last executing test programs:

4m10.961993536s ago: executing program 0 (id=23):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000000)=""/108, &(0x7f0000000080)=0x18)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
pipe(&(0x7f00000005c0)={<r2=>0xffffffffffffffff})
fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000240)='\x00', 0x0, r1)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r4 = openat$cgroup_devices(r3, &(0x7f00000001c0)='devices.deny\x00', 0x2, 0x0)
splice(r2, 0x0, r4, 0x0, 0x8, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0700000014000000080000004000000042000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000f3ff0000f3ffffff0400000000"], 0x50)
setresgid(0xee00, 0xee01, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0), 0xc)
r7 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0xa4, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x10, 0xfffffffc, 0xdc67}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f00000000c0)={'syztnl1\x00', <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, @dev={0xfe, 0x80, '\x00', 0x8}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x700, 0x0, 0xfffffffc}})
setregid(0xffffffffffffffff, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', r8, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={0x0, r9}, 0x18)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r11 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r11, 0x0, 0x40, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r5}, 0x38)

4m9.322517016s ago: executing program 0 (id=27):
socket$netlink(0x10, 0x3, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x0, 0x0, &(0x7f0000000200)='syzkaller\x00'}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
memfd_create(0x0, 0x7)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/14, @ANYBLOB='\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x2, 0x17, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r1=>0x0})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x66, &(0x7f0000000780)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, '\x00\'$', 0x30, 0x3a, 0xff, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], @dest_unreach={0x1, 0x4, 0x0, 0x0, '\x00', {0xd, 0x6, "2308d3", 0x1000, 0x0, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1}}}}}}}, 0x0)
ioctl$SIOCGSTAMP(r3, 0x8906, 0x0)
recvmsg(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x20)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f0000000200)='cgroup.controllers\x00', &(0x7f00000002c0)="0f149407", 0x4)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000100)={0x28, 0x7, r1, 0x0, &(0x7f0000ff0000/0x10000)=nil, 0x10000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x5, r1})

4m5.381118312s ago: executing program 0 (id=31):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}}, 0x0)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)

4m1.417251471s ago: executing program 0 (id=40):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000000)=""/108, &(0x7f0000000080)=0x18)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="1201000000000020ac050f0222000182830109022400010100000009040000020301020009210005000122000009058103"], 0x0)
openat$mice(0xffffff9c, &(0x7f0000000100), 0x40000)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x18, 0x8, 0x40, 0x42, 0x1}, 0x48)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r4=>0x0})
sendmsg$can_raw(r3, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r4}, 0x10, &(0x7f0000000200)={0x0, 0xe}}, 0x4)
syz_usb_connect$uac1(0x4, 0xb3, &(0x7f00000002c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa1, 0x3, 0x1, 0x88, 0x90, 0xd4, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x2, 0x8}, [@feature_unit={0xb, 0x24, 0x6, 0x4, 0x3, 0x2, [0x0, 0x7], 0x4f}, @feature_unit={0xd, 0x24, 0x6, 0x1, 0x2, 0x3, [0x7, 0x9, 0x5], 0x7}, @feature_unit={0x11, 0x24, 0x6, 0x3, 0x6, 0x5, [0x2, 0x4, 0x49ec946381ba84a6, 0x2, 0x8], 0x3}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x4, 0x7, 0x10, "0ae87418c3d1a2a20d"}]}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x9, 0x6, 0x2f, {0x7, 0x25, 0x1, 0x0, 0x3b, 0x61}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x6, 0xd1, 0x2}]}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0x4d, 0x7, 0xd, {0x7, 0x25, 0x1, 0x1, 0x10, 0xfff7}}}}}}}]}}, &(0x7f00000005c0)={0xa, &(0x7f0000000380)={0xa, 0x6, 0x250, 0x8, 0x6, 0x5, 0x40, 0x9}, 0x19, &(0x7f0000000400)=ANY=[@ANYBLOB="050f190020141004ffd9ea3dad48ac62b8f62a0b24c8f69ec1"], 0x3, [{0x26, &(0x7f0000000500)=@string={0x26, 0x3, "824c98ddfb24680965febbff7b4c525f6071a5810f4c6be9a5556c0d5fcad46da4295868"}}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0xc07}}, {0xc2, &(0x7f0000000680)=@string={0xc2, 0x3, "d8927b2e69566221fae8ac223d9563d9056cd8081bdbdd77ff3498c4a3676d02b89e2d71537350fcdd3c5708c3fd775b9c93f0b8635466461d598242fcded501221210f8daf98b55f8bed9f0ea58f902e4a4ba160951daed1ef9529a6497eff44c1874d7c3c09326447ad7d0bb48645e2e38fc83b50fb71a754ff45a5d55ea3014baea87fe0832e216219ac2b9ff56d6461c1e96cd4aba65c23eadf1cad456cf5afb53998e74eafebf5ef49c2d708cfd1fd330f75b44e9f242197acaa12cd4a0"}}]})
setresgid(0xee00, 0xee01, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/16, @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0), 0xc)
r6 = socket(0x10, 0x800, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0xa4, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x10, 0xfffffffc, 0xdc67}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r6, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f00000000c0)={'syztnl1\x00', <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, @dev={0xfe, 0x80, '\x00', 0x8}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x700, 0x0, 0xfffffffc}})
setregid(0xffffffffffffffff, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', r7, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={0x0, r8}, 0x18)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r10, 0x0, 0x40, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r2}, 0x38)

3m56.918471291s ago: executing program 0 (id=52):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000000000)={0x3, 0x80, 0x1, 0x6d3b90d1, 0xcd5c, 0x6})
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'tunl0\x00', &(0x7f0000000180)={'sit0\x00', 0x0, 0x7800, 0x8000, 0x80000001, 0x5, {{0x5, 0x4, 0x3, 0x0, 0x14, 0x64, 0x0, 0x4, 0x29, 0x0, @empty, @loopback}}}})
socket$packet(0x11, 0x3, 0x300)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000100)=0xa, 0x4)
openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0x1, 0x78bd27, 0xa6, {0x0, 0x0, 0x0, r6, {0xfff3}, {0x0, 0xfffd}, {0x0, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x81}, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r7 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendto$inet6(r7, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c)

3m55.664014068s ago: executing program 0 (id=58):
move_pages(0x0, 0xede8993fbe2385d, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
setrlimit(0x2, &(0x7f0000000040)={0x401, 0x4})
mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x100)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r3, 0x8983, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0x4f27, 0x2, 0x10000, 0x4, 0x4, 0x0, 0x8, 0x7, 0xa, 0x0, 0x2, 0x1, 0x1, 0x800, 0x6, 0xb4c, 0x0, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa7, 0x0, 0x20001e58, 0xb, 0xe69, 0x3c, 0x8, 0x1, 0x0, 0xfffffff8]})
ioctl$COMEDI_SUBDINFO(r4, 0x80486402, &(0x7f00000002c0))
ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f00000000c0)=0x1)
ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000580)={0x0, @bt={0x3e, 0x1, 0x0, 0x2, 0xcf, 0x1, 0x0, 0x5, 0x3, 0x5b, 0x6, 0xb7, 0x401, 0x1800, 0x0, 0x22, {0xb0, 0x101}, 0x0, 0x4}})
mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, 0x0, 0x1, 0x4000812, 0xffffffffffffffff, 0x100000)
r5 = syz_usb_connect(0x0, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f3330102030109021200010000000009"], 0x0)
syz_usb_control_io$uac1(r5, 0x0, 0x0)
syz_usb_control_io$printer(r5, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x80c80, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)

3m40.493651165s ago: executing program 32 (id=58):
move_pages(0x0, 0xede8993fbe2385d, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
setrlimit(0x2, &(0x7f0000000040)={0x401, 0x4})
mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x100)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r3, 0x8983, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0x4f27, 0x2, 0x10000, 0x4, 0x4, 0x0, 0x8, 0x7, 0xa, 0x0, 0x2, 0x1, 0x1, 0x800, 0x6, 0xb4c, 0x0, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa7, 0x0, 0x20001e58, 0xb, 0xe69, 0x3c, 0x8, 0x1, 0x0, 0xfffffff8]})
ioctl$COMEDI_SUBDINFO(r4, 0x80486402, &(0x7f00000002c0))
ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f00000000c0)=0x1)
ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000580)={0x0, @bt={0x3e, 0x1, 0x0, 0x2, 0xcf, 0x1, 0x0, 0x5, 0x3, 0x5b, 0x6, 0xb7, 0x401, 0x1800, 0x0, 0x22, {0xb0, 0x101}, 0x0, 0x4}})
mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, 0x0, 0x1, 0x4000812, 0xffffffffffffffff, 0x100000)
r5 = syz_usb_connect(0x0, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f3330102030109021200010000000009"], 0x0)
syz_usb_control_io$uac1(r5, 0x0, 0x0)
syz_usb_control_io$printer(r5, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x80c80, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)

3m4.631863955s ago: executing program 5 (id=86):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
setxattr$system_posix_acl(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000100)='system.posix_acl_default\x00', &(0x7f0000000180)=ANY=[@ANYBLOB="020000000100010000000000782b6e7fee62a8aa20000000000300000000190000000000"], 0x24, 0x3)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="38010000fe0000"], 0x138)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000340), 0x0, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@ignoreqv}, {@debug={'debug', 0x3d, 0xff}}]}})
r4 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1)
sendfile(r4, r0, 0x0, 0x80000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3800000054000b000000000000c4000054", @ANYRES32, @ANYBLOB="00000001e000030000000000000000000000000008"], 0x38}, 0x1, 0x0, 0x0, 0x880}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)

3m4.254543269s ago: executing program 5 (id=175):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0500000004000000f100000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffff6d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r1}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r2, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdc8}, 0x0)

3m1.078450032s ago: executing program 5 (id=180):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
lsetxattr$trusted_overlay_upper(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200), 0x0, 0x0, 0x1)

3m0.5433564s ago: executing program 33 (id=180):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
lsetxattr$trusted_overlay_upper(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200), 0x0, 0x0, 0x1)

19.114567163s ago: executing program 6 (id=539):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x60400, 0x0)
ioctl$COMEDI_BUFCONFIG(r0, 0x8020640d, &(0x7f0000000000)={0x7, 0x10000, 0x40fff, 0x2})

18.626673539s ago: executing program 6 (id=542):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000014c0))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
openat$null(0xffffffffffffff9c, 0x0, 0x404100, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f000001aa40)=""/102400, 0x19000)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x114, 0x2e, 0x1, 0x7000000, 0x25dfdbfc, "", [@nested={0x103, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x16}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
shmget$private(0x0, 0x9000, 0x4, &(0x7f0000ff7000/0x9000)=nil)
r8 = shmget$private(0x0, 0x1000, 0x80, &(0x7f0000ffe000/0x1000)=nil)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f00000000c0))
shmat(r8, &(0x7f0000ff9000/0x1000)=nil, 0x5000)
close(r4)
socket$nl_route(0x10, 0x3, 0x0)

14.495413383s ago: executing program 6 (id=550):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x81, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd(0x5)
r3 = eventfd(0x200)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000280)={r3, 0x7, 0x2, r2})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={r2, 0x7, 0x2, r2})
syz_emit_ethernet(0x52, &(0x7f0000000640)=ANY=[@ANYBLOB="ffffffffffff0000000000000800450000440000000000019078ac1e0001ac1414bb0c009078000000004a0000000000000000110000ac141485e6aaac14f1a90703dd02000000d9de36ed4bcc5b4e"], 0x0)
r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
close(r4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000f40)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c03406910927c6b0b55b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfe79578e51bc53099e90f4580d760551b5b342f7cbdb9cd38bdb2209c676b2ac2deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f132020000002cbe7bc04b82d2789cb1b2b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c41146dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a42b359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780c70014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e506d1387b63112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece08ac772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2ef0ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a3f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099bdae7ed04935c2c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adeb988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ffa3c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe4a3ced846891180604b6dd2499d16d7d9158ffffff069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb0814040000007874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dbae3428d2129ecfce1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296c6a298c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f050000000000000026049fe86e09623524f390bf79b441b75fc790c58e273cd905deb28c13c1ed1c0d9cae846b03008cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc48f97496079654f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b4749c28eb5167e9936ed327fb237a56224e49d9ea956d1798571b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecf743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be182724d95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd0403a099f32468f1561f058960d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b656dc0e32384f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bbe3e8ef76f57a2d0e69115d33394e86e4b83c0f3c2a34635f3eee4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cd082027c641ec4355eb4acff90756d1a1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8cc3fe28bc3586844f5fecb92aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a5906002fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128ab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0afd9ae134400f70b5e6aefb7eee403502732df858a2ea033b6c91c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80ffb8f386bb79f5589829b6b0679b5d65a00000000000000e6ff00000000000000000000faff0000bab50bc8508a9644d3e7c328b0ff22035c8073f8c1f0e3da7339fc81d4ab3ef2857ef70a81d8a1628da28c942571880e22df7cabae56d5ff5e483c9c1f5a258b8f1f34cc300312f76a374a6e9b3f9dbd7f538a80b00f97e47895b3201c5126feca0888956a7d768198d9c2109ac508a47ebb99c539ef45af7d87b308117a9e321a3861bc42cf41942c31268a4020221d7b1622585094eddd83c7f4acdd7f5c23d8b730bf03118261edada8b8487a3b1b7548a4687a91f12bf70bb1df3bfe7d4b92ad6fcbf401efd6eb004cf20016ad8d1dad136dd856ffca238b39482811f948524bf182f1956a3d044423927df28880bbd11c06407220df8e1d1d483d947d990dc175803d765ca14a915a0040b641959ad3e776b4bb4852fea12983dc18b7404914a6137dc4a78f1e0d331c60a9019c21698cd18753491df962f496f2395563e9c3d7b1228d0e488cf7e50a29541aa757f2e2ee9ff4433d65db0de5a123d569e39dce481156cbec584c9a32a8e3b032fa003192c891d83119bc950abac9147b9fcb0acd9a207b5ceb7e8ed1d91c000000000000000000000000000000141258373281153fa27e586ea82650f070d8851ac9e7ac07b37a6479d4017b5b5af3ff4c91235df4f657d77e386a329aec4d766369c86b62b01ceb028c6fcf206883633cb143016b9f5351a45a8cb4ea110ba700000000000000883416b6eff6a793c71deb7d780c4f51d86ece127c0714144916f397d398ad2fe72b710b932c15c2369cb5d2d2f6ae420672c4a626195a891ac51825077fbc286aa3866bbf18a4a8b836ea8c90af0d5f0aff55b50bc18c27875ed2628b91224b7fa9fd10ccd7c1b1a92bac529df981a6d30100e68555553625c0e91a51000000000000000000fe030f85b294f3ea1fce314a9dcefbe3b64e83c35c5e95734786ca78315793cc0e6e776d2ec07c55cd89541ec25e074e840287011cab538d79e1569df321282071d49a4dc5fb2d7da1d05249d0e153fd04aca2", @ANYRES8=r4], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x37}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0x22, 0x0, &(0x7f0000000680)="b9ff03316844268cb89e14f00800", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$BTRFS_IOC_RESIZE(r4, 0x50009403, &(0x7f0000000000)={{r4}, {@void, @actul_num={@val=0x2d, 0xb3, 0x4d}}})

