last executing test programs:

2m34.592539717s ago: executing program 3 (id=434):
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
r0 = fsopen(&(0x7f0000000500)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000140), 0x200800, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000440)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1/file0'}}]})

2m33.80822734s ago: executing program 3 (id=436):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x8100, 0x0)
unshare(0x20400)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)

2m30.472819908s ago: executing program 3 (id=441):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x3554000)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x6)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0xffe0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
r3 = add_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$update(0x2, r3, 0x0, 0x0)
fadvise64(r0, 0x18, 0x0, 0x4)

2m29.36184956s ago: executing program 3 (id=444):
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x12, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x6e22, 0x9, @empty, 0x6}, 0x1c)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10)
listen(r2, 0x0)
listen(r1, 0x0)
read$FUSE(r0, &(0x7f00000077c0)={0x2020}, 0x2020)

2m28.5968179s ago: executing program 3 (id=446):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r0, 0x0)
pipe(&(0x7f0000019480)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000300)=0x1, 0x4)
connect$inet(r2, &(0x7f00000006c0)={0x2, 0x0, @empty}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000900)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r2, &(0x7f0000001ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f0000001f40)="2ae0a79f886ac8fd105493a2585ebcaf5142ac47ae6624d854c0126b1229c57735ceeffa23ad416df2d58615e69565387f3847c32160cdd68811ccf2e3e56c2457a07581d6a5bd7d1a756e13c4c86874df9a65e724f9480162cbd8864919a3658311e3738d1a558df6766a845840e4b903d84ed5ae604e47dedf8b5ba991d7b910a80eab67a9f8a77e8e7b893cda1733a543566b27a1178767d1cc01cc9efe17ebad47d8640d0fb3788ddafe8cdcf47cdfa6c4b4c061712fd454cdfd05fe54cc33", 0xc1}], 0x1}}], 0x2, 0x4008440)

2m28.208041782s ago: executing program 3 (id=448):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000100), 0x6)
ioctl$sock_bt_hci(r2, 0x400448e7, &(0x7f0000000080))

2m28.15114188s ago: executing program 4 (id=449):
r0 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x2)
r2 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x8, 0x2, 0x7})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000280)={0x0, &(0x7f0000000640)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000540)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000400)={r4, 0x0, 0x0, 0x0, 0x1, [<r5=>0x0], [0x6, 0x5, 0xf], [0x1000], [0x1, 0x0, 0x0, 0xffffffffffffffff]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={r5, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r6})

2m18.957240359s ago: executing program 4 (id=457):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
memfd_create(0x0, 0x2)
r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, 0x0)

2m14.381339061s ago: executing program 4 (id=462):
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x5031, 0xffffffffffffffff, 0xc2dcc000)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x18)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

2m12.099155137s ago: executing program 32 (id=448):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000100), 0x6)
ioctl$sock_bt_hci(r2, 0x400448e7, &(0x7f0000000080))

2m11.918949696s ago: executing program 4 (id=467):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="0000000000aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c0a498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fed9879328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e2725427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a95", 0x3f1}, {&(0x7f00000003c0)="128b9306006d4810e5ac5040ad9201847839fc378469d5765b9cc241840896c1498194a7197b45d74a8532b82037b02c9e6045c361eb", 0x36}], 0x3}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4000015}, 0x0)
recvmmsg(r1, &(0x7f0000003ec0)=[{{0x0, 0x0, 0x0}, 0x8000}], 0x1, 0x100, 0x0)

2m11.355648951s ago: executing program 4 (id=468):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="020000000400000008"], 0x48)
dup3(r1, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x1100, 0x1})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x2d, 0x0, &(0x7f0000000180)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000300)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x39}, @ptr={0x70742a85, 0x0, &(0x7f00000002c0)=""/59, 0x3b, 0x2, 0x31}, @fda={0x66646185, 0x2, 0x1, 0x8}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x400}], 0x0, 0x0, 0x0})

2m10.983494282s ago: executing program 0 (id=469):
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r2, 0x4236}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffb, 0x5, @empty, 0xa098}, {0xa, 0x4e21, 0x9, @mcast1, 0x9}, r3, 0x8001}}, 0x48)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

2m10.516025475s ago: executing program 4 (id=471):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
syz_usb_connect(0x2, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000fe007108480b0730644f0102030109021200"], 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)

2m9.71957187s ago: executing program 0 (id=473):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000020940)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$int_in(r5, 0x5452, &(0x7f0000000080)=0x207fff)
recvmmsg(r5, &(0x7f0000007900)=[{{0x0, 0x0, 0x0}}], 0x1, 0x30102, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r6, 0xffffffffffffffff, 0x0)

2m6.26129646s ago: executing program 0 (id=475):
socket(0xa, 0x3, 0x87)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$unix(0x1, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000c"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
socket$inet_sctp(0x2, 0x5, 0x84)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b707000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f0000000240)=r2}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0xd50, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

2m0.030727092s ago: executing program 0 (id=477):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x5, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
r2 = dup(r0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='bond_slave_1\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000a40)={0x0, @in6={{0xa, 0x4e24, 0x5, @loopback, 0x1}}, 0x4, 0x1, 0xf06, 0x0, 0xac, 0x7d, 0x5}, 0x9c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000140)=@newtaction={0x14, 0x30, 0x1, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x2000c800}, 0x2400c800)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty, 0x3}}, 0x1000000, 0x31, 0xffff1896, 0x3, 0x6, 0x8, 0x1b}, 0x9c)

1m59.871216095s ago: executing program 1 (id=479):
socket$kcm(0x2d, 0x2, 0x0)
timerfd_create(0x0, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0)

1m59.104237078s ago: executing program 0 (id=480):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000004c0)=""/249, 0xf9}], 0x1}, 0x40000000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x5, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
close(r0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0)

1m56.156292146s ago: executing program 1 (id=481):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000001c0)={0x1c, &(0x7f0000000200)=ANY=[], 0x0, 0x0})

1m54.837592163s ago: executing program 33 (id=471):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
syz_usb_connect(0x2, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000fe007108480b0730644f0102030109021200"], 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)

1m54.768854471s ago: executing program 0 (id=484):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100ff2bbe11a5ce7879edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9", 0x32, 0x0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000036c0)=[{{&(0x7f0000000100)={0xa, 0x4e24, 0x5, @remote, 0x400}, 0x1c, &(0x7f0000000280)=[{&(0x7f0000000240)='qQ', 0x2}], 0x1}}], 0x1, 0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
r3 = dup(r2)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x8, 0x2, 0x2, '\x00', 0x2})
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m49.395715036s ago: executing program 1 (id=486):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000005000000090000008b"], 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$packet(0x11, 0x3, 0x300)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000240), &(0x7f0000000380)=r1}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

1m43.132923676s ago: executing program 1 (id=488):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x43)
ftruncate(r2, 0x2007ffb)
sendfile(r2, r2, 0x0, 0x1000000201005)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x8)
r4 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
sendfile(r4, r3, 0x0, 0x7ffff000)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)

