last executing test programs:

2m28.760448181s ago: executing program 1 (id=65):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000040)={0x0, 0x7a124, 0x60, {0xfffffff8}}) (async)
r1 = syz_usb_connect$hid(0x2, 0x36, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r0], 0x0)
syz_usb_control_io(r1, 0x0, 0x0) (async)
syz_usb_control_io$hid(r1, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\"\v'], 0x0}, 0x0) (async)
syz_usb_control_io(r1, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00140d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io(r1, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) (async)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000ec0)={'batadv0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r3, &(0x7f0000000040)={0x0, 0xfffffd5a, &(0x7f00000003c0)={&(0x7f0000000440)={0x1c, r5, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8050}, 0x4000) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r3)
getsockopt$bt_hci(r2, 0x84, 0x80, 0x0, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r6, &(0x7f0000001ac0)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000001a80)=""/24, 0xb, 0x103, 0x4, 0x0, 0x2, 0xc04}}, 0x120) (async)
readv(r6, &(0x7f0000000180)=[{&(0x7f0000000f80)=""/164, 0xa4}, {&(0x7f0000001100)=""/72, 0x48}], 0x2)
readv(r6, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}], 0x1)
write$UHID_DESTROY(r6, &(0x7f0000000040), 0x4)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xd6, 0xe2, 0xaa, 0x40, 0x4e2, 0x1410, 0x7515, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xd3, 0x0, 0x0, 0x2, 0x9e, 0x3e}}]}}]}}, 0x0) (async)
sendmsg$IPCTNL_MSG_EXP_NEW(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="c80000000002010400000000000000000a0000073c0001802c000180140003000000000000000000000000000000000114000400ff0100000000000000000000000000010c00028005000100980000003c0003000c0002800500160100890000002c00018014000300fe80000000000000000000000000002a14000400000000000000000000000000000000013c0002802c000180140003001381000000000080000000000000003b1400040000000000000000000000ffffe00000020c000280040001168ddc1c05ce208758eb9301307b4b4bcebd3d4a1831ca5c1771f5da0db196ec61d6e1e196d8f1a1757a"], 0xc8}, 0x1, 0x0, 0x0, 0x20008884}, 0x804)
r8 = syz_open_dev$vim2m(&(0x7f0000000100), 0x5, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f0000000640)={0x3, 0x1, 0x6, 0x0, 0x3}) (async)
r9 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r9, 0x40086602, &(0x7f00000001c0)=0x10)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x0, 0x0) (async)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

2m25.608681339s ago: executing program 1 (id=75):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d0400", 0xc)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
write$binfmt_script(r1, &(0x7f0000000600), 0xfec8)
recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000001740)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x2000000}}], 0x1, 0xcb, 0x0)

2m24.10885669s ago: executing program 1 (id=78):
r0 = socket(0x10, 0x803, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000404f045db600000000000109022400010000f3000904000001030003000921000000012205000905810308000000006a27f5339d1f8fa8895393523617dfaa985a0d5ffdd6e91afcc6a166df9463326e812fc649a14811f9ac97857d76c5b8b9aeadedf709ef558ca7bcb149f6837a9b93ce0d7254f2fa9244a5d18227ee444ad22ae29466ee7028f1026eb4fa039fb5a435b3627eb2bac8a0f51cb9ad8dacd60f3aaa6a132535c1b0fda1857ffac4e4df9701dcd732659324969e3d68a402ce77b694bb70"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = syz_open_dev$dvb_demux(&(0x7f0000000400), 0x0, 0x700)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000380)={'team_slave_0\x00', &(0x7f00000000c0)=@ethtool_pauseparam={0x13, 0x7, 0x6, 0x6}})
socket$qrtr(0x2a, 0x2, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000002000800000000e0ffffff82000400000000000000400006040000000000eb4765899f864d5ab181b6182bb4298619326abcad4102780febfd6733fdf2c4ce2cf8c6b5e49bb6ef217a"], 0x0, 0x32, 0x0, 0x1}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="7ce8001602000000008cc01d76bcbb50e8000000", @ANYBLOB='\x00'/17, @ANYRES32=0x0], 0x50)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$MRT6_ADD_MFC_PROXY(r4, 0x29, 0xd2, 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x40000, 0x0, 0x1000000, 0x0, 0xc5c4, 0x2}, 0x0, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r2, 0x403c6f2b, &(0x7f0000000000)={0x6, {"e512864f2c63b42b1e937260904ce544", "b80b00", "98fed86df169f801002f69ff0008e800"}, 0x3ff, 0x5})
syz_usb_control_io(r1, &(0x7f00000001c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000085"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r6, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x3f, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffe5e}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x8000)
syz_usb_connect(0x1, 0x2d, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, &(0x7f00000004c0)={0x2c, 0x0, 0x0, &(0x7f00000003c0)={0x0, 0x8, 0x1}, 0x0, 0x0})
sendmsg$nl_generic(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000005200010000000000000000000a00000008000100", @ANYRES64=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20048845}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, r8, 0x1, 0x70bd2d, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x116be}, {0xc, 0x90, 0x2}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4001}, 0x4c01c)

2m15.340201648s ago: executing program 1 (id=89):
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xffffffff, 0x0, 0xb49, 0x80000000009, 0x8000000000000001, 0x0, 0x3}, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x8, 0x122c42)
preadv2(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/17, 0x11}], 0x1, 0xffffffff, 0x7, 0x8)
pipe2(&(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f00000006c0)='./file0\x00', 0x0, 0x38ad211, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f00000001c0)={0x0, 0x8d9, 0x403, 0x9, 0xf, 0x8000})
syz_open_dev$sg(&(0x7f00000003c0), 0x4a38, 0x201)
syz_open_dev$sg(&(0x7f0000000240), 0x8, 0x81)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000480)={0x53, 0xfffffffffffffffd, 0xffffffffffffff19, 0xb4, @buffer={0x0, 0x0, &(0x7f00000009c0)=""/209}, &(0x7f0000000200)="c50000000000", 0x0, 0x2, 0x10033, 0xffffffffffffffff, 0x0})
mount$bind(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x84000, 0x0)
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x0, 0x4}, 0x0)
r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0x3dd})
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r3, <r4=>0xffffffffffffffff}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0x10, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000100000000000000080020b7080000000000007b8af8ff00000000b708000035fd00007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000b60000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r6, &(0x7f0000001380), &(0x7f0000000000)=""/10, 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r6, &(0x7f0000000880)="f2", &(0x7f0000000000)=""/10, 0x2}, 0x20)
bpf$PROG_LOAD(0x2, &(0x7f00000004c0)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r5, 0x0, 0x10, 0x1, &(0x7f00000006c0)="051cf3b75a97acbf", &(0x7f0000000700)=""/8, 0xb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x1b)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)

2m12.732419061s ago: executing program 1 (id=90):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r0, 0x0)
ftruncate(r0, 0x51a9497)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
r1 = socket$kcm(0x10, 0x2, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001900010000000000000000408020"], 0x2c}, 0x1, 0x0, 0x0, 0x48090}, 0x40000)
sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x200a4800)
recvmsg$kcm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000004c0)=""/4135, 0x1027}], 0x1}, 0x42)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a1d010000000000000000020000000900010073797a3000000000080002400000000098"], 0xfc}}, 0xdfb398d941924945)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xffffffffffffffba, &(0x7f0000000080)=[{&(0x7f0000000500)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00b17d10cc40a88848b96648e582003c9644fb02faf23884372d474d8235b094550aff7f", 0x33fe0}], 0x1}, 0x8000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICADD(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r4, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x20, r5, 0x300, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x8000)
pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x14, 0x0, 0x1, 0x101, 0x0, 0x0, {0x2, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x20000084}, 0x20000891)
r8 = openat$mixer(0xffffffffffffff9c, &(0x7f0000003fc0), 0x2a4c1, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(r8, 0xc0044dff, 0x0)
r9 = getpgid(0x0)
r10 = syz_open_procfs(r9, &(0x7f0000000380)='oom_adj\x00')
r11 = dup3(r10, r6, 0x0)
r12 = accept$phonet_pipe(r11, &(0x7f00000001c0), &(0x7f0000000200)=0x10)
r13 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$sock(r12, &(0x7f0000001900)={&(0x7f0000000400)=@sco={0x1f, @none}, 0x80, &(0x7f0000001880)=[{&(0x7f0000001500)="fdbbb98dc54c75e2dbcc0a649b5b1b62b54846ba448571189f9f25f5c32b17ea436182c86cbd4f2a495165c4f7a11ca22a3b31ffeddc9c39265c83e34ceb241a603db23077acd3e7312245890a2d99530354eae82c9dd1ac0f772183326ef6ce5430495b5c182f39cbfe4d7ceef36879e457e16248bc5bda2ec0b52ea487b0090b9de8e47ff273beb045f6862d8eac846ed6dac281866d9c4454b21a1906df72fdf3908c2e2c062cbe37bc0402be51a84233a71f9606b4df9ead4e4a7dc18cf49db3b8df3d742f9202fe1816029ae2f3027db74d25453a91e72bcae8", 0xdc}, {&(0x7f0000001600)="3a8bb110cd7352bd5b2bc6ec6393ce68a25965135b932a35afa115e84ae66b410ee8b4876b42873b6c067d3c79a216921551b4", 0x33}, {&(0x7f0000001640)="5d3a2926e97e45f524b5486ba8b75d223403200df24fa9b45f238496e28a7608a2ec3b1e0f2ed0fa1929e614736d598cc976f2fdf00543af59b6309e8ccd11f61ac6126c27950b1fae97c5e2b253c26ec350f045beb04bcf7358d69dfc13e2553e00500f6b8516c9bfbb635a2c3eda7a4da88d551b15f12031052d091f0866dd66e2b4f3b82cf61dcb54d398461063c612ad7d9f8d4b856cda085bdbe9d59560a04a3af8416a515e2d765a1c056e0753ab3c81cf0e47074bdf9d1780bbd2db1aebaa1a3bbeb5b8f1bf65f3c7d30c9731f72806aba0ca8eb82581c479cd00886f92e4659e77e317b250", 0xe9}, {&(0x7f0000001740)="7a6c13331fef0148f486258dffe9b6b649f890292969c94e53f9fc188309e6fdcece5e6a367278817c00ff555e17be5efb", 0x31}, {&(0x7f0000001780)="63e22ca00630855aa31452370c8c2de2186f17f0ad4abd58b8aa5d68f39851844ad5c80ea7829244bb36b3eb571a935e6cfca2df778b31663a104d0d286d9748dfdcef8f6bb37477e65d9b371fc47fa0a4684aa2752f7db7e662e59e8c2b2cb61687cfe9d8fe61dd444b666abc4f8012b14e14d738413623b61e5828832e3d0197bfbdf5c1117ef462a85d8b254432ae90d9153946bd5845c6a65ab2fe67b6c4af866b41853ceb8efce8a8b568a051ce8daa5a5f3244e3479e43d4c9a2968e1e9f936c5b5dbbe39598987eb7095a2eb576bfa39c", 0xd4}], 0x5}, 0x4000)
bind$inet6(r13, &(0x7f0000000000)={0xa, 0x4e1c, 0x46, @loopback, 0x1ff}, 0x1c)

2m9.557109972s ago: executing program 1 (id=100):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000083c0)={0x2020}, 0x1497)
read$FUSE(0xffffffffffffffff, &(0x7f0000003480)={0x2020}, 0x2020)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
futex(0x0, 0x5, 0x20001, 0x0, &(0x7f0000000100)=0x4, 0xc3000000)
socket$netlink(0x10, 0x3, 0x0)
syz_usb_connect(0x5, 0x24, 0x0, 0x0)
accept(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e9, &(0x7f00000002c0))

2m7.682240041s ago: executing program 32 (id=100):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000083c0)={0x2020}, 0x1497)
read$FUSE(0xffffffffffffffff, &(0x7f0000003480)={0x2020}, 0x2020)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
futex(0x0, 0x5, 0x20001, 0x0, &(0x7f0000000100)=0x4, 0xc3000000)
socket$netlink(0x10, 0x3, 0x0)
syz_usb_connect(0x5, 0x24, 0x0, 0x0)
accept(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e9, &(0x7f00000002c0))

10.930620411s ago: executing program 4 (id=614):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20d6, 0xcb17, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r1 = creat(&(0x7f0000000000)='./file0\x00', 0x3)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000240)={'\x00', 0x42, 0xa, 0x400001, 0x4000009, 0x10})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000480)={0x0, 0xb, 0x7, {0x31, 0x31, "392cdaab4a"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e23, 0x2, @loopback={0xffffff7f00000000}, 0x5}], 0x1c)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000100)={0x81, 0x0, 0x4000, 0x1}, 0x10)
modify_ldt$read(0x0, 0xfffffffffffffffc, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$sock_timeval(r3, 0x1, 0x15, &(0x7f0000000300)={0x0, 0x2710}, 0x10)
sendto$inet6(r3, &(0x7f0000000240)="d3", 0x1, 0x81, &(0x7f0000000280)={0xa, 0x4e24, 0x8, @remote, 0x7}, 0x1c)
syz_open_dev$evdev(&(0x7f0000000000), 0x40, 0x1e5782)

10.481977452s ago: executing program 0 (id=619):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000640), r1)
sendmsg$DEVLINK_CMD_RATE_SET(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x44, r2, 0x1, 0x70bd2c, 0x0, {0x2c}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x58}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x44}}, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000af7000/0x4000)=nil, 0x4000})
syz_usb_connect(0x5, 0x4c, &(0x7f0000000080)=ANY=[@ANYBLOB="1201100335fe6510ca1a8eb232920102030109023a00010d019002090432a70201039e08090588061000060408082387ac33afe3410725010305f804090507"], &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x6, [{0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x827}}, {0x4, &(0x7f0000000700)=@string={0x0, 0x3, "c5f0500764b1286b346bf38ab44cf9f33059ef70b24ef5f4c179128694be9cb883b61ed39f763382aab772c8ceea5daedb15b6af034f63dae680cba19850e9883bb819233b6fdb0d4f8e71f8be29bf25985329fe7ba5010d7302904eaf6e371848"}}, {0x6d, &(0x7f00000003c0)=@string={0x0, 0x3, "55399d4168474bd6684b527fa2a6513abc1efa734c8c74842675c120da84f23e6770557cbf75c538dad1f73188c5c42b7b4355059bfa34185bba9882a1a03f0f0ee4739dfbbd0ea44c76bcde9a11f519de13c09676f2fe74ccf62811b171b4ceb9df3569d1fbcd5511374a4c14ab2a772398dfc0046c92ca"}}, {0x60, &(0x7f00000001c0)=@string={0x60, 0x3, "d6a3344a772568a22126973b5afb58657a4735591ec5296aed24a1d7ffa02d7aa5bce9898f89fca5a0d20c4cfa76508b378e0e2c4f6e6d26b3d27ab4d8ecb7497cafd15b87f751e5baa729c7b54118f51f23e1a952e1693521a4531101d0"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x1809}}, {0xa3, &(0x7f0000000880)=@string={0xa3, 0x3, "c4bdc005edce849e4a5afc1809c9ccb4adf3367dd6162897c0512d5c9adfb80f2f5ee1c2da59e27aa7bbe5e6f76f62f8d238694b047dfa625685dc7d6aac83fa56a887d946a708043413e99f07988feb672f7115547b03600347cf1a48d3f1471a7418f4284c802240390165dd8a196c6d744c9a01000009000000d8ea1168a8453903ca7acbe1cd6add69dae5ca2af27b13b966e15fcd7f9336d1000000000000000000000000000007fa64372a50bdababf4bfa6580ce84d0ace8faa23221fa63403e935d5a3f844dd01c657023f343ab229760cee58800f877dc8ef66d8331780e5ca9277032be9ce766b4b08d0d36cd1c0d8630019779dc26b"}}]})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000080))
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x400, &(0x7f0000000680)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}, {@lowerdir={'lowerdir', 0x3d, './bus'}}]})
chdir(0x0)
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000540)=ANY=[@ANYBLOB="020000000100000000000000040000"], 0x24, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)=@newlink={0x5c, 0x10, 0xffffffffffffffff, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x50afa, 0x70823}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @multicast1}}]}}}]}, 0x5c}}, 0x24000800)
getsockopt$inet6_mreq(r3, 0x29, 0xe, &(0x7f0000000300)={@private2, <r5=>0x0}, &(0x7f0000000440)=0x14)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000480)={'tunl0\x00', &(0x7f0000000780)={'ip_vti0\x00', <r6=>0x0, 0x7800, 0x1, 0x1, 0xf61b, {{0xd, 0x4, 0x1, 0x28, 0x34, 0x64, 0x0, 0x90, 0x4, 0x0, @loopback, @private=0xa010101, {[@lsrr={0x83, 0x1b, 0xfa, [@dev={0xac, 0x14, 0x14, 0x1c}, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @broadcast, @dev={0xac, 0x14, 0x14, 0x32}, @empty]}, @generic={0x86, 0x4, "3d02"}]}}}}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)=@mpls_getroute={0x30, 0x1a, 0x100, 0x70bd29, 0x25dfdbff, {0x1c, 0x14, 0x10, 0x3, 0xff, 0x2, 0xc8, 0x3}, [@RTA_OIF={0x8, 0x4, r5}, @RTA_MULTIPATH={0xc, 0x9, {0x7, 0x1e, 0xab, r6}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20040004}, 0x200400c1)
setsockopt$MRT_DEL_MFC(0xffffffffffffffff, 0x0, 0xcd, &(0x7f0000000000)={@multicast1, @multicast1, 0x1, "51147ef14e08519eaa05a52a623719d67774c8f6680ffdc97f62ebf30275ac13", 0x2, 0x5, 0x4, 0x9019}, 0x3c)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c0000000206050000000000000000000700000014000780080008400000009808000640200000000500010006000000050005000200000005000400000000000900020073797a310000000010000300686173683a69702c6d6163"], 0x5c}}, 0x20000010)

