 1263.388716][ T1023] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1263.454987][ T5881] usb 6-1: USB disconnect, device number 5
[ 1263.477696][ T1023] bridge_slave_0: left allmulticast mode
[ 1263.477712][ T1023] bridge_slave_0: left promiscuous mode
[ 1263.477850][ T1023] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1265.605590][ T1023] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1265.684678][ T1023] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1265.737960][ T1023] bond0 (unregistering): Released all slaves
[ 1265.791717][T19438] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1265.791791][T19438] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1265.791949][T19438] bridge_slave_0: entered allmulticast mode
[ 1265.817273][T19438] bridge_slave_0: entered promiscuous mode
[ 1265.848903][T19438] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1265.849025][T19438] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1265.849195][T19438] bridge_slave_1: entered allmulticast mode
[ 1265.854259][T19438] bridge_slave_1: entered promiscuous mode
[ 1266.037562][T19438] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1266.042944][T19438] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1266.227236][ T1023] hsr_slave_0: left promiscuous mode
[ 1266.264971][ T1023] hsr_slave_1: left promiscuous mode
[ 1266.265899][ T1023] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1266.322227][ T1023] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1266.428182][ T1023] veth0_vlan: left promiscuous mode
[ 1267.414592][ T5881] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 1267.584818][ T5881] usb 6-1: Using ep0 maxpacket: 32
[ 1267.588952][ T5881] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1267.589001][ T5881] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1267.589042][ T5881] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1267.589064][ T5881] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1267.658821][ T5881] usb 6-1: config 0 descriptor??
[ 1267.667230][ T5881] hub 6-1:0.0: bad descriptor, ignoring hub
[ 1267.667266][ T5881] hub 6-1:0.0: probe with driver hub failed with error -5
[ 1267.670501][ T5881] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[ 1267.865276][ T1023] team0 (unregistering): Port device team_slave_1 removed
[ 1268.875747][ T1023] team0 (unregistering): Port device team_slave_0 removed
[ 1269.304611][ T5866] usb 6-1: USB disconnect, device number 6
[ 1269.427388][T19438] team0: Port device team_slave_0 added
[ 1269.436882][T19438] team0: Port device team_slave_1 added
[ 1269.665357][T19438] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1269.665374][T19438] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1269.665396][T19438] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1269.668711][T19438] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1269.668724][T19438] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1269.668749][T19438] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1269.846991][T19206] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1270.138436][T19438] hsr_slave_0: entered promiscuous mode
[ 1270.139639][T19438] hsr_slave_1: entered promiscuous mode
[ 1270.140466][T19438] debugfs: 'hsr0' already exists in 'hsr'
[ 1270.140487][T19438] Cannot create hsr debugfs directory
[ 1270.428139][T19206] 8021q: adding VLAN 0 to HW filter on device team0
[ 1270.675248][T19649] overlayfs: failed to resolve './file1': -2
[ 1271.306836][T16506] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1271.306973][T16506] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1272.567660][T16514] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1272.568032][T16514] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1274.974638][ T5866] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[ 1275.132659][ T5866] usb 8-1: Using ep0 maxpacket: 32
[ 1275.142216][ T5866] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1275.142267][ T5866] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1275.142311][ T5866] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1275.142333][ T5866] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1275.198099][ T5866] usb 8-1: config 0 descriptor??