1m38.256955125s ago: executing program 34 (id=484):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100ff2bbe11a5ce7879edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9", 0x32, 0x0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000036c0)=[{{&(0x7f0000000100)={0xa, 0x4e24, 0x5, @remote, 0x400}, 0x1c, &(0x7f0000000280)=[{&(0x7f0000000240)='qQ', 0x2}], 0x1}}], 0x1, 0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
r3 = dup(r2)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x8, 0x2, 0x2, '\x00', 0x2})
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m35.925232971s ago: executing program 1 (id=492):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getdents64(r3, &(0x7f00000063c0)=""/1024, 0x400)
syz_fuse_handle_req(r0, &(0x7f00000067c0), 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000008880)={0x10}, 0x0, 0x0, 0x0, 0x0})
statx(r3, &(0x7f0000000500)='./file0\x00', 0x0, 0x200, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
syz_fuse_handle_req(r0, &(0x7f00000088c0)="e36a98bbcf25f2768819e310e7773841485c4394a0600cc54c1a6196edbd5586eff71f4b4af04045228151ee0ef74deea379df57ebd015109911fb0ef1a504354af77d374ad612a92865fcd45c41518595f0de2357027c31215ded06545b3b2b54c2588c17119f4135609abec9b35213f9fcdbf0e36a172927fca01667da4d21ac0a2ddac58364f200dc6da42e6e39313adec40596cc4547a6b1cb0288db584d6dd957dad87a3f4d50c2afcd92bc555f33c0fc760b5e944f1fa2754b1ca15a6355ae53e7de8fa000ec4e9aecc66757df47124ab3a06a8192853d552ffbd903ac19a18bbdf20cf8a51ab3a9a53dff6ebba1bd12a507572d67e8d93f98c9974ce8138ea246473c4d804e4eea45ef7d64f1fceef9fc300c5397661147cace7318b2dc59b29848ea70b13bb7e4be5f1c207c0d5b192d4ab7e05eb4ed2ddab539541228acb7f045327c2e432dd9509011e826d707b25d040e0d10c2adab7ffaca920fe771fada8bb361d62e0aa99ddce183d0be01d965d07337e9243d014c088438dc753471c2963daf8cb48e10e03fd640cb223494c0d983edbf172e4e4e8dd434570d58fef6c3e15b8c1c95a8dd0005c6c7e383a726695b3c4297f2ee00a5e24f2d26ff8276266ee563fe846742e8e8e1fdb68a1a92edc06b9ecce194a4f50add7d2f409fb60a39424ccbdcaf243454df2075ddae3ed919076994a1821bcae6bb4926432f8119099ec78e16c689929d877f99302b2599ea2cf64cbf99a458e5a13e026f0c5a0d0ca56cc0b0020d88ab9c43fdac9c26bd60ec81df54639fa2c399ea15e5babc0f3a7f5cdb769d3498e9643371ae2e30f457935f200e2bbb141a11cc916fc38282f6859629a6be92f6320bdb6c2b059b3a9779adf08fa1975a316773c7de4d235611b8596a762c10435672dc56548c5d93ac4d499db09c0185430c8bc39f6cdf96ec2d15251402aa8fdf59c947ec7c55f940137cea0a9cfd393b311a893c10bf37099c71a231b0b7b4f7f5482902ef66e13d970d609e9acf1c360a8e07e465e01551b36b7a3985c2122f3c175bf34536825081e8fd97df38ff8da24df9cdb887b81867582b436f14d82045ee0923b93bdfae58bd690361e22bec00dd2dec1809b43aea1845e6ab5f0cb0c5e9514c23adc48f9f2aa915dffde68c58b6e4886a8f32b605073489f9a09f117e3aa7288ac2133ca268361a0f67cce5d177c113f5756c41d7e2ae0a541b39790c0dbb8a6bf38ed58eeba771708c060ee5e8341ec34d85ab48b465d54e00b37bae75cfe10b97db376f6d479851e14a97689b890d45d28f0fdb917677002d126e6ae39376fc70eea3fcefc3d193fd7422ee413a42c607095a16418693a879debd0bef1c63a1e1336ef2c1afa47eb93cedd46b7d9bc586a391c94c9b707edaa65d012cc39ca43e640211ca99c8881297468649705aea0917dddc9d7ea674df3dc65486d1a1f322e2f55bfe4a194414f7274d6ced8c99e0a9c5115642d1464acb0deab667487e05ca1fd8b6fad98aa16ae92df429f1032de606dc6a07583a1352c6acce9393c643a83a1f99a9b6a4c4875b5aa47ed7a9a4cbb103307efca4a10454656aa8ed388f5f993724a147afad00dab70e7dc7e479ff34414e9caa7ef838a352e294d14480ae722d2808c875f0c44c65c45a899d1bd25b934be4e4cdeacbaecbd949b73e3929236ffba0a2321547243afb5256f97f67733926958164893080fd5b6c40de019e820707d0272a02aa4630d3cd6987f7f2ecc85d38dbb5c20fafca2bbf09f85832f1da67fd3872041db2e9c5cb2f7c3a2a911837de9c7318f1f010cd35ecb0e3492a59c7a81ba3ae1b6fe0dec2e1612b2b7f67fe30fbd1f90cec6f776fddf27a1e41d272f5dca06280d59cf29acc2994577d8a52f0809c9dd0a60189e76e27857e68efda02e6913aa1f514a69c4c1a7f5c10924bdd19cb7ce5cc4964c838128953236f6d33e0dfcf8e05319356c1f7edc94ab27d0a4da7bb5ec5c3095ba075a9089f5fea647ba765849059366bff607737b47a61b10269150142870dece54cb05874c3ca65f44c99cf9c268ced3f2dab7a00051d05f4bd6c8f5331f686bd498754f55fe197060e6a98156832792f8e64ace7376cdc1f28de7e59bbffb4d801622e62590ff589bdff5a774a533904dc88670d8351defd65857288957c3bc8a06ade2681dc08729ae73ae0314b10fcf3b93d5f6ce05b5094826b265efc4163c394991e4016a3aeb40de6e057ec123464960be78e6de374b646c082015f8f3f0b8d976848241b789333e456f072e3d2773e625a066e8077c6cf00f57be5478f6efc74b70edd64222dc2a4323937f06118bb4e657ab13e792aabdd79bb99dbd5c6c10ca200ac5695ee11a58cb9edfa5ece5cb0e50a66439e8ffa2c315fedc9314209b1574e231856c7f0705ce705e4968917625ca442c60a9551ee3406cf7a25ce8c44b224a764b5a2be464661afbd6b3649bc9644fb8b16ff460eeaf8fd03beb03dd6d90f40345210ec2be41e158951f4d4bdc2ad3ef4c27488ae2551940b773d05abd70923f31112aca9ad83e7d2344707de184c175e6dfbca67383c9d8ceefd923c45663d0786533fc89cf92b65c95bb580627b78f25870c3bdb10c17f60a8c9788e64e8ba55578d4f8a947cd8e0b79351faf9f27c18e918523f424255e94b6c069bc22ae892425e13ee0d43dc7a9ba997bdbb63fd8361b39af13aaa815e3dc36fd20d7708ddedcab80796b566605691d3e97f4f12df233bfb7a615a15b21e34cc49fbf0c4dd5d930ef41d7fb39e3b19f1944a22c3ce3d3acbdb9c0af3df620dd3bd1c9d823a6da24561fc75d90711398d7f72f2ff40b7000830a50bd4f33143fe91b81a977337c84d7682063fc6436e7f1513bc0429d67122eb3f10bfad6014c48808c1332405c4325d4b23ed33823b706b1f40f18b17da100daa30aa51cbc9cfd3ef9e31d6cd894e0d06ab5cd1a52aa7973b1435c3064d298839cae04672b8a18da717002b058ca3b0704451bd292f4a50b372d880adaeb5c8e2583962e76585ca08ca8995b76cc6655403522524df320d69c7dff1da691089cdc16a08a3d54b8bcf259ed8d43021a0700bcdc7979e81e8b8ebae444249c2d82d8fa957192008686bc106ac0261715a718f973d36046a7cb0e408313a4d9266a271f8ba7e025562821074e6aa577dff7f1b11155b26e42b68207524e51b79d12b9a33257321f3ad8a386c5e31d168c3df74a1b1e8fc424f382c548062da8b53755ea953f6ee73e40755316098ed76e16b8d5a184ed64a9edc3531ec8924a782ba32c64a2c5686a2b5859c4ba6fc3e8628a6175db667832423a85fa1cb3e67ed9ce6e747d58298488b3e6956d1c90b6b79926fff83be94cc6186533773906f08d9c10bd58d83ecbae2f2b3e9bb78399e075f8b8dd365570a8b7ea169526de04a2f3cc231fe48a398613a403535c6e2d02c742dffc40beb63335e5b25e5000b3261ef7c7691002ce6d16330f5d191d46754f67060fa6b1b026ad7d9efb46490b3acd778d2a94c902c97a9764a9f5e2b9faa7efc845415c010d68fa3d6aa4548b899f0694ed8caf8f192710e62ef9d23009681fa89c7570b72fc9d179f8a2d4bca2de536bfe6b5464e4ffcf9a21371cea8d328fce46de882ce06cb136eab64c912fc6f6ccc161293572c5e6faf8ece9694089339d773b9c5f995b4d6535bbf3ce381fda958a1b4f94b4ebb1b876a18b4e9f3ccad2aa65497abf48f684fc7f4b44a7c294fc0145836ad9da4aa68fba5edba2cb7048e010dfefc0bd47ddbb3db85e3dea1a15747a33936a8cd557ee2907ae6f58c1e776ca5dfdebc970d46826f5f2cab0cca90b86599828a438950b298c08b86b39ca5a5db50d069a9f3eea4875ab6cf8e6967c6702523dce46d915c7ac9f4c6fefc9db1db49f9f4679b50a3afd7f96114879069afa18f4665587806cbf5b8c467c800ed6aa3b1dd40b550acb26540903fd913b9dfbf7734033929f0fb87cd59b5227cb45131f722483e33ffa5d8611adbd37af6c35b14ee7ba1cdc61954383e0d74c7f30a4e0b77a18344caf8afb23e3bc8ad0977674031f2130824b4730c6823af8244e3f43167934b8e51e57c2a48ad20a4092a389ef135fff13d3ed61fc7d6418ea65ee712d2df81239d9338a7fcf30130d497a0b471982024c7f251ae89f60f67cedad75ceef86f10ad5a8e07cddcc3e3f9f4ee6b1d25eddf0f8dcad8bf0afc4e5f4d320b18ed7afcf121919a4c82992a39829643d31d83af66ee1562165b0c3ccd2d8ab0927e4dc00f3cc4e9218930fae65573bb3434acd127968ff47d9f044bac4512d4dd919b4d7811fe67a840de69110a4175251e4686e28129ba471090c38ec4d21a4f1df2ed8e91bf3494d297cbc9548dd990a882cd922b4582d007503790b6e4219482424c030ed1ee28a74c5d82fc0be07c860462d1fe09363438c58ff414ea63ed59819d35708ea0f19ee396479b32342e61455ef0109e4f5335819e8c9be84f6a14a4ab65f651c28f349267a139b60371328f0ff22437313b26da84eaaa91467957fb7be404d5e3ac234ea11cc8161617fa7fc939624471d47b076a4891a0e2fa7565b5c3c3c84701fecb00a695eadfafb3467692dedbce5151009a38388e921850e9377aecc1f403b7a243e00664238de7ed30507a13ba653ff09d90c6342042317b2f4076b32b01383fbcb145d7ad2856f24de648ad752b34e6843471eaab1f290ceb1e3d37e948a0786743b3f8af0ebcbf4f6848867623917059a7035e72413bf9366d6a14b69767a7b9e732362a96fcfa591808c79655f0a839b836add92121d6a125474ea9761d4c7f5fb38c2e6716738298cd3de866241ba7e77982548c5ca53504d881a91b36b07851d7a0c6cb1be26ac4ba2e8fdff40c9571ff453da4f4774a08a1d6657cf3d3d3fc51fac3488c60203057014e174bb5839510f98db95378c1bea58c8d2ef51f10848130a218fa7692f4a9d3902d438d616f8da8cdaf30e6d409db76c8b15281e531e8ed003a4875b139dc9b5bea132f712eb763431bfd089a8aee81e1972923fa927f21414630008aad1b5f6225fd868f09e340e08aa343e36f87e2fa07b46f2006dab5bdc8a2d863c9339f5e3444ed4584ce748b2d5c7cbe7c3d31b80f548c56af2ace92b6ee1d20ccfd6e8245aba3540f0a0713bc223a727b06606fd72459b93409abd2f767b8b9324ef185ba16d0db4431cdcb4c5a03f21457f1d2bafdefd4fc6553230d0f1a37505a6b51b07b7e413f45f935591d67e57996a857271c519f817ddfb1b3a967593811e81aae4283d7e8e6b5d81cda299590cef802dcfae20d2ec75517ef0eb278e24ce4efc2a093abac7cc09ab6bd95dc99467c62d4cfbb3eab159119f02e40e908410cb1ff8be77c8fc32f565835c459b60fb0378f28c44c3944dd7b3d9bc631fccf60666c9e937c8c33521bc6bbe5c44e75525160f10e2d14e4b2f0a3c119e6b24b46344b084ea758957cde0eb1ea43509b27a305e698cd5be8e1f2730a8cdd389fe796f80ff21d1ce34b10c4220d5da770187fca85685499d6a73f6abe7010cb288b8ba4cdb89e3b2ea4cafc0452c6f67a384a36327e248f3ce0cc77fb997c4a9ade15642b5796e85ae7946f064587a17500f2c9683555736560802243767fee413cfe47df4609c62f56f0e38a5a8c9076cb5e27eac1d38b65051cfe905cc262dea75e26f892c986b12bd1748433b74163f600167328f5734d339ba699285a96b7d64c56d1552d2de043461e7778598adeb689a5d35fd3ce7a8677d2b855f4b0c74dd78334bc596d22c286deb65d74e7895c8f6b8baf17fdccd57b063d5eea6e22158f94ee527dbacdb262219aa523b23913f796ccfd70804595a7168463142ffbf701c63567b784bf3c0dff8b9517bbba818ec02bfa849c4e249140d4bcba68f6e24e7d41046247dac721d2be91ef98ae12933013fdbf68e0dc7d6dc4781bfa95c87c8f238802e303c80e18f4aa05a97c52dd79e081f6b1a6ed9e727c270275100746ae6cbc346f8a792cb26cc5f1865ea11422a1988a0371f25e589c439cdb920c8574f8c6061559204166f282611a54a1625c16cd9f3ed9d428e09ecb9401acc5b67b94b4583b7c829cb90e8e91e13f0efd58b860d6aafda206ff75d0b06b72e954cc29bb48ba7452a3420c5df6b3b8ca2ac26541db10b24aa185812f3fc1cc692f3fff274b84ce579c389c19e820da84ea4f501cfd934be7a2906273ad64ceeb13837e397d33bf9bedecdaee2923e023762a8a7190fc523a6999b5bd81e71c10ee1d539886c7ee59fb4d3698fb2fcb48433f7b7e29570acb6af2fc95542aeed25d9b8ebb4644d5beeb2f5817c8b71248de6327f0e3fbd5064b18a5c1d29591134add6c0daeea0cb7b1c07fd9ce829d8fc1cc06c1461b06b9e3db228d811a11da55d1db3fc3a8b84cee52bb634a0713dc42c7f32d55430625a83d007eccfbe87a158da3ada5fa166e333f36267d0912af8f1ea0fa37cd9c0ca4d02f7e7cd31e3d56ccaeb23705f1ee85815a02712736c1013f8e0d36adcf8141339eceb0c56b16f123653ec88c4c93bf35c94860a3b7dc8fa268e4aa98c85a0e3550f6a09ff726ebcba48d3aedd681f62a08bc0e8c1b4880e6e351f7f7ca277ea632dfaee061b7b6bae6d3deb3bee9192ff73a951b33ab8c79bc7b8643ad696028ac11071d454aed2181f928e7096cfcf5a810578d4ee6792a890f3b8bea8cd57f826c37c4ae240f03cadf759327e2f5c6bdbd8d9d171fd366d7f099ed1eae08867d2a32b574ebfd12d0690920d2389c927d02262f2ca51a69df9a98a48535aaa2cac75ddfcf806b664ff600591b144eace70618495ec5e4061faa6f5ce7b4e0bf5638ab8d00694debdae559b246c8bf01a61104cb84225ff85538c5a8f8404721d4e6ee0333bc460a0594229fde10f843c60fd90576cd7307e1047d926075845e015d5a1d697e482456b110271b55131cc3f2d7efaef48f943c7b28288fed817c0ab92771756004ba922c1c7c4a7d797af4298367ba9c8a1bfcb1f4910e607eaa4f36fc617462db7ba107f054ab49a1fc428441e1a23f9a3d4e8f8c64cebc0d6f79557516685269e7640642fb27c869b06dab8027e8244e99856bdbd7dd917cab844f94a9be053d370f5eb8884709fb4f2f785a0e0db81b7880f9b003fc4d3b8937c13d05018a40992515ef7e637054f2ba938e70289de3836723f1e55f562ce47eb9abb95c99a35003be847c149975508924cb391cd22554bd20f0607c2a93d19f272b16a5ea042b2828d18de5e6a2f2851eedf1ef768439275ae728b5865df8b2930bc18f8c5b26b596fe9400a3a4ba747e666cbce88cf91e9e8ebc23c035329b40d5f61cf5c12e5663712a17156edb8e7be06e4276af92c7d8c9dbfd8bb11849a4fefe8eabbfef5ab54e4134bda647e2bfdab44e040534504b90b8aeb97ef2e2f31449088dfb3eca797d62f6c4d6161b77d1906ef9494d496bfe1d22a66e9c800c9bf1df9edf257d642f9ac0e6b173d6295ad8453a8ee9a285a255e1a732976036859f58eae9ad71b9e0b970f942e3a98f4e7beb7aa4d99860a1c9fb38efd76ef2582c9437a1be62dcc729c8551ceaa20c56c2d920007b409daba31a2d1ff28acbea301519e505bdb641d2a908bd10e3b55657bbb053d3c5c0cd66b390997dc9e2fead825aecc43f37a3f23d0423350edadc5a9773826ad124f3d648e1530af3100b76c60ad457ee6840c574d2d1db53900c5a286cee26672c1c797a5e3743b27c8f142a8880a526fa78a7fcf5cf871812ba75bbf1a3a0e3c857aeb6b90ba7a54cdd442296286bf56062bc1dc1c642f5cad2b33d981227b9e2a1fd407840e0cf42e9470073b3eb6955d8488a9c2162c61374468e69badbe762052e0b4f8100aad29adf3b20a62ff192da5d9f83a3751bb21827cee328283cfe2ebf657e58bc392ea5b6de556218dfeb5bd99254e94d82ef1a4040e2c1271a4eb4a4bb44f0a12a46a604d806570fda0915e2ad056c4f6ae4c9e7f83092760f7dca4e1fe491f4d210ba57d1fc4978f9a53f30d7189354014863174b75de43f8211d035869f8a1feaa8438e43ac396296591087fce41dc2fbe592848fb5f9178ded8bce018b461028ea6b2443c98064f38aa02501d50cc52906e7e9aaeb1b7f00e133e2e4afe822a13e439f207186937e25c58425b7380260ba99a3caf8f36fa742c967c52f45183cbc0efa8feb6689b2b1cb902bf43df5cbfa12bcda0067bb43331d5d44bb46b07c501f2e24e49158125a339dba18773c08586d8e33065067b825b89071e8696683ffb20b5ca21e2a1aa6115844b8474241abf14a01792ab74ddf87e8000f1795a2ed0f9ef20183e8b39d9859b7cb8d6ca852efb4f56e009958c6f0789dfacdc75f08412c2d1de042ff0373b3762c83b74208ca5d286c5e1d9ab6f2a79b6fff2466974f74eed244120cf5ad5587554aaae557d5d68e4b61423c508bb358fc0dc9809fe7e323e011d47cab171c5ad29981668d6626298105dc71c9f6d92f98b1aaf414df0c98772f0ffa4005032517ffd5cf67e8bad8471f98e3bb8a539a566669031727f9511076daf4b4991694e2e47e19025e95c97252d84b7a4870749f2f64bebd3cba45e553d662cdb2ecb93c2cc8dc23abdf495ef3cdde8d469f2e7593cb09dc9a96f1b9c5a76ee3e794acd617c514af338b8c7f1dbd543a7b19dc53c53b70d61bf9853f30bf14d26831aa163b78cde656f53a9fbffa08057e4c52c7d63b955646a1bf576d19c6fda0e9b2d54b88e9e2842f5eb0a1b024eafacb9901ef15a29d75afb34afa5dd2574f17f630472e160b9c5ea10043e8fe564062a59168ee1446a4553bff4801d39a7a5b0a1cf2bb161f1e6aed4b4009b1218d15657920ba8c0b0b86ebc0109f2f64d7676364d9c6302688966a7db6b220ca758ca2af37ea7d13f52c6712a9b5f1f4428638b818624f959cb6af4a2704c880839aa1dbf30d698426a15e49d64563eb9f49468065596ba5a7e7a6616554b895b0969ba25ece071fc3cc51cff271f3a3126b566778f386a27f658fe5296de9374bacc4f2ee548122aac377f208cf6e20caa60e1a4991368392f6f9edfb73f2312facecf0c7b8c8ec157adacbf8d2553ca33965c904de9302e47aa70fbf263f7f8e11d11b3bcf879bede1d27cdbbb5736433f84e04331c193e77728de01483c5a3f4f270dc6e91b25a98e5f24e9f78596aff82d33fd104104fa9ac43c98a1c8c4131755d7e452c3574b4c88ce8e3f0d25d50342e83162c3576934f34addaa56220c72d663883f5e809b7668ae8fc3a7ce20fde1ec5a1c4253e98477c854e6057ca79b83458299013679c097c11fa4b0e09cdd6c3a5c599acfab4f226325470f59c5cee2f72b5a6d4ab23f5ed5705f94be99d5ae9b772e35efda9c137067d52d7df7acc1bcd07b0bad9cd07506bf1d21824ddf8fa9700856e0b77335c9cb5449b6913f463e7e074e733dd8db4dc35d41a51ee8e919b9a3db73cb5ed9cd99d65f9bdbd2aef8950dbb2e98d5346db72d0a26143ae7e9e14f7fbb277960ef392ff5d25020924a1cb407dc8c6db6589e151aa48bea66638593d0721be42e1f1ff2fd04e202c0036e936687a5b9f132555f9f68adc6eca160cd344887aafc297eb32a07f16e0432fed4ff38061d7eeda7b002a53a02a31e919e4bfade3c77ac968d19e830c58e4adb6e62e6a92584c0ca28817fd8b1b8750098b820a1660bd7cbd0c53df601578cf5e965a655960f330355ace7c12832bbbe5b80f6e01dbc1488912a0a4a3c85e686f5422b1b41aebd2559c970042f65da1f2010a8644b1b9d0a889da41defba82b6d98c7c8215bd0c0f2e3fe900d7bfab97e9adf55ae43940a17cf3f13bba8a48e7c0c39e401d2ecc3f8c7a7107313926eb1baf3a9427ba5ddba06455d2d82cd63d6372297e9f6c69bfa84fc0785e3adbdb52379ad2865ab1cc9147495178da2d1b4d80e5edf5af26f2742fa13d47cbc4e202954b014dc9b15995de2d797fe22871e86922295926d7e5d5e96d47754e4863bf68e7b02efb7f36e30b42f5610f6908adc4f5893e6161a31c23c9e05ef88c5a1c725d806e611c6192ec94972e899cc8c3f0046c29349917d8f69a4038ea89efb840cfda48e0edde5977b85a978bbbfb1cdc1b6c49cb4cd82f604a072c29df02c8492bb0930a02a42ad6710c8774e77421568968fb0d3a41ba6839828a2a17dc51a938cba579e3541f8704b8e2ceea0505346035b8baaa9f353a8cc7ea5502771db09e3a548d96a16c0a711ec9ee0aa1f7c94b0b0a2d7a7afc23b23562829dde93432a9db36937bd095fe100bf9cb8e32ac67572aed41e0f0d3665323b9194d1f6c14c44c6c249fd52100a73eb3f61d19d312e2035bb80de63bbf3686168c378f0a3919c8a486007dba83a8dd9c06bfd6a9cf554668799955088972c5bc495fdd81fdfd9b85e8054a12006cba062671fc1a3181772a0b67b00fb995b84d0ea6afc0c77ae6852b34c42e0e708456ae95deff146ec5936889ee1ffb1bbfdb61d5a4617bb57e4f562daf21791109576044e65aef2503453d52b25aaae23c4fd757f2c41f7f073d3d80b06f85e3bda171f0042f7fecedbd87c380006492ceb9e8d4686fb157df2cd423cca3f85c94cd0dcf7b949ccdfe911b2ef6bdc0fa183a30e2ab29f2e9726a7380218a140a1f0e538776b10c5405ac07965fdf25fb8bf6a33a29120205aacee759a03ff7220bd83795595950169729201d577c4173cad122b7c81d8c556db93962142b88ecc9438a627eb19223109f40709579b2198c8b59cbe35056f7caf18542add99da0f0789dfe37dbe0cd489de51f583425e4e97644569b50ca566e023f94c592e75183dac41d2d31f36d0d540378836b0275d578ecda8c6d6a175e7d96c6ba923f413ca67beca1e3ba1fab946997ffebcf8ef0822d121c1c22f60b151b56818ba41ddad61c5396f30ad21240debb001a13896266306d84112d247afc9b7d5b0b960e1b8a799aa23a2685e493ea5729c1447b2f22bd3a440e4fa5feaecb6ddc5dde896156a182f813c0829a461e9f36b5224cacb07c28a20a4db6ab93d1499ed01ab4287aa7039d7f156d914578eabd590c65c76bffb970533d055f709346ee0e9e2e02ab8b42346cce4cf84550d9344f4eef04e32173a6a15b6d69b40b21068389be0348199c684ab781d50cd28626143cc15a09b5ad6a4ca03d397d2dca3058eb6498df836e29ae32dda2261025d084d96d6810025317564bbc11935471331703e011dc28c3844bb2b08fd816fbcf4404f50d7606597eafd155958399b3aa004889952704193c5dad9a20168ccb663b215c6ad97cbc245e7df1573d75a2d91e8a97e010fc1f5c987fe2b7d376798d461745e97d601e0c2def94c53ac18978a2d24dd29f77a385333352fb2bf17dc887400ad948bea4470782c7bfd7d6cf0ebc98efee1eb0804811f72b743367514a0362e97e114f0f734ec6f48a6579358eb5a59122c52b7b4e0d113b967a9f8a04aef", 0x2000, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={0x90, 0x0, 0x3, {0x3, 0x1, 0x100, 0x9, 0x80000000, 0x0, {0x0, 0x72, 0x7, 0x4, 0x0, 0x3f93991000000000, 0x401, 0xe, 0xb2, 0x6000, 0x4, r2, r4, 0x800, 0x401}}}, 0x0, 0x0, 0x0, 0x0, 0x0})