13.464776673s ago: executing program 6 (id=553):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x11, 0x800000002, 0x0)
ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000200)={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x306, @random="b16f7311fce6"}, 0x3a, {0x2, 0x4e20, @broadcast}, 'macsec0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
r4 = syz_open_dev$video(&(0x7f0000000000), 0x7, 0x0)
ioctl$VIDIOC_G_DV_TIMINGS(r4, 0xc0845658, &(0x7f0000000100)={0x0, @reserved})
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(0xffffffffffffffff, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

12.678293922s ago: executing program 2 (id=555):
syz_open_dev$ttys(0xc, 0x2, 0x1)
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x6, @loopback}, 0x1c)
syz_open_dev$ttys(0xc, 0x2, 0x1)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
syz_usb_connect$printer(0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=@dellink={0x20, 0x11, 0x101, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0)

12.359540223s ago: executing program 6 (id=556):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x800000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x1, &(0x7f0000002280)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
pivot_root(&(0x7f0000002240)='./file0/file0\x00', 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000003280)=ANY=[@ANYBLOB="140000001000010000000000000000030000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000020900010073797a30000000000900030073797a3200000000240b0000060a010400000000000000000100000008000b4000000000fc0a048028000180080001006c6f67001c0002800e00024073797a6b616c6c65720000000800054000000008d00a01800e000100696d6d656469617465000000bc0a0280640002804c0002800900020073797a32000000000900020073797a310000000008000180fffffffc0900020073797a31000000000800034000009c920900020073797a300000000008000180ffffffff14000280080003400000000808000180fffffffb0800014000000002080001400000000b500002804b000100fa62d7ba9ceeacf9aa4f832b78f35731f355d63e192a72aef5e68a05d1b806151b6bd1e2d74abafd383790ad363fdc1b7766748630b48f9beefdb33c86d5835a470b5ffd20d7e9006c0102805c00028008000180fffffffe0900020073797a30000000000900020073797a320000000008000180ffffffff0900020073797a320000000008000180fffffffd0900020073797a310000000008000180fffffffc0800034000000e5628000280080003400000000608000340000000070900020073797a320000000008000180fffffffe540002800900020073797a320000000008000180fffffffe0800034000000000080003400000000008000340000000090900020073797a310000000008000180fffffffe080003400000800108000180fffffffd8e000100818ce881ff18470752e86442e8b77ddcfc7a4c87f05cd36147be26c85cc854cc117db1906007a5a8c298f4724c8c743d46ec7f3ba478d9dfb10bbe9e4fdfc2188d62db9bb1364fed383fe0b0c3fbbab83959470cb0ffb14765c32f10b54d99531d04caaf264214997543a1c63637d9a3a20b7ce9312e545626eb375c88462c198f35cf8a11616de4fa0c000098020280eb00010099c8e680eb4d0e7f78e1fb62226ae541d997c8cb51c5ebd0bb7e2730b61310dcd7525807288a7ad8c00f6aa230a1d1b876ddb0e188384e7c79cd8af94a02451a04d8f116bde38077da45650d82bdd1767b03e3f35bc4a5769e659d8cdb6d9d9d717c78b50f6b3ac899b07a9eaf2c989654de7d6609299bad01ca1f3fa8b6229a6c69627a07f627880e902231b20368f3ae64fd12fc37afeb95f14a4dc3d0bc5f6e2afd0fc8ef6982054cffa703ee1376654019ad6d2add9052c5d2f2e0ba3318f931b2c5f2dcce5cbca6093c64d23b64e2f2061da3dd5983644280de22d592b63b5d7f6b571beb005400010041bbc64da6bacaad1bebec23352accccbca40d6ba87943f82df945bf4ccc5250a0c2b2cb13793380f424b280bfb960885af6df4afa26efa8fcd7a1243389ef3fcf1d709f775a9cd1dfb2b84fd03e5d70f800010001950b7c0ec30534e476b721ba6e82d03078fe63b683918ecbbb9c339c8cdd63689339ac43acd5973f4aac8720a98d18e13b98e11e291f3f3621ed29c717639f84bdd28810da6ae30538775f15e00133741e9de3f96f69ab363752fa962b3c71041ba1e463a91d782a968d9febb648b66e71a6827c53b3be014b785f61c4fd46fef00658f64cdd465edb61ba4c5f00849b2935c485da99a38489ecc29837433ac5446c3922d73153fd8fb2368a5ce4201760ca6778f570b7fcb38be633a02d57c5884b6bcbaf3bc28ca7686edb5d59e1b823a8f0f5ff788625995d51c16413783c6290a9714bd4dcbd2a388139f3e46f69916f335c0002800900020073797a3000000000080003400000000908000180000000000900020073797a3000000000080003400000000808000180fffffffd080003400000000408000340fffffff908000180fffffffb0800034000000003a80002801c000280080003400000020008000340fffffff508000340000000001400028008000340000000050800034000000007720001001c2cce526d2ee30fb33f426450278cb35ac06b1cef15fefc26b5c17a8c9251bed316fccb5588f2e071fc355537fcf458cf14217f16ce4c12a4b559f3e807c94c6cc4f418baebc6024b74b9dbc5ef66dbbe91812ea247db80670c101ed494f105ad9c09b4eaf8d5c133b46a311c1a00001c0302802000028008000180fffffffc0900020073797a320000000008000340000000035c00028008000180fffffffc08000180fffffffc08000180fffffffb0900020073797a300000000008000340000000060900020073797a30000000000900020073797a31000000000900020073797a310000000008000180fffffffbf6000100330e5af714359ac9da33381a13071148dbe4293800e6be0290efbb549850cda132ca27a55553fd77c3067504c4596086f4001f53d49e8111395ebccb983c6b04735a58ab2617dfc62123b09c8dc5a47154667414dc28e8369829764b2e3cc23303a882890bad6d3a70d9e15701ec8c4c15a46d38c9ed6bc8658f8a45a02083f563324a27c649bab7cbcb485c289bd8df0a040128df6891ab48095977e0463f8e3ed7ba6df976ee30768954dfeb3f08c942b2c9384aa0b78baf92ecf5e4d73788afb1bc5a8f7c4b454897cd8bcac7f19cdd949fac66756da3b9311e13362eee317df853f6bc7e4638eb145a1484d3780e09b50000c8000100d5c1e4159bf770e02e6e1ebe911d7513709588175328d2e11f2ebf3f6967c49bedcb2a5459a45272bb8084e3bb55ea7a80166d97ec16457ed7d2a834d9aafdb2a54110ddc7975eaeda4f897ec7d533c27df0ce5ff92cfedadc67fff850ee5d07822d72b27af229d17ad2f8d802ae40d98f373e348a04b4f0270c71f82319de3a0331f165204896e0e448cf7ea0f8eb32a312fda6716f72f0234742fe6708ad0adf587ea21d94b8c8f5080028dda1e21d3d9ac82d8edd12941631b72b692ecc262d6ae12393000100c56deda494a09379df59bad8f0f17376b307ce49571034af728b1c4bf694e3b91406b976944238ab36ccaf40e3d92952ba87aa27af6353a82868c9508577a1b6a349fce75b3e4952b04b9527f496b5555e6db110dec07430b01446635eff12f136dbcb54fd4dc90b02e1bc6488ed74efd9eeb1b6de6e2a234f6c323df5c28a0352d03b34ee4f64ab614078125aa3cc0048000280080003400000000c08000340000000010900020073797a310000000008000180fffffffd0800034000008000080003400000dc5b08000180fffffffc08000180fffffffb2c0202804b000100cece2d8ff50c68c1060c2e691ddc50c6d87b46b4e5f6695010163d98bac2d9d7693cff0ec1e2107f58d3c305c78e5a596df92f1dbe80793dce5424be9e7951890023db7d0b9b2700e5000100f46e4b21dd4b92221713eece21b0e3bfb3fe995725eca78713a8d11ac82a6aefeeeab4720bd136479523ccafa34771afedeafc55275842bb7adb37ff3c93b19d9d5139f8b67ee81e380faa9506e6c8e5956cf7efc9828438d340aa4bfe771769c6ddb2f8c31049c1fc37e8f28812ea0aadd0caa7e32f6bb4b2b7a4473e5fa876c87bf285a503660ea12a0cfff6863a87c64ea83c31e737e278edcad77cb964828c7049d335e25156fd4d1c2faada6a8363794fe487155fbfd7c2e1b8504d4a744357734f51fca0426ffe929280df27411f8a90a067b285e970fa1e403722ae91dd000000f400010073e22ba6603d1c92836887468b100c2dc430efeb2ef19c66bd0582fe94df7b5a20292fdfbd2009980dbf9651685f7713bfb0f42583e452670f29e2cabf848fcdcb7a2067f0b257efd7dc927e540584b08f026e14be231afa797e36410d8ad6cbced8c5d2cce2f5a8b75713e57b3161b5b4ce78f283bf59a04f90bc1c5a4371abed0124c621ecb51b6166ad39f14216c09456232b7ea8dd7058bbbeae8b1c13df7ffa1515a359309683421d783f4fb00547cb06b3f974e65f28397c2c16675436a414b6e28d61800c35bdc05f9837e14491ce0fa7c0fbf6f61dd8f7eceac62373ed913de212a188ad5fa12d0eab8a0b440900010073797a30"], 0xb98}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_emit_ethernet(0x82, &(0x7f0000000040)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @mcast1={0xff, 0x0, '\x00', 0x0}, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0xff80}}]}]}}}}}}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x1, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socket$xdp(0x2c, 0x3, 0x0)

11.33045203s ago: executing program 6 (id=560):
r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0)
ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f0000000200)={0x0, 0x1, 0x0, 0x0, "4620f63a4e6b5c9b4410b99e0e549fcfdeb92566761ad1c34ca4a1abe476fa96"})
r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_elf32(r1, &(0x7f00000012c0)=ANY=[@ANYBLOB="7f454c4604070003070000000000000002000300030204000903000038000000fcffffff0e00000000002000010005000000000000000000030000007f00000004000000040020000c"], 0x958)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = getpid()
syz_pidfd_open(r5, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
io_setup(0x9, &(0x7f0000000240)=<r7=>0x0)
connect$can_bcm(r6, &(0x7f0000000040), 0x10)
io_submit(r7, 0x1, &(0x7f00000012c0)=[0x0])
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r8 = syz_open_dev$usbfs(&(0x7f00000001c0), 0x77, 0x141301)
ioctl$USBDEVFS_FREE_STREAMS(r8, 0x802c550a, &(0x7f0000000100)=ANY=[@ANYBLOB="0200a0061000070060000000020000a0d33309", @ANYRESDEC=r8])
ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, 0x0)
close(r1)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x407}}, 0x0, 0x0, 0x0}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)

11.212518333s ago: executing program 1 (id=561):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1700000000000000040000000300000000", @ANYRES32=0x1, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00S', @ANYRES32=0x0, @ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4000000000b00007910000000000000c3100009a1000000950074000000000031fb0d3a4231020004399d17d34e075fdcda533ab1aa71ab1d764152e6cb25dadc7ded5dbe11b62ac5ea9fca11027d19e93adb604a7d3deb92de3141e8ed7ac5b8902070213cdfdc5d6c4890cdeb50347c32060581172b94c6ba22a2b58eb6cbad46ed6e7965a2ba103b0b36f790bb41931f9a3d4dd127c1b4e49f7468f5e603950c4f67581c92ef8a7e8ece17d5f5b169391ef409c39c263895739e3d702c128b35d5fc23469240c61e150e2bae385f9ac9b03c22b0f7050c166b835298c5911f1053a723aee89051c24e1900ab97fa52d2e06dce0248a829ed46a520db4c1432080bbf707ad2f8af8118ee7d434a960ed6be4455ba57cb06459b64689e77ce95823a5533f5b11118906fd2fc29b3697c637d3693d4b4aade6f9202e6cfa6d7507f88af38b6109ad8f82b1d600a5447831df835d7000000218b0222004f98a7a0caddc397d8414be912b4e7536fefd951fe23a56fbf9fc643c6604268b5ccc13b996aaed0a6f6470566c8f534e5d486b2141646b35fd4472be8195fd917446a8abb1c2cd5dc09e2d75ec00ede2841e497d5178cf9445c7bb11f3c5cfdcae8c476d3fb75cac727143f92798a44864b49366b6cf228d9bc1d99ab2104e3c2e17ec46fbce102c158ff3748f1eb90b83d8be0dfcefbeed222009b41ad34d8656daf41e23322e58d91811feffc39ec11b11cc611f6fbfd999c3bef10caa2e8692259d40d69ed3d85ec2813b007b8ce6384a28798f445ad7fc451865fe45a06977f7a785f8e97544aad1f844f2a4799944e0daf6d4c3a7d30b7d89781ca607048c50945c45d5a6f2c5145416176fd64c559e6a272b92c92052a9005aaa25d09613aba2e7d429ae40c249e7996e4bc213c24699889ea320c40f32dcdaa19893e17c57d7e8c51d5f320d99e8c2521c339c33bf6c41fde029061c088"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)

