last executing test programs:

17m16.196863983s ago: executing program 32 (id=1):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x800, 0xffffffff, 0xbfdffffc}, 0x0, &(0x7f0000000280))
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
fsopen(&(0x7f0000000340)='omfs\x00', 0x1)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x40000)
close(0x3)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f)
r4 = dup2(r3, r3)
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f00000001c0)=0x2)
read$FUSE(r4, &(0x7f00000063c0)={0x2020}, 0x2020)
futex(&(0x7f000000cffc), 0x8, 0x800, 0x0, 0x0, 0x93000008)

17m13.010847975s ago: executing program 33 (id=7):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x800, 0xffffffff, 0xbfdffffc}, 0x0, &(0x7f0000000280))
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
fsopen(&(0x7f0000000340)='omfs\x00', 0x1)
userfaultfd(0x1)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x40000)
close(0x3)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f)
r4 = dup2(r3, r3)
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f00000001c0)=0x2)
read$FUSE(r4, &(0x7f00000063c0)={0x2020}, 0x2020)
futex(&(0x7f000000cffc), 0x8, 0x800, 0x0, 0x0, 0x93000008)

16m46.29741137s ago: executing program 2 (id=46):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0xffffffff, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x5, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7fffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@empty, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3, 0x0, 0x49}]}]}, 0xfc}}, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000800000000000003000000000000000000000000000000fdfffffffbffffff0000000000000000ffffffffffffffff053b000000000000000000000000000002000000000000005600000000000000feffffffff7f40000200000000000008000000"], 0xfc}}, 0x0)
r1 = socket$kcm(0xa, 0x2, 0x3a)
sendmsg$kcm(r1, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @mcast2, 0x1a}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000780)="80005b020eaa4da2", 0xfdef}], 0x1, 0x0, 0x0, 0x900}, 0x0)

16m45.936176171s ago: executing program 2 (id=47):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = openat$vicodec0(0xffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VIDIOC_S_OUTPUT(r1, 0xc004562f, &(0x7f0000000180)=0xba)
r2 = dup(r0)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x434c, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
r6 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r6, &(0x7f0000000340)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x0, @local}}, 0x24)
bind$rxrpc(r6, &(0x7f0000001280)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @local}}, 0x24)
ioctl$DVB_DEMUX_DMX_SET_FILTER(0xffffffffffffffff, 0x403c6f2b, &(0x7f0000000000)={0x6, {"e512864f2c63b42b1e937260904ce544", "b80300000000000f0000000000004000", "0000d86df169f800"}, 0x3ff, 0x5})
syz_usb_connect$cdc_ecm(0x0, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001900)=[{&(0x7f0000000500)=""/3, 0x3}], 0x1, 0x1, 0xb1)
ioctl$DVB_DEMUX_DMX_REMOVE_PID(0xffffffffffffffff, 0x40026f34, &(0x7f0000000040)=0x6)
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x321601, 0x0)
ioctl$SNDCTL_SEQ_SYNC(r7, 0x5101)

16m43.81816739s ago: executing program 2 (id=50):
socket$inet_udp(0x2, 0x2, 0x0)
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getrlimit(0xc, &(0x7f0000000300))
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x2)
mount$tmpfs(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000280), 0x2000001, &(0x7f0000000080)=ANY=[@ANYBLOB='fscontext=unconfined_u,fscontext', @ANYRES16])
write(r3, &(0x7f00000008c0)="bae2bf808214ff98d8d00b4e4aa5b63a86342a471feaedd023fe0d23081a02d33e4a469ab9d700b98dbc637a1ab17ee404dfa6c5d5a144ee59221d4b94680ba508343a208a525cff39a2733191ec729e1ed6ee89970d901cdde9274de2a14d16d4b60efff4a823051100a4766a36baa70307cd088fcc9e7146a60c52282f525d113a20c411358bfa0b288791cc9dba6ba75a160cb7beda4a2a7f1a2fa5c565ff344c6b7550c85aeec24195055e0cb2b5ed37875be4e627ef1027ef44c76edb024b67d2dd316c9025880d70300e9ac5abae459e1de4d6868facadaf5c07042ba04768b47d542ef67510bc6a31e1c671cd366d1060843996078b8bceab4299a1fd7ff0318b010dfc8a95b9163505bdde7f92bccfb94a227d620c7fbf355564d75dadaeb40bfa148575d175ba6b276dd1f08de275305c679ed2ca319a0d0ea310eee868429deb863319197812d62a2961765536e8b81edabf419b3ee6c60e17b9c61353366cb3e11572e94b996053feb7854704a86cd638976f8373557ca455e43463252bff8f4835f05ac57cc3e29031d648a942c4f83823378367ff5ff6157e59ccb6b7236eeca6a5f962d3f79b677fa1d2b8baa374f5aab9ecabd7f024941d73db13ba01090a7544d51c2e1ffc35d383b355c359568623715caadca70f1125419af0a5ec9832a5885c29ac40b3fe2f9f173934bb57eef3c9ab71d1b747554fb403d22cd39f98d2ac6df121c75ea827d1790db6fc7c21f601f75bc9b7d5facd83cf77e4b666e3257fb81ac213d2afccd3cc5e2bab7db075d051cd5c9f860f421e672e6d3c2ffce5f51b45e24a1dcf27de17e47ad0d34fa1ead3fc3892593f29f94f26413603c490f9c7d0682de6f9048ae911615975cee4e8b1349133192bfe71130368238688b67b74631a1a524699d28d86427694f753daf88e009c4d34ed310fea1c7356e5abc256595589f704a69b36b6dd05060f3abd79af70d2eb438b85b3d35d300eabaf51bdf479e07ff1338eba821f0c2a395cd355103df33032c1cd8edcdc5425f4418f18b7c1e85fceeb6f41fbaed2573052cf087659520618fe64ec82ae8484b2ddb50a41762fc3f90b3ceb8b2d10bac688e2d35d35e93639ab72384bebe7690c467f0f678bd75c9aa67bc96d94c98ced73d22c6776c918fe50143b80dc80d97326858cbbff3d66f7dc788b788ef275c5037081e9f025e3becca7cf496f7cddd0da37a4ea323d5037bfbcb61edf8b5980269c788605be92bd56b2399e1d5c6dfb43b65d6c9fb9a1ea1c8c548833c48a255b81ac0f7029be6234823bcf232efdc8116d530b652bc6aeab4367f7a33b4d152646003c2064a0b1cabaef6c2391e71c822409130fc4d0a3c9d2895b3f3468a51b33c512711e36632597b3e582af545f29b698d2d41f8362080977d0a0d48d492cc4f61816b7fedd27b826f81e1cbffed54c31dc6ef4b986bad01da626237a2e6bca61e2329bc4e06de64fa68d371a2f0b5dfe017d321e09bd5fc8fba5416e8d7ea329ec0f9be877dc406b6f592dfb3176cffcd9a82ac7479e674d6f3c346fcd3cd2f65e724693b5ace04bb74c2e8a47717162a3b14fcd0b9045b48545ec9dd4d2d1926da207371dbb8e339bd5456f7e00dfb73a9ad86e5e902311644a9a0ce2cb9483b90c25c8e30984bac1c462c06f1b76c68f5a8ef8e6414c67b6a0f77e9eb2e56a8b9ebe6af0a8fa69a92ea6ffde0eee16696a065da53bb4cb51c5985fcb0434589b4628efcf14ddd5f17ec6bd1f219096e02dc364d036b21df65c16a7a83a2145996f2154719317f49444f6ba380b821e4ca10ebba5795d6f04fe252cfabc4ffba1ae5938450b6da37ad734cf298029bfdac3b28cf86f27696fb2b7707702606e3bf5ae65e0d74b3ba450cb36af1c975aead56e69d4e61d3b1941b15d4e017f46552caf43c5ac8beafcf4c0e64c8247136d8e36409ef2986b79c806f4122a44cf988ce789797ec8919f6daff8e353e2391e45f4a2dd9984fbc8646132e2502d462d04b2d7be73cca3ede4240e3368585083f7721da55c95fc49b43a28c3e09c5fb7b43e4dc48d1095d7327ec859d657cf9cc8eef62aac5f1948358727267b87741c27fcc4b3577552e8ad3393a28261a1f754e8130c5b696509b608eb18a0cea00709ec2698527182412559deb8158e2caac436d000b4fb0f98cf920be07f0cbf3eb042bf865f68ca9295e541ae1ec6620b657ffd021794c9e2af3fdaeb5d453c30f8f915b28f230deb1f0717992d9b33425b79106de94e1cdb79dd14627413af70a2d34c908d0c165a3601b0339a335bb44ae635fe96c932111f6eef5216e32a46085216ad85423ef9b0e335ff7028464ccaaaf146d846c436e1db3c77877dce48b92d6b7e1d04f455f66093a9b24c07ef58cbfa7626c03cdf2153f14b055eb6c3c98a28ca85a74c48773f829a35433f11078249dd0a4295dbc3cf539a2b68c472a3000bb1b8e0faee8ea405270532c20ef4955b54d768d99d83ba165f37061bad1d1dcb1d90162b2a6c7678068e665dfa9501d367e4ba272238a3f8919d7f19cb692f2679fb1ea43d3fcf7119ce967529450de7fb3a2bb9902bf5b146e37661a934554f12dfec8647a96c5efc7bf3256af35cc94b64ad1a6902c6b052bb7334a364b0eaa485dee260d1331620e59260517f5d79c5eefc11148062fc6d8296d40a0e832b406c39440945ef986f7bd5beeef8954a86d4efb2f0b1215a3860df643bfa2f8bc99113ea1401188b580ee168a3b62201529b581e36", 0x7b2)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4c840)
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x78, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb}, {0x0, 0xfff3}, {0xd, 0x300}}, [@filter_kind_options=@f_flow={{0x9}, {0x48, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0xc1f5}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_ACT={0x34, 0x9, 0x0, 0x1, [@m_csum={0x30, 0x6, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}}]}, 0x78}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)
r6 = getegid()
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x6, 0xfffffffffffffffd, 0xe, 0xac, 0x3, 0x4, {0x0, 0xff00000000000000, 0x5, 0x40000000005, 0x85, 0x7fffffff, 0x8000, 0x7fffffff, 0xfffffffe, 0x4000, 0x0, 0xee00, r6, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20040040)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

16m41.53758897s ago: executing program 2 (id=52):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[@ANYRES32], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000))
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
mount$9p_virtio(&(0x7f00000000c0), 0x0, 0x0, 0x20000cc, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, 0x0, 0x20000000)
r3 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r4=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r6, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

16m38.525468307s ago: executing program 2 (id=53):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x800, 0xffffffff, 0xbfdffffc}, 0x0, &(0x7f0000000280))
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
userfaultfd(0x1)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x40000)
close(0x3)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f)
r4 = dup2(r3, r3)
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f00000001c0)=0x2)
read$FUSE(r4, &(0x7f00000063c0)={0x2020}, 0x2020)
futex(&(0x7f000000cffc), 0x8, 0x800, 0x0, 0x0, 0x93000008)

16m35.526615317s ago: executing program 2 (id=55):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[@ANYRES32], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000))
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
mount$9p_virtio(&(0x7f00000000c0), 0x0, 0x0, 0x20000cc, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, 0x0, 0x20000000)
r3 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r4=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r6, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

16m20.086934718s ago: executing program 34 (id=55):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[@ANYRES32], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000))
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
mount$9p_virtio(&(0x7f00000000c0), 0x0, 0x0, 0x20000cc, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, 0x0, 0x20000000)
r3 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r4=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r6, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

11m59.383514554s ago: executing program 4 (id=274):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4)
connect$inet6(r0, &(0x7f0000000400)={0xa, 0x0, 0x0, @mcast1, 0x2}, 0x1c)
connect$inet6(r0, 0x0, 0x0)
write(r0, &(0x7f0000000300)="89ba41c97928dec7cec15a160d3dba2553b519a795020072aed129d4b5247c983455b3d757e8b2333a64d9abf416fd83f942661c47bcdf71f7d07ba20d03474a4a4bce636ea8d2b882b2b49ef18e2a96e41f206d930eda2769c5ee6d5e3d541ce9a21c3ce5cb5fbdad9a45de0000000000000000000000000000f1d3b9821c18", 0x80)

11m59.25185791s ago: executing program 4 (id=275):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_io_uring_setup(0x6760, &(0x7f0000000380)={0x0, 0xd268, 0x4, 0x2, 0x343, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000300))
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELOBJ={0x14, 0x14, 0xa, 0x3, 0x0, 0x0, {0x2}}], {0x14}}, 0x78}}, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r3 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x80044940, &(0x7f00000010c0))
syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=<r4=>0xffffffffffffffff, 0x0, 0x0, {0x26}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, &(0x7f0000000600)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r4, 0x0}])
pwritev(r2, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000040)="0108f21d", 0x4}], 0x2, 0x3, 0x80000002)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000240)=0x3)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000)=0x7)
read$dsp(r0, &(0x7f0000000280)=""/79, 0x4f)

11m58.852850644s ago: executing program 4 (id=278):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(0x0, r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="84010000", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088058010c8054010b800800090000000000080009000000000040000a"], 0x184}}, 0x0)

11m58.584680675s ago: executing program 4 (id=279):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x205, 0x82)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x100)
io_setup(0x1ff, &(0x7f00000001c0)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x22, 0x1, 0x0, r1, 0x0, 0xfe, 0xa00}])
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x80045518, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
syz_clone(0x24100000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x11, 0xffffffffffffffff, 0xd0b05000)

11m57.967695793s ago: executing program 4 (id=280):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{0x9c, 0x0, 0x0, 0x40000000}, {}, {0x3, 0x7}, {}, {0x0, 0x5a}, {}, {0x6}]}, @TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0)
r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r2, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400285b000000007910000000000000c300e4ff500000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180)=0xd)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af0ff00000000bfa200000000000007020000d5ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000000)=@bpf_tracing={0x1a, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@call]}, &(0x7f0000000a00)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, 0x1c, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x13b02, r4, 0x0, 0x0, 0x0, 0x10, 0xd}, 0x94)
add_key$keyring(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r5 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9)
r6 = add_key$user(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000380)="93", 0x1, r5)
r7 = socket(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8927, &(0x7f0000000040)={'vxcan1\x00', <r8=>0x0})
bind$can_j1939(r7, &(0x7f00000000c0)={0x1d, r8, 0x3, {0x0, 0xf1, 0x3}, 0x2}, 0x18)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000140)=@keyring={'key_or_keyring:', r6})
r9 = socket$pppl2tp(0x18, 0x1, 0x1)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r9, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r10, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x32)
sendmmsg(r9, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0)
keyctl$link(0x8, r6, r5)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000003240))

11m56.997797383s ago: executing program 4 (id=282):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000080)={0x48, 0x2, r1})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x2, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x200000})
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000400)={0x0, "75d137abd0b3401bd07e79158d36e52b"})
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f0000000000)={&(0x7f0000001000)={[{0x0, 0x0, 0x0, 0x300}, {0x0, 0x0, 0xfffd}, {0x0}, {0x0}]}, 0x4}, 0x1)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/bus/input/handlers\x00', 0x1800, 0x0)
preadv(r2, &(0x7f0000000180)=[{&(0x7f0000000080)=""/228, 0xe4}], 0x1, 0x7, 0x9)
r3 = syz_open_dev$loop(&(0x7f0000000180), 0x8, 0x403)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000001c0)={r3, 0x8, {0x0, 0x0, 0x0, 0xe, 0x7fffffff, 0x0, 0x5, 0x1a, 0x8, "1e973dcc317fef531a14c8b08667aef36a8a844f7751b309bf99e1b689af7aa4b1a874aec7ac658648a02a156b7d2c294e361e76de9990314eebefa768110749", "13fcd3e1c6aebb20c211ee265ee1cd0abad136e3b9fd883c2140d32e43134f7b5e0f5fc98a6995943d70291a8b1abb9e549da6c1f90613bc9163847297b807dc", "c87eb36a6264c964b372b14fb6add253540a3dbe64477943b92a36b0de939cc7", [0x8, 0x7]}})
socket(0x10, 0x3, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x27e2, 0x0, 0x0, 0x0, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000380)={{0x0, 0x400, 0x4b, 0x9}, 'syz0\x00', 0x11})
r5 = fsopen(&(0x7f0000000040)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000280)='port', &(0x7f00000002c0)='0', 0x0)
ioctl$UI_DEV_SETUP(r4, 0x5501, 0x0)
dup3(0xffffffffffffffff, r4, 0x80000)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r6, 0xffffffffffffffff, 0x0)

11m56.785418756s ago: executing program 35 (id=282):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000080)={0x48, 0x2, r1})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x2, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x200000})
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000400)={0x0, "75d137abd0b3401bd07e79158d36e52b"})
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f0000000000)={&(0x7f0000001000)={[{0x0, 0x0, 0x0, 0x300}, {0x0, 0x0, 0xfffd}, {0x0}, {0x0}]}, 0x4}, 0x1)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/bus/input/handlers\x00', 0x1800, 0x0)
preadv(r2, &(0x7f0000000180)=[{&(0x7f0000000080)=""/228, 0xe4}], 0x1, 0x7, 0x9)
r3 = syz_open_dev$loop(&(0x7f0000000180), 0x8, 0x403)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000001c0)={r3, 0x8, {0x0, 0x0, 0x0, 0xe, 0x7fffffff, 0x0, 0x5, 0x1a, 0x8, "1e973dcc317fef531a14c8b08667aef36a8a844f7751b309bf99e1b689af7aa4b1a874aec7ac658648a02a156b7d2c294e361e76de9990314eebefa768110749", "13fcd3e1c6aebb20c211ee265ee1cd0abad136e3b9fd883c2140d32e43134f7b5e0f5fc98a6995943d70291a8b1abb9e549da6c1f90613bc9163847297b807dc", "c87eb36a6264c964b372b14fb6add253540a3dbe64477943b92a36b0de939cc7", [0x8, 0x7]}})
socket(0x10, 0x3, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x27e2, 0x0, 0x0, 0x0, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000380)={{0x0, 0x400, 0x4b, 0x9}, 'syz0\x00', 0x11})
r5 = fsopen(&(0x7f0000000040)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000280)='port', &(0x7f00000002c0)='0', 0x0)
ioctl$UI_DEV_SETUP(r4, 0x5501, 0x0)
dup3(0xffffffffffffffff, r4, 0x80000)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r6, 0xffffffffffffffff, 0x0)

11m27.3817841s ago: executing program 1 (id=307):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r2=>0x0})
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r2, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r3, @ANYRES32=r3], 0x44}}, 0x2000800)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xc}, 0x50)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0), 0x0, 0x1, r4}, 0x38)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b", 0x44}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r8, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)
socket$kcm(0x2, 0x3, 0x2)

11m26.947367119s ago: executing program 1 (id=308):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000710000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x3f, 0x1, 0x0, 0x0, r4})

11m23.454667531s ago: executing program 1 (id=309):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x11, r0, 0xd0b05000)

11m23.143488825s ago: executing program 1 (id=310):
socket$nl_xfrm(0x10, 0x3, 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd28, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2000002}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x6, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$sndtimer(0xffffff9c, &(0x7f0000000300), 0x400000)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00')

11m19.108662312s ago: executing program 1 (id=311):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r3=>0x0})
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r3, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r4, @ANYRES32=r4], 0x44}}, 0x2000800)
bpf$MAP_DELETE_BATCH(0x1b, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r8, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

11m18.351058092s ago: executing program 1 (id=312):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000300)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x80000007, 0x1}, 0x1c)
syz_io_uring_setup(0x61cc, 0x0, 0x0, &(0x7f0000000000))
r3 = socket$kcm(0x29, 0x2, 0x0)
io_setup(0x7f, &(0x7f0000000100)=<r4=>0x0)
io_submit(r4, 0x0, 0x0)
move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e0612"], 0x9)
write$cgroup_pressure(r3, &(0x7f0000000140)={'full'}, 0xfffffdef)
r5 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x3479, 0x80, 0x0, 0x8}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r5, 0x3516, 0x20000000, 0x0, 0x0, 0x0)
r8 = fsmount(0xffffffffffffffff, 0x0, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x8, 0x102}, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06864ce, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x0, 0x2, [], [0x2], [0x0, 0x6c], [0xfffffffffffffffc]})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x161e42, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
close(0xffffffffffffffff)

11m10.183274149s ago: executing program 5 (id=321):
syz_open_dev$video(&(0x7f0000000000), 0x7, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_buf(r0, 0x0, 0x8008000000010, &(0x7f00000000c0)="170000000200010000ffbe8c5ee17688a2003c000301000a000002a257fc5ad90200bb6a880000d6c8db000000df018002000000fc0607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dfc060115003901000000000000ea000000000000000062068f5ee50ce5af9b1c568302ffff02ff030000ba000840024f0298e9e90539062a80e605007f71174aa951f3c63e5a1b47b63a6323ded2231454668492f9c681a6a9fc", 0xb8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x110, 0x30, 0x10, 0x0, 0x25dfdbfc, {}, [{0xfc, 0x1, [@m_ct={0x44, 0x102, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x2, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0xb4, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x2}}}]}, {0x6e, 0x6, "c31c872ec4e55a9740e1e88a9d4e085846a9d7a9436cb2cdb533b595d0799568723559173a731aeb5cb3219a8bd279ce47c0bd89d1dae0e3567ff9c16bace61e9f7e23efe8dcb13b65dbb5008b5aa340c85caa17f11b3898f1ca9861039e2d2ea338531cd36a88d4c322"}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x8c, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
r4 = syz_open_dev$vim2m(&(0x7f0000000280), 0x11003e2, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000380)={0x3, 0x0, 0x0, "ee4f6da8d2cf4011ac7b00", 0x32314742})
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be7d6a14fc29", 0xb)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
preadv2(r5, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
getpid()