1m30.789468215s ago: executing program 1 (id=494):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000005c0)=[{0x0}, {&(0x7f0000000000)="e4836d513bcab6b90efd3ebcdfc597b9a7e727a3ece8daadf4b04a69b21d", 0x1e}], 0x2, 0x0, 0x0, 0x54}, 0x24008804)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000340)="f20f2338650f405a00f20f32670f2169f30f099a7c0000001e010fc79b060000000f01cf673e0f47d7c166bafbacac40", 0x30}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m15.326639462s ago: executing program 35 (id=494):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000005c0)=[{0x0}, {&(0x7f0000000000)="e4836d513bcab6b90efd3ebcdfc597b9a7e727a3ece8daadf4b04a69b21d", 0x1e}], 0x2, 0x0, 0x0, 0x54}, 0x24008804)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000340)="f20f2338650f405a00f20f32670f2169f30f099a7c0000001e010fc79b060000000f01cf673e0f47d7c166bafbacac40", 0x30}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

53.328216652s ago: executing program 2 (id=501):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902"], 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
prlimit64(0x0, 0x6, &(0x7f0000000140), 0x0)
setreuid(0xee01, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040))
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02111743b60000040000002003b80f22bf0000", @ANYRES32, @ANYBLOB='\x00\x00'], 0x48)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)
setreuid(0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

46.661974506s ago: executing program 2 (id=502):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(0xffffffffffffffff, 0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, 0x0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0a0000000000000000050000000003"], 0x48)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
close_range(r2, 0xffffffffffffffff, 0x0)

33.831025948s ago: executing program 2 (id=503):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
read$FUSE(r0, &(0x7f0000000200)={0x2020}, 0x2020)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000040)='binder\x00', 0x2200892, 0x0)

30.371614956s ago: executing program 2 (id=504):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './mnt\x00'}, 0x6e)
io_destroy(0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000a00)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
recvmmsg$unix(r3, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)

19.862831124s ago: executing program 2 (id=505):
r0 = gettid()
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0xa, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)

16.723670475s ago: executing program 2 (id=506):
openat$uhid(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x4}, @const={0x0, 0x0, 0x0, 0x4}, @func_proto={0x2, 0x0, 0x0, 0x12, 0x2}, @var={0x2, 0x0, 0x0, 0xe, 0x3}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x54}, 0x20)