10.562349585s ago: executing program 2 (id=563):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = accept(r0, &(0x7f0000000300)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, &(0x7f0000000040)=0x80)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000440)={0x0, 0x37, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="600000000206010100000000000000000000000005000400000000000900020073797a30000000000500010007000004050005000a0000001400078c0800114000000000080012400000ffff120003199691f6ae41cd4288d019ab595cec2ec65dbc2590995cb4fab160e88f00c45832c87c696269e99fb84c15d815d53389abbb27dbba79704c37d2c9889787e8fb6522f2b993fe24d38645da80b25b2eef5e92cd8970f0312f11f4988dbfdfa928325cab30410b8954e69f99c67eed9ad1e5f59344974238fcdb2e23728a7ec24034707feed605aaa72a9ca875ee1028a81a43470b88664a910c1c6056cbaf148a3b0d420205401f07b307c8d33fde9d30a0"], 0x60}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000064000000060a010400000000000000000100000008000b40000000003c00048038000180080001006e6174002c00028008000540000000000800014000000000080006400000000d08000240ffff000a080006"], 0xd8}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r2 = socket(0x10, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
unshare(0x22020400)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
fadvise64(r4, 0xff, 0x3, 0x4)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r6, 0x0)
r7 = syz_open_dev$media(&(0x7f0000000b40), 0x2e18, 0x100)
r8 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r8, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x2000, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '|^b!'}, 0x0, 0x1, {0x0}})
ioctl$vim2m_VIDIOC_QBUF(r8, 0xc058560f, &(0x7f0000000340)=@mmap={0x0, 0x2, 0x4, 0xffffff7f, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "186856f3"}})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r6)
sendmsg$NL80211_CMD_SET_NOACK_MAP(r1, &(0x7f0000000400)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000240)={0x34, r9, 0x4, 0x70bd2a, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x10}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xb}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x2}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x40800}, 0x10)
ioctl$MEDIA_IOC_ENUM_LINKS(r7, 0xc0287c02, &(0x7f00000001c0)={0x80000000, &(0x7f00000011c0), 0x0})
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r3, @ANYBLOB="020000000000800080001200080001007674693674000200"], 0xa0}}, 0x0)
getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000000280), &(0x7f00000002c0)=0xc)

10.003052441s ago: executing program 1 (id=565):
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
rt_sigaction(0x4, &(0x7f00000001c0)={&(0x7f0000000140)="44dfa3998999998f083087649e0d0036660f38df2b660fbab97500000000c3c4a37905d708f246ad66450f28e20f9218c401f5e84c5700", 0x50000003, 0x0, {[0x1]}}, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0100000000000000560000000000000066ba20"], 0x6e})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x8000000000000035, 0xfff, 0x0, 0x40180, 0x5, 0x14, 0xf2, 0x3, 0x7fffffffffffe, 0x5, 0x5, 0xc6bd, 0x566, 0x45, 0x5, 0xbdb], 0x1, 0x1c4213})
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

9.036273266s ago: executing program 2 (id=566):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x11, 0x800000002, 0x0)
ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000200)={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x306, @random="b16f7311fce6"}, 0x3a, {0x2, 0x4e20, @broadcast}, 'macsec0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
r4 = syz_open_dev$video(&(0x7f0000000000), 0x7, 0x0)
ioctl$VIDIOC_G_DV_TIMINGS(r4, 0xc0845658, &(0x7f0000000100)={0x0, @reserved})
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(0xffffffffffffffff, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

8.933533519s ago: executing program 1 (id=568):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000380), r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000950000000000000095f20bd48175c2637c84bb2d00739f1d369192ec208a1adeb04e4915459c7fff52c6cffe592ef48ca9f08aadda435dd66302bd1512f758a60e5b099a1f3e7c60fee594833fecd408c45b9a4c4cd4ad2c4454261827bc40b1866e149c17ab765ffa4fb8fc130e90afe0e320e2b8c542422c036f6b"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f00000009c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @empty}})
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r1, 0xba87317d461c07c9, 0x70bd2d, 0x4004}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

7.369868759s ago: executing program 1 (id=569):
r0 = syz_usb_connect(0x1, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff)
openat$nullb(0xffffffffffffff9c, 0x0, 0x42000, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, 0x0, 0x10)
ftruncate(r2, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
sendfile(r3, r2, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000008640), 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
socket$kcm(0x29, 0x5, 0x0)
pipe(&(0x7f0000000040))
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={0x0, &(0x7f0000000380)="c75f16175bb69c4013d0479f629c0ba46ff8ac8dc98098b878545ed70bb5bc1bacf36b28b91a23b1365fa8e67059f7c1fc1ade5eb855207f7066f96bdafb14234e8d9afeee1f3fd22e4b4fe5a61f4afde21805ae5206b87bb22d882df14583a3e6616fce8682"}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

7.358471158s ago: executing program 2 (id=570):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}}, 0x0)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)

6.232815877s ago: executing program 3 (id=571):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmsg(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000004c0)=""/249, 0xf9}], 0x1}, 0x0)
close(r3)
sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x6004, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r5, 0x125d, 0x0)

5.977841021s ago: executing program 2 (id=572):
socket$netlink(0x10, 0x3, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000200)='syzkaller\x00'}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
memfd_create(0x0, 0x7)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x2, 0x17, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r1=>0x0})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x66, &(0x7f0000000780)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, '\x00\'$', 0x30, 0x3a, 0xff, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], @dest_unreach={0x1, 0x4, 0x0, 0x0, '\x00', {0xd, 0x6, "2308d3", 0x1000, 0x0, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1}}}}}}}, 0x0)
ioctl$SIOCGSTAMP(r3, 0x8906, 0x0)
recvmsg(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x20)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f0000000200)='cgroup.controllers\x00', &(0x7f00000002c0)="0f149407", 0x4)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000100)={0x28, 0x7, r1, 0x0, &(0x7f0000ff0000/0x10000)=nil, 0x10000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x5, r1})

5.534336302s ago: executing program 4 (id=573):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x158}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000850000001300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) (fail_nth: 2)

5.044595577s ago: executing program 3 (id=574):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket(0x11, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f00000008c0)={'gre0\x00', &(0x7f0000002c40)={'tunl0\x00', 0x0, 0x1, 0x40, 0x7, 0xc9f857c, {{0x5, 0x4, 0x0, 0x2, 0x14, 0x64, 0x0, 0x5, 0x2f, 0x0, @private=0xa010102, @local}}}})
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, 0x0, &(0x7f00000000c0))
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bond0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_setup(0x186, 0x0, 0x0, &(0x7f0000000000))
shutdown(0xffffffffffffffff, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x7fffffffffffffff}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
add_key(0x0, &(0x7f0000000180), &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
add_key$fscrypt_provisioning(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
timerfd_create(0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
creat(0x0, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x3c1, 0x3, 0x3b8, 0x190, 0xc8, 0x8, 0x0, 0x5803, 0x2e8, 0x2e8, 0x2e8, 0x2e8, 0x2e8, 0x3, 0x0, {[{{@ipv6={@empty, @private1, [], [], 'pim6reg0\x00', 'wlan0\x00'}, 0x0, 0x128, 0x190, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@time={{0x38}, {0x0, 0x0, 0x0, 0x2000000}}, @common=@dst={{0x48}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x1, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x138, 0x158, 0x0, {}, [@common=@unspec=@rateest={{0x68}, {'dvmrp0\x00', 'batadv_slave_1\x00', 0x12, 0x3}}, @inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x418)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x1, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
getuid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)

4.9983882s ago: executing program 4 (id=575):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPGETCONNLIST(r0, 0x800442d2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, @link_local}]})
r1 = getpid()
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
getsockopt(r2, 0xb, 0x2, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket(0x15, 0x5, 0x0)
getsockopt(r5, 0x200000000114, 0x2, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x38, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x9}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, @LWTUNNEL_IP_OPT_VXLAN_GBP={0x8}}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000081}, 0x0)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0014"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

3.991519062s ago: executing program 4 (id=576):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b405000000400004611070000000000066050000020000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48)
r0 = add_key$keyring(&(0x7f0000000540), 0x0, 0x0, 0x0, 0xffffffffffffffff)
r1 = request_key(&(0x7f00000022c0)='user\x00', &(0x7f0000002300)={'syz', 0x1}, &(0x7f0000002340)='\\\x00', 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/meminfo\x00', 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001200), r3)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000001280)={0x34, r4, 0x1, 0x70bd28, 0x25dfdbff, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x20000040)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r5 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r5, 0x114, 0xa, &(0x7f0000000000)=0x1, 0x4)
io_setup(0x6, &(0x7f0000002340)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f00000014c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}])
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r8 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r1)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r8, 0x0)
connect$inet(r7, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="5c00000015006b05c84e21000ab16d6e230675f802000000000100000017d30461bc24eeb502000000e1940d4531c1c71e6182149a36c23d3b48dfd8cdbf0067b098fa51f60a64c9f408000000e7d6000000d70000b6c0504bb9189d", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@broadcast, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @dev, @local, {[@rr={0x7, 0xf, 0x0, [@empty, @empty, @private]}, @timestamp_prespec={0x44, 0xc, 0x0, 0x3, 0x0, [{@loopback}]}, @ssrr={0x89, 0xf, 0x0, [@private, @broadcast, @broadcast]}, @timestamp_addr={0x44, 0x4c, 0x0, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@private}, {}, {@local}, {@loopback}, {@private}, {@multicast2}, {@broadcast}, {@broadcast}]}, @timestamp={0x44, 0x8, 0x0, 0x0, 0x0, [0x0]}]}}}}}}}, 0x0)
request_key(&(0x7f00000022c0)='user\x00', &(0x7f0000002300)={'syz', 0x1}, 0x0, 0x0)

3.703170774s ago: executing program 1 (id=577):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r3=>0x0})
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$IOMMU_VFIO_IOAS$SET(r4, 0x3b88, &(0x7f00000002c0)={0xc})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r8, 0x0, 0x0)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r9 = syz_open_dev$swradio(&(0x7f00000012c0), 0x1, 0x2)
ioctl$VIDIOC_TRY_FMT(r9, 0xc0d05640, &(0x7f0000000080)={0xb, @raw_data="4355303869080408cd249ec7efb301198680b5be6e23aeee037757247f8e7cf0314d80d8580d64e14364154a0a387d927cd57e123ba1efbe01652a5f640684fa5e893e897ccc3074465e163176e53cd24bf2af34498cc63505008850dd4c66c27b1a79895f7fd2f1e0808bce73abcfc38c2403597d41733d28f53f05bb06b0d4f2abb107a766aeb4184284d3088a97541741bb90239de08950c97b7a438137b639689d695fd868a1a509524b4a3a3d3e5afbd859c1ec4e282a50c8b1a2d85bdb653a9ce0918200"})
r10 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r10, &(0x7f00000005c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e22, @remote}, 0x2, 0x4, 0x3, 0x3}}, 0x2e)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000046c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x8000000, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x2, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x40000000, 0x1000, 0x2, 0x0, 0x0, 0x8000002, 0x0, 0x7e150a0b, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x1, 0x100000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x10000, 0x5d2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x1007, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x40000000, 0x0, 0x3, 0x0, 0x1, 0x8, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, 0x9, 0x0, 0x0, 0x7, 0xfbfffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x2, 0x8002000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x7e98263b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x9, 0x10000000, 0x1, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd2d1, 0xfffffffe, 0x0, 0xb2e, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xff, 0x1000, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x6, 0xc3f3, 0x1, 0x0, 0x800, 0x9, 0x800, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0xfffffffe, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0xfffefffd, 0x0, 0x0, 0xd819ac9, 0x1, 0x0, 0x0, 0x9, 0x4, 0x0, 0xffffffff, 0x0, 0x0, 0x80000001, 0x0, 0x10, 0x20, 0x9, 0x400000b2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1000, 0x100, 0x0, 0x0, 0x0, 0x3fffc, 0x0, 0x0, 0xfffffffd, 0x1, 0x4, 0xfffffffe, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x20000040, 0xffffffff, 0x400, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x20, 0xaaf0]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x3, 0x0, 0x0, 0x0, 0xc0000001}, {0x3, 0x0, 0xf, 0x0, 0x0, 0xffffffff}, 0x7, 0x10, 0x2000000}}]}}]}, 0x45c}}, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000001880)=0x40, 0x4)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="800100003e000701feffffff00000000047c00000800428004000800b80009"], 0x180}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
sendmmsg$inet6(r0, &(0x7f0000002a00), 0x0, 0x400c009)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000280), 0x10, &(0x7f00000003c0)={&(0x7f0000000340)={0x4, 0xa00, 0xb3, {}, {}, {0x4}, 0x1, @can={{0x3, 0x1}, 0x6, 0x3, 0x0, 0x0, "b67b3c16c29868b0"}}, 0x48}, 0x1, 0x0, 0x0, 0x4c850}, 0x24040041)

3.522514294s ago: executing program 4 (id=578):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
mmap(&(0x7f0000ff4000/0x3000)=nil, 0x3000, 0x2000004, 0x12, r0, 0xe6905000)

3.451545767s ago: executing program 4 (id=579):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x881)
r1 = dup(r0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x106}}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000002100010000000000000000000a0000000000000000000000050019"], 0x24}}, 0x0)
r2 = socket$inet6(0x10, 0x3, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r3}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='O', 0x1, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, 0x0, 0x8000)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="50000000020605000000000000000000070000030c000300686173683a6970000900020073797a32000000000500040000000000050005000800000005000100060000000c000780080006"], 0x50}}, 0x0)
r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="12010018b1bd2f087d0403508c2f010203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r5, &(0x7f00000000c0)={0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="0000f50000000341e9"], 0x0}, 0x0)
syz_usb_control_io$uac1(r5, 0x0, 0x0)
write$binfmt_misc(r4, 0x0, 0x0)
sendto$inet6(r2, &(0x7f0000000000)='.', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000140)=0xe6e5, 0x4)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf)
setsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000040)=@assoc_value={0x0, 0xcc0}, 0x8)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f00000000c0)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x5}}, 0x1a00)

2.532722315s ago: executing program 1 (id=580):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0xfffe)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0xc0a, 0xffffffffffffffff)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x54d})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f00003cd000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000c9a000/0x2000)=nil)
close_range(r3, 0xffffffffffffffff, 0x0)

2.378626359s ago: executing program 3 (id=581):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r1, 0x4068aea3, &(0x7f0000000100)={0xcc, 0x0, 0x1}) (fail_nth: 4)