10m59.756147462s ago: executing program 36 (id=312):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000300)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x80000007, 0x1}, 0x1c)
syz_io_uring_setup(0x61cc, 0x0, 0x0, &(0x7f0000000000))
r3 = socket$kcm(0x29, 0x2, 0x0)
io_setup(0x7f, &(0x7f0000000100)=<r4=>0x0)
io_submit(r4, 0x0, 0x0)
move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e0612"], 0x9)
write$cgroup_pressure(r3, &(0x7f0000000140)={'full'}, 0xfffffdef)
r5 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x3479, 0x80, 0x0, 0x8}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r5, 0x3516, 0x20000000, 0x0, 0x0, 0x0)
r8 = fsmount(0xffffffffffffffff, 0x0, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x8, 0x102}, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06864ce, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x0, 0x2, [], [0x2], [0x0, 0x6c], [0xfffffffffffffffc]})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x161e42, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
close(0xffffffffffffffff)

10m56.439737602s ago: executing program 5 (id=327):
socket$nl_xfrm(0x10, 0x3, 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
socket$kcm(0x2b, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
gettid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000003c0)={0x4, 0x1, 0x0, 'queue0\x00', 0x10000})
dup(r3)
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x3, 0x801, 0x0, &(0x7f0000000040), 0xfffffffc)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)

10m53.624289163s ago: executing program 5 (id=329):
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8000, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xd, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r3 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0xfffffdd1)
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000240), 0x80080, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r5=>0xffffffffffffffff})
r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x220582, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r7=>0xffffffffffffffff})
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r8, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
ioctl$AUTOFS_IOC_EXPIRE(r3, 0x810c9365, &(0x7f0000000440)={{0x1, 0x401}, 0x100, './file0\x00'})
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r8, 0x29, 0x1, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r8, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r8, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x304}, "bd88818314ff7d84", "0b3ea924c47b25d76225c700", "000400", "d5a1d50399459b68"}, 0x28)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r8)
shutdown(r8, 0x0)
ioctl$SYNC_IOC_MERGE(r7, 0xc0303e03, &(0x7f00000001c0)={"3c24139ed44aec57f2e2ad238e7b448ed886923c31d4a043e3b614fd00", r5, <r9=>0xffffffffffffffff})
openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
close_range(r4, r9, 0x0)

10m52.941851922s ago: executing program 5 (id=330):
fsopen(&(0x7f0000000080)='pvfs2\x00', 0x0)
fsopen(0x0, 0x1)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff)
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
syz_open_dev$sg(&(0x7f00000008c0), 0x0, 0x482)
socket$unix(0x1, 0x5, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x90)
r3 = getpgrp(0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x2, 0x0)
prlimit64(r3, 0xe, 0x0, 0x0)

10m52.531293514s ago: executing program 5 (id=331):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_io_uring_setup(0x6760, &(0x7f0000000380)={0x0, 0xd268, 0x4, 0x2, 0x343, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000300))
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=<r1=>0xffffffffffffffff, 0x0, 0x0, {0x26}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, &(0x7f0000000600)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r1, 0x0}])
pwritev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000040)="0108f21d", 0x4}], 0x2, 0x3, 0x80000002)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000240)=0x3)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000)=0x7)
read$dsp(r0, &(0x7f0000000280)=""/79, 0x4f)

10m50.439970173s ago: executing program 5 (id=333):
socket$kcm(0x11, 0x200000000000002, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
getpeername$netrom(r3, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = dup(r4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, 0x0, 0x0)
openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
read(r6, &(0x7f0000000040)=""/138, 0x8a)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="0400000000000000000000000000b01df21100050500010007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x28000080)
sendmsg$inet6(r4, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
shutdown(r8, 0x0)
recvmmsg(r8, &(0x7f00000004c0), 0xf02, 0xf0, 0x0)
socket$packet(0x11, 0x3, 0x300)

10m35.17363716s ago: executing program 37 (id=333):
socket$kcm(0x11, 0x200000000000002, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
getpeername$netrom(r3, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = dup(r4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, 0x0, 0x0)
openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
read(r6, &(0x7f0000000040)=""/138, 0x8a)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="0400000000000000000000000000b01df21100050500010007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x28000080)
sendmsg$inet6(r4, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
shutdown(r8, 0x0)
recvmmsg(r8, &(0x7f00000004c0), 0xf02, 0xf0, 0x0)
socket$packet(0x11, 0x3, 0x300)

8m53.046197454s ago: executing program 6 (id=438):
syz_open_dev$video(&(0x7f0000000000), 0x7, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_buf(r0, 0x0, 0x8008000000010, &(0x7f00000000c0)="170000000200010000ffbe8c5ee17688a2003c000301000a000002a257fc5ad90200bb6a880000d6c8db000000df018002000000fc0607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dfc060115003901000000000000ea000000000000000062068f5ee50ce5af9b1c568302ffff02ff030000ba000840024f0298e9e90539062a80e605007f71174aa951f3c63e5a1b47b63a6323ded2231454668492f9c681a6a9fc", 0xb8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x110, 0x30, 0x10, 0x0, 0x25dfdbfc, {}, [{0xfc, 0x1, [@m_ct={0x44, 0x102, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x2, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0xb4, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x2}}}]}, {0x6e, 0x6, "c31c872ec4e55a9740e1e88a9d4e085846a9d7a9436cb2cdb533b595d0799568723559173a731aeb5cb3219a8bd279ce47c0bd89d1dae0e3567ff9c16bace61e9f7e23efe8dcb13b65dbb5008b5aa340c85caa17f11b3898f1ca9861039e2d2ea338531cd36a88d4c322"}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x8c, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000240)=0x1)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be7d6a14fc29", 0xb)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
preadv2(r4, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
getpid()

8m50.568903607s ago: executing program 6 (id=439):
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='tracefs\x00', 0x1214040, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x404, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_INIT(r1, &(0x7f0000001dc0)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x8000, 0x2b438843, 0x6}}, 0x50)
getgroups(0x4, &(0x7f0000000040)=[0xee00, 0xee00, 0xee01, 0x0])
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0xa04423, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)

8m48.552032176s ago: executing program 6 (id=440):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x25, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001000000"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r2}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0x18, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000100000000000000010000180100002020702500000000002020207b1af8ff00000000bfa10000000000000701000078ffffffb702000008000000b7030000000800008500000006000000b7080000000000007b8af8ff00000000b7080000001000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r3, 0x0, 0x10, 0x70, &(0x7f00000006c0)="0000000005000000", &(0x7f0000000700)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

8m38.626674266s ago: executing program 6 (id=447):
socket(0x10, 0x3, 0x6)
socket$nl_route(0x10, 0x3, 0x0)
openat$kvm(0xffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000b40)={0x38, 0x3, 0x0, 0x18000000, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x26e1, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r3, 0x7}}, 0x48)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000740)={<r5=>0xffffffffffffffff}, 0x2, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000580)={0xe, 0x1, 0xfa00, @id_resuseaddr={&(0x7f00000005c0)=0x1, r5, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r4, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r5, 0x10, 0x0, @in={0x2, 0x4e23, @empty}}}, 0x90)
write$RDMA_USER_CM_CMD_LISTEN(r4, &(0x7f0000000080)={0x7, 0x8, 0xfa00, {r5, 0x1}}, 0x10)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
add_key$keyring(0x0, &(0x7f0000000400)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8)
setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, 0x0, 0x0)
sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)

8m34.84034846s ago: executing program 6 (id=450):
r0 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000080400240012800b"], 0x4c}}, 0x0)
write(r0, &(0x7f0000000040)="3a03000018002551075c0165ff0ffc02802000030011000500e1000c040007031a000900", 0x33a)

8m34.091021843s ago: executing program 6 (id=452):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
lsetxattr$system_posix_acl(0x0, &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="0200000001000000000000000400000000001b23072a7054b2a300001000020000000000200000000000"], 0x24, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r3, r2, 0x0)
fanotify_init(0x200, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
socket$packet(0x11, 0x2, 0x300)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000000850000008600000018010000", @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})

8m18.840395178s ago: executing program 38 (id=452):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
lsetxattr$system_posix_acl(0x0, &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="0200000001000000000000000400000000001b23072a7054b2a300001000020000000000200000000000"], 0x24, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r3, r2, 0x0)
fanotify_init(0x200, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
socket$packet(0x11, 0x2, 0x300)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000000850000008600000018010000", @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})

18.329236955s ago: executing program 7 (id=1037):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000a00), r0)
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x20, r1, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4008000}, 0x24008000)

18.010140502s ago: executing program 7 (id=1040):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)

14.554046652s ago: executing program 7 (id=1047):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x1, 0x6, 0xfa11, 0xffefffff}, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
pread64(r3, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
r4 = socket$netlink(0x10, 0x3, 0x4)
io_setup(0x4, &(0x7f0000000140))
syz_usb_connect(0x2, 0x36, &(0x7f00000008c0)=ANY=[@ANYBLOB="120100001b767f2051045251b9c0010203030902240001000000000904000002526f590009050d00000000000009050a02"], 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, 0x0, 0x84054)
writev(r4, &(0x7f00000000c0)=[{&(0x7f000001b2c0)="580000001500add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03adcac4b74ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
read$FUSE(r3, &(0x7f000001b440)={0x2020, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f000001b240)={'\x00', 0x0, 0x800, 0x4, 0x3, 0xc361, r5})

