last executing test programs:

22m52.577608147s ago: executing program 1 (id=2):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(serpent)\x00'}, 0x58)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00')
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x2)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r5, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r6, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000040)={0x28, 0x2, r6, 0x0, &(0x7f0000ff8000/0x1000)=nil, 0x1000})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r6, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, &(0x7f0000000100)={0x28, 0x1, r7, r6, 0x0, 0x0, 0xdead, 0x4, &(0x7f00000000c0)})
close_range(r4, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x800, 0x0, 0x2000000000903, 0x1, 0x0, 0x3}, 0x20)
setsockopt$inet6_int(r8, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x51)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0xc4062, &(0x7f00000000c0)=ANY=[@ANYBLOB='mode=00000', @ANYRESDEC=0x0])
sendmmsg(r8, &(0x7f0000007080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)=ANY=[], 0xc}}], 0x1, 0x4000000)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="93378e66cf9b48cb24f73793e9594b1061790c6a3302853a9fa89527996042", 0x1f)

22m47.699134556s ago: executing program 1 (id=13):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
io_pgetevents(0x0, 0x1, 0x1, &(0x7f00000000c0)=[{}], 0x0, 0x0)
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r0, 0xa)
openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0)
io_submit(0x0, 0x0, &(0x7f0000001580))
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xf)
r3 = socket$kcm(0x10, 0x2, 0x4)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000ac0)={r5, r6}, 0xc)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r5, r4}, 0xc)
close(r3)
socket(0x10, 0x803, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x3, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00800020007000c00040005c00364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r7 = io_uring_setup(0xbbc, &(0x7f0000000280)={0x0, 0xd54b, 0x2, 0x4, 0x345})
io_uring_enter(r7, 0x100000, 0x2, 0xf, &(0x7f0000000000), 0x18)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x14)

22m43.622331222s ago: executing program 1 (id=17):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000940)='./file0\x00', 0x0, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000140)='%-010d \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={r6}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000005000000b7080000000000007b8af8ff00000000b70800000e0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000640)={@map=r6, 0xffffffffffffffff, 0x6, 0x2020, 0xffffffffffffffff, @void, @void, @value=0xffffffffffffffff}, 0x20)
mknodat(r4, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0x40, 0x0)
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

22m40.354434107s ago: executing program 1 (id=20):
socket$inet6(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000440)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}}}}}}, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x401, @loopback, 0x2}], 0x1c)
sendto$inet6(r3, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f0000000000)=ANY=[], 0xffc9)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ENCRYPT={0x5, 0xf, 0x2}]}}}, @IFLA_LINK={0x8}]}, 0x44}}, 0x40000)

22m24.401863381s ago: executing program 32 (id=20):
socket$inet6(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000440)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}}}}}}, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x401, @loopback, 0x2}], 0x1c)
sendto$inet6(r3, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f0000000000)=ANY=[], 0xffc9)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ENCRYPT={0x5, 0xf, 0x2}]}}}, @IFLA_LINK={0x8}]}, 0x44}}, 0x40000)

21m40.533808391s ago: executing program 0 (id=100):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(serpent)\x00'}, 0x58)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00')
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x2)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r5, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r6, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000040)={0x28, 0x2, r6, 0x0, &(0x7f0000ff8000/0x1000)=nil, 0x1000})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r6, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, &(0x7f0000000100)={0x28, 0x1, r7, r6, 0x0, 0x0, 0xdead, 0x4, &(0x7f00000000c0)})
close_range(r4, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x800, 0x0, 0x2000000000903, 0x1, 0x0, 0x3}, 0x20)
setsockopt$inet6_int(r8, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x51)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x0, 0x0)
connect$inet6(r8, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c)
sendmmsg(r8, &(0x7f0000007080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)=ANY=[], 0xc}}], 0x1, 0x4000000)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="93378e66cf9b48cb24f73793e9594b1061790c6a3302853a9fa89527996042", 0x1f)

21m26.341301124s ago: executing program 0 (id=121):
socket$inet6(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000440)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}}}}}}, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x401, @loopback, 0x2}], 0x1c)
sendto$inet6(r3, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f0000000000)=ANY=[], 0xffc9)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'netdevsim0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ENCRYPT={0x5, 0xf, 0x2}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x44}}, 0x40000)

21m22.204279507s ago: executing program 0 (id=129):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(serpent)\x00'}, 0x58)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00')
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x2)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r5, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r6, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000040)={0x28, 0x2, r6, 0x0, &(0x7f0000ff8000/0x1000)=nil, 0x1000})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r6, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, &(0x7f0000000100)={0x28, 0x1, r7, r6, 0x0, 0x0, 0xdead, 0x4, &(0x7f00000000c0)})
close_range(r4, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x800, 0x0, 0x2000000000903, 0x1, 0x0, 0x3}, 0x20)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x51)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0xc4062, &(0x7f00000000c0)=ANY=[@ANYBLOB='mode=00000', @ANYRESDEC=0x0])
connect$inet6(r8, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="93378e66cf9b48cb24f73793e9594b1061790c6a3302853a9fa89527996042", 0x1f)

21m18.308470514s ago: executing program 0 (id=132):
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x4, &(0x7f0000000900)=ANY=[@ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r0 = syz_clone3(&(0x7f00000001c0)={0x201180, 0x0, 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58)
get_robust_list(r0, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="200000000c14010026bd7000fbdbdf2508003d00050000000800110000000000"], 0x20}, 0x1, 0x0, 0x0, 0x8060}, 0x4000040)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r1, &(0x7f000001aa40)=""/102400, 0x19000)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
add_key(&(0x7f00000013c0)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)='[', 0xfe95, 0xffffffffffffffff)

21m10.697585495s ago: executing program 0 (id=141):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000940)='./file0\x00', 0x0, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000140)='%-010d \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={r6}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000005000000b7080000000000007b8af8ff00000000b70800000e0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000640)={@map=r6, 0xffffffffffffffff, 0x6, 0x2020, 0xffffffffffffffff, @void, @void, @value=0xffffffffffffffff}, 0x20)
mknodat(r4, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0x40, 0x0)
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001500)=ANY=[@ANYBLOB="28000000240007012bbd7000ffdbdf2503740000080001800400de800c0004"], 0x28}}, 0x48010)

21m8.653441646s ago: executing program 5 (id=142):
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x10008, 0x800001000089}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0xfff2}}}, 0x24}}, 0x4000010)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3800000017140100"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
r6 = fcntl$dupfd(r5, 0x406, r5)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xf1}]}, 0x10)
sendto$inet(r5, 0x0, 0x0, 0x200047fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000002c0)='bbr', 0x37)
sendmsg$NL80211_CMD_ADD_TX_TS(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c0000", @ANYRES16=0x0, @ANYBLOB="00012bbd7000378f8668755269ed30e8d86f", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[], 0x1194}, 0x1, 0x0, 0x0, 0x4048000}, 0x4000880)

21m5.247155871s ago: executing program 5 (id=145):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f000000c3c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2}}, 0x50)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x2c)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x2, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f00000063c0)="99529ca7d265e2dba44891e35e7d5dab7921b730436ecd4e999a25bcf86a25f8f029c0dd50373e90b7cf7779b12ecd4423c5b13cfac186975cd723976f3c747612913029d42517c189364bc59d8ebad53ed1b86f8f66c99b1f9b5b40d78cef1f14f81815d53bdca7fef40607358db69eb8c0b1f6b0942ab4b1ee7ca8deb4eddef06381a3d1c52d6147fc5109c7c607591497a6b2477f60cc881d3219c96bffb34aadec3fa97250713cce17cd536721bf9c40a019531ed0bbad139e26a3d4d39b68ab1bf37cb1a4bd197a8789cb1940cd86d9e56713bc36c7cffd07a311f5bc2e91f16d152eb480645e85ec9b3bf09c7fa140dced0afd55d7b99e90a96e7748e2d0dc09672ac199ce529e631efe1783769819c182ca106f6184bcbb387ed246c43562d74c36ac3a7ec2f0e11f70bad0007c03bb9c0d2dacc2148cce4a4aea327c7319016ad146b52bfae0357f9e892e9bec61a13c93551cfa3d4f4bfa7585c93bb0bef01a9114f3dc54179cf9a57fe88f5cff3403e33c9d09e3e9c2e10f1f16894e1b59e3cad47c1f202cf7b756f2851fc96d09459c9a8d34c19e6a3525cd5001aac5181f57286d0e1e88ce5092c7c76b6abdaebf2c499aa47587b48eb12a2b72548c190b0324ebedb81a63333b6edb25550f859c5ccc404a944ff7f61af8800888192fbd4c8e0e417d1d181b4b335a6f52e0a7dae18397e81e3f747cab7be902ed903bdd6a622f178f9b4244718ee1206237257374d2fd1466ab6135ef7ef4a114ae170eafe9cd78cf9ffc36974cbc4b8003072bed78765a0b9f1240f24dec6a9e46db9bb498d40f727c0cbf8f4a6a49539bd0805caf65d80130d7fb60a69dc7ed890874a17530c042cf33a977d331435d68ef33885f638c777ad49564ca77d8b81ddd853a21cd55d95b627310dd633a4f005853a5506cd8f744c367f3cb6998b0fa97de6bb35b166b0c6408c4e0a38ed26235a88520c38ca97ac8a6dc81e6dc6483d383fa09f198997b8eea1c68c9e3320683c9a02dd89ddc34c241e7294ccc88d6b35762892e8746e558bfbc2251949f2ecb763dad5b975eaf36e2864be6a41d3e20514d32f5d4b6350dc7e3cc3a85428ea98efb3b1edc2a2ec1e618452949cc7e2ba1251990168fee342d4f304b7a7af9162bcbe6b09c75d7420d2c547b4e3cee1836df6eddd5dff73a4e308fcd8eaa7a33e6980a6f8ead03257a37d72d3b265d02fa42f57db877654ed513e31c35e1af0bd28511d6b57cfe07b27cbe9767a534b426dfc3dd257d5899444f34cbf4dc74b9eab2e7e3e1e1a8a6ac5e4359d653506b299a5b7c67b92dc462f1216655f952362a3387ad9966b606d98e8d1b544dc27dc6bc78fd18a446736e25c51143db9886b6c09812d5825b5d9e0932f218ff8bea4d9e1c4df9c9d4eb19336d48163a921c4ff1f0beef26b01b7e8c0d23fb59b84e229eaabb791f2cffc9aa4db75162cbfe4c9ae8d76a5b6bc4bff20e3f8f125b9aadb3e728d7f78d61fd55f46b7f59511b876e6563256686e44f25cf38d393a9b762bada272eba8df28e4086c4cd2fe3c9fab97756fb145373e6ca1991bb1ee6589e49c821ff29f047970819f88f724bd077cd3f0ae463d99b3e53078431e3f9bebabc5289a65479359efe3909186aac60a29f561de8c590988c913c9e693ab8106e8287f6565eee6735f7c88cad7124d1c8d9ff347e97912824088ee954de01c6d8a06447f06899607eadbfd078bc3df506252005749378dbd7399c9eca60b81dc0d88dedec31e5cf6e7b6d6d411958df8f9e0bf4443e8d3bdfe49d05f811d17088024d0629fc8ab8e05e309bf55e8e60d342623765f4e8d2dc4a90291cd4354ff9568c8170e6ea56e028bcf2719595253adb8c84050bb9ce4927a1c1f4560da87d109ceda90bbe45a1717763d8025f1ff40f157185ddf17079da272ae10c4f34162caf4b0d31221a57b3059fd449c87554d968a54b2eebd760dc3263c40d9eedf5905d5699d29706ea6e9e81ff2bf92489a06deffe7e978661f37a88450783e23f107c2bfce000dfc91c5fca49e46d9ea978f215a45984699f0d2503b30a741e13be56b7abe3e5663c0825c3cb04ead44ce97719c4ee6f4cdd3c452775ad7163d5c9034583cc2dbc2b0c04917a3e1aa3d0a8bb6fcf94d7922eb1d543c09185827aeb1b72ae7103ef2c014af2ff4b47fca40fb0e66ddf0264476d7a84e9b8dc551d4c407bdbac6757f7a25bd404b45bec1091696203cc438860131ad5f2fd80e3c45629864dd9f7d302b66fb8fb86735c9a6dcf8b135a273dd2ae9473bc905081be9fcb8f91b1ddba1ac692798dac0b9ccffe0319a779f5e10c65f294b22fe475283b023f9cd890e92c5447b1bc1528255c5af383bc1fb6e72cb9a67215a9e25cde63c89baa8c7125c7e8b748b728d07d9cb66778404f54e6a9e3ae1ae82f3d0ce77199f23f94a01b71b805b476fedbebeb52c83a1b857f23ba438c56a6c4c2a5909f721e6e3d240e4a16455e92220d13022ce7ec0b1365ba4e67aa6ecb324f8826579e12cebdfc0d8af63e83b5e5624d5b791f99093f9a27f7baea9fd10111209c0857a04f07408111063ef34026aee27a3d51b40e53883f9094402534bdd21cc49d7f5593e99cb204cd805bee4add0f82cf4b6dc5da14d6b79fbc68c9ccf7fb5fe774f8879e13079b024a8ad24bf123c420d630837a84ba05abf0ae4dc3fc04f25c7f74ff91d0d609c958642a48551e51b5c0074a56a7da10ce153b08cabea636f8489d8e7b655758a41d7f7474c9d76bf4d54d789bfceaffef139854065de6a94b0275a9626aab99ae838364b1a491e55017e4212b6b01f7a41bc9c215ecd17c49a8610db28c699259c58b81a0e84c45fd8e719c05c48501c49e8a6515044d247f58e4cd0bf22fd6ae31f45339d1f801196d426c52269b1aaffaf18e2a03760bb231cb7cefa6d72f1d7eb6a3bbd65d0914221b8fbf531dbd562eb4a1b28983ac7d83d4813b10b34c9525ba644f61a2c4800d4fe96a7bca63da1041ed73cc57fb9d42f9dfc8ca41d80292bbb311c89b0a0fcee1d88a025a7416863342aea00e6f049cb2ddebd17c5c617ff562a8af0c965cbe8341431a30ea239e4a62aa2b19757a3b0de04229a9907f8610c27b26591405845bf8b5b83706ed18d910c4f68777378366ff565617b19168a04560a32ce5ad64aaef9f4377118c4335b24826cdcde78fb4bdb11498553f56d8dfeb3a482c70cc6580c399b92339cbdb3464fcc7b00e9839fd0d2b8b6db90c56b33593a0048bf7983421f29b1285c81a239045b96a9b0cacd70d6d9853206471f06915efc8d3ec4c50fb13601abc73247a656066fd7b329159b3ce9e3302b4c0d6aec58cb0946a8ee8e7f55f1af604f1edb4d887fa6292dc0ce57705c1a25dc62650c127d11a364b397aefc2fcc3a164bdc53165a461b01de9180c1461b309c75af0911b4cc1b8aa05652b62119c87b4b235c573aa15b1516cddf61efd6a7f8c953fbaaee9c0e800e8f519e1494de850ddb976864088fe0cf90bbc54395078ea2501e8baa84d6807e184105bc2a140b663416496886422643bbf764d406af06e7d086678828defda0b648b25666b7b5ea29e927141740d5be0e61bf25d40b8404ffd3c67bb855b11d4faf82b7b8051615c101c3deb0601a0fa9ecd8b4a95082ccbc8222b0982802dd8430e653d6eea2786dc3a91397135faffdc65a5bae048f5c463b1a6648becce961d39d063d28d1ad6dafcea0b0878379adb16cc0d4cea572abeacd9a168a4fe2e338092b5bc93ecf02ac6ccda03e5b23adf511fdf7a79442093233b79c67d3fdd3c36c96a8f67aa79e4743d99cf963ae6161877f73656eb0314d889f4b8649bbce8a759f90eac6c006197b54b2bbac7c9b237f1e3dc099c62a65481960e6ad697fc66316ac084ba99c60f58bf44ff45f3b2006cbc4196a25f124dfaf247e863a855ef6070deb45219a922dcf2be9bd01c340e1ca5ed7c3ddac9f7a677c5d00610991d21e0751ac8044585b39f3fec5b672a11a9bce32196c2003d01ea50b0f0403e16df188ecbbb74f295f01398363ddfecdb63a49347c912c125670205d7b6be999688df85bb7d5ac12b62b4fdc4eadcc2a9a7897028404f697b007603a0ad588c772952d6670ee870771774ad157c0b9cccd4b2192d835606198ea0c65036ae4e406cdc539ff3aa81fa20b7ab58d6f3abdb69cc1f503d593f7025d2035e7f21db76336efc2843a0dc9bd2eb8794718134ee68fc57d4d2bcc18969d08177f442b87433b48540c661940cf9e2462c53efa310c7e47487deab2ae15b1978ef05aa1e14110943f649d82486f710a39854409e74edcaf06b4a92d3580b9cdabf83c6351657698d3d5af7514f382e75d1c912cded577258603fc9ed002e010747cddf7885d34afc9a84d82696c6660cb5ecafb68b564908fc49c4db6a187d037241a26b1141cf20f2e968a53366db0f60b79cd98cf3c897c50b7b9728e6e7100f99e4d5ed2428dbd285516ca6660777a39b4b2617c1be5b0232d60b9c8099f5daedbf190109439c40b46090985200d6c0501313f3fa4d244864575c275faca47aeff32c7b3e3c59392618562a7c2d4b3af85a37a8847f595352024cb63d3a9085c2a502c6a3248f43c5fc828e636cb634b2d393d853ae2dc9605985cf85c060860a90256c7b574c1e01c320687a2bb0b2d51cc2950c485f2ffa5db0ad7aaf753f543de7f86efb775c6bac2989a33757a28836fd27f9347229a0004bd2e546994c69c678fe5717f613f905d945c072004c3a80e0e54215e19ff9972521890d4e705e429f16fc35fe5a15f2e6b75cd719d38f76b087b62e4b5dcdb35f4baa2bab167150bafb6c69e260ca51004bc826d46b77c3f67eaa08497294868e6d91b7b867e4da62052f4f891677256cfbaf19cf32bad99a7da69d8a66537686f89a58d78c7eeaa99cd38009a1a32582bedc5c718e57b19cd405ae659a89909356a07fcef89384d160fa5ae6683cc379642aea4f0c915f72d679bd521399cb16112f2abdede3001400b4a64d2173e153a68631183679b56b8f389ba889784133453a7e892fd3b092f5040870a3cfd6f982990143e7c0882b4ff4c5d049192d36925a25ae4be441aa30dc7e74398b340c45b52c73ed3b0cd640e3cc9fd4be24e7355f386106f65895f1ee850b2a781d1d1d322ca5a3b0fdb78ce1eda048ece94af25437969c99c58c08f1446ca5541e03987a20fd75283e3e116dc4c9222ab7522e4ccf6da14aef49cac9a6a2cd4aba1c54d49e6da4179a66b84e384cd3da53908579b28c11d525ebdc4dc69074cef8a9ecd3aab98f2858769d656b46141c3a4e69a5ed6c0a732c9ec1fce080eaebf537fa5e17236a44ba9c931f555d193e475ffafd20c53ccbab607c1a15fd06742a64691205eb0d00f7f40e4dd8efb279cf09b2522aac0729a631aacb92d5cfa2ce6bb07385b981890b5916755d5cc3a51c8c36bd2987068cc24fcf73840895469bbb9aff1059601f771afedf0a48d5921103920515b27d7e607951982feba197df8c61600feb3622b9eea13a4db4068728cb98cca76cfae197f6258758490bf41673ee29acd91fd296ec863c646e0ca6a0f0e9de146c663ba13d962964d7c32804fd12a14c1ca7212ad48bdfab469c6570dca562220ecbe7b6b163ed4c9361c5c10bed5c92861b8786ada20a99245d282e4454187ec02adfe354e30647cb10661c85168f7958e3ce69ab48c9455214707a63c9b1167f0845a6bfcce2a96cd53eab430f13cd527f1666290719a47c517cfa22fec2e9916af8aa93c78e567993d7fb8ee60fc4b903b8c67a3658302c5e5f35250c30427e4c055b6c54705bc599861f80b7200d361965ff98c88cc698a2615cadeac4bdfd3d613377cea52d2bbcb7e6b78ac31d4b2c33eaf0b2ed40b963e3cb25c7dfea3ebfe7b4aff2aaaaf184dc80ab649a108e2c830ce7eaea58a263392aa9cd13d7f7bd607dc7c804b19dfa41b3e5a5155201a87311e22062c93896e70f3a5c4b03521300b61cc311ebd5beb9838d0ed207c6bfc99e4392508e95804b10b36024f32e1fe1138e9ee7773f797b2bc6be7416f4e9691ef4c2a8d06af6c8b84bd1e6fd1ba3d3183475ef6c139ccf8dcf37671fbb96a2ab5e0e042f7c4728cf30bcc1a0de28a5024276ceaa194b4926e7f6a97b78bac36e47f832d56a96cd266434d37bcf2c2f57877717d91b1854972f832354acc207a2ee8caace7504e0e6197dd7e64a01c4c67bb2de8acc0cccc6c6bff0b0cbfe345542c5a795dfa48cc0990ab5702574d36494bc44c20f5b324f7c984d986cc8cb40cb2550076d96a069b6688d22171beed2dc5b6ff3ede8fff4c4a9de6d3817357a7ca7d24d87300b4545ebbac8cf7f09ec637a4f4d6bd07673709b6c363a75ccef585610c5f15de7851b5ab53e02a757bfc3caeb9a9a8996beffdc0cfd1201b6cd99cb035584e51a6c15a5d2e17d2f8aa6b41e26809392fac6caed1e02a53dcea8a413203608780dab33315a76eba24d540e4c5b9790420834bc8d4e47bc65ae52a54c0ff308427a8d7aff746aa6589d17514e40fee5d0b3533cf4ad2c5f9d96db9f50bd69ed8c92b860e199a35cf268c66ed13516a3b4b024f62d4b2a656067eece95575bdb4907efc488a9821bc3a9c81dd11b2128b7a01aa7a9ce6e73de3b4e9beced70206f91575baddbcbe5722337953c8016a0f4b62120d776c43b7d1a879b692107954f45acdf8967dcaa994aad4922d4fe093e16c2d0090906f5036af99e50bb09b04e9c9b3b5085abf621297ce203010249cede92e9b66b446b86b43eaaae228dfdd3b4408c12b404bb727f7e969e7da04fc59900112bf8d38af0416dc616e75f167aa1352215f07115a6f4eb6bb5fff6f5c2fc9ab906392036b44090e65fdaf017dc53bc94e0807d679d793df18cc44e6c846d414cef1569530f7692daf91eaaf4ae89fe2522f2c9cf33b6ca508ebcd006bc1a61f0c800553aff9dc7d57200b25ecb83e1e0b8cd29520b63aa649d3f71a62570eee56e03223ddf31f0c04fa686b7f6dd054e7a259d9ba335c2c5b2c508897506c0db7f01878dec1411c33f0af61b81dbcf9ff8bdc0c50044963a79f3ee1462150c6bd03a32dbdfef8d72f0b8b3a395ffb0cc85792e7bc867feb5e312cb64e29e193388e9f173c162f4a1320a6f99ea3795fb77d982605959909a1aa11076fcc779ea6b80ec1bf0edfc2569ec04d15a0bdeebccf3c75393dca5e81663532f8ced12d08e4c2ae6e2954d427c7bf053dc4718f56f453bc88d74045bd2f9747aae9b5298a0de927f1d6b1308f4e1483487f083e71ed09298deb52bb10079b13def7453eb432498069edb5ade70c5c54913684d934a3febf78753ac13300a91f467ff3f6e2f00898f015d08f7739047b321b3eaee5ad8aa7adbf7833f014d8c576a491af9fca6843b327ed513821cb3951b2e67a275225d7af6b382e2f955adaacba5d1fdea2223202dee132b91d5cf381b51da94145255f584a70c5e8d11e06a44afa6599bf3ed0cb61703eba254333af53afac60e54cf6397f9f7302249ab644f0b576c713b15007be1f4f9bb213660bca8a70251472b86669d361ef968f542e81ddbe8f4d2e9cabe8d7bf6a31f14a2cc272963553a424c105e7750437ec5bf316e30ce60b4b0c27ccc1eb27e60f6472fef27654da49905ff9c01b28695310ecd8701aedff25a83da4b7c41995f902bdf249769dcb53a3efa894710dd66ba8745ae2253cc6b75a038183a0bee21226d48239320efad6727093e4f94bbc2fdcc216200d903c32bb9f16dd17d5dac423ae0696f3decc576b8f1fdce63d0532370af7d1e2fa2ca5c5d17bd88f5e3abb4792dac8689ca13752f83d753b06b037bf5a80a3748983790352775685b0414c9d74849fd217e388f904278ddb6b0abdda941b61579c796e2bb77a9bc363b18642c401faa502a31011544111b6eedaa369976c814773d83220a75f31026d6ad0b8b4298ea6062234db232bc435e096e84f740e55bb14d46ae04af0500aa5bb218aff6c76aa8a8e3140a1b0d6638538fd7f30fa8d992e53abf8af2fbc16b9e8a668c1aac72cea1a746ee5f7f3392a4ec8f1d19f2f426b6069b1cd347cbc38bceba96ce5da49198083403143c740c04639cd1089abb34fe812d85921c47437604f684bca44a1eaa965c0a6e1c1fd1f70ee932af3455b36184cc15934cdb3f28959d37d8fc10696f8ec1e4b0c3d1b9ff74a01b796d1bb68954a3768c8bcec741b3b69da892f8922142b16b2cabb469a9906b34216243fac80374c10e178c5fd36440f8d7a8588a9c2510d86ffa8cb68ce8c330d2111c94724e522f04573dad43bce252eb505d29ca9379a6b281519d38b7174f3ae8f185544f3003c936a7e6b23ca97a313aac6a061caa45fda73522f3061767bb4e33dbe4bde390eb0f07225a8aef939cb6ab2ada10c02527281abad394cd4ea9f59467a08b72047cdb75d7b2b98e5b4542554a60f953ac7a4b980f42518eec05ff2c044549cab0cf33eef36dfbabcbc0300009d898862d2194cfcdd9a713c30bbe52291105193656ea5eb830873ac956469d31689cc3c69edb5cb9a6e31ce3e6fb50ddd4e52ef9fdeacfc0db21e1e83e0d8d0a64f17cacb4dc208a893e7fd8ffa86cfc554dfba3d9fd281115eccb4b9d909f2fbf3fbb66bedd7b5db3f6d4f076f5d8fb54f8832896f8ef6f624162f1dd589be7a8e87dd5065708a8b0bfb18a5c2299f5605ac8a11c1add55b2018e6099380a70bee3e0727ca6ec58928fe6eb3147b47401e8d822eebade713b58335787669e5e0de5d328a1067df4cd9124665bb02ee8adfd1b3618374ef167df1f0fe79456f78aee3da4c1bf397e4637b0cf41a0f4a2910efd02b17bf5f3c15b0084b36fa7d4e85a53e5be366b428244eeba7499c3e54397227928e2ff6e583f332d6f7e8cf4d058f379b58a7d03a4bfa454bb4b6d543804b8970e6a9fe8886179eb418a8ce9e509e8433571f7d32378f2e983fa418c8c91760ec9fb20968e7fc23b7c4ac71693b2576ac0f8ce2020ff1e7a7ff24301b48b544fb29a1ca4f2502daded865e488a16dd33ec67b2eee3025cdc5ef90f253c4b5e0a61d51e495b675c5a1d55b4ba3812c5f44cd08487e61d36b0c2dc32d27333a5ee8a0906bfbcd388bd9389d1509912c0471c7b706a5aff880569a3fb11ac5f14d780deb4c1b1afe30fb6b8daf87b27a4ceb869d587a97f2f5af8d819aa47bbf207db68a6ecbbefb1e109ed0bfbbf3b54fba9e79de8fad9c3bcd3e74b8b92ccea3ff5c558c6cd72d78a711fc39df603bd4aa1439dd302258edd2204e52d7f435c6f552b612fbc321bea971195cd4d8bb033e2a779e239164d7eea6d8fd233b0b9b776246564cfcf44b31a83031a2413bf98a398c9f93da243cef9ce73d81bade8ad551fb0ffa75bc874c11d23ac9d7752f22a0f54c3870f3314a83e64332db810da1ebb288e10c4eb9be9ec037317b8f813e68160a887da3f5c0389510a0734b69ef275e19973b169d340610cf2112e9964cc0566b9b690c3feb36c8526491d3a563f0bead2abbcf0665e048aa3f929351b2f89876580633a403250ae3b5244c8c0e996bf888938dfc8920348d88e272e6eadc7c0387ca1dae228bd620ce3975d43b58758d9412d304a227245587065f58c4573ba2557f1d8333ba007709b1239d682f03405b22135757178fb701bbde81d2f8faaa7666c025d8a8bb426dc4b8e61aed79b3b3d3a9b01ee9142772d869677ede166e7a8be8ab84cdd6946b1478ce77ba307213971cfb24c86c344310f279e38d22254bf4caf83c02e715cb0550e615dc9f8dd2400fa749e3527493c15fb454c158e4c0603ae6e962b7890058ec7c10f0618ee274a15bca6ca9fe5bc5f9e7797c0950299912be9c58463c07d667d4bffe8aa590ae43db08512b40f3d265026bef2facdd508984e5f6d2ac7ef573397f14ed2e2ccdcbe5796e60ae64d173814906d1da5a5bfe8a2a4c5d6bb0b3315b878b4877d0c045f6e6cfa0dfc1ea4de7abe26f2b2d8c93299ed1d83f1b7853c756bfa346cd53b008fec169883983fe0f2405777dd85e17b2e4e8b23432c0dc4c386d67b6597184d0b4b95877362304638484cc0951400f66ee8391dd44417c58b3d46a8345a8049fcd70f7b5f4a6f912e2b18760947c74ef2b732b342878d7e7cc99902de87db36469555fbbfe76189f108d6ab31f4727fe4e22d075afaf6cc726ab17a5e1b4ab6c8f29a459da3c4266b5ad8ff55906a190f8b19a3bb92a50df49647c03d5d6106ec07e9300038d059a75b54ac31683ef8e5eee946e1c84d016ee1e7800a92c0a3823b62e0417fe86b191951f65abc0c38c1e0e8f1121a04b62a8a720790560f922804b1b7e7eaa497e1bede6e3d0dcf0312dbf221561958fa1e85a8f99e6fc82f919e78c17d1beda16cfef25fb5d00f7c32df9a51eac76000c988ffdf011564aa0e319764b16a5a7c728a470ff70772fb76c9ada26a0ac073fcbfa12501c2454b19e02d928e3939a40bfff76c002533b3849cdf8016728445131e5f1e292b7d3dc06bb3a3cfff6fabae0b7341694a8938c1d2497cd70b76c337c9a312e96c8f736d7625a535e1906eba53d199221ca60202a65be0f7e530aca10e61fa39c7601d65954e5ed4cab94345c6b89c7f8a0de5c61a7945e1564731b6715331d13263b2961a163382f7c4934d847033860e402f3aadb4f3e6cf47a97a2031401da4d2c8de8c80cdad71b97b4deb2075a02282f958ac6772354e67f097ca693778224b80892490015e7d697fb9107f75cea708178ffec93fb1d44e8493bad1d42c918e661219ea819e0200759037a5a585c0fe074fd407536fe58013f42612c41bfc66e16870d7a9c00ee93a3122b253fecbf5de3837641f4a1376af0f053463413c26c29f9a346318565276856b963da30ba6ab8c4c8ef6cfddc432328586d9d9829895835759bcde0851ae0c838a3927ea63fe5ba793fae94da61cab00fc05f3a265a2da1221bb2b66775ed7ba856b41011652d4984991e56249360ddfc997245ac1547a1c16382d42df383a8d1c852643b24895c422712e79c436fdfffece4ed1c50922d4f25296aaf6b204522086d188bee254f8303b60537ead1195ac5dd301286f0042dd68aa05a70e4beb779aa0b61a316f736b72c9ab7ed860a0908a078f4b8a53f2df0abf993f689de4b02b9138ca5047fb0bfc9ba3b92bff033e36fc9553260b008cef3d147c62d1d3944fd1eaff79bc5a922ec2190907bfda1b51c2c7fb867db1f8e13a37b5e3ae0165e93350b958a239ec1f2b78561cff854b975307b5b5dd23b040602a5a36bd79947ee04c7d0e5e30f9c4c79f7b4e6eada98bfc6c357cdf8939213423f1b21ba26cfc2b2756ea3eb992372db0ab8a7c37d8ae96bf3ed6be873c1891550ef741812032e1ae938326c399ee43a3061602dda006f1b6b620bebb6a5752bee77e8acf9921ebf4d4c8af7eb5e937c65697c0664c594e31a62377a25605051996c474ca322ce8e0e6ef8a7988be", 0x2000, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x10, 0x0, 0xfffffffffffffff9}, 0x0, 0x0, 0x0})
getdents64(r2, &(0x7f0000000100)=""/134, 0x86)