1.61396301s ago: executing program 3 (id=582):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$video4linux(&(0x7f00000000c0), 0xfffffffffffffffe, 0x101403)
ioctl$VIDIOC_QUERYMENU(r2, 0xc02c5625, &(0x7f0000000200)={0xfffffff2, 0x80, @name="5c14fd7a8f933d41c63a32f5f9c42db0bdb957994e77d94cfb885b9cf73686e4"})
r3 = openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$smackfs_change_rule(r3, &(0x7f00000004c0)=ANY=[@ANYBLOB='PPPPPP & rwxubl watblL'], 0x16)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000002880), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_HARDIF(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x1c, r4, 0x711, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x28008000}, 0x40000)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r5=>0x0})
creat(&(0x7f0000000040)='./file0\x00', 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r7}, 0x10)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x29)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r9}, 0x10)
pipe2$9p(&(0x7f00000001c0)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {'rfdno', 0x3d, r10}, 0x2c, {'wfdno', 0x3d, r11}})
sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f0000000200)={&(0x7f0000000000), 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x24, r4, 0x20, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}, @BATADV_ATTR_ISOLATION_MASK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)
r12 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x2082, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r12, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x800, 0xbbba, 0x2, 0x18, 0x0, {0x2000000, 0x2007}, {0x9, 0x3, 0xfffffffe}, {0x0, 0xffff0000}, {0x1000000, 0x0, 0x1}, 0x0, 0x3f0, 0x0, 0x4d613, 0x0, 0x0, 0x0, 0x40000000, 0xfffffffd, 0x0, 0x0, 0x0, 0x39, 0x1, 0x1, 0x1})

1.294994507s ago: executing program 2 (id=583):
socket$inet(0x2, 0x1, 0x100)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$bt_hci(r0, &(0x7f0000000580)=ANY=[@ANYBLOB="5200000002"], 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r5 = gettid()
syz_emit_ethernet(0x42, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000078cc65ec84e181004a008847450000300067000001019078e00000020a00e2020c0090780608170045cb007f0064000008110869ffffffffac1e010103e50b461ba30836f09c458d4361fd9e36f165994067f4285d5f39ec53cdccd97d017e9979611fe63069d3231724b237d858f1ed2b66c2d8abbb11b7ca99d1e9740db942ed65306f7ef956b4293c33f4f76324dd293fc3874958065011b64ea825f81a6b587dbb1e6d"], 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
tkill(r5, 0xb)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x4, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, &(0x7f0000000180)=0x6})
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})

1.119644653s ago: executing program 3 (id=584):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmsg(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000004c0)=""/249, 0xf9}], 0x1}, 0x0)
close(r3)
sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x6004, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r5, 0x125d, 0x0)

83.865766ms ago: executing program 3 (id=585):
r0 = socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f0000fef000/0xe000)=nil, 0xe000, 0x8, 0x11, r0, 0x80000000)
r1 = socket(0x1e, 0xa, 0x0)
r2 = socket(0x2, 0x1, 0x0)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SOCK(r3, 0xab00, r2)
ioctl$NBD_DO_IT(r3, 0xab03)
sendto$inet(r2, 0x0, 0x0, 0x20000000, &(0x7f0000000180)={0x2, 0x4e23, @loopback}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r6 = socket(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800)
prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='\\\x00')
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
read$FUSE(r8, &(0x7f0000001300)={0x2020}, 0x2020)
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newtfilter={0x7c, 0x28, 0xd27, 0x1004001, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4c, 0x2, [@TCA_CGROUP_ACT={0x34, 0x1, [@m_gact={0x30, 0x3, 0x0, 0x0, {{0x9}, {0x4}, {0x4, 0x6, "fd"}, {0x1}, {0xc, 0x8, {0x0, 0x1}}}}]}, @TCA_CGROUP_POLICE={0x14, 0x2, [@TCA_POLICE_RESULT={0x8, 0x5, 0x8000}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x9}]}]}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x810}, 0x48c0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f00000000c0)={'veth1_vlan\x00', 0x6bf1c2d5adba9432})
r10 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r10, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
ioctl$TUNSETLINK(r9, 0x400454cd, 0x118)