13.125602131s ago: executing program 3 (id=1051):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}}, 0x50)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x18)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f00000063c0)="99529ca7d265e2dba44891e35e7d5dab7921b730436ecd4e999a25bcf86a25f8f029c0dd50373e90b7cf7779b12ecd4423c5b13cfac186975cd723976f3c747612913029d42517c189364bc59d8ebad53ed1b86f8f66c99b1f9b5b40d78cef1f14f81815d53bdca7fef40607358db69eb8c0b1f6b0942ab4b1ee7ca8deb4eddef06381a3d1c52d6147fc5109c7c607591497a6b2477f60cc881d3219c96bffb34aadec3fa97250713cce17cd536721bf9c40a019531ed0bbad139e26a3d4d39b68ab1bf37cb1a4bd197a8789cb1940cd86d9e56713bc36c7cffd07a311f5bc2e91f16d152eb480645e85ec9b3bf09c7fa140dced0afd55d7b99e90a96e7748e2d0dc09672ac199ce529e631efe1783769819c182ca106f6184bcbb387ed246c43562d74c36ac3a7ec2f0e11f70bad0007c03bb9c0d2dacc2148cce4a4aea327c7319016ad146b52bfae0357f9e892e9bec61a13c93551cfa3d4f4bfa7585c93bb0bef01a9114f3dc54179cf9a57fe88f5cff3403e33c9d09e3e9c2e10f1f16894e1b59e3cad47c1f202cf7b756f2851fc96d09459c9a8d34c19e6a3525cd5001aac5181f57286d0e1e88ce5092c7c76b6abdaebf2c499aa47587b48eb12a2b72548c190b0324ebedb81a63333b6edb25550f859c5ccc404a944ff7f61af8800888192fbd4c8e0e417d1d181b4b335a6f52e0a7dae18397e81e3f747cab7be902ed903bdd6a622f178f9b4244718ee1206237257374d2fd1466ab6135ef7ef4a114ae170eafe9cd78cf9ffc36974cbc4b8003072bed78765a0b9f1240f24dec6a9e46db9bb498d40f727c0cbf8f4a6a49539bd0805caf65d80130d7fb60a69dc7ed890874a17530c042cf33a977d331435d68ef33885f638c777ad49564ca77d8b81ddd853a21cd55d95b627310dd633a4f005853a5506cd8f744c367f3cb6998b0fa97de6bb35b166b0c6408c4e0a38ed26235a88520c38ca97ac8a6dc81e6dc6483d383fa09f198997b8eea1c68c9e3320683c9a02dd89ddc34c241e7294ccc88d6b35762892e8746e558bfbc2251949f2ecb763dad5b975eaf36e2864be6a41d3e20514d32f5d4b6350dc7e3cc3a85428ea98efb3b1edc2a2ec1e618452949cc7e2ba1251990168fee342d4f304b7a7af9162bcbe6b09c75d7420d2c547b4e3cee1836df6eddd5dff73a4e308fcd8eaa7a33e6980a6f8ead03257a37d72d3b265d02fa42f57db877654ed513e31c35e1af0bd28511d6b57cfe07b27cbe9767a534b426dfc3dd257d5899444f34cbf4dc74b9eab2e7e3e1e1a8a6ac5e4359d653506b299a5b7c67b92dc462f1216655f952362a3387ad9966b606d98e8d1b544dc27dc6bc78fd18a446736e25c51143db9886b6c09812d5825b5d9e0932f218ff8bea4d9e1c4df9c9d4eb19336d48163a921c4ff1f0beef26b01b7e8c0d23fb59b84e229eaabb791f2cffc9aa4db75162cbfe4c9ae8d76a5b6bc4bff20e3f8f125b9aadb3e728d7f78d61fd55f46b7f59511b876e6563256686e44f25cf38d393a9b762bada272eba8df28e4086c4cd2fe3c9fab97756fb145373e6ca1991bb1ee6589e49c821ff29f047970819f88f724bd077cd3f0ae463d99b3e53078431e3f9bebabc5289a65479359efe3909186aac60a29f561de8c590988c913c9e693ab8106e8287f6565eee6735f7c88cad7124d1c8d9ff347e97912824088ee954de01c6d8a06447f06899607eadbfd078bc3df506252005749378dbd7399c9eca60b81dc0d88dedec31e5cf6e7b6d6d411958df8f9e0bf4443e8d3bdfe49d05f811d17088024d0629fc8ab8e05e309bf55e8e60d342623765f4e8d2dc4a90291cd4354ff9568c8170e6ea56e028bcf2719595253adb8c84050bb9ce4927a1c1f4560da87d109ceda90bbe45a1717763d8025f1ff40f157185ddf17079da272ae10c4f34162caf4b0d31221a57b3059fd449c87554d968a54b2eebd760dc3263c40d9eedf5905d5699d29706ea6e9e81ff2bf92489a06deffe7e978661f37a88450783e23f107c2bfce000dfc91c5fca49e46d9ea978f215a45984699f0d2503b30a741e13be56b7abe3e5663c0825c3cb04ead44ce97719c4ee6f4cdd3c452775ad7163d5c9034583cc2dbc2b0c04917a3e1aa3d0a8bb6fcf94d7922eb1d543c09185827aeb1b72ae7103ef2c014af2ff4b47fca40fb0e66ddf0264476d7a84e9b8dc551d4c407bdbac6757f7a25bd404b45bec1091696203cc438860131ad5f2fd80e3c45629864dd9f7d302b66fb8fb86735c9a6dcf8b135a273dd2ae9473bc905081be9fcb8f91b1ddba1ac692798dac0b9ccffe0319a779f5e10c65f294b22fe475283b023f9cd890e92c5447b1bc1528255c5af383bc1fb6e72cb9a67215a9e25cde63c89baa8c7125c7e8b748b728d07d9cb66778404f54e6a9e3ae1ae82f3d0ce77199f23f94a01b71b805b476fedbebeb52c83a1b857f23ba438c56a6c4c2a5909f721e6e3d240e4a16455e92220d13022ce7ec0b1365ba4e67aa6ecb324f8826579e12cebdfc0d8af63e83b5e5624d5b791f99093f9a27f7baea9fd10111209c0857a04f07408111063ef34026aee27a3d51b40e53883f9094402534bdd21cc49d7f5593e99cb204cd805bee4add0f82cf4b6dc5da14d6b79fbc68c9ccf7fb5fe774f8879e13079b024a8ad24bf123c420d630837a84ba05abf0ae4dc3fc04f25c7f74ff91d0d609c958642a48551e51b5c0074a56a7da10ce153b08cabea636f8489d8e7b655758a41d7f7474c9d76bf4d54d789bfceaffef139854065de6a94b0275a9626aab99ae838364b1a491e55017e4212b6b01f7a41bc9c215ecd17c49a8610db28c699259c58b81a0e84c45fd8e719c05c48501c49e8a6515044d247f58e4cd0bf22fd6ae31f45339d1f801196d426c52269b1aaffaf18e2a03760bb231cb7cefa6d72f1d7eb6a3bbd65d0914221b8fbf531dbd562eb4a1b28983ac7d83d4813b10b34c9525ba644f61a2c4800d4fe96a7bca63da1041ed73cc57fb9d42f9dfc8ca41d80292bbb311c89b0a0fcee1d88a025a7416863342aea00e6f049cb2ddebd17c5c617ff562a8af0c965cbe8341431a30ea239e4a62aa2b19757a3b0de04229a9907f8610c27b26591405845bf8b5b83706ed18d910c4f68777378366ff565617b19168a04560a32ce5ad64aaef9f4377118c4335b24826cdcde78fb4bdb11498553f56d8dfeb3a482c70cc6580c399b92339cbdb3464fcc7b00e9839fd0d2b8b6db90c56b33593a0048bf7983421f29b1285c81a239045b96a9b0cacd70d6d9853206471f06915efc8d3ec4c50fb13601abc73247a656066fd7b329159b3ce9e3302b4c0d6aec58cb0946a8ee8e7f55f1af604f1edb4d887fa6292dc0ce57705c1a25dc62650c127d11a364b397aefc2fcc3a164bdc53165a461b01de9180c1461b309c75af0911b4cc1b8aa05652b62119c87b4b235c573aa15b1516cddf61efd6a7f8c953fbaaee9c0e800e8f519e1494de850ddb976864088fe0cf90bbc54395078ea2501e8baa84d6807e184105bc2a140b663416496886422643bbf764d406af06e7d086678828defda0b648b25666b7b5ea29e927141740d5be0e61bf25d40b8404ffd3c67bb855b11d4faf82b7b8051615c101c3deb0601a0fa9ecd8b4a95082ccbc8222b0982802dd8430e653d6eea2786dc3a91397135faffdc65a5bae048f5c463b1a6648becce961d39d063d28d1ad6dafcea0b0878379adb16cc0d4cea572abeacd9a168a4fe2e338092b5bc93ecf02ac6ccda03e5b23adf511fdf7a79442093233b79c67d3fdd3c36c96a8f67aa79e4743d99cf963ae6161877f73656eb0314d889f4b8649bbce8a759f90eac6c006197b54b2bbac7c9b237f1e3dc099c62a65481960e6ad697fc66316ac084ba99c60f58bf44ff45f3b2006cbc4196a25f124dfaf247e863a855ef6070deb45219a922dcf2be9bd01c340e1ca5ed7c3ddac9f7a677c5d00610991d21e0751ac8044585b39f3fec5b672a11a9bce32196c2003d01ea50b0f0403e16df188ecbbb74f295f01398363ddfecdb63a49347c912c125670205d7b6be999688df85bb7d5ac12b62b4fdc4eadcc2a9a7897028404f697b007603a0ad588c772952d6670ee870771774ad157c0b9cccd4b2192d835606198ea0c65036ae4e406cdc539ff3aa81fa20b7ab58d6f3abdb69cc1f503d593f7025d2035e7f21db76336efc2843a0dc9bd2eb8794718134ee68fc57d4d2bcc18969d08177f442b87433b48540c661940cf9e2462c53efa310c7e47487deab2ae15b1978ef05aa1e14110943f649d82486f710a39854409e74edcaf06b4a92d3580b9cdabf83c6351657698d3d5af7514f382e75d1c912cded577258603fc9ed002e010747cddf7885d34afc9a84d82696c6660cb5ecafb68b564908fc49c4db6a187d037241a26b1141cf20f2e968a53366db0f60b79cd98cf3c897c50b7b9728e6e7100f99e4d5ed2428dbd285516ca6660777a39b4b2617c1be5b0232d60b9c8099f5daedbf190109439c40b46090985200d6c0501313f3fa4d244864575c275faca47aeff32c7b3e3c59392618562a7c2d4b3af85a37a8847f595352024cb63d3a9085c2a502c6a3248f43c5fc828e636cb634b2d393d853ae2dc9605985cf85c060860a90256c7b574c1e01c320687a2bb0b2d51cc2950c485f2ffa5db0ad7aaf753f543de7f86efb775c6bac2989a33757a28836fd27f9347229a0004bd2e546994c69c678fe5717f613f905d945c072004c3a80e0e54215e19ff9972521890d4e705e429f16fc35fe5a15f2e6b75cd719d38f76b087b62e4b5dcdb35f4baa2bab167150bafb6c69e260ca51004bc826d46b77c3f67eaa08497294868e6d91b7b867e4da62052f4f891677256cfbaf19cf32bad99a7da69d8a66537686f89a58d78c7eeaa99cd38009a1a32582bedc5c718e57b19cd405ae659a89909356a07fcef89384d160fa5ae6683cc379642aea4f0c915f72d679bd521399cb16112f2abdede3001400b4a64d2173e153a68631183679b56b8f389ba889784133453a7e892fd3b092f5040870a3cfd6f982990143e7c0882b4ff4c5d049192d36925a25ae4be441aa30dc7e74398b340c45b52c73ed3b0cd640e3cc9fd4be24e7355f386106f65895f1ee850b2a781d1d1d322ca5a3b0fdb78ce1eda048ece94af25437969c99c58c08f1446ca5541e03987a20fd75283e3e116dc4c9222ab7522e4ccf6da14aef49cac9a6a2cd4aba1c54d49e6da4179a66b84e384cd3da53908579b28c11d525ebdc4dc69074cef8a9ecd3aab98f2858769d656b46141c3a4e69a5ed6c0a732c9ec1fce080eaebf537fa5e17236a44ba9c931f555d193e475ffafd20c53ccbab607c1a15fd06742a64691205eb0d00f7f40e4dd8efb279cf09b2522aac0729a631aacb92d5cfa2ce6bb07385b981890b5916755d5cc3a51c8c36bd2987068cc24fcf73840895469bbb9aff1059601f771afedf0a48d5921103920515b27d7e607951982feba197df8c61600feb3622b9eea13a4db4068728cb98cca76cfae197f6258758490bf41673ee29acd91fd296ec863c646e0ca6a0f0e9de146c663ba13d962964d7c32804fd12a14c1ca7212ad48bdfab469c6570dca562220ecbe7b6b163ed4c9361c5c10bed5c92861b8786ada20a99245d282e4454187ec02adfe354e30647cb10661c85168f7958e3ce69ab48c9455214707a63c9b1167f0845a6bfcce2a96cd53eab430f13cd527f1666290719a47c517cfa22fec2e9916af8aa93c78e567993d7fb8ee60fc4b903b8c67a3658302c5e5f35250c30427e4c055b6c54705bc599861f80b7200d361965ff98c88cc698a2615cadeac4bdfd3d613377cea52d2bbcb7e6b78ac31d4b2c33eaf0b2ed40b963e3cb25c7dfea3ebfe7b4aff2aaaaf184dc80ab649a108e2c830ce7eaea58a263392aa9cd13d7f7bd607dc7c804b19dfa41b3e5a5155201a87311e22062c93896e70f3a5c4b03521300b61cc311ebd5beb9838d0ed207c6bfc99e4392508e95804b10b36024f32e1fe1138e9ee7773f797b2bc6be7416f4e9691ef4c2a8d06af6c8b84bd1e6fd1ba3d3183475ef6c139ccf8dcf37671fbb96a2ab5e0e042f7c4728cf30bcc1a0de28a5024276ceaa194b4926e7f6a97b78bac36e47f832d56a96cd266434d37bcf2c2f57877717d91b1854972f832354acc207a2ee8caace7504e0e6197dd7e64a01c4c67bb2de8acc0cccc6c6bff0b0cbfe345542c5a795dfa48cc0990ab5702574d36494bc44c20f5b324f7c984d986cc8cb40cb2550076d96a069b6688d22171beed2dc5b6ff3ede8fff4c4a9de6d3817357a7ca7d24d87300b4545ebbac8cf7f09ec637a4f4d6bd07673709b6c363a75ccef585610c5f15de7851b5ab53e02a757bfc3caeb9a9a8996beffdc0cfd1201b6cd99cb035584e51a6c15a5d2e17d2f8aa6b41e26809392fac6caed1e02a53dcea8a413203608780dab33315a76eba24d540e4c5b9790420834bc8d4e47bc65ae52a54c0ff308427a8d7aff746aa6589d17514e40fee5d0b3533cf4ad2c5f9d96db9f50bd69ed8c92b860e199a35cf268c66ed13516a3b4b024f62d4b2a656067eece95575bdb4907efc488a9821bc3a9c81dd11b2128b7a01aa7a9ce6e73de3b4e9beced70206f91575baddbcbe5722337953c8016a0f4b62120d776c43b7d1a879b692107954f45acdf8967dcaa994aad4922d4fe093e16c2d0090906f5036af99e50bb09b04e9c9b3b5085abf621297ce203010249cede92e9b66b446b86b43eaaae228dfdd3b4408c12b404bb727f7e969e7da04fc59900112bf8d38af0416dc616e75f167aa1352215f07115a6f4eb6bb5fff6f5c2fc9ab906392036b44090e65fdaf017dc53bc94e0807d679d793df18cc44e6c846d414cef1569530f7692daf91eaaf4ae89fe2522f2c9cf33b6ca508ebcd006bc1a61f0c800553aff9dc7d57200b25ecb83e1e0b8cd29520b63aa649d3f71a62570eee56e03223ddf31f0c04fa686b7f6dd054e7a259d9ba335c2c5b2c508897506c0db7f01878dec1411c33f0af61b81dbcf9ff8bdc0c50044963a79f3ee1462150c6bd03a32dbdfef8d72f0b8b3a395ffb0cc85792e7bc867feb5e312cb64e29e193388e9f173c162f4a1320a6f99ea3795fb77d982605959909a1aa11076fcc779ea6b80ec1bf0edfc2569ec04d15a0bdeebccf3c75393dca5e81663532f8ced12d08e4c2ae6e2954d427c7bf053dc4718f56f453bc88d74045bd2f9747aae9b5298a0de927f1d6b1308f4e1483487f083e71ed09298deb52bb10079b13def7453eb432498069edb5ade70c5c54913684d934a3febf78753ac13300a91f467ff3f6e2f00898f015d08f7739047b321b3eaee5ad8aa7adbf7833f014d8c576a491af9fca6843b327ed513821cb3951b2e67a275225d7af6b382e2f955adaacba5d1fdea2223202dee132b91d5cf381b51da94145255f584a70c5e8d11e06a44afa6599bf3ed0cb61703eba254333af53afac60e54cf6397f9f7302249ab644f0b576c713b15007be1f4f9bb213660bca8a70251472b86669d361ef968f542e81ddbe8f4d2e9cabe8d7bf6a31f14a2cc272963553a424c105e7750437ec5bf316e30ce60b4b0c27ccc1eb27e60f6472fef27654da49905ff9c01b28695310ecd8701aedff25a83da4b7c41995f902bdf249769dcb53a3efa894710dd66ba8745ae2253cc6b75a038183a0bee21226d48239320efad6727093e4f94bbc2fdcc216200d903c32bb9f16dd17d5dac423ae0696f3decc576b8f1fdce63d0532370af7d1e2fa2ca5c5d17bd88f5e3abb4792dac8689ca13752f83d753b06b037bf5a80a3748983790352775685b0414c9d74849fd217e388f904278ddb6b0abdda941b61579c796e2bb77a9bc363b18642c401faa502a31011544111b6eedaa369976c814773d83220a75f31026d6ad0b8b4298ea6062234db232bc435e096e84f740e55bb14d46ae04af0500aa5bb218aff6c76aa8a8e3140a1b0d6638538fd7f30fa8d992e53abf8af2fbc16b9e8a668c1aac72cea1a746ee5f7f3392a4ec8f1d19f2f426b6069b1cd347cbc38bceba96ce5da49198083403143c740c04639cd1089abb34fe812d85921c47437604f684bca44a1eaa965c0a6e1c1fd1f70ee932af3455b36184cc15934cdb3f28959d37d8fc10696f8ec1e4b0c3d1b9ff74a01b796d1bb68954a3768c8bcec741b3b69da892f8922142b16b2cabb469a9906b34216243fac80374c10e178c5fd36440f8d7a8588a9c2510d86ffa8cb68ce8c330d2111c94724e522f04573dad43bce252eb505d29ca9379a6b281519d38b7174f3ae8f185544f3003c936a7e6b23ca97a313aac6a061caa45fda73522f3061767bb4e33dbe4bde390eb0f07225a8aef939cb6ab2ada10c02527281abad394cd4ea9f59467a08b72047cdb75d7b2b98e5b4542554a60f953ac7a4b980f42518eec05ff2c044549cab0cf33eef36dfbabcbc0300009d898862d2194cfcdd9a713c30bbe52291105193656ea5eb830873ac956469d31689cc3c69edb5cb9a6e31ce3e6fb50ddd4e52ef9fdeacfc0db21e1e83e0d8d0a64f17cacb4dc208a893e7fd8ffa86cfc554dfba3d9fd281115eccb4b9d909f2fbf3fbb66bedd7b5db3f6d4f076f5d8fb54f8832896f8ef6f624162f1dd589be7a8e87dd5065708a8b0bfb18a5c2299f5605ac8a11c1add55b2018e6099380a70bee3e0727ca6ec58928fe6eb3147b47401e8d822eebade713b58335787669e5e0de5d328a1067df4cd9124665bb02ee8adfd1b3618374ef167df1f0fe79456f78aee3da4c1bf397e4637b0cf41a0f4a2910efd02b17bf5f3c15b0084b36fa7d4e85a53e5be366b428244eeba7499c3e54397227928e2ff6e583f332d6f7e8cf4d058f379b58a7d03a4bfa454bb4b6d543804b8970e6a9fe8886179eb418a8ce9e509e8433571f7d32378f2e983fa418c8c91760ec9fb20968e7fc23b7c4ac71693b2576ac0f8ce2020ff1e7a7ff24301b48b544fb29a1ca4f2502daded865e488a16dd33ec67b2eee3025cdc5ef90f253c4b5e0a61d51e495b675c5a1d55b4ba3812c5f44cd08487e61d36b0c2dc32d27333a5ee8a0906bfbcd388bd9389d1509912c0471c7b706a5aff880569a3fb11ac5f14d780deb4c1b1afe30fb6b8daf87b27a4ceb869d587a97f2f5af8d819aa47bbf207db68a6ecbbefb1e109ed0bfbbf3b54fba9e79de8fad9c3bcd3e74b8b92ccea3ff5c558c6cd72d78a711fc39df603bd4aa1439dd302258edd2204e52d7f435c6f552b612fbc321bea971195cd4d8bb033e2a779e239164d7eea6d8fd233b0b9b776246564cfcf44b31a83031a2413bf98a398c9f93da243cef9ce73d81bade8ad551fb0ffa75bc874c11d23ac9d7752f22a0f54c3870f3314a83e64332db810da1ebb288e10c4eb9be9ec037317b8f813e68160a887da3f5c0389510a0734b69ef275e19973b169d340610cf2112e9964cc0566b9b690c3feb36c8526491d3a563f0bead2abbcf0665e048aa3f929351b2f89876580633a403250ae3b5244c8c0e996bf888938dfc8920348d88e272e6eadc7c0387ca1dae228bd620ce3975d43b58758d9412d304a227245587065f58c4573ba2557f1d8333ba007709b1239d682f03405b22135757178fb701bbde81d2f8faaa7666c025d8a8bb426dc4b8e61aed79b3b3d3a9b01ee9142772d869677ede166e7a8be8ab84cdd6946b1478ce77ba307213971cfb24c86c344310f279e38d22254bf4caf83c02e715cb0550e615dc9f8dd2400fa749e3527493c15fb454c158e4c0603ae6e962b7890058ec7c10f0618ee274a15bca6ca9fe5bc5f9e7797c0950299912be9c58463c07d667d4bffe8aa590ae43db08512b40f3d265026bef2facdd508984e5f6d2ac7ef573397f14ed2e2ccdcbe5796e60ae64d173814906d1da5a5bfe8a2a4c5d6bb0b3315b878b4877d0c045f6e6cfa0dfc1ea4de7abe26f2b2d8c93299ed1d83f1b7853c756bfa346cd53b008fec169883983fe0f2405777dd85e17b2e4e8b23432c0dc4c386d67b6597184d0b4b95877362304638484cc0951400f66ee8391dd44417c58b3d46a8345a8049fcd70f7b5f4a6f912e2b18760947c74ef2b732b342878d7e7cc99902de87db36469555fbbfe76189f108d6ab31f4727fe4e22d075afaf6cc726ab17a5e1b4ab6c8f29a459da3c4266b5ad8ff55906a190f8b19a3bb92a50df49647c03d5d6106ec07e9300038d059a75b54ac31683ef8e5eee946e1c84d016ee1e7800a92c0a3823b62e0417fe86b191951f65abc0c38c1e0e8f1121a04b62a8a720790560f922804b1b7e7eaa497e1bede6e3d0dcf0312dbf221561958fa1e85a8f99e6fc82f919e78c17d1beda16cfef25fb5d00f7c32df9a51eac76000c988ffdf011564aa0e319764b16a5a7c728a470ff70772fb76c9ada26a0ac073fcbfa12501c2454b19e02d928e3939a40bfff76c002533b3849cdf8016728445131e5f1e292b7d3dc06bb3a3cfff6fabae0b7341694a8938c1d2497cd70b76c337c9a312e96c8f736d7625a535e1906eba53d199221ca60202a65be0f7e530aca10e61fa39c7601d65954e5ed4cab94345c6b89c7f8a0de5c61a7945e1564731b6715331d13263b2961a163382f7c4934d847033860e402f3aadb4f3e6cf47a97a2031401da4d2c8de8c80cdad71b97b4deb2075a02282f958ac6772354e67f097ca693778224b80892490015e7d697fb9107f75cea708178ffec93fb1d44e8493bad1d42c918e661219ea819e0200759037a5a585c0fe074fd407536fe58013f42612c41bfc66e16870d7a9c00ee93a3122b253fecbf5de3837641f4a1376af0f053463413c26c29f9a346318565276856b963da30ba6ab8c4c8ef6cfddc432328586d9d9829895835759bcde0851ae0c838a3927ea63fe5ba793fae94da61cab00fc05f3a265a2da1221bb2b66775ed7ba856b41011652d4984991e56249360ddfc997245ac1547a1c16382d42df383a8d1c852643b24895c422712e79c436fdfffece4ed1c50922d4f25296aaf6b204522086d188bee254f8303b60537ead1195ac5dd301286f0042dd68aa05a70e4beb779aa0b61a316f736b72c9ab7ed860a0908a078f4b8a53f2df0abf993f689de4b02b9138ca5047fb0bfc9ba3b92bff033e36fc9553260b008cef3d147c62d1d3944fd1eaff79bc5a922ec2190907bfda1b51c2c7fb867db1f8e13a37b5e3ae0165e93350b958a239ec1f2b78561cff854b975307b5b5dd23b040602a5a36bd79947ee04c7d0e5e30f9c4c79f7b4e6eada98bfc6c357cdf8939213423f1b21ba26cfc2b2756ea3eb992372db0ab8a7c37d8ae96bf3ed6be873c1891550ef741812032e1ae938326c399ee43a3061602dda006f1b6b620bebb6a5752bee77e8acf9921ebf4d4c8af7eb5e937c65697c0664c594e31a62377a25605051996c474ca322ce8e0e6ef8a7988be", 0x2000, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)={0x10, 0x0, 0xfffffefffffffff9}, 0x0, 0x0, 0x0})
getdents64(r2, 0x0, 0x41)

12.219190432s ago: executing program 0 (id=1053):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)

12.174548395s ago: executing program 3 (id=1054):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0xe, 0x2000)
ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f00000001c0)={0x4, 0x1, 0x7dff, 0x6, "a09fc910bb060bdc0d40cfcd10bf99f7a0f281ca7cbeb8216bef5c543cf861aa"})

12.119014294s ago: executing program 9 (id=1055):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket(0x27, 0x5, 0x1)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(:2', 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000700)={0x34, 0x0, 0x8, 0x101, 0x0, 0x0, {0x3}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @icmp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x3a}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

12.104019026s ago: executing program 8 (id=1056):
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='tracefs\x00', 0x1214040, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$FUSE_INIT(r1, &(0x7f0000001dc0)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x8000, 0x2b438843, 0x6}}, 0x50)
getgroups(0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0xa04423, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)

10.422096617s ago: executing program 8 (id=1057):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)

10.198416063s ago: executing program 9 (id=1058):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x1200, 0x0)
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xd)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee0, 0x800, 0xffffffff, 0xbfe00000}, 0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x47f6, 0x0, 0x2, 0x0, 0x300)
sendfile(r0, r1, 0x0, 0x2000fb)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

9.824671485s ago: executing program 0 (id=1059):
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(r1, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
fchown(r1, 0x0, 0x0)
fchmod(r1, 0x50)

9.515851752s ago: executing program 9 (id=1060):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000003080)=@delchain={0x50, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@TCA_CHAIN={0x8, 0xb, 0x5}, @filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_INDEV={0x14, 0x2, 'bridge_slave_0\x00'}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x10}, 0x0)

9.304430014s ago: executing program 9 (id=1061):
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8000, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xd, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r3 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0xfffffdd1)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r4=>0xffffffffffffffff})
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x220582, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r6=>0xffffffffffffffff})
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
ioctl$AUTOFS_IOC_EXPIRE(r3, 0x810c9365, &(0x7f0000000440)={{0x1, 0x401}, 0x100, './file0\x00'})
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r7, 0x29, 0x1, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x304}, "bd88818314ff7d84", "0b3ea924c47b25d76225c700", "000400", "d5a1d50399459b68"}, 0x28)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r7)
shutdown(r7, 0x0)
ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f00000001c0)={"3c24139ed44aec57f2e2ad238e7b448ed886923c31d4a043e3b614fd00", r4, <r8=>0xffffffffffffffff})
r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
close_range(0xffffffffffffffff, r8, 0x0)

8.930803555s ago: executing program 7 (id=1062):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/drivers\x00', 0x0, 0x0)
pread64(r0, 0x0, 0x0, 0x3b11)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x4000000)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000080)={0x84, @local, 0x15, 0x3, 'sh\x00', 0x19, 0x5, 0x71}, 0x2c)

8.175253837s ago: executing program 3 (id=1063):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0xcc)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = fsopen(&(0x7f0000000000)='ubifs\x00', 0x0)
writev(r2, &(0x7f0000000140)=[{&(0x7f0000000040)}, {&(0x7f0000000100)="726f2acfd6b3876bbec3cc941b7bd53861feb7cb86089b996e827296ac769d89852cc352f8982eaa5494", 0x2a}, {&(0x7f0000000700)="4e5735fae48306e701e9110fd512b5a1bfd780eec24be99297e14b06f56ac507c8067141b5360595ea201ef3658ef26b4de295123ddfc4e14d96c0e0a8bc9a38eb4f1d87bd13d4cffe13dbb67115f79253b8f9c40093be0eee256455dea671b4ce14db092f568e9a403d62de907b51780a87c4b4c7023c610c719fcf19491cce5ecb5fd3ec225d3285cf048f4a4256fe21985bbc774e43", 0x97}], 0x3)
openat$vimc0(0xffffff9c, &(0x7f0000000340), 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3)
socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x4e20, @loopback}}, 0x0, 0x0, 0x4, 0x0, "e83ae75240c2d6d8ec87bb53679fd0450078548ceb6c4414fab091000000000000000776aea5922406b64cddaeb9d339ba3c01c2c7d0df8e61740b9af2d4e499d58654a4cf0fa0ce1f830c3279cffcfd"}, 0xd8)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x3)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce, 0x0, 0x0, 0x10, &(0x7f0000000300), 0x0, 0x0, 0x49, 0x8, 0x0, 0x0}}, 0x10)
bind$inet(r3, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x24008004)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000001c0)={0x7af, 0x2, 0xc})

7.875518202s ago: executing program 7 (id=1064):
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='tracefs\x00', 0x1214040, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$FUSE_INIT(r1, &(0x7f0000001dc0)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x8000, 0x2b438843, 0x6}}, 0x50)
getgroups(0x0, &(0x7f0000000040))
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0xa04423, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)

7.724551379s ago: executing program 0 (id=1065):
r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000b40))
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000c00)={0x60, 0x19c50b885bc933d4, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x8, 0x0, 0x0, 0xb, 0x0, 0x41, 0x1, 0x4})
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r1, 0x84, 0x3, 0x0, &(0x7f0000001080))
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x3)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = syz_io_uring_setup(0x49d, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r3, 0x1, 0x0, 0x0, 0x2})
io_uring_enter(r3, 0x4c6e, 0xc67a, 0xc, 0x0, 0x0)

6.942289088s ago: executing program 3 (id=1066):
io_setup(0xa, &(0x7f00000001c0)=<r0=>0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk', 0x1, 0x0)
io_submit(r0, 0x1, &(0x7f0000000400)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000bc0)='\x00\x00\x00\x00\x00', 0x5, 0x1000000000003}])

6.287244903s ago: executing program 8 (id=1067):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r1, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x20, @time, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {0xfc}, {}, @raw8={"448cc880fe353ca0f2c2e953"}}, {0x0, 0x0, 0x0, 0x0, @time, {0xfd}, {}, @connect}], 0xc4)
write$sndseq(r1, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x8}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control={0x6, 0x7fff, 0x8}}, {0x0, 0x0, 0x0, 0x0, @time={0xffffff81}, {}, {}, @time=@time}], 0xc4)
write$sndseq(r1, &(0x7f0000002840)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}], 0x54)
write$sndseq(r1, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}], 0xc4)
write$sndseq(r1, &(0x7f0000000a40)=[{0x0, 0x0, 0x0, 0x0, @time={0x0, 0xfffffffd}, {0x0, 0x10}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}], 0x54)
write$sndseq(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}], 0x54)
write$sndseq(r1, &(0x7f0000000f80)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xc4)
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0x8c)
write$sndseq(r1, &(0x7f0000000740)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result}], 0x8c)
write$sndseq(r1, &(0x7f0000000b00)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0x2}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b5f8fbe8c20c855083221c33"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0xc4)
write$sndseq(r1, 0x0, 0x0)

5.842516126s ago: executing program 0 (id=1068):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80b00, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000100)=0x3)
ioctl$KVM_GET_MP_STATE(r2, 0x8004ae98, &(0x7f0000000080))

5.698516353s ago: executing program 3 (id=1069):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x1, 0x6, 0xfa11, 0xffefffff}, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
pread64(r3, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
r4 = socket$netlink(0x10, 0x3, 0x4)
io_setup(0x4, &(0x7f0000000140))
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, 0x0, 0x84054)
writev(r4, &(0x7f00000000c0)=[{&(0x7f000001b2c0)="580000001500add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03adcac4b74ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
read$FUSE(r3, &(0x7f000001b440)={0x2020, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f000001b240)={'\x00', 0x0, 0x800, 0x4, 0x3, 0xc361, r6})