8.677035167s ago: executing program 4 (id=625):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendmmsg$inet6(r0, &(0x7f00000009c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
recvmmsg(r0, &(0x7f0000001200)=[{{&(0x7f0000000140)=@sco={0x1f, @fixed}, 0x80, &(0x7f0000000400)=[{&(0x7f00000001c0)=""/12, 0xc}, {&(0x7f0000000300)=""/232, 0xe8}], 0x2}, 0x1}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000440)=""/155, 0x9b}, {&(0x7f0000000500)=""/2, 0x2}], 0x2}, 0x6}, {{&(0x7f0000000680)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000700)=""/123, 0x7b}, {&(0x7f0000000780)=""/220, 0xdc}], 0x2, &(0x7f00000008c0)=""/36, 0x24}, 0x8}, {{&(0x7f0000000900)=@ax25={{0x3, @null}, [@rose, @netrom, @default, @default, @rose, @remote, @remote, @netrom]}, 0x80, &(0x7f0000000e40)=[{&(0x7f0000000a00)=""/182, 0xb6}, {&(0x7f0000000ac0)=""/188, 0xbc}, {&(0x7f0000000b80)=""/164, 0xa4}, {&(0x7f0000000980)=""/31, 0x1f}, {&(0x7f0000000c40)=""/225, 0xe1}, {&(0x7f0000000d40)=""/197, 0xc5}], 0x6}, 0x2}, {{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000000ec0)=""/254, 0xfe}, {&(0x7f0000000fc0)=""/40, 0x28}, {&(0x7f0000001000)=""/142, 0x8e}, {&(0x7f00000010c0)}], 0x4, &(0x7f0000001140)=""/175, 0xaf}, 0x6}], 0x5, 0x10060, 0x0)
ioctl$PIO_UNIMAPCLR(r1, 0x4b68, 0x0)
ioctl$PIO_UNIMAP(r1, 0x4b67, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x80, 0x9}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0x2}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x5, 0x2, 0xfffff010}, {0x28, 0x7, 0x0, 0xa56e}, {0x6, 0x0, 0x0, 0xa1a}]}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x4000190, 0x0)

8.36487798s ago: executing program 4 (id=627):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
syz_clone3(&(0x7f00000003c0)={0x27008200, &(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000100), {0x2a}, &(0x7f0000000140)=""/209, 0xd1, &(0x7f00000002c0)=""/114, &(0x7f0000000240)=[0x0], 0x1}, 0x58)

7.770483921s ago: executing program 0 (id=628):
r0 = socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c00)=@newqdisc={0x6c, 0x24, 0x3fe3aa0262d8c783, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x3c, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0x0, 0x1c, 0x16}}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x1, 0x5, 0x3, 0x17, 0xd, 0x8, 0x2}}, @TCA_CHOKE_MAX_P={0x8, 0x3, 0x2}, @TCA_CHOKE_MAX_P={0x8}]}}]}, 0x6c}}, 0x0)

7.720567062s ago: executing program 4 (id=629):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r0, 0x4068aea3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x4008014)
socket$nl_netfilter(0x10, 0x3, 0xc)
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)=@id={0x1e, 0x3, 0x3, {0x4e21}}, 0x10, &(0x7f0000000200)=[{&(0x7f00000000c0)="74d310a95b02ac9920c48107d6", 0xd}, {&(0x7f0000000100)}, {&(0x7f0000000140)="8ebd60a81efac566da1752ae3c062bde1c1f0b33f0d2f72d8d68f74f0b70f68ef81b758aa8dbc462c43b691e727c9289e8283edb1f8aeb1e1727f63de525e871b34462032111017164086ad1f1e526e257ae16a4f90f084c28d143bdca80f1b1dba60e3913", 0x65}], 0x3, 0x0, 0x0, 0x10}, 0x4)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x40100)
ioctl$DRM_IOCTL_SET_VERSION(r2, 0xc0106407, &(0x7f0000000040)={0x1, 0xcd7, 0x2, 0xc9fa})
clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380003, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x5fb, 0x0, 0xae, 0x6, 0x7, 0x6, 0xfffffffffffff04f, 0x7, 0x80000000, 0xfffffffffffffff8, 0xffffffffffffffff, 0x6, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8})

7.480794316s ago: executing program 2 (id=631):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240)
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000080)={{0x4}, 'port1\x00', 0x10, 0x1, 0x0, 0xfffff800, 0x1, 0x9e, 0xb1f4, 0x0, 0x6, 0x9})
io_setup(0x8, &(0x7f0000004200)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
syz_emit_ethernet(0x263, &(0x7f00000001c0)={@local, @link_local={0x3}, @void, {@ipv4={0x800, @gre={{0xf, 0x4, 0x1, 0x0, 0x255, 0x65, 0x0, 0x5, 0x2f, 0x0, @broadcast, @local, {[@timestamp={0x44, 0x28, 0x34, 0x0, 0xb, [0x7, 0x8d, 0x5, 0x8, 0x7f, 0xe9eb, 0x4, 0xda, 0x7fffffff]}]}}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x17, 0x0, [0xaf44, 0x5], "e18dcbe1ad49eab8f2164e0fc2d2b5c5300a1ea9ff5a92"}, {0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x800, [0x4, 0x2], "184c4aba7137a3b563436a7d0bd9e35c83557b475d1766cccac9a183642bc85cf8881570629cf66288c8be15471210fff3f48aa3d421ac26f3c9354b63286ced744a68cdcb23f79022e8690aca4b8674077f6983471090d4073aa64df99af3ab3410a9da3fe757a64b8f3b529771276c335fe832957834d3580c9e9e7762d9b823be901b5cc47bbd9ef83730880115398ec0664205d02e636aaf8f2e738604d0acfd214a26c739357898c8cc70035be0634cb2265c07893dd69dc86dcc142455c627e455a20ffdc6e6ef3c39affec88095944670a823711a69e0666578d5d683e4d84ff9320438ee7ed5caa91af5464375b6ad8ad9"}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x86dd, [], "8c5e1535afd1830cb281acc646ac20092d3430143b89684c2126857d5e6396bb103ca0fba4913d0f37d34771e41a3e75d69f6f9a33fa8148d2b393d5153ee0d4d9313c740bb9ca55bfc818fd5aba10b500af605db4496cb5698d696c3821c5567c17f7f21f30f8880262f420f7817351d79315f63decb03e57a3ed6256005b5ac893d5e7406ee800b24e0fa6836ed10c10303a3f43308d14b2569df0ae5546b4d3de0da8222b4852ac19d668b0d15cbc7ab6be"}, {0x8, 0x88be, 0x0, {{0xb, 0x1, 0xd, 0x1, 0x0, 0x2, 0x1, 0x6}, 0x1, {0x1}}}, {0x8, 0x22eb, 0x3, {{0x4, 0x2, 0x5, 0x1, 0x0, 0x0, 0x0, 0x8}, 0x2, {0xff, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x1, 0x1}}}, {0x8, 0x6558, 0x4, "d2a165d408e457a846f7cb407949"}}}}}}, 0x0)
io_submit(r1, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x2}])

7.405148431s ago: executing program 4 (id=632):
r0 = socket(0x2, 0x80805, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)}, 0x20)
pipe(&(0x7f0000000600)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x1100000000f336, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xffeffffffffffffc]}, 0x8, 0x800)
r7 = syz_io_uring_setup(0xbd7, &(0x7f0000000040)={0x0, 0xe14f, 0x8, 0x2, 0x4000032f, 0x0, r6}, &(0x7f0000000000)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r10 = gettid()
timer_create(0x3, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r10}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4004, @fd=r6, 0x7, &(0x7f0000000500)=[{&(0x7f0000001800)=""/201, 0xc9}], 0x1})
io_uring_enter(r7, 0x847ba, 0x0, 0xe, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000500)="841ef6e976f8", 0x6}], 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x7, 0x8, 0xd401}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r11 = signalfd4(0xffffffffffffffff, &(0x7f00000008c0)={[0xdcfe]}, 0x8, 0x80800)
r12 = signalfd(r11, &(0x7f00000000c0)={[0x6ba]}, 0x8)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0xa, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r12}, 0x2c, {'wfdno', 0x3d, r11}})
r13 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000007c0), 0x4)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r12, 0x89f0, &(0x7f0000000940)={'ip_vti0\x00', &(0x7f0000000a80)={'syztnl0\x00', <r14=>r5, 0x8000, 0x700, 0x6, 0x7, {{0xa, 0x4, 0x0, 0x0, 0x28, 0x66, 0x0, 0x3, 0x2f, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x1c}, {[@timestamp_addr={0x44, 0x14, 0x8b, 0x1, 0x1, [{@loopback, 0x1}, {@dev={0xac, 0x14, 0x14, 0x3e}, 0x8}]}]}}}}})
r15 = syz_io_uring_setup(0xad3, &(0x7f00000002c0)={0x0, 0x3594, 0x10, 0x1003, 0x21e}, &(0x7f0000000240), &(0x7f0000000280))
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r15, 0x25, &(0x7f00000000c0)={0x8000000001, 0xffffffffffffffff, 0x26, {0xffffffffffffffff, 0xffff}, 0x1}, 0x1)
r16 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000bc0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x2, '\x00', r14, 0xffffffffffffffff, 0x2, 0x4, 0x3}, 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000009c0)=@bpf_tracing={0x1a, 0x21, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x800}, [@exit, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x92}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x915d546ffa080baa}}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x6}, @map_fd={0x18, 0xa3bb4713b367d6ad, 0x1, 0x0, r2}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}]}, &(0x7f00000005c0)='syzkaller\x00', 0x1, 0xdd, &(0x7f0000000640)=""/221, 0x41000, 0x44, '\x00', r5, 0x19, r12, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000780)={0x0, 0x0, 0x1, 0x5}, 0x10, 0x2d0ff, r13, 0x4, &(0x7f0000000880)=[r16], &(0x7f00000008c0)=[{0x4, 0x3, 0x10, 0x5}, {0x2, 0x5, 0x5, 0x2}, {0x4, 0x5, 0xc, 0xc}, {0x1, 0x3, 0x5, 0x8}], 0x10, 0xfffffff7}, 0x94)
sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000400)={0x2, 0x4e22, @private=0xa010101}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000200)="9c", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000300)="99", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000600)="3c0d8705ff088419e0e84d895a01", 0xe}], 0x1}}], 0x3, 0x404c080)
r17 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r17)

7.403654505s ago: executing program 0 (id=633):
r0 = socket(0x10, 0x803, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000404f045db600000000000109022400010000f3000904000001030003000921000000012205000905810308000000006a27f5339d1f8fa8895393523617dfaa985a0d5ffdd6e91afcc6a166df9463326e812fc649a14811f9ac97857d76c5b8b9aeadedf709ef558ca7bcb149f6837a9b93ce0d7254f2fa9244a5d18227ee444ad22ae29466ee7028f1026eb4fa039fb5a435b3627eb2bac8a0f51cb9ad8dacd60f3aaa6a132535c1b0fda1857ffac4e4df9701dcd732659324969e3d68a402ce77b694bb70"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = syz_open_dev$dvb_demux(&(0x7f0000000400), 0x0, 0x700)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000380)={'team_slave_0\x00', &(0x7f00000000c0)=@ethtool_pauseparam={0x13, 0x7, 0x6, 0x6}})
socket$qrtr(0x2a, 0x2, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000002000800000000e0ffffff82000400000000000000400006040000000000eb4765899f864d5ab181b6182bb4298619326abcad4102780febfd6733fdf2c4ce2cf8c6b5e49bb6ef217a"], 0x0, 0x32, 0x0, 0x1}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="7ce8001602000000008cc01d76bcbb50e8000000", @ANYBLOB='\x00'/17, @ANYRES32=0x0], 0x50)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$MRT6_ADD_MFC_PROXY(r4, 0x29, 0xd2, 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x40000, 0x0, 0x1000000, 0x0, 0xc5c4, 0x2}, 0x0, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r2, 0x403c6f2b, &(0x7f0000000000)={0x6, {"e512864f2c63b42b1e937260904ce544", "b80b00", "98fed86df169f801002f69ff0008e800"}, 0x3ff, 0x5})
syz_usb_control_io(r1, &(0x7f00000001c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000085"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r6, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x3f, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffe5e}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x8000)
syz_usb_connect(0x1, 0x2d, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000005200010000000000000000000a00000008000100", @ANYRES64=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20048845}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, r8, 0x1, 0x70bd2d, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x116be}, {0xc, 0x90, 0x2}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4001}, 0x4c01c)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, r8, 0x400, 0x70bd2c, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x4}, {0xc, 0x90, 0x4}}]}, 0x50}}, 0x10)

7.277176582s ago: executing program 5 (id=634):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c00)=@newqdisc={0x160, 0x24, 0x3fe3aa0262d8c783, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x130, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0x0, 0x1c, 0x16}}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x1, 0x5, 0x3, 0x17, 0xd, 0x8, 0x2}}, @TCA_CHOKE_STAB={0x104, 0x2, "dc542b4e237011fb38ddb228806571a8633206e26df63a433bc516382325dedd79c1cf0a26379dfaf72cb5ab9ab7efe16f312ee9ab598d1ac0d7903ac69c51f1b6842ebeffffffffde023e1a186aeb255b7cc6c2b7b8c5b2c527aafa57222f4bd2355ccab39fa20d4033b6b687491532080101805feb9c6fa8a56a77186efcb394ce1a1cd7f2130835e3bf9e3ac25d0a102a808be13beb51f37da6d10046f131834545ee5013f43e41e91eb18a12c28540ab4106286e0f7568f6a9cd0c0da51df08e42848096b25d455ebec9adfd6e493d8c9725bc2d49bbbae0a5375b359f91d9dad20ed109000000009caa5c94c100000000000000167485315c326281efc4"}]}}]}, 0x160}}, 0x0)

7.164048681s ago: executing program 2 (id=635):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
userfaultfd(0x1)
r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x21041, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x19)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xff, 0x7fff0000}]})
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8)
getrusage(0xffffffffffffffff, 0x0)
r6 = openat$urandom(0xffffffffffffff9c, 0x0, 0x103902, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
sendfile(0xffffffffffffffff, r6, 0x0, 0xffba83)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x15944, 0xc)
close_range(r8, 0xffffffffffffffff, 0x10000000000000)
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@dellinkprop={0x20, 0x6d, 0x2ec9b2c728e3c67, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40841, 0x0)
ioctl$TUNSETLINK(r9, 0x400454cd, 0x339)

7.108439857s ago: executing program 5 (id=636):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, 0x0, 0x0)
semctl$SETALL(0x0, 0x0, 0x14, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x400, &(0x7f0000000500)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000540)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100002000000000020"], 0x24, 0x0) (fail_nth: 2)