0s ago: executing program 4 (id=586):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00'}, 0x18)
r4 = syz_open_dev$media(&(0x7f00000006c0), 0x2c29, 0x28004)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r4, 0x80047c05, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.111' (ED25519) to the list of known hosts.
[   84.952923][ T5822] cgroup: Unknown subsys name 'net'
[   85.141853][ T5822] cgroup: Unknown subsys name 'cpuset'
[   85.151629][ T5822] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   86.914190][ T5822] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   89.632309][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   89.640405][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   89.649340][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   89.656781][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   89.664915][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   89.672526][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   89.679915][ T5837] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   89.687837][ T5837] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   89.695259][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   89.702951][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   89.711209][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   89.719010][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   89.728830][ T5841] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   89.737389][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   89.745256][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   89.753020][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   89.758704][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   89.779804][ T5853] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   89.791493][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   89.799658][ T5853] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   89.807671][ T5853] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   89.816465][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   89.826259][ T5853] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   89.849816][ T5853] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   89.878782][ T5853] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   90.319137][ T5840] chnl_net:caif_netlink_parms(): no params data found
[   90.518444][ T5843] chnl_net:caif_netlink_parms(): no params data found
[   90.554088][ T5835] chnl_net:caif_netlink_parms(): no params data found
[   90.754574][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.768820][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.776395][ T5840] bridge_slave_0: entered allmulticast mode
[   90.800841][ T5840] bridge_slave_0: entered promiscuous mode
[   90.810830][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.819281][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.826545][ T5840] bridge_slave_1: entered allmulticast mode
[   90.835545][ T5840] bridge_slave_1: entered promiscuous mode
[   90.935572][ T5844] chnl_net:caif_netlink_parms(): no params data found
[   90.946821][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   90.984783][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.992159][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.999962][ T5843] bridge_slave_0: entered allmulticast mode
[   91.007255][ T5843] bridge_slave_0: entered promiscuous mode
[   91.030586][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.044046][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.067204][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.074691][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.082189][ T5843] bridge_slave_1: entered allmulticast mode
[   91.090111][ T5843] bridge_slave_1: entered promiscuous mode
[   91.124119][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.131546][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.138825][ T5835] bridge_slave_0: entered allmulticast mode
[   91.146054][ T5835] bridge_slave_0: entered promiscuous mode
[   91.211303][ T5840] team0: Port device team_slave_0 added
[   91.217448][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.225084][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.233048][ T5835] bridge_slave_1: entered allmulticast mode
[   91.240704][ T5835] bridge_slave_1: entered promiscuous mode
[   91.273382][ T5840] team0: Port device team_slave_1 added
[   91.296926][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.309458][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.421044][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.428084][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.454382][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.467514][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.474520][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.500754][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.514786][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.527103][ T5843] team0: Port device team_slave_0 added
[   91.573498][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.599576][ T5843] team0: Port device team_slave_1 added
[   91.618913][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.626108][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.633723][ T5833] bridge_slave_0: entered allmulticast mode
[   91.641443][ T5833] bridge_slave_0: entered promiscuous mode
[   91.649677][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.656814][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.664336][ T5833] bridge_slave_1: entered allmulticast mode
[   91.671686][ T5833] bridge_slave_1: entered promiscuous mode
[   91.704400][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.711735][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.719151][ T5844] bridge_slave_0: entered allmulticast mode
[   91.726347][ T5844] bridge_slave_0: entered promiscuous mode
[   91.777696][ T5835] team0: Port device team_slave_0 added
[   91.783658][ T5839] Bluetooth: hci2: command tx timeout
[   91.784718][ T1218] cfg80211: failed to load regulatory.db
[   91.792836][ T5835] team0: Port device team_slave_1 added
[   91.815497][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.824277][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.831537][ T5844] bridge_slave_1: entered allmulticast mode
[   91.838956][ T5844] bridge_slave_1: entered promiscuous mode
[   91.858148][ T5839] Bluetooth: hci1: command tx timeout
[   91.867200][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.876698][ T5839] Bluetooth: hci0: command tx timeout
[   91.881530][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.906424][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.913968][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.940160][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.948378][ T5853] Bluetooth: hci4: command tx timeout
[   91.956383][ T5839] Bluetooth: hci3: command tx timeout
[   91.974928][ T5840] hsr_slave_0: entered promiscuous mode
[   91.981504][ T5840] hsr_slave_1: entered promiscuous mode
[   92.019418][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.026395][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.052494][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.091250][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.098389][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.124809][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.144781][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.170104][ T5833] team0: Port device team_slave_0 added
[   92.184557][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.191809][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.217959][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.232584][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.270564][ T5833] team0: Port device team_slave_1 added
[   92.383299][ T5844] team0: Port device team_slave_0 added
[   92.406881][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.413900][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.440385][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.470358][ T5843] hsr_slave_0: entered promiscuous mode
[   92.476720][ T5843] hsr_slave_1: entered promiscuous mode
[   92.484004][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   92.491902][ T5843] Cannot create hsr debugfs directory
[   92.500269][ T5844] team0: Port device team_slave_1 added
[   92.512343][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.519635][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.545626][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.562970][ T5835] hsr_slave_0: entered promiscuous mode
[   92.569413][ T5835] hsr_slave_1: entered promiscuous mode
[   92.575470][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   92.584009][ T5835] Cannot create hsr debugfs directory
[   92.662574][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.670066][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.696121][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.751158][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.758678][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.784860][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.862710][ T5833] hsr_slave_0: entered promiscuous mode
[   92.869230][ T5833] hsr_slave_1: entered promiscuous mode
[   92.875381][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   92.883383][ T5833] Cannot create hsr debugfs directory
[   93.003491][ T5844] hsr_slave_0: entered promiscuous mode
[   93.010259][ T5844] hsr_slave_1: entered promiscuous mode
[   93.016348][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   93.024294][ T5844] Cannot create hsr debugfs directory
[   93.256798][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   93.272085][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   93.301040][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   93.352735][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   93.462835][ T5843] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   93.478860][ T5843] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   93.490090][ T5843] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   93.511751][ T5843] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   93.584408][ T5835] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   93.595258][ T5835] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   93.610488][ T5835] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   93.645667][ T5835] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   93.744340][ T5833] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   93.766333][ T5833] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   93.791861][ T5833] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   93.805751][ T5833] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   93.859481][ T5839] Bluetooth: hci2: command tx timeout
[   93.885451][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.905012][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.937691][ T5843] 8021q: adding VLAN 0 to HW filter on device team0
[   93.945168][ T5853] Bluetooth: hci1: command tx timeout
[   93.951795][ T5839] Bluetooth: hci0: command tx timeout
[   93.970859][ T5844] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   93.982229][ T5844] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   93.996932][ T5844] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   94.007092][ T5844] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   94.018315][ T5853] Bluetooth: hci3: command tx timeout
[   94.023855][ T5853] Bluetooth: hci4: command tx timeout
[   94.050957][ T1112] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.058293][ T1112] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.080423][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[   94.124906][ T1112] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.132140][ T1112] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.161359][ T1112] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.168552][ T1112] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.207569][ T1112] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.214755][ T1112] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.235931][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.368825][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[   94.415850][ T1112] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.423145][ T1112] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.435756][ T1112] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.442980][ T1112] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.529738][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.584753][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   94.613752][ T1087] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.620912][ T1087] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.666479][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.683698][ T1087] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.690980][ T1087] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.785931][ T5844] 8021q: adding VLAN 0 to HW filter on device team0
[   94.847138][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.854388][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.882562][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.889776][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.956670][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.005162][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.153176][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.203605][ T5843] veth0_vlan: entered promiscuous mode
[   95.253956][ T5840] veth0_vlan: entered promiscuous mode
[   95.267344][ T5843] veth1_vlan: entered promiscuous mode
[   95.304524][ T5840] veth1_vlan: entered promiscuous mode
[   95.443874][ T5840] veth0_macvtap: entered promiscuous mode
[   95.475145][ T5840] veth1_macvtap: entered promiscuous mode
[   95.495856][ T5843] veth0_macvtap: entered promiscuous mode
[   95.532973][ T5843] veth1_macvtap: entered promiscuous mode
[   95.559542][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.603714][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.622197][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.641760][ T5840] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.652081][ T5840] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.661197][ T5840] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.670618][ T5840] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.684422][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.699937][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.718460][ T5843] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.727214][ T5843] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.737870][ T5843] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.746934][ T5843] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.847772][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.909451][ T5833] veth0_vlan: entered promiscuous mode
[   95.939559][ T5853] Bluetooth: hci2: command tx timeout
[   95.951356][ T5833] veth1_vlan: entered promiscuous mode
[   96.020254][ T5839] Bluetooth: hci0: command tx timeout
[   96.025764][ T5853] Bluetooth: hci1: command tx timeout
[   96.056952][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.066340][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.072483][ T1112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.090710][ T5835] veth0_vlan: entered promiscuous mode
[   96.097969][ T1112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.113570][ T5853] Bluetooth: hci4: command tx timeout
[   96.119785][ T5839] Bluetooth: hci3: command tx timeout
[   96.149502][ T5835] veth1_vlan: entered promiscuous mode
[   96.176781][ T5844] veth0_vlan: entered promiscuous mode
[   96.198938][ T5833] veth0_macvtap: entered promiscuous mode
[   96.205440][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.217041][ T5833] veth1_macvtap: entered promiscuous mode
[   96.226130][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.260408][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.268901][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.281448][ T5844] veth1_vlan: entered promiscuous mode
[   96.340634][ T5843] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   96.353539][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.385917][ T5835] veth0_macvtap: entered promiscuous mode
[   96.404090][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.435494][ T5833] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.468372][ T5833] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.477139][ T5833] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.498429][ T5833] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.522938][ T5835] veth1_macvtap: entered promiscuous mode
[   96.580651][ T5844] veth0_macvtap: entered promiscuous mode
[   96.606860][ T5955] tipc: Started in network mode
[   96.615595][ T5955] tipc: Node identity a65a17ded60d, cluster identity 4711
[   96.630910][ T5955] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   96.640368][ T5844] veth1_macvtap: entered promiscuous mode
[   96.666280][ T5955] syzkaller0: entered promiscuous mode
[   96.713248][ T5955] syzkaller0: entered allmulticast mode
[   97.046372][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.054138][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   97.062975][    T0] NOHZ tick-stop error: local softirq work is pending, handler #210!!!
[   97.072528][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   97.329707][ T5959] netlink: 'syz.1.2': attribute type 1 has an invalid length.
[   97.337766][ T5959] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2'.
[   97.397808][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.748713][ T1218] tipc: Node number set to 1884755934
[   97.877322][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.954102][ T5966] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   97.981211][ T5835] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.997332][ T5835] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.007469][ T5835] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.021422][ T5853] Bluetooth: hci2: command tx timeout
[   98.026893][ T5835] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.061659][ T5953] tipc: Resetting bearer <eth:syzkaller0>
[   98.080229][ T5953] tipc: Disabling bearer <eth:syzkaller0>
[   98.098798][ T5853] Bluetooth: hci1: command tx timeout
[   98.104238][ T5853] Bluetooth: hci0: command tx timeout
[   98.148535][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.170859][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.178293][ T5853] Bluetooth: hci4: command tx timeout
[   98.178334][ T5853] Bluetooth: hci3: command tx timeout
[   98.227841][ T5966] kvm: pic: non byte write
[   98.237259][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.351242][ T1087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.366910][ T1087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.383226][ T5844] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.397537][ T5844] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.412276][ T5844] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.434586][ T5844] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.183876][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.193518][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.727048][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.958636][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.255403][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.278472][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  100.287123][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  100.489295][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  100.509451][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  101.061735][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.231283][ T5991] syzkaller0: entered promiscuous mode
[  101.283441][ T5991] syzkaller0: entered allmulticast mode
[  101.721944][ T5988] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.744006][ T5988] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.778079][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  101.798835][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  101.831486][ T5991] netlink: 'syz.2.10': attribute type 1 has an invalid length.
[  101.840278][ T5991] netlink: 224 bytes leftover after parsing attributes in process `syz.2.10'.
[  102.018261][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  103.372772][   T30] audit: type=1326 audit(1755847488.020:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5999 comm="syz.4.5" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa967f8ebe9 code=0x0
[  103.616548][ T6011] netlink: 12 bytes leftover after parsing attributes in process `syz.1.15'.
[  104.293303][ T6012] kvm: pic: non byte write
[  104.308147][ T6015] tipc: Started in network mode
[  104.325829][ T6015] tipc: Node identity 861b72169e1e, cluster identity 4711