0s ago: executing program 36 (id=506):
openat$uhid(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x4}, @const={0x0, 0x0, 0x0, 0x4}, @func_proto={0x2, 0x0, 0x0, 0x12, 0x2}, @var={0x2, 0x0, 0x0, 0xe, 0x3}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x54}, 0x20)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.235' (ED25519) to the list of known hosts.
[   90.498877][ T5785] cgroup: Unknown subsys name 'net'
[   90.741050][ T5785] cgroup: Unknown subsys name 'cpuset'
[   90.774872][ T5785] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   92.438846][    T9] cfg80211: failed to load regulatory.db
[   92.819312][ T5785] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   95.751357][ T5117] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   95.770948][ T5808] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   95.779241][ T5809] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   95.781585][ T5809] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   95.782413][ T5809] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   95.783728][ T5809] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   95.789228][ T5810] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   95.872713][ T5810] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   95.880983][ T5808] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   95.886632][ T5810] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   95.891052][ T5810] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   95.892902][ T5810] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   95.893920][ T5810] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   95.930538][ T5810] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   95.932797][ T5802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   95.932977][ T5802] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   95.937939][ T5802] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   95.938477][ T5810] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   95.941834][ T5810] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   95.942733][ T5810] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   95.946723][ T5117] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   95.949443][ T5117] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   95.950392][ T5117] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   95.951741][ T5117] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   95.952669][ T5117] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   96.860684][ T5804] chnl_net:caif_netlink_parms(): no params data found
[   97.196343][ T5797] chnl_net:caif_netlink_parms(): no params data found
[   97.213706][ T5811] chnl_net:caif_netlink_parms(): no params data found
[   97.288745][ T5798] chnl_net:caif_netlink_parms(): no params data found
[   97.555739][ T5800] chnl_net:caif_netlink_parms(): no params data found
[   97.673170][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.674936][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.675751][ T5804] bridge_slave_0: entered allmulticast mode
[   97.679311][ T5804] bridge_slave_0: entered promiscuous mode
[   97.807536][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.807656][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.807841][ T5804] bridge_slave_1: entered allmulticast mode
[   97.809744][ T5804] bridge_slave_1: entered promiscuous mode
[   97.876260][   T61] Bluetooth: hci3: command tx timeout
[   97.964346][   T61] Bluetooth: hci4: command tx timeout
[   98.034349][   T61] Bluetooth: hci2: command tx timeout
[   98.114393][   T61] Bluetooth: hci0: command tx timeout
[   98.114418][ T5806] Bluetooth: hci1: command tx timeout
[   98.419016][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.419306][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.419482][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.419661][ T5797] bridge_slave_0: entered allmulticast mode
[   98.421776][ T5797] bridge_slave_0: entered promiscuous mode
[   98.546428][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.546566][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.546773][ T5811] bridge_slave_0: entered allmulticast mode
[   98.549648][ T5811] bridge_slave_0: entered promiscuous mode
[   98.572919][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.573200][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.573680][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.573888][ T5797] bridge_slave_1: entered allmulticast mode
[   98.577929][ T5797] bridge_slave_1: entered promiscuous mode
[   98.685309][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.685457][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.685646][ T5811] bridge_slave_1: entered allmulticast mode
[   98.687796][ T5811] bridge_slave_1: entered promiscuous mode
[   99.035695][ T5798] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.035805][ T5798] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.035962][ T5798] bridge_slave_0: entered allmulticast mode
[   99.037891][ T5798] bridge_slave_0: entered promiscuous mode
[   99.345455][ T5798] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.345590][ T5798] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.345790][ T5798] bridge_slave_1: entered allmulticast mode
[   99.348089][ T5798] bridge_slave_1: entered promiscuous mode
[   99.438318][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.438457][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.438683][ T5800] bridge_slave_0: entered allmulticast mode
[   99.441583][ T5800] bridge_slave_0: entered promiscuous mode
[   99.449820][ T5804] team0: Port device team_slave_0 added
[   99.465806][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.588634][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.588915][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.589122][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.589334][ T5800] bridge_slave_1: entered allmulticast mode
[   99.591425][ T5800] bridge_slave_1: entered promiscuous mode
[   99.596086][ T5804] team0: Port device team_slave_1 added
[   99.600449][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.728195][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.948580][ T5798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.964308][   T61] Bluetooth: hci3: command tx timeout
[  100.044474][   T61] Bluetooth: hci4: command tx timeout
[  100.114319][   T61] Bluetooth: hci2: command tx timeout
[  100.194312][   T61] Bluetooth: hci0: command tx timeout
[  100.194334][ T5806] Bluetooth: hci1: command tx timeout
[  100.388236][ T5798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.610469][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.611820][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.611842][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.611861][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.618514][ T5797] team0: Port device team_slave_0 added
[  100.706802][ T5811] team0: Port device team_slave_0 added
[  100.709976][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.710759][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.710771][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.710790][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  100.712808][ T5797] team0: Port device team_slave_1 added
[  100.797842][ T5811] team0: Port device team_slave_1 added
[  100.987228][ T5798] team0: Port device team_slave_0 added
[  101.197656][ T5798] team0: Port device team_slave_1 added
[  101.287260][ T5800] team0: Port device team_slave_0 added
[  101.289391][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.289409][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.289428][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.375803][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.375821][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.375840][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.378383][ T5800] team0: Port device team_slave_1 added
[  101.456017][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.456031][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.456051][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.556043][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.556061][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.556089][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.865461][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.865480][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.865508][ T5798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.967614][ T5804] hsr_slave_0: entered promiscuous mode
[  101.969026][ T5804] hsr_slave_1: entered promiscuous mode
[  101.972709][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.972721][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.972739][ T5798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.976605][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.976621][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.976653][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.002258][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.002279][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.002310][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.044200][   T61] Bluetooth: hci3: command tx timeout
[  102.124401][   T61] Bluetooth: hci4: command tx timeout
[  102.204261][   T61] Bluetooth: hci2: command tx timeout
[  102.274534][   T61] Bluetooth: hci0: command tx timeout
[  102.274544][ T5806] Bluetooth: hci1: command tx timeout
[  102.422273][ T5797] hsr_slave_0: entered promiscuous mode
[  102.423223][ T5797] hsr_slave_1: entered promiscuous mode
[  102.425138][ T5797] debugfs: 'hsr0' already exists in 'hsr'
[  102.425283][ T5797] Cannot create hsr debugfs directory
[  102.526879][ T5811] hsr_slave_0: entered promiscuous mode
[  102.528348][ T5811] hsr_slave_1: entered promiscuous mode
[  102.529042][ T5811] debugfs: 'hsr0' already exists in 'hsr'
[  102.529066][ T5811] Cannot create hsr debugfs directory
[  102.759788][ T5798] hsr_slave_0: entered promiscuous mode
[  102.761290][ T5798] hsr_slave_1: entered promiscuous mode
[  102.762379][ T5798] debugfs: 'hsr0' already exists in 'hsr'
[  102.762406][ T5798] Cannot create hsr debugfs directory
[  103.130752][ T5800] hsr_slave_0: entered promiscuous mode
[  103.131954][ T5800] hsr_slave_1: entered promiscuous mode
[  103.132695][ T5800] debugfs: 'hsr0' already exists in 'hsr'
[  103.132729][ T5800] Cannot create hsr debugfs directory
[  104.114255][   T61] Bluetooth: hci3: command tx timeout
[  104.194606][   T61] Bluetooth: hci4: command tx timeout
[  104.274419][   T61] Bluetooth: hci2: command tx timeout
[  104.354685][ T5806] Bluetooth: hci1: command tx timeout
[  104.354735][   T61] Bluetooth: hci0: command tx timeout
[  104.417230][ T5804] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  104.457677][ T5804] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  104.500254][ T5804] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  104.533547][ T5804] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  104.658222][ T5811] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  104.690810][ T5811] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  104.730889][ T5811] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  104.789155][ T5811] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  104.927614][ T5797] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  104.974441][ T5797] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  105.011811][ T5797] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  105.069733][ T5797] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  105.213925][ T5798] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  105.253837][ T5798] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  105.282957][ T5798] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  105.342205][ T5798] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  105.473093][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.498318][ T5800] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  105.545758][ T5800] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  105.582186][ T5800] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  105.620708][ T5800] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  105.709827][ T5804] 8021q: adding VLAN 0 to HW filter on device team0
[  105.736103][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.753418][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.755458][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.802756][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.802945][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.865890][ T5811] 8021q: adding VLAN 0 to HW filter on device team0
[  105.906694][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.906844][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.950917][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.968355][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.968476][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.051688][ T5797] 8021q: adding VLAN 0 to HW filter on device team0
[  106.080305][ T5798] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.099904][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.100058][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.157644][ T2798] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.158334][ T2798] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.223020][ T5798] 8021q: adding VLAN 0 to HW filter on device team0
[  106.267912][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.280972][ T2798] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.281165][ T2798] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.343292][ T2798] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.346847][ T2798] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.442962][ T5800] 8021q: adding VLAN 0 to HW filter on device team0
[  106.490932][ T3519] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.491163][ T3519] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.572080][ T3519] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.574940][ T3519] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.659999][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.800691][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.018984][ T5804] veth0_vlan: entered promiscuous mode
[  107.109602][ T5804] veth1_vlan: entered promiscuous mode
[  107.141461][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.327940][ T5804] veth0_macvtap: entered promiscuous mode
[  107.379722][ T5798] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.380943][ T5804] veth1_macvtap: entered promiscuous mode
[  107.457440][ T5797] veth0_vlan: entered promiscuous mode
[  107.486557][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.511809][ T5797] veth1_vlan: entered promiscuous mode
[  107.518489][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.539273][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.571977][ T3235] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.586480][ T3235] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.592961][ T3235] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.616965][ T3235] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.733220][ T5798] veth0_vlan: entered promiscuous mode
[  107.776262][ T5811] veth0_vlan: entered promiscuous mode
[  107.880005][ T5798] veth1_vlan: entered promiscuous mode
[  107.897524][ T5797] veth0_macvtap: entered promiscuous mode
[  107.899770][ T5811] veth1_vlan: entered promiscuous mode
[  107.937708][ T5797] veth1_macvtap: entered promiscuous mode
[  108.010418][ T5800] veth0_vlan: entered promiscuous mode
[  108.011757][ T1435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.011776][ T1435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.087283][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.107673][ T5800] veth1_vlan: entered promiscuous mode
[  108.122763][ T3235] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.122785][ T3235] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.139628][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.182527][ T5798] veth0_macvtap: entered promiscuous mode
[  108.193275][ T5811] veth0_macvtap: entered promiscuous mode
[  108.207315][ T1435] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.213723][ T1435] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.231854][ T1435] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.242195][ T5798] veth1_macvtap: entered promiscuous mode
[  108.250083][ T1435] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.252581][ T5811] veth1_macvtap: entered promiscuous mode
[  108.428146][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.501400][   T37] audit: type=1326 audit(1761218692.717:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5917 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a148efc9 code=0x7ffc0000
[  108.501468][   T37] audit: type=1326 audit(1761218692.727:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5917 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a148efc9 code=0x7ffc0000
[  108.516269][   T37] audit: type=1326 audit(1761218692.737:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5917 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f61a148efc9 code=0x7ffc0000
[  108.516338][   T37] audit: type=1326 audit(1761218692.747:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5917 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a148efc9 code=0x7ffc0000