5.596275627s ago: executing program 8 (id=1070):
r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000b40))
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000c00)={0x60, 0x19c50b885bc933d4, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x8, 0x0, 0x0, 0xb, 0x0, 0x41, 0x1, 0x4})
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r1, 0x84, 0x3, 0x0, &(0x7f0000001080))
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x3)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = syz_io_uring_setup(0x49d, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r3, 0x1, 0x0, 0x0, 0x2})
io_uring_enter(r3, 0x4c6e, 0xc67a, 0xc, 0x0, 0x0)

3.991147782s ago: executing program 9 (id=1071):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000003080)=@delchain={0x50, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@TCA_CHAIN={0x8, 0xb, 0x5}, @filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_INDEV={0x14, 0x2, 'bridge_slave_0\x00'}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x10}, 0x0)

3.951239605s ago: executing program 0 (id=1072):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x5a062f9b58595bb3}, 0x20000000)
syz_open_dev$evdev(0x0, 0x2, 0x842)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000080)={0x0, 0x312d000, 0x800, 0xffff, 0x3}, 0x20)
setsockopt$XDP_TX_RING(r4, 0x11b, 0x3, &(0x7f0000000180)=0x800, 0x4)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_ro(r5, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000200)=0x1, 0x12)
mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_ro(r7, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r8, &(0x7f0000000100)=0x1, 0x12)
socket$inet(0x2, 0x2, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x62001, 0x0)

3.463227673s ago: executing program 8 (id=1073):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0xcc)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$vimc0(0xffffff9c, &(0x7f0000000340), 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3)
socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x4e20, @loopback}}, 0x0, 0x0, 0x4, 0x0, "e83ae75240c2d6d8ec87bb53679fd0450078548ceb6c4414fab091000000000000000776aea5922406b64cddaeb9d339ba3c01c2c7d0df8e61740b9af2d4e499d58654a4cf0fa0ce1f830c3279cffcfd"}, 0xd8)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, 0x0, 0x0, 0x0)

3.446850638s ago: executing program 3 (id=1074):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = getpgid(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0)
r1 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014})
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB="000000001800"/28], 0x48)
unshare(0x22020400)
memfd_create(&(0x7f00000001c0)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\v\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\xd5)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000001040)={0xfc, {"a2e3ad09ed1a09f91b37090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f383b6c090890e0879b0a0ac6e70a9b3361959b509a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000040)=@x86={0x5, 0x3, 0x6, 0x0, 0x8, 0x7, 0x6, 0x0, 0x4, 0x9, 0x48, 0x9, 0x0, 0x7, 0x1, 0xa, 0x1, 0x40, 0x10, '\x00', 0x4d, 0x1f})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r6, &(0x7f0000003a00)=[{{&(0x7f0000000180)={0xa, 0x4e24, 0x0, @loopback, 0xa}, 0x1c, 0x0, 0x0, &(0x7f0000001f40)}}], 0x1, 0x1000)
epoll_pwait(r1, &(0x7f00000000c0)=[{}, {}], 0x2, 0xfe, 0x0, 0x0)

368.611688ms ago: executing program 9 (id=1075):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)

276.042836ms ago: executing program 0 (id=1076):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bond0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r1, @ANYBLOB="00000000000000002400128009000100626f6e64000000001400028008000000000000000800090001"], 0x44}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@broadcast, @remote, @void, {@arp={0x86dd, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @link_local, @multicast1, @broadcast, @private=0xa010100}}}}, 0x0)

216.471148ms ago: executing program 7 (id=1077):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETQUEUE(r0, 0x400454d9, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x1200, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r2 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0xd)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee0, 0x800, 0xffffffff, 0xbfe00000}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r4, 0x47f6, 0x0, 0x2, 0x0, 0x300)
sendfile(r2, r3, 0x0, 0x2000fb)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = syz_open_dev$vim2m(&(0x7f0000000040), 0xfffffffe, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0cc5605, &(0x7f0000000400)={0x1, @win={{0x10, 0x2, 0x8, 0x7}, 0x9, 0x2, 0x0, 0xffff0000, 0x0, 0x7}})
ioctl$TUNSETQUEUE(r7, 0x400454d9, &(0x7f0000000080)={'veth0_to_bridge\x00', 0x400})

0s ago: executing program 8 (id=1078):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f00000000c0), 0x4)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000012c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109024a0001100000000904000003fe03010009cd8d1f00020000000905050200067e001009058b1e", @ANYRESHEX], 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$HIDIOCGUSAGE(r2, 0x40015b19, 0x0)

kernel console output (not intermixed with test programs):