[  104.364669][ T6015] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  104.464697][ T6022] syzkaller0: entered promiscuous mode
[  104.548896][ T6022] syzkaller0: entered allmulticast mode
[  105.425016][ T6022] netlink: 'syz.3.4': attribute type 1 has an invalid length.
[  105.433631][ T6022] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4'.
[  105.481470][   T24] tipc: Node number set to 403010070
[  106.185930][ T6035] netlink: zone id is out of range
[  106.255958][ T6038] netlink: del zone limit has 4 unknown bytes
[  106.826611][ T6013] tipc: Resetting bearer <eth:syzkaller0>
[  106.865393][ T6035] netlink: set zone limit has 4 unknown bytes
[  106.920971][ T6013] tipc: Disabling bearer <eth:syzkaller0>
[  107.235364][ T6044] ipvlan2: entered promiscuous mode
[  107.247443][ T6044] bridge0: port 3(ipvlan2) entered blocking state
[  107.295023][ T6048] FAULT_INJECTION: forcing a failure.
[  107.295023][ T6048] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  107.322670][ T6044] bridge0: port 3(ipvlan2) entered disabled state
[  107.329956][ T6044] ipvlan2: entered allmulticast mode
[  107.339902][ T6044] gretap0: entered allmulticast mode
[  107.354803][ T6048] CPU: 1 UID: 0 PID: 6048 Comm: syz.4.22 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  107.354842][ T6048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  107.354860][ T6048] Call Trace:
[  107.354888][ T6048]  <TASK>
[  107.354897][ T6048]  dump_stack_lvl+0x189/0x250
[  107.354934][ T6048]  ? __pfx____ratelimit+0x10/0x10
[  107.354957][ T6048]  ? __pfx_dump_stack_lvl+0x10/0x10
[  107.355008][ T6048]  ? __pfx__printk+0x10/0x10
[  107.355039][ T6048]  ? fs_reclaim_acquire+0x7d/0x100
[  107.355075][ T6048]  should_fail_ex+0x414/0x560
[  107.355104][ T6048]  prepare_alloc_pages+0x213/0x610
[  107.355140][ T6048]  __alloc_frozen_pages_noprof+0x123/0x370
[  107.355168][ T6048]  ? trace_irq_disable+0x37/0x110
[  107.355202][ T6048]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  107.355240][ T6048]  ? policy_nodemask+0x27c/0x720
[  107.355260][ T6048]  ? __lock_acquire+0xab9/0xd20
[  107.355286][ T6048]  alloc_pages_mpol+0x232/0x4a0
[  107.355316][ T6048]  vma_alloc_folio_noprof+0xe4/0x200
[  107.355343][ T6048]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  107.355381][ T6048]  folio_prealloc+0x30/0x180
[  107.355406][ T6048]  __handle_mm_fault+0x2c88/0x5620
[  107.355463][ T6048]  ? __pfx___handle_mm_fault+0x10/0x10
[  107.355521][ T6048]  ? find_vma+0xe7/0x160
[  107.355541][ T6048]  ? __pfx_find_vma+0x10/0x10
[  107.355565][ T6048]  handle_mm_fault+0x2d5/0x7f0
[  107.355611][ T6048]  do_user_addr_fault+0x764/0x1390
[  107.355662][ T6048]  exc_page_fault+0x76/0xf0
[  107.355689][ T6048]  asm_exc_page_fault+0x26/0x30
[  107.355712][ T6048] RIP: 0010:rep_movs_alternative+0x33/0x90
[  107.355744][ T6048] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
[  107.355762][ T6048] RSP: 0018:ffffc9000ac578b8 EFLAGS: 00050212
[  107.355781][ T6048] RAX: 322e30322e30322e RBX: ffff88807a5c0012 RCX: 0000000000000027
[  107.355797][ T6048] RDX: 0000000000000000 RSI: ffff88807a5c0012 RDI: 0000200000019180
[  107.355811][ T6048] RBP: ffffc9000ac57a10 R08: ffff88807a5c0038 R09: 1ffff1100f4b8007
[  107.355827][ T6048] R10: dffffc0000000000 R11: ffffed100f4b8008 R12: dffffc0000000000
[  107.355843][ T6048] R13: 0000000000000000 R14: 00007ffffffff000 R15: 0000000000000027
[  107.355878][ T6048]  _copy_to_iter+0x484/0x16f0
[  107.355920][ T6048]  ? __pfx__copy_to_iter+0x10/0x10
[  107.355947][ T6048]  ? traverse+0x537/0x570
[  107.356002][ T6048]  seq_read_iter+0x2e4/0xe10
[  107.356060][ T6048]  ? __asan_memset+0x22/0x50
[  107.356106][ T6048]  seq_read+0x2e2/0x3d0
[  107.356142][ T6048]  ? __pfx_seq_read+0x10/0x10
[  107.356189][ T6048]  ? __pfx_seq_read+0x10/0x10
[  107.356214][ T6048]  proc_reg_read+0x1e9/0x2e0
[  107.356251][ T6048]  ? __pfx_proc_reg_read+0x10/0x10
[  107.356278][ T6048]  vfs_read+0x200/0x980
[  107.356313][ T6048]  ? __pfx_vfs_read+0x10/0x10
[  107.356343][ T6048]  ? __fget_files+0x2a/0x420
[  107.356366][ T6048]  ? __fget_files+0x2a/0x420
[  107.356384][ T6048]  ? __fget_files+0x3a0/0x420
[  107.356403][ T6048]  ? __fget_files+0x2a/0x420
[  107.356433][ T6048]  __x64_sys_pread64+0x193/0x220
[  107.356453][ T6048]  ? __pfx___x64_sys_pread64+0x10/0x10
[  107.356469][ T6048]  ? rcu_is_watching+0x15/0xb0
[  107.356494][ T6048]  ? do_syscall_64+0xbe/0x3b0
[  107.356519][ T6048]  do_syscall_64+0xfa/0x3b0
[  107.356555][ T6048]  ? lockdep_hardirqs_on+0x9c/0x150
[  107.356575][ T6048]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.356594][ T6048]  ? clear_bhb_loop+0x60/0xb0
[  107.356618][ T6048]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.356637][ T6048] RIP: 0033:0x7fa967f8ebe9
[  107.356660][ T6048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.356676][ T6048] RSP: 002b:00007fa968d89038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  107.356695][ T6048] RAX: ffffffffffffffda RBX: 00007fa9681b5fa0 RCX: 00007fa967f8ebe9
[  107.356709][ T6048] RDX: 0000000000018fd3 RSI: 0000200000019180 RDI: 0000000000000003
[  107.356722][ T6048] RBP: 00007fa968d89090 R08: 0000000000000000 R09: 0000000000000000
[  107.356733][ T6048] R10: 0000000000000c2a R11: 0000000000000246 R12: 0000000000000001
[  107.356745][ T6048] R13: 00007fa9681b6038 R14: 00007fa9681b5fa0 R15: 00007ffd4a9a7018
[  107.356776][ T6048]  </TASK>
[  107.377326][ T6044] ipvlan2: left allmulticast mode
[  107.825223][ T6044] gretap0: left allmulticast mode
[  107.939521][ T5847] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  108.160754][ T6061] Zero length message leads to an empty skb
[  108.198112][ T5847] usb 2-1: Using ep0 maxpacket: 8
[  108.207849][ T5847] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  108.300126][ T5847] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  108.300483][ T5847] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  108.300891][ T5847] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  108.301221][ T5847] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  108.302495][ T5847] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  108.302844][ T5847] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.568347][ T5847] usbtmc 2-1:16.0: probe with driver usbtmc failed with error -22
[  114.853132][ T1218] usb 2-1: USB disconnect, device number 2
[  118.248179][ T1209] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  118.416864][ T1209] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 89, changing to 10
[  118.435787][ T1209] usb 3-1: New USB device found, idVendor=056a, idProduct=00d7, bcdDevice= 0.40
[  118.445228][ T5952] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  118.459824][ T1209] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.475091][ T1209] usb 3-1: Product: syz
[  118.479720][ T1209] usb 3-1: Manufacturer: М
[  118.484385][ T1209] usb 3-1: SerialNumber: syz
[  118.618308][ T5952] usb 1-1: Using ep0 maxpacket: 32
[  118.626411][ T5952] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  118.644277][ T6132] syzkaller0: entered promiscuous mode
[  118.652584][ T5952] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  118.661121][ T6132] syzkaller0: entered allmulticast mode
[  118.701532][ T5952] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  118.724119][ T5952] usb 1-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  118.753942][ T5952] usb 1-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  118.807907][ T5952] usb 1-1: Product: syz
[  118.812739][ T5952] usb 1-1: Manufacturer: syz
[  118.827702][ T5952] usb 1-1: SerialNumber: syz
[  118.898292][ T1209] usbhid 3-1:1.0: can't add hid device: -71
[  118.905922][ T5952] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input6
[  118.918054][ T1209] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[  118.977758][ T1209] usb 3-1: USB disconnect, device number 2
[  120.312205][ T1218] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  120.453451][ T6146] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  120.668421][ T1209] usb 1-1: USB disconnect, device number 2
[  120.811427][ T1218] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  120.846278][ T1218] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  120.875949][ T1218] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  120.917615][ T1218] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.920681][ T1209] appletouch 1-1:1.0: input: appletouch disconnected
[  120.933258][ T1218] usb 3-1: Product: syz
[  120.939940][ T1218] usb 3-1: Manufacturer: syz
[  120.944587][ T1218] usb 3-1: SerialNumber: syz
[  120.999578][ T1218] cdc_mbim 3-1:1.0: MBIM functional descriptor missing
[  121.025915][ T1218] cdc_mbim 3-1:1.0: bind() failure
[  121.186806][ T1218] usb 3-1: USB disconnect, device number 3
[  121.968286][ T1209] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  122.388212][ T1209] usb 4-1: device descriptor read/64, error -71
[  122.672268][ T1209] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  122.998257][ T1209] usb 4-1: device descriptor read/64, error -71
[  123.110871][ T1209] usb usb4-port1: attempt power cycle
[  123.585597][ T1209] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  123.638122][ T1218] usb 2-1: new low-speed USB device number 3 using dummy_hcd
[  123.858984][ T1209] usb 4-1: device descriptor read/8, error -71
[  123.957855][ T1218] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  124.031930][ T1218] usb 2-1: config 0 has no interface number 0
[  124.042574][   T30] audit: type=1326 audit(1755847509.440:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6191 comm="syz.4.60" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa967f8ebe9 code=0x0
[  124.094617][ T1218] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  124.196408][ T1218] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  124.335338][ T1218] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  124.419220][ T1218] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.540145][ T1209] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  124.689840][ T1218] usb 2-1: config 0 descriptor??
[  124.776825][ T6182] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  125.043173][ T1218] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  125.161538][ T1209] usb 4-1: device not accepting address 5, error -71
[  125.180607][ T1209] usb usb4-port1: unable to enumerate USB device
[  125.506063][ T6199] overlayfs: failed to clone lowerpath
[  129.871782][ T1209] usb 2-1: USB disconnect, device number 3
[  129.871939][    C0] iowarrior 2-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  131.735748][ T6238] netlink: 12 bytes leftover after parsing attributes in process `syz.1.69'.
[  132.768899][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  132.775432][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  136.166527][ T6270] netlink: 'syz.3.81': attribute type 4 has an invalid length.
[  136.262174][ T6270] netlink: 'syz.3.81': attribute type 4 has an invalid length.
[  136.530215][ T6277] netlink: del zone limit has 4 unknown bytes
[  136.618256][ T1218] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  136.819154][ T1218] usb 3-1: Using ep0 maxpacket: 16
[  136.914027][ T1218] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  137.060102][ T1218] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  137.222847][ T1218] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  137.382209][ T1218] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  137.438033][ T1218] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.475833][ T1218] usb 3-1: config 0 descriptor??
[  137.980241][ T1218] input: HID 0955:7214 Haptics as /devices/virtual/input/input8
[  138.155724][ T6286] kvm: pic: non byte write
[  138.187895][ T1218] shield 0003:0955:7214.0001: Registered Thunderstrike controller
[  138.273023][ T1218] shield 0003:0955:7214.0001: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0
[  138.896228][   T10] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  138.896557][ T1209] usb 3-1: USB disconnect, device number 4
[  139.068408][   T10] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  139.151351][   T10] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  139.204126][   T10] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  139.242414][ T5853] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  139.253558][ T5853] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  139.268309][ T5853] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  139.325430][ T5853] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  139.336651][ T5853] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  140.134837][ T6301] syzkaller0: entered promiscuous mode
[  140.238120][ T6301] syzkaller0: entered allmulticast mode
[  141.688746][ T5853] Bluetooth: hci5: command tx timeout
[  143.627847][ T6297] chnl_net:caif_netlink_parms(): no params data found
[  143.698115][ T5853] Bluetooth: hci5: command tx timeout
[  143.764554][ T6325] syz.1.93 uses obsolete (PF_INET,SOCK_PACKET)
[  144.883910][ T6340] netlink: 4 bytes leftover after parsing attributes in process `syz.2.97'.
[  144.940939][ T6341] kvm: pic: non byte write
[  145.129398][ T6297] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.136595][ T6297] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.156943][ T6340] netlink: 4 bytes leftover after parsing attributes in process `syz.2.97'.
[  145.168245][ T6297] bridge_slave_0: entered allmulticast mode
[  145.209278][ T6297] bridge_slave_0: entered promiscuous mode
[  145.240052][ T6297] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.288268][ T6297] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.295547][ T6297] bridge_slave_1: entered allmulticast mode
[  145.390064][ T6297] bridge_slave_1: entered promiscuous mode
[  145.790069][ T5853] Bluetooth: hci5: command tx timeout
[  146.682167][ T6297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  146.730173][ T6297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  147.107419][ T6297] team0: Port device team_slave_0 added
[  147.151557][ T6297] team0: Port device team_slave_1 added
[  147.604184][ T6297] batman_adv: batadv0: Adding interface: batadv_slave_0
[  147.888460][ T5853] Bluetooth: hci5: command tx timeout
[  148.248087][ T6297] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.339305][ T6297] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  148.377471][ T6297] batman_adv: batadv0: Adding interface: batadv_slave_1
[  148.419062][ T6297] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.510824][ T6297] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  149.722350][ T6297] hsr_slave_0: entered promiscuous mode
[  149.742286][ T6297] hsr_slave_1: entered promiscuous mode
[  149.759347][ T6388] netlink: 24 bytes leftover after parsing attributes in process `syz.3.111'.
[  149.778983][ T6297] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  149.786775][ T6297] Cannot create hsr debugfs directory
[  149.834515][ T6388] netlink: 16 bytes leftover after parsing attributes in process `syz.3.111'.
[  151.417842][ T6404] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  151.664414][ T6297] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  151.711380][ T6297] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  151.755685][ T6297] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  152.025136][ T6297] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  153.163637][ T6297] 8021q: adding VLAN 0 to HW filter on device bond0
[  153.253017][ T6297] 8021q: adding VLAN 0 to HW filter on device team0
[  153.288372][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.295580][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  153.389581][ T1112] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.396773][ T1112] bridge0: port 2(bridge_slave_1) entered forwarding state
[  153.501797][ T6424] process 'syz.3.121' launched '/dev/fd/8' with NULL argv: empty string added
[  153.861933][ T1087] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.050555][ T1087] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.162315][ T1087] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.280874][ T1087] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.376690][ T6297] 8021q: adding VLAN 0 to HW filter on device batadv0
[  154.617193][ T1087] bridge_slave_1: left allmulticast mode
[  154.633573][ T1087] bridge_slave_1: left promiscuous mode
[  154.644722][ T1087] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.680166][ T1087] bridge_slave_0: left allmulticast mode
[  154.698166][ T1087] bridge_slave_0: left promiscuous mode
[  154.704001][ T1087] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.760982][ T1087] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  158.552072][ T1087] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  158.586346][ T1087] bond0 (unregistering): Released all slaves
[  159.296636][ T6486] netlink: 'syz.4.135': attribute type 4 has an invalid length.
[  161.080182][ T1087] hsr_slave_0: left promiscuous mode
[  161.208212][ T1087] hsr_slave_1: left promiscuous mode
[  161.214433][ T1087] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  161.244858][ T1087] batman_adv: batadv0: Removing interface: batadv_slave_0
[  161.283523][ T1087] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  161.314384][ T1087] batman_adv: batadv0: Removing interface: batadv_slave_1
[  162.070332][ T1087] veth1_macvtap: left promiscuous mode
[  162.076403][ T1087] veth0_macvtap: left promiscuous mode
[  162.087029][ T1087] veth1_vlan: left promiscuous mode
[  162.104003][ T1087] veth0_vlan: left promiscuous mode
[  164.047134][ T6548] xt_hashlimit: size too large, truncated to 1048576
[  164.627941][ T1087] team0 (unregistering): Port device team_slave_1 removed
[  165.010958][   T30] audit: type=1326 audit(1755847550.410:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972db8ebe9 code=0x7ffc0000
[  165.034402][ T1087] team0 (unregistering): Port device team_slave_0 removed
[  165.070337][   T30] audit: type=1326 audit(1755847550.410:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972db8ebe9 code=0x7ffc0000
[  165.096366][   T30] audit: type=1326 audit(1755847550.410:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f972db8ebe9 code=0x7ffc0000
[  165.122865][   T30] audit: type=1326 audit(1755847550.410:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972db8ebe9 code=0x7ffc0000
[  165.171712][   T30] audit: type=1326 audit(1755847550.410:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f972db8ebe9 code=0x7ffc0000
[  165.317367][   T30] audit: type=1326 audit(1755847550.410:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972db8ebe9 code=0x7ffc0000
[  165.471867][ T6561] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  167.101353][   T10] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  167.306845][   T10] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  167.327004][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.336846][   T10] usb 2-1: Product: syz
[  167.344907][   T10] usb 2-1: Manufacturer: syz
[  167.350653][   T10] usb 2-1: SerialNumber: syz
[  167.362910][   T10] usb 2-1: config 0 descriptor??
[  168.386573][   T10] hso 2-1:0.0: Failed to find INT IN ep
[  168.414431][   T10] usb-storage 2-1:0.0: USB Mass Storage device detected
[  168.615961][ T6579] netlink: 'syz.2.160': attribute type 13 has an invalid length.
[  168.672277][ T6579] netlink: 'syz.2.160': attribute type 17 has an invalid length.
[  169.474802][   T10] usb 2-1: USB disconnect, device number 4
[  169.620937][ T6579] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  169.736856][ T6297] veth0_vlan: entered promiscuous mode
[  169.918965][ T6594] input: syz1 as /devices/virtual/input/input11
[  169.967870][ T6297] veth1_vlan: entered promiscuous mode
[  170.627673][ T6606] netlink: 32 bytes leftover after parsing attributes in process `syz.1.165'.
[  170.847739][ T6297] veth0_macvtap: entered promiscuous mode
[  170.880531][ T6297] veth1_macvtap: entered promiscuous mode
[  171.577180][ T6297] batman_adv: batadv0: Interface activated: batadv_slave_0
[  171.600995][ T6297] batman_adv: batadv0: Interface activated: batadv_slave_1
[  171.700632][ T6297] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  171.730401][ T6297] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  171.739583][ T6297] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  171.748727][ T6297] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  172.047369][ T6630] hub 8-0:1.0: USB hub found
[  172.123772][ T6630] hub 8-0:1.0: 1 port detected
[  173.208374][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  173.240438][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  173.356711][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  173.369824][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  173.468723][ T1209] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  173.677221][ T1209] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  173.691497][ T1209] usb 5-1: config 0 has no interface number 0