[  108.518260][   T37] audit: type=1326 audit(1761218692.747:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5917 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7f61a148efc9 code=0x7ffc0000
[  108.518739][   T37] audit: type=1326 audit(1761218692.747:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5917 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a148efc9 code=0x7ffc0000
[  108.519354][   T37] audit: type=1326 audit(1761218692.747:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5917 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a148efc9 code=0x7ffc0000
[  108.519677][   T37] audit: type=1326 audit(1761218692.747:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5917 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f61a148efc9 code=0x7ffc0000
[  108.537647][   T37] audit: type=1326 audit(1761218692.767:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5917 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a148efc9 code=0x7ffc0000
[  108.538589][   T37] audit: type=1326 audit(1761218692.767:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5917 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a148efc9 code=0x7ffc0000
[  108.577291][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.623600][ T5800] veth0_macvtap: entered promiscuous mode
[  108.632721][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.656140][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.731179][ T5800] veth1_macvtap: entered promiscuous mode
[  108.763827][ T1435] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.821811][ T1435] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.851735][ T1435] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.873790][ T1435] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.883598][ T1435] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.890785][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.890808][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.907686][ T1435] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.956511][ T1435] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.967818][ T1435] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.075742][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.259503][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.279522][   T44] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.279557][   T44] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.423988][   T44] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.452381][   T44] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.465011][   T44] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.476892][   T44] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.493624][   T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.493646][   T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.612305][   T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.612327][   T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.910382][ T3519] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.910404][ T3519] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.119744][ T3235] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.119767][ T3235] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.335812][ T2798] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.335835][ T2798] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.559487][ T1435] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.559510][ T1435] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.004611][ T5936] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  111.886567][ T5953] syz.3.12 uses obsolete (PF_INET,SOCK_PACKET)
[  112.144473][ T5882] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  112.158855][ T5950] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  112.354975][ T5882] usb 5-1: Using ep0 maxpacket: 16
[  112.389983][ T5882] usb 5-1: config 0 has no interfaces?
[  112.391839][ T5882] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  112.391868][ T5882] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  112.391898][ T5882] usb 5-1: Manufacturer: syz
[  112.448995][ T5882] usb 5-1: config 0 descriptor??
[  113.471815][ T5950] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  113.526249][   T10] usb 5-1: USB disconnect, device number 2
[  113.716165][ T5967] syz.3.17 (5967) used greatest stack depth: 18056 bytes left
[  115.058901][ T5999] usb usb8: usbfs: process 5999 (syz.0.29) did not claim interface 0 before use
[  116.542813][ T6019] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  116.542843][ T6019] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  116.577891][ T6019] vhci_hcd vhci_hcd.0: Device attached
[  116.600783][ T6019] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(5)
[  116.600813][ T6019] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  116.600955][ T6019] vhci_hcd vhci_hcd.0: Device attached
[  116.613727][ T6024] netlink: 8 bytes leftover after parsing attributes in process `syz.4.35'.
[  116.613772][ T6024] netlink: 8 bytes leftover after parsing attributes in process `syz.4.35'.
[  116.619373][ T6019] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(7)
[  116.619406][ T6019] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  116.619467][ T6019] vhci_hcd vhci_hcd.0: Device attached
[  116.622504][ T6019] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  116.687817][ T6019] vhci_hcd vhci_hcd.0: pdev(2) rhport(4) sockfd(11)
[  116.687847][ T6019] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  116.688533][ T6019] vhci_hcd vhci_hcd.0: Device attached
[  116.688785][ T6029] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  116.699444][ T6019] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  116.729390][ T6019] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  116.800424][ T6019] vhci_hcd vhci_hcd.0: port 0 already used
[  116.812942][ T6022] vhci_hcd: connection closed
[  116.826646][ T6020] vhci_hcd: connection closed
[  116.831619][ T6027] vhci_hcd: connection closed
[  116.862583][   T12] vhci_hcd: stop threads
[  116.889405][   T12] vhci_hcd: release socket
[  116.893116][   T12] vhci_hcd: disconnect device
[  116.893743][   T12] vhci_hcd: stop threads
[  116.893768][   T12] vhci_hcd: release socket
[  116.893967][   T12] vhci_hcd: disconnect device
[  116.916720][   T10] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[  116.943387][   T12] vhci_hcd: stop threads
[  116.943406][   T12] vhci_hcd: release socket
[  116.943486][   T12] vhci_hcd: disconnect device
[  116.968458][ T6025] vhci_hcd: connection closed
[  116.986388][   T12] vhci_hcd: stop threads
[  116.986409][   T12] vhci_hcd: release socket
[  116.987721][   T12] vhci_hcd: disconnect device
[  117.484157][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  117.724163][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  118.054198][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  118.054447][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  119.810580][ T6060] netlink: 4 bytes leftover after parsing attributes in process `syz.1.45'.
[  120.294151][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  122.044742][   T10] vhci_hcd: vhci_device speed not set
[  122.044891][    T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!!
[  122.704258][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  122.794427][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  122.794471][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  124.226133][    T9] usb 1-1: new low-speed USB device number 2 using dummy_hcd
[  124.402805][    T9] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  124.402837][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.474947][    T9] usb 1-1: config 0 descriptor??
[  124.773630][    T9] asix 1-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  125.105030][ T6127] kvm: pic: non byte read
[  125.126813][ T6127] kvm: pic: non byte read
[  125.814157][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  126.223194][    T9] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  126.223238][    T9] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  126.223934][    T9] asix 1-1:0.0: probe with driver asix failed with error -71
[  126.396954][ T6153] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  126.446955][    T9] usb 1-1: USB disconnect, device number 2
[  126.498934][   T61] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  126.498988][   T61] CPU: 0 UID: 0 PID: 61 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  126.499013][   T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  126.499027][   T61] Workqueue: hci4 hci_rx_work
[  126.499080][   T61] Call Trace:
[  126.499097][   T61]  <TASK>
[  126.499112][   T61]  dump_stack_lvl+0x189/0x250
[  126.499162][   T61]  ? __pfx_dump_stack_lvl+0x10/0x10
[  126.499201][   T61]  ? __pfx__printk+0x10/0x10
[  126.499234][   T61]  ? kernfs_path_from_node+0x2c/0x280
[  126.499265][   T61]  ? kernfs_path_from_node+0x243/0x280
[  126.499286][   T61]  ? kernfs_path_from_node+0x2c/0x280
[  126.499315][   T61]  sysfs_create_dir_ns+0x259/0x280
[  126.499337][   T61]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  126.499362][   T61]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  126.499391][   T61]  ? rt_spin_unlock+0x161/0x200
[  126.499418][   T61]  kobject_add_internal+0x5a5/0xb50
[  126.499461][   T61]  kobject_add+0x155/0x220
[  126.499498][   T61]  ? __pfx_kobject_add+0x10/0x10
[  126.499539][   T61]  ? get_device_parent+0x370/0x3a0
[  126.499575][   T61]  device_add+0x408/0xb50
[  126.499609][   T61]  hci_conn_add_sysfs+0xd5/0x1e0
[  126.499648][   T61]  le_conn_complete_evt+0xf39/0x1500
[  126.499700][   T61]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  126.499731][   T61]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  126.499760][   T61]  ? lockdep_hardirqs_on+0x9c/0x150
[  126.499794][   T61]  ? skb_pull_data+0xfb/0x200
[  126.499828][   T61]  hci_le_enh_conn_complete_evt+0x189/0x470
[  126.499857][   T61]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[  126.499891][   T61]  hci_event_packet+0x78f/0x1200
[  126.499917][   T61]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  126.499946][   T61]  ? __pfx_hci_event_packet+0x10/0x10
[  126.499979][   T61]  ? hci_send_to_monitor+0xe2/0x570
[  126.500013][   T61]  hci_rx_work+0x46a/0xe80
[  126.500043][   T61]  ? process_scheduled_works+0x9ef/0x17b0
[  126.500074][   T61]  process_scheduled_works+0xae1/0x17b0
[  126.500134][   T61]  ? __pfx_process_scheduled_works+0x10/0x10
[  126.500182][   T61]  worker_thread+0x8a0/0xda0
[  126.500241][   T61]  kthread+0x711/0x8a0
[  126.500289][   T61]  ? __pfx_worker_thread+0x10/0x10
[  126.500317][   T61]  ? __pfx_kthread+0x10/0x10
[  126.500345][   T61]  ? rt_spin_unlock+0x150/0x200
[  126.500374][   T61]  ? rt_spin_unlock+0x161/0x200
[  126.500394][   T61]  ? __pfx_kthread+0x10/0x10
[  126.500428][   T61]  ret_from_fork+0x4bc/0x870
[  126.500458][   T61]  ? __pfx_ret_from_fork+0x10/0x10
[  126.500494][   T61]  ? __switch_to_asm+0x39/0x70
[  126.500515][   T61]  ? __switch_to_asm+0x33/0x70
[  126.500535][   T61]  ? __pfx_kthread+0x10/0x10
[  126.500567][   T61]  ret_from_fork_asm+0x1a/0x30
[  126.500609][   T61]  </TASK>
[  126.500656][   T61] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  126.500698][   T61] Bluetooth: hci4: failed to register connection device
[  126.720974][ T6156] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  126.721482][ T6156] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  126.943439][ T6156] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  127.065443][ T6156] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  127.065574][ T6156] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  127.193327][ T6156] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  128.182063][ T6156] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  128.182181][ T6156] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  128.248939][ T6156] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  128.288658][ T6156] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  128.289334][ T6156] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  128.376578][ T6156] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  128.457902][ T6156] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  128.458023][ T6156] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  128.550112][ T6156] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  128.631372][ T6156] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  128.754337][ T5806] Bluetooth: hci0: command 0x0c1a tx timeout
[  129.072848][ T6204] kvm: pic: level sensitive irq not supported
[  129.072926][ T6204] kvm: pic: non byte read
[  129.073185][ T6204] kvm: pic: level sensitive irq not supported
[  129.073231][ T6204] kvm: pic: non byte read
[  129.075714][ T5806] Bluetooth: hci1: command 0x0c1a tx timeout
[  129.347264][ T6213] netlink: 24 bytes leftover after parsing attributes in process `syz.1.94'.
[  129.845152][   T37] kauditd_printk_skb: 10 callbacks suppressed
[  129.845178][   T37] audit: type=1326 audit(1761218714.067:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6219 comm="syz.1.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8744a1efc9 code=0x7ffc0000
[  129.848770][   T37] audit: type=1326 audit(1761218714.077:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6219 comm="syz.1.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8744a1efc9 code=0x7ffc0000
[  129.848814][   T37] audit: type=1326 audit(1761218714.077:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6219 comm="syz.1.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f8744a1efc9 code=0x7ffc0000
[  129.848845][   T37] audit: type=1326 audit(1761218714.077:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6219 comm="syz.1.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8744a1efc9 code=0x7ffc0000
[  129.849201][   T37] audit: type=1326 audit(1761218714.077:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6219 comm="syz.1.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8744a1efc9 code=0x7ffc0000
[  129.849236][   T37] audit: type=1326 audit(1761218714.077:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6219 comm="syz.1.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f8744a1efc9 code=0x7ffc0000
[  129.856601][   T37] audit: type=1326 audit(1761218714.087:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6219 comm="syz.1.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8744a1efc9 code=0x7ffc0000
[  129.858047][   T37] audit: type=1326 audit(1761218714.087:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6219 comm="syz.1.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8744a1efc9 code=0x7ffc0000
[  129.858106][   T37] audit: type=1326 audit(1761218714.087:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6219 comm="syz.1.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8744a1efc9 code=0x7ffc0000
[  129.858156][   T37] audit: type=1326 audit(1761218714.087:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6219 comm="syz.1.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8744a1efc9 code=0x7ffc0000
[  130.195060][ T5806] Bluetooth: hci3: command 0x0c1a tx timeout
[  130.364248][ T5806] Bluetooth: hci2: command 0x0c1a tx timeout
[  130.543014][ T5806] Bluetooth: hci4: command 0x0c1a tx timeout
[  130.684697][ T6207] syz.2.92 (6207) used greatest stack depth: 17560 bytes left
[  130.836438][ T5806] Bluetooth: hci0: command 0x0c1a tx timeout
[  131.154701][ T5806] Bluetooth: hci1: command 0x0c1a tx timeout
[  132.211143][ T6256] input: syz1 as /devices/virtual/input/input5
[  132.276494][ T5806] Bluetooth: hci3: command 0x0c1a tx timeout
[  132.443665][ T5806] Bluetooth: hci2: command 0x0c1a tx timeout
[  132.594357][ T5806] Bluetooth: hci4: command 0x0c1a tx timeout
[  132.876018][ T5919] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  132.914995][ T5806] Bluetooth: hci0: command 0x0c1a tx timeout
[  133.028180][ T5919] usb 4-1: Using ep0 maxpacket: 8
[  133.031656][ T5919] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  133.031688][ T5919] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  133.031714][ T5919] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  133.031738][ T5919] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  133.031781][ T5919] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  133.031804][ T5919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.234235][ T5806] Bluetooth: hci1: command 0x0c1a tx timeout
[  133.406229][ T5919] usb 4-1: GET_CAPABILITIES returned 0
[  133.406292][ T5919] usbtmc 4-1:16.0: can't read capabilities
[  133.626203][ T6281] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  133.634232][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  133.658355][ T5919] usb 4-1: USB disconnect, device number 2
[  133.841903][ T6283] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  134.357142][ T5806] Bluetooth: hci3: command 0x0c1a tx timeout
[  134.514197][ T5806] Bluetooth: hci2: command 0x0c1a tx timeout
[  134.648873][ T6296] bridge1: entered promiscuous mode
[  134.648903][ T6296] bridge1: entered allmulticast mode
[  134.653264][ T6296] team0: Port device bridge1 added
[  134.686071][ T5806] Bluetooth: hci4: command 0x0c1a tx timeout
[  134.710737][ T6299] bridge0: port 3(team0) entered blocking state
[  134.732943][ T6299] bridge0: port 3(team0) entered disabled state
[  134.733594][ T6299] team0: entered allmulticast mode
[  134.733615][ T6299] team_slave_0: entered allmulticast mode
[  134.733768][ T6299] team_slave_1: entered allmulticast mode
[  134.856510][ T6299] team0: entered promiscuous mode
[  134.856534][ T6299] team_slave_0: entered promiscuous mode