21m5.019465467s ago: executing program 0 (id=147):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x29d, 0x2, 0x2}, 0x4c, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0xfff, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0xb6, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x105, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x5, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x1ee7, 0x0, 0x5, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x108, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xf, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'gre0\x00'})
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
syz_emit_vhci(0x0, 0x16)
socket$nl_audit(0x10, 0x3, 0x9)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000"], 0x6c}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000280)={0x0, @remote, @multicast1}, &(0x7f0000000340)=0xc)

21m1.865943171s ago: executing program 5 (id=150):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x6c}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4)

20m57.389393295s ago: executing program 5 (id=155):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(serpent)\x00'}, 0x58)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00')
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x2)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r5, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r6, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000040)={0x28, 0x2, r6, 0x0, &(0x7f0000ff8000/0x1000)=nil, 0x1000})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r6, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, &(0x7f0000000100)={0x28, 0x1, r7, r6, 0x0, 0x0, 0xdead, 0x4, &(0x7f00000000c0)})
close_range(r4, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$inet6_int(r8, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x51)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0xc4062, &(0x7f00000000c0)=ANY=[@ANYBLOB='mode=00000', @ANYRESDEC=0x0])
connect$inet6(r8, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="93378e66cf9b48cb24f73793e9594b1061790c6a3302853a9fa89527996042", 0x1f)

20m55.443107688s ago: executing program 5 (id=157):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000940)='./file0\x00', 0x0, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000140)='%-010d \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={r6}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000005000000b7080000000000007b8af8ff00000000b70800000e0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000640)={@map=r6, 0xffffffffffffffff, 0x6, 0x2020, 0xffffffffffffffff, @void, @void, @value=0xffffffffffffffff}, 0x20)
mknodat(r4, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0x40, 0x0)
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001500)=ANY=[@ANYBLOB="28000000240007012bbd7000ffdbdf2503740000080001800400de800c0004"], 0x28}}, 0x48010)

20m48.085213553s ago: executing program 33 (id=147):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x29d, 0x2, 0x2}, 0x4c, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0xfff, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0xb6, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x105, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x5, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x1ee7, 0x0, 0x5, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x108, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xf, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'gre0\x00'})
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
syz_emit_vhci(0x0, 0x16)
socket$nl_audit(0x10, 0x3, 0x9)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000"], 0x6c}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000280)={0x0, @remote, @multicast1}, &(0x7f0000000340)=0xc)

20m47.729338035s ago: executing program 5 (id=165):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x6c}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4)

20m32.351938159s ago: executing program 34 (id=165):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x6c}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4)

18m2.882411265s ago: executing program 4 (id=351):
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x10008, 0x800001000089}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0xfff2}}}, 0x24}}, 0x4000010)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
socket$nl_rdma(0x10, 0x3, 0x14)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r5 = fcntl$dupfd(r4, 0x406, r4)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xf1}]}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200047fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000002c0)='bbr', 0x37)
sendmsg$NL80211_CMD_ADD_TX_TS(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c0000", @ANYRES16=0x0, @ANYBLOB="00012bbd7000378f8668755269ed30e8d86f", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[], 0x1194}, 0x1, 0x0, 0x0, 0x4048000}, 0x4000880)

17m57.96511894s ago: executing program 4 (id=355):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601020000000000000000020000000900020073797a310000000005000100070000002c0007801800018014000240fe80000000000000000000007649ec61060004400004000005"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

17m57.900269783s ago: executing program 4 (id=356):
socket$nl_generic(0x10, 0x3, 0x10)
fsopen(&(0x7f00000001c0)='tracefs\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="940000000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff02000000040000000000000000000114000400000000f7000000000000ffffac1e00010800074000000001"], 0x94}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r5 = fanotify_init(0xf00, 0x1000)
fanotify_mark(r5, 0x105, 0x5000003a, r4, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x42, 0x0)
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
readv(r5, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0xac, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xac}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x10)

17m56.556357668s ago: executing program 4 (id=357):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(serpent)\x00'}, 0x58)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00')
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x2)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r5, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r6, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000040)={0x28, 0x2, r6, 0x0, &(0x7f0000ff8000/0x1000)=nil, 0x1000})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r6, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, &(0x7f0000000100)={0x28, 0x1, r7, r6, 0x0, 0x0, 0xdead, 0x4, &(0x7f00000000c0)})
close_range(r4, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x800, 0x0, 0x2000000000903, 0x1, 0x0, 0x3}, 0x20)
setsockopt$inet6_int(r8, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x0, 0x0)
connect$inet6(r8, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c)
sendmmsg(r8, &(0x7f0000007080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)=ANY=[], 0xc}}], 0x1, 0x4000000)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="93378e66cf9b48cb24f73793e9594b1061790c6a3302853a9fa89527996042", 0x1f)

17m54.110907417s ago: executing program 4 (id=360):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x20000000002)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
execveat$binfmt(0xffffffffffffffff, 0x0, &(0x7f0000000300), 0x0, 0x400)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2}, 0x94)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="5800000002060300000034e40000000000000008050005000a000000050001000600000005000400000000000900020073797a310000000011000300686173683a69702c706f7274000000000c00078008000640"], 0x58}, 0x1, 0x0, 0x0, 0x20000081}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601020000000000000000020000000900020073797a310000000005000100070000002c0007801800018014000240fe80000000000000"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffd000/0x3000)=nil)
syz_socket_connect_nvme_tcp()
r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
getsockopt$X25_QBITINCL(r5, 0x106, 0x1, 0x0, 0x0)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000380), 0x149842, 0x0)
write$dsp(r6, &(0x7f0000000900)='B', 0x1)

17m52.031266767s ago: executing program 4 (id=363):
syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x82002)
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xca)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
bind$ax25(r0, &(0x7f0000000000)={{0x3, @default, 0xffffffff}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000040))
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x4040041}, 0x4000000)
unshare(0x28000600)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x6f67}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000bc0)='binder\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)

17m35.881444961s ago: executing program 35 (id=363):
syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x82002)
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xca)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
bind$ax25(r0, &(0x7f0000000000)={{0x3, @default, 0xffffffff}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000040))
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x4040041}, 0x4000000)
unshare(0x28000600)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x6f67}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000bc0)='binder\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)

8m30.370866813s ago: executing program 8 (id=2038):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket(0x10, 0x3, 0x0)
syz_io_uring_setup(0x6d5f, &(0x7f0000000940)={0x0, 0x7779, 0x0, 0x100000, 0x186}, 0x0, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet(0xa, 0x1, 0x0)
socket$inet6_icmp(0xa, 0x2, 0x3a)
socket$inet6_icmp(0xa, 0x2, 0x3a)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x88002, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x7ffffffe)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)

8m29.651251917s ago: executing program 8 (id=2041):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000050ff850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe, 0x0, &(0x7f00000003c0)="fdfc19f52a929e03000000000000", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000400), 0x20200, 0x0)
r2 = memfd_create(&(0x7f0000000b00)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x01\x83y\xf3\xb2\xe6b$\a\x00\x00\x00\x00\x00\x01\x00\x00\xf7\xffg\xf5\x12oP\b\x00\x00\x00LR\xa1\x00\x00\x17\x1f$^\xe1\x00\x04\x00\x00\x00\x00\a\xff;\xeb\xf1\xd0\xce\xe5\x19\x12\b\x01\xd9\xae>/\x05\x00\xce\xd5O\xcc\b\x9e\x19\x19#\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xdcc\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x05\x00\xfd\xc7\x00\x00\x00\x00\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4h$h\x0ew\x00&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x01\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xff\x06\xe7j\x9fTJ;T\xf3\xfa\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?P\xac\x86\x13b\xa8D\x0f\x93\xab\x1c\x11\x00\xc5\x8d\x82\x00\x00\x00\x00\x00\x00\x00\x0f\x81\xf3\x05\xa3{\x96\xf9\xba\x9em\xe9\"\x03\x933P\xbb\xd6\x9b\f\xa7\x8f9\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10\x00\xb9\xe6\xff\x04K%yH\xe5\xf4\x8b\x03Ca8\x1e\xe9\\#\xf8O\fw\xd9\xf5cF\xcc\x1a2ex\xb4\x0fi$\x97\x81.\x02\x04m\xfbT2\xd4\"\x1e\xf0\x16\x0f\x97\xe6j}J\xca\xb8)f\xd5\xfd>\x9bU\xb0\x03Zt0\xc0b\xad\xef@o\xc1\xd6\x17T\f\xc30\xe2\x89\xf6L\x131\x9c\t\xa7\x80\x1b:\xbb\x04\xd7\xd1\x06\xa0\xe9\xbah\xb6\xb2\xea/{Q\xca\x14\x13\x9ajWt\xc9\xecd\r\xd5)\x1d\xaf\n\xc0\xc1\x1d}DY\x95&\xe7\xf4U\xff\xcd&\a\x9f\x1bg\xe5|~\xc1\xc5n\x12%ur\xa1\x9e`\xc2\x01\b,\x18\xaf\xccD\xdeag\xc6\xf3\xd6\x94\x9d\xae\x8bl\xee\x7fu\xe5bu\x84\x04\xb3@\xa1\xf7\xc6\x13\xf9I\xfa\x12\xfc\x96\",aT\xfd\"\x01\x92\xb1\xbf\x8a\x15\x88\xfd\x8f\x88\x87\x82\x9c:L\xd2\xb8\xfa5\x066\x82\xf3_LUr\xfa\xd2\x99d \x97c9G\x99\xe3\xcc$\x96cu\x97\xe7\xc7a\tm\xe8F\xc7j\xf8\x98\x81\xe7\xf7\xab3F\xf4u\xdaav\xd21\v\x99HG\xdfx\x1cPl\t#\xc1\x8e\xddW\x00\x00\x00\x8fw\xa9A\xf7m\xeec\xb6\\\xa4T\xeej\xe2\xba\xb2V\xacc\xc6|\xae]\xdb\x10\xb3\x80z\xd5\n\xa3u\xfb\b\x03\xe5\xca;\xe5uH<\x9a\x12\x84(\x9f\xd2\xe1k\x955;J\xa4\x81Lm\x90\x1a\xfdI}\xb0\xa1\xfa9\x17\xd1\xa2\xc7\xca\x98\xaeS\x92Ew`\xd2\x02\xda\xc9\xd4\xea\x02\x1d\xd3\xd5\x81\xdb\xd9~\xd6-:\xee\xe8\t\xf7\xe6\xf1\x88\x86\xb0\x04\x9ep\xb1\x93\x16\xf9\xdb\x15\x8a\xa3h<\xaf\xa0\xb5\xb0\x05ir\xff\xff\xff\xff\x00\x00\x00\x00\x83\x91\xad\x11\xf4\xbcz\x9b\x8bp]o\au\x175I\x1d\xe2\x97\xb6\x06\xdc\x14\x9b>\xd7F\xdb?\xc7%0n/\xf5S\xb5\xe8\xa5\xd1\xddN\xf9ir\xd1r\xf4L\t3\xadDz\\\xf4`\x13\xf7)\x91w\a\xcc+E\xdd\xe9\xdbb\x9c\xff\x98\x03\xb7\x0e=\xba\xa3um\xde\xff$|\xb7\x86j+\x00\x00\x00\x00\x00\x00\x00Z\xef\xd6\xf4Zs\xfc\ro\x03\xabB\x18\xdc\a\xe3\r\x00\x00\x00\x00\x00\x00', 0x6)
lseek(r2, 0xa3c, 0x1)
r3 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x1501)
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x41, &(0x7f00000004c0)={0x0, 0x3, 0x14, 0x10}, 0x8, 0x0, 0x8, 0x0, 0x0, 0x5, 0x0})
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
r4 = socket(0x10, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x2010}, 0x8000)
connect$inet6(r5, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000480)=@gcm_256={{0x303}, "000200", "e123c5876ff425b1ebe250a8486be34705f4f827ae60ecb65e528248d5552bff", "7e25837b", "15d0db2c77179e1a"}, 0x38)
write$binfmt_script(r5, &(0x7f0000000500)={'#! ', './file0'}, 0xb)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd87}, &(0x7f0000000240)=0x40)
writev(r5, &(0x7f0000000100)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1)
close_range(r4, r5, 0x0)
r6 = socket$phonet(0x23, 0x2, 0x1)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r7, 0x0, 0x0)
sendto(r6, 0x0, 0x0, 0x24008861, 0x0, 0x0)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x4}]})
socket(0x80000000000000a, 0x2, 0x0)
close_range(r8, 0xffffffffffffffff, 0x0)