[  173.709002][ T1209] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 30768, setting to 64
[  173.744512][ T1209] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  173.782591][ T1209] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.828672][ T1209] usb 5-1: config 0 descriptor??
[  174.595051][ T6658] hub 8-0:1.0: USB hub found
[  174.601250][ T6658] hub 8-0:1.0: 1 port detected
[  175.217553][ T1209] usbhid 5-1:0.1: can't add hid device: -71
[  175.231419][ T1209] usbhid 5-1:0.1: probe with driver usbhid failed with error -71
[  175.257297][ T1209] usb 5-1: USB disconnect, device number 2
[  177.263802][   T36] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.426458][ T1209] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  177.500148][   T36] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.613334][ T1209] usb 5-1: Using ep0 maxpacket: 32
[  177.621229][ T1209] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  177.638326][ T1209] usb 5-1: config 0 has no interface number 0
[  177.644475][ T1209] usb 5-1: config 0 interface 184 has no altsetting 0
[  177.660406][ T1209] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  177.670044][   T36] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.685907][ T1209] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.708330][ T1209] usb 5-1: Product: syz
[  177.712558][ T1209] usb 5-1: Manufacturer: syz
[  177.717172][ T1209] usb 5-1: SerialNumber: syz
[  177.754321][ T1209] usb 5-1: config 0 descriptor??
[  177.792952][ T6680] capability: warning: `syz.2.182' uses 32-bit capabilities (legacy support in use)
[  177.800804][ T1209] smsc75xx v1.0.0
[  177.829392][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  177.850790][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  177.853271][   T36] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.879362][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  177.892243][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  177.918105][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  177.935422][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  177.955462][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  177.993212][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  178.013211][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  178.040182][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  178.070965][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  178.104027][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  178.136266][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  178.194228][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  178.213654][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  178.234928][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  178.274405][    T9] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0
[  178.328732][   T36] bridge_slave_1: left allmulticast mode
[  178.334902][   T36] bridge_slave_1: left promiscuous mode
[  178.340759][    T9] hid-generic 0002:0004:0009.0002: hidraw0: <UNKNOWN> HID v0.04 Device [syz0] on syz0
[  178.424803][ T1209] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  178.446399][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.502497][ T1209] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  178.723142][ T6690] fido_id[6690]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  178.851180][   T36] bridge_slave_0: left allmulticast mode
[  178.871489][   T36] bridge_slave_0: left promiscuous mode
[  178.923342][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.036977][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  179.047780][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  179.056338][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  179.088546][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  179.102722][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  179.191035][ T1209] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[  179.239466][ T1209] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[  179.269953][ T5952] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  179.299256][ T1209] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  179.318644][ T5952] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  179.347165][ T1209] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71
[  179.407289][ T1209] usb 5-1: USB disconnect, device number 3
[  181.148601][ T5839] Bluetooth: hci0: command tx timeout
[  181.375559][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  181.415188][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  181.639550][   T30] audit: type=1326 audit(1755847568.012:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6718 comm="syz.3.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  182.044369][   T30] audit: type=1326 audit(1755847568.012:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6718 comm="syz.3.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  182.080103][   T36] bond0 (unregistering): Released all slaves
[  182.086886][   T30] audit: type=1326 audit(1755847568.012:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6718 comm="syz.3.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  182.112460][   T30] audit: type=1326 audit(1755847568.012:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6718 comm="syz.3.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  182.266670][   T30] audit: type=1326 audit(1755847568.012:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6718 comm="syz.3.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  182.388701][   T30] audit: type=1326 audit(1755847568.012:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6718 comm="syz.3.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=292 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  182.520862][   T30] audit: type=1326 audit(1755847568.022:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6718 comm="syz.3.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  182.632165][   T30] audit: type=1326 audit(1755847568.022:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6718 comm="syz.3.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  182.676360][   T30] audit: type=1326 audit(1755847568.022:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6718 comm="syz.3.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  182.831225][   T30] audit: type=1326 audit(1755847568.022:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6718 comm="syz.3.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  183.439808][ T5839] Bluetooth: hci0: command tx timeout
[  185.839539][ T5853] Bluetooth: hci0: command tx timeout
[  187.928370][ T5853] Bluetooth: hci0: command tx timeout
[  188.679136][   T36] hsr_slave_0: left promiscuous mode
[  188.778180][   T36] hsr_slave_1: left promiscuous mode
[  188.784350][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  188.829428][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  188.833680][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  188.833717][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  188.953073][   T36] veth1_macvtap: left promiscuous mode
[  188.953190][   T36] veth0_macvtap: left promiscuous mode
[  188.953386][   T36] veth1_vlan: left promiscuous mode
[  188.953515][   T36] veth0_vlan: left promiscuous mode
[  189.177900][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  189.178201][   T30] audit: type=1326 audit(1755847575.552:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6772 comm="syz.3.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  189.178268][   T30] audit: type=1326 audit(1755847575.552:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6772 comm="syz.3.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  189.178313][   T30] audit: type=1326 audit(1755847575.552:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6772 comm="syz.3.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  189.178357][   T30] audit: type=1326 audit(1755847575.562:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6772 comm="syz.3.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  189.178400][   T30] audit: type=1326 audit(1755847575.562:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6772 comm="syz.3.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  189.178443][   T30] audit: type=1326 audit(1755847575.562:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6772 comm="syz.3.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=292 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  189.178487][   T30] audit: type=1326 audit(1755847575.562:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6772 comm="syz.3.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  189.178597][   T30] audit: type=1326 audit(1755847575.562:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6772 comm="syz.3.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b6478ebe9 code=0x7ffc0000
[  190.166317][ T6792] netlink: 24 bytes leftover after parsing attributes in process `syz.1.205'.
[  190.339051][ T6798] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  190.957559][   T36] team0 (unregistering): Port device team_slave_1 removed
[  191.091369][   T36] team0 (unregistering): Port device team_slave_0 removed
[  194.208582][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  194.215198][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  196.034802][   T30] audit: type=1326 audit(1755847582.432:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6849 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972db8ebe9 code=0x7ffc0000
[  196.217004][   T30] audit: type=1326 audit(1755847582.432:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6849 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f972db8ebe9 code=0x7ffc0000
[  196.488384][   T30] audit: type=1326 audit(1755847582.432:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6849 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972db8ebe9 code=0x7ffc0000
[  196.764517][   T30] audit: type=1326 audit(1755847582.452:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6849 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972db8ebe9 code=0x7ffc0000
[  196.820152][   T30] audit: type=1326 audit(1755847582.452:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6849 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f972db8ebe9 code=0x7ffc0000
[  196.856317][   T30] audit: type=1326 audit(1755847582.452:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6849 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972db8ebe9 code=0x7ffc0000
[  196.913334][   T30] audit: type=1326 audit(1755847582.452:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6849 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972db8ebe9 code=0x7ffc0000
[  196.957116][   T30] audit: type=1326 audit(1755847582.452:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6849 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f972db8ebe9 code=0x7ffc0000
[  196.984628][   T30] audit: type=1326 audit(1755847582.452:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6849 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972db8ebe9 code=0x7ffc0000
[  197.029123][   T30] audit: type=1326 audit(1755847582.452:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6849 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972db8ebe9 code=0x7ffc0000
[  200.595191][ T6697] chnl_net:caif_netlink_parms(): no params data found
[  202.328443][ T6697] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.433406][   T30] kauditd_printk_skb: 15 callbacks suppressed
[  202.433446][   T30] audit: type=1326 audit(1755847588.812:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6916 comm="syz.4.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa967f8ebe9 code=0x7ffc0000
[  202.987721][ T6697] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.995150][ T6697] bridge_slave_0: entered allmulticast mode
[  203.004026][ T6697] bridge_slave_0: entered promiscuous mode
[  203.105364][   T30] audit: type=1326 audit(1755847588.812:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6916 comm="syz.4.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa967f8ebe9 code=0x7ffc0000
[  203.150352][   T30] audit: type=1326 audit(1755847588.822:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6916 comm="syz.4.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=229 compat=0 ip=0x7fa967f8ebe9 code=0x7ffc0000
[  203.159988][ T6697] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.178781][   T30] audit: type=1326 audit(1755847588.822:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6916 comm="syz.4.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa967f8ebe9 code=0x7ffc0000
[  203.205315][   T30] audit: type=1326 audit(1755847588.822:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6916 comm="syz.4.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa967f8ebe9 code=0x7ffc0000
[  203.279756][ T6697] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.491323][ T6697] bridge_slave_1: entered allmulticast mode
[  203.500128][ T6697] bridge_slave_1: entered promiscuous mode
[  203.521932][ T6906] kthread_run failed with err -4
[  203.668327][   T30] audit: type=1326 audit(1755847590.012:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6924 comm="syz.4.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa967f8ebe9 code=0x7ffc0000
[  204.248137][   T30] audit: type=1326 audit(1755847590.022:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6924 comm="syz.4.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa967f8ebe9 code=0x7ffc0000
[  204.272673][   T30] audit: type=1326 audit(1755847590.022:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6924 comm="syz.4.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7fa967f8ebe9 code=0x7ffc0000
[  204.296827][   T30] audit: type=1326 audit(1755847590.022:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6924 comm="syz.4.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa967f8ebe9 code=0x7ffc0000
[  204.348250][   T30] audit: type=1326 audit(1755847590.022:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6924 comm="syz.4.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa967f8ebe9 code=0x7ffc0000
[  204.411840][ T6933] xt_hashlimit: size too large, truncated to 1048576
[  204.441453][ T6697] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  204.495322][ T6697] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  204.781187][ T6697] team0: Port device team_slave_0 added
[  204.825030][ T6697] team0: Port device team_slave_1 added
[  205.128898][ T6697] batman_adv: batadv0: Adding interface: batadv_slave_0
[  205.138000][ T6697] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  205.229088][ T6697] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  205.270886][ T6697] batman_adv: batadv0: Adding interface: batadv_slave_1
[  205.290710][ T6697] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  205.396790][ T6697] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  206.457880][ T6959] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  207.849107][ T6697] hsr_slave_0: entered promiscuous mode
[  207.855684][ T6697] hsr_slave_1: entered promiscuous mode
[  208.787227][ T6697] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  208.806242][ T6697] Cannot create hsr debugfs directory
[  208.967608][ T6972] veth0_vlan: entered allmulticast mode
[  209.275246][ T6980] =======================================================
[  209.275246][ T6980] WARNING: The mand mount option has been deprecated and
[  209.275246][ T6980]          and is ignored by this kernel. Remove the mand
[  209.275246][ T6980]          option from the mount to silence this warning.
[  209.275246][ T6980] =======================================================
[  209.349847][ T6980] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  209.888163][ T6982] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  216.742406][ T5156] Bluetooth: hci1: command 0x0406 tx timeout
[  216.750927][ T5850] Bluetooth: hci3: command 0x0406 tx timeout
[  216.756980][ T5850] Bluetooth: hci2: command 0x0406 tx timeout
[  216.998271][ T7038] netlink: del zone limit has 4 unknown bytes
[  217.746705][ T7046] netlink: del zone limit has 4 unknown bytes
[  218.239564][ T6697] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  218.461008][ T6697] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  218.487324][ T6697] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  218.570601][ T6697] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  219.224818][ T7074] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  219.297285][ T6697] 8021q: adding VLAN 0 to HW filter on device bond0
[  219.551086][ T7076] netlink: 'syz.1.273': attribute type 1 has an invalid length.
[  219.990437][ T6697] 8021q: adding VLAN 0 to HW filter on device team0
[  220.018892][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.026038][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  220.149798][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.156973][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.765304][   T30] kauditd_printk_skb: 7 callbacks suppressed
[  221.765337][   T30] audit: type=1326 audit(1755847607.952:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7087 comm="syz.4.275" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa967f8ebe9 code=0x0
[  224.651026][ T7113] netlink: del zone limit has 4 unknown bytes
[  226.297015][ T6697] 8021q: adding VLAN 0 to HW filter on device batadv0
[  230.172794][ T6697] veth0_vlan: entered promiscuous mode
[  230.222630][ T6697] veth1_vlan: entered promiscuous mode
[  230.334580][ T6697] veth0_macvtap: entered promiscuous mode
[  230.362972][ T6697] veth1_macvtap: entered promiscuous mode
[  230.469999][ T6697] batman_adv: batadv0: Interface activated: batadv_slave_0
[  230.578294][ T6697] batman_adv: batadv0: Interface activated: batadv_slave_1
[  230.658159][ T6697] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  230.691127][ T6697] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  230.733253][ T6697] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  230.757872][ T6697] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  231.141582][   T30] audit: type=1326 audit(1755847617.532:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7175 comm="syz.3.292" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7b6478ebe9 code=0x0
[  231.760118][ T7178] netlink: del zone limit has 4 unknown bytes
[  232.303860][ T5986] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  232.354476][ T5986] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  232.429459][ T7186] capability: warning: `syz.3.294' uses deprecated v2 capabilities in a way that may be insecure
[  232.512749][ T6256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  232.529753][ T6256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  233.539497][ T7202] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  237.763259][ T7232] netlink: del zone limit has 4 unknown bytes
[  237.796815][ T7234] netlink: 40 bytes leftover after parsing attributes in process `syz.2.305'.
[  239.092273][ T7255] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  239.192970][ T7259] syzkaller0: entered promiscuous mode
[  239.216167][ T7259] syzkaller0: entered allmulticast mode
[  239.431168][ T7255] netlink: 'syz.1.307': attribute type 1 has an invalid length.
[  239.438943][ T7255] netlink: 224 bytes leftover after parsing attributes in process `syz.1.307'.
[  240.305116][ T7252] tipc: Resetting bearer <eth:syzkaller0>
[  240.722579][ T7252] tipc: Disabling bearer <eth:syzkaller0>
[  240.741403][ T7274] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  241.457994][ T7277] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  241.842561][ T7270] ip6t_srh: unknown srh match flags  4000
[  242.339123][ T5851] Bluetooth: hci4: command 0x0406 tx timeout
[  243.117770][ T7287] kvm: pic: non byte write
[  248.863004][ T7349] netlink: 12 bytes leftover after parsing attributes in process `syz.1.327'.
[  253.882368][ T7393] sctp: failed to load transform for md5: -2
[  255.633263][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  255.669672][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  256.557181][ T7440] overlayfs: failed to resolve './file0': -2
[  257.396898][ T7449] netlink: del zone limit has 4 unknown bytes
[  258.182587][ T7457] netlink: 'syz.6.349': attribute type 10 has an invalid length.
[  258.234214][ T7456] warning: `syz.6.349' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  258.434656][ T7457] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  259.209094][ T7486] netlink: 4 bytes leftover after parsing attributes in process `syz.6.356'.
[  261.363153][ T7500] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  261.370739][ T7500] IPv6: NLM_F_CREATE should be set when creating new route
[  261.378144][ T7500] IPv6: NLM_F_CREATE should be set when creating new route
[  261.504124][ T7506] 9pnet_fd: Insufficient options for proto=fd
[  263.395941][ T7518] netlink: 'syz.2.362': attribute type 1 has an invalid length.
[  265.048863][ T7542] netlink: del zone limit has 4 unknown bytes