[  134.856808][ T6299] team_slave_1: entered promiscuous mode
[  134.860150][ T6299] bridge0: port 3(team0) entered blocking state
[  134.860312][ T6299] bridge0: port 3(team0) entered forwarding state
[  135.484335][ T6318] syz_tun: entered allmulticast mode
[  135.510826][ T6317] syz_tun: left allmulticast mode
[  136.754235][ T5806] Bluetooth: hci4: command 0x0c1a tx timeout
[  138.536186][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  138.536314][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  138.610013][ T6370] netlink: 8 bytes leftover after parsing attributes in process `syz.0.146'.
[  141.234817][ T5806] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  145.245048][ T6454] syz_tun: entered allmulticast mode
[  146.578788][ T6472] netlink: 12 bytes leftover after parsing attributes in process `syz.3.181'.
[  148.376520][ T6512] process 'syz.0.195' launched './file1' with NULL argv: empty string added
[  149.090130][ T5960] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  149.234996][ T5960] usb 5-1: Using ep0 maxpacket: 32
[  149.237477][ T5960] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  149.237515][ T5960] usb 5-1: config 0 has no interface number 0
[  149.237583][ T5960] usb 5-1: config 0 interface 12 has no altsetting 0
[  149.243871][ T5960] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  149.243902][ T5960] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.243924][ T5960] usb 5-1: Product: syz
[  149.243939][ T5960] usb 5-1: Manufacturer: syz
[  149.243954][ T5960] usb 5-1: SerialNumber: syz
[  149.299566][ T5960] usb 5-1: config 0 descriptor??
[  152.540463][ T5960] f81534 5-1:0.12: f81534_set_register: reg: 1003 data: 28 failed: -71
[  152.540548][ T5960] f81534 5-1:0.12: f81534_find_config_idx: read failed: -71
[  152.540570][ T5960] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  152.540686][ T5960] f81534 5-1:0.12: probe with driver f81534 failed with error -71
[  152.617968][ T5960] usb 5-1: USB disconnect, device number 3
[  155.855645][ T6587] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  156.194720][ T5806] Bluetooth: hci1: command 0x0c1a tx timeout
[  156.340619][   T37] kauditd_printk_skb: 13 callbacks suppressed
[  156.340638][   T37] audit: type=1326 audit(1761218740.567:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6595 comm="syz.2.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe91d38efc9 code=0x7fc00000
[  156.783532][ T6605] netlink: 12 bytes leftover after parsing attributes in process `syz.4.229'.
[  157.041197][   T37] audit: type=1326 audit(1761218741.267:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6595 comm="syz.2.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe91d38efc9 code=0x7fc00000
[  157.217070][ T6615] netlink: 'syz.2.232': attribute type 12 has an invalid length.
[  157.850807][   T37] audit: type=1326 audit(1761218742.077:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6626 comm="syz.2.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe91d38efc9 code=0x7ffc0000
[  157.851435][   T37] audit: type=1326 audit(1761218742.077:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6626 comm="syz.2.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=155 compat=0 ip=0x7fe91d38efc9 code=0x7ffc0000
[  157.851635][   T37] audit: type=1326 audit(1761218742.077:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6626 comm="syz.2.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe91d38efc9 code=0x7ffc0000
[  157.973440][ T5882] IPVS: starting estimator thread 0...
[  158.164745][ T6631] IPVS: using max 7 ests per chain, 16800 per kthread
[  158.283463][ T6634] capability: warning: `syz.2.241' uses 32-bit capabilities (legacy support in use)
[  160.567123][ T6673] netlink: 8 bytes leftover after parsing attributes in process `syz.2.251'.
[  160.567149][ T6673] netlink: 8 bytes leftover after parsing attributes in process `syz.2.251'.
[  161.068149][ T6676] Driver unsupported XDP return value 0 on prog  (id 53) dev N/A, expect packet loss!
[  161.488333][ T6689] netlink: 'syz.2.258': attribute type 6 has an invalid length.
[  161.557343][ T6693] warning: `syz.1.260' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  161.703266][ T6695] sg_read: process 153 (syz.4.261) changed security contexts after opening file descriptor, this is not allowed.
[  162.011031][ T6707] 9pnet_virtio: no channels available for device syz
[  162.603417][ T6709] netlink: 8 bytes leftover after parsing attributes in process `syz.4.265'.
[  163.180170][ T6727] binder: 6726:6727 unknown command 0
[  163.180319][ T6727] binder: 6726:6727 ioctl c0306201 200000000080 returned -22
[  165.131896][ T6729] syz.0.272: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  165.137737][ T6729] CPU: 0 UID: 0 PID: 6729 Comm: syz.0.272 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  165.137763][ T6729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  165.137777][ T6729] Call Trace:
[  165.137784][ T6729]  <TASK>
[  165.137794][ T6729]  dump_stack_lvl+0x189/0x250
[  165.137838][ T6729]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  165.137876][ T6729]  ? __pfx_dump_stack_lvl+0x10/0x10
[  165.137911][ T6729]  ? __pfx__printk+0x10/0x10
[  165.137939][ T6729]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  165.137966][ T6729]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  165.138001][ T6729]  warn_alloc+0x22e/0x3b0
[  165.138054][ T6729]  ? __pfx_warn_alloc+0x10/0x10
[  165.138097][ T6729]  ? __get_vm_area_node+0x2bc/0x350
[  165.138129][ T6729]  ? hash_netport4_resize+0x235/0x1b70
[  165.138160][ T6729]  __vmalloc_node_range_noprof+0x690/0x12d0
[  165.138192][ T6729]  ? __alloc_frozen_pages_noprof+0x9f/0x370
[  165.138257][ T6729]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  165.138295][ T6729]  ? rcu_is_watching+0x15/0xb0
[  165.138320][ T6729]  __kvmalloc_node_noprof+0x4a3/0x920
[  165.138353][ T6729]  ? hash_netport4_resize+0x235/0x1b70
[  165.138375][ T6729]  ? hash_netport4_resize+0x235/0x1b70
[  165.138407][ T6729]  hash_netport4_resize+0x235/0x1b70
[  165.138430][ T6729]  ? hash_netport4_uadt+0xc9a/0xf30
[  165.138461][ T6729]  ? __pfx_hash_netport4_add+0x10/0x10
[  165.138492][ T6729]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  165.138536][ T6729]  ? rt_write_unlock+0x191/0x230
[  165.138566][ T6729]  call_ad+0x3c8/0x9c0
[  165.138605][ T6729]  ? __pfx_call_ad+0x10/0x10
[  165.138660][ T6729]  ? __nla_parse+0x40/0x60
[  165.138701][ T6729]  ip_set_ad+0x797/0x940
[  165.138741][ T6729]  ? __pfx_ip_set_ad+0x10/0x10
[  165.138778][ T6729]  ? do_raw_spin_lock+0x121/0x290
[  165.138851][ T6729]  nfnetlink_rcv_msg+0xb69/0x1150
[  165.138886][ T6729]  ? nfnetlink_rcv_msg+0x212/0x1150
[  165.138940][ T6729]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  165.138970][ T6729]  ? kasan_save_track+0x4f/0x80
[  165.139057][ T6729]  ? __local_bh_enable+0x27b/0x410
[  165.139094][ T6729]  netlink_rcv_skb+0x208/0x470
[  165.139117][ T6729]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  165.139153][ T6729]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  165.139194][ T6729]  ? bpf_lsm_capable+0x9/0x20
[  165.139218][ T6729]  ? security_capable+0x7e/0x2e0
[  165.139259][ T6729]  nfnetlink_rcv+0x282/0x2590
[  165.139299][ T6729]  ? __dev_queue_xmit+0x1d3d/0x3b70
[  165.139339][ T6729]  ? __dev_queue_xmit+0x26f/0x3b70
[  165.139383][ T6729]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  165.139414][ T6729]  ? __pfx___dev_queue_xmit+0x10/0x10
[  165.139459][ T6729]  ? ref_tracker_free+0x61e/0x7c0
[  165.139492][ T6729]  ? __asan_memcpy+0x40/0x70
[  165.139517][ T6729]  ? __pfx_ref_tracker_free+0x10/0x10
[  165.139546][ T6729]  ? __skb_clone+0x63/0x7a0
[  165.139578][ T6729]  ? __skb_clone+0x483/0x7a0
[  165.139612][ T6729]  ? skb_clone+0x246/0x3a0
[  165.139642][ T6729]  ? __netlink_deliver_tap+0x807/0x850
[  165.139670][ T6729]  ? netlink_deliver_tap+0x2e/0x1b0
[  165.139700][ T6729]  ? netlink_deliver_tap+0x2e/0x1b0
[  165.139732][ T6729]  netlink_unicast+0x846/0xa10
[  165.139775][ T6729]  ? __pfx_netlink_unicast+0x10/0x10
[  165.139810][ T6729]  ? netlink_sendmsg+0x642/0xb30
[  165.139824][ T6729]  ? skb_put+0x11b/0x210
[  165.139845][ T6729]  netlink_sendmsg+0x805/0xb30
[  165.139869][ T6729]  ? __pfx_netlink_sendmsg+0x10/0x10
[  165.139893][ T6729]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  165.139917][ T6729]  ? __pfx_netlink_sendmsg+0x10/0x10
[  165.139935][ T6729]  __sock_sendmsg+0x21c/0x270
[  165.139963][ T6729]  ____sys_sendmsg+0x508/0x820
[  165.139989][ T6729]  ? __pfx_____sys_sendmsg+0x10/0x10
[  165.140018][ T6729]  ? import_iovec+0x74/0xa0
[  165.140055][ T6729]  ___sys_sendmsg+0x21f/0x2a0
[  165.140079][ T6729]  ? __pfx____sys_sendmsg+0x10/0x10
[  165.140138][ T6729]  ? __fget_files+0x2a/0x420
[  165.140167][ T6729]  ? __fget_files+0x3a6/0x420
[  165.140205][ T6729]  __x64_sys_sendmsg+0x1a1/0x260
[  165.140229][ T6729]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  165.140266][ T6729]  ? do_syscall_64+0xbe/0xfa0
[  165.140304][ T6729]  do_syscall_64+0xfa/0xfa0
[  165.140326][ T6729]  ? lockdep_hardirqs_on+0x9c/0x150
[  165.140355][ T6729]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.140374][ T6729]  ? clear_bhb_loop+0x60/0xb0
[  165.140396][ T6729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.140413][ T6729] RIP: 0033:0x7f61a148efc9
[  165.140436][ T6729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  165.140458][ T6729] RSP: 002b:00007f619f6f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  165.140484][ T6729] RAX: ffffffffffffffda RBX: 00007f61a16e5fa0 RCX: 00007f61a148efc9
[  165.140499][ T6729] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000004
[  165.140512][ T6729] RBP: 00007f61a1511f91 R08: 0000000000000000 R09: 0000000000000000
[  165.140524][ T6729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  165.140536][ T6729] R13: 00007f61a16e6038 R14: 00007f61a16e5fa0 R15: 00007fff6d684c48
[  165.140572][ T6729]  </TASK>
[  165.140586][ T6729] Mem-Info:
[  165.140596][ T6729] active_anon:2368 inactive_anon:6860 isolated_anon:0
[  165.140596][ T6729]  active_file:5679 inactive_file:47159 isolated_file:0
[  165.140596][ T6729]  unevictable:768 dirty:321 writeback:0
[  165.140596][ T6729]  slab_reclaimable:11365 slab_unreclaimable:102258
[  165.140596][ T6729]  mapped:29766 shmem:4502 pagetables:1195
[  165.140596][ T6729]  sec_pagetables:0 bounce:0
[  165.140596][ T6729]  kernel_misc_reclaimable:0
[  165.140596][ T6729]  free:1317161 free_pcp:4461 free_cma:0
[  165.140659][ T6729] Node 0 active_anon:9472kB inactive_anon:27440kB active_file:22516kB inactive_file:188636kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119064kB dirty:1280kB writeback:0kB shmem:16472kB kernel_stack:12948kB pagetables:4656kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  165.140707][ T6729] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  165.140745][ T6729] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  165.140802][ T6729] lowmem_reserve[]: 0 2515 2517 2517 2517
[  165.140831][ T6729] Node 0 DMA32 free:1354352kB boost:0kB min:3944kB low:6492kB high:9040kB reserved_highatomic:0KB free_highatomic:0KB active_anon:9472kB inactive_anon:27440kB active_file:22516kB inactive_file:188636kB unevictable:1536kB writepending:1280kB zspages:0kB present:3129332kB managed:2576100kB mlocked:0kB bounce:0kB free_pcp:12068kB local_pcp:4100kB free_cma:0kB
[  165.140882][ T6729] lowmem_reserve[]: 0 0 1 1 1
[  165.140909][ T6729] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  165.140957][ T6729] lowmem_reserve[]: 0 0 0 0 0
[  165.140986][ T6729] Node 1 Normal free:3898932kB boost:0kB min:6360kB low:10468kB high:14576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:5764kB local_pcp:3972kB free_cma:0kB
[  165.141596][ T6729] lowmem_reserve[]: 0 0 0 0 0
[  165.141636][ T6729] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  165.141776][ T6729] Node 0 DMA32: 5*4kB (UE) 287*8kB (M) 706*16kB (UM) 864*32kB (UME) 568*64kB (UME) 134*128kB (UM) 48*256kB (UM) 10*512kB (ME) 3*1024kB (M) 3*2048kB (UME) 301*4096kB (UM) = 1354284kB
[  165.141973][ T6729] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  165.142095][ T6729] Node 1 Normal: 68*4kB (UME) 49*8kB (UME) 41*16kB (UME) 204*32kB (UME) 87*64kB (UME) 28*128kB (UME) 16*256kB (UME) 12*512kB (UME) 3*1024kB (UM) 1*2048kB (E) 944*4096kB (M) = 3898984kB
[  165.142273][ T6729] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  165.142291][ T6729] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  165.142309][ T6729] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  165.142325][ T6729] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  165.142343][ T6729] 57336 total pagecache pages
[  165.142358][ T6729] 0 pages in swap cache
[  165.142365][ T6729] Free swap  = 124996kB
[  165.142374][ T6729] Total swap = 124996kB
[  165.142382][ T6729] 2097051 pages RAM
[  165.142389][ T6729] 0 pages HighMem/MovableOnly
[  165.142397][ T6729] 421000 pages reserved
[  165.142404][ T6729] 0 pages cma reserved
[  167.689176][ T6781] kvm: pic: level sensitive irq not supported
[  167.689255][ T6781] kvm: pic: non byte read
[  167.689561][ T6781] kvm: pic: level sensitive irq not supported
[  167.689625][ T6781] kvm: pic: non byte read
[  167.689973][ T6781] kvm: pic: non byte read
[  167.690338][ T6781] kvm: pic: non byte read
[  167.690682][ T6781] kvm: pic: non byte read
[  167.691035][ T6781] kvm: pic: non byte read
[  167.691384][ T6781] kvm: pic: non byte read
[  167.691727][ T6781] kvm: pic: non byte read
[  167.750665][ T6781] kvm: pic: single mode not supported
[  167.750771][ T6781] kvm: pic: non byte read
[  170.007867][ T6813] netlink: 8 bytes leftover after parsing attributes in process `syz.2.302'.
[  170.013487][ T6813] netlink: 8 bytes leftover after parsing attributes in process `syz.2.302'.
[  170.042797][ T6813] netlink: 8 bytes leftover after parsing attributes in process `syz.2.302'.
[  170.046935][ T6813] netlink: 8 bytes leftover after parsing attributes in process `syz.2.302'.
[  170.533843][ T6827] io-wq is not configured for unbound workers
[  171.369330][ T6847] Zero length message leads to an empty skb
[  175.450532][   T37] audit: type=1326 audit(1761218759.677:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6900 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faea655efc9 code=0x7ffc0000
[  175.450574][   T37] audit: type=1326 audit(1761218759.677:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6900 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7faea655efc9 code=0x7ffc0000
[  175.450606][   T37] audit: type=1326 audit(1761218759.677:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6900 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faea655efc9 code=0x7ffc0000
[  175.450645][   T37] audit: type=1326 audit(1761218759.677:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6900 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7faea655efc9 code=0x7ffc0000
[  175.450675][   T37] audit: type=1326 audit(1761218759.677:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6900 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faea655efc9 code=0x7ffc0000
[  175.451211][   T37] audit: type=1326 audit(1761218759.677:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6900 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7faea655efc9 code=0x7ffc0000
[  175.451248][   T37] audit: type=1326 audit(1761218759.677:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6900 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faea655efc9 code=0x7ffc0000
[  175.451455][   T37] audit: type=1326 audit(1761218759.677:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6900 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faea655efc9 code=0x7ffc0000
[  175.451684][   T37] audit: type=1326 audit(1761218759.677:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6900 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faea655efc9 code=0x7ffc0000
[  175.455939][   T37] audit: type=1326 audit(1761218759.677:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6900 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faea655efc9 code=0x7ffc0000
[  180.149360][ T6949] netlink: 4 bytes leftover after parsing attributes in process `syz.3.346'.
[  180.424299][ T5875] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  180.556865][ T6956] tipc: Started in network mode
[  180.556892][ T6956] tipc: Node identity 4, cluster identity 4711
[  180.556906][ T6956] tipc: Node number set to 4
[  180.593193][ T5875] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  180.593221][ T5875] usb 2-1: config 0 has no interface number 0
[  180.614794][ T5875] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  180.614830][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.614852][ T5875] usb 2-1: Product: syz
[  180.614878][ T5875] usb 2-1: Manufacturer: syz
[  180.614893][ T5875] usb 2-1: SerialNumber: syz
[  180.662594][ T5875] usb 2-1: config 0 descriptor??
[  180.897730][ T5875] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  180.950725][ T5875] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  180.951331][ T5875] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  180.951420][ T5875] usb 2-1: media controller created
[  181.095737][ T5875] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  181.989552][ T5875] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[  182.245855][ T5875] usb 2-1: USB disconnect, device number 2
[  185.004870][ T6999] delete_channel: no stack
[  185.155590][ T7003] binder: 7002:7003 ioctl c0306201 200000000680 returned -14
[  185.371830][   T13] wlan1: BSS 50:50:50:50:50:50 switches to unsupported channel (0 MHz), disconnecting