[ 1275.212853][ T5866] hub 8-1:0.0: bad descriptor, ignoring hub
[ 1275.212888][ T5866] hub 8-1:0.0: probe with driver hub failed with error -5
[ 1275.229545][ T5866] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[ 1275.279479][T19206] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1275.599599][T19206] veth0_vlan: entered promiscuous mode
[ 1275.744238][T19206] veth1_vlan: entered promiscuous mode
[ 1275.777392][ T5914] usb 8-1: USB disconnect, device number 3
[ 1275.846099][T19438] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1275.946028][T19438] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1276.011874][T19438] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1276.039248][T19438] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1277.023505][ T5803] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1277.057291][ T5803] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1277.060385][ T5803] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1277.092194][ T5803] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1277.092978][ T5803] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1277.167641][T19438] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1277.470044][T19438] 8021q: adding VLAN 0 to HW filter on device team0
[ 1277.558173][T16486] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1277.558410][T16486] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1277.611842][ T1023] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1277.612050][ T1023] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1279.580515][ T5803] Bluetooth: hci3: command tx timeout
[ 1279.874581][T19744] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1280.712349][T19764] create_pit_timer: 13 callbacks suppressed
[ 1280.712368][T19764] kvm: requested 72914 ns i8254 timer period limited to 200000 ns
[ 1280.712575][T19764] kvm: requested 165104 ns i8254 timer period limited to 200000 ns
[ 1280.712715][T19764] kvm: requested 62019 ns i8254 timer period limited to 200000 ns
[ 1280.716053][T19764] kvm: requested 73752 ns i8254 timer period limited to 200000 ns
[ 1280.718643][T19764] kvm: requested 163428 ns i8254 timer period limited to 200000 ns
[ 1280.721746][T19764] kvm: requested 160076 ns i8254 timer period limited to 200000 ns
[ 1280.722246][T19764] kvm: requested 63695 ns i8254 timer period limited to 200000 ns
[ 1280.722460][T19764] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[ 1280.722663][T19764] kvm: requested 138285 ns i8254 timer period limited to 200000 ns
[ 1280.722804][T19764] kvm: requested 182704 ns i8254 timer period limited to 200000 ns
[ 1281.415247][T19776] netlink: 'syz.7.4361': attribute type 1 has an invalid length.
[ 1281.624628][T18075] Bluetooth: hci3: command tx timeout
[ 1283.714601][T18075] Bluetooth: hci3: command tx timeout
[ 1285.256524][T19776] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1285.380587][T19777] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1285.380863][T19777] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1285.381520][T19777] bond1: (slave vxcan3): Error -95 calling set_mac_address
[ 1285.784660][T18075] Bluetooth: hci3: command tx timeout
[ 1285.916225][T19734] chnl_net:caif_netlink_parms(): no params data found
[ 1287.092153][T19438] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1287.224965][T19734] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1287.225150][T19734] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1287.225555][T19734] bridge_slave_0: entered allmulticast mode
[ 1287.227914][T19734] bridge_slave_0: entered promiscuous mode
[ 1287.271882][T19734] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1287.273896][T19734] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1287.274073][T19734] bridge_slave_1: entered allmulticast mode
[ 1287.356811][T19734] bridge_slave_1: entered promiscuous mode
[ 1287.466828][T19734] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1287.532163][T19734] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1287.778487][T19734] team0: Port device team_slave_0 added
[ 1287.803312][T19734] team0: Port device team_slave_1 added
[ 1288.215769][T19734] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1288.215783][T19734] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1288.215798][T19734] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1288.226508][T19734] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1288.226521][T19734] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1288.226546][T19734] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1288.513848][T19813] netlink: 192 bytes leftover after parsing attributes in process `syz.7.4368'.
[ 1288.519823][T16490] bridge_slave_1: left allmulticast mode
[ 1288.519858][T16490] bridge_slave_1: left promiscuous mode
[ 1288.520152][T16490] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1288.737727][T16490] bridge_slave_0: left allmulticast mode
[ 1288.737755][T16490] bridge_slave_0: left promiscuous mode
[ 1288.737995][T16490] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1290.795037][T19817] delete_channel: no stack
[ 1290.811354][T19824] netlink: 'syz.8.4371': attribute type 1 has an invalid length.