6.672836254s ago: executing program 2 (id=637):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendmmsg$inet6(r0, &(0x7f00000009c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
recvmmsg(r0, &(0x7f0000001200)=[{{&(0x7f0000000140)=@sco={0x1f, @fixed}, 0x80, &(0x7f0000000400)=[{&(0x7f00000001c0)=""/12, 0xc}, {&(0x7f0000000300)=""/232, 0xe8}], 0x2}, 0x1}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000440)=""/155, 0x9b}, {&(0x7f0000000500)=""/2, 0x2}], 0x2}, 0x6}, {{&(0x7f0000000680)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000700)=""/123, 0x7b}, {&(0x7f0000000780)=""/220, 0xdc}], 0x2, &(0x7f00000008c0)=""/36, 0x24}, 0x8}, {{&(0x7f0000000900)=@ax25={{0x3, @null}, [@rose, @netrom, @default, @default, @rose, @remote, @remote, @netrom]}, 0x80, &(0x7f0000000e40)=[{&(0x7f0000000a00)=""/182, 0xb6}, {&(0x7f0000000ac0)=""/188, 0xbc}, {&(0x7f0000000b80)=""/164, 0xa4}, {&(0x7f0000000980)=""/31, 0x1f}, {&(0x7f0000000c40)=""/225, 0xe1}, {&(0x7f0000000d40)=""/197, 0xc5}], 0x6}, 0x2}, {{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000000ec0)=""/254, 0xfe}, {&(0x7f0000000fc0)=""/40, 0x28}, {&(0x7f0000001000)=""/142, 0x8e}, {&(0x7f00000010c0)}], 0x4, &(0x7f0000001140)=""/175, 0xaf}, 0x6}], 0x5, 0x10060, 0x0)
ioctl$PIO_UNIMAPCLR(r1, 0x4b68, 0x0)
ioctl$PIO_UNIMAP(r1, 0x4b67, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x80, 0x9}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0x2}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x5, 0x2, 0xfffff010}, {0x28, 0x7, 0x0, 0xa56e}, {0x6, 0x0, 0x0, 0xa1a}]}, 0x10)
sendmmsg(r3, &(0x7f0000000180), 0x4000190, 0x0)

6.566542235s ago: executing program 5 (id=638):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x18, 0x2e, 0x1, 0xf0bd26, 0x25dfdbfc, {0x4}, [@nested={0x4, 0xe}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
mount$tmpfs(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='mpol=local'])

6.531197589s ago: executing program 2 (id=639):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = syz_open_dev$media(&(0x7f00000006c0), 0x2, 0x129081)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000080)=@bpf_lsm={0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000940)=<r4=>0xffffffffffffffff)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r4, 0x7c80, 0x0)
r5 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e24, 0x2, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x40}}, 0xfffd}, 0x1c)
getsockopt$inet6_buf(r5, 0x29, 0x3d, &(0x7f00000000c0)=""/36, &(0x7f0000000140)=0x24)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r6, 0x107, 0x11, 0x0, 0x0)

5.222481638s ago: executing program 4 (id=640):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
kexec_load(0x0, 0x0, 0x0, 0x2)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007a1ff00", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)

5.104214891s ago: executing program 2 (id=641):
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000d80)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe8000000000000000000000000000aaff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe880000000000000000000000000001000004d26c"], 0xf8}, 0x1, 0x0, 0x0, 0x24048060}, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000700)=ANY=[@ANYBLOB="f8000000160001000000000000000000ff010000000000000000000000000001ff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8800000000000000000000000000010000000033"], 0xf8}}, 0x0)
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x40000000000029a, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c)
r6 = dup(r5)
r7 = open(&(0x7f00000000c0)='./file0\x00', 0x1298c2, 0x0)
ftruncate(r7, 0x200004)
sendfile(r6, r7, 0x0, 0x80001d00c0d1)
getdents(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x20000000)
sendmsg$NL80211_CMD_SET_CHANNEL(0xffffffffffffffff, 0x0, 0x0)

4.732536626s ago: executing program 5 (id=642):
r0 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x80, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
pipe2$watch_queue(0x0, 0x80)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @private=0xa010103}]}, &(0x7f0000000380)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r2=>0x0]}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000040)={r2, 0x1}, &(0x7f00000000c0)=0x8)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0x4]}, 0x8, 0x0)
io_setup(0x206, &(0x7f0000000200)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f00000005c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f00000003c0)="951aa14bd6f68579cac67c83bf8d4500e5cea1bb1596d4ee6645fa16fa7cacb9214070a622a2c57b89075f59b85c7b5b2c41edc9d2cd5a2c95ed1c2cf72425be9c1a2df1b60a309bc3228d7e85b300f0d7a042a40166b9208e9d2e423c32ad8e47adedf5dc425c6bcb031fb2230835d41afc23476eae602bad3246417e5ac757", 0x80}])
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000040)={0x4, 0xffffffff, 0xfffffff8, 0xd}, 0x54)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x70bd27, 0x25dfdc03, {0x2, 0x20, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2000}, [@RTA_TABLE={0x8, 0xf, 0x3}]}, 0x24}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x67)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x800007, 0x20010, r0, 0x0)

3.880720199s ago: executing program 2 (id=643):
r0 = socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c00)=@newqdisc={0x6c, 0x24, 0x3fe3aa0262d8c783, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x3c, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0x0, 0x1c, 0x16}}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x1, 0x5, 0x3, 0x17, 0xd, 0x8, 0x2}}, @TCA_CHOKE_MAX_P={0x8, 0x3, 0x2}, @TCA_CHOKE_MAX_P={0x8}]}}]}, 0x6c}}, 0x0)

3.819535778s ago: executing program 0 (id=644):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000300)="ad", 0x1)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0xa1, 0x301, 0x270bd24, 0x25dfdbfd}, 0x14}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0x4, 0x5, 0x17, 0x0, 0x3, 0xf9, 0x2, 0x79, 0xff, 0x88, 0x1, 0x1, 0x0, 0x8, 0x1, 0x8, 0x72, 0x7, 0xba, '\x00', 0x3})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd695", 0x20)
r4 = accept4$alg(r3, 0x0, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f00000021c0)=[{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000100)="a92e81d0991808e33c2330164cf023df", 0xfffffc81}], 0x1, &(0x7f0000001040)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x880}], 0x1, 0x80001)
recvmmsg(r4, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)=""/171, 0xab}], 0x1}, 0x4}], 0x1, 0x102, 0x0)
r5 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0)
r6 = landlock_create_ruleset(&(0x7f0000000080)={0xc0d8, 0x1}, 0x18, 0x0)
landlock_restrict_self(r6, 0x0)
landlock_restrict_self(r5, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
prlimit64(0x0, 0x7, &(0x7f0000000040)={0x2, 0x7}, 0x0)
inotify_init()
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000180)={0xa, 0x4e24, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1012}, 0x1c)
r8 = getpid()
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x6)
ioctl$sock_SIOCSPGRP(r4, 0x8902, &(0x7f0000000040)=r8)

3.676199073s ago: executing program 3 (id=645):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYBLOB="0000000000000000b702000014000000b70200000000000085"], 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x13, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ffffff858500000073000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe, 0x0, &(0x7f0000000600)="0000ffffffffa000424c72ee4291", 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async, rerun: 32)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) (async, rerun: 32)
r3 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00'}, 0x18)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000001c0)={'ip_vti0\x00', &(0x7f0000000400)={'erspan0\x00', <r4=>0x0, 0x7800, 0x40, 0x1, 0x6f3c, {{0x12, 0x4, 0x2, 0x1, 0x48, 0x67, 0x0, 0x3, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, {[@ssrr={0x89, 0x1b, 0x34, [@private=0xa010102, @multicast2, @private=0xa010100, @multicast1, @empty, @multicast1]}, @ssrr={0x89, 0xb, 0xc7, [@private=0xa010102, @local]}, @generic={0x94, 0xc, "6744ea9213f0cdaaf211"}]}}}}}) (async)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000006c0)={0x1b, 0x0, 0x0, 0xbf8, 0x0, r2, 0x0, '\x00', 0x0, r2, 0x0, 0x2, 0x3}, 0x50) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000017c0)=ANY=[@ANYBLOB="b702000002000000bfa300000000000007030000007effff7a0af0ff3f00000079a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000400000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27126e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f34e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb6220fd8d4b470e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef0420f0000cac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e885340133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421a8223fe5308e4e65ee93e107000000f8ddeff70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b12000000000000000030711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dabec3d18fd0699ff3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623243643db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e69578e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea7e764dde8725d2b4a0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10b98c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5924948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476f9e0407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd96d2da66059de81abfa1acc9f889555eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b4fdc08000be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd9b31bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac4794680f3037f250e96f61cb20d46d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401413f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60530000000000000004b023e4954c9eb6cd70627f5c03edd4f5ce48b8a874c852064dd0efafc3df20ec8faf3d194db76127f88f1b4fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8b310900000c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1d8e80311895f0b99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44b57e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db6e3080000000000003e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f27b6c15b1ba971de1cb9c7e6a000000000000001478b2a78f9abfefce4448303ef54c71199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b462426ff9293a28a544a6a9e2279b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718b3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5f61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6485987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434cbd52325296e22802475edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a1471bab551bd6beae7dbf58530136c238e545b28211a92000000001501ae7d7cc75007e8ff56e6d8d72af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db9966addf4877204047be633792118efdb6b88023e80da74fdf723c7f000000009f13c7e851dfc91ec01219af568825de0cedd55a92eafe9edd98a8529d64cbaa0b9f89f391b2db7369e934085e486b946a4558c68e195af1a6e6e878609f9ed7406dc9c93a5d5cc76e037d66abe4fe54f18b4c969814c7f2094ebe736ef0f0cd65b90942f2e8de44f6fd69a94ca27bb6d92e2282d4a0b0ee3abe30d877579aed9b54f460247890aed19ef12e45097631548d8639fb2b6eb9b41c7e89ee7223cdeae1b2d02cf664df99e4a661feecb63953a4d86f3060372861ac184824b7a4fd1c605128f1307f2bba91b9fbfe2884639073c1d51e42feeb5312b23b8e1e468aa31ea8e7597f5eb6ad1897a04afc8369ebec808165218b625a64a237ed01636880f70f0ed"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x4b}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="7c003307df576820000000000800", 0x0, 0xfffdfff0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0xc, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000cd0f0000000000000600000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018200000", @ANYRES32=r2, @ANYBLOB="00000000cc00000018100000", @ANYRES32=r3, @ANYBLOB="00000000000000009500000000000000a8bb7818edc6aed40a51cd9f989c5f66d85e00a19b2aaa0de81887c658fd5c23ccfc7f8703f139e06222fbd30d3b16940959c5f3caf59dba09c5530355d5b818e295b16212373a8ce4689755ed53cf6c85a086823040d43f61c97ac59cee31a2880e1c2c1f33a59a2ec9c5d445f9ca97307a6452f49c7f6a691970d2d802e2b2f941ad41fe9c34841b9ae19d0f8586c91785cdfe5d5e6b22281359ff25622ed24f8ab941d2dabb88e0f1b77d46e7f58d2f0a9c688a1745234b0a39"], &(0x7f00000000c0)='syzkaller\x00', 0xc0000000, 0xa3, &(0x7f0000000540)=""/163, 0x41100, 0x4, '\x00', r4, 0x0, r2, 0x8, &(0x7f0000000640)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x3, 0xa, 0x0, 0xf}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000740)=[r2, r5], &(0x7f0000000780)=[{0x0, 0x4, 0xc, 0x9}], 0x10, 0x5}, 0x94)
write$binfmt_misc(r2, &(0x7f0000000040), 0xe09) (async)
r7 = creat(&(0x7f0000000200)='./file0\x00', 0x109)
open$dir(&(0x7f0000000140)='./file0\x00', 0x40, 0x4) (async)
close(r7)
eventfd2(0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000900)) (async)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) (async)
r9 = open$dir(&(0x7f0000000180)='./file0\x00', 0x404100, 0x82)
file_setattr(r9, &(0x7f0000000880)='./file0\x00', &(0x7f00000008c0)={0x800, 0x2, 0x1e8, 0x9, 0x2}, 0x18, 0x1100) (async)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r8}}) (async, rerun: 32)
r10 = socket$inet_icmp_raw(0x2, 0x3, 0x1) (rerun: 32)
bind$inet(r10, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) (async)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}})

3.612044737s ago: executing program 3 (id=646):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) (fail_nth: 2)

3.476547798s ago: executing program 3 (id=647):
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(0x0, 0x0, 0x0, 0x21022, 0x0)

3.344273176s ago: executing program 5 (id=648):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000940), r1)
sendmsg$NFC_CMD_VENDOR(r1, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f00000005c0)={0x24, r2, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x10044450}, 0x0)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x60000000, 0x10, 0x0, &(0x7f0000000000)="0e2a73d4997153b51f996b8f846c9482", 0x0}, 0x50)
setsockopt$inet6_int(r4, 0x29, 0x3a, &(0x7f0000000040)=0x8, 0x4)
recvmmsg(r4, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2840, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r8, 0x4138ae84, &(0x7f00000001c0)={{0xf000, 0x41000, 0x10, 0x9, 0x3, 0xe0, 0x40, 0x2c, 0x0, 0x30, 0x19, 0xe0}, {0x41000, 0x3000, 0xe, 0x80, 0x40, 0x5, 0x7d, 0x8, 0x58, 0x3, 0x3, 0x3}, {0x80ea800, 0x3000, 0xe, 0x5, 0x3, 0x7, 0xfe, 0x9, 0x1, 0xab, 0x5, 0x81}, {0xa000, 0xe000, 0xe, 0x5d, 0x4, 0x9, 0x5, 0xfa, 0x80, 0x7, 0xe}, {0x0, 0xfec00000, 0xb, 0x1, 0x3, 0x7, 0xab, 0x7b, 0x7, 0xa3, 0xf7, 0x83}, {0x1000, 0x200000, 0x8, 0xa0, 0xb1, 0x8, 0x1, 0x2, 0x80, 0xf, 0x1, 0xfd}, {0x3000, 0x5000, 0x4, 0x5, 0x7, 0x2, 0xb, 0x0, 0x5, 0x81, 0xff, 0x70}, {0xd000, 0x1000, 0xe, 0x5, 0xf, 0x7, 0x1, 0x17, 0x2, 0x3, 0x27, 0x9}, {0xeeef0000, 0x31}, {0x4, 0x10}, 0xa0040029, 0x0, 0x3000, 0x42024, 0xb, 0x0, 0x3000, [0x6840000000000000, 0x8000000000000003, 0x5e, 0xff]})
sendmsg$nl_route(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000100)=@newlink={0x50, 0x10, 0xd07, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x6804a, 0x4}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x20, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_DATA={0x10, 0x5, 0x0, 0x1, [{0xa}]}, @IFLA_MACVLAN_MACADDR={0xa, 0x4, @remote}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000006}, 0x0)
r9 = syz_open_dev$sndctrl(&(0x7f0000000180), 0xc46, 0x80200)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r9, 0xc008551b, &(0x7f00000001c0)={0x1, 0x18, [0x6fb, 0x7, 0x9, 0xfffffbff, 0x3d50, 0x1]})
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r10 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r10, 0x7a7, &(0x7f00000002c0)=0xb0000)
r11 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r11, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f00000000c0)={0x5fac6885, r11, 0x0, {0xffffffffffffffff, 0x10000000000000}, 0x5}, 0x1)
ioctl$vim2m_VIDIOC_EXPBUF(r3, 0xc0405610, &(0x7f0000000100)={0x2, 0x7fffffff, 0x0, 0x80080})

3.343776099s ago: executing program 3 (id=649):
mknodat$loop(0xffffffffffffff9c, 0x0, 0xc000, 0x1)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0)
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2, 0x4008032, r3, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r4, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
sendmsg$kcm(r4, &(0x7f0000000780)={&(0x7f0000000180)=@in6={0xa, 0xfffe, 0x0, @empty, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca)

2.196982506s ago: executing program 0 (id=650):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)

2.194575401s ago: executing program 3 (id=651):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = syz_open_dev$media(&(0x7f00000006c0), 0x2, 0x129081)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000080)=@bpf_lsm={0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000940)=<r4=>0xffffffffffffffff)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r4, 0x7c80, 0x0)
r5 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e24, 0x2, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x40}}, 0xfffd}, 0x1c)
getsockopt$inet6_buf(r5, 0x29, 0x3d, &(0x7f00000000c0)=""/36, &(0x7f0000000140)=0x24)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r6, 0x107, 0x11, 0x0, 0x0)

2.193417835s ago: executing program 5 (id=652):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x3d6d9000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfff}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x2002)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x6, 0x2000}, 0x50)
syz_usb_connect(0x3, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0xa6, 0x62, 0xca, 0x40, 0x7fd, 0x4, 0x8634, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x7f, 0xfe, 0x0, 0x7f, [{{0x9, 0x4, 0x30, 0x0, 0x0, 0xff, 0xce, 0xba}}]}}]}}, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='mounts\x00')
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000140)='binder\x00', 0x3200896, 0x0)

958.325µs ago: executing program 0 (id=653):
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
getpid()
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000d80)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe8000000000000000000000000000aaff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe880000000000000000000000000001000004d26c"], 0xf8}, 0x1, 0x0, 0x0, 0x24048060}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000700)=ANY=[@ANYBLOB="f8000000160001000000000000000000ff010000000000000000000000000001ff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8800000000000000000000000000010000000033"], 0xf8}}, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f00000001c0)=0x10)
write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x40000000000029a, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c)
r5 = dup(r4)
r6 = open(&(0x7f00000000c0)='./file0\x00', 0x1298c2, 0x0)
ftruncate(r6, 0x200004)
sendfile(r5, r6, 0x0, 0x80001d00c0d1)
getdents(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x20000000)
sendmsg$NL80211_CMD_SET_CHANNEL(0xffffffffffffffff, 0x0, 0x0)