[  185.490896][   T13] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID
[  186.280037][ T7036] input: syz1 as /devices/virtual/input/input6
[  193.874340][   T61] Bluetooth: hci5: command 0x1003 tx timeout
[  193.877549][ T5806] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  194.923584][    C0] vkms_vblank_simulate: vblank timer overrun
[  194.957942][    C0] vkms_vblank_simulate: vblank timer overrun
[  195.154905][    C0] vkms_vblank_simulate: vblank timer overrun
[  195.325028][    C0] vkms_vblank_simulate: vblank timer overrun
[  196.417755][ T7174] Bluetooth: MGMT ver 1.23
[  196.897785][ T7188] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  196.897839][ T7188] overlayfs: failed to set xattr on upper
[  196.897853][ T7188] overlayfs: ...falling back to redirect_dir=nofollow.
[  196.897862][ T7188] overlayfs: ...falling back to index=off.
[  196.897870][ T7188] overlayfs: ...falling back to uuid=null.
[  196.952022][ T7189] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  196.952052][ T7189] overlayfs: failed to set xattr on upper
[  196.952060][ T7189] overlayfs: ...falling back to redirect_dir=nofollow.
[  196.952069][ T7189] overlayfs: ...falling back to index=off.
[  196.952077][ T7189] overlayfs: ...falling back to uuid=null.
[  196.952307][ T7189] overlayfs: conflicting lowerdir path
[  197.707125][    C0] vkms_vblank_simulate: vblank timer overrun
[  197.738631][    C0] vkms_vblank_simulate: vblank timer overrun
[  197.780646][    C0] vkms_vblank_simulate: vblank timer overrun
[  197.809252][    C0] vkms_vblank_simulate: vblank timer overrun
[  197.842661][    C0] vkms_vblank_simulate: vblank timer overrun
[  197.878995][    C0] vkms_vblank_simulate: vblank timer overrun
[  197.909421][    C0] vkms_vblank_simulate: vblank timer overrun
[  197.966495][    C0] vkms_vblank_simulate: vblank timer overrun
[  198.001833][    C0] vkms_vblank_simulate: vblank timer overrun
[  198.039012][    C0] vkms_vblank_simulate: vblank timer overrun
[  198.253090][    C0] vkms_vblank_simulate: vblank timer overrun
[  198.292741][    C0] vkms_vblank_simulate: vblank timer overrun
[  198.333102][    C0] vkms_vblank_simulate: vblank timer overrun
[  198.368412][    C0] vkms_vblank_simulate: vblank timer overrun
[  198.401028][    C0] vkms_vblank_simulate: vblank timer overrun
[  198.458545][    C0] vkms_vblank_simulate: vblank timer overrun
[  198.492271][    C0] vkms_vblank_simulate: vblank timer overrun
[  198.530884][    C0] vkms_vblank_simulate: vblank timer overrun
[  198.561726][    C0] vkms_vblank_simulate: vblank timer overrun
[  200.504808][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  200.504887][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  202.121319][    C1] vkms_vblank_simulate: vblank timer overrun
[  202.153206][    C1] vkms_vblank_simulate: vblank timer overrun
[  202.216352][    C1] vkms_vblank_simulate: vblank timer overrun
[  202.246792][    C1] vkms_vblank_simulate: vblank timer overrun
[  202.576449][ T7206] serio: Serial port ptm0
[  202.951957][    C1] vkms_vblank_simulate: vblank timer overrun
[  202.993223][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.022782][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.057035][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.090648][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.330801][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.363129][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.392721][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.425508][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.456929][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.490039][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.521276][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.555505][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.586793][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.651964][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.683322][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.730801][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.764151][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.950542][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.014657][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.045635][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.076309][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.107442][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.145009][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.176757][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.243032][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.275971][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.307457][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.379416][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.445830][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.475228][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.504745][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.533755][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.577359][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.607088][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.639438][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.675980][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.707897][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.739065][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.772390][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.806597][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.838527][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.937323][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.970784][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.004797][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.036512][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.068740][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.130274][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.161756][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.193695][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.225430][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.255841][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.287766][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.317927][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.378420][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.408124][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.436880][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.492524][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.525350][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.556371][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.590719][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.621623][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.676645][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.709673][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.465613][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.807677][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.838686][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.869908][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.899907][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.946450][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.995498][    C1] vkms_vblank_simulate: vblank timer overrun
[  212.566576][    C0] vkms_vblank_simulate: vblank timer overrun
[  212.601546][    C0] vkms_vblank_simulate: vblank timer overrun
[  212.634443][    C0] vkms_vblank_simulate: vblank timer overrun
[  212.664118][    C0] vkms_vblank_simulate: vblank timer overrun
[  212.692804][    C0] vkms_vblank_simulate: vblank timer overrun
[  212.736313][    C0] vkms_vblank_simulate: vblank timer overrun
[  212.766611][    C0] vkms_vblank_simulate: vblank timer overrun
[  212.797005][    C0] vkms_vblank_simulate: vblank timer overrun
[  212.829450][    C0] vkms_vblank_simulate: vblank timer overrun
[  212.860548][    C0] vkms_vblank_simulate: vblank timer overrun
[  212.988173][    C0] vkms_vblank_simulate: vblank timer overrun
[  213.021245][    C0] vkms_vblank_simulate: vblank timer overrun
[  213.493481][    C0] vkms_vblank_simulate: vblank timer overrun
[  213.539558][    C0] vkms_vblank_simulate: vblank timer overrun
[  213.576038][    C0] vkms_vblank_simulate: vblank timer overrun
[  213.640317][    C0] vkms_vblank_simulate: vblank timer overrun
[  214.711321][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.130602][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.160460][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.210391][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.354843][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.412896][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.732482][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.792783][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.847086][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.901772][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.944923][    C0] vkms_vblank_simulate: vblank timer overrun
[  216.459823][    C0] vkms_vblank_simulate: vblank timer overrun
[  216.492843][    C0] vkms_vblank_simulate: vblank timer overrun
[  216.557243][    C0] vkms_vblank_simulate: vblank timer overrun
[  216.579102][    C0] vkms_vblank_simulate: vblank timer overrun
[  217.397126][    C0] vkms_vblank_simulate: vblank timer overrun
[  220.337580][ T7289] binder: 7288:7289 unknown command 0
[  220.337604][ T7289] binder: 7288:7289 ioctl c0306201 2000000003c0 returned -22
[  222.016266][ T3121] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  222.330256][ T3121] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  222.330284][ T3121] usb 5-1: config 0 has no interfaces?
[  222.684235][ T3121] usb 5-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  222.684268][ T3121] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.684287][ T3121] usb 5-1: Product: syz
[  222.684302][ T3121] usb 5-1: Manufacturer: syz
[  222.684316][ T3121] usb 5-1: SerialNumber: syz
[  222.850700][ T3121] usb 5-1: config 0 descriptor??
[  225.274240][ T5919] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  229.896439][   T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  229.903327][   T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  229.914285][   T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  229.938881][   T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  229.949062][   T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  230.007239][ T5919] usb 2-1: unable to read config index 0 descriptor/all
[  230.007292][ T5919] usb 2-1: can't read configurations, error -71
[  232.114425][   T61] Bluetooth: hci0: command tx timeout
[  234.194314][   T61] Bluetooth: hci0: command tx timeout
[  234.354519][ T7323] netlink: 'syz.2.478': attribute type 8 has an invalid length.
[  234.354543][ T7323] netlink: 32 bytes leftover after parsing attributes in process `syz.2.478'.
[  236.274472][   T61] Bluetooth: hci0: command tx timeout
[  236.844161][ T3121] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  238.086988][ T3121] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  238.087012][ T3121] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.087026][ T3121] usb 2-1: Product: syz
[  238.087037][ T3121] usb 2-1: Manufacturer: syz
[  238.087047][ T3121] usb 2-1: SerialNumber: syz
[  238.091002][ T3121] usb 2-1: config 0 descriptor??
[  238.354294][   T61] Bluetooth: hci0: command tx timeout
[  239.415094][ T3121] dvb_usb_rtl28xxu 2-1:0.0: chip type detection failed -110
[  239.415211][ T3121] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110
[  241.742867][ T5919] usb 2-1: USB disconnect, device number 5
[  243.223944][ T7314] chnl_net:caif_netlink_parms(): no params data found
[  247.032784][ T5806] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  247.054468][ T5806] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  247.078434][ T5806] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  248.139620][ T5806] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  248.140509][ T5806] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  250.196281][   T61] Bluetooth: hci5: command tx timeout
[  252.597751][   T61] Bluetooth: hci5: command tx timeout
[  254.923415][   T61] Bluetooth: hci5: command tx timeout
[  256.994346][   T61] Bluetooth: hci5: command tx timeout
[  261.544930][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  261.545009][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  266.128777][ T5806] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  266.470367][ T5806] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  266.483172][ T5806] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  266.500253][ T5806] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  266.501049][ T5806] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  266.844413][ T7314] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.844585][ T7314] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.844854][ T7314] bridge_slave_0: entered allmulticast mode
[  266.864875][ T7314] bridge_slave_0: entered promiscuous mode
[  268.093227][ T7314] bridge0: port 2(bridge_slave_1) entered blocking state
[  268.093381][ T7314] bridge0: port 2(bridge_slave_1) entered disabled state
[  268.093642][ T7314] bridge_slave_1: entered allmulticast mode
[  268.109878][ T7314] bridge_slave_1: entered promiscuous mode
[  268.914526][ T5806] Bluetooth: hci4: command tx timeout
[  271.004145][ T5806] Bluetooth: hci4: command tx timeout
[  273.114081][ T5806] Bluetooth: hci4: command tx timeout
[  275.154214][ T5806] Bluetooth: hci4: command tx timeout
[  280.177723][ T7314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  280.217207][ T7314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  288.344469][   T61] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  288.348031][   T61] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  288.351495][   T61] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  288.405487][   T61] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  288.411826][   T61] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  292.020411][ T5806] Bluetooth: hci6: command tx timeout
[  294.095965][ T5810] Bluetooth: hci6: command tx timeout
[  296.274229][ T5810] Bluetooth: hci6: command tx timeout
[  296.793476][ T5806] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  296.844497][ T5806] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  296.846833][ T5806] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  296.848110][ T5806] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  296.848977][ T5806] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  298.364138][ T5806] Bluetooth: hci6: command tx timeout
[  299.004209][ T5806] Bluetooth: hci1: command tx timeout
[  301.074326][ T5806] Bluetooth: hci1: command tx timeout
[  303.221893][ T5806] Bluetooth: hci1: command tx timeout
[  305.634126][ T5806] Bluetooth: hci1: command tx timeout
[  314.196746][ T5810] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  314.235991][ T5810] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  314.238640][ T5810] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  314.239920][ T5810] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  314.274883][ T5810] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  316.464292][ T5806] Bluetooth: hci0: command tx timeout
[  318.514120][ T5806] Bluetooth: hci0: command tx timeout
[  320.594189][ T5806] Bluetooth: hci0: command tx timeout
[  322.651141][ T5810] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  322.674292][ T5810] Bluetooth: hci0: command tx timeout
[  322.684532][ T5810] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  322.689696][ T5810] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  322.698307][ T5810] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  322.727718][ T5810] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  322.861695][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  322.861770][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  324.848055][ T5806] Bluetooth: hci5: command tx timeout
[  326.917268][ T5806] Bluetooth: hci5: command tx timeout
[  328.994169][ T5806] Bluetooth: hci5: command tx timeout
[  331.084173][ T5806] Bluetooth: hci5: command tx timeout
[  343.555742][ T7413] workqueue: Failed to create a rescuer kthread for wq "bond0": -EINTR
[  348.983203][ T7436] chnl_net:caif_netlink_parms(): no params data found
[  349.675874][ T5810] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  349.696227][ T5810] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  349.699334][ T5810] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  349.777861][ T5810] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  349.821497][ T5810] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  354.635469][ T5806] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  354.668961][ T5806] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  354.682568][ T5806] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  354.736521][ T5806] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  354.737527][ T5806] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  355.554277][ T5806] Bluetooth: hci4: command tx timeout
[  356.834360][ T5806] Bluetooth: hci7: command tx timeout
[  357.677150][ T5806] Bluetooth: hci4: command tx timeout
[  358.914163][ T5806] Bluetooth: hci7: command tx timeout
[  359.714338][ T5806] Bluetooth: hci4: command tx timeout