[ 1291.778849][T19831] create_pit_timer: 26 callbacks suppressed
[ 1291.778862][T19831] kvm: requested 79619 ns i8254 timer period limited to 200000 ns
[ 1291.778949][T19831] kvm: requested 167619 ns i8254 timer period limited to 200000 ns
[ 1291.779033][T19831] kvm: requested 37714 ns i8254 timer period limited to 200000 ns
[ 1291.779235][T19831] kvm: requested 116495 ns i8254 timer period limited to 200000 ns
[ 1291.779338][T19831] kvm: requested 169295 ns i8254 timer period limited to 200000 ns
[ 1291.779439][T19831] kvm: requested 9219 ns i8254 timer period limited to 200000 ns
[ 1291.779628][T19831] kvm: requested 196952 ns i8254 timer period limited to 200000 ns
[ 1291.779728][T19831] kvm: requested 53638 ns i8254 timer period limited to 200000 ns
[ 1291.779889][T19831] kvm: requested 111466 ns i8254 timer period limited to 200000 ns
[ 1291.780085][T19831] kvm: requested 65371 ns i8254 timer period limited to 200000 ns
[ 1292.125732][T16490] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1292.186386][T16490] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1292.234697][T16490] bond0 (unregistering): Released all slaves
[ 1292.287975][T19838] binder_alloc: 19837: binder_alloc_buf, no vma
[ 1292.775769][T19824] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[ 1293.037910][T19734] hsr_slave_0: entered promiscuous mode
[ 1293.038625][T19734] hsr_slave_1: entered promiscuous mode
[ 1293.039105][T19734] debugfs: 'hsr0' already exists in 'hsr'
[ 1293.039117][T19734] Cannot create hsr debugfs directory
[ 1293.907282][T19438] veth0_vlan: entered promiscuous mode
[ 1294.180818][T16490] hsr_slave_0: left promiscuous mode
[ 1294.225129][T16490] hsr_slave_1: left promiscuous mode
[ 1294.226157][T16490] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1294.266239][T16490] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1294.361924][T16490] veth1_vlan: left promiscuous mode
[ 1294.362103][T16490] veth0_vlan: left promiscuous mode
[ 1295.225468][T19863] dns_resolver: Unsupported content type (152)
[ 1295.955148][T19855] delete_channel: no stack
[ 1295.979738][T19863] uprobe: syz.8.4382:19863 failed to unregister, leaking uprobe
[ 1296.765326][T16490] team0 (unregistering): Port device team_slave_1 removed
[ 1296.835387][T16490] team0 (unregistering): Port device team_slave_0 removed
[ 1297.697823][T19880] create_pit_timer: 49 callbacks suppressed
[ 1297.697837][T19880] kvm: requested 73752 ns i8254 timer period limited to 200000 ns
[ 1297.698181][T19880] kvm: requested 133257 ns i8254 timer period limited to 200000 ns
[ 1297.698457][T19880] kvm: requested 116495 ns i8254 timer period limited to 200000 ns
[ 1297.698719][T19880] kvm: requested 50285 ns i8254 timer period limited to 200000 ns
[ 1297.698999][T19880] kvm: requested 129904 ns i8254 timer period limited to 200000 ns
[ 1297.699147][T19880] kvm: requested 173485 ns i8254 timer period limited to 200000 ns
[ 1297.699505][T19880] kvm: requested 191085 ns i8254 timer period limited to 200000 ns
[ 1297.700000][T19880] kvm: requested 72914 ns i8254 timer period limited to 200000 ns
[ 1297.700778][T19880] kvm: requested 114819 ns i8254 timer period limited to 200000 ns
[ 1297.701041][T19880] kvm: requested 6704 ns i8254 timer period limited to 200000 ns
[ 1298.023512][T19438] veth1_vlan: entered promiscuous mode
[ 1298.206922][T19891] netlink: 'syz.5.4388': attribute type 1 has an invalid length.
[ 1298.901665][T19891] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1299.468254][T19892] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1299.468685][T19892] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1299.473556][T19892] bond4: (slave vxcan3): Error -95 calling set_mac_address
[ 1300.199600][T19909] dns_resolver: Unsupported content type (152)
[ 1300.205429][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.205850][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.894735][T19909] uprobe: syz.7.4393:19909 failed to unregister, leaking uprobe
[ 1301.201757][T19438] veth0_macvtap: entered promiscuous mode
[ 1301.394196][T19438] veth1_macvtap: entered promiscuous mode
[ 1301.486072][T19438] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1301.546884][T19438] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1301.647093][T16490] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1301.647850][T16490] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1301.648374][T16490] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1301.648397][T16490] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1302.734256][T16490] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1302.734276][T16490] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1303.013772][ T6862] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1303.013789][ T6862] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1303.835867][T19930] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1304.177572][T19938] netlink: 'syz.7.4401': attribute type 1 has an invalid length.