dget_register_driver returned -16
[  769.124480][ T9443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  769.124930][ T9443] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  769.182205][  T809] usb 8-1: Failed to set altset
[  769.182257][  T809] usb 8-1: 0:2: cannot create sequencer device
[  769.199321][  T809] usb 8-1: Failed to set altset
[  769.255480][  T809] snd-usb-audio 8-1:1.2: probe with driver snd-usb-audio failed with error -71
[  769.279690][  T809] usb 8-1: USB disconnect, device number 4
[  769.418473][  T989] hsr_slave_0: left promiscuous mode
[  769.458466][  T989] hsr_slave_1: left promiscuous mode
[  769.459252][  T989] batman_adv: batadv0: Removing interface: batadv_slave_0
[  769.498741][  T989] batman_adv: batadv0: Removing interface: batadv_slave_1
[  769.861232][   T60] Bluetooth: hci3: command tx timeout
[  770.219599][  T989] team0 (unregistering): Port device team_slave_1 removed
[  770.270967][  T989] team0 (unregistering): Port device team_slave_0 removed
[  771.449594][ T9097] 8021q: adding VLAN 0 to HW filter on device team0
[  771.456908][ T9415] chnl_net:caif_netlink_parms(): no params data found
[  771.804783][   T92] bridge0: port 1(bridge_slave_0) entered blocking state
[  771.805210][   T92] bridge0: port 1(bridge_slave_0) entered forwarding state
[  771.947493][   T60] Bluetooth: hci3: command tx timeout
[  772.272081][  T139] bridge0: port 2(bridge_slave_1) entered blocking state
[  772.274525][  T139] bridge0: port 2(bridge_slave_1) entered forwarding state
[  772.513492][ T9469] netlink: 12 bytes leftover after parsing attributes in process `syz.7.573'.
[  774.644181][ T9471] syzkaller0: entered promiscuous mode
[  774.792542][ T9415] bridge0: port 1(bridge_slave_0) entered blocking state
[  774.792678][ T9415] bridge0: port 1(bridge_slave_0) entered disabled state
[  774.792891][ T9415] bridge_slave_0: entered allmulticast mode
[  774.823292][ T9415] bridge_slave_0: entered promiscuous mode
[  774.893000][ T9415] bridge0: port 2(bridge_slave_1) entered blocking state
[  774.893140][ T9415] bridge0: port 2(bridge_slave_1) entered disabled state
[  774.893368][ T9415] bridge_slave_1: entered allmulticast mode
[  774.897388][ T9415] bridge_slave_1: entered promiscuous mode
[  776.604823][ T9488] netlink: 12 bytes leftover after parsing attributes in process `syz.7.579'.
[  778.968291][ T9415] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  779.244323][ T9495] netlink: 12 bytes leftover after parsing attributes in process `syz.7.580'.
[  779.971067][ T9415] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  779.993445][ T9320] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  781.387596][ T9497] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  781.421210][ T9320] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  781.477084][ T5113] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  781.490557][ T5113] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  781.493805][ T5113] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  781.495292][ T5113] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  781.496044][ T5113] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  781.606988][ T9320] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  781.645585][ T9415] team0: Port device team_slave_0 added
[  781.756029][ T9497] input: syz0 as /devices/virtual/input/input19
[  781.775583][ T9320] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  781.850231][ T9415] team0: Port device team_slave_1 added
[  781.856773][ T9505] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  782.171733][ T9505] input: syz0 as /devices/virtual/input/input20
[  782.802741][ T9415] batman_adv: batadv0: Adding interface: batadv_slave_0
[  782.802756][ T9415] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  782.802778][ T9415] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  782.862364][ T9415] batman_adv: batadv0: Adding interface: batadv_slave_1
[  782.862378][ T9415] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  782.862400][ T9415] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  783.618105][   T60] Bluetooth: hci1: command tx timeout
[  783.848146][ T5880] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  783.931853][ T9415] hsr_slave_0: entered promiscuous mode
[  783.933126][ T9415] hsr_slave_1: entered promiscuous mode
[  783.935459][ T9415] debugfs: 'hsr0' already exists in 'hsr'
[  783.935486][ T9415] Cannot create hsr debugfs directory
[  783.998067][ T5880] usb 8-1: Using ep0 maxpacket: 8
[  784.004228][ T5880] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  784.004265][ T5880] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  784.004290][ T5880] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  784.004308][ T5880] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  784.004340][ T5880] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  784.004357][ T5880] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  784.337681][ T5880] usb 8-1: GET_CAPABILITIES returned 0
[  784.337719][ T5880] usbtmc 8-1:16.0: can't read capabilities
[  784.582205][ T5880] usb 8-1: USB disconnect, device number 5
[  785.698462][   T60] Bluetooth: hci1: command tx timeout
[  786.088440][  T989] bridge_slave_1: left allmulticast mode
[  786.088471][  T989] bridge_slave_1: left promiscuous mode
[  786.088736][  T989] bridge0: port 2(bridge_slave_1) entered disabled state
[  786.189770][  T989] bridge_slave_0: left allmulticast mode
[  786.189799][  T989] bridge_slave_0: left promiscuous mode
[  786.190057][  T989] bridge0: port 1(bridge_slave_0) entered disabled state
[  786.860826][  T989] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  786.998829][  T989] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  787.089895][  T989] bond0 (unregistering): Released all slaves
[  787.780528][   T60] Bluetooth: hci1: command tx timeout
[  788.258231][  T989] hsr_slave_0: left promiscuous mode
[  788.314319][  T989] hsr_slave_1: left promiscuous mode
[  788.315456][  T989] batman_adv: batadv0: Removing interface: batadv_slave_0
[  788.380844][  T989] batman_adv: batadv0: Removing interface: batadv_slave_1
[  789.270147][  T989] team0 (unregistering): Port device team_slave_1 removed
[  789.328978][  T989] team0 (unregistering): Port device team_slave_0 removed
[  789.630441][ T9501] chnl_net:caif_netlink_parms(): no params data found
[  789.858195][   T60] Bluetooth: hci1: command tx timeout
[  790.206653][ T9601] process 'syz.8.593' launched '/dev/fd/9' with NULL argv: empty string added
[  790.848073][ T9501] bridge0: port 1(bridge_slave_0) entered blocking state
[  790.848266][ T9501] bridge0: port 1(bridge_slave_0) entered disabled state
[  790.849021][ T9501] bridge_slave_0: entered allmulticast mode
[  790.851787][ T9501] bridge_slave_0: entered promiscuous mode
[  790.893718][ T9501] bridge0: port 2(bridge_slave_1) entered blocking state
[  790.893944][ T9501] bridge0: port 2(bridge_slave_1) entered disabled state
[  790.894179][ T9501] bridge_slave_1: entered allmulticast mode
[  790.897139][ T9501] bridge_slave_1: entered promiscuous mode
[  790.954753][ T9320] 8021q: adding VLAN 0 to HW filter on device bond0
[  791.063601][ T9501] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  791.215524][ T9501] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  791.223058][ T9320] 8021q: adding VLAN 0 to HW filter on device team0
[  791.835794][ T9501] team0: Port device team_slave_0 added
[  791.887599][ T9619] netlink: 24 bytes leftover after parsing attributes in process `syz.7.596'.
[  791.899024][ T9501] team0: Port device team_slave_1 added
[  792.011158][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[  792.011377][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[  792.076591][ T9623] netlink: 4 bytes leftover after parsing attributes in process `syz.7.596'.
[  792.450544][ T1365] bridge0: port 2(bridge_slave_1) entered blocking state
[  792.450679][ T1365] bridge0: port 2(bridge_slave_1) entered forwarding state
[  792.533032][ T9501] batman_adv: batadv0: Adding interface: batadv_slave_0
[  792.533046][ T9501] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  792.533067][ T9501] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  792.590568][ T9501] batman_adv: batadv0: Adding interface: batadv_slave_1
[  792.590584][ T9501] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  792.590606][ T9501] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  793.764608][ T9501] hsr_slave_0: entered promiscuous mode
[  793.766009][ T9501] hsr_slave_1: entered promiscuous mode
[  793.767453][ T9415] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  795.105252][ T9415] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  795.281329][ T9415] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  796.412299][ T9415] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  796.870800][ T9671] netlink: 8 bytes leftover after parsing attributes in process `syz.7.600'.
[  798.545947][  T989] bridge_slave_1: left allmulticast mode
[  798.545988][  T989] bridge_slave_1: left promiscuous mode
[  798.546174][  T989] bridge0: port 2(bridge_slave_1) entered disabled state
[  800.924452][  T989] bridge_slave_0: left allmulticast mode
[  800.924853][  T989] bridge_slave_0: left promiscuous mode
[  801.276680][  T989] bridge0: port 1(bridge_slave_0) entered disabled state
[  804.770664][ T9725] fuse: Bad value for 'fd'
[  808.055071][ T5113] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  808.073462][ T5113] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  808.082250][ T5113] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  808.101044][ T5113] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  808.105529][ T5113] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  808.309445][  T989] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  808.381742][  T989] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  808.432317][  T989] bond0 (unregistering): Released all slaves
[  808.853827][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  808.853902][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  809.253007][  T989] hsr_slave_0: left promiscuous mode
[  809.299799][  T989] hsr_slave_1: left promiscuous mode
[  809.300485][  T989] batman_adv: batadv0: Removing interface: batadv_slave_0
[  809.341200][  T989] batman_adv: batadv0: Removing interface: batadv_slave_1
[  810.178744][   T60] Bluetooth: hci2: command tx timeout
[  810.860654][  T989] team0 (unregistering): Port device team_slave_1 removed
[  811.031838][  T989] team0 (unregistering): Port device team_slave_0 removed
[  812.268041][   T60] Bluetooth: hci2: command tx timeout
[  812.732811][ T9415] 8021q: adding VLAN 0 to HW filter on device bond0
[  812.936699][  T809] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  813.021885][ T9415] 8021q: adding VLAN 0 to HW filter on device team0
[  813.089151][  T809] usb 8-1: Using ep0 maxpacket: 8
[  813.091715][  T809] usb 8-1: config index 0 descriptor too short (expected 74, got 45)
[  813.091777][  T809] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  813.091807][  T809] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  813.091833][  T809] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  813.091862][  T809] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  813.091887][  T809] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  813.091930][  T809] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  813.091954][  T809] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  813.344849][  T809] usb 8-1: usb_control_msg returned -32
[  813.344912][  T809] usbtmc 8-1:16.0: can't read capabilities
[  813.580653][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  813.580870][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  813.855263][ T6470] bridge0: port 2(bridge_slave_1) entered blocking state
[  813.855438][ T6470] bridge0: port 2(bridge_slave_1) entered forwarding state
[  814.094969][ T9501] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  814.171211][ T9501] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  814.348043][   T60] Bluetooth: hci2: command tx timeout
[  814.348501][ T9501] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  814.439708][ T9501] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  814.874693][ T9731] chnl_net:caif_netlink_parms(): no params data found
[  815.331294][ T9815] netlink: 24 bytes leftover after parsing attributes in process `syz.8.615'.
[  815.680979][  T809] usb 8-1: USB disconnect, device number 6
[  816.361258][ T9731] bridge0: port 1(bridge_slave_0) entered blocking state
[  816.361472][ T9731] bridge0: port 1(bridge_slave_0) entered disabled state
[  816.361733][ T9731] bridge_slave_0: entered allmulticast mode
[  816.364596][ T9731] bridge_slave_0: entered promiscuous mode
[  816.417979][   T60] Bluetooth: hci2: command tx timeout
[  816.470204][ T9731] bridge0: port 2(bridge_slave_1) entered blocking state
[  816.470363][ T9731] bridge0: port 2(bridge_slave_1) entered disabled state
[  816.470620][ T9731] bridge_slave_1: entered allmulticast mode
[  816.473441][ T9731] bridge_slave_1: entered promiscuous mode
[  816.777484][ T9731] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  816.832568][ T9731] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  817.619348][ T5782] IPVS: starting estimator thread 0...
[  817.675449][ T9839] netlink: 'syz.7.618': attribute type 27 has an invalid length.
[  817.710143][ T9731] team0: Port device team_slave_0 added
[  817.718893][ T9842] IPVS: using max 12 ests per chain, 28800 per kthread
[  817.757158][ T9731] team0: Port device team_slave_1 added
[  817.966103][ T9731] batman_adv: batadv0: Adding interface: batadv_slave_0
[  817.966118][ T9731] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  817.966139][ T9731] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  818.060218][ T9731] batman_adv: batadv0: Adding interface: batadv_slave_1
[  818.060232][ T9731] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  818.060254][ T9731] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  818.825324][ T9851] binder: BINDER_SET_CONTEXT_MGR already set
[  818.825341][ T9851] binder: 9835:9851 ioctl 4018620d 200000004a80 returned -16
[  818.900424][  T989] bridge_slave_1: left allmulticast mode
[  818.900447][  T989] bridge_slave_1: left promiscuous mode
[  818.900609][  T989] bridge0: port 2(bridge_slave_1) entered disabled state
[  818.979316][  T989] bridge_slave_0: left allmulticast mode
[  818.979340][  T989] bridge_slave_0: left promiscuous mode
[  818.979533][  T989] bridge0: port 1(bridge_slave_0) entered disabled state
[  819.988726][  T989] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  820.071728][  T989] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  820.113908][  T989] bond0 (unregistering): Released all slaves
[  820.212554][ T9731] hsr_slave_0: entered promiscuous mode
[  820.221508][ T9731] hsr_slave_1: entered promiscuous mode
[  820.237539][ T9731] debugfs: 'hsr0' already exists in 'hsr'
[  820.237561][ T9731] Cannot create hsr debugfs directory
[  820.274883][ T9415] 8021q: adding VLAN 0 to HW filter on device batadv0
[  820.361076][ T9862] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  820.629931][ T9866] netlink: 28 bytes leftover after parsing attributes in process `syz.8.622'.
[  820.758085][  T989] hsr_slave_0: left promiscuous mode
[  820.798070][  T989] hsr_slave_1: left promiscuous mode
[  820.799145][  T989] batman_adv: batadv0: Removing interface: batadv_slave_0
[  820.799393][ T9862] input: syz0 as /devices/virtual/input/input21
[  820.860171][  T989] batman_adv: batadv0: Removing interface: batadv_slave_1
[  821.728718][  T989] team0 (unregistering): Port device team_slave_1 removed
[  821.768674][  T989] team0 (unregistering): Port device team_slave_0 removed
[  822.276724][ T9501] 8021q: adding VLAN 0 to HW filter on device bond0
[  822.678622][ T9501] 8021q: adding VLAN 0 to HW filter on device team0
[  822.714441][ T1307] bridge0: port 1(bridge_slave_0) entered blocking state
[  822.714591][ T1307] bridge0: port 1(bridge_slave_0) entered forwarding state
[  822.829984][ T8260] bridge0: port 2(bridge_slave_1) entered blocking state
[  822.858633][ T8260] bridge0: port 2(bridge_slave_1) entered forwarding state
[  823.551260][ T5113] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  823.578009][ T5113] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  823.585971][ T5113] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  823.736440][ T5113] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  823.746301][ T5113] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  827.283480][ T5113] Bluetooth: hci4: command tx timeout
[  829.306880][ T5113] Bluetooth: hci4: command tx timeout
[  830.400159][ T9949] netlink: 4 bytes leftover after parsing attributes in process `syz.7.630'.
[  831.380768][ T5113] Bluetooth: hci4: command tx timeout
[  833.459386][ T5113] Bluetooth: hci4: command tx timeout
[  835.026506][ T9953] netlink: 4 bytes leftover after parsing attributes in process `syz.7.631'.
[  835.051072][ T9953] netlink: 12 bytes leftover after parsing attributes in process `syz.7.631'.
[  839.338085][ T9731] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  839.387841][ T9903] chnl_net:caif_netlink_parms(): no params data found
[  839.487648][ T9731] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  839.621606][   T60] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  839.648723][   T60] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  839.651781][   T60] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  839.655346][   T60] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  839.658101][   T60] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  839.758158][ T9731] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  839.930552][ T9731] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  840.155782][ T9971] faux_driver vkms: [drm] Unknown color mode 7; guessing buffer size.
[  841.785035][   T60] Bluetooth: hci3: command tx timeout
[  841.904092][ T9903] bridge0: port 1(bridge_slave_0) entered blocking state
[  841.904179][ T9903] bridge0: port 1(bridge_slave_0) entered disabled state
[  841.904334][ T9903] bridge_slave_0: entered allmulticast mode
[  842.073687][ T9903] bridge_slave_0: entered promiscuous mode
[  842.094673][ T9903] bridge0: port 2(bridge_slave_1) entered blocking state
[  842.094804][ T9903] bridge0: port 2(bridge_slave_1) entered disabled state
[  842.095042][ T9903] bridge_slave_1: entered allmulticast mode
[  842.100185][ T9903] bridge_slave_1: entered promiscuous mode
[  842.318388][  T989] bridge_slave_1: left allmulticast mode
[  842.318421][  T989] bridge_slave_1: left promiscuous mode
[  842.318668][  T989] bridge0: port 2(bridge_slave_1) entered disabled state
[  842.419508][  T989] bridge_slave_0: left allmulticast mode
[  842.419534][  T989] bridge_slave_0: left promiscuous mode
[  842.419751][  T989] bridge0: port 1(bridge_slave_0) entered disabled state
[  843.331954][  T989] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  843.411237][  T989] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  843.412076][T10016] netlink: 44 bytes leftover after parsing attributes in process `syz.7.640'.
[  843.412093][T10016] netlink: 43 bytes leftover after parsing attributes in process `syz.7.640'.
[  843.412104][T10016] netlink: 'syz.7.640': attribute type 5 has an invalid length.
[  843.412114][T10016] netlink: 43 bytes leftover after parsing attributes in process `syz.7.640'.
[  843.464379][  T989] bond0 (unregistering): Released all slaves
[  843.752950][ T9903] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  843.865427][   T60] Bluetooth: hci3: command tx timeout
[  843.895967][ T9903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  844.600738][  T989] hsr_slave_0: left promiscuous mode
[  844.648094][  T989] hsr_slave_1: left promiscuous mode
[  844.668657][  T989] batman_adv: batadv0: Removing interface: batadv_slave_0
[  844.788987][  T989] batman_adv: batadv0: Removing interface: batadv_slave_1
[  845.939298][   T60] Bluetooth: hci3: command tx timeout
[  846.209787][  T989] team0 (unregistering): Port device team_slave_1 removed
[  846.260323][  T989] team0 (unregistering): Port device team_slave_0 removed
[  846.480182][ T9903] team0: Port device team_slave_0 added
[  846.567799][ T9903] team0: Port device team_slave_1 added
[  847.336338][T10076] netlink: 'syz.7.647': attribute type 10 has an invalid length.
[  847.600291][T10077] netlink: 4 bytes leftover after parsing attributes in process `syz.8.648'.
[  847.622097][T10077] netlink: 12 bytes leftover after parsing attributes in process `syz.8.648'.
[  847.763071][ T9903] batman_adv: batadv0: Adding interface: batadv_slave_0
[  847.763176][ T9903] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  847.763265][ T9903] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  848.498182][ T5113] Bluetooth: hci3: command tx timeout
[  848.842601][T10076] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  848.936241][ T9903] batman_adv: batadv0: Adding interface: batadv_slave_1
[  848.936320][ T9903] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  848.936465][ T9903] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  851.204326][ T9903] hsr_slave_0: entered promiscuous mode
[  851.205743][ T9903] hsr_slave_1: entered promiscuous mode
[  851.206735][ T9903] debugfs: 'hsr0' already exists in 'hsr'
[  851.206761][ T9903] Cannot create hsr debugfs directory
[  851.338090][    T9] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  851.508143][    T9] usb 8-1: Using ep0 maxpacket: 8
[  851.510403][    T9] usb 8-1: config index 0 descriptor too short (expected 74, got 45)
[  851.510471][    T9] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  851.510501][    T9] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  851.510527][    T9] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  851.510555][    T9] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  851.510580][    T9] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  851.510624][    T9] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  851.510648][    T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  851.673832][ T9964] chnl_net:caif_netlink_parms(): no params data found
[  851.736195][    T9] usb 8-1: usb_control_msg returned -32
[  851.736244][    T9] usbtmc 8-1:16.0: can't read capabilities
[  852.461647][ T9731] 8021q: adding VLAN 0 to HW filter on device bond0
[  853.060072][ T9964] bridge0: port 1(bridge_slave_0) entered blocking state
[  853.060276][ T9964] bridge0: port 1(bridge_slave_0) entered disabled state
[  853.060513][ T9964] bridge_slave_0: entered allmulticast mode
[  853.064133][ T9964] bridge_slave_0: entered promiscuous mode
[  853.493726][ T9964] bridge0: port 2(bridge_slave_1) entered blocking state
[  853.493859][ T9964] bridge0: port 2(bridge_slave_1) entered disabled state
[  853.494067][ T9964] bridge_slave_1: entered allmulticast mode
[  853.496349][ T9964] bridge_slave_1: entered promiscuous mode
[  853.821994][ T9964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  853.826274][ T9731] 8021q: adding VLAN 0 to HW filter on device team0
[  853.929976][ T9964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  854.084808][    T9] usb 8-1: USB disconnect, device number 7
[  854.693133][T10149] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  854.760044][   T92] bridge0: port 1(bridge_slave_0) entered blocking state
[  854.760161][   T92] bridge0: port 1(bridge_slave_0) entered forwarding state
[  854.815040][ T9964] team0: Port device team_slave_0 added
[  854.834399][ T9964] team0: Port device team_slave_1 added
[  855.458492][ T6096] bridge0: port 2(bridge_slave_1) entered blocking state
[  855.458607][ T6096] bridge0: port 2(bridge_slave_1) entered forwarding state
[  855.556992][ T9964] batman_adv: batadv0: Adding interface: batadv_slave_0
[  855.557006][ T9964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  855.557027][ T9964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  855.624459][ T9964] batman_adv: batadv0: Adding interface: batadv_slave_1
[  855.624473][ T9964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  855.624495][ T9964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  855.874002][T10149] input: syz0 as /devices/virtual/input/input22
[  856.273811][ T9964] hsr_slave_0: entered promiscuous mode
[  856.275304][ T9964] hsr_slave_1: entered promiscuous mode
[  856.278991][ T9964] debugfs: 'hsr0' already exists in 'hsr'
[  856.279018][ T9964] Cannot create hsr debugfs directory
[  856.863975][T10170] netlink: 4 bytes leftover after parsing attributes in process `syz.8.656'.
[  861.401986][  T989] bridge_slave_1: left allmulticast mode
[  861.402025][  T989] bridge_slave_1: left promiscuous mode
[  861.402277][  T989] bridge0: port 2(bridge_slave_1) entered disabled state
[  861.519218][  T989] bridge_slave_0: left allmulticast mode
[  861.519242][  T989] bridge_slave_0: left promiscuous mode
[  861.519441][  T989] bridge0: port 1(bridge_slave_0) entered disabled state
[  862.405146][  T989] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  862.458875][  T989] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  862.500421][  T989] bond0 (unregistering): Released all slaves
[  862.648722][T10177] syzkaller0: entered promiscuous mode
[  862.817399][ T9903] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  863.035119][ T9903] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  863.113969][ T9903] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  863.531470][  T989] hsr_slave_0: left promiscuous mode
[  863.606985][  T989] hsr_slave_1: left promiscuous mode
[  863.623581][  T989] batman_adv: batadv0: Removing interface: batadv_slave_0
[  863.671386][  T989] batman_adv: batadv0: Removing interface: batadv_slave_1
[  864.148365][T10205] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  864.363817][ T5113] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  864.384990][ T5113] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  864.386372][ T5113] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  864.387642][ T5113] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  864.410706][ T5113] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  864.507382][T10212] input: syz0 as /devices/virtual/input/input23
[  864.778952][  T989] team0 (unregistering): Port device team_slave_1 removed
[  865.738743][  T989] team0 (unregistering): Port device team_slave_0 removed
[  866.526329][   T60] Bluetooth: hci1: command tx timeout
[  866.884920][ T9903] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  867.432160][T10235] netlink: 4 bytes leftover after parsing attributes in process `syz.7.665'.
[  867.455302][T10235] netlink: 12 bytes leftover after parsing attributes in process `syz.7.665'.
[  868.856144][   T60] Bluetooth: hci1: command tx timeout
[  870.345711][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  870.345795][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  872.538067][   T60] Bluetooth: hci1: command tx timeout
[  875.054229][ T5113] Bluetooth: hci1: command tx timeout
[  875.520844][T10267] netlink: 'syz.7.675': attribute type 27 has an invalid length.
[  876.615235][T10275] netlink: 16 bytes leftover after parsing attributes in process `syz.7.676'.
[  876.633963][T10271] netlink: 12 bytes leftover after parsing attributes in process `syz.7.676'.
[  878.282505][T10280] netlink: 28 bytes leftover after parsing attributes in process `syz.7.678'.
[  878.663857][ T9903] 8021q: adding VLAN 0 to HW filter on device bond0
[  878.813545][ T9903] 8021q: adding VLAN 0 to HW filter on device team0
[  878.865477][T10208] chnl_net:caif_netlink_parms(): no params data found
[  878.893960][   T92] bridge0: port 1(bridge_slave_0) entered blocking state
[  878.906227][   T92] bridge0: port 1(bridge_slave_0) entered forwarding state
[  879.147239][ T8260] bridge0: port 2(bridge_slave_1) entered blocking state
[  879.147380][ T8260] bridge0: port 2(bridge_slave_1) entered forwarding state
[  879.343747][T10301] overlayfs: missing 'lowerdir'
[  882.199662][T10208] bridge0: port 1(bridge_slave_0) entered blocking state
[  882.199806][T10208] bridge0: port 1(bridge_slave_0) entered disabled state
[  882.200061][T10208] bridge_slave_0: entered allmulticast mode
[  882.205063][T10208] bridge_slave_0: entered promiscuous mode
[  882.385280][T10208] bridge0: port 2(bridge_slave_1) entered blocking state
[  882.385429][T10208] bridge0: port 2(bridge_slave_1) entered disabled state
[  882.409692][T10208] bridge_slave_1: entered allmulticast mode
[  882.458739][T10208] bridge_slave_1: entered promiscuous mode
[  883.982626][T10208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  884.336064][   T60] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  884.350724][   T60] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  884.446063][T10331] netlink: 4 bytes leftover after parsing attributes in process `syz.8.688'.