8m27.189068124s ago: executing program 8 (id=2047):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r1, 0x4004f506, &(0x7f0000000180)=0x1)
setresgid(0xee00, 0xee01, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x29d, 0x2, 0x2}, 0x4c, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0xfff, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0xb6, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x105, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x5, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x1ee7, 0x0, 0x5, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x108, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xf, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'gre0\x00'})
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
listen(0xffffffffffffffff, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e1301"], 0x16)
ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x60}], 0x1, 0x0, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4)

8m23.230359306s ago: executing program 8 (id=2061):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x94)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$sock_bt_hci(r0, 0x800448d5, &(0x7f0000000400))
r1 = gettid()
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x800, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r2, 0x400452c9, &(0x7f0000000100))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5, r1})
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, 0x0, 0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x38, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10000042}, 0x1000a004)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810)
syz_usb_connect(0x5, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100004106cd40cd060f011bd5000000010902"], 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r6, 0xffffffffffffffff, 0x0)

8m22.575601752s ago: executing program 8 (id=2068):
r0 = socket(0x10, 0x3, 0x0)
fcntl$setownex(r0, 0xf, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000140)='7', 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffffb, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
sched_setaffinity(0x0, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58)
setresgid(0xee00, 0xee01, 0x0)
syz_clone3(&(0x7f0000000080)={0x180801400, &(0x7f0000000000), 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58)

8m18.772508001s ago: executing program 8 (id=2073):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r1, 0x4004f506, &(0x7f0000000180)=0x1)
setresgid(0xee00, 0xee01, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x29d, 0x2, 0x2}, 0x4c, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0xfff, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0xb6, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x105, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x5, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x1ee7, 0x0, 0x5, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x108, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xf, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'gre0\x00'})
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
listen(r4, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e1301"], 0x16)
ppoll(&(0x7f00000000c0)=[{r4, 0x60}], 0x1, 0x0, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4)

8m3.171867699s ago: executing program 36 (id=2073):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r1, 0x4004f506, &(0x7f0000000180)=0x1)
setresgid(0xee00, 0xee01, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x29d, 0x2, 0x2}, 0x4c, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0xfff, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0xb6, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x105, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x5, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x1ee7, 0x0, 0x5, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x108, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xf, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'gre0\x00'})
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
listen(r4, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e1301"], 0x16)
ppoll(&(0x7f00000000c0)=[{r4, 0x60}], 0x1, 0x0, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4)

6m1.275641687s ago: executing program 3 (id=2362):
syz_io_uring_setup(0x889, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x44800)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x800, 0xffffffff, 0xbfe00000}, 0x0, &(0x7f0000000280))
socket$isdn(0x22, 0x2, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
ptrace(0x10, 0x1)
timer_create(0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000040c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

6m1.152171307s ago: executing program 3 (id=2364):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, 0x0, 0x10, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x5, &(0x7f0000000d80)=ANY=[@ANYRESOCT], &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200000800", @ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000008c0)=ANY=[], 0xbc}}, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10805}, 0x44049)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})

6m1.024169561s ago: executing program 3 (id=2365):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = fsopen(&(0x7f00000001c0)='tracefs\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="940000000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff02000000040000000000000000000114000400000000f7000000000000ffffac1e00010800074000000001"], 0x94}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r5 = fanotify_init(0xf00, 0x1000)
fanotify_mark(r5, 0x105, 0x5000003a, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x42, 0x0)
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
readv(r5, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0xac, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xac}}, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$netlink(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r8, 0x1, 0x3, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

5m57.999756349s ago: executing program 3 (id=2372):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000940)='./file0\x00', 0x0, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000240), 0x0}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={r6}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000005000000b7080000000000007b8af8ff00000000b70800000e0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000640)={@map=r6, 0xffffffffffffffff, 0x6, 0x2020, 0xffffffffffffffff, @void, @void, @value=0xffffffffffffffff}, 0x20)
mknodat(r4, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0x40, 0x0)
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001500)=ANY=[@ANYBLOB="28000000240007012bbd7000ffdbdf2503740000080001800400de800c0004"], 0x28}}, 0x48010)

5m55.877302267s ago: executing program 3 (id=2374):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000940)='./file0\x00', 0x0, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r4, <r5=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000140)='%-010d \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={r5}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000005000000b7080000000000007b8af8ff00000000b70800000e0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000640)={@map=r5, 0xffffffffffffffff, 0x6, 0x2020, 0xffffffffffffffff, @void, @void, @value=0xffffffffffffffff}, 0x20)
mknodat(r3, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0x40, 0x0)
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

5m49.505789887s ago: executing program 3 (id=2382):
syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)

5m14.510347496s ago: executing program 2 (id=2448):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = fsopen(&(0x7f00000001c0)='tracefs\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="940000000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff02000000040000000000000000000114000400000000f7000000000000ffffac1e00010800074000000001"], 0x94}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x105, 0x5000003a, r4, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x42, 0x0)
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
readv(0xffffffffffffffff, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0xac, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xac}}, 0x0)
fsmount(r0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)

5m13.225272622s ago: executing program 2 (id=2449):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x1e, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/59, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, 0x0)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

5m12.863931082s ago: executing program 2 (id=2451):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xa)
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x20341, 0x0)
ioctl$TIOCSPTLCK(r0, 0x40045431, 0x0)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0xfffffffa, 0x407, 0x8, 0x8010041, 0x80, "0baa301fa951e8a4603c811200", 0x81ed, 0xfffffff5})
writev(r0, &(0x7f0000000580)=[{&(0x7f0000000180)="d9a47f10f84b8783", 0x8}], 0x1)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x12)
read$FUSE(0xffffffffffffffff, &(0x7f0000003bc0)={0x2020}, 0x2020)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$CEC_RECEIVE(0xffffffffffffffff, 0xc0386106, &(0x7f0000000180)={0x1, 0x1, 0x0, 0x6, 0x0, 0x0, "5debca561a5fbf61048955f6f876b2ff"})
r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000800)={r4, r4, r4}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}})

5m11.854192733s ago: executing program 2 (id=2452):
r0 = inotify_init()
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socket(0x10, 0x3, 0x0)
syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x189802)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

5m11.311644002s ago: executing program 2 (id=2453):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000940)='./file0\x00', 0x0, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000140)='%-010d \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={r6}, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000640)={@map=r6, 0xffffffffffffffff, 0x6, 0x2020, 0xffffffffffffffff, @void, @void, @value=0xffffffffffffffff}, 0x20)
mknodat(r4, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0x40, 0x0)
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001500)=ANY=[@ANYBLOB="28000000240007012bbd7000ffdbdf2503740000080001800400de800c0004"], 0x28}}, 0x48010)

5m10.043603881s ago: executing program 2 (id=2454):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000080)={{0x4, 0xfff9, 0x0, 0x9}, 'syz0\x00', 0x2f})
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
ioctl$UI_SET_KEYBIT(0xffffffffffffffff, 0x40045565, 0x11a)
sendmsg$inet(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000280)="db", 0x1}], 0x1}, 0x41)
r2 = add_key$fscrypt_v1(&(0x7f0000000700), &(0x7f0000000740)={'fscrypt:', @desc3}, &(0x7f0000000780)={0x0, "3215ee5299c6f92fe43dd9c925e421d383d95c7d40a0dc64eb3897e609000000cd1ae9cfd5bb7cd51e2a1550b5699a6fffc50001af1f91341326b8cb0100", 0x12}, 0x24, 0xfffffffffffffffe)
keyctl$chown(0x4, r2, 0xee01, 0xffffffffffffffff)
recvmsg(r0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff66}, 0x10001)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'lo\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x20, 0x14, 0x503, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, r4}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x20044851)
ioctl$sock_inet_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000540)={{{@in6=@local, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@initdev}, 0x0, @in6=@loopback}}, &(0x7f0000000000)=0xe8)
keyctl$chown(0x4, r2, r6, 0x0)
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r7, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r7, 0xc0045002, &(0x7f0000000180)=0x10000)
recvmsg(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x10102)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000007200000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4m54.696700016s ago: executing program 37 (id=2454):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000080)={{0x4, 0xfff9, 0x0, 0x9}, 'syz0\x00', 0x2f})
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
ioctl$UI_SET_KEYBIT(0xffffffffffffffff, 0x40045565, 0x11a)
sendmsg$inet(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000280)="db", 0x1}], 0x1}, 0x41)
r2 = add_key$fscrypt_v1(&(0x7f0000000700), &(0x7f0000000740)={'fscrypt:', @desc3}, &(0x7f0000000780)={0x0, "3215ee5299c6f92fe43dd9c925e421d383d95c7d40a0dc64eb3897e609000000cd1ae9cfd5bb7cd51e2a1550b5699a6fffc50001af1f91341326b8cb0100", 0x12}, 0x24, 0xfffffffffffffffe)
keyctl$chown(0x4, r2, 0xee01, 0xffffffffffffffff)
recvmsg(r0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff66}, 0x10001)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'lo\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x20, 0x14, 0x503, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, r4}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x20044851)
ioctl$sock_inet_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000540)={{{@in6=@local, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@initdev}, 0x0, @in6=@loopback}}, &(0x7f0000000000)=0xe8)
keyctl$chown(0x4, r2, r6, 0x0)
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r7, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r7, 0xc0045002, &(0x7f0000000180)=0x10000)
recvmsg(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x10102)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000007200000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2m30.343908827s ago: executing program 9 (id=2733):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = creat(&(0x7f0000000000)='./file0\x00', 0x14e)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000006340)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000280)={0x50, 0x0, r4, {0x7, 0x1f, 0x1, 0x8888b1, 0x0, 0x1, 0x2, 0xa, 0x0, 0x0, 0x2, 0x8}}, 0x50)
socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r2, 0xc0189371, &(0x7f0000000dc0)={{0x1, 0x1, 0x18, r3}, './file0\x00'})
syz_fuse_handle_req(r3, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xac901, 0x28)
write$tcp_congestion(r5, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
r6 = dup2(r5, r3)
r7 = openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
ioctl$KVM_CREATE_PIT2(r6, 0x4040ae77, &(0x7f0000000f80)={0x3})
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

2m27.391569973s ago: executing program 9 (id=2738):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_sock_diag(0x10, 0x3, 0x4)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x48200, 0x0)
io_uring_setup(0x4685, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
timer_create(0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000180)={@mcast2, 0xd402, 0x1, 0x0, 0x4d55ba80e15bd3d8, 0xb5a, 0x8}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r5, 0x0, 0x483, &(0x7f00000000c0), &(0x7f0000000140)=0x68)
socketpair$unix(0x1, 0x6, 0x0, &(0x7f0000000000))
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="2000000072009fb3000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="0800010001002000a58886a954d661c4e85c3bd409af9b77444610960f86577adec70a7a1ce19ff1bf805a3dd0b5f2765f7f86398a766ff07c62f3a45e98473718993877bb0b0b55af14053d5ecd974dd5bc7f2a7caad26f028485485d5c100abe6e6fc9cc95e00ad260cb7372338c406f50"], 0x20}}, 0x0)
write$cgroup_int(r4, &(0x7f0000000040)=0x1c9, 0x12)

2m25.822859721s ago: executing program 9 (id=2740):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="3800000023000701feffffff02000000027c0000040042800c00000000000000000914bb140002"], 0x38}, 0x1, 0x0, 0x0, 0x4048011}, 0xc800)
ioctl$IOMMU_VFIO_IOAS$GET(r0, 0x3b88, &(0x7f0000000100)={0xc})
ioctl$IOMMU_VFIO_IOAS$CLEAR(r0, 0x3b88, &(0x7f0000000140)={0xc})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000180)={0x20, 0x0, 0x0, 0x0, &(0x7f00000001c0)})
ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000200)={0xc})
ioctl$IOMMU_VFIO_GET_API_VERSION(r0, 0x3b64)
ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x3)
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r0, 0x3b65, 0x9)
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r0, 0x3b70, &(0x7f0000000240)={0x70, 0x0, 0x0, 0x0, {}, {{}, 0x0, 0x0, [{}]}})
r5 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r5, &(0x7f0000004cc0)={0x2, 0x0, @private=0xa010102}, 0x10)
listen(r5, 0x8)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendto$inet(r6, 0x0, 0x0, 0x200c8004, 0x0, 0x0)

2m22.758344135s ago: executing program 9 (id=2741):
r0 = socket(0x2a, 0x2, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000a40)="f2435f01274216300000008564928337", 0x10, 0x1, &(0x7f00000004c0)={0x11, 0x0, r2}, 0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r2, @ANYBLOB="1400350064756d6d7930"], 0x3c}, 0x1, 0x0, 0x0, 0x8080}, 0x0)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000080)={'dummy0\x00'})

2m22.249508238s ago: executing program 9 (id=2745):
r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2})
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000240)=@mmap={0x1, 0x2, 0x4, 0x100000, 0x9, {}, {0x0, 0x2, 0x4, 0xc0, 0x0, 0xf0, "18a6fc23"}, 0x1, 0x1, {}, 0x1})
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000040)=0x1)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2)
r1 = socket$inet(0x2, 0x802, 0x1)
connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
write(r1, &(0x7f0000000080), 0x0)
recvmmsg(r1, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000340)=<r2=>0x0)
sched_setparam(r2, &(0x7f0000000040)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$packet(0x11, 0x3, 0x300)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89b1, &(0x7f0000000040)={'macvlan1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x44e3763ac5239ba7}})
syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2)
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000180)=@mmap={0x1, 0x1, 0x4, 0x100, 0x81, {}, {0x4, 0x8, 0x8, 0x5, 0x29, 0x9, "0adb3fb8"}, 0x5})

2m17.04717694s ago: executing program 9 (id=2752):
r0 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f0000000040)={'fscrypt:', @desc2}, &(0x7f0000000100)={0x0, "de442bfc7910e10ac69ac014b0fa7807b11d2c99ed1f40d47a6edb3367b5cc888e1fd5102ae2d3d05f251f8d49025ceab4152b6e6d87cd6088e97a9d06d29143"}, 0x48, 0xffffffffffffffff)
keyctl$chown(0x4, r0, 0xee01, 0xee00)
keyctl$chown(0x4, r0, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x11, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@map_idx_val={0x18, 0x1, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4f}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0xfffffff7, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000740)=[{0x5, 0x5, 0x5, 0xb}, {0x5, 0x1, 0x5}], 0x10, 0x3}, 0x94)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$binfmt_elf64(r3, &(0x7f0000000380)=ANY=[@ANYBLOB="7f454c460e02fab7ff7f000000000000020003"], 0x78)
ioctl$SNDCTL_SEQ_SYNC(r3, 0x5101)
syz_io_uring_setup(0x599e, &(0x7f0000000200)={0x0, 0x6775, 0x800, 0x1, 0x102}, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$evdev(0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000080)='hybla', 0x5)
syz_io_uring_setup(0x3a, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffe02, &(0x7f00000002c0)=0x6)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/shm\x00', 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$binfmt_script(r4, &(0x7f0000000200), 0xfffffd9d)

2m1.416878252s ago: executing program 38 (id=2752):
r0 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f0000000040)={'fscrypt:', @desc2}, &(0x7f0000000100)={0x0, "de442bfc7910e10ac69ac014b0fa7807b11d2c99ed1f40d47a6edb3367b5cc888e1fd5102ae2d3d05f251f8d49025ceab4152b6e6d87cd6088e97a9d06d29143"}, 0x48, 0xffffffffffffffff)
keyctl$chown(0x4, r0, 0xee01, 0xee00)
keyctl$chown(0x4, r0, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x11, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@map_idx_val={0x18, 0x1, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4f}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0xfffffff7, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000740)=[{0x5, 0x5, 0x5, 0xb}, {0x5, 0x1, 0x5}], 0x10, 0x3}, 0x94)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$binfmt_elf64(r3, &(0x7f0000000380)=ANY=[@ANYBLOB="7f454c460e02fab7ff7f000000000000020003"], 0x78)
ioctl$SNDCTL_SEQ_SYNC(r3, 0x5101)
syz_io_uring_setup(0x599e, &(0x7f0000000200)={0x0, 0x6775, 0x800, 0x1, 0x102}, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$evdev(0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000080)='hybla', 0x5)
syz_io_uring_setup(0x3a, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffe02, &(0x7f00000002c0)=0x6)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/shm\x00', 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$binfmt_script(r4, &(0x7f0000000200), 0xfffffd9d)

7.003313111s ago: executing program 7 (id=2924):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="3800000023000701feffffff02000000027c0000040042800c00000000000000000914bb140002"], 0x38}, 0x1, 0x0, 0x0, 0x4048011}, 0xc800)
ioctl$IOMMU_VFIO_IOAS$GET(r0, 0x3b88, &(0x7f0000000100)={0xc})
ioctl$IOMMU_VFIO_IOAS$CLEAR(r0, 0x3b88, &(0x7f0000000140)={0xc})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000180)={0x20, 0x0, 0x0, 0x0, &(0x7f00000001c0)})
ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000200)={0xc})
ioctl$IOMMU_VFIO_GET_API_VERSION(r0, 0x3b64)
ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x3)
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r0, 0x3b65, 0x9)
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r0, 0x3b70, &(0x7f0000000240)={0x70, 0x0, 0x0, 0x0, {}, {{}, 0x0, 0x0, [{}]}})
connect$inet(0xffffffffffffffff, &(0x7f0000004cc0)={0x2, 0x0, @private=0xa010102}, 0x10)
listen(0xffffffffffffffff, 0x8)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)

5.936710682s ago: executing program 7 (id=2925):
syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x82002)
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xca)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb62", 0x1c)
bind$ax25(r0, &(0x7f0000000000)={{0x3, @default, 0xffffffff}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000040))
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x4040041}, 0x4000000)
unshare(0x28000600)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x6f67}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000bc0)='binder\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)

5.827911535s ago: executing program 6 (id=2926):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = fsopen(&(0x7f00000001c0)='tracefs\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r5 = fanotify_init(0xf00, 0x1000)
fanotify_mark(r5, 0x105, 0x5000003a, r4, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x42, 0x0)
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
readv(r5, &(0x7f0000000c40)=[{0x0}], 0x1)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x10)

5.596371161s ago: executing program 7 (id=2927):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r4, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000900)=ANY=[@ANYBLOB="34000000000801010000000000c300000300000209000100730004800500030006000000"], 0x34}, 0x1, 0x0, 0x0, 0x20024810}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x40100, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x5)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000800)=ANY=[@ANYBLOB="340000001800010027bd050005fef50415000300030000200403000013f907000000000004000000"], 0x34}, 0x1, 0x0, 0x0, 0x805936d41ec618b7}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x8c200, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000005c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f200011800e000100636f6e6e6c696d69740000000c0002800800014000000000400000000c0a010200"], 0xe4}}, 0x0)
io_uring_setup(0x243f, &(0x7f0000000200)={0x0, 0xfffffffb, 0x1000, 0x2, 0x2b})
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c4)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0xffffffb2)
syz_emit_ethernet(0x70, &(0x7f0000000700)={@link_local, @empty, @void, {@ipv4={0x800, @dccp={{0x9, 0x4, 0x2, 0x5, 0x62, 0x67, 0x0, 0x2, 0x21, 0x0, @empty, @broadcast, {[@lsrr={0x83, 0xf, 0xfe, [@loopback, @remote, @multicast1]}]}}, {{0x4e20, 0x4e21, 0x4, 0x1, 0x3, 0x0, 0x0, 0x9, 0x1, "5e82e6", 0x2, ':]k'}, "4fbac72fac5bf3bbecdb3044df360ef32e9fb7ec5d5a399aee4fc3c61c438aeeb00f417d676b814280430ded1d68"}}}}}, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
unshare(0x6a040000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000200000000"], &(0x7f0000000240)='syzkaller\x00'}, 0x94)

4.436687389s ago: executing program 6 (id=2928):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
getpid()
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0xcc)
recvfrom$ax25(r1, &(0x7f0000000500)=""/241, 0xf1, 0x80000000, 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r2, &(0x7f0000007fc0)={0x2020}, 0x2020)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x3)
socket$inet_sctp(0x2, 0x1, 0x84)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x4e20, @loopback}}, 0x0, 0x0, 0x4, 0x0, "e83ae75240c2d6d8ec87bb53679fd0450078548ceb6c4414fab091000000000000000776aea5922406b64cddaeb9d339ba3c01c2c7d0df8e61740b9af2d4e499d58654a4cf0fa0ce1f830c3279cffcfd"}, 0xd8)
connect$inet(r4, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)

3.844733793s ago: executing program 7 (id=2929):
syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x82002)
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xca)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c0928", 0x18)
bind$ax25(r0, &(0x7f0000000000)={{0x3, @default, 0xffffffff}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000040))
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x4040041}, 0x4000000)
unshare(0x28000600)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x6f67}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
fsopen(&(0x7f0000000bc0)='binder\x00', 0x0)