[  361.314159][ T5806] Bluetooth: hci7: command tx timeout
[  361.794139][ T5810] Bluetooth: hci4: command tx timeout
[  363.394359][ T5810] Bluetooth: hci7: command tx timeout
[  364.929191][ T5806] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  364.933099][ T5806] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  364.956804][ T5806] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  364.959677][ T5806] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  364.962097][ T5806] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  365.855173][ T5806] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  365.863887][ T5806] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  365.948232][ T5806] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  365.950285][ T5806] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  365.951201][ T5806] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  367.080316][ T5806] Bluetooth: hci1: command tx timeout
[  368.114396][ T5810] Bluetooth: hci2: command tx timeout
[  369.214287][ T5810] Bluetooth: hci1: command tx timeout
[  370.194498][ T5810] Bluetooth: hci2: command tx timeout
[  371.234113][ T5810] Bluetooth: hci1: command tx timeout
[  372.274120][ T5810] Bluetooth: hci2: command tx timeout
[  373.314394][ T5810] Bluetooth: hci1: command tx timeout
[  374.465933][ T5810] Bluetooth: hci2: command tx timeout
[  383.475974][ T7448] chnl_net:caif_netlink_parms(): no params data found
[  383.496377][ T5806] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  383.633671][ T5806] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  383.654707][ T5806] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  384.391995][ T5806] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  384.400209][ T5806] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  384.482936][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  384.492720][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  386.434175][ T5806] Bluetooth: hci0: command tx timeout
[  388.514142][ T5806] Bluetooth: hci0: command tx timeout
[  390.684208][ T5806] Bluetooth: hci0: command tx timeout
[  392.794304][ T5806] Bluetooth: hci0: command tx timeout
[  398.354560][   T38] INFO: task syz.0.484:7337 blocked for more than 143 seconds.
[  398.354587][   T38]       Not tainted syzkaller #0
[  398.354599][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  398.354610][   T38] task:syz.0.484       state:D stack:25160 pid:7337  tgid:7337  ppid:5804   task_flags:0x400040 flags:0x00080003
[  398.354691][   T38] Call Trace:
[  398.354771][   T38]  <TASK>
[  398.354788][   T38]  __schedule+0x16f3/0x4c20
[  398.354856][   T38]  ? __pfx___schedule+0x10/0x10
[  398.354905][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[  398.354938][   T38]  rt_mutex_schedule+0x77/0xf0
[  398.354964][   T38]  rt_mutex_slowlock_block+0x5ba/0x6d0
[  398.354988][   T38]  ? task_blocks_on_rt_mutex+0xf12/0x1380
[  398.355045][   T38]  rt_mutex_slowlock+0x2b1/0x6e0
[  398.355071][   T38]  ? rt_mutex_slowlock+0x1c9/0x6e0
[  398.355095][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  398.355115][   T38]  ? __lock_acquire+0xab9/0xd20
[  398.355159][   T38]  ? rcu_barrier+0x4c/0x570
[  398.355191][   T38]  ? rt_mutex_slowunlock+0x493/0x8a0
[  398.355220][   T38]  ? rcu_barrier+0x4c/0x570
[  398.355241][   T38]  mutex_lock_nested+0x16a/0x1d0
[  398.355261][   T38]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  398.355290][   T38]  rcu_barrier+0x4c/0x570
[  398.355316][   T38]  ? rt_write_unlock+0x191/0x230
[  398.355347][   T38]  kvm_mmu_uninit_vm+0x53/0x90
[  398.355385][   T38]  kvm_arch_destroy_vm+0x23d/0x280
[  398.355444][   T38]  kvm_put_kvm+0x6ca/0xa80
[  398.355488][   T38]  ? __pfx_kvm_vm_release+0x10/0x10
[  398.355519][   T38]  kvm_vm_release+0x46/0x50
[  398.355548][   T38]  __fput+0x45b/0xa80
[  398.355586][   T38]  task_work_run+0x1d4/0x260
[  398.355614][   T38]  ? __pfx_task_work_run+0x10/0x10
[  398.355642][   T38]  ? exit_to_user_mode_loop+0x40/0x130
[  398.355677][   T38]  exit_to_user_mode_loop+0xe9/0x130
[  398.355708][   T38]  do_syscall_64+0x2bd/0xfa0
[  398.355736][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  398.355770][   T38]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.355794][   T38]  ? clear_bhb_loop+0x60/0xb0
[  398.355822][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.355844][   T38] RIP: 0033:0x7f61a148efc9
[  398.355864][   T38] RSP: 002b:00007fff6d684da8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  398.355888][   T38] RAX: 0000000000000000 RBX: 00007f61a16e7da0 RCX: 00007f61a148efc9
[  398.355903][   T38] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  398.355917][   T38] RBP: 00007f61a16e7da0 R08: 00000000000013fc R09: 0000000b6d68509f
[  398.355933][   T38] R10: 00000000005fc284 R11: 0000000000000246 R12: 0000000000039e6d
[  398.355947][   T38] R13: 00007f61a16e6090 R14: ffffffffffffffff R15: 00007fff6d684ec0
[  398.355986][   T38]  </TASK>
[  398.356015][   T38] 
[  398.356015][   T38] Showing all locks held in the system:
[  398.356034][   T38] 3 locks held by kworker/u8:0/12:
[  398.356080][   T38]  #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  398.356171][   T38]  #1: ffffc90000117ba0 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  398.356229][   T38]  #2: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  398.356283][   T38] 3 locks held by rcuc/0/20:
[  398.356297][   T38] 1 lock held by khungtaskd/38:
[  398.356309][   T38]  #0: ffffffff8d5aa4c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  398.356366][   T38] 3 locks held by kworker/u8:3/58:
[  398.356378][   T38]  #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  398.356441][   T38]  #1: ffffc9000124fba0 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  398.356497][   T38]  #2: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  398.356550][   T38] 2 locks held by kworker/u8:4/69:
[  398.356567][   T38] 3 locks held by kworker/u8:6/762:
[  398.356579][   T38]  #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  398.356641][   T38]  #1: ffffc900041e7ba0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  398.356697][   T38]  #2: ffffffff8e862eb8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  398.356778][   T38] 2 locks held by kworker/u8:9/3235:
[  398.356791][   T38]  #0: ffff888141710938 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  398.356848][   T38]  #1: ffffc9000d5afba0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  398.356907][   T38] 2 locks held by kworker/u8:11/3603:
[  398.356920][   T38]  #0: ffff888141710938 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  398.356976][   T38]  #1: ffffc9000ddffba0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  398.357035][   T38] 2 locks held by getty/5555:
[  398.357048][   T38]  #0: ffff88814d3c40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  398.357104][   T38]  #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1400
[  398.357188][   T38] 1 lock held by syz-executor/5798:
[  398.357200][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  398.357253][   T38] 1 lock held by syz-executor/5800:
[  398.357265][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  398.357322][   T38] 2 locks held by kworker/1:5/5875:
[  398.357337][   T38] 3 locks held by kworker/0:6/5919:
[  398.357350][   T38] 13 locks held by kworker/u8:12/6528:
[  398.357363][   T38] 1 lock held by syz.1.456/7263:
[  398.357375][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  398.357428][   T38] 1 lock held by syz.4.471/7303:
[  398.357440][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  398.357492][   T38] 1 lock held by syz-executor/7314:
[  398.357504][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  398.357557][   T38] 1 lock held by syz.0.484/7337:
[  398.357569][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  398.357621][   T38] 1 lock held by syz-executor/7349:
[  398.357633][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  398.357686][   T38] 1 lock held by syz.1.494/7393:
[  398.357698][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  398.357750][   T38] 1 lock held by syz-executor/7387:
[  398.357768][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  398.357821][   T38] 1 lock held by syz-executor/7407:
[  398.357833][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  398.357885][   T38] 1 lock held by syz-executor/7413:
[  398.357897][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  398.357950][   T38] 1 lock held by syz-executor/7436:
[  398.357962][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  398.358014][   T38] 1 lock held by syz-executor/7448:
[  398.358027][   T38]  #0: ffffffff8e862eb8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[  398.358087][   T38] 2 locks held by syz-executor/7474:
[  398.358099][   T38]  #0: ffffffff8e855fa0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0
[  398.358161][   T38]  #1: ffffffff8e862eb8 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x80/0x210
[  398.358219][   T38] 2 locks held by syz-executor/7480:
[  398.358231][   T38]  #0: ffffffff8e855fa0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0
[  398.358292][   T38]  #1: ffffffff8e862eb8 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x80/0x210
[  398.358345][   T38] 2 locks held by syz-executor/7485:
[  398.358357][   T38]  #0: ffffffff8e855fa0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0
[  398.358417][   T38]  #1: ffffffff8e862eb8 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  398.358482][   T38] 2 locks held by syz-executor/7489:
[  398.358495][   T38]  #0: ffffffff8e855fa0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0
[  398.358548][   T38]  #1: ffffffff8e862eb8 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  398.358612][   T38] 2 locks held by syz-executor/7495:
[  398.358624][   T38]  #0: ffffffff8e855fa0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0
[  398.358685][   T38]  #1: ffffffff8e862eb8 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x80/0x210
[  398.358739][   T38] 
[  398.358788][   T38] =============================================
[  398.358788][   T38] 
[  398.358818][   T38] NMI backtrace for cpu 1
[  398.358839][   T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  398.358863][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  398.358875][   T38] Call Trace:
[  398.358884][   T38]  <TASK>
[  398.358893][   T38]  dump_stack_lvl+0x189/0x250
[  398.358934][   T38]  ? __pfx_dump_stack_lvl+0x10/0x10
[  398.358968][   T38]  ? __pfx__printk+0x10/0x10
[  398.359009][   T38]  nmi_cpu_backtrace+0x39e/0x3d0
[  398.359036][   T38]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  398.359061][   T38]  ? __pfx__printk+0x10/0x10
[  398.359092][   T38]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  398.359121][   T38]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  398.359146][   T38]  watchdog+0xf60/0xfa0
[  398.359184][   T38]  ? watchdog+0x1e2/0xfa0
[  398.359222][   T38]  kthread+0x711/0x8a0
[  398.359259][   T38]  ? __pfx_watchdog+0x10/0x10
[  398.359288][   T38]  ? __pfx_kthread+0x10/0x10
[  398.359317][   T38]  ? rt_spin_unlock+0x150/0x200
[  398.359345][   T38]  ? rt_spin_unlock+0x161/0x200
[  398.359364][   T38]  ? __pfx_kthread+0x10/0x10
[  398.359398][   T38]  ret_from_fork+0x4bc/0x870
[  398.359428][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  398.359463][   T38]  ? __switch_to_asm+0x39/0x70
[  398.359485][   T38]  ? __switch_to_asm+0x33/0x70
[  398.359505][   T38]  ? __pfx_kthread+0x10/0x10
[  398.359538][   T38]  ret_from_fork_asm+0x1a/0x30
[  398.359580][   T38]  </TASK>
[  398.359589][   T38] Sending NMI from CPU 1 to CPUs 0:
[  398.359623][    C0] NMI backtrace for cpu 0
[  398.359638][    C0] CPU: 0 UID: 0 PID: 20 Comm: rcuc/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  398.359658][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  398.359668][    C0] RIP: 0010:lock_release+0x152/0x3e0
[  398.359696][    C0] Code: 89 64 24 14 45 89 e5 85 c0 0f 84 dd 00 00 00 48 85 ed 0f 84 19 01 00 00 83 7d 24 00 0f 85 ea 01 00 00 8b 45 20 3d 00 00 20 00 <48> 8b 5c 24 08 8b 54 24 14 72 25 89 c1 81 e1 00 00 e0 ff 25 ff ff
[  398.359711][    C0] RSP: 0018:ffffc90000196650 EFLAGS: 00000083
[  398.359727][    C0] RAX: 000000000002000b RBX: 000000000000000f RCX: 82bb6f62ee215400
[  398.359739][    C0] RDX: ffffc90000196801 RSI: ffffffff8d5aa4c0 RDI: ffff88801b6865d8
[  398.359753][    C0] RBP: ffff88801b6865d8 R08: ffffc90000196870 R09: 0000000000000000
[  398.359766][    C0] R10: ffffc90000196838 R11: fffff52000032d09 R12: 0000000000000003
[  398.359778][    C0] R13: 0000000000000003 R14: ffffffff8d5aa4c0 R15: ffff88801b685a00
[  398.359791][    C0] FS:  0000000000000000(0000) GS:ffff888126dfc000(0000) knlGS:0000000000000000
[  398.359806][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  398.359819][    C0] CR2: 00007fad0066d81e CR3: 000000000d3a6000 CR4: 00000000003526f0
[  398.359836][    C0] Call Trace:
[  398.359842][    C0]  <TASK>
[  398.359850][    C0]  ? unwind_next_frame+0xa5/0x2390
[  398.359878][    C0]  ? unwind_next_frame+0xa5/0x2390
[  398.359937][    C0]  unwind_next_frame+0x19a9/0x2390
[  398.359963][    C0]  ? unwind_next_frame+0xa5/0x2390
[  398.359987][    C0]  ? arch_stack_walk+0xe4/0x150
[  398.360014][    C0]  __unwind_start+0x5b9/0x760
[  398.360040][    C0]  ? skb_release_data+0x62d/0x7c0
[  398.360059][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  398.360080][    C0]  arch_stack_walk+0xe4/0x150
[  398.360106][    C0]  ? stack_trace_save+0x9c/0xe0
[  398.360127][    C0]  stack_trace_save+0x9c/0xe0
[  398.360146][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  398.360168][    C0]  ? __lock_acquire+0xab9/0xd20
[  398.360215][    C0]  kasan_save_track+0x3e/0x80
[  398.360265][    C0]  __kasan_save_free_info+0x46/0x50
[  398.360283][    C0]  __kasan_slab_free+0x5c/0x80
[  398.360307][    C0]  kmem_cache_free+0x19a/0x910
[  398.360330][    C0]  ? skb_release_data+0x62d/0x7c0
[  398.360351][    C0]  skb_release_data+0x62d/0x7c0
[  398.360375][    C0]  consume_skb+0x9e/0xf0
[  398.360392][    C0]  nft_synproxy_eval_v4+0x376/0x560
[  398.360421][    C0]  ? __pfx_nft_synproxy_eval_v4+0x10/0x10
[  398.360446][    C0]  ? nf_ip_checksum+0x13c/0x510
[  398.360473][    C0]  nft_synproxy_do_eval+0x345/0x570
[  398.360500][    C0]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  398.360539][    C0]  nft_do_chain+0x40c/0x1920
[  398.360569][    C0]  ? __pfx_nft_do_chain+0x10/0x10
[  398.360609][    C0]  nft_do_chain_inet+0x25d/0x340
[  398.360633][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  398.360655][    C0]  ? __lock_acquire+0xab9/0xd20
[  398.360684][    C0]  ? NF_HOOK+0x9a/0x3a0
[  398.360711][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  398.360735][    C0]  nf_hook_slow+0xc5/0x220
[  398.360755][    C0]  NF_HOOK+0x206/0x3a0
[  398.360783][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  398.360811][    C0]  ? NF_HOOK+0x9a/0x3a0
[  398.360837][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  398.360862][    C0]  ? ip_rcv_finish_core+0xda3/0x1c00
[  398.360879][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  398.360907][    C0]  ? skb_dst+0x4f/0xd0
[  398.360934][    C0]  ? ip_local_deliver+0x12a/0x1b0
[  398.360963][    C0]  NF_HOOK+0x30c/0x3a0
[  398.360989][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  398.361016][    C0]  ? NF_HOOK+0x9a/0x3a0
[  398.361042][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  398.361069][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  398.361101][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  398.361126][    C0]  __netif_receive_skb+0x143/0x380
[  398.361167][    C0]  ? process_backlog+0x27b/0x900
[  398.361193][    C0]  process_backlog+0x31e/0x900
[  398.361226][    C0]  __napi_poll+0xb6/0x540
[  398.361252][    C0]  net_rx_action+0x5f7/0xda0
[  398.361286][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  398.361315][    C0]  ? kvm_sched_clock_read+0x11/0x20
[  398.361341][    C0]  ? __pfx_sched_clock_cpu+0x10/0x10
[  398.361357][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  398.361383][    C0]  handle_softirqs+0x22f/0x710
[  398.361410][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  398.361437][    C0]  __local_bh_enable_ip+0x1a0/0x2e0
[  398.361460][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  398.361487][    C0]  ? rcu_cpu_kthread+0x23e/0x1b50
[  398.361519][    C0]  ? rcu_cpu_kthread+0x23e/0x1b50
[  398.361544][    C0]  rcu_cpu_kthread+0xc3d/0x1b50
[  398.361573][    C0]  ? rcu_cpu_kthread+0x23e/0x1b50
[  398.361605][    C0]  ? __pfx_rcu_cpu_kthread+0x10/0x10
[  398.361632][    C0]  ? __lock_acquire+0xab9/0xd20
[  398.361656][    C0]  ? __pfx___schedule+0x10/0x10
[  398.361685][    C0]  ? schedule+0x91/0x360
[  398.361708][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  398.361731][    C0]  smpboot_thread_fn+0x542/0xa60
[  398.361753][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  398.361781][    C0]  kthread+0x711/0x8a0
[  398.361808][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  398.361831][    C0]  ? __pfx_kthread+0x10/0x10
[  398.361856][    C0]  ? rt_spin_unlock+0x150/0x200
[  398.361876][    C0]  ? rt_spin_unlock+0x161/0x200
[  398.361892][    C0]  ? __pfx_kthread+0x10/0x10
[  398.361918][    C0]  ret_from_fork+0x4bc/0x870
[  398.361940][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  398.361965][    C0]  ? __switch_to_asm+0x39/0x70
[  398.361982][    C0]  ? __switch_to_asm+0x33/0x70
[  398.361999][    C0]  ? __pfx_kthread+0x10/0x10
[  398.362025][    C0]  ret_from_fork_asm+0x1a/0x30
[  398.362052][    C0]  </TASK>