0s ago: executing program 3 (id=654):
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x6, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007500000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009c0000000b"], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x4ed, &(0x7f0000000400)={0x0, 0x79af, 0x800, 0x8000, 0x400253}, &(0x7f0000000280)=<r2=>0x0, &(0x7f0000000240)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
unshare(0x20400)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='attr/prev\x00')
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r5, 0x8983, &(0x7f0000000080)={0x0, 'geneve0\x00', {0x20000001}, 0x4})
renameat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', r5, &(0x7f0000000340)='./file0\x00', 0x2)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYRES32=0x0, @ANYRES64=0x0], 0x20)
sendmsg$NFNL_MSG_CTHELPER_DEL(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4008091}, 0x20048800)
io_uring_enter(r1, 0x4c6e, 0xc67a, 0x8, 0x0, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.128' (ED25519) to the list of known hosts.
[   93.989209][   T10] cfg80211: failed to load regulatory.db
[   98.119841][ T5780] cgroup: Unknown subsys name 'net'
[   98.410178][ T5780] cgroup: Unknown subsys name 'cpuset'
[   98.465457][ T5780] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  100.675710][ T5780] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  105.211352][ T5808] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  105.240533][ T5813] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  105.268192][ T5814] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  105.269704][ T5814] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  105.271131][ T5814] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  105.272712][ T5814] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  105.291066][ T5817] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  105.293968][ T5817] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  105.300240][ T5817] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  105.300708][ T5817] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  105.302877][ T5817] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  105.321999][ T5817] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  105.329949][ T5817] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  105.334560][ T5817] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  105.336678][ T5817] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  105.343175][ T5817] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  105.362683][ T5808] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  105.399570][ T5814] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  105.411782][ T5813] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  105.411968][ T5814] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  105.422348][ T5814] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  105.426654][ T5813] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  105.434486][ T5814] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  105.524745][ T5813] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  105.526121][ T5813] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  106.673765][ T5807] chnl_net:caif_netlink_parms(): no params data found
[  106.760573][ T5802] chnl_net:caif_netlink_parms(): no params data found
[  106.841173][ T5801] chnl_net:caif_netlink_parms(): no params data found
[  106.869524][ T5800] chnl_net:caif_netlink_parms(): no params data found
[  106.882546][ T5811] chnl_net:caif_netlink_parms(): no params data found
[  107.197645][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.198882][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.199354][ T5807] bridge_slave_0: entered allmulticast mode
[  107.201518][ T5807] bridge_slave_0: entered promiscuous mode
[  107.278218][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.278356][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.278574][ T5807] bridge_slave_1: entered allmulticast mode
[  107.280519][ T5807] bridge_slave_1: entered promiscuous mode
[  107.319825][ T5802] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.319994][ T5802] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.320160][ T5802] bridge_slave_0: entered allmulticast mode
[  107.322089][ T5802] bridge_slave_0: entered promiscuous mode
[  107.405285][ T5802] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.405440][ T5802] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.405623][ T5802] bridge_slave_1: entered allmulticast mode
[  107.407790][ T5802] bridge_slave_1: entered promiscuous mode
[  107.438631][ T5813] Bluetooth: hci1: command tx timeout
[  107.483026][ T5801] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.483153][ T5801] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.483679][ T5801] bridge_slave_0: entered allmulticast mode
[  107.500867][ T5801] bridge_slave_0: entered promiscuous mode
[  107.508439][ T5813] Bluetooth: hci3: command tx timeout
[  107.508450][ T5109] Bluetooth: hci2: command tx timeout
[  107.535628][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.535746][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.535895][ T5800] bridge_slave_0: entered allmulticast mode
[  107.537835][ T5800] bridge_slave_0: entered promiscuous mode
[  107.539875][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.540050][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.540268][ T5811] bridge_slave_0: entered allmulticast mode
[  107.542525][ T5811] bridge_slave_0: entered promiscuous mode
[  107.589627][ T5813] Bluetooth: hci4: command tx timeout
[  107.589636][ T5109] Bluetooth: hci0: command tx timeout
[  107.592042][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.635269][ T5801] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.635361][ T5801] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.635597][ T5801] bridge_slave_1: entered allmulticast mode
[  107.637486][ T5801] bridge_slave_1: entered promiscuous mode
[  107.681186][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.681294][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.681655][ T5800] bridge_slave_1: entered allmulticast mode
[  107.683580][ T5800] bridge_slave_1: entered promiscuous mode
[  107.712425][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.712553][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.712806][ T5811] bridge_slave_1: entered allmulticast mode
[  107.719103][ T5811] bridge_slave_1: entered promiscuous mode
[  107.736509][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.770789][ T5802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.839268][ T5802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.898686][ T5801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.927237][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.930869][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.954484][ T5807] team0: Port device team_slave_0 added
[  107.958373][ T5801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.993064][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.016637][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.019562][ T5807] team0: Port device team_slave_1 added
[  108.061578][ T5802] team0: Port device team_slave_0 added
[  108.129788][ T5802] team0: Port device team_slave_1 added
[  108.169048][ T5801] team0: Port device team_slave_0 added
[  108.171921][ T5800] team0: Port device team_slave_0 added
[  108.201878][ T5811] team0: Port device team_slave_0 added
[  108.203238][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.203252][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  108.203272][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.227987][ T5801] team0: Port device team_slave_1 added
[  108.237699][ T5800] team0: Port device team_slave_1 added
[  108.275480][ T5811] team0: Port device team_slave_1 added
[  108.276363][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.276376][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  108.276397][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.357796][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.357810][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  108.357830][ T5802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.447228][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.447248][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  108.447290][ T5802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.493286][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.493339][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  108.493418][ T5801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.504853][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.504912][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  108.504979][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.547453][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.547506][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  108.547567][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.557897][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.557967][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  108.560946][ T5801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.566018][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.566063][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  108.566138][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.632041][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.632094][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  108.632170][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.283559][ T5807] hsr_slave_0: entered promiscuous mode
[  109.288531][ T5807] hsr_slave_1: entered promiscuous mode
[  109.337182][ T5802] hsr_slave_0: entered promiscuous mode
[  109.338322][ T5802] hsr_slave_1: entered promiscuous mode
[  109.339171][ T5802] debugfs: 'hsr0' already exists in 'hsr'
[  109.339262][ T5802] Cannot create hsr debugfs directory
[  109.462136][ T5801] hsr_slave_0: entered promiscuous mode
[  109.463220][ T5801] hsr_slave_1: entered promiscuous mode
[  109.464050][ T5801] debugfs: 'hsr0' already exists in 'hsr'
[  109.464069][ T5801] Cannot create hsr debugfs directory
[  109.506138][ T5813] Bluetooth: hci1: command tx timeout
[  109.510327][ T5800] hsr_slave_0: entered promiscuous mode
[  109.511552][ T5800] hsr_slave_1: entered promiscuous mode
[  109.512374][ T5800] debugfs: 'hsr0' already exists in 'hsr'
[  109.512393][ T5800] Cannot create hsr debugfs directory
[  109.548862][ T5811] hsr_slave_0: entered promiscuous mode
[  109.550025][ T5811] hsr_slave_1: entered promiscuous mode
[  109.551002][ T5811] debugfs: 'hsr0' already exists in 'hsr'
[  109.551024][ T5811] Cannot create hsr debugfs directory
[  109.584613][ T5813] Bluetooth: hci2: command tx timeout
[  109.584652][ T5813] Bluetooth: hci3: command tx timeout
[  109.664477][ T5109] Bluetooth: hci4: command tx timeout
[  109.675561][ T5109] Bluetooth: hci0: command tx timeout
[  110.620441][ T5807] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  110.665349][ T5807] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  110.701935][ T5807] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  110.756952][ T5807] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  110.881969][ T5802] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  110.922349][ T5802] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  110.960452][ T5802] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  111.019433][ T5802] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  111.192958][ T5801] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  111.233138][ T5801] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  111.271714][ T5801] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  111.325003][ T5801] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  111.480001][ T5811] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  111.529450][ T5811] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  111.567691][ T5811] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  111.584393][ T5109] Bluetooth: hci1: command tx timeout
[  111.650422][ T5811] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  111.664452][ T5109] Bluetooth: hci3: command tx timeout
[  111.664490][ T5109] Bluetooth: hci2: command tx timeout
[  111.755634][ T5813] Bluetooth: hci0: command tx timeout
[  111.756129][ T5813] Bluetooth: hci4: command tx timeout
[  111.842451][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.862882][ T5800] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  111.895979][ T5800] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  111.942794][ T5800] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  111.973308][ T5800] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  112.073672][ T5807] 8021q: adding VLAN 0 to HW filter on device team0
[  112.114103][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.118506][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.141836][ T5802] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.177904][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.178021][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.263673][ T5802] 8021q: adding VLAN 0 to HW filter on device team0
[  112.312404][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.312569][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.352742][ T5801] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.373205][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.373325][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.464004][ T5801] 8021q: adding VLAN 0 to HW filter on device team0
[  112.479573][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.539765][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.539931][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.601946][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.602094][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.657893][ T5811] 8021q: adding VLAN 0 to HW filter on device team0
[  112.687856][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.721884][  T160] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.722081][  T160] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.798316][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.798471][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.872946][ T5800] 8021q: adding VLAN 0 to HW filter on device team0
[  112.921289][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.921457][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.993308][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.993571][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.055045][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.268468][ T5802] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.442199][ T5807] veth0_vlan: entered promiscuous mode
[  113.529573][ T5807] veth1_vlan: entered promiscuous mode
[  113.571974][ T5801] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.667810][ T5813] Bluetooth: hci1: command tx timeout
[  113.746476][ T5813] Bluetooth: hci2: command tx timeout
[  113.746488][ T5109] Bluetooth: hci3: command tx timeout
[  113.754842][ T5807] veth0_macvtap: entered promiscuous mode
[  113.820045][ T5807] veth1_macvtap: entered promiscuous mode
[  113.825018][ T5813] Bluetooth: hci4: command tx timeout
[  113.825056][ T5813] Bluetooth: hci0: command tx timeout
[  113.949218][ T5801] veth0_vlan: entered promiscuous mode
[  113.970222][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.972703][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0
[  114.016703][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1
[  114.018369][ T5801] veth1_vlan: entered promiscuous mode
[  114.069360][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.086178][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.091807][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.119163][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.119433][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.287578][ T5802] veth0_vlan: entered promiscuous mode
[  114.378466][ T5801] veth0_macvtap: entered promiscuous mode
[  114.427437][ T5811] veth0_vlan: entered promiscuous mode
[  114.429298][ T5801] veth1_macvtap: entered promiscuous mode
[  114.433375][ T5802] veth1_vlan: entered promiscuous mode
[  114.531264][ T1493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.531288][ T1493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.535715][ T5811] veth1_vlan: entered promiscuous mode
[  114.610806][ T5800] veth0_vlan: entered promiscuous mode
[  114.622718][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_0
[  114.671663][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_1
[  114.691432][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.691456][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.735362][ T5800] veth1_vlan: entered promiscuous mode
[  114.737212][  T160] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.743854][  T160] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.776001][  T160] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.801646][ T1493] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.809666][ T5802] veth0_macvtap: entered promiscuous mode
[  114.882135][ T5802] veth1_macvtap: entered promiscuous mode
[  114.892006][ T5811] veth0_macvtap: entered promiscuous mode
[  114.959564][ T5811] veth1_macvtap: entered promiscuous mode
[  115.145850][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.151873][ T5800] veth0_macvtap: entered promiscuous mode
[  115.172500][ T1493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.172523][ T1493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.206603][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.210174][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.244563][ T5800] veth1_macvtap: entered promiscuous mode