[  885.299398][   T60] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  885.314100][   T60] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  885.315528][   T60] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  887.461696][   T60] Bluetooth: hci2: command tx timeout
[  888.175599][T10208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  888.792965][T10344] overlayfs: missing 'lowerdir'
[  889.538215][   T60] Bluetooth: hci2: command tx timeout
[  889.748204][ T9964] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  891.059127][ T9964] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  891.191348][T10208] team0: Port device team_slave_0 added
[  891.191450][ T9964] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  891.257669][T10208] team0: Port device team_slave_1 added
[  891.260741][ T9964] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  891.621748][   T60] Bluetooth: hci2: command tx timeout
[  892.036160][T10208] batman_adv: batadv0: Adding interface: batadv_slave_0
[  892.036186][T10208] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  892.036207][T10208] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  892.117595][T10208] batman_adv: batadv0: Adding interface: batadv_slave_1
[  892.117614][T10208] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  892.117644][T10208] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  892.534564][T10208] hsr_slave_0: entered promiscuous mode
[  892.536496][T10208] hsr_slave_1: entered promiscuous mode
[  892.725482][  T989] bridge_slave_1: left allmulticast mode
[  892.725512][  T989] bridge_slave_1: left promiscuous mode
[  892.725692][  T989] bridge0: port 2(bridge_slave_1) entered disabled state
[  892.861517][  T989] bridge_slave_0: left allmulticast mode
[  892.861540][  T989] bridge_slave_0: left promiscuous mode
[  892.861709][  T989] bridge0: port 1(bridge_slave_0) entered disabled state
[  893.376277][   T60] Bluetooth: hci0: unexpected event for opcode 0x200b
[  894.066517][   T60] Bluetooth: hci2: command tx timeout
[  894.134275][T10371] netlink: 'syz.7.697': attribute type 27 has an invalid length.
[  894.399560][  T989] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  894.482263][  T989] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  894.501141][  T989] bond0 (unregistering): Released all slaves
[  894.988168][  T989] hsr_slave_0: left promiscuous mode
[  895.008282][  T989] hsr_slave_1: left promiscuous mode
[  895.010700][  T989] batman_adv: batadv0: Removing interface: batadv_slave_0
[  895.048977][  T989] batman_adv: batadv0: Removing interface: batadv_slave_1
[  895.642079][  T989] team0 (unregistering): Port device team_slave_1 removed
[  895.788806][  T989] team0 (unregistering): Port device team_slave_0 removed
[  897.363048][T10328] chnl_net:caif_netlink_parms(): no params data found
[  898.285544][T10328] bridge0: port 1(bridge_slave_0) entered blocking state
[  898.285748][T10328] bridge0: port 1(bridge_slave_0) entered disabled state
[  898.288820][T10328] bridge_slave_0: entered allmulticast mode
[  898.313423][T10328] bridge_slave_0: entered promiscuous mode
[  898.515376][T10328] bridge0: port 2(bridge_slave_1) entered blocking state
[  898.516496][T10328] bridge0: port 2(bridge_slave_1) entered disabled state
[  898.516691][T10328] bridge_slave_1: entered allmulticast mode
[  898.527169][T10328] bridge_slave_1: entered promiscuous mode
[  898.585565][ T9964] 8021q: adding VLAN 0 to HW filter on device bond0
[  899.072207][T10328] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  899.177589][T10411] netlink: 4 bytes leftover after parsing attributes in process `syz.7.707'.
[  899.198184][T10411] netlink: 12 bytes leftover after parsing attributes in process `syz.7.707'.
[  902.422303][T10328] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  902.514114][T10414] netlink: 24 bytes leftover after parsing attributes in process `syz.7.708'.
[  902.934139][ T5113] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  902.972891][ T5113] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  902.990359][ T5113] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  902.994381][ T5113] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  902.995205][ T5113] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  903.798100][T10328] team0: Port device team_slave_0 added
[  904.011089][T10432] overlayfs: missing 'workdir'
[  904.133011][T10328] team0: Port device team_slave_1 added
[  905.057983][   T60] Bluetooth: hci4: command tx timeout
[  905.468631][T10239] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  905.616198][T10328] batman_adv: batadv0: Adding interface: batadv_slave_0
[  905.616212][T10328] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  905.616233][T10328] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  905.634310][T10239] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  905.634348][T10239] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  905.634389][T10239] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  905.634413][T10239] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  905.712798][T10239] usb 8-1: config 0 descriptor??
[  907.446793][   T60] Bluetooth: hci4: command tx timeout
[  907.493671][T10239] hid_parser_main: 179 callbacks suppressed
[  907.493697][T10239] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0
[  907.495093][T10239] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0
[  907.551574][T10239] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:0D8C:0022.0004/input/input24
[  907.672558][T10328] batman_adv: batadv0: Adding interface: batadv_slave_1
[  907.672579][T10328] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  907.672611][T10328] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  907.798439][T10239] cm6533_jd 0003:0D8C:0022.0004: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.7-1/input0
[  907.901293][T10239] usb 8-1: USB disconnect, device number 8
[  907.941983][T10447] fido_id[10447]: Failed to read report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:0D8C:0022.0004/report_descriptor': No such device
[  908.363541][T10208] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  908.416369][T10328] hsr_slave_0: entered promiscuous mode
[  908.417368][T10328] hsr_slave_1: entered promiscuous mode
[  908.436918][T10328] debugfs: 'hsr0' already exists in 'hsr'
[  908.436941][T10328] Cannot create hsr debugfs directory
[  908.461343][T10208] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  908.673408][T10208] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  909.328951][T10208] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  909.546038][   T60] Bluetooth: hci4: command tx timeout
[  909.971514][ T1484] bridge_slave_1: left allmulticast mode
[  909.971540][ T1484] bridge_slave_1: left promiscuous mode
[  909.971729][ T1484] bridge0: port 2(bridge_slave_1) entered disabled state
[  910.066139][ T1484] bridge_slave_0: left allmulticast mode
[  910.066163][ T1484] bridge_slave_0: left promiscuous mode
[  910.066371][ T1484] bridge0: port 1(bridge_slave_0) entered disabled state
[  910.782683][T10477] netlink: 24 bytes leftover after parsing attributes in process `syz.7.720'.
[  910.886249][T10479] netlink: 4 bytes leftover after parsing attributes in process `syz.7.720'.
[  910.920144][ T1484] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  910.989403][ T1484] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  911.041132][ T1484] bond0 (unregistering): Released all slaves
[  911.618037][   T60] Bluetooth: hci4: command tx timeout
[  912.518440][ T1484] hsr_slave_0: left promiscuous mode
[  912.601286][ T1484] hsr_slave_1: left promiscuous mode
[  912.607331][ T1484] batman_adv: batadv0: Removing interface: batadv_slave_0
[  912.741754][ T1484] batman_adv: batadv0: Removing interface: batadv_slave_1
[  913.808987][ T1484] team0 (unregistering): Port device team_slave_1 removed
[  913.860406][ T1484] team0 (unregistering): Port device team_slave_0 removed
[  914.825988][T10416] chnl_net:caif_netlink_parms(): no params data found
[  915.831737][T10416] bridge0: port 1(bridge_slave_0) entered blocking state
[  915.831951][T10416] bridge0: port 1(bridge_slave_0) entered disabled state
[  915.832176][T10416] bridge_slave_0: entered allmulticast mode
[  915.834633][T10416] bridge_slave_0: entered promiscuous mode
[  915.899346][T10416] bridge0: port 2(bridge_slave_1) entered blocking state
[  915.899764][T10416] bridge0: port 2(bridge_slave_1) entered disabled state
[  915.900175][T10416] bridge_slave_1: entered allmulticast mode
[  915.923633][T10416] bridge_slave_1: entered promiscuous mode
[  916.165816][T10416] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  916.203838][T10416] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  916.469885][T10416] team0: Port device team_slave_0 added
[  916.517753][T10416] team0: Port device team_slave_1 added
[  917.122895][T10416] batman_adv: batadv0: Adding interface: batadv_slave_0
[  917.122910][T10416] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  917.122931][T10416] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  917.480366][T10208] 8021q: adding VLAN 0 to HW filter on device bond0
[  917.481339][T10416] batman_adv: batadv0: Adding interface: batadv_slave_1
[  917.481349][T10416] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  917.481371][T10416] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  917.945390][ T5113] Bluetooth: hci3: command 0x1003 tx timeout
[  917.948940][   T60] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  918.219839][T10328] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  918.343239][T10328] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  918.409435][T10416] hsr_slave_0: entered promiscuous mode
[  918.428349][T10416] hsr_slave_1: entered promiscuous mode
[  918.429312][T10416] debugfs: 'hsr0' already exists in 'hsr'
[  918.429338][T10416] Cannot create hsr debugfs directory
[  918.437737][T10328] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  918.503128][T10328] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  918.711333][T10208] 8021q: adding VLAN 0 to HW filter on device team0
[  919.136870][T10526] *****************************************************
[  919.136969][T10526] ORANGEFS Device Error:  You cannot open the device file 
[  919.136978][T10526] 
[  919.136978][T10526] /dev/pvfs2-req more than once.  Please make sure that
[  919.136978][T10526] there are no 
[  919.136988][T10526] instances of a program using this device
[  919.136988][T10526] currently running. (You must verify this!)
[  919.137000][T10526] For example, you can use the lsof program as follows:
[  919.137008][T10526] 'lsof | grep pvfs2-req' (run this as root)
[  919.137017][T10526]   open_access_count = 1
[  919.137026][T10526] *****************************************************
[  919.212476][ T6470] bridge0: port 1(bridge_slave_0) entered blocking state
[  919.212592][ T6470] bridge0: port 1(bridge_slave_0) entered forwarding state
[  919.452777][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[  919.453848][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[  919.650435][ T1484] bridge_slave_1: left allmulticast mode
[  919.650477][ T1484] bridge_slave_1: left promiscuous mode
[  919.650721][ T1484] bridge0: port 2(bridge_slave_1) entered disabled state
[  919.788517][ T1484] bridge_slave_0: left allmulticast mode
[  919.788541][ T1484] bridge_slave_0: left promiscuous mode
[  919.788724][ T1484] bridge0: port 1(bridge_slave_0) entered disabled state
[  920.650956][ T1484] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  920.752409][ T1484] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  920.810169][ T1484] bond0 (unregistering): Released all slaves
[  921.532180][ T1484] hsr_slave_0: left promiscuous mode
[  921.568066][ T1484] hsr_slave_1: left promiscuous mode
[  921.569041][ T1484] batman_adv: batadv0: Removing interface: batadv_slave_0
[  921.609935][ T1484] batman_adv: batadv0: Removing interface: batadv_slave_1
[  923.008901][ T1484] team0 (unregistering): Port device team_slave_1 removed
[  923.068828][ T1484] team0 (unregistering): Port device team_slave_0 removed
[  924.752656][T10328] 8021q: adding VLAN 0 to HW filter on device bond0
[  924.867212][T10328] 8021q: adding VLAN 0 to HW filter on device team0
[  925.081382][  T989] bridge0: port 1(bridge_slave_0) entered blocking state
[  925.081548][  T989] bridge0: port 1(bridge_slave_0) entered forwarding state
[  925.134739][  T989] bridge0: port 2(bridge_slave_1) entered blocking state
[  925.134832][  T989] bridge0: port 2(bridge_slave_1) entered forwarding state
[  925.516721][ T5113] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  925.542010][ T5113] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  925.546631][ T5113] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  925.599625][ T5113] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  925.600500][ T5113] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  927.618023][ T5113] Bluetooth: hci3: command tx timeout
[  928.070377][T10416] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  928.445834][T10416] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  928.527150][T10577] netlink: 'syz.7.738': attribute type 10 has an invalid length.
[  928.815788][T10579] netlink: 4 bytes leftover after parsing attributes in process `syz.8.739'.
[  928.840697][T10579] netlink: 12 bytes leftover after parsing attributes in process `syz.8.739'.
[  929.881927][ T5113] Bluetooth: hci3: command tx timeout
[  931.897827][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  931.900586][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  931.938132][ T5113] Bluetooth: hci3: command tx timeout
[  931.994516][T10416] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  932.376911][T10416] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  932.411105][T10586] syzkaller0: entered promiscuous mode
[  932.621347][T10596] netlink: 24 bytes leftover after parsing attributes in process `syz.7.742'.
[  934.028055][ T5113] Bluetooth: hci3: command tx timeout
[  934.406280][T10566] chnl_net:caif_netlink_parms(): no params data found
[  934.427793][  T170] bridge_slave_1: left allmulticast mode
[  934.427817][  T170] bridge_slave_1: left promiscuous mode
[  934.429543][  T170] bridge0: port 2(bridge_slave_1) entered disabled state
[  934.499482][  T170] bridge_slave_0: left allmulticast mode
[  934.499508][  T170] bridge_slave_0: left promiscuous mode
[  934.499744][  T170] bridge0: port 1(bridge_slave_0) entered disabled state
[  935.011913][T10631] netlink: 24 bytes leftover after parsing attributes in process `syz.7.750'.
[  935.480281][  T170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  935.549879][  T170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  935.571431][  T170] bond0 (unregistering): Released all slaves
[  935.616158][T10328] 8021q: adding VLAN 0 to HW filter on device batadv0
[  936.078348][ T7916] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  936.139616][  T170] hsr_slave_0: left promiscuous mode
[  936.187931][  T170] hsr_slave_1: left promiscuous mode
[  936.219543][  T170] batman_adv: batadv0: Removing interface: batadv_slave_0
[  936.239892][ T7916] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  936.239919][ T7916] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  936.240047][ T7916] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  936.240081][ T7916] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  936.245863][ T7916] usb 8-1: config 0 descriptor??
[  936.291260][  T170] batman_adv: batadv0: Removing interface: batadv_slave_1
[  936.785148][ T7916] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0
[  936.785278][ T7916] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0
[  936.831888][ T7916] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:0D8C:0022.0005/input/input25
[  936.910168][ T7916] cm6533_jd 0003:0D8C:0022.0005: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.7-1/input0
[  937.059075][ T7916] usb 8-1: USB disconnect, device number 9
[  937.197126][T10644] fido_id[10644]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/8-1/report_descriptor': No such file or directory
[  937.578766][  T170] team0 (unregistering): Port device team_slave_1 removed
[  937.668366][  T170] team0 (unregistering): Port device team_slave_0 removed
[  938.452211][T10416] 8021q: adding VLAN 0 to HW filter on device bond0
[  938.584854][T10566] bridge0: port 1(bridge_slave_0) entered blocking state
[  938.586165][T10566] bridge0: port 1(bridge_slave_0) entered disabled state
[  938.586405][T10566] bridge_slave_0: entered allmulticast mode
[  938.636509][T10566] bridge_slave_0: entered promiscuous mode
[  938.660387][T10566] bridge0: port 2(bridge_slave_1) entered blocking state
[  938.660532][T10566] bridge0: port 2(bridge_slave_1) entered disabled state
[  938.660772][T10566] bridge_slave_1: entered allmulticast mode
[  938.662927][T10566] bridge_slave_1: entered promiscuous mode
[  938.833760][T10566] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  939.456819][T10566] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  939.543586][T10416] 8021q: adding VLAN 0 to HW filter on device team0
[  939.679312][T10566] team0: Port device team_slave_0 added
[  939.740427][ T1484] bridge0: port 1(bridge_slave_0) entered blocking state
[  939.740569][ T1484] bridge0: port 1(bridge_slave_0) entered forwarding state
[  939.761136][T10566] team0: Port device team_slave_1 added
[  939.827515][T10659] netlink: 8 bytes leftover after parsing attributes in process `syz.8.756'.
[  939.926750][ T1484] bridge0: port 2(bridge_slave_1) entered blocking state
[  939.926911][ T1484] bridge0: port 2(bridge_slave_1) entered forwarding state
[  940.002368][T10566] batman_adv: batadv0: Adding interface: batadv_slave_0
[  940.002388][T10566] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  940.002417][T10566] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  940.063303][T10328] veth0_vlan: entered promiscuous mode
[  940.065729][T10566] batman_adv: batadv0: Adding interface: batadv_slave_1
[  940.065742][T10566] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  940.065763][T10566] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  940.263429][T10328] veth1_vlan: entered promiscuous mode
[  940.290396][T10566] hsr_slave_0: entered promiscuous mode
[  940.291759][T10566] hsr_slave_1: entered promiscuous mode
[  942.015755][T10328] veth0_macvtap: entered promiscuous mode
[  942.061751][T10328] veth1_macvtap: entered promiscuous mode
[  942.314478][T10328] batman_adv: batadv0: Interface activated: batadv_slave_0
[  942.553046][T10328] batman_adv: batadv0: Interface activated: batadv_slave_1
[  942.995146][ T6096] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  942.995724][ T6096] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  942.995999][ T6096] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  942.996521][ T6096] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  943.583582][T10416] 8021q: adding VLAN 0 to HW filter on device batadv0
[  943.839188][T10702] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  944.075379][T10704] input: syz0 as /devices/virtual/input/input26
[  944.312647][T10416] veth0_vlan: entered promiscuous mode
[  944.436478][T10416] veth1_vlan: entered promiscuous mode
[  944.914207][   T60] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  944.932532][   T60] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  944.933785][   T60] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  944.958195][   T60] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  944.960952][   T60] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  945.144693][T10721] netlink: 24 bytes leftover after parsing attributes in process `syz.7.764'.
[  946.218703][T10416] veth0_macvtap: entered promiscuous mode
[  946.804358][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  946.908017][T10566] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  946.952422][T10416] veth1_macvtap: entered promiscuous mode
[  946.988656][T10566] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  947.058773][   T60] Bluetooth: hci1: command tx timeout
[  947.075568][T10566] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  947.356243][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  947.542387][T10566] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  947.976251][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  948.203782][T10416] batman_adv: batadv0: Interface activated: batadv_slave_0
[  949.804932][   T60] Bluetooth: hci1: command tx timeout
[  950.152991][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  950.303383][T10416] batman_adv: batadv0: Interface activated: batadv_slave_1
[  950.439961][ T1365] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  950.466591][ T1365] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  950.485772][ T1365] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  950.505937][ T1365] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  951.755593][   T60] Bluetooth: hci5: unexpected event for opcode 0x200b
[  951.868265][   T60] Bluetooth: hci1: command tx timeout
[  952.693500][   T13] bridge_slave_1: left allmulticast mode
[  952.693532][   T13] bridge_slave_1: left promiscuous mode
[  952.693766][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  952.788577][   T13] bridge_slave_0: left allmulticast mode
[  952.788602][   T13] bridge_slave_0: left promiscuous mode
[  952.788784][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  953.094606][   T60] Bluetooth: hci0: unexpected event for opcode 0x200b
[  953.938434][   T60] Bluetooth: hci1: command tx timeout
[  955.098070][ T5806] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  955.128953][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  955.200590][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  955.240110][   T13] bond0 (unregistering): Released all slaves
[  955.255170][ T5806] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  955.255209][ T5806] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  955.255239][ T5806] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  955.255256][ T5806] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  955.278474][T10807] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  955.297086][ T5806] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  955.330666][ T1365] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  955.330691][ T1365] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  955.360940][T10716] chnl_net:caif_netlink_parms(): no params data found
[  955.860186][ T5806] usb 8-1: USB disconnect, device number 10
[  956.028074][   T13] hsr_slave_0: left promiscuous mode
[  956.067992][   T13] hsr_slave_1: left promiscuous mode
[  956.069432][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  956.069458][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  956.128039][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  956.128094][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  956.202543][   T13] veth1_macvtap: left promiscuous mode
[  956.202621][   T13] veth0_macvtap: left promiscuous mode
[  956.202783][   T13] veth1_vlan: left promiscuous mode
[  956.202896][   T13] veth0_vlan: left promiscuous mode
[  959.083867][T10813] netlink: 'syz.7.776': attribute type 27 has an invalid length.
[  959.538139][ T5806] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  959.691560][ T5806] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  959.691600][ T5806] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  959.691642][ T5806] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  959.691667][ T5806] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  959.829995][T10822] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  959.913690][ T5806] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  960.189400][ T5806] usb 9-1: USB disconnect, device number 3
[  960.378888][   T13] team0 (unregistering): Port device team_slave_1 removed
[  960.438736][   T13] team0 (unregistering): Port device team_slave_0 removed
[  960.713023][ T8260] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  960.713044][ T8260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  960.852686][T10716] bridge0: port 1(bridge_slave_0) entered blocking state
[  960.852906][T10716] bridge0: port 1(bridge_slave_0) entered disabled state
[  960.853142][T10716] bridge_slave_0: entered allmulticast mode
[  960.855828][T10716] bridge_slave_0: entered promiscuous mode
[  960.886082][T10716] bridge0: port 2(bridge_slave_1) entered blocking state
[  960.886214][T10716] bridge0: port 2(bridge_slave_1) entered disabled state
[  960.886450][T10716] bridge_slave_1: entered allmulticast mode
[  960.916223][T10716] bridge_slave_1: entered promiscuous mode
[  960.945461][T10566] 8021q: adding VLAN 0 to HW filter on device bond0
[  962.555208][T10716] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  965.754033][T10716] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  966.022704][   T60] Bluetooth: hci0: unexpected event for opcode 0x200b
[  966.090676][T10716] team0: Port device team_slave_0 added
[  966.122451][T10716] team0: Port device team_slave_1 added
[  966.124828][T10566] 8021q: adding VLAN 0 to HW filter on device team0
[  966.214543][T10716] batman_adv: batadv0: Adding interface: batadv_slave_0
[  966.214563][T10716] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  966.214593][T10716] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  967.169100][T10716] batman_adv: batadv0: Adding interface: batadv_slave_1
[  967.169120][T10716] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  967.169152][T10716] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  968.483130][  T170] bridge0: port 1(bridge_slave_0) entered blocking state
[  968.496150][  T170] bridge0: port 1(bridge_slave_0) entered forwarding state
[  968.506878][  T170] bridge0: port 2(bridge_slave_1) entered blocking state
[  968.506997][  T170] bridge0: port 2(bridge_slave_1) entered forwarding state
[  969.059235][T10862] netlink: 4 bytes leftover after parsing attributes in process `syz.3.786'.
[  969.080761][T10862] netlink: 12 bytes leftover after parsing attributes in process `syz.3.786'.
[  973.469822][T10716] hsr_slave_0: entered promiscuous mode
[  973.471176][T10716] hsr_slave_1: entered promiscuous mode
[  973.512187][T10716] debugfs: 'hsr0' already exists in 'hsr'
[  973.512218][T10716] Cannot create hsr debugfs directory
[  976.895546][T10906] netlink: 4 bytes leftover after parsing attributes in process `syz.8.793'.
[  976.915055][T10906] netlink: 12 bytes leftover after parsing attributes in process `syz.8.793'.
[  981.478568][   T60] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  981.693567][T10566] 8021q: adding VLAN 0 to HW filter on device batadv0
[  982.228919][ T5912] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  982.394842][ T5912] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  982.394881][ T5912] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  982.394923][ T5912] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  982.394940][ T5912] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  982.468414][T10925] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  982.521169][ T5912] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  982.866429][ T5912] usb 9-1: USB disconnect, device number 4
[  983.629691][T10951] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  983.629720][T10951] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  983.629815][T10951] vhci_hcd vhci_hcd.0: Device attached
[  983.660738][T10951] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(10)
[  983.660767][T10951] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  983.660820][T10951] vhci_hcd vhci_hcd.0: Device attached
[  983.663575][T10951] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(12)
[  983.663602][T10951] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  983.663743][T10951] vhci_hcd vhci_hcd.0: Device attached
[  983.677228][T10716] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  983.680871][T10951] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(14)
[  983.680944][T10951] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  983.681183][T10951] vhci_hcd vhci_hcd.0: Device attached
[  983.715359][T10952] vhci_hcd: connection closed
[  983.716234][T10954] vhci_hcd: connection closed
[  983.721911][T10956] vhci_hcd: connection closed
[  983.726214][   T13] vhci_hcd vhci_hcd.3: stop threads
[  983.726277][   T13] vhci_hcd vhci_hcd.3: release socket
[  983.726375][   T13] vhci_hcd vhci_hcd.3: disconnect device
[  983.785258][   T13] vhci_hcd vhci_hcd.3: stop threads
[  983.785286][   T13] vhci_hcd vhci_hcd.3: release socket
[  983.785542][   T13] vhci_hcd vhci_hcd.3: disconnect device
[  983.813526][   T13] vhci_hcd vhci_hcd.3: stop threads
[  983.813553][   T13] vhci_hcd vhci_hcd.3: release socket
[  983.813621][   T13] vhci_hcd vhci_hcd.3: disconnect device
[  983.839696][T10958] vhci_hcd: connection closed
[  983.846231][T10716] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  983.859394][   T13] vhci_hcd vhci_hcd.3: stop threads
[  983.859419][   T13] vhci_hcd vhci_hcd.3: release socket