[ 1304.354553][ T5894] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[ 1304.525791][ T5894] usb 9-1: Using ep0 maxpacket: 32
[ 1304.856530][T19944] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4122'.
[ 1304.960772][ T5894] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1304.960824][ T5894] usb 9-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1304.960865][ T5894] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1304.960885][ T5894] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1305.019974][ T5894] usb 9-1: config 0 descriptor??
[ 1305.022369][ T5894] hub 9-1:0.0: bad descriptor, ignoring hub
[ 1305.022388][ T5894] hub 9-1:0.0: probe with driver hub failed with error -5
[ 1305.024114][ T5894] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[ 1305.159978][T19938] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1306.328411][T19939] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1306.328682][T19939] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1306.329353][T19939] bond2: (slave vxcan3): Error -95 calling set_mac_address
[ 1306.494680][T19953] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1306.625059][  T809] usb 9-1: USB disconnect, device number 4
[ 1306.791655][T19734] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1306.988579][T19734] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1307.019156][T19734] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1307.413823][T19734] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1308.065338][T19734] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1308.102976][T19734] 8021q: adding VLAN 0 to HW filter on device team0
[ 1308.121346][ T1346] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1308.121438][ T1346] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1308.148992][T16501] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1308.149124][T16501] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1309.041732][T19734] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1309.703909][T19734] veth0_vlan: entered promiscuous mode
[ 1309.762032][T19734] veth1_vlan: entered promiscuous mode
[ 1310.589053][T19734] veth0_macvtap: entered promiscuous mode
[ 1310.627462][T19734] veth1_macvtap: entered promiscuous mode
[ 1310.700160][T19734] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1311.074679][T19734] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1312.088032][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1312.382015][ T1346] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1312.382655][T20010] bridge0: port 3(syz_tun) entered blocking state
[ 1312.382765][T20010] bridge0: port 3(syz_tun) entered disabled state
[ 1312.382976][T20010] syz_tun: entered allmulticast mode
[ 1312.386225][T20010] syz_tun: entered promiscuous mode
[ 1312.387009][T20010] bridge0: port 3(syz_tun) entered blocking state
[ 1312.387127][T20010] bridge0: port 3(syz_tun) entered forwarding state
[ 1312.392243][ T1346] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1312.392942][ T1346] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1313.012649][T20016] netlink: 'syz.0.4414': attribute type 1 has an invalid length.
[ 1313.536559][T20018] team0: Device vxcan3 is of different type
[ 1315.248461][T16501] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1315.248481][T16501] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1315.590966][T16511] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1315.590986][T16511] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1322.124977][T20087] netlink: 'syz.0.4427': attribute type 1 has an invalid length.
[ 1324.480074][T20096] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4416'.