3.768260934s ago: executing program 7 (id=2930):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d44"], &(0x7f00002bf000)='GPL\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, 0x0)
socket(0x10, 0x80002, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
readv(r3, &(0x7f00000006c0)=[{&(0x7f0000002480)=""/4110, 0x48}], 0x1)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000140)={{0xbffffffd, 0x1, 0xffffffff, 0xfffffff8, 'syz1\x00', 0x20}, 0x2, 0x2, 0x5, 0x0, 0x0, 0x4ff, 'syz0\x00', 0x0})

3.764262576s ago: executing program 7 (id=2931):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000180)=0x1)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'gre0\x00'})
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r4, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="e80000003f00070100000000fddbdf25027c0000d100378013000300717472283414d6bba919736d34290000080008"], 0xe8}, 0x1, 0x0, 0x0, 0xc880}, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000140), r4)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4)
bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r3, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
ppoll(&(0x7f00000000c0)=[{r3, 0x60}], 0x1, 0x0, 0x0, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4)

3.504174559s ago: executing program 6 (id=2932):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = creat(&(0x7f0000000000)='./file0\x00', 0x14e)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000006340)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000280)={0x50, 0x0, r4, {0x7, 0x1f, 0x1, 0x8888b1, 0x0, 0x1, 0x2, 0xa, 0x0, 0x0, 0x2, 0x8}}, 0x50)
socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r2, 0xc0189371, &(0x7f0000000dc0)={{0x1, 0x1, 0x18, r3}, './file0\x00'})
syz_fuse_handle_req(r3, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xac901, 0x28)
write$tcp_congestion(r5, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
r6 = dup2(r5, r3)
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
ioctl$KVM_CREATE_PIT2(r6, 0x4040ae77, &(0x7f0000000f80)={0x3})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

2.107921346s ago: executing program 6 (id=2933):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0xb02, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000180)=0x1)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000000000)=<r7=>0x0)
bind$nfc_llcp(r5, 0x0, 0x0)
r8 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r8, &(0x7f00000000c0)={0x27, r7, 0x1, 0x4, 0x0, 0xff, "bac5115c7dad488702b535116fad55baf63cdd52fc30106310abb622a1c3c01c13c04df6b906288e64e96754059e65c39c5759b069d6e6d9589e5f2348878c", 0x24}, 0x60)
close(r6)
getsockopt$inet6_buf(r4, 0x29, 0xcc, 0x0, 0x0)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000100)=0xffffffffffffffff, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4)

1.143059769s ago: executing program 6 (id=2934):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="3800000023000701feffffff02000000027c0000040042800c00000000000000000914bb140002"], 0x38}, 0x1, 0x0, 0x0, 0x4048011}, 0xc800)
ioctl$IOMMU_VFIO_IOAS$GET(r0, 0x3b88, &(0x7f0000000100)={0xc})
ioctl$IOMMU_VFIO_IOAS$CLEAR(r0, 0x3b88, 0x0)
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000180)={0x20, 0x0, 0x0, 0x0, &(0x7f00000001c0)})
ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000200)={0xc})
ioctl$IOMMU_VFIO_GET_API_VERSION(r0, 0x3b64)
ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x3)
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r0, 0x3b65, 0x9)
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r0, 0x3b70, &(0x7f0000000240)={0x70, 0x0, 0x0, 0x0, {}, {{}, 0x0, 0x0, [{}]}})
connect$inet(0xffffffffffffffff, &(0x7f0000004cc0)={0x2, 0x0, @private=0xa010102}, 0x10)
r5 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendto$inet(r5, &(0x7f00000002c0)="ec", 0x1, 0x200c8004, 0x0, 0x0)

0s ago: executing program 6 (id=2935):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = fsopen(&(0x7f00000001c0)='tracefs\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r5 = fanotify_init(0xf00, 0x1000)
fanotify_mark(r5, 0x105, 0x5000003a, r4, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x42, 0x0)
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
readv(r5, &(0x7f0000000c40)=[{0x0}], 0x1)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x10)

kernel console output (not intermixed with test programs):