[  983.859459][   T13] vhci_hcd vhci_hcd.3: disconnect device
[  983.934612][T10716] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  984.444828][T10716] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  984.607405][T10566] veth0_vlan: entered promiscuous mode
[  984.743666][T10566] veth1_vlan: entered promiscuous mode
[  984.754272][   T60] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  985.066450][T10989] netlink: 24 bytes leftover after parsing attributes in process `syz.8.806'.
[  985.331158][T10989] netlink: 4 bytes leftover after parsing attributes in process `syz.8.806'.
[  985.556266][T10566] veth0_macvtap: entered promiscuous mode
[  985.866075][T10716] 8021q: adding VLAN 0 to HW filter on device bond0
[  985.933104][T10716] 8021q: adding VLAN 0 to HW filter on device team0
[  985.963508][ T6096] bridge0: port 1(bridge_slave_0) entered blocking state
[  985.963697][ T6096] bridge0: port 1(bridge_slave_0) entered forwarding state
[  986.014298][T10863] bridge0: port 2(bridge_slave_1) entered blocking state
[  986.014436][T10863] bridge0: port 2(bridge_slave_1) entered forwarding state
[  986.599072][   T60] Bluetooth: hci5: unexpected event for opcode 0x200b
[  987.532704][ T5912] IPVS: starting estimator thread 0...
[  987.618088][T11019] IPVS: using max 8 ests per chain, 19200 per kthread
[  987.634748][ T5113] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  987.655790][ T5113] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  987.674391][ T5113] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  987.801809][ T5113] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  987.811221][ T5113] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  988.398029][T10285] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  988.567061][T10285] usb 9-1: config 0 has no interfaces?
[  988.585496][T10285] usb 9-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice= 1.41
[  988.585520][T10285] usb 9-1: New USB device strings: Mfr=0, Product=246, SerialNumber=2
[  988.585535][T10285] usb 9-1: Product: syz
[  988.585545][T10285] usb 9-1: SerialNumber: syz
[  988.611974][T10285] usb 9-1: config 0 descriptor??
[  988.783850][T10716] 8021q: adding VLAN 0 to HW filter on device batadv0
[  988.858389][T10285] usb 9-1: USB disconnect, device number 5
[  989.944617][ T5113] Bluetooth: hci2: command tx timeout
[  990.921403][ T5113] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  991.685733][T10716] veth0_vlan: entered promiscuous mode
[  992.018645][ T5113] Bluetooth: hci2: command tx timeout
[  992.662009][T10716] veth1_vlan: entered promiscuous mode
[  993.152665][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  993.152749][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  993.298621][T11078] syzkaller0: entered promiscuous mode
[  993.360545][ T6470] bridge_slave_1: left allmulticast mode
[  993.360568][ T6470] bridge_slave_1: left promiscuous mode
[  993.360758][ T6470] bridge0: port 2(bridge_slave_1) entered disabled state
[  993.459972][ T6470] bridge_slave_0: left allmulticast mode
[  993.459994][ T6470] bridge_slave_0: left promiscuous mode
[  993.460173][ T6470] bridge0: port 1(bridge_slave_0) entered disabled state
[  994.098111][ T5113] Bluetooth: hci2: command tx timeout
[  994.670446][ T6470] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  994.740781][ T6470] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  994.787498][ T6470] bond0 (unregistering): Released all slaves
[  994.866144][T11020] chnl_net:caif_netlink_parms(): no params data found
[  994.990781][T10716] veth0_macvtap: entered promiscuous mode
[  995.341775][T11116] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(7)
[  995.341805][T11116] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  995.341892][T11116] vhci_hcd vhci_hcd.0: Device attached
[  995.435570][T11116] vhci_hcd vhci_hcd.0: pdev(8) rhport(2) sockfd(9)
[  995.435600][T11116] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  995.458238][T11121] vhci_hcd vhci_hcd.0: pdev(8) rhport(1) sockfd(10)
[  995.458268][T11121] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  995.467512][T11116] vhci_hcd vhci_hcd.0: Device attached
[  995.468222][T11121] vhci_hcd vhci_hcd.0: Device attached
[  995.499147][T11116] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(12)
[  995.499168][T11116] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  995.499235][T11116] vhci_hcd vhci_hcd.0: Device attached
[  995.500812][T11122] vhci_hcd: connection closed
[  995.501385][T10863] vhci_hcd vhci_hcd.8: stop threads
[  995.501410][T10863] vhci_hcd vhci_hcd.8: release socket
[  995.501448][T10863] vhci_hcd vhci_hcd.8: disconnect device
[  995.501508][T11123] vhci_hcd: connection closed
[  995.504602][T11117] vhci_hcd: connection closed
[  995.507770][T10863] vhci_hcd vhci_hcd.8: stop threads
[  995.507785][T10863] vhci_hcd vhci_hcd.8: release socket
[  995.509215][T10863] vhci_hcd vhci_hcd.8: disconnect device
[  995.509548][T11126] vhci_hcd: connection closed
[  995.515833][T10863] vhci_hcd vhci_hcd.8: stop threads
[  995.515884][T10863] vhci_hcd vhci_hcd.8: release socket
[  995.515998][T10863] vhci_hcd vhci_hcd.8: disconnect device
[  995.523862][T10863] vhci_hcd vhci_hcd.8: stop threads
[  995.523925][T10863] vhci_hcd vhci_hcd.8: release socket
[  995.524018][T10863] vhci_hcd vhci_hcd.8: disconnect device
[  995.962627][T10716] veth1_macvtap: entered promiscuous mode
[  996.181192][ T5113] Bluetooth: hci2: command tx timeout
[  996.244234][ T6470] hsr_slave_0: left promiscuous mode
[  996.537994][ T6470] hsr_slave_1: left promiscuous mode
[  996.539613][ T6470] batman_adv: batadv0: Removing interface: batadv_slave_0
[  996.605371][ T6470] batman_adv: batadv0: Removing interface: batadv_slave_1
[  996.706563][T11148] netlink: 4 bytes leftover after parsing attributes in process `syz.8.828'.
[  996.727313][T11148] netlink: 12 bytes leftover after parsing attributes in process `syz.8.828'.
[ 1001.028892][ T6470] veth0_macvtap: left promiscuous mode
[ 1001.029171][ T6470] veth1_vlan: left promiscuous mode
[ 1001.029306][ T6470] veth0_vlan: left promiscuous mode
[ 1005.740170][ T6470] team0 (unregistering): Port device team_slave_1 removed
[ 1008.732907][ T6470] team0 (unregistering): Port device team_slave_0 removed
[ 1009.365058][T11192] netlink: 4 bytes leftover after parsing attributes in process `syz.8.834'.
[ 1009.384521][T11192] netlink: 12 bytes leftover after parsing attributes in process `syz.8.834'.
[ 1013.954775][   T60] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1013.965106][   T60] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1013.981816][   T60] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1013.986206][   T60] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1013.992588][   T60] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1014.776220][T11201] netlink: 'syz.7.837': attribute type 27 has an invalid length.
[ 1015.128683][T11020] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1015.128811][T11020] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1015.129064][T11020] bridge_slave_0: entered allmulticast mode
[ 1015.131983][T11020] bridge_slave_0: entered promiscuous mode
[ 1015.238074][T11020] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1015.238211][T11020] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1015.238402][T11020] bridge_slave_1: entered allmulticast mode
[ 1015.257971][T11020] bridge_slave_1: entered promiscuous mode
[ 1016.094199][T11020] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1016.098512][ T5113] Bluetooth: hci3: command tx timeout
[ 1016.124521][T11020] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1016.129047][T11209] netlink: 'syz.8.839': attribute type 27 has an invalid length.
[ 1016.449837][T11020] team0: Port device team_slave_0 added
[ 1016.470788][T11020] team0: Port device team_slave_1 added
[ 1016.660042][T11020] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1016.660060][T11020] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1016.660084][T11020] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1016.760415][T11020] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1016.760429][T11020] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1016.760451][T11020] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1017.044127][T11020] hsr_slave_0: entered promiscuous mode
[ 1017.045482][T11020] hsr_slave_1: entered promiscuous mode
[ 1018.177925][ T5113] Bluetooth: hci3: command tx timeout
[ 1019.576015][T11189] chnl_net:caif_netlink_parms(): no params data found
[ 1019.613185][T11229] netlink: 'syz.3.843': attribute type 10 has an invalid length.
[ 1019.754761][T11229] syz_tun: entered promiscuous mode
[ 1019.781242][T11229] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 1019.827747][T11231] netlink: 'syz.8.844': attribute type 10 has an invalid length.
[ 1020.260969][T11231] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1020.266283][ T5113] Bluetooth: hci3: command tx timeout
[ 1020.281303][T11231] team0: Port device bond0 added
[ 1020.337971][  T809] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[ 1020.358070][T10239] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[ 1020.505629][T11241] netlink: 'syz.8.848': attribute type 10 has an invalid length.
[ 1020.549842][T10239] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[ 1020.549864][T10239] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[ 1020.551663][T10239] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[ 1020.551683][T10239] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[ 1020.553703][T10239] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[ 1020.553723][T10239] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[ 1020.557473][T10239] usb 4-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=c0.b9
[ 1020.557495][T10239] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1020.557509][T10239] usb 4-1: Product: syz
[ 1020.557520][T10239] usb 4-1: Manufacturer: syz
[ 1020.557530][T10239] usb 4-1: SerialNumber: syz
[ 1020.610048][  T809] usb 8-1: Using ep0 maxpacket: 8
[ 1020.623964][T10239] usb 4-1: config 0 descriptor??
[ 1020.681586][  T809] usb 8-1: config index 0 descriptor too short (expected 74, got 45)
[ 1020.681629][  T809] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[ 1020.681650][  T809] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1020.681668][  T809] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[ 1020.681729][  T809] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 1020.681747][  T809] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1020.681782][  T809] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1020.681799][  T809] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1020.805766][T10239] ti_usb_3410_5052 4-1:0.0: TI USB 5052 2 port adapter converter detected
[ 1020.806281][T10239] ti_usb_3410_5052 4-1:0.0: missing endpoints
[ 1020.994784][  T809] usb 8-1: usb_control_msg returned -32
[ 1020.994836][  T809] usbtmc 8-1:16.0: can't read capabilities
[ 1021.153290][T11241] syz_tun: entered promiscuous mode
[ 1021.162265][T11241] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 1021.807456][T11189] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1021.807661][T11189] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1021.823971][T11189] bridge_slave_0: entered allmulticast mode
[ 1021.889053][T11189] bridge_slave_0: entered promiscuous mode
[ 1022.218337][T11189] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1022.218486][T11189] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1022.218717][T11189] bridge_slave_1: entered allmulticast mode
[ 1022.223892][T11189] bridge_slave_1: entered promiscuous mode
[ 1022.338279][ T5113] Bluetooth: hci3: command tx timeout
[ 1022.679904][T11189] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1022.766466][T11189] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1022.992505][T11253] netlink: 24 bytes leftover after parsing attributes in process `syz.8.851'.
[ 1023.093583][T10239] usb 8-1: USB disconnect, device number 11
[ 1023.472132][T11189] team0: Port device team_slave_0 added
[ 1023.573420][T11189] team0: Port device team_slave_1 added
[ 1023.664576][T11266] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1023.895623][ T6470] bridge_slave_1: left allmulticast mode
[ 1023.895656][ T6470] bridge_slave_1: left promiscuous mode
[ 1023.897000][ T6470] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1024.004264][ T6470] bridge_slave_0: left allmulticast mode
[ 1024.004288][ T6470] bridge_slave_0: left promiscuous mode
[ 1024.004459][ T6470] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1024.095065][  T809] usb 4-1: USB disconnect, device number 2
[ 1024.163888][T11270] input: syz0 as /devices/virtual/input/input27
[ 1024.307979][ T5806] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[ 1024.613292][ T5806] usb 8-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1024.613320][ T5806] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1024.613339][ T5806] usb 8-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1024.613361][ T5806] usb 8-1: config 1 has no interface number 1
[ 1024.613392][ T5806] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1024.613422][ T5806] usb 8-1: config 1 interface 2 altsetting 1 endpoint 0x6 has invalid wMaxPacketSize 0
[ 1024.617269][ T5806] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1024.617293][ T5806] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1024.617308][ T5806] usb 8-1: Product: syz
[ 1024.617318][ T5806] usb 8-1: Manufacturer: syz
[ 1024.617329][ T5806] usb 8-1: SerialNumber: syz
[ 1025.659754][T11276] netlink: 4 bytes leftover after parsing attributes in process `syz.3.856'.
[ 1025.662731][T11276] netlink: 12 bytes leftover after parsing attributes in process `syz.3.856'.
[ 1027.826697][ T5806] usb 8-1: Failed to set altset
[ 1027.826751][ T5806] usb 8-1: 0:2: cannot create sequencer device
[ 1027.880521][ T5806] usb 8-1: Failed to set altset
[ 1028.041615][ T5113] Bluetooth: hci4: command 0x0406 tx timeout
[ 1028.043359][ T5806] snd-usb-audio 8-1:1.2: probe with driver snd-usb-audio failed with error -71
[ 1028.078042][ T5806] usb 8-1: USB disconnect, device number 12
[ 1028.148748][T11282] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1028.401844][   T60] Bluetooth: hci4: unexpected event for opcode 0x200b
[ 1028.537783][T11282] input: syz0 as /devices/virtual/input/input28
[ 1028.944314][ T6470] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1029.069552][ T6470] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1029.112198][ T6470] bond0 (unregistering): Released all slaves
[ 1029.159919][T11189] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1029.159933][T11189] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1029.159955][T11189] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1029.406417][T11189] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1029.406432][T11189] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1029.406453][T11189] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1030.048181][ T6470] hsr_slave_0: left promiscuous mode
[ 1030.268091][ T6470] hsr_slave_1: left promiscuous mode
[ 1030.331788][ T6470] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1030.419106][ T6470] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1030.627196][ T6470] veth1_macvtap: left promiscuous mode
[ 1030.627269][ T6470] veth0_macvtap: left promiscuous mode
[ 1030.627433][ T6470] veth1_vlan: left promiscuous mode
[ 1030.627549][ T6470] veth0_vlan: left promiscuous mode
[ 1031.798082][ T5912] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[ 1031.992533][ T5912] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1031.992563][ T5912] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1031.992583][ T5912] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1031.992605][ T5912] usb 4-1: config 1 has no interface number 1
[ 1031.992652][ T5912] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1031.992695][ T5912] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x6 has invalid wMaxPacketSize 0
[ 1031.995759][ T5912] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1031.995791][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1031.995813][ T5912] usb 4-1: Product: syz
[ 1031.995828][ T5912] usb 4-1: Manufacturer: syz
[ 1031.995844][ T5912] usb 4-1: SerialNumber: syz
[ 1032.326056][T11306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1032.357434][T11306] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1032.390090][T11306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1032.394251][T11306] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1032.460079][T11306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1032.498825][T11306] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1032.567783][ T5912] usb 4-1: Failed to set altset
[ 1032.567977][ T5912] usb 4-1: 0:2: cannot create sequencer device
[ 1032.575506][ T5912] usb 4-1: Failed to set altset
[ 1032.604236][ T6470] team0 (unregistering): Port device team_slave_1 removed
[ 1032.708689][ T6470] team0 (unregistering): Port device team_slave_0 removed
[ 1032.802449][ T5912] snd-usb-audio 4-1:1.2: probe with driver snd-usb-audio failed with error -71
[ 1032.862533][ T5912] usb 4-1: USB disconnect, device number 3
[ 1034.483587][T11189] hsr_slave_0: entered promiscuous mode
[ 1034.484607][T11189] hsr_slave_1: entered promiscuous mode
[ 1034.485289][T11189] debugfs: 'hsr0' already exists in 'hsr'
[ 1034.485308][T11189] Cannot create hsr debugfs directory
[ 1034.521905][T11020] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1034.580225][T11020] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1034.710108][T11020] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1034.830925][T11020] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1036.819919][T11020] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1036.848338][ T9891] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[ 1036.881476][T11020] 8021q: adding VLAN 0 to HW filter on device team0
[ 1036.913169][ T6470] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1036.920284][ T6470] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1036.965756][ T6470] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1036.969396][ T6470] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1037.003479][ T9891] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1037.003508][ T9891] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1037.003529][ T9891] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1037.003549][ T9891] usb 4-1: config 1 has no interface number 1
[ 1037.003601][ T9891] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1037.003644][ T9891] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x6 has invalid wMaxPacketSize 0
[ 1037.006908][ T9891] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1037.006939][ T9891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1037.006961][ T9891] usb 4-1: Product: syz
[ 1037.006976][ T9891] usb 4-1: Manufacturer: syz
[ 1037.006991][ T9891] usb 4-1: SerialNumber: syz
[ 1037.336282][T11354] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1037.336853][T11354] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1037.347441][T11354] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1037.360483][T11354] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1037.386937][T11354] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1037.387419][T11354] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1037.467971][ T9891] usb 4-1: Failed to set altset
[ 1037.468018][ T9891] usb 4-1: 0:2: cannot create sequencer device
[ 1037.508899][ T9891] usb 4-1: Failed to set altset
[ 1037.619771][ T9891] snd-usb-audio 4-1:1.2: probe with driver snd-usb-audio failed with error -71
[ 1037.644500][ T9891] usb 4-1: USB disconnect, device number 4
[ 1037.956908][T11195] udevd[11195]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1038.746153][T11189] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1039.430197][T11189] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1039.499637][T11189] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1039.704802][T11189] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1040.513635][T11020] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1040.980737][T11189] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1041.087620][T11189] 8021q: adding VLAN 0 to HW filter on device team0
[ 1041.108405][ T6470] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1041.108626][ T6470] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1041.265530][ T6470] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1041.265702][ T6470] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1042.781858][T11189] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1043.041845][T11189] veth0_vlan: entered promiscuous mode
[ 1043.156926][T11020] veth0_vlan: entered promiscuous mode
[ 1043.173681][T11189] veth1_vlan: entered promiscuous mode
[ 1043.299050][T11020] veth1_vlan: entered promiscuous mode
[ 1043.515111][T11189] veth0_macvtap: entered promiscuous mode
[ 1043.648629][T11020] veth0_macvtap: entered promiscuous mode
[ 1043.692106][T11189] veth1_macvtap: entered promiscuous mode
[ 1043.701114][T11020] veth1_macvtap: entered promiscuous mode
[ 1044.020183][T11189] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1044.098551][T11020] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1044.106068][ T9891] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[ 1044.133092][T11189] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1044.367095][ T9891] usb 8-1: config 0 has no interfaces?
[ 1044.377057][ T9891] usb 8-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice= 1.41
[ 1044.377091][ T9891] usb 8-1: New USB device strings: Mfr=0, Product=246, SerialNumber=2
[ 1044.377113][ T9891] usb 8-1: Product: syz
[ 1044.377128][ T9891] usb 8-1: SerialNumber: syz
[ 1044.393704][T11020] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1044.437769][ T9891] usb 8-1: config 0 descriptor??
[ 1044.467471][   T57] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1044.493919][   T57] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1044.494953][   T57] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1044.536317][   T57] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1044.588057][   T57] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1044.596571][ T1174] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1044.640342][ T1174] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1044.668930][ T9860] usb 8-1: USB disconnect, device number 13
[ 1044.722415][ T1174] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1045.446639][ T6096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1045.446658][ T6096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1045.851371][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1045.851394][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1045.962170][T11436] siw: device registration error -23
[ 1048.264664][ T1484] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1048.264689][ T1484] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1049.500866][T11463] netlink: 'syz.7.892': attribute type 27 has an invalid length.
[ 1051.511694][   T60] Bluetooth: hci5: unexpected event for opcode 0x200b
[ 1051.556685][ T5113] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1051.560438][ T5912] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[ 1051.583938][ T5113] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1051.587241][ T5113] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1051.592582][ T5113] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1051.595514][ T5113] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1051.738082][ T5912] usb 9-1: Using ep0 maxpacket: 8
[ 1051.744721][ T5912] usb 9-1: config index 0 descriptor too short (expected 74, got 45)
[ 1051.744782][ T5912] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[ 1051.744813][ T5912] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1051.744840][ T5912] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[ 1051.744869][ T5912] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 1051.744895][ T5912] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1051.744959][ T5912] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1051.744984][ T5912] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1052.099170][ T5912] usb 9-1: usb_control_msg returned -32
[ 1052.099219][ T5912] usbtmc 9-1:16.0: can't read capabilities
[ 1052.210710][T10239] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[ 1052.380464][T10239] usb 4-1: config 0 has no interfaces?
[ 1052.382318][T10239] usb 4-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice= 1.41
[ 1052.382347][T10239] usb 4-1: New USB device strings: Mfr=0, Product=246, SerialNumber=2
[ 1052.382371][T10239] usb 4-1: Product: syz
[ 1052.382382][T10239] usb 4-1: SerialNumber: syz
[ 1052.386665][T10239] usb 4-1: config 0 descriptor??
[ 1052.652331][ T5806] usb 4-1: USB disconnect, device number 5
[ 1052.905323][   T92] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1053.388073][ T9860] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 1053.541911][T10239] usb 9-1: USB disconnect, device number 6
[ 1053.559864][   T92] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1053.577928][ T9860] usb 1-1: Using ep0 maxpacket: 8
[ 1053.585190][ T9860] usb 1-1: config index 0 descriptor too short (expected 74, got 45)
[ 1053.585219][ T9860] usb 1-1: config 16 has an invalid descriptor of length 102, skipping remainder of the config
[ 1053.585269][ T9860] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1053.585316][ T9860] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1053.585340][ T9860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1053.698630][ T5113] Bluetooth: hci1: command tx timeout
[ 1053.838776][ T9860] usbtmc 1-1:16.0: bulk endpoints not found
[ 1055.487393][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1055.487468][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.778227][ T5113] Bluetooth: hci1: command tx timeout
[ 1055.884083][   T92] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1057.230013][T10239] usb 1-1: USB disconnect, device number 2
[ 1058.099253][ T5113] Bluetooth: hci1: command tx timeout
[ 1058.754800][   T92] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1059.933188][T11533] tipc: Started in network mode
[ 1059.933224][T11533] tipc: Node identity ac14140f, cluster identity 4711
[ 1059.934607][T11533] tipc: New replicast peer: 255.255.255.255
[ 1059.936404][T11533] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1060.301176][T11471] chnl_net:caif_netlink_parms(): no params data found
[ 1060.339299][ T5113] Bluetooth: hci1: command tx timeout
[ 1061.130574][T10239] tipc: Node number set to 2886997007
[ 1061.136249][   T92] bridge_slave_1: left allmulticast mode
[ 1061.136281][   T92] bridge_slave_1: left promiscuous mode
[ 1061.136529][   T92] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1061.216659][   T92] bridge_slave_0: left allmulticast mode
[ 1061.216683][   T92] bridge_slave_0: left promiscuous mode
[ 1061.216873][   T92] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1062.967980][ T9891] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 1063.128494][ T9891] usb 1-1: Using ep0 maxpacket: 8
[ 1063.130827][ T9891] usb 1-1: config index 0 descriptor too short (expected 74, got 45)
[ 1063.130855][ T9891] usb 1-1: config 16 has an invalid descriptor of length 102, skipping remainder of the config
[ 1063.130947][ T9891] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1063.130992][ T9891] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1063.131016][ T9891] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1063.211257][ T9891] usbtmc 1-1:16.0: bulk endpoints not found
[ 1064.710233][   T92] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1064.788919][   T92] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1064.835997][   T92] bond0 (unregistering): Released all slaves
[ 1065.299534][T11471] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1065.299739][T11471] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1065.300006][T11471] bridge_slave_0: entered allmulticast mode
[ 1065.302780][T11471] bridge_slave_0: entered promiscuous mode
[ 1065.568014][   T31] usb 1-1: USB disconnect, device number 3
[ 1066.226284][T11471] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1066.226438][T11471] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1066.226780][T11471] bridge_slave_1: entered allmulticast mode
[ 1066.252021][T11471] bridge_slave_1: entered promiscuous mode
[ 1067.192380][ T5113] Bluetooth: hci4: unexpected event for opcode 0x200b
[ 1067.566652][T11471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1067.626670][T11471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1068.206652][   T92] hsr_slave_0: left promiscuous mode
[ 1068.247414][   T92] hsr_slave_1: left promiscuous mode
[ 1068.254353][   T92] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1068.254383][   T92] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1068.357330][   T92] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1068.357358][   T92] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1068.431168][   T92] veth1_macvtap: left promiscuous mode