[ 1325.870625][    C0] ------------[ cut here ]------------
[ 1325.870640][    C0] ODEBUG: free active (active state 0) object: ffff88805f07e8d0 object type: timer_list hint: rose_t0timer_expiry+0x0/0x570
[ 1325.870826][    C0] WARNING: lib/debugobjects.c:632 at debug_check_no_obj_freed+0x405/0x550, CPU#0: ktimers/0/16
[ 1325.870954][    C0] Modules linked in:
[ 1325.870985][    C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1325.871032][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1325.871047][    C0] RIP: 0010:debug_check_no_obj_freed+0x44a/0x550
[ 1325.871079][    C0] Code: 89 44 24 20 e8 77 6c 82 fd 48 8b 44 24 20 4c 8b 4d 00 4c 89 ef 48 c7 c6 40 6d a6 8b 48 c7 c2 c0 72 a6 8b 8b 0c 24 4d 89 f8 50 <67> 48 0f b9 3a 48 83 c4 08 4c 8b 6c 24 18 48 b9 00 00 00 00 00 fc
[ 1325.871095][    C0] RSP: 0018:ffffc90000157908 EFLAGS: 00010246
[ 1325.871138][    C0] RAX: ffffffff8a0af260 RBX: ffffffff9985d9d0 RCX: 0000000000000000
[ 1325.871151][    C0] RDX: ffffffff8ba672c0 RSI: ffffffff8ba66d40 RDI: ffffffff8f7474d0
[ 1325.871164][    C0] RBP: ffffffff8b4f58a0 R08: ffff88805f07e8d0 R09: ffffffff8b4f6be0
[ 1325.871177][    C0] R10: dffffc0000000000 R11: ffffffff81b0b280 R12: ffff88805f07ea00
[ 1325.871191][    C0] R13: ffffffff8f7474d0 R14: ffff88805f07e000 R15: ffff88805f07e8d0
[ 1325.871204][    C0] FS:  0000000000000000(0000) GS:ffff88812633c000(0000) knlGS:0000000000000000
[ 1325.871219][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1325.871231][    C0] CR2: 000020000018c030 CR3: 0000000036b24000 CR4: 00000000003526f0
[ 1325.871251][    C0] Call Trace:
[ 1325.871259][    C0]  <TASK>
[ 1325.871266][    C0]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[ 1325.871336][    C0]  kfree+0x13a/0x6c0
[ 1325.871442][    C0]  ? rose_timer_expiry+0x4cb/0x600
[ 1325.871500][    C0]  rose_timer_expiry+0x4cb/0x600
[ 1325.871524][    C0]  ? call_timer_fn+0x178/0x640
[ 1325.871572][    C0]  call_timer_fn+0x192/0x640
[ 1325.871590][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[ 1325.871614][    C0]  ? call_timer_fn+0xd4/0x640
[ 1325.871631][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[ 1325.871662][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1325.871765][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[ 1325.871793][    C0]  __run_timer_base+0x6a3/0x9f0
[ 1325.871837][    C0]  ? __pfx___run_timer_base+0x10/0x10
[ 1325.871880][    C0]  run_timer_softirq+0xb7/0x170
[ 1325.871905][    C0]  handle_softirqs+0x1de/0x6f0
[ 1325.871953][    C0]  ? smpboot_thread_fn+0x4d/0xa50
[ 1325.871991][    C0]  run_ktimerd+0x69/0x100
[ 1325.872009][    C0]  smpboot_thread_fn+0x541/0xa50
[ 1325.872035][    C0]  ? smpboot_thread_fn+0x4d/0xa50
[ 1325.872070][    C0]  kthread+0x388/0x470
[ 1325.872090][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1325.872114][    C0]  ? __pfx_kthread+0x10/0x10
[ 1325.872134][    C0]  ret_from_fork+0x51e/0xb90
[ 1325.872172][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1325.872195][    C0]  ? __switch_to+0xc7d/0x1450
[ 1325.872239][    C0]  ? __pfx_kthread+0x10/0x10
[ 1325.872260][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1325.872306][    C0]  </TASK>
[ 1325.872324][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1325.872339][    C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1325.872360][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1325.872371][    C0] Call Trace:
[ 1325.872379][    C0]  <TASK>
[ 1325.872386][    C0]  vpanic+0x56c/0xa60
[ 1325.872422][    C0]  ? __pfx__printk+0x10/0x10
[ 1325.872443][    C0]  ? __pfx_vpanic+0x10/0x10
[ 1325.872467][    C0]  ? is_bpf_text_address+0x292/0x2b0
[ 1325.872500][    C0]  ? is_bpf_text_address+0x26/0x2b0