67][T13168] Bluetooth: hci3: command 0x0406 tx timeout
[  908.801364][T13292] trusted_key: encrypted_key: insufficient parameters specified
[  911.715421][T13296] netlink: 'syz.3.1954': attribute type 4 has an invalid length.
[  913.403736][T13302] netlink: 'syz.7.1955': attribute type 4 has an invalid length.
[  913.888773][T13320] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1961'.
[  914.444307][T13326] ptrace attach of "./syz-executor exec"[8775] was attempted by "./syz-executor exec"[13326]
[  918.808842][T13168] Bluetooth: hci4: command 0x0406 tx timeout
[  920.320804][T13357] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1974'.
[  920.465147][T13359] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  920.465166][T13359] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  920.465229][T13359] vhci_hcd vhci_hcd.0: Device attached
[  920.466872][T13362] vhci_hcd: connection closed
[  920.491851][  T707] vhci_hcd vhci_hcd.2: stop threads
[  920.491880][  T707] vhci_hcd vhci_hcd.2: release socket
[  920.491915][  T707] vhci_hcd vhci_hcd.2: disconnect device
[  921.457809][T13366] netlink: 'syz.3.1977': attribute type 4 has an invalid length.
[  921.524217][T13168] Bluetooth: hci4: command 0x0406 tx timeout
[  925.583235][T13407] netlink: 56 bytes leftover after parsing attributes in process `syz.7.1987'.
[  925.904343][T13416] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1991'.
[  926.026610][T13416] nbd: socks must be embedded in a SOCK_ITEM attr
[  927.966913][T13426] udevd[13426]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  928.504004][T13422] udevd[13422]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  929.086934][T13453] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2001'.
[  931.571816][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  931.571892][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  933.720716][T13466] netlink: 'syz.8.1993': attribute type 4 has an invalid length.
[  935.911948][T13498] netlink: 64 bytes leftover after parsing attributes in process `syz.7.2014'.
[  938.842846][ T8870] Bluetooth: hci3: SCO packet for unknown connection handle 0
[  939.885415][T13530] trusted_key: encrypted_key: insufficient parameters specified
[  939.931890][ T8870] Bluetooth: hci4: ISO packet for unknown connection handle 0
[  941.791954][T13539] netlink: 'syz.3.2023': attribute type 4 has an invalid length.
[  942.014092][T13547] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2025'.
[  942.552938][T13551] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2029'.
[  944.809051][T13561] overlayfs: failed to resolve './file0': -2
[  946.330220][T13574] netlink: 'syz.3.2037': attribute type 4 has an invalid length.
[  946.501779][T13583] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2039'.
[  947.184250][   T37] audit: type=1326 audit(1773764473.354:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13586 comm="syz.8.2041" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f108a5fc799 code=0x0
[  949.927529][T13611] netlink: 'syz.2.2049': attribute type 4 has an invalid length.
[  951.190842][T13621] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2052'.
[  951.885272][T13632] overlayfs: failed to resolve './file0': -2
[  951.886218][T13168] Bluetooth: hci3: command 0x0406 tx timeout
[  953.165266][   T37] audit: type=1326 audit(1773764479.324:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13644 comm="syz.2.2058" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6df0abc799 code=0x0
[  953.242919][T13647] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(5)
[  953.242938][T13647] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  953.243000][T13647] vhci_hcd vhci_hcd.0: Device attached
[  953.244885][T13648] vhci_hcd: connection closed
[  953.246834][ T1150] vhci_hcd vhci_hcd.6: stop threads
[  953.246859][ T1150] vhci_hcd vhci_hcd.6: release socket
[  953.246895][ T1150] vhci_hcd vhci_hcd.6: disconnect device
[  953.624909][T13656] netlink: 'syz.7.2062': attribute type 4 has an invalid length.
[  954.093395][T13667] netlink: 64 bytes leftover after parsing attributes in process `syz.7.2065'.
[  955.008415][T13168] Bluetooth: hci3: command 0x0406 tx timeout
[  955.124026][T13683] trusted_key: encrypted_key: insufficient parameters specified
[  955.174825][T13168] Bluetooth: hci4: ISO packet for unknown connection handle 0
[  961.487205][T13715] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2079'.
[  961.490218][   T37] audit: type=1326 audit(1773764487.654:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13707 comm="syz.2.2078" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6df0abc799 code=0x0
[  962.651685][T13725] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  963.761462][T13725] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  965.371407][T13725] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  965.772445][T13725] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  966.218836][ T1451] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  966.219149][ T1451] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  966.219216][ T1451] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  966.219271][ T1451] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  967.727912][T13766] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2092'.
[  967.982551][   T37] audit: type=1326 audit(1773764494.154:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13767 comm="syz.3.2093" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f4665c799 code=0x0
[  968.568793][ T8870] Bluetooth: hci3: command 0x0406 tx timeout
[  970.729136][T13782] overlayfs: failed to resolve './file1': -2
[  973.328631][ T8870] Bluetooth: hci3: command 0x0406 tx timeout
[  973.678946][T13793] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(5)
[  973.678972][T13793] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  973.679049][T13793] vhci_hcd vhci_hcd.0: Device attached
[  973.683346][T13796] vhci_hcd: connection closed
[  973.708897][ T6004] vhci_hcd vhci_hcd.7: stop threads
[  973.708925][ T6004] vhci_hcd vhci_hcd.7: release socket
[  973.708963][ T6004] vhci_hcd vhci_hcd.7: disconnect device
[  973.848461][ T8870] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  973.857355][ T8870] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  973.859527][ T8870] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  973.873376][ T8870] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  973.878792][ T8870] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  975.931238][T13821] fuse: Bad value for 'fd'
[  975.938898][T13168] Bluetooth: hci5: command tx timeout
[  978.057738][T13168] Bluetooth: hci5: command tx timeout
[  978.343715][T13801] chnl_net:caif_netlink_parms(): no params data found
[  979.666767][T13842] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2102'.
[  980.098724][T13168] Bluetooth: hci5: command tx timeout
[  980.339695][T13690] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  980.897504][T13850] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2113'.
[  981.862849][T13690] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  981.939084][T13801] bridge0: port 1(bridge_slave_0) entered blocking state
[  981.939210][T13801] bridge0: port 1(bridge_slave_0) entered disabled state
[  981.939435][T13801] bridge_slave_0: entered allmulticast mode
[  981.942335][T13801] bridge_slave_0: entered promiscuous mode
[  981.976235][T13801] bridge0: port 2(bridge_slave_1) entered blocking state
[  981.976433][T13801] bridge0: port 2(bridge_slave_1) entered disabled state
[  981.976674][T13801] bridge_slave_1: entered allmulticast mode
[  982.006066][T13801] bridge_slave_1: entered promiscuous mode
[  982.169095][T13168] Bluetooth: hci5: command tx timeout
[  982.431525][T13690] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  982.529029][T13875] trusted_key: encrypted_key: insufficient parameters specified
[  982.663797][T13168] Bluetooth: hci1: ISO packet for unknown connection handle 0
[  983.154013][T13801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  983.157963][T13801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  983.340940][T13801] team0: Port device team_slave_0 added
[  983.344437][T13801] team0: Port device team_slave_1 added
[  983.918243][T13690] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  983.971336][   T37] audit: type=1326 audit(1773764510.144:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13890 comm="syz.3.2118" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f4665c799 code=0x0
[  984.156266][T13801] batman_adv: batadv0: Adding interface: batadv_slave_0
[  984.156283][T13801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  984.156324][T13801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  984.158147][T13801] batman_adv: batadv0: Adding interface: batadv_slave_1
[  984.158160][T13801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  984.158178][T13801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  985.063814][T13896] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  985.350963][T13896] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  985.389267][T13901] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  985.389286][T13901] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  985.389373][T13901] vhci_hcd vhci_hcd.0: Device attached
[  985.391293][T13902] vhci_hcd: connection closed
[  985.401883][  T707] vhci_hcd vhci_hcd.3: stop threads
[  985.401922][  T707] vhci_hcd vhci_hcd.3: release socket
[  985.442393][  T707] vhci_hcd vhci_hcd.3: disconnect device
[  985.471663][T13801] hsr_slave_0: entered promiscuous mode
[  985.472464][T13801] hsr_slave_1: entered promiscuous mode
[  985.472988][T13801] debugfs: 'hsr0' already exists in 'hsr'
[  985.473003][T13801] Cannot create hsr debugfs directory
[  985.615504][T13889] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2127'.
[  986.480605][T13896] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  987.804852][T13896] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  988.204314][   T59] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  988.217735][   T59] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  988.233168][   T59] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  988.248287][   T59] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  989.605623][T13690] bridge_slave_1: left allmulticast mode
[  989.605652][T13690] bridge_slave_1: left promiscuous mode
[  989.605886][T13690] bridge0: port 2(bridge_slave_1) entered disabled state
[  989.915056][T13690] bridge_slave_0: left allmulticast mode
[  989.915084][T13690] bridge_slave_0: left promiscuous mode
[  989.915327][T13690] bridge0: port 1(bridge_slave_0) entered disabled state
[  991.058308][T13948] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2138'.
[  992.979556][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  992.979625][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  993.319837][T13964] netlink: 180 bytes leftover after parsing attributes in process `syz.7.2147'.
[  993.377058][T13965] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2147'.
[  993.531525][T13965] nbd: socks must be embedded in a SOCK_ITEM attr
[  993.629419][T13690] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  993.669529][T13690] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  993.719502][T13690] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  993.935602][T13690] bond0 (unregistering): Released all slaves
[  994.274743][T13967] udevd[13967]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  996.205834][T13801] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  997.344100][T13801] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  997.442750][T13801] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  998.418196][T14008] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[  998.418214][T14008] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  998.418297][T14008] vhci_hcd vhci_hcd.0: Device attached
[  998.491332][T14010] vhci_hcd: connection closed
[  998.504243][ T6002] vhci_hcd vhci_hcd.6: stop threads
[  998.504273][ T6002] vhci_hcd vhci_hcd.6: release socket
[  998.527554][ T6002] vhci_hcd vhci_hcd.6: disconnect device
[  998.573524][T13801] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1001.907782][T14052] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2165'.
[ 1004.278667][T13690] hsr_slave_0: left promiscuous mode
[ 1004.328671][T13690] hsr_slave_1: left promiscuous mode
[ 1004.330075][T13690] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1004.330104][T13690] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1004.509713][T13690] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1004.509743][T13690] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1005.728287][T13690] veth1_macvtap: left promiscuous mode
[ 1005.728395][T13690] veth0_macvtap: left promiscuous mode
[ 1005.728689][T13690] veth1_vlan: left promiscuous mode
[ 1005.728851][T13690] veth0_vlan: left promiscuous mode
[ 1006.779223][T14071] netlink: 'syz.3.2166': attribute type 4 has an invalid length.
[ 1008.830925][T13690] team0 (unregistering): Port device team_slave_1 removed
[ 1008.900062][T13690] team0 (unregistering): Port device team_slave_0 removed
[ 1009.402004][T14067] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1010.716187][T13801] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1010.858268][T14067] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1010.924424][T13801] 8021q: adding VLAN 0 to HW filter on device team0
[ 1010.955115][ T6002] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1010.956549][ T6002] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1010.973670][T14105] netlink: 56 bytes leftover after parsing attributes in process `syz.7.2176'.
[ 1011.009452][T14067] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1011.076650][ T6002] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1011.079715][ T6002] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1011.202641][T14067] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1011.485677][ T1451] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1011.501661][ T6004] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1011.806263][ T1451] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1012.812419][ T6002] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1013.967801][T14121] netlink: 'syz.2.2180': attribute type 4 has an invalid length.
[ 1014.710864][T13690] IPVS: stop unused estimator thread 0...
[ 1015.021744][T13801] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1018.585349][T13801] veth0_vlan: entered promiscuous mode
[ 1018.650094][T13801] veth1_vlan: entered promiscuous mode
[ 1018.992085][T14184] trusted_key: encrypted_key: insufficient parameters specified
[ 1019.617612][T13801] veth0_macvtap: entered promiscuous mode
[ 1019.679238][T13801] veth1_macvtap: entered promiscuous mode
[ 1019.809800][T13801] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1019.877575][T13801] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1019.897777][ T6002] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1019.897851][ T6002] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1019.897896][ T6002] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1019.897928][ T6002] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1020.971256][   T36] libceph: connect (1)[c::]:6789 error -101
[ 1020.971442][   T36] libceph: mon0 (1)[c::]:6789 connect error
[ 1021.339883][T14198] ceph: No mds server is up or the cluster is laggy
[ 1021.817957][   T36] libceph: connect (1)[c::]:6789 error -101
[ 1021.818077][   T36] libceph: mon0 (1)[c::]:6789 connect error
[ 1021.934078][ T6002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1021.934098][ T6002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1022.457067][ T6004] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1022.457110][ T6004] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1029.192519][T14258] netlink: 'syz.9.2206': attribute type 4 has an invalid length.
[ 1029.264503][ T5882] libceph: connect (1)[c::]:6789 error -101
[ 1029.264625][ T5882] libceph: mon0 (1)[c::]:6789 connect error
[ 1029.356255][T14256] ceph: No mds server is up or the cluster is laggy
[ 1030.192167][T14278] trusted_key: encrypted_key: insufficient parameters specified
[ 1035.631870][T14314] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1035.837931][T14314] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1036.810680][T14314] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1036.976923][T14314] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1037.250021][  T707] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1037.257538][  T707] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1037.281936][  T707] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1037.282386][  T707] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1044.570172][T14396] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2240'.
[ 1050.103870][T14444] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1050.918616][T14449] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[ 1050.918637][T14449] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1050.918722][T14449] vhci_hcd vhci_hcd.0: Device attached
[ 1050.924784][T14461] vhci_hcd: connection closed
[ 1050.925112][  T161] vhci_hcd vhci_hcd.3: stop threads
[ 1050.925139][  T161] vhci_hcd vhci_hcd.3: release socket
[ 1050.925175][  T161] vhci_hcd vhci_hcd.3: disconnect device
[ 1050.955106][T14460] overlayfs: overlapping lowerdir path
[ 1052.336076][T14468] trusted_key: encrypted_key: insufficient parameters specified
[ 1054.855068][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.855124][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.657423][T14504] overlayfs: failed to resolve './file1/file0': -2
[ 1057.590164][ T8870] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1057.600780][ T8870] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1057.602440][ T8870] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1057.607971][ T8870] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1057.638761][ T8870] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1057.913483][T14522] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1059.767460][T14546] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2274'.
[ 1059.852198][T13168] Bluetooth: hci1: command tx timeout
[ 1060.669794][ T5881] usb 10-1: new full-speed USB device number 2 using dummy_hcd
[ 1060.756945][ T6139] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1060.931125][ T5881] usb 10-1: unable to get BOS descriptor or descriptor too short
[ 1060.931739][ T5881] usb 10-1: not running at top speed; connect to a high speed hub
[ 1060.933651][ T5881] usb 10-1: config 3 has an invalid interface number: 49 but max is 0
[ 1060.933676][ T5881] usb 10-1: config 3 has no interface number 0
[ 1060.933720][ T5881] usb 10-1: config 3 interface 49 altsetting 221 endpoint 0xB has invalid maxpacket 1024, setting to 64
[ 1060.933747][ T5881] usb 10-1: config 3 interface 49 has no altsetting 0
[ 1060.935988][ T5881] usb 10-1: New USB device found, idVendor=046d, idProduct=c291, bcdDevice=33.bd
[ 1060.936016][ T5881] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1060.936036][ T5881] usb 10-1: Product: syz
[ 1060.936050][ T5881] usb 10-1: Manufacturer: syz
[ 1060.936064][ T5881] usb 10-1: SerialNumber: syz
[ 1062.096899][T14557] netlink: 'syz.3.2280': attribute type 4 has an invalid length.
[ 1062.175718][T13168] Bluetooth: hci1: command tx timeout
[ 1063.222969][ T6139] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1063.388665][ T5881] usb 10-1: USB disconnect, device number 2
[ 1063.550791][T14580] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1063.652389][ T6139] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1063.998837][T14591] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2285'.
[ 1064.249564][T13168] Bluetooth: hci1: command tx timeout
[ 1065.031755][ T6139] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1066.089525][T14600] netlink: 'syz.7.2289': attribute type 4 has an invalid length.
[ 1066.225734][T14513] chnl_net:caif_netlink_parms(): no params data found
[ 1066.328614][T13168] Bluetooth: hci1: command tx timeout
[ 1069.741166][T14642] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2296'.
[ 1072.368853][T14513] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1072.368977][T14513] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1072.369204][T14513] bridge_slave_0: entered allmulticast mode
[ 1072.401596][T14513] bridge_slave_0: entered promiscuous mode
[ 1073.260985][T14513] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1073.261053][T14513] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1073.261233][T14513] bridge_slave_1: entered allmulticast mode
[ 1073.268283][T14513] bridge_slave_1: entered promiscuous mode
[ 1074.416443][ T6139] bridge_slave_1: left allmulticast mode
[ 1074.416472][ T6139] bridge_slave_1: left promiscuous mode
[ 1074.416744][ T6139] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1075.520538][ T6139] bridge_slave_0: left allmulticast mode
[ 1075.520567][ T6139] bridge_slave_0: left promiscuous mode
[ 1075.520814][ T6139] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1077.529205][T14682] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2308'.
[ 1078.410342][ T6139] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1078.467210][T14691] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[ 1078.467231][T14691] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1078.468010][T14691] vhci_hcd vhci_hcd.0: Device attached
[ 1078.470299][T14692] vhci_hcd: connection closed
[ 1078.490501][ T3954] vhci_hcd vhci_hcd.3: stop threads
[ 1078.490528][ T3954] vhci_hcd vhci_hcd.3: release socket
[ 1078.490564][ T3954] vhci_hcd vhci_hcd.3: disconnect device
[ 1078.523278][ T6139] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1078.590066][ T6139] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 1078.721773][ T6139] bond0 (unregistering): Released all slaves
[ 1078.765415][T14513] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1078.787352][T14513] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1078.921963][T14513] team0: Port device team_slave_0 added
[ 1078.923970][T14513] team0: Port device team_slave_1 added
[ 1079.023487][T13168] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[ 1079.023517][T13168] CPU: 1 UID: 0 PID: 13168 Comm: kworker/u9:1 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1079.023545][T13168] Tainted: [L]=SOFTLOCKUP
[ 1079.023552][T13168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1079.023565][T13168] Workqueue: hci2 hci_rx_work
[ 1079.023602][T13168] Call Trace:
[ 1079.023610][T13168]  <TASK>
[ 1079.023620][T13168]  dump_stack_lvl+0xe8/0x150
[ 1079.023656][T13168]  sysfs_create_dir_ns+0x271/0x2a0
[ 1079.023680][T13168]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1079.023717][T13168]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1079.023744][T13168]  ? rt_spin_unlock+0x160/0x200
[ 1079.023770][T13168]  kobject_add_internal+0x631/0xd10
[ 1079.023801][T13168]  kobject_add+0x163/0x240
[ 1079.023829][T13168]  ? __pfx_kobject_add+0x10/0x10
[ 1079.023857][T13168]  ? get_device_parent+0x370/0x3a0
[ 1079.023884][T13168]  device_add+0x408/0xb80
[ 1079.023909][T13168]  hci_conn_add_sysfs+0xd5/0x210
[ 1079.023936][T13168]  le_conn_complete_evt+0xf1d/0x1430
[ 1079.023966][T13168]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1079.023987][T13168]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1079.024017][T13168]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1079.024048][T13168]  ? skb_pull_data+0xfb/0x200
[ 1079.024075][T13168]  hci_le_conn_complete_evt+0x187/0x470
[ 1079.024102][T13168]  hci_event_packet+0x7af/0x12c0
[ 1079.024133][T13168]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1079.024164][T13168]  ? __pfx_hci_event_packet+0x10/0x10
[ 1079.024186][T13168]  ? rt_spin_unlock+0x14f/0x200
[ 1079.024215][T13168]  ? hci_send_to_monitor+0xe2/0x590
[ 1079.024241][T13168]  hci_rx_work+0x3ee/0x1030
[ 1079.024273][T13168]  ? process_scheduled_works+0xa8d/0x18c0
[ 1079.024304][T13168]  process_scheduled_works+0xb6e/0x18c0
[ 1079.024360][T13168]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1079.024395][T13168]  ? assign_work+0x3d5/0x5e0
[ 1079.024424][T13168]  worker_thread+0xa53/0xfc0
[ 1079.024479][T13168]  kthread+0x388/0x470
[ 1079.024500][T13168]  ? __pfx_worker_thread+0x10/0x10
[ 1079.024523][T13168]  ? __pfx_kthread+0x10/0x10
[ 1079.024544][T13168]  ret_from_fork+0x51e/0xb90
[ 1079.024576][T13168]  ? __pfx_ret_from_fork+0x10/0x10
[ 1079.024602][T13168]  ? __switch_to+0xc7d/0x1450
[ 1079.024631][T13168]  ? __pfx_kthread+0x10/0x10
[ 1079.024652][T13168]  ret_from_fork_asm+0x1a/0x30
[ 1079.024687][T13168]  </TASK>
[ 1079.024750][T13168] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1079.024792][T13168] Bluetooth: hci2: failed to register connection device
[ 1079.082847][T14513] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1079.082864][T14513] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1079.082889][T14513] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1079.084906][T14513] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1079.084919][T14513] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1079.084942][T14513] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1080.021850][T14706] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1080.167298][T14513] hsr_slave_0: entered promiscuous mode
[ 1080.182126][T14513] hsr_slave_1: entered promiscuous mode
[ 1081.092137][T14717] netlink: 'syz.7.2317': attribute type 4 has an invalid length.
[ 1081.190778][T14513] debugfs: 'hsr0' already exists in 'hsr'
[ 1081.190807][T14513] Cannot create hsr debugfs directory
[ 1081.510115][T14725] fuse: Bad value for 'fd'
[ 1081.629823][T14728] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2318'.
[ 1082.631375][T14738] fuse: Bad value for 'fd'
[ 1084.437071][T14751] netlink: 'syz.9.2327': attribute type 4 has an invalid length.
[ 1084.996703][T14764] trusted_key: encrypted_key: insufficient parameters specified
[ 1085.219300][T13168] Bluetooth: hci4: ISO packet for unknown connection handle 0
[ 1085.686797][T14767] fuse: Bad value for 'fd'
[ 1086.979287][T13168] Bluetooth: hci2: command 0x0406 tx timeout
[ 1087.658375][ T6139] hsr_slave_0: left promiscuous mode
[ 1087.688669][ T6139] hsr_slave_1: left promiscuous mode
[ 1087.689713][ T6139] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1087.689732][ T6139] net_ratelimit: 10 callbacks suppressed
[ 1087.689744][ T6139] batadv0: mtu less than device minimum
[ 1087.736889][ T6139] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1087.827328][ T6139] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1087.858105][ T6139] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1087.879597][ T6139] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1087.900982][ T6139] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1087.919936][ T6139] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1087.927987][ T6139] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1087.974092][ T6139] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1087.995379][ T6139] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1089.167627][ T6139] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1089.236263][T14801] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2331'.
[ 1089.250620][ T6139] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1090.718661][ T6139] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1091.622621][ T6139] batman_adv: batadv0: Interface deactivated: dummy0
[ 1091.622650][ T6139] batman_adv: batadv0: Removing interface: dummy0
[ 1091.748828][ T6139] veth1_macvtap: left promiscuous mode
[ 1091.748950][ T6139] veth0_macvtap: left promiscuous mode
[ 1091.749200][ T6139] veth1_vlan: left promiscuous mode
[ 1091.751744][ T6139] veth0_vlan: left promiscuous mode
[ 1092.497691][T14825] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[ 1092.497713][T14825] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1092.497785][T14825] vhci_hcd vhci_hcd.0: Device attached
[ 1092.499642][T14826] vhci_hcd: connection closed
[ 1092.508187][ T3954] vhci_hcd vhci_hcd.3: stop threads
[ 1092.508214][ T3954] vhci_hcd vhci_hcd.3: release socket
[ 1092.508250][ T3954] vhci_hcd vhci_hcd.3: disconnect device
[ 1092.559230][ T6139] pim6reg99999999 (unregistering): left allmulticast mode
[ 1094.328689][T14844] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2356'.
[ 1095.360976][ T6139] team0 (unregistering): Port device team_slave_1 removed
[ 1095.428686][ T6139] team0 (unregistering): Port device team_slave_0 removed
[ 1095.457405][T14854] ptrace attach of "./syz-executor exec"[5809] was attempted by "./syz-executor exec"[14854]
[ 1095.848432][   T36] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[ 1096.159855][   T36] usb 10-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1096.160015][   T36] usb 10-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1096.160062][   T36] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1096.463414][   T36] usb 10-1: config 0 descriptor??
[ 1096.577207][T14864] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1096.610987][   T36] usbhid 10-1:0.0: couldn't find an input interrupt endpoint
[ 1097.589048][ T8870] Bluetooth: hci5: command 0x0406 tx timeout
[ 1097.594243][   T36] usb 10-1: USB disconnect, device number 3
[ 1097.772087][T14864] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1097.831495][T14868] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[ 1097.831522][T14868] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1097.831588][T14868] vhci_hcd vhci_hcd.0: Device attached
[ 1097.837304][T14869] vhci_hcd: connection closed
[ 1097.859192][ T1150] vhci_hcd vhci_hcd.6: stop threads
[ 1097.859211][ T1150] vhci_hcd vhci_hcd.6: release socket
[ 1097.859233][ T1150] vhci_hcd vhci_hcd.6: disconnect device
[ 1097.992665][T14864] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1098.235185][T14864] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1098.598815][ T1150] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1098.598895][ T1150] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1098.598948][ T1150] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1098.598999][ T1150] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1100.725882][T14889] netlink: 'syz.3.2372': attribute type 4 has an invalid length.
[ 1102.259458][ T6139] IPVS: stop unused estimator thread 0...
[ 1102.355767][T14513] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1103.415707][T14513] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1104.477902][T14513] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1104.552884][T14513] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1105.161956][T14513] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1105.292816][T14513] 8021q: adding VLAN 0 to HW filter on device team0