[ 1068.431242][   T92] veth0_macvtap: left promiscuous mode
[ 1068.431417][   T92] veth1_vlan: left promiscuous mode
[ 1068.431530][   T92] veth0_vlan: left promiscuous mode
[ 1071.029956][T11670] netlink: 4 bytes leftover after parsing attributes in process `syz.0.934'.
[ 1071.049117][T11670] netlink: 12 bytes leftover after parsing attributes in process `syz.0.934'.
[ 1074.318620][   T92] team0 (unregistering): Port device team_slave_1 removed
[ 1074.429146][   T92] team0 (unregistering): Port device team_slave_0 removed
[ 1075.049053][T11471] team0: Port device team_slave_0 added
[ 1075.228773][T11471] team0: Port device team_slave_1 added
[ 1075.399414][T11471] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1075.399434][T11471] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1075.399455][T11471] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1075.408829][T11471] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1075.408845][T11471] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1075.408876][T11471] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1075.876971][T11471] hsr_slave_0: entered promiscuous mode
[ 1075.902137][T11471] hsr_slave_1: entered promiscuous mode
[ 1078.028058][ T9860] usb 9-1: new full-speed USB device number 7 using dummy_hcd
[ 1078.221501][ T9860] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[ 1078.221534][ T9860] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[ 1078.223464][ T9860] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[ 1078.223494][ T9860] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[ 1078.225256][ T9860] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[ 1078.225285][ T9860] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[ 1078.231126][ T9860] usb 9-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=c0.b9
[ 1078.231165][ T9860] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1078.231180][ T9860] usb 9-1: Product: syz
[ 1078.231190][ T9860] usb 9-1: Manufacturer: syz
[ 1078.231201][ T9860] usb 9-1: SerialNumber: syz
[ 1078.235525][ T9860] usb 9-1: config 0 descriptor??
[ 1078.245935][ T9860] ti_usb_3410_5052 9-1:0.0: TI USB 5052 2 port adapter converter detected
[ 1078.246083][ T9860] ti_usb_3410_5052 9-1:0.0: missing endpoints
[ 1082.105795][T11750] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1082.154030][ T5911] usb 9-1: USB disconnect, device number 7
[ 1082.434528][T11471] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1082.635747][T11471] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1082.749252][T11471] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1082.799849][T11471] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1082.883287][T11750] input: syz0 as /devices/virtual/input/input29
[ 1083.425513][T11771] syzkaller0: entered promiscuous mode
[ 1083.917084][T11471] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1084.068040][ T5113] Bluetooth: hci0: unexpected event for opcode 0x200b
[ 1084.077333][T11471] 8021q: adding VLAN 0 to HW filter on device team0
[ 1084.224391][ T1307] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1084.243953][ T1307] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1084.652393][ T1484] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1084.652538][ T1484] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1085.048598][   T10] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[ 1085.246540][   T10] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1085.246596][   T10] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1085.246643][   T10] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[ 1085.246667][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1085.305355][   T10] usb 8-1: config 0 descriptor??
[ 1085.342696][   T10] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[ 1085.874095][T11471] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1087.163900][T11471] veth0_vlan: entered promiscuous mode
[ 1087.211827][T11471] veth1_vlan: entered promiscuous mode
[ 1087.414761][T11471] veth0_macvtap: entered promiscuous mode
[ 1087.429935][T11471] veth1_macvtap: entered promiscuous mode
[ 1087.475301][T11471] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1087.530528][T11471] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1087.553946][ T1484] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1087.554192][ T1484] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1087.554251][ T1484] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1087.554289][ T1484] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1088.147688][   T31] usb 8-1: USB disconnect, device number 14
[ 1088.443322][ T1307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1088.443340][ T1307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1088.562225][ T6470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1088.562248][ T6470] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1092.327214][T11855] syzkaller0: entered promiscuous mode
[ 1092.332747][T11874] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1096.068135][T11883] input: syz0 as /devices/virtual/input/input30
[ 1096.407199][T11895] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1096.407753][T11898] netlink: 4 bytes leftover after parsing attributes in process `syz.9.968'.
[ 1096.418189][  T809] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 1096.476133][T11898] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1096.476165][T11898] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1096.580394][  T809] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1096.580459][  T809] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1096.580505][  T809] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[ 1096.580528][  T809] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1096.687366][T11898] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1096.687403][T11898] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1096.798706][T11897] input: syz0 as /devices/virtual/input/input31
[ 1096.893585][  T809] usb 1-1: config 0 descriptor??
[ 1096.963848][  T809] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 1097.577907][T10285] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[ 1097.734841][T10285] usb 9-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1097.734870][T10285] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1097.734890][T10285] usb 9-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1097.734911][T10285] usb 9-1: config 1 has no interface number 1
[ 1097.734956][T10285] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1097.734999][T10285] usb 9-1: config 1 interface 2 altsetting 1 endpoint 0x6 has invalid wMaxPacketSize 0
[ 1097.799106][T10285] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1097.799141][T10285] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1097.799162][T10285] usb 9-1: Product: syz
[ 1097.799177][T10285] usb 9-1: Manufacturer: syz
[ 1097.799192][T10285] usb 9-1: SerialNumber: syz
[ 1098.058645][T11907] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1098.059193][T11907] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1098.060943][T11907] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1098.061932][T11907] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1098.080540][T11907] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1098.081520][T11907] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1098.300431][T10285] usb 9-1: Failed to set altset
[ 1098.300483][T10285] usb 9-1: 0:2: cannot create sequencer device
[ 1098.329304][T10285] usb 9-1: Failed to set altset
[ 1098.411401][T10285] snd-usb-audio 9-1:1.2: probe with driver snd-usb-audio failed with error -71
[ 1098.437368][T10285] usb 9-1: USB disconnect, device number 8
[ 1098.448418][   T10] usb 1-1: USB disconnect, device number 4
[ 1098.583980][T11927] udevd[11927]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1101.827992][ T5911] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 1104.038428][ T5911] usb 1-1: Using ep0 maxpacket: 8
[ 1104.041367][ T5911] usb 1-1: config index 0 descriptor too short (expected 74, got 45)
[ 1104.079514][ T5911] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[ 1104.079554][ T5911] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1104.079671][ T5911] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[ 1104.079704][ T5911] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 1104.079733][ T5911] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1104.079883][ T5911] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1104.079909][ T5911] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1104.623676][ T5911] usb 1-1: usb_control_msg returned -71
[ 1104.623733][ T5911] usbtmc 1-1:16.0: can't read capabilities
[ 1104.761873][ T5911] usb 1-1: USB disconnect, device number 5
[ 1111.849910][ T5912] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[ 1112.418170][ T5912] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[ 1112.418203][ T5912] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[ 1113.187026][ T5912] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[ 1113.187049][ T5912] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[ 1113.349168][ T5912] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[ 1113.349201][ T5912] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[ 1113.352554][ T5912] usb 4-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=c0.b9
[ 1113.352575][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1113.352590][ T5912] usb 4-1: Product: syz
[ 1113.352600][ T5912] usb 4-1: Manufacturer: syz
[ 1113.352611][ T5912] usb 4-1: SerialNumber: syz
[ 1113.406280][ T5912] usb 4-1: config 0 descriptor??
[ 1113.748017][ T5912] ti_usb_3410_5052 4-1:0.0: TI USB 5052 2 port adapter converter detected
[ 1113.750613][ T5912] ti_usb_3410_5052 4-1:0.0: missing endpoints
[ 1115.749355][T12061] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1116.022399][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.022518][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1118.887362][ T5912] usb 4-1: USB disconnect, device number 6
[ 1119.279147][T12095] syzkaller0: entered promiscuous mode
[ 1119.279169][T12095] syzkaller0: entered allmulticast mode
[ 1119.806088][  T809] IPVS: starting estimator thread 0...
[ 1119.887997][T12100] IPVS: using max 8 ests per chain, 19200 per kthread
[ 1120.662596][T12118] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1011'.
[ 1120.687423][T12118] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1011'.
[ 1122.877924][T12117] netlink: 1752 bytes leftover after parsing attributes in process `syz.7.1010'.
[ 1123.746326][T12140] syz.7.1019: vmalloc error: size 18446744073709551611, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1123.746408][T12140] CPU: 0 UID: 0 PID: 12140 Comm: syz.7.1019 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1123.746439][T12140] Tainted: [L]=SOFTLOCKUP
[ 1123.746448][T12140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1123.746461][T12140] Call Trace:
[ 1123.746470][T12140]  <TASK>
[ 1123.746480][T12140]  dump_stack_lvl+0xe8/0x150
[ 1123.746531][T12140]  warn_alloc+0x263/0x3e0
[ 1123.746556][T12140]  ? kasan_save_track+0x4f/0x80
[ 1123.746587][T12140]  ? kasan_save_track+0x3e/0x80
[ 1123.746616][T12140]  ? kasan_save_free_info+0x46/0x50
[ 1123.746643][T12140]  ? __kasan_slab_free+0x5c/0x80
[ 1123.746675][T12140]  ? tomoyo_path_number_perm+0x501/0x630
[ 1123.746708][T12140]  ? security_file_ioctl+0xc3/0x2a0
[ 1123.746739][T12140]  ? __se_sys_ioctl+0x47/0x170
[ 1123.746777][T12140]  ? __pfx_warn_alloc+0x10/0x10
[ 1123.746821][T12140]  __vmalloc_node_range_noprof+0x132/0x1730
[ 1123.746857][T12140]  ? look_up_lock_class+0x57/0x110
[ 1123.746891][T12140]  ? register_lock_class+0x31/0x2e0
[ 1123.746932][T12140]  ? __lock_acquire+0x6b5/0x2cf0
[ 1123.746975][T12140]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1123.747024][T12140]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[ 1123.747054][T12140]  vmalloc_noprof+0xb2/0xe0
[ 1123.747087][T12140]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[ 1123.747116][T12140]  dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[ 1123.747142][T12140]  ? dvb_demux_do_ioctl+0x323/0x540
[ 1123.747171][T12140]  dvb_demux_do_ioctl+0x460/0x540
[ 1123.747201][T12140]  dvb_usercopy+0x199/0x2e0
[ 1123.747224][T12140]  ? __pfx_dvb_demux_do_ioctl+0x10/0x10
[ 1123.747249][T12140]  ? __pfx_dvb_usercopy+0x10/0x10
[ 1123.747284][T12140]  ? __fget_files+0x3a6/0x420
[ 1123.747312][T12140]  ? __fget_files+0x2a/0x420
[ 1123.747343][T12140]  ? __pfx_dvb_demux_ioctl+0x10/0x10
[ 1123.747369][T12140]  dvb_demux_ioctl+0x29/0x40
[ 1123.747394][T12140]  __se_sys_ioctl+0xff/0x170
[ 1123.747431][T12140]  do_syscall_64+0x14d/0xf80
[ 1123.747461][T12140]  ? trace_irq_disable+0x3b/0x150
[ 1123.747487][T12140]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1123.747518][T12140]  ? clear_bhb_loop+0x40/0x90
[ 1123.747548][T12140]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1123.747571][T12140] RIP: 0033:0x7f10e163c799
[ 1123.747594][T12140] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1123.747613][T12140] RSP: 002b:00007f10df896028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1123.747636][T12140] RAX: ffffffffffffffda RBX: 00007f10e18b5fa0 RCX: 00007f10e163c799
[ 1123.747653][T12140] RDX: fffffffffffffffb RSI: 0000000000006f2d RDI: 0000000000000005
[ 1123.747668][T12140] RBP: 00007f10e16d2c99 R08: 0000000000000000 R09: 0000000000000000
[ 1123.747681][T12140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1123.747694][T12140] R13: 00007f10e18b6038 R14: 00007f10e18b5fa0 R15: 00007ffe3769a248
[ 1123.747730][T12140]  </TASK>
[ 1123.747739][T12140] Mem-Info:
[ 1123.747749][T12140] active_anon:287 inactive_anon:9029 isolated_anon:0
[ 1123.747749][T12140]  active_file:22677 inactive_file:39019 isolated_file:0
[ 1123.747749][T12140]  unevictable:768 dirty:124 writeback:0
[ 1123.747749][T12140]  slab_reclaimable:12630 slab_unreclaimable:106751
[ 1123.747749][T12140]  mapped:31947 shmem:1725 pagetables:1785
[ 1123.747749][T12140]  sec_pagetables:0 bounce:0
[ 1123.747749][T12140]  kernel_misc_reclaimable:0
[ 1123.747749][T12140]  free:1294832 free_pcp:6034 free_cma:0
[ 1124.102878][T12140] Node 0 active_anon:1136kB inactive_anon:41996kB active_file:90512kB inactive_file:156076kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:133824kB dirty:572kB writeback:0kB shmem:11280kB kernel_stack:14008kB pagetables:7024kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1124.102940][T12140] Node 1 active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:64kB pagetables:176kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1124.102990][T12140] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1124.103059][T12140] lowmem_reserve[]: 0 2506 2506 2506 2506
[ 1124.103103][T12140] Node 0 DMA32 free:1223468kB boost:0kB min:3932kB low:6468kB high:9004kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1136kB inactive_anon:42196kB active_file:90512kB inactive_file:156076kB unevictable:1536kB writepending:572kB zspages:0kB present:3129332kB managed:2566592kB mlocked:0kB bounce:0kB free_pcp:18108kB local_pcp:3224kB free_cma:0kB
[ 1124.103172][T12140] lowmem_reserve[]: 0 0 0 0 0
[ 1124.103211][T12140] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:420kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1124.103275][T12140] lowmem_reserve[]: 0 0 0 0 0
[ 1124.103315][T12140] Node 1 Normal free:3940436kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1124.103381][T12140] lowmem_reserve[]: 0 0 0 0 0
[ 1124.103420][T12140] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1124.103564][T12140] Node 0 DMA32: 2591*4kB (UME) 3916*8kB (UME) 2669*16kB (UM) 588*32kB (UME) 860*64kB (UME) 774*128kB (UME) 626*256kB (UME) 410*512kB (UME) 256*1024kB (UME) 91*2048kB (UME) 36*4096kB (UM) = 1223468kB
[ 1124.103752][T12140] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1124.103869][T12140] Node 1 Normal: 3*4kB (UM) 5*8kB (UM) 10*16kB (UM) 12*32kB (UM) 8*64kB (UM) 4*128kB (UM) 4*256kB (UM) 5*512kB (UM) 3*1024kB (UM) 2*2048kB (UM) 959*4096kB (UM) = 3940436kB
[ 1124.104053][T12140] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1124.104072][T12140] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 1124.104090][T12140] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1124.104109][T12140] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 1124.104127][T12140] 64896 total pagecache pages
[ 1124.104136][T12140] 0 pages in swap cache
[ 1124.104144][T12140] Free swap  = 124996kB
[ 1124.104153][T12140] Total swap = 124996kB
[ 1124.104162][T12140] 2097051 pages RAM
[ 1124.104170][T12140] 0 pages HighMem/MovableOnly
[ 1124.104179][T12140] 423683 pages reserved
[ 1124.104187][T12140] 0 pages cma reserved
[ 1124.606391][T12140] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1019'.
[ 1125.056824][   T36] audit: type=1326 audit(1773262936.755:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12151 comm="syz.9.1022" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3451f3c799 code=0x0
[ 1125.162053][T12154] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1022'.
[ 1125.784341][T12154] bridge_slave_1: left allmulticast mode
[ 1125.784374][T12154] bridge_slave_1: left promiscuous mode
[ 1125.784814][T12154] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1126.705468][T12154] bridge_slave_0: left allmulticast mode
[ 1126.705500][T12154] bridge_slave_0: left promiscuous mode
[ 1126.705773][T12154] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1126.858960][T12170] netlink: 'syz.0.1023': attribute type 10 has an invalid length.
[ 1133.068510][T12170] syz_tun: entered promiscuous mode
[ 1133.074322][T12170] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 1133.134917][T12181] netlink: 'syz.3.1026': attribute type 10 has an invalid length.
[ 1133.727570][T12187] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1029'.
[ 1136.672910][T12225] netlink: 'syz.0.1035': attribute type 27 has an invalid length.
[ 1136.746429][T12223] netlink: 'syz.8.1038': attribute type 10 has an invalid length.
[ 1136.908016][T10239] IPVS: starting estimator thread 0...
[ 1137.011010][T12229] IPVS: using max 8 ests per chain, 19200 per kthread
[ 1137.308023][T10239] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[ 1137.843620][T10239] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1137.843658][T10239] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[ 1137.843675][T10239] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1137.857274][T10239] usb 8-1: config 0 descriptor??
[ 1137.934551][T10239] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[ 1138.580986][   T60] Bluetooth: hci3: command 0x0406 tx timeout
[ 1138.647968][  T809] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[ 1138.807926][  T809] usb 4-1: Using ep0 maxpacket: 8
[ 1138.812421][  T809] usb 4-1: config index 0 descriptor too short (expected 74, got 45)
[ 1138.812483][  T809] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[ 1138.812513][  T809] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1138.812539][  T809] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 26232, setting to 64
[ 1138.812567][  T809] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1138.812613][  T809] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1138.812638][  T809] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1138.938249][  T809] usbtmc 4-1:16.0: bulk endpoints not found
[ 1138.957336][T12243] syzkaller0: entered promiscuous mode
[ 1139.858091][T12256] netlink: 1752 bytes leftover after parsing attributes in process `syz.8.1045'.
[ 1139.996819][ T9860] usb 8-1: USB disconnect, device number 15
[ 1140.911777][ T7852] usb 8-1: new full-speed USB device number 16 using dummy_hcd
[ 1141.346351][ T9860] usb 4-1: USB disconnect, device number 7
[ 1141.397599][ T7852] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[ 1141.397649][ T7852] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[ 1141.399907][ T7852] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[ 1141.399984][ T7852] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[ 1141.402907][ T7852] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[ 1141.402990][ T7852] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[ 1141.408865][ T7852] usb 8-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=c0.b9
[ 1141.408916][ T7852] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1141.408954][ T7852] usb 8-1: Product: syz
[ 1141.409013][ T7852] usb 8-1: Manufacturer: syz
[ 1141.409062][ T7852] usb 8-1: SerialNumber: syz
[ 1141.512508][ T7852] usb 8-1: config 0 descriptor??
[ 1141.528085][ T7852] ti_usb_3410_5052 8-1:0.0: TI USB 5052 2 port adapter converter detected
[ 1141.528308][ T7852] ti_usb_3410_5052 8-1:0.0: missing endpoints
[ 1141.609479][T12280] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1142.169996][T12288] netlink: 'syz.8.1052': attribute type 10 has an invalid length.
[ 1142.638696][T12295] bond0: (slave syz_tun): Releasing backup interface
[ 1143.212176][T10239] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[ 1143.750274][T10239] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1143.750330][T10239] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1143.750375][T10239] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[ 1143.750400][T10239] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1143.792414][T10239] usb 4-1: config 0 descriptor??
[ 1143.843408][T10239] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 1143.864678][T12295] bridge_slave_0: left allmulticast mode
[ 1143.864699][T12295] bridge_slave_0: left promiscuous mode
[ 1143.890720][T12295] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1144.068358][T12295] bridge_slave_1: left allmulticast mode
[ 1144.068390][T12295] bridge_slave_1: left promiscuous mode
[ 1144.068661][T12295] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1144.201812][T12295] bond0: (slave bond_slave_0): Releasing backup interface
[ 1144.300369][T12295] bond0: (slave bond_slave_1): Releasing backup interface
[ 1144.493168][T12295] team0: Port device team_slave_0 removed
[ 1144.599665][T12295] team0: Port device team_slave_1 removed
[ 1144.601368][T12295] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1144.601396][T12295] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1144.640792][T12295] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1144.640814][T12295] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1144.674401][T12295] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 1144.707985][ T7852] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[ 1144.860590][ T7852] usb 9-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1144.860731][ T7852] usb 9-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[ 1144.860757][ T7852] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1144.927320][ T7852] usb 9-1: config 0 descriptor??
[ 1144.971262][ T7852] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[ 1145.601883][ T7852] usb 8-1: USB disconnect, device number 16
[ 1146.399721][T10239] usb 4-1: USB disconnect, device number 8
[ 1148.246206][T10285] usb 9-1: USB disconnect, device number 9
[ 1154.875939][T12400] netlink: 'syz.0.1076': attribute type 10 has an invalid length.
[ 1154.998061][ T5806] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[ 1155.147920][ T5806] usb 9-1: Using ep0 maxpacket: 8
[ 1155.151543][ T5806] usb 9-1: config index 0 descriptor too short (expected 74, got 45)
[ 1155.151586][ T5806] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[ 1155.151605][ T5806] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1155.151624][ T5806] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[ 1155.151643][ T5806] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 1155.151660][ T5806] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1155.151690][ T5806] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1155.151707][ T5806] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1155.288169][T12400] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 1155.495989][ T5806] usb 9-1: usb_control_msg returned -32
[ 1155.496024][ T5806] usbtmc 9-1:16.0: can't read capabilities
[ 1155.588042][ T5806] ==================================================================
[ 1155.588059][ T5806] BUG: KASAN: vmalloc-out-of-bounds in __list_add_valid_or_report+0x4e/0x130
[ 1155.588169][ T5806] Read of size 8 at addr ffffc9001f4a9008 by task kworker/1:4/5806
[ 1155.588184][ T5806] 
[ 1155.588198][ T5806] CPU: 1 UID: 0 PID: 5806 Comm: kworker/1:4 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1155.588225][ T5806] Tainted: [L]=SOFTLOCKUP
[ 1155.588231][ T5806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1155.588244][ T5806] Workqueue: usb_hub_wq hub_event
[ 1155.588323][ T5806] Call Trace:
[ 1155.588330][ T5806]  <TASK>
[ 1155.588338][ T5806]  dump_stack_lvl+0xe8/0x150
[ 1155.588366][ T5806]  print_report+0xba/0x230
[ 1155.588396][ T5806]  ? __list_add_valid_or_report+0x4e/0x130
[ 1155.588412][ T5806]  kasan_report+0x117/0x150
[ 1155.588442][ T5806]  ? __list_add_valid_or_report+0x4e/0x130
[ 1155.588463][ T5806]  __list_add_valid_or_report+0x4e/0x130
[ 1155.588481][ T5806]  kcov_remote_stop+0x457/0x680
[ 1155.588506][ T5806]  hub_event+0x49d8/0x4f60
[ 1155.588554][ T5806]  ? __pfx_hub_event+0x10/0x10
[ 1155.588585][ T5806]  ? process_scheduled_works+0xa25/0x1830
[ 1155.588615][ T5806]  ? process_scheduled_works+0xa25/0x1830
[ 1155.588640][ T5806]  process_scheduled_works+0xb02/0x1830
[ 1155.588676][ T5806]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1155.588710][ T5806]  ? assign_work+0x3d5/0x5e0
[ 1155.588735][ T5806]  worker_thread+0xa50/0xfc0
[ 1155.588772][ T5806]  kthread+0x388/0x470
[ 1155.588790][ T5806]  ? __pfx_worker_thread+0x10/0x10
[ 1155.588814][ T5806]  ? __pfx_kthread+0x10/0x10
[ 1155.588832][ T5806]  ret_from_fork+0x51e/0xb90
[ 1155.588872][ T5806]  ? __pfx_ret_from_fork+0x10/0x10
[ 1155.588896][ T5806]  ? __switch_to+0xc7d/0x1450
[ 1155.588928][ T5806]  ? __pfx_kthread+0x10/0x10
[ 1155.588945][ T5806]  ret_from_fork_asm+0x1a/0x30
[ 1155.588969][ T5806]  </TASK>
[ 1155.588976][ T5806] 
[ 1155.588980][ T5806] The buggy address belongs to a vmalloc virtual mapping
[ 1155.588996][ T5806] Memory state around the buggy address:
[ 1155.589006][ T5806]  ffffc9001f4a8f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1155.589017][ T5806]  ffffc9001f4a8f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1155.589029][ T5806] >ffffc9001f4a9000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1155.589039][ T5806]                       ^
[ 1155.589048][ T5806]  ffffc9001f4a9080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1155.589060][ T5806]  ffffc9001f4a9100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1155.589069][ T5806] ==================================================================
[ 1155.589088][ T5806] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1155.589103][ T5806] CPU: 1 UID: 0 PID: 5806 Comm: kworker/1:4 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1155.589126][ T5806] Tainted: [L]=SOFTLOCKUP
[ 1155.589133][ T5806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1155.589144][ T5806] Workqueue: usb_hub_wq hub_event
[ 1155.589169][ T5806] Call Trace:
[ 1155.589175][ T5806]  <TASK>
[ 1155.589182][ T5806]  vpanic+0x56c/0xa60
[ 1155.589211][ T5806]  ? __pfx_vpanic+0x10/0x10
[ 1155.589241][ T5806]  panic+0xc5/0xd0
[ 1155.589266][ T5806]  ? __pfx_panic+0x10/0x10
[ 1155.589292][ T5806]  ? __list_add_valid_or_report+0x4e/0x130
[ 1155.589308][ T5806]  ? rcu_is_watching+0x15/0xb0
[ 1155.589338][ T5806]  ? __list_add_valid_or_report+0x4e/0x130
[ 1155.589354][ T5806]  check_panic_on_warn+0x89/0xb0
[ 1155.589383][ T5806]  ? __list_add_valid_or_report+0x4e/0x130
[ 1155.589400][ T5806]  end_report+0x73/0x180
[ 1155.589427][ T5806]  ? __list_add_valid_or_report+0x4e/0x130
[ 1155.589443][ T5806]  kasan_report+0x128/0x150
[ 1155.589471][ T5806]  ? __list_add_valid_or_report+0x4e/0x130
[ 1155.589492][ T5806]  __list_add_valid_or_report+0x4e/0x130
[ 1155.589510][ T5806]  kcov_remote_stop+0x457/0x680
[ 1155.589534][ T5806]  hub_event+0x49d8/0x4f60
[ 1155.589581][ T5806]  ? __pfx_hub_event+0x10/0x10
[ 1155.589612][ T5806]  ? process_scheduled_works+0xa25/0x1830
[ 1155.589636][ T5806]  ? process_scheduled_works+0xa25/0x1830
[ 1155.589661][ T5806]  process_scheduled_works+0xb02/0x1830
[ 1155.589696][ T5806]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1155.589729][ T5806]  ? assign_work+0x3d5/0x5e0
[ 1155.589754][ T5806]  worker_thread+0xa50/0xfc0
[ 1155.589790][ T5806]  kthread+0x388/0x470
[ 1155.589808][ T5806]  ? __pfx_worker_thread+0x10/0x10
[ 1155.589831][ T5806]  ? __pfx_kthread+0x10/0x10
[ 1155.589849][ T5806]  ret_from_fork+0x51e/0xb90
[ 1155.589874][ T5806]  ? __pfx_ret_from_fork+0x10/0x10
[ 1155.589898][ T5806]  ? __switch_to+0xc7d/0x1450
[ 1155.589919][ T5806]  ? __pfx_kthread+0x10/0x10
[ 1155.589937][ T5806]  ret_from_fork_asm+0x1a/0x30
[ 1155.589961][ T5806]  </TASK>
[ 1155.590557][ T5806] Kernel Offset: disabled