[  115.263376][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.299651][   T42] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.316595][   T42] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.341272][   T42] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.361886][   T42] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.363515][ T1131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.363537][ T1131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.391622][   T42] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.406504][   T42] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.419327][   T42] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.454623][  T825] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  115.480053][   T42] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.505960][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.601181][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.680186][  T825] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  115.680235][  T825] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  115.680263][  T825] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  115.680317][  T825] usb 3-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  115.680347][  T825] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.762838][  T825] usb 3-1: config 0 descriptor??
[  115.877213][  T160] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.283338][  T825] hid-udraw 0003:20D6:CB17.0001: unknown main item tag 0x3
[  116.312109][  T825] input: THQ uDraw Game Tablet for PS3 Joypad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:20D6:CB17.0001/input/input5
[  116.446590][  T825] input: THQ uDraw Game Tablet for PS3 Touchpad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:20D6:CB17.0001/input/input6
[  116.490999][  T825] input: THQ uDraw Game Tablet for PS3 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:20D6:CB17.0001/input/input7
[  116.556804][  T825] input: THQ uDraw Game Tablet for PS3 Accelerometer as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:20D6:CB17.0001/input/input8
[  116.626566][  T825] hid-udraw 0003:20D6:CB17.0001: hidraw0: USB HID v0.00 Device [HID 20d6:cb17] on usb-dummy_hcd.2-1/input0
[  117.686046][ T5889] usb 3-1: reset high-speed USB device number 2 using dummy_hcd
[  118.783291][  T160] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.823378][  T160] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.855908][  T160] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.999298][ T5927] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  119.047844][  T160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.047866][  T160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.261629][ T5932] FAULT_INJECTION: forcing a failure.
[  119.261629][ T5932] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  119.261698][ T5932] CPU: 0 UID: 0 PID: 5932 Comm: syz.2.8 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  119.261723][ T5932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  119.261745][ T5932] Call Trace:
[  119.261763][ T5932]  <TASK>
[  119.261780][ T5932]  dump_stack_lvl+0xe8/0x150
[  119.261839][ T5932]  should_fail_ex+0x46b/0x600
[  119.261885][ T5932]  _copy_from_user+0x2d/0xb0
[  119.261922][ T5932]  ___sys_recvmsg+0x175/0x590
[  119.261964][ T5932]  ? __pfx____sys_recvmsg+0x10/0x10
[  119.262026][ T5932]  ? __fget_files+0x3a6/0x420
[  119.262067][ T5932]  __x64_sys_recvmsg+0x1c0/0x2a0
[  119.262101][ T5932]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  119.262143][ T5932]  ? __pfx_ksys_write+0x10/0x10
[  119.262188][ T5932]  do_syscall_64+0x14d/0xf80
[  119.262220][ T5932]  ? trace_irq_disable+0x3b/0x150
[  119.262248][ T5932]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.262272][ T5932]  ? clear_bhb_loop+0x40/0x90
[  119.262299][ T5932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.262322][ T5932] RIP: 0033:0x7f497ce4c629
[  119.262355][ T5932] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  119.262378][ T5932] RSP: 002b:00007f497b0a6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  119.262410][ T5932] RAX: ffffffffffffffda RBX: 00007f497d0c5fa0 RCX: 00007f497ce4c629
[  119.262426][ T5932] RDX: 0000000000000020 RSI: 00002000000017c0 RDI: 0000000000000003
[  119.262441][ T5932] RBP: 00007f497b0a6090 R08: 0000000000000000 R09: 0000000000000000
[  119.262455][ T5932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  119.262468][ T5932] R13: 00007f497d0c6038 R14: 00007f497d0c5fa0 R15: 00007fffddf78338
[  119.262502][ T5932]  </TASK>
[  119.323513][  T160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.323586][  T160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.573657][  T160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.573679][  T160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.599557][ T1131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.599583][ T1131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.753127][  T825] usb 3-1: USB disconnect, device number 2
[  120.194444][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.194469][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.595717][ T1131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.595740][ T1131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.179130][ T5959] netlink: 552 bytes leftover after parsing attributes in process `syz.2.12'.
[  123.653632][ T5980] futex_wake_op: syz.2.18 tries to shift op by 32; fix this program
[  125.082817][ T5988] 9p: Bad value for 'rfdno'
[  125.316437][ T5993] FAULT_INJECTION: forcing a failure.
[  125.316437][ T5993] name failslab, interval 1, probability 0, space 0, times 0
[  125.316477][ T5993] CPU: 0 UID: 0 PID: 5993 Comm: syz.1.20 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  125.316501][ T5993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  125.316514][ T5993] Call Trace:
[  125.316523][ T5993]  <TASK>
[  125.316532][ T5993]  dump_stack_lvl+0xe8/0x150
[  125.316572][ T5993]  should_fail_ex+0x46b/0x600
[  125.316614][ T5993]  should_failslab+0xa8/0x100
[  125.316652][ T5993]  kmem_cache_alloc_lru_noprof+0x8b/0x680
[  125.316686][ T5993]  ? alloc_inode+0xb8/0x1b0
[  125.316721][ T5993]  alloc_inode+0xb8/0x1b0
[  125.316747][ T5993]  path_from_stashed+0x200/0x5c0
[  125.316785][ T5993]  nsfs_fh_to_dentry+0xca7/0xf60
[  125.316812][ T5993]  ? lockdep_hardirqs_on+0x7a/0x110
[  125.316845][ T5993]  ? nsfs_fh_to_dentry+0x234/0xf60
[  125.316873][ T5993]  ? __pfx_nsfs_fh_to_dentry+0x10/0x10
[  125.316912][ T5993]  exportfs_decode_fh_raw+0x1c8/0x760
[  125.316944][ T5993]  ? __pfx_vfs_dentry_acceptable+0x10/0x10
[  125.316986][ T5993]  ? __pfx_exportfs_decode_fh_raw+0x10/0x10
[  125.317057][ T5993]  do_handle_to_path+0xa4/0x1a0
[  125.317096][ T5993]  do_handle_open+0x6dc/0x970
[  125.317134][ T5993]  ? __pfx_do_handle_open+0x10/0x10
[  125.317170][ T5993]  ? ksys_write+0x248/0x270
[  125.317204][ T5993]  ? __pfx_ksys_write+0x10/0x10
[  125.317247][ T5993]  do_syscall_64+0x14d/0xf80
[  125.317276][ T5993]  ? trace_irq_disable+0x3b/0x150
[  125.317302][ T5993]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.317326][ T5993]  ? clear_bhb_loop+0x40/0x90
[  125.317353][ T5993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.317377][ T5993] RIP: 0033:0x7f62ac2bc629
[  125.317398][ T5993] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  125.317416][ T5993] RSP: 002b:00007f62aa50e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[  125.317440][ T5993] RAX: ffffffffffffffda RBX: 00007f62ac535fa0 RCX: 00007f62ac2bc629
[  125.317457][ T5993] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000009
[  125.317471][ T5993] RBP: 00007f62aa50e090 R08: 0000000000000000 R09: 0000000000000000
[  125.317484][ T5993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  125.317497][ T5993] R13: 00007f62ac536038 R14: 00007f62ac535fa0 R15: 00007fff2b041d98
[  125.317532][ T5993]  </TASK>
[  125.827612][ T6002] FAULT_INJECTION: forcing a failure.
[  125.827612][ T6002] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  125.827824][ T6002] CPU: 0 UID: 0 PID: 6002 Comm: syz.2.24 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  125.827852][ T6002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  125.827864][ T6002] Call Trace:
[  125.827873][ T6002]  <TASK>
[  125.827883][ T6002]  dump_stack_lvl+0xe8/0x150
[  125.827925][ T6002]  should_fail_ex+0x46b/0x600
[  125.827977][ T6002]  _copy_to_user+0x31/0xb0
[  125.828007][ T6002]  simple_read_from_buffer+0xe1/0x170
[  125.828039][ T6002]  proc_fail_nth_read+0x1be/0x230
[  125.828068][ T6002]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  125.828097][ T6002]  ? rw_verify_area+0x2ac/0x4e0
[  125.828134][ T6002]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  125.828162][ T6002]  vfs_read+0x212/0xa80
[  125.828202][ T6002]  ? __pfx_vfs_read+0x10/0x10
[  125.828235][ T6002]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  125.828268][ T6002]  ? lockdep_hardirqs_on+0x7a/0x110
[  125.828296][ T6002]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  125.828327][ T6002]  ? mutex_lock_nested+0x152/0x1d0
[  125.828347][ T6002]  ? fdget_pos+0x252/0x320
[  125.828384][ T6002]  ksys_read+0x156/0x270
[  125.828418][ T6002]  ? __pfx_ksys_read+0x10/0x10
[  125.828467][ T6002]  do_syscall_64+0x14d/0xf80
[  125.828496][ T6002]  ? trace_irq_disable+0x3b/0x150
[  125.828522][ T6002]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.828546][ T6002]  ? clear_bhb_loop+0x40/0x90
[  125.828575][ T6002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.828596][ T6002] RIP: 0033:0x7f497ce0cece
[  125.828617][ T6002] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  125.828636][ T6002] RSP: 002b:00007f497b0a5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  125.828666][ T6002] RAX: ffffffffffffffda RBX: 00007f497b0a66c0 RCX: 00007f497ce0cece
[  125.828683][ T6002] RDX: 000000000000000f RSI: 00007f497b0a60a0 RDI: 0000000000000004
[  125.828697][ T6002] RBP: 00007f497b0a6090 R08: 0000000000000000 R09: 0000000000000000
[  125.828710][ T6002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  125.828722][ T6002] R13: 00007f497d0c6038 R14: 00007f497d0c5fa0 R15: 00007fffddf78338
[  125.828757][ T6002]  </TASK>
[  126.487175][ T6009] FAULT_INJECTION: forcing a failure.
[  126.487175][ T6009] name failslab, interval 1, probability 0, space 0, times 0
[  126.487213][ T6009] CPU: 0 UID: 0 PID: 6009 Comm: syz.1.27 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  126.487238][ T6009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  126.487251][ T6009] Call Trace:
[  126.487260][ T6009]  <TASK>
[  126.487269][ T6009]  dump_stack_lvl+0xe8/0x150
[  126.487310][ T6009]  should_fail_ex+0x46b/0x600
[  126.487353][ T6009]  should_failslab+0xa8/0x100
[  126.487391][ T6009]  __kmalloc_noprof+0xdf/0x7b0
[  126.487425][ T6009]  ? io_cache_alloc_new+0x40/0x100
[  126.487459][ T6009]  io_cache_alloc_new+0x40/0x100
[  126.487488][ T6009]  __io_prep_rw+0x2bd/0xed0
[  126.487532][ T6009]  ? __pfx___io_prep_rw+0x10/0x10
[  126.487560][ T6009]  ? percpu_ref_get_many+0x21/0x1e0
[  126.487588][ T6009]  ? percpu_ref_get_many+0x21/0x1e0
[  126.487625][ T6009]  io_prep_rwv+0x8e/0x440
[  126.487654][ T6009]  ? __pfx___io_alloc_req_refill+0x10/0x10
[  126.487702][ T6009]  ? __pfx_io_prep_rwv+0x10/0x10
[  126.487736][ T6009]  ? __asan_memset+0x22/0x50
[  126.487763][ T6009]  ? blk_start_plug_nr_ios+0x7e/0x1c0
[  126.487802][ T6009]  io_submit_sqes+0xb35/0x2370
[  126.487866][ T6009]  __se_sys_io_uring_enter+0x2d2/0x18c0
[  126.487896][ T6009]  ? lockdep_hardirqs_on+0x7a/0x110
[  126.487929][ T6009]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  126.487960][ T6009]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  126.487990][ T6009]  ? fput+0xa0/0xd0
[  126.488013][ T6009]  ? ksys_write+0x248/0x270
[  126.488043][ T6009]  ? __pfx_ksys_write+0x10/0x10
[  126.488079][ T6009]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  126.488113][ T6009]  do_syscall_64+0x14d/0xf80
[  126.488141][ T6009]  ? trace_irq_disable+0x3b/0x150
[  126.488167][ T6009]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.488189][ T6009]  ? clear_bhb_loop+0x40/0x90
[  126.488216][ T6009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.488238][ T6009] RIP: 0033:0x7f62ac2bc629
[  126.488259][ T6009] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  126.488277][ T6009] RSP: 002b:00007f62aa50e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  126.488301][ T6009] RAX: ffffffffffffffda RBX: 00007f62ac535fa0 RCX: 00007f62ac2bc629
[  126.488325][ T6009] RDX: 0000000000007721 RSI: 0000000000002219 RDI: 0000000000000000
[  126.488345][ T6009] RBP: 00007f62aa50e090 R08: 0000000000000000 R09: 0000000000000000
[  126.488359][ T6009] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000001
[  126.488372][ T6009] R13: 00007f62ac536038 R14: 00007f62ac535fa0 R15: 00007fff2b041d98
[  126.488406][ T6009]  </TASK>
[  126.488470][ T6009] io-wq is not configured for unbound workers
[  126.572492][   T31] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  126.794953][   T31] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  126.794996][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.795017][   T31] usb 3-1: Product: syz
[  126.795033][   T31] usb 3-1: Manufacturer: syz
[  126.795048][   T31] usb 3-1: SerialNumber: syz
[  127.148932][   T31] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  127.149006][   T31] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -32
[  127.149038][   T31] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  127.210786][ T6016] futex_wake_op: syz.1.31 tries to shift op by 32; fix this program
[  127.229937][ T6019] 9p: Bad value for 'rfdno'
[  127.248611][   T31] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -32
[  127.299704][ T5956] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  128.164315][ T5956] usb 4-1: Using ep0 maxpacket: 16
[  128.167640][ T5956] usb 4-1: config index 0 descriptor too short (expected 16456, got 72)
[  128.167678][ T5956] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  128.167707][ T5956] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  128.167732][ T5956] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  128.167757][ T5956] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  128.167783][ T5956] usb 4-1: config 0 has no interface number 0
[  128.167839][ T5956] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  128.167876][ T5956] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  128.167909][ T5956] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  128.167947][ T5956] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  128.167981][ T5956] usb 4-1: config 0 interface 125 has no altsetting 0
[  128.168004][ T5956] usb 4-1: config 0 interface 125 has no altsetting 2
[  128.308570][ T5956] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  128.308609][ T5956] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.308633][ T5956] usb 4-1: Product: syz
[  128.308653][ T5956] usb 4-1: Manufacturer: syz
[  128.308672][ T5956] usb 4-1: SerialNumber: syz
[  128.360364][ T5956] usb 4-1: config 0 descriptor??
[  128.385284][ T5956] usb 4-1: selecting invalid altsetting 2
[  129.488552][ T5956] get_1284_register timeout
[  129.506751][    C1] usb 4-1: async_complete: urb error -104
[  129.524897][ T5956] uss720 4-1:0.125: probe with driver uss720 failed with error -5
[  129.634393][ T6030] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25'.
[  129.698435][ T6038] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  129.699015][ T6038] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.381929][ T6018] usb 4-1: USB disconnect, device number 2
[  131.444596][  T825] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  131.634591][ T5956] usb 3-1: USB disconnect, device number 3
[  131.636332][  T825] usb 5-1: Using ep0 maxpacket: 32
[  131.638630][  T825] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  131.638654][  T825] usb 5-1: config 0 has no interface number 0
[  131.646304][  T825] usb 5-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  131.646419][  T825] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.646475][  T825] usb 5-1: Product: syz
[  131.646518][  T825] usb 5-1: Manufacturer: syz
[  131.646575][  T825] usb 5-1: SerialNumber: syz
[  131.835853][ T6018] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  131.840332][ T6056] futex_wake_op: syz.0.43 tries to shift op by 32; fix this program
[  131.884540][ T6052] Illegal XDP return value 2601388989 on prog  (id 5) dev N/A, expect packet loss!
[  131.906431][  T825] usb 5-1: config 0 descriptor??
[  131.958658][  T825] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  131.959128][  T825] dvb-usb: bulk message failed: -22 (4/0)
[  131.959150][  T825] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  131.959300][  T825] dvb-usb: bulk message failed: -22 (5/0)
[  131.959315][  T825] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  132.019039][ T6018] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  132.019108][ T6018] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  132.019134][ T6018] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.123607][ T6018] usb 2-1: config 0 descriptor??
[  132.185057][ T6044] dvb-usb: bulk message failed: -22 (7/0)
[  132.185083][ T6044] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0)
[  132.185148][ T6044] ttusb2: i2c transfer failed.
[  132.252007][  T825] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  132.273555][  T825] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  132.273724][  T825] usb 5-1: media controller created
[  132.433808][  T825] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  132.503924][ T6064] FAULT_INJECTION: forcing a failure.
[  132.503924][ T6064] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  132.503983][ T6064] CPU: 0 UID: 0 PID: 6064 Comm: syz.3.45 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  132.504009][ T6064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  132.504021][ T6064] Call Trace:
[  132.504030][ T6064]  <TASK>
[  132.504039][ T6064]  dump_stack_lvl+0xe8/0x150
[  132.504082][ T6064]  should_fail_ex+0x46b/0x600
[  132.504129][ T6064]  _copy_from_user+0x2d/0xb0
[  132.504161][ T6064]  bpf_test_init+0xd8/0x150
[  132.504205][ T6064]  bpf_prog_test_run_xdp+0x529/0x1160
[  132.504245][ T6064]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  132.504272][ T6064]  ? __fget_files+0x2a/0x420
[  132.504305][ T6064]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  132.504329][ T6064]  bpf_prog_test_run+0x2cd/0x340
[  132.504366][ T6064]  __sys_bpf+0x643/0x950
[  132.504397][ T6064]  ? __pfx___sys_bpf+0x10/0x10
[  132.504421][ T6064]  ? rt_mutex_slowunlock+0x1cb/0x300
[  132.504466][ T6064]  ? ksys_write+0x248/0x270
[  132.504492][ T6064]  ? __pfx_ksys_write+0x10/0x10
[  132.504545][ T6064]  __x64_sys_bpf+0x7c/0x90
[  132.504571][ T6064]  do_syscall_64+0x14d/0xf80
[  132.504600][ T6064]  ? trace_irq_disable+0x3b/0x150
[  132.504625][ T6064]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.504650][ T6064]  ? clear_bhb_loop+0x40/0x90