[ 1105.330296][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1105.331833][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1105.347676][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1105.373307][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1107.234207][T14513] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1107.398365][T14513] veth0_vlan: entered promiscuous mode
[ 1107.425122][T14513] veth1_vlan: entered promiscuous mode
[ 1107.512506][T14513] veth0_macvtap: entered promiscuous mode
[ 1107.539453][T14513] veth1_macvtap: entered promiscuous mode
[ 1107.583581][T14513] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1107.627728][T14513] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1107.659373][ T1150] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1107.679941][ T1150] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1107.681380][ T1150] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1107.720277][ T1150] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1109.061859][ T1451] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1109.061880][ T1451] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1109.220912][ T1150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1109.220926][ T1150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1111.792905][T14992] netlink: 'syz.7.2388': attribute type 4 has an invalid length.
[ 1112.198341][T14997] fuse: Bad value for 'fd'
[ 1112.227321][ T8870] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1112.242645][ T8870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1112.247073][ T8870] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1112.267421][ T8870] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1112.271831][ T8870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1114.102781][ T8870] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[ 1114.102812][ T8870] CPU: 1 UID: 0 PID: 8870 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1114.102843][ T8870] Tainted: [L]=SOFTLOCKUP
[ 1114.102850][ T8870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1114.102864][ T8870] Workqueue: hci5 hci_rx_work
[ 1114.102898][ T8870] Call Trace:
[ 1114.102907][ T8870]  <TASK>
[ 1114.102919][ T8870]  dump_stack_lvl+0xe8/0x150
[ 1114.102953][ T8870]  sysfs_create_dir_ns+0x271/0x2a0
[ 1114.102977][ T8870]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1114.103006][ T8870]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1114.103033][ T8870]  ? rt_spin_unlock+0x160/0x200
[ 1114.103060][ T8870]  kobject_add_internal+0x631/0xd10
[ 1114.103092][ T8870]  kobject_add+0x163/0x240
[ 1114.103118][ T8870]  ? __pfx_kobject_add+0x10/0x10
[ 1114.103146][ T8870]  ? get_device_parent+0x370/0x3a0
[ 1114.103174][ T8870]  device_add+0x408/0xb80
[ 1114.103200][ T8870]  hci_conn_add_sysfs+0xd5/0x210
[ 1114.103229][ T8870]  le_conn_complete_evt+0xf1d/0x1430
[ 1114.103261][ T8870]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1114.103284][ T8870]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1114.103315][ T8870]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1114.103346][ T8870]  ? skb_pull_data+0xfb/0x200
[ 1114.103374][ T8870]  hci_le_conn_complete_evt+0x187/0x470
[ 1114.103403][ T8870]  hci_event_packet+0x7af/0x12c0
[ 1114.103438][ T8870]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1114.103469][ T8870]  ? __pfx_hci_event_packet+0x10/0x10
[ 1114.103495][ T8870]  ? rt_spin_unlock+0x14f/0x200
[ 1114.103529][ T8870]  ? hci_send_to_monitor+0xe2/0x590
[ 1114.103555][ T8870]  hci_rx_work+0x3ee/0x1030
[ 1114.103591][ T8870]  ? process_scheduled_works+0xa8d/0x18c0
[ 1114.103621][ T8870]  process_scheduled_works+0xb6e/0x18c0
[ 1114.103680][ T8870]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1114.103716][ T8870]  ? assign_work+0x3d5/0x5e0
[ 1114.103759][ T8870]  worker_thread+0xa53/0xfc0
[ 1114.103816][ T8870]  kthread+0x388/0x470
[ 1114.103839][ T8870]  ? __pfx_worker_thread+0x10/0x10
[ 1114.103866][ T8870]  ? __pfx_kthread+0x10/0x10
[ 1114.103889][ T8870]  ret_from_fork+0x51e/0xb90
[ 1114.103921][ T8870]  ? __pfx_ret_from_fork+0x10/0x10
[ 1114.103948][ T8870]  ? __switch_to+0xc7d/0x1450
[ 1114.103977][ T8870]  ? __pfx_kthread+0x10/0x10
[ 1114.104000][ T8870]  ret_from_fork_asm+0x1a/0x30
[ 1114.104037][ T8870]  </TASK>
[ 1114.104993][ T8870] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1114.106056][ T8870] Bluetooth: hci5: failed to register connection device
[ 1114.329085][ T5805] Bluetooth: hci3: command tx timeout
[ 1115.779473][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.779639][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.409970][ T5805] Bluetooth: hci3: command tx timeout
[ 1118.155369][ T5809] bridge0: port 3(syz_tun) entered disabled state
[ 1118.305480][ T5809] syz_tun (unregistering): left allmulticast mode
[ 1118.305500][ T5809] syz_tun (unregistering): left promiscuous mode
[ 1118.305566][ T5809] bridge0: port 3(syz_tun) entered disabled state
[ 1119.389296][ T5805] Bluetooth: hci3: command tx timeout
[ 1119.789036][T14998] chnl_net:caif_netlink_parms(): no params data found
[ 1120.042592][T15050] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1121.945585][ T5805] Bluetooth: hci3: command tx timeout
[ 1124.044529][ T8870] Bluetooth: hci5: command 0x0406 tx timeout
[ 1125.307126][  T707] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1125.553570][T15081] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2414'.
[ 1125.709757][T15086] ptrace attach of "./syz-executor exec"[13801] was attempted by "./syz-executor exec"[15086]
[ 1126.082476][  T707] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1126.331277][T14998] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1126.331400][T14998] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1126.331622][T14998] bridge_slave_0: entered allmulticast mode
[ 1127.488600][T14998] bridge_slave_0: entered promiscuous mode
[ 1127.606316][T14998] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1127.606440][T14998] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1127.606666][T14998] bridge_slave_1: entered allmulticast mode
[ 1127.621734][T14998] bridge_slave_1: entered promiscuous mode
[ 1127.956053][T14859] udevd[14859]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1129.148888][  T707] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1129.267558][T14998] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1129.504661][  T707] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1129.712659][T14998] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1129.935616][T15128] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1131.078963][T14998] team0: Port device team_slave_0 added
[ 1131.082440][T14998] team0: Port device team_slave_1 added
[ 1131.836267][T14998] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1131.836284][T14998] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1131.836307][T14998] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1131.864100][T14998] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1131.864119][T14998] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1131.864146][T14998] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1132.733644][T14998] hsr_slave_0: entered promiscuous mode
[ 1132.734737][T14998] hsr_slave_1: entered promiscuous mode
[ 1134.060855][T15144] netlink: 'syz.9.2432': attribute type 4 has an invalid length.
[ 1135.459915][T15153] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 1135.459932][T15153] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1135.523752][   T37] audit: type=1326 audit(1773764661.694:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15152 comm="syz.2.2434" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90b8fc799 code=0x0
[ 1135.753292][  T707] bridge_slave_1: left allmulticast mode
[ 1135.753320][  T707] bridge_slave_1: left promiscuous mode
[ 1135.753545][  T707] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1135.855714][  T707] bridge_slave_0: left allmulticast mode
[ 1135.855733][  T707] bridge_slave_0: left promiscuous mode
[ 1135.855905][  T707] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1139.925149][T15178] netlink: 'syz.6.2443': attribute type 4 has an invalid length.
[ 1140.780672][  T707] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1140.844714][  T707] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1141.164406][  T707] bond0 (unregistering): Released all slaves
[ 1141.866669][  T707] tipc: Left network mode
[ 1142.384702][   T37] audit: type=1326 audit(1773764668.554:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15194 comm="syz.7.2447" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe7124fc799 code=0x0
[ 1145.160590][T15223] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2450'.
[ 1146.575580][T15229] netlink: 'syz.2.2453': attribute type 4 has an invalid length.
[ 1148.310516][T15244] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(6)
[ 1148.310557][T15244] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1148.310664][T15244] vhci_hcd vhci_hcd.0: Device attached
[ 1148.578644][ T8240] usb 47-1: new low-speed USB device number 2 using vhci_hcd
[ 1148.997890][T15245] vhci_hcd: connection reset by peer
[ 1148.997985][ T8870] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection
[ 1149.015702][   T59] vhci_hcd vhci_hcd.7: stop threads
[ 1149.019235][   T59] vhci_hcd vhci_hcd.7: release socket
[ 1149.149056][   T59] vhci_hcd vhci_hcd.7: disconnect device
[ 1149.341481][T15256] netlink: 20 bytes leftover after parsing attributes in process `syz.9.2458'.
[ 1150.612693][   T37] audit: type=1326 audit(1773764676.784:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15260 comm="syz.7.2459" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe7124fc799 code=0x0
[ 1150.659959][  T707] hsr_slave_0: left promiscuous mode
[ 1150.713694][  T707] hsr_slave_1: left promiscuous mode
[ 1150.714792][  T707] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1150.714813][  T707] net_ratelimit: 30 callbacks suppressed
[ 1150.714825][  T707] batadv0: mtu less than device minimum
[ 1150.726293][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1150.843096][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1150.877255][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1150.904457][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1150.926712][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1151.101337][T14859] udevd[14859]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1151.442226][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1151.472641][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1151.493275][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1151.517352][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1151.856846][  T707] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1152.629635][  T707] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1156.725955][T15292] netlink: 'syz.6.2464': attribute type 4 has an invalid length.
[ 1156.842956][  T707] net_ratelimit: 20 callbacks suppressed
[ 1156.842975][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1156.858612][ T8240] vhci_hcd vhci_hcd.7: vhci_device speed not set
[ 1156.874469][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1156.894007][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1156.913295][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1156.934539][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1156.952568][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1156.972194][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1156.990688][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1157.009285][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1157.017315][  T707] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1157.017468][  T707] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1157.203649][T15309] netlink: 44 bytes leftover after parsing attributes in process `syz.9.2465'.
[ 1157.205657][  T707] batman_adv: batadv0: Interface deactivated: dummy0
[ 1157.205684][  T707] batman_adv: batadv0: Removing interface: dummy0
[ 1157.416402][  T707] veth1_macvtap: left promiscuous mode
[ 1157.416504][  T707] veth0_macvtap: left promiscuous mode
[ 1157.416772][  T707] veth1_vlan: left promiscuous mode
[ 1157.416938][  T707] veth0_vlan: left promiscuous mode
[ 1159.610857][  T707] pim6reg99999999 (unregistering): left allmulticast mode
[ 1160.599231][T15324] overlayfs: failed to resolve './file1': -2
[ 1160.799906][T15325] netlink: 'syz.7.2470': attribute type 4 has an invalid length.
[ 1161.843381][T15328] overlayfs: failed to resolve './file1': -2
[ 1162.288222][ T8870] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1162.313621][ T8870] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1162.316560][ T8870] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1162.317621][ T8870] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1162.318329][ T8870] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1162.546310][  T707] team0 (unregistering): Port device team_slave_1 removed
[ 1162.609198][  T707] team0 (unregistering): Port device team_slave_0 removed
[ 1164.348773][T15340] netlink: 'syz.9.2476': attribute type 4 has an invalid length.
[ 1164.520756][ T5805] Bluetooth: hci4: command tx timeout
[ 1164.965647][T14998] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1165.455226][T14998] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1165.707226][T14998] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1166.571731][ T8870] Bluetooth: hci4: command tx timeout
[ 1166.577182][T14998] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1168.621701][  T707] IPVS: stop unused estimator thread 0...
[ 1168.649870][ T8870] Bluetooth: hci4: command tx timeout
[ 1168.743879][T15331] chnl_net:caif_netlink_parms(): no params data found
[ 1168.794239][T15374] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[ 1168.794261][T15374] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1168.795550][T15374] vhci_hcd vhci_hcd.0: Device attached
[ 1168.803306][T15375] overlayfs: failed to resolve './file1/file0': -2
[ 1169.059455][T15383] netlink: 64 bytes leftover after parsing attributes in process `syz.7.2484'.
[ 1169.088708][ T8198] usb 45-1: new low-speed USB device number 2 using vhci_hcd
[ 1169.442935][  T707] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1169.450641][T15376] vhci_hcd: connection reset by peer
[ 1169.454197][ T6004] vhci_hcd vhci_hcd.6: stop threads
[ 1169.454224][ T6004] vhci_hcd vhci_hcd.6: release socket
[ 1169.456622][ T6004] vhci_hcd vhci_hcd.6: disconnect device
[ 1169.705409][T14998] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1169.706313][T15331] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1169.706507][T15331] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1169.706687][T15331] bridge_slave_0: entered allmulticast mode
[ 1170.573507][T15331] bridge_slave_0: entered promiscuous mode
[ 1170.737584][ T8870] Bluetooth: hci4: command tx timeout
[ 1171.383836][  T707] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1172.269689][T15331] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1172.269890][T15331] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1172.270127][T15331] bridge_slave_1: entered allmulticast mode
[ 1172.273609][T15331] bridge_slave_1: entered promiscuous mode
[ 1172.785784][T15425] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2493'.
[ 1172.836512][ T5805] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1172.871604][ T5805] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1172.873576][ T5805] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1172.875858][ T5805] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1172.900850][ T5805] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1172.970373][  T707] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1173.087076][T15331] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1173.139880][T15331] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1174.418625][ T8198] vhci_hcd vhci_hcd.6: vhci_device speed not set
[ 1175.101709][ T5805] Bluetooth: hci1: command tx timeout
[ 1175.434354][T15446] netlink: 'syz.9.2498': attribute type 4 has an invalid length.
[ 1176.633667][  T707] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1176.710718][T15331] team0: Port device team_slave_0 added
[ 1177.648276][T15449] netlink: 'syz.7.2500': attribute type 4 has an invalid length.
[ 1177.651580][ T5805] Bluetooth: hci1: command tx timeout
[ 1177.659172][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.659246][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.831039][T15331] team0: Port device team_slave_1 added
[ 1178.000504][T15331] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1178.000518][T15331] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1178.000533][T15331] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1178.005490][T15331] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1178.005505][T15331] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1178.005523][T15331] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1179.357406][T15331] hsr_slave_0: entered promiscuous mode
[ 1179.378989][T15331] hsr_slave_1: entered promiscuous mode
[ 1179.379903][T15331] debugfs: 'hsr0' already exists in 'hsr'
[ 1179.379925][T15331] Cannot create hsr debugfs directory
[ 1179.665733][  T707] bridge_slave_1: left allmulticast mode
[ 1179.665762][  T707] bridge_slave_1: left promiscuous mode
[ 1179.665995][  T707] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1179.689199][ T5805] Bluetooth: hci1: command tx timeout
[ 1179.740756][  T707] bridge_slave_0: left allmulticast mode
[ 1179.740776][  T707] bridge_slave_0: left promiscuous mode
[ 1179.740979][  T707] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1180.089702][T15474] netlink: 64 bytes leftover after parsing attributes in process `syz.7.2504'.
[ 1181.189508][  T707] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1181.274169][  T707] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1181.327693][  T707] bond0 (unregistering): Released all slaves
[ 1181.529772][T15489] overlayfs: failed to resolve './file1/file0': -2
[ 1183.135376][ T5805] Bluetooth: hci1: command tx timeout
[ 1183.267673][T15424] chnl_net:caif_netlink_parms(): no params data found
[ 1187.819274][T15510] overlayfs: failed to resolve './file1': -2
[ 1188.022168][T15517] netlink: 'syz.7.2518': attribute type 4 has an invalid length.
[ 1188.864979][T15533] overlayfs: failed to resolve './file1/file0': -2
[ 1192.603652][T15550] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2528'.
[ 1195.008628][T15577] ptrace attach of "./syz-executor exec"[13801] was attempted by "./syz-executor exec"[15577]
[ 1197.500204][  T707] hsr_slave_0: left promiscuous mode
[ 1197.688949][  T707] hsr_slave_1: left promiscuous mode
[ 1197.690036][  T707] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1197.690060][  T707] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1197.723053][  T707] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1197.723080][  T707] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1198.738729][  T707] veth1_macvtap: left promiscuous mode
[ 1198.738830][  T707] veth0_macvtap: left promiscuous mode
[ 1198.739091][  T707] veth1_vlan: left promiscuous mode
[ 1198.739258][  T707] veth0_vlan: left promiscuous mode
[ 1200.838011][T15617] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2547'.
[ 1201.069291][  T707] team0 (unregistering): Port device team_slave_1 removed
[ 1201.099463][  T707] team0 (unregistering): Port device team_slave_0 removed
[ 1201.412544][T15531] udevd[15531]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1201.459107][T15611] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2545'.
[ 1202.704252][T15424] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1202.704318][T15424] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1202.704469][T15424] bridge_slave_0: entered allmulticast mode
[ 1202.751236][T15424] bridge_slave_0: entered promiscuous mode
[ 1202.802271][T15424] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1202.802345][T15424] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1202.802511][T15424] bridge_slave_1: entered allmulticast mode
[ 1202.803876][T15424] bridge_slave_1: entered promiscuous mode
[ 1203.619001][T15629] netlink: 'syz.6.2551': attribute type 4 has an invalid length.
[ 1206.453699][T15646] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.571396][T15424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1206.704786][T15646] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.736519][T15424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1206.815000][T15424] team0: Port device team_slave_0 added
[ 1206.817938][T15424] team0: Port device team_slave_1 added
[ 1207.032389][T15646] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1207.129430][T15424] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1207.129448][T15424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1207.129474][T15424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1207.133513][T15424] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1207.133529][T15424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1207.133555][T15424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1207.344253][T15424] hsr_slave_0: entered promiscuous mode
[ 1207.346270][T15424] hsr_slave_1: entered promiscuous mode
[ 1207.347225][T15424] debugfs: 'hsr0' already exists in 'hsr'
[ 1207.347248][T15424] Cannot create hsr debugfs directory
[ 1207.612537][T15659] ptrace attach of "./syz-executor exec"[8869] was attempted by "./syz-executor exec"[15659]
[ 1208.123978][T15646] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1208.177370][T15674] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2561'.
[ 1208.200920][T15331] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1208.272565][T15331] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1208.340288][T15331] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1208.508151][T15331] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1208.556630][T15060] netdevsim netdevsim9 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1208.571384][T15060] netdevsim netdevsim9 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1208.590470][T15060] netdevsim netdevsim9 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1208.593883][T15060] netdevsim netdevsim9 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1209.855438][T15702] netlink: 40 bytes leftover after parsing attributes in process `syz.9.2567'.
[ 1213.797458][T15730] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2572'.
[ 1215.947966][T15331] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1216.366862][T15754] netlink: 20 bytes leftover after parsing attributes in process `syz.9.2576'.
[ 1218.342798][T15748] udevd[15748]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1218.403990][T15331] 8021q: adding VLAN 0 to HW filter on device team0
[ 1218.507866][ T6002] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1218.508055][ T6002] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1218.800916][T13690] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1218.802461][T13690] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1218.964464][T15788] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2586'.
[ 1222.592675][  T707] bridge_slave_1: left allmulticast mode
[ 1222.592694][  T707] bridge_slave_1: left promiscuous mode
[ 1222.592847][  T707] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1222.802927][  T707] bridge_slave_0: left allmulticast mode
[ 1222.802964][  T707] bridge_slave_0: left promiscuous mode
[ 1222.803227][  T707] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1222.915754][ T8870] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1222.931995][ T8870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1222.936735][ T8870] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1222.938223][ T8870] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1222.960144][ T8870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1224.911054][T15843] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1225.053980][ T5805] Bluetooth: hci3: command tx timeout
[ 1226.901403][  T707] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1227.003532][  T707] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1227.060142][  T707] bond0 (unregistering): Released all slaves
[ 1227.133262][ T8870] Bluetooth: hci3: command tx timeout
[ 1227.525808][T15850] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2599'.
[ 1228.222461][  T707] hsr_slave_0: left promiscuous mode
[ 1228.346751][  T707] hsr_slave_1: left promiscuous mode
[ 1228.359045][  T707] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1228.439396][  T707] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1229.218578][ T8870] Bluetooth: hci3: command tx timeout
[ 1229.537745][T15866] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2602'.
[ 1230.421332][  T707] team0 (unregistering): Port device team_slave_1 removed
[ 1230.519509][  T707] team0 (unregistering): Port device team_slave_0 removed
[ 1230.560289][T15748] udevd[15748]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1230.918856][T15885] tmpfs: Bad value for 'mpol'
[ 1231.288760][ T8870] Bluetooth: hci3: command tx timeout
[ 1234.061446][T15826] chnl_net:caif_netlink_parms(): no params data found
[ 1235.581966][ T5805] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1235.614029][ T5805] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1235.623163][ T5805] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1235.629741][ T5805] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1235.631091][ T5805] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1235.827909][T15826] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1235.858820][T15826] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1235.859086][T15826] bridge_slave_0: entered allmulticast mode
[ 1235.860504][T15826] bridge_slave_0: entered promiscuous mode
[ 1235.863838][T15826] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1235.863903][T15826] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1235.864025][T15826] bridge_slave_1: entered allmulticast mode
[ 1235.865405][T15826] bridge_slave_1: entered promiscuous mode
[ 1236.727844][T15826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1236.961919][T15826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1237.698525][ T5805] Bluetooth: hci4: command tx timeout
[ 1238.988610][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.988678][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1239.022173][T15826] team0: Port device team_slave_0 added
[ 1239.305165][T15826] team0: Port device team_slave_1 added
[ 1239.586098][T15826] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1239.586116][T15826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1239.586142][T15826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1239.588323][T15826] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1239.588336][T15826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1239.588358][T15826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1239.768780][ T5805] Bluetooth: hci4: command tx timeout
[ 1240.940653][T15982] netlink: 'syz.7.2625': attribute type 4 has an invalid length.
[ 1241.119428][T15977] netlink: 'syz.6.2623': attribute type 29 has an invalid length.
[ 1241.790688][T15826] hsr_slave_0: entered promiscuous mode
[ 1241.791970][T15826] hsr_slave_1: entered promiscuous mode
[ 1241.832934][T15984] netlink: 'syz.6.2623': attribute type 29 has an invalid length.
[ 1241.859735][ T5805] Bluetooth: hci4: command tx timeout
[ 1244.154958][ T8870] Bluetooth: hci4: command tx timeout
[ 1244.344455][T16011] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1244.525675][T16011] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1245.592814][T16011] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1245.831663][T16011] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1247.208145][ T6002] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1247.241689][ T6002] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1247.241736][ T6002] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1247.241769][ T6002] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1247.463146][T15928] chnl_net:caif_netlink_parms(): no params data found
[ 1248.077007][T15928] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1248.077224][T15928] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1248.077403][T15928] bridge_slave_0: entered allmulticast mode
[ 1248.093717][T15928] bridge_slave_0: entered promiscuous mode
[ 1248.124064][T15928] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1248.124273][T15928] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1248.124506][T15928] bridge_slave_1: entered allmulticast mode
[ 1248.135339][T15928] bridge_slave_1: entered promiscuous mode
[ 1248.402209][T15928] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1248.406238][T15928] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1248.737726][T15928] team0: Port device team_slave_0 added
[ 1249.024764][T15928] team0: Port device team_slave_1 added
[ 1249.024985][  T707] bridge_slave_1: left allmulticast mode
[ 1249.025006][  T707] bridge_slave_1: left promiscuous mode
[ 1249.025250][  T707] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1249.110615][  T707] bridge_slave_0: left allmulticast mode
[ 1249.110646][  T707] bridge_slave_0: left promiscuous mode
[ 1249.110901][  T707] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1249.227265][  T707] bridge_slave_1: left allmulticast mode
[ 1249.227295][  T707] bridge_slave_1: left promiscuous mode
[ 1249.227545][  T707] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1249.332699][  T707] bridge_slave_0: left allmulticast mode
[ 1249.332728][  T707] bridge_slave_0: left promiscuous mode
[ 1249.332982][  T707] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1249.906912][T16102] netlink: 180 bytes leftover after parsing attributes in process `syz.6.2641'.
[ 1249.923062][ T8870] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[ 1249.923090][ T8870] CPU: 0 UID: 0 PID: 8870 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1249.923120][ T8870] Tainted: [L]=SOFTLOCKUP
[ 1249.923127][ T8870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1249.923141][ T8870] Workqueue: hci2 hci_rx_work
[ 1249.923182][ T8870] Call Trace:
[ 1249.923191][ T8870]  <TASK>
[ 1249.923200][ T8870]  dump_stack_lvl+0xe8/0x150
[ 1249.923236][ T8870]  sysfs_create_dir_ns+0x271/0x2a0