[ 1325.872539][    C0]  panic+0xc5/0xd0
[ 1325.872563][    C0]  ? __pfx_panic+0x10/0x10
[ 1325.872598][    C0]  ? ret_from_fork_asm+0x1a/0x30
[ 1325.872621][    C0]  __warn+0x315/0x4f0
[ 1325.872644][    C0]  ? debug_check_no_obj_freed+0x405/0x550
[ 1325.872668][    C0]  ? debug_check_no_obj_freed+0x405/0x550
[ 1325.872691][    C0]  __report_bug+0x29a/0x540
[ 1325.872778][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1325.872809][    C0]  ? debug_check_no_obj_freed+0x405/0x550
[ 1325.872832][    C0]  ? __pfx___report_bug+0x10/0x10
[ 1325.872866][    C0]  ? run_timer_softirq+0xb7/0x170
[ 1325.872890][    C0]  ? handle_softirqs+0x1de/0x6f0
[ 1325.872913][    C0]  ? run_ktimerd+0x69/0x100
[ 1325.872929][    C0]  ? kthread+0x388/0x470
[ 1325.872945][    C0]  ? ret_from_fork+0x51e/0xb90
[ 1325.872967][    C0]  ? ret_from_fork_asm+0x1a/0x30
[ 1325.872990][    C0]  report_bug_entry+0x19a/0x290
[ 1325.873016][    C0]  ? debug_check_no_obj_freed+0x44a/0x550
[ 1325.873034][    C0]  ? debug_check_no_obj_freed+0x44f/0x550
[ 1325.873055][    C0]  handle_bug+0xce/0x200
[ 1325.873131][    C0]  exc_invalid_op+0x1a/0x50
[ 1325.873150][    C0]  asm_exc_invalid_op+0x1a/0x20
[ 1325.873187][    C0] RIP: 0010:debug_check_no_obj_freed+0x44a/0x550
[ 1325.873209][    C0] Code: 89 44 24 20 e8 77 6c 82 fd 48 8b 44 24 20 4c 8b 4d 00 4c 89 ef 48 c7 c6 40 6d a6 8b 48 c7 c2 c0 72 a6 8b 8b 0c 24 4d 89 f8 50 <67> 48 0f b9 3a 48 83 c4 08 4c 8b 6c 24 18 48 b9 00 00 00 00 00 fc
[ 1325.873225][    C0] RSP: 0018:ffffc90000157908 EFLAGS: 00010246
[ 1325.873241][    C0] RAX: ffffffff8a0af260 RBX: ffffffff9985d9d0 RCX: 0000000000000000
[ 1325.873255][    C0] RDX: ffffffff8ba672c0 RSI: ffffffff8ba66d40 RDI: ffffffff8f7474d0
[ 1325.873269][    C0] RBP: ffffffff8b4f58a0 R08: ffff88805f07e8d0 R09: ffffffff8b4f6be0
[ 1325.873282][    C0] R10: dffffc0000000000 R11: ffffffff81b0b280 R12: ffff88805f07ea00
[ 1325.873295][    C0] R13: ffffffff8f7474d0 R14: ffff88805f07e000 R15: ffff88805f07e8d0
[ 1325.873314][    C0]  ? __pfx_timer_debug_hint+0x10/0x10
[ 1325.873340][    C0]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[ 1325.873371][    C0]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[ 1325.873407][    C0]  kfree+0x13a/0x6c0
[ 1325.873430][    C0]  ? rose_timer_expiry+0x4cb/0x600
[ 1325.873462][    C0]  rose_timer_expiry+0x4cb/0x600
[ 1325.873486][    C0]  ? call_timer_fn+0x178/0x640
[ 1325.873508][    C0]  call_timer_fn+0x192/0x640
[ 1325.873527][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[ 1325.873574][    C0]  ? call_timer_fn+0xd4/0x640
[ 1325.873592][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[ 1325.873623][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1325.873647][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[ 1325.873675][    C0]  __run_timer_base+0x6a3/0x9f0
[ 1325.873717][    C0]  ? __pfx___run_timer_base+0x10/0x10
[ 1325.873760][    C0]  run_timer_softirq+0xb7/0x170
[ 1325.873785][    C0]  handle_softirqs+0x1de/0x6f0
[ 1325.873818][    C0]  ? smpboot_thread_fn+0x4d/0xa50
[ 1325.873843][    C0]  run_ktimerd+0x69/0x100
[ 1325.873860][    C0]  smpboot_thread_fn+0x541/0xa50
[ 1325.873886][    C0]  ? smpboot_thread_fn+0x4d/0xa50
[ 1325.873920][    C0]  kthread+0x388/0x470
[ 1325.873939][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1325.873962][    C0]  ? __pfx_kthread+0x10/0x10
[ 1325.873983][    C0]  ret_from_fork+0x51e/0xb90
[ 1325.874010][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1325.874032][    C0]  ? __switch_to+0xc7d/0x1450
[ 1325.874057][    C0]  ? __pfx_kthread+0x10/0x10
[ 1325.874077][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1325.874112][    C0]  </TASK>
[ 1325.874351][    C0] Kernel Offset: disabled