[  132.504670][ T6064]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.504706][ T6064] RIP: 0033:0x7f5393cbc629
[  132.504727][ T6064] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  132.504746][ T6064] RSP: 002b:00007f5391f16028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  132.504770][ T6064] RAX: ffffffffffffffda RBX: 00007f5393f35fa0 RCX: 00007f5393cbc629
[  132.504785][ T6064] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  132.504798][ T6064] RBP: 00007f5391f16090 R08: 0000000000000000 R09: 0000000000000000
[  132.504816][ T6064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  132.504825][ T6064] R13: 00007f5393f36038 R14: 00007f5393f35fa0 R15: 00007ffc63ff8d68
[  132.504850][ T6064]  </TASK>
[  132.879576][  T825] ttusb2: set interface to alts=3 failed
[  133.131466][ T5872] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  134.745849][  T825] DVB: Unable to find symbol tda10086_attach()
[  134.745885][  T825] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  135.025052][  T825] dvb-usb: bulk message failed: -22 (4/0)
[  135.025089][  T825] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  135.025232][  T825] dvb-usb: bulk message failed: -22 (5/0)
[  135.025254][  T825] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  135.025328][  T825] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  135.056686][  T825] usb 5-1: USB disconnect, device number 2
[  135.262841][ T5872] usb 4-1: device descriptor read/all, error -71
[  135.740243][  T825] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  136.138460][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  136.400747][ T6099] FAULT_INJECTION: forcing a failure.
[  136.400747][ T6099] name failslab, interval 1, probability 0, space 0, times 0
[  136.400807][ T6099] CPU: 0 UID: 0 PID: 6099 Comm: syz.4.51 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  136.400864][ T6099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  136.400877][ T6099] Call Trace:
[  136.400886][ T6099]  <TASK>
[  136.400896][ T6099]  dump_stack_lvl+0xe8/0x150
[  136.400947][ T6099]  should_fail_ex+0x46b/0x600
[  136.401001][ T6099]  should_failslab+0xa8/0x100
[  136.401038][ T6099]  __kmalloc_node_track_caller_noprof+0xe2/0x7e0
[  136.401078][ T6099]  ? dh_data_from_key+0x1aa/0x280
[  136.401109][ T6099]  kmemdup_noprof+0x2b/0x70
[  136.401142][ T6099]  dh_data_from_key+0x1aa/0x280
[  136.401170][ T6099]  __keyctl_dh_compute+0x34c/0xd10
[  136.401193][ T6099]  ? arch_stack_walk+0xfb/0x150
[  136.401230][ T6099]  ? __pfx___keyctl_dh_compute+0x10/0x10
[  136.401297][ T6099]  keyctl_dh_compute+0x124/0x180
[  136.401331][ T6099]  ? __pfx_keyctl_dh_compute+0x10/0x10
[  136.401364][ T6099]  ? do_raw_spin_lock+0x12b/0x2f0
[  136.401407][ T6099]  __se_sys_keyctl+0x44c/0x9e0
[  136.401447][ T6099]  ? __pfx___se_sys_keyctl+0x10/0x10
[  136.401479][ T6099]  ? lockdep_hardirqs_on+0x7a/0x110
[  136.401507][ T6099]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  136.401537][ T6099]  ? rt_mutex_slowunlock+0x1cb/0x300
[  136.401559][ T6099]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  136.401592][ T6099]  ? fput+0xa0/0xd0
[  136.401616][ T6099]  ? ksys_write+0x248/0x270
[  136.401651][ T6099]  ? __pfx_ksys_write+0x10/0x10
[  136.401689][ T6099]  ? __x64_sys_keyctl+0x20/0xc0
[  136.401723][ T6099]  do_syscall_64+0x14d/0xf80
[  136.401752][ T6099]  ? trace_irq_disable+0x3b/0x150
[  136.401777][ T6099]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.401801][ T6099]  ? clear_bhb_loop+0x40/0x90
[  136.401830][ T6099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.401853][ T6099] RIP: 0033:0x7f84186cc629
[  136.401875][ T6099] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  136.401894][ T6099] RSP: 002b:00007f8416926028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  136.401926][ T6099] RAX: ffffffffffffffda RBX: 00007f8418945fa0 RCX: 00007f84186cc629
[  136.401942][ T6099] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000017
[  136.401956][ T6099] RBP: 00007f8416926090 R08: 0000000000000000 R09: 0000000000000000
[  136.401970][ T6099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  136.401983][ T6099] R13: 00007f8418946038 R14: 00007f8418945fa0 R15: 00007fff81de1308
[  136.402016][ T6099]  </TASK>
[  136.421007][ T5872] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  136.555902][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  136.577159][ T6100] f2fs: Unknown parameter 'discardcy'
[  136.639506][ T5872] usb 4-1: Using ep0 maxpacket: 8
[  136.645210][ T5872] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  136.645295][ T5872] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  136.645343][ T5872] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  136.645389][ T5872] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  136.645493][ T5872] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  136.645519][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.755945][ T6018] usbhid 2-1:0.0: can't add hid device: -71
[  136.756087][ T6018] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  136.806284][ T6018] usb 2-1: USB disconnect, device number 2
[  137.565769][ T5872] usb 4-1: usb_control_msg returned -32
[  137.565817][ T5872] usbtmc 4-1:16.0: can't read capabilities
[  137.640957][ T6092] Context (ID=0x4d8) not attached to queue pair (handle=0x1:0x1)
[  137.754368][ T5872] usb 4-1: USB disconnect, device number 4
[  138.266760][   T36] audit: type=1326 audit(1771834842.932:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6119 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84186cc629 code=0x7ffc0000
[  138.271166][   T36] audit: type=1326 audit(1771834842.942:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6119 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84186cc629 code=0x7ffc0000
[  138.271225][   T36] audit: type=1326 audit(1771834842.942:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6119 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84186cc629 code=0x7ffc0000
[  138.271281][   T36] audit: type=1326 audit(1771834842.942:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6119 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f84186cc629 code=0x7ffc0000
[  138.271334][   T36] audit: type=1326 audit(1771834842.942:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6119 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84186cc629 code=0x7ffc0000
[  138.271844][   T36] audit: type=1326 audit(1771834842.942:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6119 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84186cc629 code=0x7ffc0000
[  138.271895][   T36] audit: type=1326 audit(1771834842.942:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6119 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84186cc629 code=0x7ffc0000
[  138.272212][   T36] audit: type=1326 audit(1771834842.942:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6119 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=444 compat=0 ip=0x7f84186cc629 code=0x7ffc0000
[  138.272634][   T36] audit: type=1326 audit(1771834842.942:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6119 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84186cc629 code=0x7ffc0000
[  138.273030][   T36] audit: type=1326 audit(1771834842.942:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6119 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84186cc629 code=0x7ffc0000
[  139.618319][ T6127] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  139.657542][ T6130] netlink: 8 bytes leftover after parsing attributes in process `syz.2.63'.
[  139.657591][ T6130] netlink: 8 bytes leftover after parsing attributes in process `syz.2.63'.
[  139.785882][ T6132] FAULT_INJECTION: forcing a failure.
[  139.785882][ T6132] name failslab, interval 1, probability 0, space 0, times 0
[  139.785917][ T6132] CPU: 0 UID: 0 PID: 6132 Comm: syz.3.64 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  139.785939][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  139.785949][ T6132] Call Trace:
[  139.785957][ T6132]  <TASK>
[  139.785965][ T6132]  dump_stack_lvl+0xe8/0x150
[  139.786003][ T6132]  should_fail_ex+0x46b/0x600
[  139.786043][ T6132]  should_failslab+0xa8/0x100
[  139.786081][ T6132]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  139.786112][ T6132]  ? __alloc_skb+0x1d0/0x7d0
[  139.786135][ T6132]  ? lockdep_hardirqs_on+0x7a/0x110
[  139.786168][ T6132]  __alloc_skb+0x1d0/0x7d0
[  139.786198][ T6132]  netlink_sendmsg+0x5d4/0xb40
[  139.786230][ T6132]  ? __pfx_netlink_sendmsg+0x10/0x10
[  139.786259][ T6132]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  139.786294][ T6132]  ____sys_sendmsg+0xa4e/0xac0
[  139.786332][ T6132]  ? __pfx_____sys_sendmsg+0x10/0x10
[  139.786381][ T6132]  ? import_iovec+0x73/0xa0
[  139.786411][ T6132]  ___sys_sendmsg+0x2a5/0x360
[  139.786446][ T6132]  ? __pfx____sys_sendmsg+0x10/0x10
[  139.786511][ T6132]  ? __fget_files+0x2a/0x420
[  139.786537][ T6132]  ? __fget_files+0x3a6/0x420
[  139.786574][ T6132]  __x64_sys_sendmsg+0x1c3/0x2a0
[  139.786605][ T6132]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  139.786650][ T6132]  ? __pfx_ksys_write+0x10/0x10
[  139.786693][ T6132]  do_syscall_64+0x14d/0xf80
[  139.786721][ T6132]  ? trace_irq_disable+0x3b/0x150
[  139.786744][ T6132]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.786767][ T6132]  ? clear_bhb_loop+0x40/0x90
[  139.786793][ T6132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.786814][ T6132] RIP: 0033:0x7f5393cbc629
[  139.786835][ T6132] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  139.786851][ T6132] RSP: 002b:00007f5391f16028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  139.786873][ T6132] RAX: ffffffffffffffda RBX: 00007f5393f35fa0 RCX: 00007f5393cbc629
[  139.786906][ T6132] RDX: 0000000000040000 RSI: 00002000000000c0 RDI: 0000000000000003
[  139.786921][ T6132] RBP: 00007f5391f16090 R08: 0000000000000000 R09: 0000000000000000
[  139.786935][ T6132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  139.786947][ T6132] R13: 00007f5393f36038 R14: 00007f5393f35fa0 R15: 00007ffc63ff8d68
[  139.786981][ T6132]  </TASK>
[  140.077802][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  140.077909][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  140.104291][ T5886] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  140.235036][ T5886] usb 2-1: device descriptor read/64, error -71
[  141.664216][ T6146] netlink: 60 bytes leftover after parsing attributes in process `syz.3.66'.
[  142.154331][ T5956] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  142.232399][ T5886] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  142.330238][ T5956] usb 3-1: config 127 has an invalid interface number: 48 but max is 0
[  142.330268][ T5956] usb 3-1: config 127 has no interface number 0
[  142.330318][ T5956] usb 3-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=86.34
[  142.330343][ T5956] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.354344][ T5886] usb 2-1: device descriptor read/64, error -71
[  142.464931][ T5886] usb usb2-port1: attempt power cycle
[  142.874364][ T5886] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  143.084338][ T5886] usb 2-1: device not accepting address 5, error -71
[  144.304768][ T5956] usb 3-1: string descriptor 0 read error: -71
[  144.954808][ T6184] futex_wake_op: syz.3.79 tries to shift op by 32; fix this program
[  144.964766][ T5956] usb 3-1: USB disconnect, device number 4
[  145.644561][ T6191] netlink: 60 bytes leftover after parsing attributes in process `syz.4.80'.
[  146.542208][ T5886] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  146.655006][ T5886] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  146.655060][ T5886] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  146.655086][ T5886] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.694472][ T5886] usb 2-1: config 0 descriptor??
[  152.161941][ T5886] usbhid 2-1:0.0: can't add hid device: -71
[  152.199879][ T5886] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  152.730873][ T5886] usb 2-1: USB disconnect, device number 6
[  153.646676][ T6222] capability: warning: `syz.1.89' uses deprecated v2 capabilities in a way that may be insecure
[  153.672172][ T6214] syz.2.86: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  153.672459][ T6214] CPU: 1 UID: 0 PID: 6214 Comm: syz.2.86 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  153.672478][ T6214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  153.672488][ T6214] Call Trace:
[  153.672494][ T6214]  <TASK>
[  153.672501][ T6214]  dump_stack_lvl+0xe8/0x150
[  153.672531][ T6214]  warn_alloc+0x263/0x3e0
[  153.672565][ T6214]  ? __pfx_warn_alloc+0x10/0x10
[  153.672589][ T6214]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  153.672619][ T6214]  ? kasan_save_track+0x4f/0x80
[  153.672640][ T6214]  ? kasan_save_track+0x3e/0x80
[  153.672660][ T6214]  ? __kasan_kmalloc+0x93/0xb0
[  153.672681][ T6214]  ? xskq_create+0x56/0x170
[  153.672700][ T6214]  ? xsk_init_queue+0x8a/0xe0
[  153.672727][ T6214]  ? xsk_setsockopt+0x54c/0x990
[  153.672742][ T6214]  ? do_sock_setsockopt+0x17c/0x1b0
[  153.672765][ T6214]  __vmalloc_node_range_noprof+0x132/0x1730
[  153.672814][ T6214]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  153.672844][ T6214]  ? __kasan_kmalloc+0x93/0xb0
[  153.672870][ T6214]  vmalloc_user_noprof+0xad/0xe0
[  153.672894][ T6214]  ? xskq_create+0xbf/0x170
[  153.672912][ T6214]  xskq_create+0xbf/0x170
[  153.672932][ T6214]  xsk_init_queue+0x8a/0xe0
[  153.672951][ T6214]  xsk_setsockopt+0x54c/0x990
[  153.672970][ T6214]  ? __pfx_xsk_setsockopt+0x10/0x10
[  153.672997][ T6214]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  153.673020][ T6214]  ? __pfx_xsk_setsockopt+0x10/0x10
[  153.673038][ T6214]  do_sock_setsockopt+0x17c/0x1b0
[  153.673062][ T6214]  __x64_sys_setsockopt+0x143/0x1b0
[  153.673086][ T6214]  do_syscall_64+0x14d/0xf80
[  153.673107][ T6214]  ? trace_irq_disable+0x3b/0x150
[  153.673126][ T6214]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.673143][ T6214]  ? clear_bhb_loop+0x40/0x90
[  153.673163][ T6214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.673179][ T6214] RIP: 0033:0x7f497ce4c629
[  153.673195][ T6214] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  153.673209][ T6214] RSP: 002b:00007f497b0a6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  153.673225][ T6214] RAX: ffffffffffffffda RBX: 00007f497d0c5fa0 RCX: 00007f497ce4c629
[  153.673237][ T6214] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  153.673252][ T6214] RBP: 00007f497cee2b39 R08: 0000000000000004 R09: 0000000000000000
[  153.673262][ T6214] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  153.673272][ T6214] R13: 00007f497d0c6038 R14: 00007f497d0c5fa0 R15: 00007fffddf78338
[  153.673297][ T6214]  </TASK>
[  153.673311][ T6214] Mem-Info:
[  153.673323][ T6214] active_anon:251 inactive_anon:6732 isolated_anon:0
[  153.673323][ T6214]  active_file:5259 inactive_file:38329 isolated_file:0
[  153.673323][ T6214]  unevictable:768 dirty:146 writeback:0
[  153.673323][ T6214]  slab_reclaimable:11453 slab_unreclaimable:100000
[  153.673323][ T6214]  mapped:30912 shmem:1358 pagetables:1226
[  153.673323][ T6214]  sec_pagetables:0 bounce:0
[  153.673323][ T6214]  kernel_misc_reclaimable:0
[  153.673323][ T6214]  free:1323954 free_pcp:9738 free_cma:0
[  153.673370][ T6214] Node 0 active_anon:1004kB inactive_anon:26928kB active_file:20824kB inactive_file:153316kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:123648kB dirty:584kB writeback:0kB shmem:3896kB kernel_stack:13108kB pagetables:4744kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  153.673407][ T6214] Node 1 active_anon:0kB inactive_anon:0kB active_file:212kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:64kB pagetables:160kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  153.673441][ T6214] Node 0 DMA free:15356kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  153.673490][ T6214] lowmem_reserve[]: 0 2506 2506 2506 2506
[  153.673517][ T6214] Node 0 DMA32 free:1344416kB boost:0kB min:3932kB low:6468kB high:9004kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1004kB inactive_anon:26928kB active_file:20824kB inactive_file:153316kB unevictable:1536kB writepending:584kB zspages:0kB present:3129332kB managed:2566648kB mlocked:0kB bounce:0kB free_pcp:38952kB local_pcp:20204kB free_cma:0kB
[  153.673567][ T6214] lowmem_reserve[]: 0 0 0 0 0
[  153.673592][ T6214] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:424kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  153.673637][ T6214] lowmem_reserve[]: 0 0 0 0 0
[  153.673662][ T6214] Node 1 Normal free:3936044kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:212kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  153.673720][ T6214] lowmem_reserve[]: 0 0 0 0 0
[  153.673746][ T6214] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15356kB
[  153.674221][ T6214] Node 0 DMA32: 1574*4kB (UM) 1219*8kB 
[  153.674254][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  153.674266][ T6214] (UME) 621*16kB (UME) 76*32kB (UME) 61*64kB (ME) 18*128kB (UME) 14*256kB (UME) 9*512kB (M) 1*1024kB (M) 3*2048kB (UME) 316*4096kB (M) = 1344320kB
[  153.674378][ T6214] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  153.674457][ T6214] Node 1 Normal: 1*4kB (U) 5*8kB (UME) 10*16kB (UME) 13*32kB (UME) 7*64kB (UME) 8*128kB (UME) 3*256kB (ME) 4*512kB (UME) 1*1024kB (M) 1*2048kB (E) 959*4096kB (M) = 3936044kB
[  153.674583][ T6214] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  153.674597][ T6214] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  153.674609][ T6214] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  153.674622][ T6214] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  153.674634][ T6214] 44942 total pagecache pages
[  153.674644][ T6214] 0 pages in swap cache
[  153.674653][ T6214] Free swap  = 124996kB
[  153.674659][ T6214] Total swap = 124996kB
[  153.674669][ T6214] 2097051 pages RAM
[  153.674674][ T6214] 0 pages HighMem/MovableOnly
[  153.674680][ T6214] 423668 pages reserved
[  153.674685][ T6214] 0 pages cma reserved
[  153.844206][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  153.954271][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  155.965198][ T5883] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  156.122189][ T5883] usb 1-1: config 127 has an invalid interface number: 48 but max is 0
[  156.122221][ T5883] usb 1-1: config 127 has no interface number 0
[  156.122271][ T5883] usb 1-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=86.34