[ 1249.923261][ T8870]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1249.923292][ T8870]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1249.923320][ T8870]  ? rt_spin_unlock+0x160/0x200
[ 1249.923345][ T8870]  kobject_add_internal+0x631/0xd10
[ 1249.923378][ T8870]  kobject_add+0x163/0x240
[ 1249.923404][ T8870]  ? __pfx_kobject_add+0x10/0x10
[ 1249.923433][ T8870]  ? get_device_parent+0x370/0x3a0
[ 1249.923463][ T8870]  device_add+0x408/0xb80
[ 1249.923488][ T8870]  hci_conn_add_sysfs+0xd5/0x210
[ 1249.923515][ T8870]  le_conn_complete_evt+0xf1d/0x1430
[ 1249.923543][ T8870]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1249.923564][ T8870]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1249.923604][ T8870]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1249.923634][ T8870]  ? skb_pull_data+0xfb/0x200
[ 1249.923661][ T8870]  hci_le_conn_complete_evt+0x187/0x470
[ 1249.923689][ T8870]  hci_event_packet+0x7af/0x12c0
[ 1249.923722][ T8870]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1249.923752][ T8870]  ? __pfx_hci_event_packet+0x10/0x10
[ 1249.923778][ T8870]  ? rt_spin_unlock+0x14f/0x200
[ 1249.923807][ T8870]  ? hci_send_to_monitor+0xe2/0x590
[ 1249.923831][ T8870]  hci_rx_work+0x3ee/0x1030
[ 1249.923862][ T8870]  ? process_scheduled_works+0xa8d/0x18c0
[ 1249.923893][ T8870]  process_scheduled_works+0xb6e/0x18c0
[ 1249.923948][ T8870]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1249.923981][ T8870]  ? assign_work+0x3d5/0x5e0
[ 1249.924009][ T8870]  worker_thread+0xa53/0xfc0
[ 1249.924060][ T8870]  kthread+0x388/0x470
[ 1249.924082][ T8870]  ? __pfx_worker_thread+0x10/0x10
[ 1249.924108][ T8870]  ? __pfx_kthread+0x10/0x10
[ 1249.924128][ T8870]  ret_from_fork+0x51e/0xb90
[ 1249.924160][ T8870]  ? __pfx_ret_from_fork+0x10/0x10
[ 1249.924185][ T8870]  ? __switch_to+0xc7d/0x1450
[ 1249.924214][ T8870]  ? __pfx_kthread+0x10/0x10
[ 1249.924235][ T8870]  ret_from_fork_asm+0x1a/0x30
[ 1249.924287][ T8870]  </TASK>
[ 1249.924320][ T8870] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1249.924358][ T8870] Bluetooth: hci2: failed to register connection device
[ 1249.963762][T16102] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2641'.
[ 1250.037123][T16102] nbd: socks must be embedded in a SOCK_ITEM attr
[ 1250.665579][  T707] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1250.754934][T15748] udevd[15748]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1250.847648][  T707] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1250.952203][ T5805] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[ 1250.980225][  T707] bond0 (unregistering): Released all slaves
[ 1251.581442][T16129] binder_alloc: binder_alloc_mmap_handler: 16125 200000fed000-200001000000 already mapped failed -16
[ 1254.169233][  T707] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1254.172831][T16146] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(5)
[ 1254.172856][T16146] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1254.175216][T16146] vhci_hcd vhci_hcd.0: Device attached
[ 1254.199293][T16148] vhci_hcd: connection closed
[ 1254.199669][T15057] vhci_hcd vhci_hcd.7: stop threads
[ 1254.199696][T15057] vhci_hcd vhci_hcd.7: release socket
[ 1254.199732][T15057] vhci_hcd vhci_hcd.7: disconnect device
[ 1254.298041][  T707] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1254.350398][  T707] bond0 (unregistering): Released all slaves
[ 1254.633096][T16147] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2647'.
[ 1255.741904][T15928] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1255.741922][T15928] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1255.741948][T15928] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1256.700365][T15928] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1256.700382][T15928] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1256.700406][T15928] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1257.219246][T16164] netlink: 40 bytes leftover after parsing attributes in process `syz.9.2648'.
[ 1258.523711][ T8870] Bluetooth: hci2: command 0x0406 tx timeout
[ 1258.706002][T15928] hsr_slave_0: entered promiscuous mode
[ 1258.734359][T15928] hsr_slave_1: entered promiscuous mode
[ 1258.735294][T15928] debugfs: 'hsr0' already exists in 'hsr'
[ 1258.735317][T15928] Cannot create hsr debugfs directory
[ 1259.377712][  T707] hsr_slave_0: left promiscuous mode
[ 1259.443486][  T707] hsr_slave_1: left promiscuous mode
[ 1259.444435][  T707] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1259.503157][  T707] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1259.775058][  T707] hsr_slave_0: left promiscuous mode
[ 1259.838564][  T707] hsr_slave_1: left promiscuous mode
[ 1259.839596][  T707] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1259.889182][  T707] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1259.891389][T16189] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2656'.
[ 1260.419891][T16158] udevd[16158]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1261.999743][T16214] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2657'.
[ 1263.343478][  T707] team0 (unregistering): Port device team_slave_1 removed
[ 1263.591441][T16231] tmpfs: Bad value for 'mpol'
[ 1264.589455][  T707] team0 (unregistering): Port device team_slave_0 removed
[ 1265.117325][T16237] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2662'.
[ 1265.831008][T16158] udevd[16158]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1267.651592][  T707] team0 (unregistering): Port device team_slave_1 removed
[ 1267.856305][  T707] team0 (unregistering): Port device team_slave_0 removed
[ 1268.396395][T16272] netlink: 40 bytes leftover after parsing attributes in process `syz.9.2665'.
[ 1274.454046][T16322] block device autoloading is deprecated and will be removed.
[ 1274.922629][T15928] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1275.252334][T15928] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1275.491208][T16329] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[ 1275.491308][T16329] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1275.496825][T16329] vhci_hcd vhci_hcd.0: Device attached
[ 1275.797297][T16330] vhci_hcd: connection closed
[ 1275.797849][  T161] vhci_hcd vhci_hcd.6: stop threads
[ 1275.797877][  T161] vhci_hcd vhci_hcd.6: release socket
[ 1275.797942][  T161] vhci_hcd vhci_hcd.6: disconnect device
[ 1275.858686][T15187] vhci_hcd vhci_hcd.6: vhci_device speed not set
[ 1277.278871][T16339] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(12)
[ 1277.278930][T16339] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1277.305060][T16339] vhci_hcd vhci_hcd.0: Device attached
[ 1277.321053][T16361] vhci_hcd: connection closed
[ 1277.330312][ T6004] vhci_hcd vhci_hcd.9: stop threads
[ 1277.330372][ T6004] vhci_hcd vhci_hcd.9: release socket
[ 1277.336403][ T6004] vhci_hcd vhci_hcd.9: disconnect device
[ 1277.831157][T15928] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1278.167995][T15928] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1279.750348][T16393] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2690'.
[ 1281.268460][T15826] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1283.432991][T15928] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1283.551810][T15928] 8021q: adding VLAN 0 to HW filter on device team0
[ 1283.687785][ T3954] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1283.694251][ T3954] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1283.892918][ T6004] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1283.893351][ T6004] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1284.015674][T16418] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(12)
[ 1284.015703][T16418] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1284.023881][T16418] vhci_hcd vhci_hcd.0: Device attached
[ 1284.456749][ T8198] usb 51-1: new low-speed USB device number 2 using vhci_hcd
[ 1284.508741][ T8870] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1284.566749][T16421] vhci_hcd: connection reset by peer
[ 1284.567429][ T3954] vhci_hcd vhci_hcd.9: stop threads
[ 1284.567490][ T3954] vhci_hcd vhci_hcd.9: release socket
[ 1284.576861][ T3954] vhci_hcd vhci_hcd.9: disconnect device
[ 1284.580692][ T8870] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1284.592775][ T8870] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1284.827479][ T8870] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1285.093510][ T8870] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1286.762558][T16441] netlink: 'syz.6.2701': attribute type 1 has an invalid length.
[ 1286.762578][T16441] netlink: 'syz.6.2701': attribute type 4 has an invalid length.
[ 1286.762592][T16441] netlink: 15334 bytes leftover after parsing attributes in process `syz.6.2701'.
[ 1286.825103][T16439] netdevsim netdevsim9 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1287.208719][ T5805] Bluetooth: hci1: command tx timeout
[ 1287.231504][T16444] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2702'.
[ 1288.803861][T16452] fuse: Bad value for 'fd'
[ 1289.759697][ T5805] Bluetooth: hci1: command tx timeout
[ 1289.929984][ T8198] vhci_hcd vhci_hcd.9: vhci_device speed not set
[ 1290.297314][T16439] netdevsim netdevsim9 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1290.444797][T16439] netdevsim netdevsim9 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1290.610413][T16439] netdevsim netdevsim9 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1290.708498][T16463] ptrace attach of "./syz-executor exec"[8869] was attempted by "./syz-executor exec"[16463]
[ 1291.239215][ T6002] netdevsim netdevsim9 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1291.294928][T16469] netlink: 180 bytes leftover after parsing attributes in process `syz.7.2708'.
[ 1291.316444][   T12] netdevsim netdevsim9 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1291.446566][T16476] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1292.536083][ T5805] Bluetooth: hci1: command tx timeout
[ 1293.396812][T16478] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2708'.
[ 1293.681472][   T12] netdevsim netdevsim9 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1294.660973][ T5805] Bluetooth: hci1: command tx timeout
[ 1294.813187][   T12] netdevsim netdevsim9 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1294.876889][T16478] nbd: socks must be embedded in a SOCK_ITEM attr
[ 1298.350389][ T8870] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1298.375298][ T8870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1298.378339][ T8870] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1298.393502][T16517] ptrace attach of "./syz-executor exec"[8775] was attempted by "./syz-executor exec"[16517]
[ 1298.395978][ T8870] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1298.400730][ T8870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1298.559586][T16420] chnl_net:caif_netlink_parms(): no params data found
[ 1300.764182][ T8870] Bluetooth: hci3: command tx timeout
[ 1300.765505][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.765572][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1302.988721][ T8870] Bluetooth: hci3: command tx timeout
[ 1303.356710][T16541] netlink: 'syz.7.2723': attribute type 29 has an invalid length.
[ 1303.376366][T16541] netlink: 76 bytes leftover after parsing attributes in process `syz.7.2723'.
[ 1303.453604][T16547] netlink: 'syz.7.2723': attribute type 29 has an invalid length.
[ 1303.605927][T16420] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1303.606086][T16420] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1303.606299][T16420] bridge_slave_0: entered allmulticast mode
[ 1303.645178][T16420] bridge_slave_0: entered promiscuous mode
[ 1303.667906][T16420] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1303.675968][T16420] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1303.676205][T16420] bridge_slave_1: entered allmulticast mode
[ 1303.693374][T16553] ptrace attach of "./syz-executor exec"[8869] was attempted by "./syz-executor exec"[16553]
[ 1303.719727][T16420] bridge_slave_1: entered promiscuous mode
[ 1303.881684][ T5805] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[ 1303.881718][ T5805] CPU: 1 UID: 0 PID: 5805 Comm: kworker/u9:4 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1303.881748][ T5805] Tainted: [L]=SOFTLOCKUP
[ 1303.881755][ T5805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1303.881769][ T5805] Workqueue: hci5 hci_rx_work
[ 1303.881804][ T5805] Call Trace:
[ 1303.881812][ T5805]  <TASK>
[ 1303.881821][ T5805]  dump_stack_lvl+0xe8/0x150
[ 1303.881854][ T5805]  sysfs_create_dir_ns+0x271/0x2a0
[ 1303.881880][ T5805]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1303.881908][ T5805]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1303.881935][ T5805]  ? rt_spin_unlock+0x160/0x200
[ 1303.881962][ T5805]  kobject_add_internal+0x631/0xd10
[ 1303.881995][ T5805]  kobject_add+0x163/0x240
[ 1303.882021][ T5805]  ? __pfx_kobject_add+0x10/0x10
[ 1303.882050][ T5805]  ? get_device_parent+0x370/0x3a0
[ 1303.882078][ T5805]  device_add+0x408/0xb80
[ 1303.882104][ T5805]  hci_conn_add_sysfs+0xd5/0x210
[ 1303.882135][ T5805]  le_conn_complete_evt+0xf1d/0x1430
[ 1303.882167][ T5805]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1303.882189][ T5805]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1303.882220][ T5805]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1303.882260][ T5805]  ? skb_pull_data+0xfb/0x200
[ 1303.882290][ T5805]  hci_le_conn_complete_evt+0x187/0x470
[ 1303.882320][ T5805]  hci_event_packet+0x7af/0x12c0
[ 1303.882354][ T5805]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1303.882388][ T5805]  ? __pfx_hci_event_packet+0x10/0x10
[ 1303.882415][ T5805]  ? rt_spin_unlock+0x14f/0x200
[ 1303.882449][ T5805]  ? hci_send_to_monitor+0xe2/0x590
[ 1303.882478][ T5805]  hci_rx_work+0x3ee/0x1030
[ 1303.882514][ T5805]  ? process_scheduled_works+0xa8d/0x18c0
[ 1303.882545][ T5805]  process_scheduled_works+0xb6e/0x18c0
[ 1303.882605][ T5805]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1303.882640][ T5805]  ? assign_work+0x3d5/0x5e0
[ 1303.882673][ T5805]  worker_thread+0xa53/0xfc0
[ 1303.882730][ T5805]  kthread+0x388/0x470
[ 1303.882751][ T5805]  ? __pfx_worker_thread+0x10/0x10
[ 1303.882777][ T5805]  ? __pfx_kthread+0x10/0x10
[ 1303.882800][ T5805]  ret_from_fork+0x51e/0xb90
[ 1303.882833][ T5805]  ? __pfx_ret_from_fork+0x10/0x10
[ 1303.882860][ T5805]  ? __switch_to+0xc7d/0x1450
[ 1303.882891][ T5805]  ? __pfx_kthread+0x10/0x10
[ 1303.882914][ T5805]  ret_from_fork_asm+0x1a/0x30
[ 1303.882951][ T5805]  </TASK>
[ 1303.883214][ T5805] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1303.883291][ T5805] Bluetooth: hci5: failed to register connection device
[ 1304.215794][T16564] netlink: 20 bytes leftover after parsing attributes in process `syz.9.2728'.
[ 1305.074742][ T5805] Bluetooth: hci3: command tx timeout
[ 1305.270849][T16420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1305.346063][T16420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1305.453466][T16574] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(6)
[ 1305.453484][T16574] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1305.453543][T16574] vhci_hcd vhci_hcd.0: Device attached
[ 1305.455900][T16579] vhci_hcd: connection closed
[ 1305.456251][ T1150] vhci_hcd vhci_hcd.7: stop threads
[ 1305.456268][ T1150] vhci_hcd vhci_hcd.7: release socket
[ 1305.456291][ T1150] vhci_hcd vhci_hcd.7: disconnect device
[ 1305.650078][T16577] trusted_key: encrypted_key: insufficient parameters specified
[ 1305.728212][ T5805] Bluetooth: hci2: ISO packet for unknown connection handle 0
[ 1306.011331][ T5805] Bluetooth: hci5: command 0x0406 tx timeout
[ 1306.132956][T16420] team0: Port device team_slave_0 added
[ 1306.253877][T16420] team0: Port device team_slave_1 added
[ 1306.280654][T16569] udevd[16569]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1306.569689][  T707] bridge_slave_1: left allmulticast mode
[ 1306.569717][  T707] bridge_slave_1: left promiscuous mode
[ 1306.569985][  T707] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1307.290518][ T8870] Bluetooth: hci3: command tx timeout
[ 1307.318535][  T707] bridge_slave_0: left allmulticast mode
[ 1307.318560][  T707] bridge_slave_0: left promiscuous mode
[ 1307.318765][  T707] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1308.250834][T16603] netlink: 'syz.6.2736': attribute type 4 has an invalid length.
[ 1308.309625][ T8870] Bluetooth: hci5: command 0x0406 tx timeout
[ 1308.969072][  T707] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1309.140113][  T707] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1309.290743][  T707] bond0 (unregistering): Released all slaves
[ 1309.343020][T16420] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1309.343037][T16420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1309.343064][T16420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1309.407818][T16601] netlink: 'syz.7.2735': attribute type 29 has an invalid length.
[ 1309.426461][T16420] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1309.426480][T16420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1309.426506][T16420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1309.834425][T16511] chnl_net:caif_netlink_parms(): no params data found
[ 1310.851120][   T37] audit: type=1326 audit(1773764837.024:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16613 comm="syz.6.2737" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda20c9c799 code=0x0
[ 1310.886307][T16420] hsr_slave_0: entered promiscuous mode
[ 1310.899084][T16420] hsr_slave_1: entered promiscuous mode
[ 1310.900121][T16420] debugfs: 'hsr0' already exists in 'hsr'
[ 1310.900145][T16420] Cannot create hsr debugfs directory
[ 1315.998953][ T8870] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[ 1315.998981][ T8870] CPU: 0 UID: 0 PID: 8870 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1315.999011][ T8870] Tainted: [L]=SOFTLOCKUP
[ 1315.999019][ T8870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1315.999033][ T8870] Workqueue: hci2 hci_rx_work
[ 1315.999070][ T8870] Call Trace:
[ 1315.999078][ T8870]  <TASK>
[ 1315.999087][ T8870]  dump_stack_lvl+0xe8/0x150
[ 1315.999121][ T8870]  sysfs_create_dir_ns+0x271/0x2a0
[ 1315.999146][ T8870]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1315.999175][ T8870]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1315.999207][ T8870]  ? rt_spin_unlock+0x160/0x200
[ 1315.999235][ T8870]  kobject_add_internal+0x631/0xd10
[ 1315.999267][ T8870]  kobject_add+0x163/0x240
[ 1315.999294][ T8870]  ? __pfx_kobject_add+0x10/0x10
[ 1315.999322][ T8870]  ? get_device_parent+0x370/0x3a0
[ 1315.999358][ T8870]  device_add+0x408/0xb80
[ 1315.999385][ T8870]  hci_conn_add_sysfs+0xd5/0x210
[ 1315.999417][ T8870]  le_conn_complete_evt+0xf1d/0x1430
[ 1315.999449][ T8870]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1315.999472][ T8870]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1315.999502][ T8870]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1315.999534][ T8870]  ? skb_pull_data+0xfb/0x200
[ 1315.999578][ T8870]  hci_le_conn_complete_evt+0x187/0x470
[ 1315.999607][ T8870]  hci_event_packet+0x7af/0x12c0
[ 1315.999641][ T8870]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1315.999672][ T8870]  ? __pfx_hci_event_packet+0x10/0x10
[ 1315.999696][ T8870]  ? rt_spin_unlock+0x14f/0x200
[ 1315.999729][ T8870]  ? hci_send_to_monitor+0xe2/0x590
[ 1315.999755][ T8870]  hci_rx_work+0x3ee/0x1030
[ 1315.999790][ T8870]  ? process_scheduled_works+0xa8d/0x18c0
[ 1315.999821][ T8870]  process_scheduled_works+0xb6e/0x18c0
[ 1315.999880][ T8870]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1315.999915][ T8870]  ? assign_work+0x3d5/0x5e0
[ 1315.999948][ T8870]  worker_thread+0xa53/0xfc0
[ 1316.000005][ T8870]  kthread+0x388/0x470
[ 1316.000026][ T8870]  ? __pfx_worker_thread+0x10/0x10
[ 1316.000053][ T8870]  ? __pfx_kthread+0x10/0x10
[ 1316.000076][ T8870]  ret_from_fork+0x51e/0xb90
[ 1316.000108][ T8870]  ? __pfx_ret_from_fork+0x10/0x10
[ 1316.000135][ T8870]  ? __switch_to+0xc7d/0x1450
[ 1316.000164][ T8870]  ? __pfx_kthread+0x10/0x10
[ 1316.000187][ T8870]  ret_from_fork_asm+0x1a/0x30
[ 1316.000224][ T8870]  </TASK>
[ 1316.000321][ T8870] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1316.000367][ T8870] Bluetooth: hci2: failed to register connection device
[ 1316.056390][T16652] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2747'.
[ 1316.348053][  T707] hsr_slave_0: left promiscuous mode
[ 1316.389839][  T707] hsr_slave_1: left promiscuous mode
[ 1316.390848][  T707] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1316.457278][  T707] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1316.996986][T16655] udevd[16655]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1317.963013][T16655] udevd[16655]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1318.012720][ T8870] Bluetooth: hci2: command 0x0406 tx timeout
[ 1320.502171][ T5805] Bluetooth: hci2: command 0x0406 tx timeout
[ 1321.009298][  T707] team0 (unregistering): Port device team_slave_1 removed
[ 1321.063250][  T707] team0 (unregistering): Port device team_slave_0 removed
[ 1321.490821][   T37] audit: type=1326 audit(1773764847.664:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16685 comm="syz.6.2751" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda20c9c799 code=0x0
[ 1322.922253][T16696] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2754'.
[ 1322.943515][T16511] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1322.943930][T16511] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1322.944310][T16511] bridge_slave_0: entered allmulticast mode
[ 1323.972923][T16511] bridge_slave_0: entered promiscuous mode
[ 1324.008861][T16511] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1324.008991][T16511] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1324.009218][T16511] bridge_slave_1: entered allmulticast mode
[ 1324.013697][T16511] bridge_slave_1: entered promiscuous mode
[ 1325.303491][T16511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1325.346694][T16511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1325.423897][T16511] team0: Port device team_slave_0 added
[ 1325.451293][T16511] team0: Port device team_slave_1 added
[ 1330.774749][T16727] batadv0: mtu less than device minimum
[ 1330.780098][T16727] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1330.787301][T16727] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1330.804121][T16727] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1330.811708][T16727] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1330.822746][T16727] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1330.830264][T16727] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1330.837457][T16727] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1330.845187][T16727] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1330.852721][T16727] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1331.620794][T16511] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1331.620813][T16511] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1331.620848][T16511] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1331.826818][T16511] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1331.826845][T16511] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1331.826872][T16511] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1336.222633][T16511] hsr_slave_0: entered promiscuous mode
[ 1336.226579][T16511] hsr_slave_1: entered promiscuous mode
[ 1338.559516][T16775] net_ratelimit: 10 callbacks suppressed
[ 1338.559536][T16775] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 16:30:00:00:00:85
[ 1339.382388][ T8870] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1339.395246][ T8870] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1339.396700][ T8870] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1339.397984][ T8870] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1339.399252][ T8870] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1343.290100][ T5805] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1343.314547][ T5805] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1343.317832][ T5805] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1343.319756][ T5805] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1343.320491][ T5805] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1343.474763][ T5805] Bluetooth: hci4: command tx timeout
[ 1343.980736][T16791] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2775'.
[ 1345.375847][ T8870] Bluetooth: hci5: command tx timeout
[ 1345.528644][ T8870] Bluetooth: hci4: command tx timeout
[ 1345.694380][T16824] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 16:30:00:00:00:85
[ 1346.062263][T16826] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2781'.
[ 1347.448536][ T8870] Bluetooth: hci5: command tx timeout
[ 1348.134657][ T8870] Bluetooth: hci4: command tx timeout
[ 1348.635550][T16843] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2785'.
[ 1349.645906][T16843] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2785'.
[ 1349.648674][T16844] fuse: Bad value for 'fd'
[ 1349.994002][ T8870] Bluetooth: hci5: command tx timeout
[ 1350.168518][ T8870] Bluetooth: hci4: command tx timeout
[ 1351.207160][   T37] audit: type=1326 audit(1773764877.374:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16856 comm="syz.7.2788" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe7124fc799 code=0x0
[ 1351.250781][T16777] chnl_net:caif_netlink_parms(): no params data found
[ 1351.443483][T16796] chnl_net:caif_netlink_parms(): no params data found
[ 1351.816973][T16777] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1351.820702][T16777] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1351.820918][T16777] bridge_slave_0: entered allmulticast mode
[ 1351.831397][T16777] bridge_slave_0: entered promiscuous mode
[ 1351.848670][T16777] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1351.848810][T16777] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1351.849044][T16777] bridge_slave_1: entered allmulticast mode
[ 1351.858822][T16777] bridge_slave_1: entered promiscuous mode
[ 1352.008931][ T8870] Bluetooth: hci5: command tx timeout
[ 1354.027650][T16777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1354.027970][T16796] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1354.028302][T16796] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1354.028884][T16796] bridge_slave_0: entered allmulticast mode
[ 1354.033843][T16796] bridge_slave_0: entered promiscuous mode
[ 1354.047824][T16777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1354.048136][T16796] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1354.048394][T16796] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1354.048634][T16796] bridge_slave_1: entered allmulticast mode
[ 1354.052200][T16796] bridge_slave_1: entered promiscuous mode
[ 1355.455474][T16777] team0: Port device team_slave_0 added
[ 1355.732848][T16796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1355.744846][T16777] team0: Port device team_slave_1 added
[ 1355.752887][T16796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1357.176279][T16777] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1357.176297][T16777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1357.176323][T16777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1357.186093][T16796] team0: Port device team_slave_0 added
[ 1357.188177][T16777] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1357.188192][T16777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1357.188217][T16777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1357.213718][T16796] team0: Port device team_slave_1 added
[ 1358.480613][ T5805] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1358.498988][ T5805] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1358.500608][ T5805] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1358.501941][ T5805] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1358.502912][ T5805] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1358.849534][T16796] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1358.849551][T16796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1358.849699][T16796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1359.007487][T16796] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1359.007504][T16796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1359.007529][T16796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1360.027468][T16777] hsr_slave_0: entered promiscuous mode
[ 1360.036786][T16777] hsr_slave_1: entered promiscuous mode
[ 1360.037740][T16777] debugfs: 'hsr0' already exists in 'hsr'
[ 1360.037764][T16777] Cannot create hsr debugfs directory
[ 1360.038133][  T161] bridge_slave_1: left allmulticast mode
[ 1360.038156][  T161] bridge_slave_1: left promiscuous mode
[ 1360.039489][  T161] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1360.964620][ T5805] Bluetooth: hci1: command tx timeout
[ 1360.988955][   T37] audit: type=1326 audit(1773764887.164:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16934 comm="syz.7.2799" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe7124fc799 code=0x0
[ 1361.189480][  T161] bridge_slave_0: left allmulticast mode
[ 1361.189500][  T161] bridge_slave_0: left promiscuous mode
[ 1361.189680][  T161] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1362.080646][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1362.080717][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1363.234236][ T5805] Bluetooth: hci1: command tx timeout
[ 1364.879180][  T161] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1364.918945][  T161] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1364.942329][  T161] bond0 (unregistering): Released all slaves
[ 1365.292710][ T5805] Bluetooth: hci1: command tx timeout
[ 1366.765648][T16976] netlink: 16186 bytes leftover after parsing attributes in process `syz.7.2810'.
[ 1367.485358][ T5805] Bluetooth: hci1: command tx timeout
[ 1368.240553][T16796] hsr_slave_0: entered promiscuous mode
[ 1368.241871][T16796] hsr_slave_1: entered promiscuous mode
[ 1368.242783][T16796] debugfs: 'hsr0' already exists in 'hsr'
[ 1368.242805][T16796] Cannot create hsr debugfs directory
[ 1368.289672][   T37] audit: type=1326 audit(1773764894.464:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16993 comm="syz.7.2812" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe7124fc799 code=0x0
[ 1368.418661][  T161] hsr_slave_0: left promiscuous mode
[ 1368.458625][  T161] hsr_slave_1: left promiscuous mode
[ 1368.459461][  T161] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1368.509101][  T161] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1368.911951][  T161] team0 (unregistering): Port device team_slave_1 removed