[  156.122312][ T5883] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.453408][   T36] kauditd_printk_skb: 21 callbacks suppressed
[  156.453439][   T36] audit: type=1326 audit(1771834861.122:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6235 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  156.454217][   T36] audit: type=1326 audit(1771834861.122:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6235 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  156.536811][   T36] audit: type=1326 audit(1771834861.212:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6235 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  156.537441][   T36] audit: type=1326 audit(1771834861.212:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6235 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  156.541468][   T36] audit: type=1326 audit(1771834861.212:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6235 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=196 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  156.541627][   T36] audit: type=1326 audit(1771834861.212:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6235 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  156.541800][   T36] audit: type=1326 audit(1771834861.212:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6235 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  156.564082][   T36] audit: type=1326 audit(1771834861.232:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6235 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  156.669350][   T36] audit: type=1326 audit(1771834861.342:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6235 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  156.682996][   T36] audit: type=1326 audit(1771834861.342:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6235 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  157.074189][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  157.084230][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  157.094203][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  157.104232][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  157.114205][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  158.893044][ T5883] usb 1-1: string descriptor 0 read error: -71
[  160.651429][ T5883] usb 1-1: USB disconnect, device number 2
[  161.326050][   T42] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.510391][ T6274] netlink: 12 bytes leftover after parsing attributes in process `syz.0.108'.
[  161.549482][ T5883] kernel write not supported for file /uinput (pid: 5883 comm: kworker/1:5)
[  161.590986][ T5813] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  161.607838][ T5813] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  161.612849][ T5813] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  161.614073][ T5813] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  161.624627][ T5813] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  161.742549][ T6280] Zero length message leads to an empty skb
[  161.847772][   T42] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.306511][ T6293] fuse: Bad value for 'fd'
[  162.485383][   T36] kauditd_printk_skb: 15 callbacks suppressed
[  162.485405][   T36] audit: type=1326 audit(1771834867.152:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6290 comm="syz.2.115" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f497ce4c629 code=0x0
[  163.448670][   T42] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.754466][ T5813] Bluetooth: hci1: command tx timeout
[  164.041829][   T36] audit: type=1326 audit(1771834868.712:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6311 comm="syz.3.122" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5393cbc629 code=0x0
[  164.121628][   T42] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.718973][ T6328] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  164.829982][ T6316] netlink: 8 bytes leftover after parsing attributes in process `syz.4.123'.
[  165.401758][ T6337] fuse: Bad value for 'fd'
[  165.454273][   T36] audit: type=1326 audit(1771834870.122:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6334 comm="syz.3.130" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5393cbc629 code=0x0
[  165.824270][ T5813] Bluetooth: hci1: command tx timeout
[  166.057677][ T6277] chnl_net:caif_netlink_parms(): no params data found
[  166.243978][   T42] bridge_slave_1: left allmulticast mode
[  166.261654][   T42] bridge_slave_1: left promiscuous mode
[  166.274268][   T42] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.898494][   T42] bridge_slave_0: left allmulticast mode
[  166.898537][   T42] bridge_slave_0: left promiscuous mode
[  166.898803][   T42] bridge0: port 1(bridge_slave_0) entered disabled state
[  167.114325][ T6365] 9p: Bad value for 'wfdno'
[  167.555757][ T6375] FAULT_INJECTION: forcing a failure.
[  167.555757][ T6375] name failslab, interval 1, probability 0, space 0, times 0
[  167.555795][ T6375] CPU: 0 UID: 0 PID: 6375 Comm: syz.2.142 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  167.555818][ T6375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  167.555831][ T6375] Call Trace:
[  167.555839][ T6375]  <TASK>
[  167.555848][ T6375]  dump_stack_lvl+0xe8/0x150
[  167.555888][ T6375]  should_fail_ex+0x46b/0x600
[  167.555944][ T6375]  should_failslab+0xa8/0x100
[  167.555981][ T6375]  __kmalloc_cache_noprof+0x84/0x690
[  167.556015][ T6375]  ? __se_sys_mount+0x166/0x420
[  167.556037][ T6375]  ? memdup_user+0x99/0xd0
[  167.556067][ T6375]  __se_sys_mount+0x166/0x420
[  167.556099][ T6375]  ? __pfx___se_sys_mount+0x10/0x10
[  167.556133][ T6375]  ? __x64_sys_mount+0x20/0xc0
[  167.556161][ T6375]  do_syscall_64+0x14d/0xf80
[  167.556190][ T6375]  ? trace_irq_disable+0x3b/0x150
[  167.556215][ T6375]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.556237][ T6375]  ? clear_bhb_loop+0x40/0x90
[  167.556264][ T6375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.556286][ T6375] RIP: 0033:0x7f497ce4c629
[  167.556306][ T6375] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  167.556325][ T6375] RSP: 002b:00007f497b0a6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  167.556349][ T6375] RAX: ffffffffffffffda RBX: 00007f497d0c5fa0 RCX: 00007f497ce4c629
[  167.556365][ T6375] RDX: 0000200000000340 RSI: 0000200000000280 RDI: 0000000000000000
[  167.556379][ T6375] RBP: 00007f497b0a6090 R08: 0000200000000140 R09: 0000000000000000
[  167.556393][ T6375] R10: 0000000000008401 R11: 0000000000000246 R12: 0000000000000001
[  167.556406][ T6375] R13: 00007f497d0c6038 R14: 00007f497d0c5fa0 R15: 00007fffddf78338
[  167.556440][ T6375]  </TASK>
[  167.714760][ T6374] fuse: Bad value for 'fd'
[  167.908993][ T5813] Bluetooth: hci1: command tx timeout
[  168.177215][   T36] audit: type=1326 audit(1771834872.852:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6387 comm="syz.2.146" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f497ce4c629 code=0x0
[  169.378814][   T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  169.451017][   T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  169.488415][   T42] bond0 (unregistering): Released all slaves
[  169.990005][ T5813] Bluetooth: hci1: command tx timeout
[  169.992763][ T6408] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  169.992855][ T6408] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  170.119479][ T6406] 9p: Bad value for 'wfdno'
[  171.241794][ T6417] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  171.241827][ T6417] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  171.265547][ T6417] vhci_hcd vhci_hcd.0: Device attached
[  171.280698][ T6426] vhci_hcd: connection closed
[  171.311564][  T160] vhci_hcd vhci_hcd.2: stop threads
[  171.312435][  T160] vhci_hcd vhci_hcd.2: release socket
[  171.312538][  T160] vhci_hcd vhci_hcd.2: disconnect device
[  171.396216][   T36] audit: type=1326 audit(1771834876.072:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6428 comm="syz.0.158" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fde1bdbc629 code=0x0
[  172.928826][ T6277] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.929054][ T6277] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.929340][ T6277] bridge_slave_0: entered allmulticast mode
[  172.932616][ T6277] bridge_slave_0: entered promiscuous mode
[  172.976533][ T6277] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.976669][ T6277] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.976945][ T6277] bridge_slave_1: entered allmulticast mode
[  173.012125][ T6277] bridge_slave_1: entered promiscuous mode
[  173.931017][ T6277] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  173.956982][ T6277] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  174.088825][ T6460] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  174.088891][ T6460] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  175.479341][   T42] hsr_slave_0: left promiscuous mode
[  175.603376][   T42] hsr_slave_1: left promiscuous mode
[  175.606406][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  175.606656][   T42] batman_adv: batadv0: Removing interface: batadv_slave_0
[  175.707438][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  175.707470][   T42] batman_adv: batadv0: Removing interface: batadv_slave_1
[  175.852539][ T5956] kernel write not supported for file /uinput (pid: 5956 comm: kworker/1:6)
[  176.002824][   T42] veth1_macvtap: left promiscuous mode
[  176.003147][   T42] veth0_macvtap: left promiscuous mode
[  176.003794][   T42] veth1_vlan: left promiscuous mode
[  176.042554][   T42] veth0_vlan: left promiscuous mode
[  176.653595][ T5956] kernel write not supported for file /uinput (pid: 5956 comm: kworker/1:6)
[  177.099281][ T6518] =======================================================
[  177.099281][ T6518] WARNING: The mand mount option has been deprecated and
[  177.099281][ T6518]          and is ignored by this kernel. Remove the mand
[  177.099281][ T6518]          option from the mount to silence this warning.
[  177.099281][ T6518] =======================================================
[  177.099436][ T6518] 9p: Bad value for 'rfdno'
[  178.207195][ T6526] netlink: 4 bytes leftover after parsing attributes in process `syz.0.188'.
[  180.595039][   T42] team0 (unregistering): Port device team_slave_1 removed
[  180.676102][   T42] team0 (unregistering): Port device team_slave_0 removed
[  181.182975][ T6277] team0: Port device team_slave_0 added
[  181.325009][ T6277] team0: Port device team_slave_1 added
[  181.536318][ T6277] batman_adv: batadv0: Adding interface: batadv_slave_0
[  181.536338][ T6277] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  181.536367][ T6277] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  181.539160][ T6277] batman_adv: batadv0: Adding interface: batadv_slave_1
[  181.539177][ T6277] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  181.539220][ T6277] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  181.727775][ T6277] hsr_slave_0: entered promiscuous mode
[  181.729375][ T6277] hsr_slave_1: entered promiscuous mode
[  181.730523][ T6277] debugfs: 'hsr0' already exists in 'hsr'
[  181.730549][ T6277] Cannot create hsr debugfs directory
[  183.407361][ T6560] overlayfs: failed to clone upperpath
[  184.886776][ T6585] netlink: 4 bytes leftover after parsing attributes in process `syz.0.202'.
[  184.928526][ T6277] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  185.059952][ T6277] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  185.150851][ T6277] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  185.232181][ T6277] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  185.589579][   T36] audit: type=1326 audit(1771834890.262:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6594 comm="syz.0.205" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fde1bdbc629 code=0x0
[  185.874087][ T6277] 8021q: adding VLAN 0 to HW filter on device bond0
[  186.015288][ T6277] 8021q: adding VLAN 0 to HW filter on device team0
[  186.062575][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.062719][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[  186.177996][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.178148][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  186.725672][ T6633] netlink: 4 bytes leftover after parsing attributes in process `syz.0.213'.
[  186.894338][ T5886] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  187.057668][ T5886] usb 3-1: Using ep0 maxpacket: 16
[  187.069755][ T5886] usb 3-1: unable to get BOS descriptor or descriptor too short
[  187.071309][ T5886] usb 3-1: config 13 has an invalid interface number: 50 but max is 0
[  187.071345][ T5886] usb 3-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[  187.071368][ T5886] usb 3-1: config 13 has no interface number 0
[  187.071417][ T5886] usb 3-1: config 13 interface 50 altsetting 167 bulk endpoint 0x88 has invalid maxpacket 16
[  187.071445][ T5886] usb 3-1: config 13 interface 50 altsetting 167 endpoint 0x7 has invalid maxpacket 772, setting to 64
[  187.071474][ T5886] usb 3-1: config 13 interface 50 has no altsetting 0
[  187.075456][ T5886] usb 3-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  187.075485][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.075507][ T5886] usb 3-1: SerialNumber: ꏖ䨴╷ꉨ☡㮗ﭚ敘䝺夵씞権⓭힡ꃿ稭벥觩規ꗼ튠䰌盺譐踷Ⰾ湏♭튳둺䦷꽼寑Ꞻ윩䆵⌟ꧡ㕩ꐡᅓ퀁
[  187.184719][ T6630] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  187.285805][ T6650] overlayfs: failed to clone lowerpath
[  187.652423][ T6630] overlayfs: conflicting lowerdir path
[  187.768846][ T6277] 8021q: adding VLAN 0 to HW filter on device batadv0
[  187.832879][ T5886] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  187.832998][ T5886] usb 3-1: MIDIStreaming interface descriptor not found
[  187.966151][ T5886] usb 3-1: USB disconnect, device number 5
[  188.245946][ T6668] udevd[6668]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  188.245954][ T6667] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  189.167064][ T6277] veth0_vlan: entered promiscuous mode
[  189.186693][ T6277] veth1_vlan: entered promiscuous mode
[  189.283155][ T6277] veth0_macvtap: entered promiscuous mode
[  189.297858][ T6277] veth1_macvtap: entered promiscuous mode
[  189.377718][ T6277] batman_adv: batadv0: Interface activated: batadv_slave_0
[  189.407587][ T6277] batman_adv: batadv0: Interface activated: batadv_slave_1
[  189.459373][  T160] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  189.566391][   T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  189.569293][ T6124] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  189.572734][ T6124] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  191.613312][ T6718] 9p: Could not find request transport: fd0x0000000000000003
[  191.709384][ T1493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  191.709405][ T1493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  191.841461][ T6729] futex_wake_op: syz.3.237 tries to shift op by 32; fix this program
[  192.968168][ T1493] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  192.968194][ T1493] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.053854][ T6738] l2tp_ppp: sess 2/0: no socket in recv
[  193.064390][   T36] audit: type=1326 audit(1771834897.732:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6740 comm="syz.3.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  193.074382][   T36] audit: type=1326 audit(1771834897.742:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6740 comm="syz.3.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  193.150503][   T36] audit: type=1326 audit(1771834897.822:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6740 comm="syz.3.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  193.150562][   T36] audit: type=1326 audit(1771834897.822:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6740 comm="syz.3.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  193.150608][   T36] audit: type=1326 audit(1771834897.822:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6740 comm="syz.3.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  193.150681][   T36] audit: type=1326 audit(1771834897.822:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6740 comm="syz.3.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  193.150727][   T36] audit: type=1326 audit(1771834897.822:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6740 comm="syz.3.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  193.150771][   T36] audit: type=1326 audit(1771834897.822:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6740 comm="syz.3.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  193.150816][   T36] audit: type=1326 audit(1771834897.822:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6740 comm="syz.3.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  193.150861][   T36] audit: type=1326 audit(1771834897.822:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6740 comm="syz.3.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5393c7cece code=0x7ffc0000
[  193.634007][ T6754] netlink: 12 bytes leftover after parsing attributes in process `syz.2.244'.
[  193.770864][ T6754] netlink: 56 bytes leftover after parsing attributes in process `syz.2.244'.
[  194.262217][ T6775] futex_wake_op: syz.3.250 tries to shift op by 32; fix this program
[  196.277817][ T6799] netlink: 120 bytes leftover after parsing attributes in process `syz.0.255'.
[  196.280256][ T6799] netlink: 12 bytes leftover after parsing attributes in process `syz.0.255'.
[  196.309085][ T5813] Bluetooth: hci1: command tx timeout
[  196.695184][ T6818] futex_wake_op: syz.5.263 tries to shift op by 32; fix this program
[  196.713452][ T6817] netlink: 12 bytes leftover after parsing attributes in process `syz.3.264'.
[  197.754534][ T6823] netlink: 40 bytes leftover after parsing attributes in process `syz.2.265'.
[  198.047601][ T6817] netlink: 56 bytes leftover after parsing attributes in process `syz.3.264'.
[  198.315442][ T6829] netlink: 56 bytes leftover after parsing attributes in process `syz.5.266'.
[  199.908952][ T6841] FAULT_INJECTION: forcing a failure.
[  199.908952][ T6841] name failslab, interval 1, probability 0, space 0, times 0
[  199.908989][ T6841] CPU: 1 UID: 0 PID: 6841 Comm: syz.5.270 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  199.909014][ T6841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  199.909040][ T6841] Call Trace:
[  199.909048][ T6841]  <TASK>
[  199.909058][ T6841]  dump_stack_lvl+0xe8/0x150
[  199.909107][ T6841]  should_fail_ex+0x46b/0x600
[  199.909156][ T6841]  should_failslab+0xa8/0x100
[  199.909193][ T6841]  __kmalloc_cache_noprof+0x84/0x690
[  199.909227][ T6841]  ? io_wq_create+0x6b/0x7b0
[  199.909260][ T6841]  io_wq_create+0x6b/0x7b0
[  199.909292][ T6841]  io_uring_alloc_task_context+0x265/0x5a0
[  199.909319][ T6841]  ? __pfx_io_uring_alloc_task_context+0x10/0x10
[  199.909354][ T6841]  __io_uring_add_tctx_node+0x38d/0x530
[  199.909385][ T6841]  ? __pfx___io_uring_add_tctx_node+0x10/0x10
[  199.909413][ T6841]  ? __fget_files+0x2a/0x420
[  199.909442][ T6841]  ? __fget_files+0x2a/0x420
[  199.909472][ T6841]  __io_uring_add_tctx_node_from_submit+0x90/0x120
[  199.909504][ T6841]  __se_sys_io_uring_enter+0x15d8/0x18c0
[  199.909535][ T6841]  ? lockdep_hardirqs_on+0x7a/0x110
[  199.909569][ T6841]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  199.909600][ T6841]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  199.909631][ T6841]  ? fput+0xa0/0xd0
[  199.909656][ T6841]  ? ksys_write+0x248/0x270
[  199.909689][ T6841]  ? __pfx_ksys_write+0x10/0x10
[  199.909726][ T6841]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  199.909760][ T6841]  do_syscall_64+0x14d/0xf80
[  199.909788][ T6841]  ? trace_irq_disable+0x3b/0x150
[  199.909814][ T6841]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.909836][ T6841]  ? clear_bhb_loop+0x40/0x90
[  199.909871][ T6841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.909893][ T6841] RIP: 0033:0x7fb38a43c629
[  199.909914][ T6841] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  199.909933][ T6841] RSP: 002b:00007fb38868e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  199.909956][ T6841] RAX: ffffffffffffffda RBX: 00007fb38a6b5fa0 RCX: 00007fb38a43c629
[  199.909973][ T6841] RDX: 0000000000000000 RSI: 0000000000002d3e RDI: 0000000000000004
[  199.909986][ T6841] RBP: 00007fb38868e090 R08: 0000000000000000 R09: 0000000000000000
[  199.910000][ T6841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  199.910013][ T6841] R13: 00007fb38a6b6038 R14: 00007fb38a6b5fa0 R15: 00007ffef6214408
[  199.910048][ T6841]  </TASK>
[  200.450713][ T6854] futex_wake_op: syz.4.276 tries to shift op by 32; fix this program
[  200.851475][ T6856] netlink: 4 bytes leftover after parsing attributes in process `syz.0.274'.
[  201.595224][ T6864] netlink: 24 bytes leftover after parsing attributes in process `syz.5.273'.
[  201.748264][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  201.748348][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  202.586365][ T6884] process 'syz.2.284' launched '/dev/fd/3' with NULL argv: empty string added
[  202.615642][ T6885] netlink: 12 bytes leftover after parsing attributes in process `syz.4.282'.
[  202.616950][   T36] kauditd_printk_skb: 14 callbacks suppressed
[  202.616969][   T36] audit: type=1326 audit(1771834907.292:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6882 comm="syz.0.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1bdbc629 code=0x7ffc0000
[  202.617283][   T36] audit: type=1326 audit(1771834907.292:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6882 comm="syz.0.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1bdbc629 code=0x7ffc0000
[  202.620898][   T36] audit: type=1326 audit(1771834907.292:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6882 comm="syz.0.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7fde1bdbc629 code=0x7ffc0000
[  202.621173][   T36] audit: type=1326 audit(1771834907.292:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6882 comm="syz.0.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1bdbc629 code=0x7ffc0000
[  202.621485][   T36] audit: type=1326 audit(1771834907.292:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6882 comm="syz.0.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1bdbc629 code=0x7ffc0000
[  202.623050][   T36] audit: type=1326 audit(1771834907.292:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6882 comm="syz.0.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fde1bdbc629 code=0x7ffc0000
[  202.623350][   T36] audit: type=1326 audit(1771834907.292:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6882 comm="syz.0.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1bdbc629 code=0x7ffc0000
[  202.623623][   T36] audit: type=1326 audit(1771834907.292:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6882 comm="syz.0.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1bdbc629 code=0x7ffc0000
[  202.944792][ T6885] netlink: 56 bytes leftover after parsing attributes in process `syz.4.282'.
[  203.308422][ T6895] netlink: 24 bytes leftover after parsing attributes in process `syz.0.288'.
[  204.676539][ T6907] overlayfs: failed to clone upperpath
[  204.911084][ T6914] netlink: 4 bytes leftover after parsing attributes in process `syz.2.294'.
[  204.978665][    T9] IPVS: starting estimator thread 0...
[  205.074663][ T6919] IPVS: using max 8 ests per chain, 19200 per kthread
[  205.545660][   T36] audit: type=1326 audit(1771834910.222:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6933 comm="syz.3.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  205.545720][   T36] audit: type=1326 audit(1771834910.222:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6933 comm="syz.3.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5393cbc629 code=0x7ffc0000
[  205.983084][ T6942] netlink: 24 bytes leftover after parsing attributes in process `syz.5.302'.
[  207.094727][ T6955] netlink: 12 bytes leftover after parsing attributes in process `syz.4.306'.
[  210.729722][ T7002] netlink: 16 bytes leftover after parsing attributes in process `syz.0.317'.
[  212.217466][ T7017] overlayfs: failed to resolve './file0': -2
[  213.283559][ T7028] netlink: 8 bytes leftover after parsing attributes in process `syz.2.326'.
[  213.605791][ T7034] netlink: 16 bytes leftover after parsing attributes in process `syz.5.328'.
[  213.740576][ T7034] veth3: entered promiscuous mode
[  213.740605][ T7034] veth3: entered allmulticast mode
[  213.759302][ T7041] futex_wake_op: syz.0.330 tries to shift op by 32; fix this program
[  215.093875][ T7052] fuse: Bad value for 'fd'
[  215.127649][ T7052] netlink: 8 bytes leftover after parsing attributes in process `syz.5.333'.
[  215.223368][ T7059] capability: warning: `syz.2.336' uses 32-bit capabilities (legacy support in use)
[  218.308315][ T7114] netlink: 'syz.0.348': attribute type 1 has an invalid length.
[  218.308357][ T7114] netlink: 'syz.0.348': attribute type 4 has an invalid length.
[  218.308372][ T7114] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.348'.
[  223.354611][ T7152] mmap: syz.2.359 (7152) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  223.581905][ T7161] trusted_key: syz.5.361 sent an empty control message without MSG_MORE.
[  224.298532][ T7178] netlink: 'syz.3.354': attribute type 4 has an invalid length.
[  224.657806][ T7194] futex_wake_op: syz.4.371 tries to shift op by 32; fix this program
[  229.205790][ T5808] Bluetooth: hci0: command 0x0406 tx timeout
[  229.205837][ T5808] Bluetooth: hci2: command 0x0406 tx timeout
[  229.205865][ T5808] Bluetooth: hci4: command 0x0406 tx timeout
[  229.205890][ T5808] Bluetooth: hci3: command 0x0406 tx timeout
[  231.097937][ T7261] netlink: 'syz.3.392': attribute type 4 has an invalid length.
[  231.322895][ T7274] netlink: 8 bytes leftover after parsing attributes in process `syz.0.399'.
[  231.414784][ T7276] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  231.478037][ T5814] Bluetooth: Unknown LE signaling command 0xec
[  231.478070][ T5814] Bluetooth: Wrong link type (-22)
[  231.592556][ T7282] netlink: 'syz.2.403': attribute type 16 has an invalid length.
[  231.592581][ T7282] netlink: 'syz.2.403': attribute type 17 has an invalid length.
[  231.662804][ T7282] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.693822][ T7282] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.007100][ T7310] 9p: Bad value for 'wfdno'
[  235.384971][ T7319] fuse: Bad value for 'fd'
[  235.580216][ T7327] sctp: [Deprecated]: syz.4.420 (pid 7327) Use of int in maxseg socket option.
[  235.580216][ T7327] Use struct sctp_assoc_value instead
[  236.111367][   T36] kauditd_printk_skb: 4 callbacks suppressed
[  236.111390][   T36] audit: type=1326 audit(1771834940.782:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7347 comm="syz.3.428" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5393cbc629 code=0x0
[  237.576546][ T7354] fuse: Bad value for 'fd'
[  237.816417][ T7364] netlink: 8 bytes leftover after parsing attributes in process `syz.2.432'.
[  239.339131][ T5814] Bluetooth: hci3: unexpected event for opcode 0x2041
[  239.478445][ T7380] netlink: 'syz.2.441': attribute type 4 has an invalid length.
[  240.745637][ T7389] netlink: 'syz.3.442': attribute type 4 has an invalid length.
[  240.834015][ T7392] fuse: Bad value for 'fd'
[  247.733549][ T7469] JFS: charset not found
[  247.783248][ T7471] netlink: 8 bytes leftover after parsing attributes in process `syz.5.468'.
[  247.992586][ T7471] bond1: option arp_missed_max: mode dependency failed, not supported in mode 802.3ad(4)
[  248.833425][ T7471] bond1 (unregistering): Released all slaves
[  249.631260][ T7490] fuse: Unknown parameter 'cr
up_id"[���~ѝ<���]�Aʵ�)X���ZѮU�`�����n�5֡�)<?e��W��%}�\��������M��b0��3��ʟJ�tp�adԭ ��q��
�������!�o�/~�W���4��`X#X�'
[  249.754334][ T7487] syz.3.471 (7487) used greatest stack depth: 17568 bytes left
[  256.610901][ T7578] 9p: Bad value for 'wfdno'
[  262.723228][ T7650] netlink: 156 bytes leftover after parsing attributes in process `syz.0.528'.
[  262.798535][ T7655] syz.2.529 uses obsolete (PF_INET,SOCK_PACKET)
[  262.971517][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  262.971594][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  265.922403][ T7704] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  265.922403][ T7704] The task syz.3.542 (7704) triggered the difference, watch for misbehavior.
[  265.922854][ T7704] netlink: 196 bytes leftover after parsing attributes in process `syz.3.542'.
[  266.598367][ T7724] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  266.598574][ T7724] macsec1: entered allmulticast mode
[  266.598999][ T7724] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  267.777433][ T7753] warning: `syz.5.565' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  270.779280][ T7801] netlink: 20 bytes leftover after parsing attributes in process `syz.4.579'.
[  272.017764][ T7815] overlayfs: failed to clone upperpath
[  273.268147][ T7836] fuse: Unknown parameter 'grou00000000000000000000'
[  273.471052][ T7843] fuse: Unknown parameter 'group_i00000000000000000000'
[  275.790385][ T7871] overlayfs: failed to clone upperpath
[  277.699702][   T36] audit: type=1326 audit(1771834982.372:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7903 comm="syz.0.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1bdbc629 code=0x7ffc0000
[  277.699766][   T36] audit: type=1326 audit(1771834982.372:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7903 comm="syz.0.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1bdbc629 code=0x7ffc0000
[  277.705133][   T36] audit: type=1326 audit(1771834982.382:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7903 comm="syz.0.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fde1bdbc629 code=0x7ffc0000
[  277.706237][   T36] audit: type=1326 audit(1771834982.382:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7903 comm="syz.0.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1bdbc629 code=0x7ffc0000
[  277.706387][   T36] audit: type=1326 audit(1771834982.382:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7903 comm="syz.0.613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1bdbc629 code=0x7ffc0000
[  278.098646][ T7916] overlayfs: failed to clone upperpath
[  281.841188][ T7962] overlayfs: failed to clone upperpath
[  283.505871][ T7978] netlink: 80 bytes leftover after parsing attributes in process `syz.3.621'.
[  288.429248][ T7979] ODEBUG: Out of memory. ODEBUG disabled
[  288.804463][    C1] ------------[ cut here ]------------
[  288.804480][    C1] 1
[  288.804497][    C1] WARNING: kernel/time/timer.c:716 at stub_timer+0xa/0x20, CPU#1: ktimers/1/29
[  288.804556][    C1] Modules linked in:
[  288.804579][    C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  288.804604][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  288.804619][    C1] RIP: 0010:stub_timer+0xa/0x20
[  288.804645][    C1] Code: 0f 94 c0 5b 41 5e e9 55 ed 74 09 cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa e8 f7 bc 13 00 90 <0f> 0b 90 c3 cc cc cc cc cc 66 66 66 66 2e 0f 1f 84 00 00 00 00 00
[  288.804666][    C1] RSP: 0018:ffffc90000a3fa38 EFLAGS: 00010246
[  288.804686][    C1] RAX: ffffffff81b095e9 RBX: 0000000080000000 RCX: ffff88801cef3c80
[  288.804701][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
[  288.804714][    C1] RBP: ffffc90000a3fb30 R08: 0000000000000000 R09: 0000000000000100
[  288.804728][    C1] R10: dffffc0000000000 R11: ffffffff81b095e0 R12: 0000000000000001
[  288.804742][    C1] R13: 00000000fffffa04 R14: 1ffff92000147f4c R15: ffff88803c2af810
[  288.804759][    C1] FS:  0000000000000000(0000) GS:ffff888126443000(0000) knlGS:0000000000000000
[  288.804776][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  288.804790][    C1] CR2: 000000110c416cf0 CR3: 000000003d718000 CR4: 00000000003526f0
[  288.804809][    C1] Call Trace:
[  288.804819][    C1]  <TASK>
[  288.804828][    C1]  call_timer_fn+0x192/0x640
[  288.804853][    C1]  ? __pfx_stub_timer+0x10/0x10
[  288.804872][    C1]  ? call_timer_fn+0xd4/0x640
[  288.804894][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  288.804915][    C1]  ? do_raw_spin_lock+0x12b/0x2f0
[  288.804961][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  288.804996][    C1]  ? __pfx_stub_timer+0x10/0x10
[  288.805019][    C1]  __run_timer_base+0x6a3/0x9f0
[  288.805067][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  288.805112][    C1]  ? rt_spin_lock+0x1e0/0x400
[  288.805155][    C1]  run_timer_softirq+0xb7/0x170
[  288.805188][    C1]  handle_softirqs+0x1de/0x6f0
[  288.805233][    C1]  ? smpboot_thread_fn+0x4d/0xa50
[  288.805268][    C1]  run_ktimerd+0x69/0x100
[  288.805303][    C1]  smpboot_thread_fn+0x541/0xa50
[  288.805339][    C1]  ? smpboot_thread_fn+0x4d/0xa50
[  288.805386][    C1]  kthread+0x388/0x470
[  288.805431][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  288.805464][    C1]  ? __pfx_kthread+0x10/0x10
[  288.805489][    C1]  ret_from_fork+0x51e/0xb90
[  288.805526][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  288.805555][    C1]  ? __switch_to+0xc7d/0x1450
[  288.805590][    C1]  ? __pfx_kthread+0x10/0x10
[  288.805616][    C1]  ret_from_fork_asm+0x1a/0x30
[  288.805660][    C1]  </TASK>
[  288.805682][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  288.805698][    C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  288.805722][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  288.805735][    C1] Call Trace:
[  288.805745][    C1]  <TASK>
[  288.805754][    C1]  vpanic+0x56c/0xa60
[  288.805789][    C1]  ? __pfx__printk+0x10/0x10
[  288.805815][    C1]  ? __pfx_vpanic+0x10/0x10
[  288.805846][    C1]  ? is_bpf_text_address+0x292/0x2b0
[  288.805879][    C1]  ? is_bpf_text_address+0x26/0x2b0
[  288.805913][    C1]  panic+0xc5/0xd0
[  288.805945][    C1]  ? __pfx_panic+0x10/0x10
[  288.805987][    C1]  ? ret_from_fork_asm+0x1a/0x30
[  288.806015][    C1]  __warn+0x315/0x4f0
[  288.806048][    C1]  ? stub_timer+0xa/0x20
[  288.806070][    C1]  ? stub_timer+0xa/0x20
[  288.806100][    C1]  __report_bug+0x29a/0x540
[  288.806140][    C1]  ? stub_timer+0xa/0x20
[  288.806161][    C1]  ? __pfx___report_bug+0x10/0x10
[  288.806187][    C1]  ? add_lock_to_list+0xc7/0x100
[  288.806217][    C1]  ? lockdep_unlock+0x5d/0xd0
[  288.806249][    C1]  ? __lock_acquire+0x146e/0x2cf0
[  288.806284][    C1]  ? stub_timer+0xa/0x20
[  288.806303][    C1]  report_bug+0x16a/0x220
[  288.806331][    C1]  ? stub_timer+0xa/0x20
[  288.806348][    C1]  ? stub_timer+0xc/0x20
[  288.806367][    C1]  handle_bug+0x98/0x200
[  288.806403][    C1]  exc_invalid_op+0x1a/0x50
[  288.806437][    C1]  asm_exc_invalid_op+0x1a/0x20
[  288.806460][    C1] RIP: 0010:stub_timer+0xa/0x20
[  288.806481][    C1] Code: 0f 94 c0 5b 41 5e e9 55 ed 74 09 cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa e8 f7 bc 13 00 90 <0f> 0b 90 c3 cc cc cc cc cc 66 66 66 66 2e 0f 1f 84 00 00 00 00 00
[  288.806509][    C1] RSP: 0018:ffffc90000a3fa38 EFLAGS: 00010246
[  288.806528][    C1] RAX: ffffffff81b095e9 RBX: 0000000080000000 RCX: ffff88801cef3c80
[  288.806544][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
[  288.806558][    C1] RBP: ffffc90000a3fb30 R08: 0000000000000000 R09: 0000000000000100
[  288.806577][    C1] R10: dffffc0000000000 R11: ffffffff81b095e0 R12: 0000000000000001
[  288.806593][    C1] R13: 00000000fffffa04 R14: 1ffff92000147f4c R15: ffff88803c2af810
[  288.806615][    C1]  ? __pfx_stub_timer+0x10/0x10
[  288.806638][    C1]  ? stub_timer+0x9/0x20
[  288.806665][    C1]  ? stub_timer+0x9/0x20
[  288.806683][    C1]  call_timer_fn+0x192/0x640
[  288.806705][    C1]  ? __pfx_stub_timer+0x10/0x10
[  288.806725][    C1]  ? call_timer_fn+0xd4/0x640
[  288.806746][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  288.806767][    C1]  ? do_raw_spin_lock+0x12b/0x2f0
[  288.806810][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  288.806842][    C1]  ? __pfx_stub_timer+0x10/0x10
[  288.806866][    C1]  __run_timer_base+0x6a3/0x9f0
[  288.806917][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  288.806946][    C1]  ? rt_spin_lock+0x1e0/0x400
[  288.806987][    C1]  run_timer_softirq+0xb7/0x170
[  288.807022][    C1]  handle_softirqs+0x1de/0x6f0
[  288.807065][    C1]  ? smpboot_thread_fn+0x4d/0xa50
[  288.807113][    C1]  run_ktimerd+0x69/0x100
[  288.807148][    C1]  smpboot_thread_fn+0x541/0xa50
[  288.807185][    C1]  ? smpboot_thread_fn+0x4d/0xa50
[  288.807228][    C1]  kthread+0x388/0x470
[  288.807252][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  288.807286][    C1]  ? __pfx_kthread+0x10/0x10
[  288.807311][    C1]  ret_from_fork+0x51e/0xb90
[  288.807347][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  288.807376][    C1]  ? __switch_to+0xc7d/0x1450
[  288.807407][    C1]  ? __pfx_kthread+0x10/0x10
[  288.807429][    C1]  ret_from_fork_asm+0x1a/0x30
[  288.807466][    C1]  </TASK>
[  288.808154][    C1] Kernel Offset: disabled