[ 1368.968981][  T161] team0 (unregistering): Port device team_slave_0 removed
[ 1369.216016][T17005] netlink: 16186 bytes leftover after parsing attributes in process `syz.6.2818'.
[ 1370.786085][   T37] audit: type=1326 audit(1773764896.954:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17024 comm="syz.6.2824" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda20c9c799 code=0x0
[ 1371.115311][T16921] chnl_net:caif_netlink_parms(): no params data found
[ 1373.052980][T17049] netlink: 16186 bytes leftover after parsing attributes in process `syz.7.2828'.
[ 1374.863221][T17070] overlayfs: missing 'lowerdir'
[ 1376.027995][T16921] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1376.028199][T16921] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1376.044585][T16921] bridge_slave_0: entered allmulticast mode
[ 1376.047436][T16921] bridge_slave_0: entered promiscuous mode
[ 1376.492148][   T37] audit: type=1326 audit(1773764902.664:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17081 comm="syz.6.2832" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda20c9c799 code=0x0
[ 1376.593243][T16921] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1376.593435][T16921] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1376.593671][T16921] bridge_slave_1: entered allmulticast mode
[ 1376.596242][T16921] bridge_slave_1: entered promiscuous mode
[ 1379.049179][T16921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1380.804346][T16921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1380.992468][  T161] netdevsim netdevsim9 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1381.214527][T16921] team0: Port device team_slave_0 added
[ 1381.249018][T16921] team0: Port device team_slave_1 added
[ 1381.455124][T17115] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2843'.
[ 1381.568534][T17115] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2843'.
[ 1383.085443][T16921] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1383.085461][T16921] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1383.085486][T16921] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1383.145556][   T37] audit: type=1326 audit(1773764909.314:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17118 comm="syz.6.2844" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda20c9c799 code=0x0
[ 1383.161408][  T161] netdevsim netdevsim9 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1383.232479][T16921] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1383.232496][T16921] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1383.232644][T16921] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1383.236445][T16796] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1383.376388][T16796] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1383.642548][  T161] netdevsim netdevsim9 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1383.851831][T16796] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1384.432642][T16796] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1386.597339][  T161] netdevsim netdevsim9 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1386.687596][T16921] hsr_slave_0: entered promiscuous mode
[ 1386.695357][T16921] hsr_slave_1: entered promiscuous mode
[ 1386.696296][T16921] debugfs: 'hsr0' already exists in 'hsr'
[ 1386.696318][T16921] Cannot create hsr debugfs directory
[ 1387.975436][T16777] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1388.072541][T16777] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1388.338756][T16777] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1388.405488][T16777] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1389.484491][  T161] bridge_slave_1: left allmulticast mode
[ 1389.484511][  T161] bridge_slave_1: left promiscuous mode
[ 1389.484668][  T161] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1389.579446][  T161] bridge_slave_0: left allmulticast mode
[ 1389.579466][  T161] bridge_slave_0: left promiscuous mode
[ 1389.579638][  T161] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1389.742187][  T161] bridge_slave_1: left allmulticast mode
[ 1389.742208][  T161] bridge_slave_1: left promiscuous mode
[ 1389.742346][  T161] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1389.962942][  T161] bridge_slave_0: left allmulticast mode
[ 1389.962962][  T161] bridge_slave_0: left promiscuous mode
[ 1389.963117][  T161] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1390.235506][  T161] bridge_slave_1: left allmulticast mode
[ 1390.235532][  T161] bridge_slave_1: left promiscuous mode
[ 1390.235670][  T161] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1391.089883][  T161] bridge_slave_0: left allmulticast mode
[ 1391.089904][  T161] bridge_slave_0: left promiscuous mode
[ 1391.090054][  T161] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1392.741759][  T161] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1392.827837][  T161] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1392.889980][  T161] bond0 (unregistering): Released all slaves
[ 1393.059241][  T161] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1393.119071][  T161] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1393.170180][  T161] bond0 (unregistering): Released all slaves
[ 1393.491606][  T161] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1393.579112][  T161] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1393.603238][  T161] bond0 (unregistering): Released all slaves
[ 1395.432231][T16796] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1395.598448][T16921] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1395.647659][T16921] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1395.795283][T16921] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1395.837888][ T8870] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1395.857063][ T8870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1395.862244][ T8870] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1395.863612][ T8870] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1395.864352][ T8870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1396.221083][T16921] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1397.893760][T16796] 8021q: adding VLAN 0 to HW filter on device team0
[ 1397.990943][T15058] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1397.991175][T15058] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1398.036479][ T8870] Bluetooth: hci3: command tx timeout
[ 1398.109619][T15058] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1398.109755][T15058] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1400.255992][ T8870] Bluetooth: hci3: command tx timeout
[ 1400.388139][T16921] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1400.416725][T16921] 8021q: adding VLAN 0 to HW filter on device team0
[ 1400.432205][T15058] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1400.433022][T15058] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1400.460248][T15058] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1400.460446][T15058] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1402.340668][ T8870] Bluetooth: hci3: command tx timeout
[ 1403.946074][T17269] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2867'.
[ 1404.054816][ T5805] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1404.075249][ T5805] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1404.076638][ T5805] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1404.078107][ T5805] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1404.101293][ T5805] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1404.260320][T17274] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2868'.
[ 1404.541072][T17274] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2868'.
[ 1404.861584][ T8870] Bluetooth: hci3: command tx timeout
[ 1405.227203][T17286] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2871'.
[ 1405.281129][T17287] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2869'.
[ 1405.677673][T17277] udevd[17277]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1406.213336][T17303] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2873'.
[ 1406.344182][  T161] hsr_slave_0: left promiscuous mode
[ 1406.358493][  T161] hsr_slave_1: left promiscuous mode
[ 1406.359085][  T161] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1406.389239][  T161] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1406.492495][  T161] hsr_slave_0: left promiscuous mode
[ 1406.508546][  T161] hsr_slave_1: left promiscuous mode
[ 1406.509401][  T161] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1406.539087][  T161] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1406.639966][  T161] hsr_slave_0: left promiscuous mode
[ 1406.658578][  T161] hsr_slave_1: left promiscuous mode
[ 1406.659222][  T161] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1406.659237][  T161] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1406.795272][T17318] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2874'.
[ 1407.504400][ T5805] Bluetooth: hci4: command tx timeout
[ 1407.522491][  T161] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1407.522516][  T161] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1407.587195][  T161] veth1_macvtap: left promiscuous mode
[ 1407.587308][  T161] veth0_macvtap: left promiscuous mode
[ 1407.587566][  T161] veth1_vlan: left promiscuous mode
[ 1407.587737][  T161] veth0_vlan: left promiscuous mode
[ 1409.531475][ T5805] Bluetooth: hci4: command tx timeout
[ 1410.240169][  T161] team0 (unregistering): Port device team_slave_1 removed
[ 1410.299804][  T161] team0 (unregistering): Port device team_slave_0 removed
[ 1411.608502][ T5805] Bluetooth: hci4: command tx timeout
[ 1411.664064][  T161] team0 (unregistering): Port device team_slave_1 removed
[ 1411.709638][  T161] team0 (unregistering): Port device team_slave_0 removed
[ 1412.190591][  T161] team0 (unregistering): Port device team_slave_1 removed
[ 1412.220694][  T161] team0 (unregistering): Port device team_slave_0 removed
[ 1412.558904][T17211] chnl_net:caif_netlink_parms(): no params data found
[ 1413.838525][ T5805] Bluetooth: hci4: command tx timeout
[ 1414.590105][T17382] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2882'.
[ 1414.751058][T17211] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1414.751127][T17211] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1414.751289][T17211] bridge_slave_0: entered allmulticast mode
[ 1414.752868][T17211] bridge_slave_0: entered promiscuous mode
[ 1414.892407][T17211] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1414.892475][T17211] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1414.892666][T17211] bridge_slave_1: entered allmulticast mode
[ 1414.894031][T17211] bridge_slave_1: entered promiscuous mode
[ 1415.338266][T17211] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1416.042162][T17211] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1416.286630][T17211] team0: Port device team_slave_0 added
[ 1416.292586][T17211] team0: Port device team_slave_1 added
[ 1416.319123][T17270] chnl_net:caif_netlink_parms(): no params data found
[ 1417.306916][T17211] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1417.306934][T17211] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1417.306962][T17211] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1417.338706][T17211] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1417.338722][T17211] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1417.338749][T17211] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1417.507027][T17413] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2886'.
[ 1417.871017][T17211] hsr_slave_0: entered promiscuous mode
[ 1417.872446][T17211] hsr_slave_1: entered promiscuous mode
[ 1417.908041][T17270] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1417.914389][T17270] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1417.914620][T17270] bridge_slave_0: entered allmulticast mode
[ 1417.921856][T17270] bridge_slave_0: entered promiscuous mode
[ 1418.109979][T17270] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1418.110120][T17270] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1418.110332][T17270] bridge_slave_1: entered allmulticast mode
[ 1418.116046][T17270] bridge_slave_1: entered promiscuous mode
[ 1420.629554][T17213] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1420.645398][T17213] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1420.651416][T17213] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1420.696436][T17213] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1420.733672][T17213] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1421.185273][T17270] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1421.249758][T17270] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1421.432529][T17270] team0: Port device team_slave_0 added
[ 1421.466262][T17270] team0: Port device team_slave_1 added
[ 1421.626498][T17270] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1421.626514][T17270] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1421.626535][T17270] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1421.740324][T17270] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1421.740335][T17270] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1421.740351][T17270] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1423.106904][ T5805] Bluetooth: hci1: command tx timeout
[ 1423.170297][T17470] trusted_key: encrypted_key: insufficient parameters specified
[ 1423.289236][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1423.289306][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1423.516934][T17473] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2893'.
[ 1423.625946][T17270] hsr_slave_0: entered promiscuous mode
[ 1423.627141][T17270] hsr_slave_1: entered promiscuous mode
[ 1423.627797][T17270] debugfs: 'hsr0' already exists in 'hsr'
[ 1423.627812][T17270] Cannot create hsr debugfs directory
[ 1424.039088][T17479] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2895'.
[ 1424.264784][T17479] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2895'.
[ 1425.128430][ T5805] Bluetooth: hci1: command tx timeout
[ 1427.208986][ T5805] Bluetooth: hci1: command tx timeout
[ 1430.164788][ T5805] Bluetooth: hci1: command tx timeout
[ 1431.014653][T17552] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2903'.
[ 1431.309162][T17560] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2904'.
[ 1431.807705][T17556] udevd[17556]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1434.613683][T17579] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2906'.
[ 1434.668747][T17435] chnl_net:caif_netlink_parms(): no params data found
[ 1437.363276][T17211] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1437.507387][T17211] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1441.105436][T17629] netlink: 'syz.6.2914': attribute type 4 has an invalid length.
[ 1444.825705][T17656] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2917'.
[ 1444.837407][T17211] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1445.798887][T17435] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1445.799008][T17435] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1445.799231][T17435] bridge_slave_0: entered allmulticast mode
[ 1445.814879][T17435] bridge_slave_0: entered promiscuous mode
[ 1445.849466][T17211] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1445.957133][T17435] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1445.957309][T17435] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1445.957515][T17435] bridge_slave_1: entered allmulticast mode
[ 1445.971720][T17435] bridge_slave_1: entered promiscuous mode
[ 1446.404491][T17674] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2920'.
[ 1446.519058][T17674] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2920'.
[ 1447.403944][T17435] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1447.512175][T17435] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1451.609603][T17710] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2927'.
[ 1451.653628][T17710] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2927'.
[ 1452.158742][T17435] team0: Port device team_slave_0 added
[ 1452.321089][T17435] team0: Port device team_slave_1 added
[ 1452.516121][T17435] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1452.516134][T17435] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1452.516149][T17435] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1452.567831][T17435] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1452.567847][T17435] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1452.567871][T17435] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1452.709487][  T161] bridge_slave_1: left allmulticast mode
[ 1452.709514][  T161] bridge_slave_1: left promiscuous mode
[ 1452.709755][  T161] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1452.860987][  T161] bridge_slave_0: left allmulticast mode
[ 1452.861014][  T161] bridge_slave_0: left promiscuous mode
[ 1452.861231][  T161] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1452.927499][T17722] netlink: 180 bytes leftover after parsing attributes in process `syz.7.2931'.
[ 1452.960913][  T161] bridge_slave_1: left allmulticast mode
[ 1452.960934][  T161] bridge_slave_1: left promiscuous mode
[ 1452.961078][  T161] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1452.992546][T17723] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2931'.
[ 1453.042614][  T161] bridge_slave_0: left allmulticast mode
[ 1453.042634][  T161] bridge_slave_0: left promiscuous mode
[ 1453.042789][  T161] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1453.114595][  T161] bridge_slave_1: left allmulticast mode
[ 1453.114616][  T161] bridge_slave_1: left promiscuous mode
[ 1453.114771][  T161] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1453.182736][  T161] bridge_slave_0: left allmulticast mode
[ 1453.182765][  T161] bridge_slave_0: left promiscuous mode
[ 1453.183000][  T161] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1453.322314][T17731] fuse: Bad value for 'fd'
[ 1453.916256][T17681] udevd[17681]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1454.668040][ T5805] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[ 1454.729027][  T161] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1454.736217][T17736] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2933'.
[ 1454.823958][  T161] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1454.861801][  T161] bond0 (unregistering): Released all slaves
[ 1455.098055][T17681] udevd[17681]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1455.369913][  T161] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1455.449156][  T161] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1455.470587][  T161] bond0 (unregistering): Released all slaves
[ 1456.633363][T17213] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1456.637941][T17213] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1456.658456][T17213] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1456.662964][T17213] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1456.663641][T17213] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1456.719849][ T5805] ==================================================================
[ 1456.719863][ T5805] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x86a/0x1390
[ 1456.719955][ T5805] Read of size 8 at addr ffff88804cd9d500 by task kworker/u9:4/5805
[ 1456.719965][ T5805] 
[ 1456.719975][ T5805] CPU: 1 UID: 0 PID: 5805 Comm: kworker/u9:4 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1456.719991][ T5805] Tainted: [L]=SOFTLOCKUP
[ 1456.719995][ T5805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1456.720003][ T5805] Workqueue: hci5 hci_rx_work
[ 1456.720022][ T5805] Call Trace:
[ 1456.720028][ T5805]  <TASK>
[ 1456.720034][ T5805]  dump_stack_lvl+0xe8/0x150
[ 1456.720054][ T5805]  print_report+0xba/0x230
[ 1456.720079][ T5805]  ? l2cap_connect_cfm+0x86a/0x1390
[ 1456.720090][ T5805]  kasan_report+0x117/0x150
[ 1456.720144][ T5805]  ? l2cap_connect_cfm+0x86a/0x1390
[ 1456.720158][ T5805]  l2cap_connect_cfm+0x86a/0x1390
[ 1456.720172][ T5805]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1456.720183][ T5805]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1456.720202][ T5805]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1456.720217][ T5805]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1456.720231][ T5805]  ? mutex_lock_nested+0x152/0x1d0
[ 1456.720242][ T5805]  ? hci_connect_cfm+0x2c/0x140
[ 1456.720252][ T5805]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1456.720263][ T5805]  hci_connect_cfm+0x95/0x140
[ 1456.720273][ T5805]  le_conn_complete_evt+0xf65/0x1430
[ 1456.720288][ T5805]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1456.720298][ T5805]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1456.720312][ T5805]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1456.720326][ T5805]  ? skb_pull_data+0xfb/0x200
[ 1456.720340][ T5805]  hci_le_conn_complete_evt+0x187/0x470
[ 1456.720351][ T5805]  hci_event_packet+0x7af/0x12c0
[ 1456.720376][ T5805]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1456.720392][ T5805]  ? __pfx_hci_event_packet+0x10/0x10
[ 1456.720405][ T5805]  ? rt_spin_unlock+0x14f/0x200
[ 1456.720419][ T5805]  ? hci_send_to_monitor+0xe2/0x590
[ 1456.720432][ T5805]  hci_rx_work+0x3ee/0x1030
[ 1456.720448][ T5805]  ? process_scheduled_works+0xa8d/0x18c0
[ 1456.720464][ T5805]  process_scheduled_works+0xb6e/0x18c0
[ 1456.720484][ T5805]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1456.720498][ T5805]  ? assign_work+0x3d5/0x5e0
[ 1456.720512][ T5805]  worker_thread+0xa53/0xfc0
[ 1456.720532][ T5805]  kthread+0x388/0x470
[ 1456.720543][ T5805]  ? __pfx_worker_thread+0x10/0x10
[ 1456.720556][ T5805]  ? __pfx_kthread+0x10/0x10
[ 1456.720566][ T5805]  ret_from_fork+0x51e/0xb90
[ 1456.720581][ T5805]  ? __pfx_ret_from_fork+0x10/0x10
[ 1456.720595][ T5805]  ? __switch_to+0xc7d/0x1450
[ 1456.720608][ T5805]  ? __pfx_kthread+0x10/0x10
[ 1456.720618][ T5805]  ret_from_fork_asm+0x1a/0x30
[ 1456.720632][ T5805]  </TASK>
[ 1456.720636][ T5805] 
[ 1456.720639][ T5805] Allocated by task 5805:
[ 1456.720682][ T5805]  kasan_save_track+0x3e/0x80
[ 1456.720718][ T5805]  __kasan_kmalloc+0x93/0xb0
[ 1456.720731][ T5805]  __kmalloc_cache_noprof+0x3a6/0x690
[ 1456.720790][ T5805]  l2cap_chan_create+0x51/0x7a0
[ 1456.720802][ T5805]  l2cap_sock_new_connection_cb+0x182/0x2e0
[ 1456.720814][ T5805]  l2cap_connect_cfm+0x368/0x1390
[ 1456.720824][ T5805]  hci_connect_cfm+0x95/0x140
[ 1456.720832][ T5805]  le_conn_complete_evt+0xf65/0x1430
[ 1456.720842][ T5805]  hci_le_conn_complete_evt+0x187/0x470
[ 1456.720851][ T5805]  hci_event_packet+0x7af/0x12c0
[ 1456.720864][ T5805]  hci_rx_work+0x3ee/0x1030
[ 1456.720880][ T5805]  process_scheduled_works+0xb6e/0x18c0
[ 1456.720892][ T5805]  worker_thread+0xa53/0xfc0
[ 1456.720904][ T5805]  kthread+0x388/0x470
[ 1456.720913][ T5805]  ret_from_fork+0x51e/0xb90
[ 1456.720925][ T5805]  ret_from_fork_asm+0x1a/0x30
[ 1456.720933][ T5805] 
[ 1456.720935][ T5805] Freed by task 17722:
[ 1456.720940][ T5805]  kasan_save_track+0x3e/0x80
[ 1456.720952][ T5805]  kasan_save_free_info+0x46/0x50
[ 1456.720993][ T5805]  __kasan_slab_free+0x5c/0x80
[ 1456.721006][ T5805]  kfree+0x1c1/0x6c0
[ 1456.721018][ T5805]  l2cap_sock_cleanup_listen+0xf0/0x440
[ 1456.721030][ T5805]  l2cap_sock_release+0x6e/0x270
[ 1456.721048][ T5805]  sock_close+0xc3/0x240
[ 1456.721097][ T5805]  __fput+0x461/0xa90
[ 1456.721163][ T5805]  task_work_run+0x1d9/0x270
[ 1456.721174][ T5805]  exit_to_user_mode_loop+0xed/0x480
[ 1456.721190][ T5805]  do_syscall_64+0x32d/0xf80
[ 1456.721204][ T5805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1456.721228][ T5805] 
[ 1456.721231][ T5805] The buggy address belongs to the object at ffff88804cd9d000
[ 1456.721231][ T5805]  which belongs to the cache kmalloc-2k of size 2048
[ 1456.721240][ T5805] The buggy address is located 1280 bytes inside of
[ 1456.721240][ T5805]  freed 2048-byte region [ffff88804cd9d000, ffff88804cd9d800)
[ 1456.721252][ T5805] 
[ 1456.721255][ T5805] The buggy address belongs to the physical page:
[ 1456.721267][ T5805] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cd98
[ 1456.721278][ T5805] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1456.721288][ T5805] flags: 0x80000000000040(head|node=0|zone=1)
[ 1456.721301][ T5805] page_type: f5(slab)
[ 1456.721314][ T5805] raw: 0080000000000040 ffff88813fe1d000 dead000000000100 dead000000000122
[ 1456.721323][ T5805] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[ 1456.721333][ T5805] head: 0080000000000040 ffff88813fe1d000 dead000000000100 dead000000000122
[ 1456.721343][ T5805] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[ 1456.721352][ T5805] head: 0080000000000003 ffffea0001336601 00000000ffffffff 00000000ffffffff
[ 1456.721361][ T5805] head: 00000007f1809d2d 0000000000000000 00000000ffffffff 0000000000000008
[ 1456.721374][ T5805] page dumped because: kasan: bad access detected
[ 1456.721383][ T5805] page_owner tracks the page as allocated
[ 1456.721387][ T5805] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6002, tgid 6002 (kworker/u8:14), ts 518101856994, free_ts 517724580377
[ 1456.721408][ T5805]  post_alloc_hook+0x231/0x280
[ 1456.721464][ T5805]  get_page_from_freelist+0x28bb/0x2950
[ 1456.721474][ T5805]  __alloc_frozen_pages_noprof+0x18d/0x380
[ 1456.721483][ T5805]  allocate_slab+0x77/0x660
[ 1456.721494][ T5805]  refill_objects+0x334/0x3c0
[ 1456.721504][ T5805]  __pcs_replace_empty_main+0x35c/0x710
[ 1456.721515][ T5805]  __kmalloc_noprof+0x530/0x7b0
[ 1456.721529][ T5805]  ___neigh_create+0x722/0x2380
[ 1456.721571][ T5805]  ip6_finish_output2+0x729/0x1430
[ 1456.721613][ T5805]  ip6_output+0x340/0x550
[ 1456.721647][ T5805]  ndisc_send_skb+0xd0b/0x1670
[ 1456.721697][ T5805]  addrconf_dad_completed+0x6e3/0xe60
[ 1456.721710][ T5805]  addrconf_dad_work+0xdc4/0x1680
[ 1456.721723][ T5805]  process_scheduled_works+0xb6e/0x18c0
[ 1456.721736][ T5805]  worker_thread+0xa53/0xfc0
[ 1456.721749][ T5805]  kthread+0x388/0x470
[ 1456.721758][ T5805] page last free pid 5867 tgid 5867 stack trace:
[ 1456.721765][ T5805]  __free_frozen_pages+0xfe3/0x1170
[ 1456.721778][ T5805]  __slab_free+0x24f/0x2a0
[ 1456.721786][ T5805]  qlist_free_all+0x97/0x100
[ 1456.721798][ T5805]  kasan_quarantine_reduce+0x148/0x160
[ 1456.721810][ T5805]  __kasan_slab_alloc+0x22/0x80
[ 1456.721823][ T5805]  kmem_cache_alloc_node_noprof+0x22a/0x6e0
[ 1456.721837][ T5805]  __alloc_skb+0x1d0/0x7d0
[ 1456.721849][ T5805]  mld_newpack+0x14c/0xc90
[ 1456.721878][ T5805]  add_grhead+0x5a/0x2a0
[ 1456.721886][ T5805]  add_grec+0x1452/0x1740
[ 1456.721894][ T5805]  mld_ifc_work+0x6e6/0xe70
[ 1456.721907][ T5805]  process_scheduled_works+0xb6e/0x18c0
[ 1456.721919][ T5805]  worker_thread+0xa53/0xfc0
[ 1456.721932][ T5805]  kthread+0x388/0x470
[ 1456.721940][ T5805]  ret_from_fork+0x51e/0xb90
[ 1456.721953][ T5805]  ret_from_fork_asm+0x1a/0x30
[ 1456.721962][ T5805] 
[ 1456.721965][ T5805] Memory state around the buggy address:
[ 1456.721970][ T5805]  ffff88804cd9d400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1456.721977][ T5805]  ffff88804cd9d480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1456.721984][ T5805] >ffff88804cd9d500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1456.721989][ T5805]                    ^
[ 1456.721994][ T5805]  ffff88804cd9d580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1456.722000][ T5805]  ffff88804cd9d600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1456.722006][ T5805] ==================================================================
[ 1456.722022][ T5805] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1456.722033][ T5805] CPU: 1 UID: 0 PID: 5805 Comm: kworker/u9:4 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1456.722049][ T5805] Tainted: [L]=SOFTLOCKUP
[ 1456.722053][ T5805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1456.722060][ T5805] Workqueue: hci5 hci_rx_work
[ 1456.722076][ T5805] Call Trace:
[ 1456.722081][ T5805]  <TASK>
[ 1456.722087][ T5805]  vpanic+0x56c/0xa60
[ 1456.722104][ T5805]  ? __pfx_vpanic+0x10/0x10
[ 1456.722121][ T5805]  panic+0xc5/0xd0
[ 1456.722135][ T5805]  ? __pfx_panic+0x10/0x10
[ 1456.722150][ T5805]  ? l2cap_connect_cfm+0x86a/0x1390
[ 1456.722164][ T5805]  ? l2cap_connect_cfm+0x86a/0x1390
[ 1456.722175][ T5805]  check_panic_on_warn+0x89/0xb0
[ 1456.722193][ T5805]  ? l2cap_connect_cfm+0x86a/0x1390
[ 1456.722203][ T5805]  end_report+0x73/0x180
[ 1456.722213][ T5805]  ? l2cap_connect_cfm+0x86a/0x1390
[ 1456.722224][ T5805]  kasan_report+0x128/0x150
[ 1456.722233][ T5805]  ? l2cap_connect_cfm+0x86a/0x1390
[ 1456.722246][ T5805]  l2cap_connect_cfm+0x86a/0x1390
[ 1456.722260][ T5805]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1456.722271][ T5805]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1456.722288][ T5805]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1456.722302][ T5805]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1456.722316][ T5805]  ? mutex_lock_nested+0x152/0x1d0
[ 1456.722328][ T5805]  ? hci_connect_cfm+0x2c/0x140
[ 1456.722337][ T5805]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1456.722349][ T5805]  hci_connect_cfm+0x95/0x140
[ 1456.722359][ T5805]  le_conn_complete_evt+0xf65/0x1430
[ 1456.722380][ T5805]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1456.722391][ T5805]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1456.722406][ T5805]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1456.722421][ T5805]  ? skb_pull_data+0xfb/0x200
[ 1456.722434][ T5805]  hci_le_conn_complete_evt+0x187/0x470
[ 1456.722446][ T5805]  hci_event_packet+0x7af/0x12c0
[ 1456.722461][ T5805]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1456.722477][ T5805]  ? __pfx_hci_event_packet+0x10/0x10
[ 1456.722490][ T5805]  ? rt_spin_unlock+0x14f/0x200
[ 1456.722504][ T5805]  ? hci_send_to_monitor+0xe2/0x590
[ 1456.722516][ T5805]  hci_rx_work+0x3ee/0x1030
[ 1456.722531][ T5805]  ? process_scheduled_works+0xa8d/0x18c0
[ 1456.722545][ T5805]  process_scheduled_works+0xb6e/0x18c0
[ 1456.722565][ T5805]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1456.722579][ T5805]  ? assign_work+0x3d5/0x5e0
[ 1456.722594][ T5805]  worker_thread+0xa53/0xfc0
[ 1456.722614][ T5805]  kthread+0x388/0x470
[ 1456.722624][ T5805]  ? __pfx_worker_thread+0x10/0x10
[ 1456.722637][ T5805]  ? __pfx_kthread+0x10/0x10
[ 1456.722647][ T5805]  ret_from_fork+0x51e/0xb90
[ 1456.722662][ T5805]  ? __pfx_ret_from_fork+0x10/0x10
[ 1456.722675][ T5805]  ? __switch_to+0xc7d/0x1450
[ 1456.722688][ T5805]  ? __pfx_kthread+0x10/0x10
[ 1456.722698][ T5805]  ret_from_fork_asm+0x1a/0x30
[ 1456.722711][ T5805]  </TASK>
[ 1456.723000][ T5805] Kernel Offset: disabled