[  265.200795][   T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  265.368508][   T10] usb 5-1: Using ep0 maxpacket: 32
[  265.385478][   T10] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[  265.406338][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.423652][   T10] usb 5-1: Product: syz
[  265.432255][   T10] usb 5-1: Manufacturer: syz
[  265.443669][   T10] usb 5-1: SerialNumber: syz
[  265.461768][   T10] usb 5-1: config 0 descriptor??
[  265.713157][   T10] RobotFuzz Open Source InterFace, OSIF 5-1:0.0: version d4.15 found at bus 005 address 004
[  265.911299][   T10] usb 5-1: USB disconnect, device number 4
[  268.717142][   T10] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  268.887471][ T7587] netlink: 'syz.3.377': attribute type 1 has an invalid length.
[  269.290903][   T10] usb 5-1: Using ep0 maxpacket: 8
[  269.307357][   T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  269.339074][   T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  269.348996][ T7591] ieee802154 phy0 wpan0: encryption failed: -22
[  269.368104][   T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  269.398024][   T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  269.421494][   T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  269.449628][   T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  269.477985][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.531175][   T10] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22
[  274.938089][   T10] usb 5-1: USB disconnect, device number 5
[  275.058043][ T1218] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  275.260314][ T1218] usb 4-1: config 0 has an invalid interface number: 216 but max is 0
[  275.415298][ T1218] usb 4-1: config 0 has no interface number 0
[  275.502567][ T1218] usb 4-1: config 0 interface 216 altsetting 0 endpoint 0x7 has invalid maxpacket 528, setting to 64
[  275.943220][ T1218] usb 4-1: New USB device found, idVendor=05da, idProduct=0094, bcdDevice=f6.f7
[  276.118047][ T1218] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  276.227966][ T1218] usb 4-1: Product: syz
[  276.232231][ T1218] usb 4-1: Manufacturer: syz
[  276.304120][ T1218] usb 4-1: SerialNumber: syz
[  276.391543][ T1218] usb 4-1: config 0 descriptor??
[  276.423158][ T1218] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 7 is not bulk.
[  276.488114][ T1218] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 3 is not bulk.
[  276.549706][ T1218] microtek usb (rev 0.4.3): couldn't find two input bulk endpoints. Bailing out.
[  276.869074][ T7646] netlink: 'syz.4.389': attribute type 1 has an invalid length.
[  277.101472][ T5827] usb 4-1: USB disconnect, device number 6
[  277.143274][   T30] audit: type=1326 audit(1755847663.532:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7639 comm="syz.6.388" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa47438ebe9 code=0x0
[  277.371388][ T7641] tmpfs: Unknown parameter 'mpo'
[  280.348917][ T1218] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  280.695739][ T1218] usb 4-1: Using ep0 maxpacket: 8
[  280.705515][ T1218] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  280.740763][ T1218] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  280.789938][ T1218] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  280.814916][ T1218] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  280.911106][ T1218] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  280.968961][ T1218] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  280.989288][ T1218] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.034842][ T1218] usbtmc 4-1:16.0: probe with driver usbtmc failed with error -22
[  281.087841][ T7686] syzkaller0: entered promiscuous mode
[  281.105453][ T7686] syzkaller0: entered allmulticast mode
[  283.314617][ T6031] usb 4-1: USB disconnect, device number 7
[  287.864776][ T7744] netlink: 'syz.1.413': attribute type 1 has an invalid length.
[  288.840067][ T7756] 9pnet_fd: Insufficient options for proto=fd
[  288.848006][ T5827] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  289.007973][ T5827] usb 3-1: Using ep0 maxpacket: 32
[  289.019940][ T5827] usb 3-1: config 0 has an invalid interface number: 29 but max is 0
[  289.032220][ T5827] usb 3-1: config 0 has no interface number 0
[  289.050876][ T7756] netlink: 36 bytes leftover after parsing attributes in process `syz.6.417'.
[  289.088093][ T5827] usb 3-1: config 0 interface 29 has no altsetting 0
[  289.773775][ T5827] usb 3-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  289.898528][ T5827] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.924211][ T5827] usb 3-1: Product: syz
[  289.930574][ T5827] usb 3-1: Manufacturer: syz
[  289.935311][ T5827] usb 3-1: SerialNumber: syz
[  289.971990][ T5827] usb 3-1: config 0 descriptor??
[  290.315869][ T5827] peak_usb 3-1:0.29: PEAK-System PCAN-USB X6 v0 fw v0.0.0 (2 channels)
[  291.036965][ T5827] peak_usb 3-1:0.29 can0: sending command failure: -8
[  291.076797][ T5827] peak_usb 3-1:0.29 can0: sending command failure: -8
[  291.238376][ T5827] peak_usb 3-1:0.29 can0: sending command failure: -8
[  291.704105][ T7791] ceph: No mds server is up or the cluster is laggy
[  291.711475][ T6031] libceph: connect (1)[c::]:6789 error -101
[  291.717063][ T6031] libceph: mon0 (1)[c::]:6789 connect error
[  291.993045][ T6031] libceph: connect (1)[c::]:6789 error -101
[  291.994102][ T6031] libceph: mon0 (1)[c::]:6789 connect error
[  292.853307][ T7800] netlink: 4 bytes leftover after parsing attributes in process `syz.3.426'.
[  292.899803][ T5827] peak_usb 3-1:0.29: probe with driver peak_usb failed with error -8
[  292.960657][ T5827] usb 3-1: USB disconnect, device number 5
[  293.044688][ T7808] netlink: 'syz.2.427': attribute type 1 has an invalid length.
[  293.608480][ T7813] netlink: del zone limit has 4 unknown bytes
[  293.793101][ T7815] Dead loop on virtual device ip6_vti0, fix it urgently!
[  293.800900][ T7815] Dead loop on virtual device ip6_vti0, fix it urgently!
[  293.808318][ T7815] Dead loop on virtual device ip6_vti0, fix it urgently!
[  293.815685][ T7815] Dead loop on virtual device ip6_vti0, fix it urgently!
[  293.823046][ T7815] Dead loop on virtual device ip6_vti0, fix it urgently!
[  293.830547][ T7815] Dead loop on virtual device ip6_vti0, fix it urgently!
[  294.165678][ T7821] netlink: 4468 bytes leftover after parsing attributes in process `syz.2.432'.
[  294.174871][ T7821] netlink: 8 bytes leftover after parsing attributes in process `syz.2.432'.
[  295.460554][ T7806] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  295.467699][ T5853] Bluetooth: hci0: command 0x0401 tx timeout
[  297.105088][ T7841] overlayfs: failed to resolve './file0': -2
[  298.468331][ T7861] ceph: No mds server is up or the cluster is laggy
[  298.515027][ T6031] libceph: connect (1)[c::]:6789 error -101
[  298.642839][ T6031] libceph: mon0 (1)[c::]:6789 connect error
[  299.078383][ T6031] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  299.465894][ T6031] usb 4-1: device descriptor read/64, error -71
[  300.188564][ T6031] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  301.388311][ T6031] usb 4-1: device descriptor read/64, error -71
[  301.498296][ T6031] usb usb4-port1: attempt power cycle
[  302.418272][ T5827] libceph: connect (1)[c::]:6789 error -101
[  302.424377][ T5827] libceph: mon0 (1)[c::]:6789 connect error
[  302.428027][ T6031] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  302.760526][ T6031] usb 4-1: device not accepting address 10, error -71
[  302.799901][ T7891] ceph: No mds server is up or the cluster is laggy
[  302.865243][ T7905] overlayfs: failed to resolve './file0': -2
[  303.144749][ T5827] libceph: connect (1)[c::]:6789 error -101
[  303.273986][ T5827] libceph: mon0 (1)[c::]:6789 connect error
[  304.022046][ T5851] Bluetooth: hci0: command 0x0401 tx timeout
[  304.036613][ T7906] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  305.306532][ T7906] netlink: 'syz.3.450': attribute type 1 has an invalid length.
[  306.066514][ T7906] netlink: 224 bytes leftover after parsing attributes in process `syz.3.450'.
[  306.406750][ T7902] tipc: Disabling bearer <eth:syzkaller0>
[  306.658565][ T6031] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  306.689100][ T7943] ceph: No mds server is up or the cluster is laggy
[  307.081109][ T5935] libceph: connect (1)[c::]:6789 error -101
[  307.116140][ T5935] libceph: mon0 (1)[c::]:6789 connect error
[  307.308004][ T6031] usb 3-1: Using ep0 maxpacket: 16
[  307.333075][ T6031] usb 3-1: config 8 has an invalid interface number: 39 but max is 0
[  307.373117][ T6031] usb 3-1: config 8 has no interface number 0
[  307.557954][ T6031] usb 3-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F
[  307.569925][ T6031] usb 3-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0
[  307.586194][ T6031] usb 3-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 0
[  307.596117][ T6031] usb 3-1: config 8 interface 39 has no altsetting 0
[  307.606273][ T6031] usb 3-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  307.711308][ T6031] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.972497][ T6031] usb 3-1: Product: syz
[  308.085635][ T6031] usb 3-1: Manufacturer: syz
[  308.257093][ T6031] usb 3-1: SerialNumber: syz
[  309.221867][ T7966] netlink: 'syz.3.459': attribute type 4 has an invalid length.
[  309.265023][ T7966] netlink: 'syz.3.459': attribute type 4 has an invalid length.
[  309.323251][ T6031] ipheth 3-1:8.39: ipheth_get_macaddr: usb_control_msg: short packet: 0 bytes
[  309.475319][ T6031] ipheth 3-1:8.39: probe with driver ipheth failed with error -22
[  309.760854][ T6031] usb 3-1: USB disconnect, device number 6
[  310.124155][ T7977] overlayfs: failed to resolve './file0': -2
[  310.556259][ T7988] 9pnet_fd: Insufficient options for proto=fd
[  311.340153][ T7991] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  311.352400][ T7991] batadv_slave_0: entered promiscuous mode
[  311.687229][ T8000] kvm: pic: non byte write
[  312.001250][ T8012] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  312.011265][ T8012] batadv_slave_0: entered promiscuous mode
[  314.889243][ T8033] ieee802154 phy0 wpan0: encryption failed: -22
[  315.811873][ T8050] overlayfs: failed to resolve './file0': -2
[  316.909727][ T8052] netlink: 48 bytes leftover after parsing attributes in process `syz.1.477'.
[  317.064108][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  317.072609][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  317.117097][ T8052] orangefs_mount: mount request failed with -4
[  317.313035][ T8061] netlink: 80 bytes leftover after parsing attributes in process `syz.2.479'.
[  317.798723][ T8068] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.481'.
[  317.854476][ T8070] netlink: zone id is out of range
[  317.870072][ T8070] netlink: zone id is out of range
[  318.005146][ T8070] netlink: set zone limit has 4 unknown bytes
[  321.466918][ T8105] sctp: failed to load transform for md5: -2
[  321.942953][ T8129] netlink: zone id is out of range
[  321.988563][ T8129] netlink: zone id is out of range
[  322.095881][ T8129] netlink: set zone limit has 4 unknown bytes
[  324.547205][ T8157] netlink: 8 bytes leftover after parsing attributes in process `syz.3.502'.
[  324.556741][ T8157] netlink: 24 bytes leftover after parsing attributes in process `syz.3.502'.
[  325.478487][ T5971] libceph: connect (1)[c::]:6789 error -101
[  325.484626][ T5971] libceph: mon0 (1)[c::]:6789 connect error
[  325.538226][ T8174] ceph: No mds server is up or the cluster is laggy
[  326.106533][ T5971] libceph: connect (1)[c::]:6789 error -101
[  326.123819][ T5971] libceph: mon0 (1)[c::]:6789 connect error
[  328.808808][   T30] audit: type=1326 audit(1755847715.182:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8213 comm="syz.3.515" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7b6478ebe9 code=0x0
[  332.137951][ T8249] 9pnet_fd: Insufficient options for proto=fd
[  333.969080][ T8269] batman_adv: batadv0: Adding interface: dummy0
[  333.975421][ T8269] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  334.148933][ T8269] batman_adv: batadv0: Interface activated: dummy0
[  334.299370][ T8270] batadv0: mtu less than device minimum
[  334.306795][ T8270] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  334.318995][ T8270] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  334.331024][ T8270] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  334.342977][ T8270] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  334.354892][ T8270] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  334.366784][ T8270] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  334.378847][ T8270] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  334.390827][ T8270] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  334.402774][ T8270] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  334.567203][ T8281] netlink: 12 bytes leftover after parsing attributes in process `syz.2.531'.
[  334.912972][ T8263] netlink: 'syz.4.528': attribute type 10 has an invalid length.
[  335.041667][ T8263] 8021q: adding VLAN 0 to HW filter on device batadv0
[  335.277076][ T8263] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  337.293531][ T5971] libceph: connect (1)[c::]:6789 error -101
[  337.333336][ T8308] ceph: No mds server is up or the cluster is laggy
[  337.350970][ T5971] libceph: mon0 (1)[c::]:6789 connect error
[  338.869577][ T8326] netlink: 8 bytes leftover after parsing attributes in process `syz.6.538'.
[  338.900346][ T8326] netlink: 8 bytes leftover after parsing attributes in process `syz.6.538'.
[  340.459948][ T8341] tipc: Started in network mode
[  340.464895][ T8341] tipc: Node identity 5611580b28ff, cluster identity 4711
[  340.493707][ T8341] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  340.553085][ T8345] syzkaller0: entered promiscuous mode
[  340.579060][ T8345] syzkaller0: entered allmulticast mode
[  341.565175][ T8345] netlink: 'syz.6.542': attribute type 1 has an invalid length.
[  341.575046][ T8345] netlink: 224 bytes leftover after parsing attributes in process `syz.6.542'.
[  341.629716][ T6031] tipc: Node number set to 2129549323
[  341.774521][ T8350] afs: Unknown parameter 'dyén'
[  342.135133][ T8337] tipc: Resetting bearer <eth:syzkaller0>
[  343.180975][ T8337] tipc: Disabling bearer <eth:syzkaller0>
[  343.638677][ T8375] gtp0: entered promiscuous mode
[  344.081787][ T8396] net_ratelimit: 11 callbacks suppressed
[  344.081831][ T8396] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  344.193721][ T5827] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  344.632514][ T5827] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  344.684138][ T5827] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 7
[  344.812930][ T5827] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  344.832801][ T5827] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.852761][ T5827] usb 4-1: Product: syz
[  344.859066][ T5827] usb 4-1: Manufacturer: syz
[  344.867364][ T5827] usb 4-1: SerialNumber: syz
[  345.096177][ T5827] usb 4-1: config 0 descriptor??
[  345.938198][ T5827] usb 4-1: USB disconnect, device number 12
[  346.281896][ T8425] fuse: Bad value for 'fd'
[  348.323886][ T8454] netlink: 112 bytes leftover after parsing attributes in process `syz.2.563'.
[  349.204093][ T5935] libceph: connect (1)[c::]:6789 error -101
[  349.217648][ T8468] ceph: No mds server is up or the cluster is laggy
[  349.286195][ T5935] libceph: mon0 (1)[c::]:6789 connect error
[  351.608496][ T5935] usb 2-1: new low-speed USB device number 5 using dummy_hcd
[  352.038057][ T5935] usb 2-1: device descriptor read/64, error -71
[  352.313580][ T5935] usb 2-1: new low-speed USB device number 6 using dummy_hcd
[  352.457983][ T5935] usb 2-1: device descriptor read/64, error -71
[  352.582678][ T5935] usb usb2-port1: attempt power cycle
[  352.751507][ T8504] FAULT_INJECTION: forcing a failure.
[  352.751507][ T8504] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  352.775957][ T8504] CPU: 0 UID: 0 PID: 8504 Comm: syz.4.573 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  352.775999][ T8504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  352.776018][ T8504] Call Trace:
[  352.776026][ T8504]  <TASK>
[  352.776035][ T8504]  dump_stack_lvl+0x189/0x250
[  352.776074][ T8504]  ? __pfx____ratelimit+0x10/0x10
[  352.776095][ T8504]  ? __pfx_dump_stack_lvl+0x10/0x10
[  352.776117][ T8504]  ? __pfx__printk+0x10/0x10
[  352.776142][ T8504]  ? __might_fault+0xb0/0x130
[  352.776173][ T8504]  should_fail_ex+0x414/0x560
[  352.776199][ T8504]  _copy_from_user+0x2d/0xb0
[  352.776228][ T8504]  ___sys_recvmsg+0x12e/0x510
[  352.776253][ T8504]  ? __pfx____sys_recvmsg+0x10/0x10
[  352.776297][ T8504]  ? __fget_files+0x3a0/0x420
[  352.776349][ T8504]  do_recvmmsg+0x307/0x770
[  352.776380][ T8504]  ? __pfx_do_recvmmsg+0x10/0x10
[  352.776415][ T8504]  ? _copy_from_user+0x94/0xb0
[  352.776462][ T8504]  __x64_sys_recvmmsg+0x1af/0x240
[  352.776486][ T8504]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  352.776505][ T8504]  ? rcu_is_watching+0x15/0xb0
[  352.776548][ T8504]  ? do_syscall_64+0xbe/0x3b0
[  352.776576][ T8504]  do_syscall_64+0xfa/0x3b0
[  352.776617][ T8504]  ? lockdep_hardirqs_on+0x9c/0x150
[  352.776640][ T8504]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.776661][ T8504]  ? clear_bhb_loop+0x60/0xb0
[  352.776695][ T8504]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.776716][ T8504] RIP: 0033:0x7fa967f8ebe9
[  352.776740][ T8504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  352.776758][ T8504] RSP: 002b:00007fa968d89038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  352.776788][ T8504] RAX: ffffffffffffffda RBX: 00007fa9681b5fa0 RCX: 00007fa967f8ebe9
[  352.776804][ T8504] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  352.776819][ T8504] RBP: 00007fa968d89090 R08: 0000200000003700 R09: 0000000000000000
[  352.776833][ T8504] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001
[  352.776845][ T8504] R13: 00007fa9681b6038 R14: 00007fa9681b5fa0 R15: 00007ffd4a9a7018
[  352.776880][ T8504]  </TASK>
[  353.248029][ T5935] usb 2-1: new low-speed USB device number 7 using dummy_hcd
[  353.538785][ T5935] usb 2-1: device descriptor read/8, error -71
[  353.628828][ T8525] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  354.248275][ T5935] usb 2-1: new low-speed USB device number 8 using dummy_hcd
[  354.298128][ T8524] mmap: syz.3.574 (8524) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  354.328075][ T5935] usb 2-1: device descriptor read/8, error -71
[  354.438987][ T5935] usb usb2-port1: unable to enumerate USB device
[  355.012978][ T8544] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  355.069058][ T8545] netlink: 172 bytes leftover after parsing attributes in process `syz.1.577'.
[  355.915888][ T8552] FAULT_INJECTION: forcing a failure.
[  355.915888][ T8552] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  355.930084][ T8552] CPU: 0 UID: 0 PID: 8552 Comm: syz.3.581 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  355.930103][ T8552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  355.930112][ T8552] Call Trace:
[  355.930118][ T8552]  <TASK>
[  355.930124][ T8552]  dump_stack_lvl+0x189/0x250
[  355.930145][ T8552]  ? __pfx____ratelimit+0x10/0x10
[  355.930162][ T8552]  ? __pfx_dump_stack_lvl+0x10/0x10
[  355.930179][ T8552]  ? __pfx__printk+0x10/0x10
[  355.930197][ T8552]  ? __lock_acquire+0xab9/0xd20
[  355.930223][ T8552]  should_fail_ex+0x414/0x560
[  355.930243][ T8552]  strncpy_from_user+0x36/0x290
[  355.930271][ T8552]  strncpy_from_user_nofault+0x72/0x150
[  355.930291][ T8552]  bpf_bprintf_prepare+0xb9b/0x1410
[  355.930313][ T8552]  ? __kernel_text_address+0xd/0x40
[  355.930344][ T8552]  ? __pfx_bpf_bprintf_prepare+0x10/0x10
[  355.930368][ T8552]  ? __lock_acquire+0xab9/0xd20
[  355.930382][ T8552]  ? bpf_trace_printk+0xc1/0x190
[  355.930402][ T8552]  bpf_trace_printk+0xdb/0x190
[  355.930416][ T8552]  ? __lock_acquire+0xab9/0xd20
[  355.930431][ T8552]  ? __pfx_bpf_trace_printk+0x10/0x10
[  355.930448][ T8552]  ? bpf_trace_run2+0x186/0x4b0
[  355.930482][ T8552]  bpf_prog_7c77c7e0f6645ad8+0x3e/0x44
[  355.930496][ T8552]  bpf_trace_run2+0x284/0x4b0
[  355.930516][ T8552]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  355.930542][ T8552]  ? bpf_trace_run2+0x186/0x4b0
[  355.930562][ T8552]  ? __pfx_bpf_trace_run2+0x10/0x10
[  355.930584][ T8552]  ? __bpf_trace_contention_begin+0xcd/0x130
[  355.930605][ T8552]  __bpf_trace_contention_begin+0xdc/0x130
[  355.930621][ T8552]  ? __pfx___bpf_trace_contention_begin+0x10/0x10
[  355.930637][ T8552]  ? fdget_pos+0x247/0x320
[  355.930655][ T8552]  ? fdget_pos+0x247/0x320
[  355.930679][ T8552]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  355.930697][ T8552]  trace_contention_begin+0xf4/0x120
[  355.930715][ T8552]  __mutex_lock+0x193/0xe80
[  355.930731][ T8552]  ? __lock_acquire+0xab9/0xd20
[  355.930748][ T8552]  ? fdget_pos+0x247/0x320
[  355.930766][ T8552]  ? __pfx___mutex_lock+0x10/0x10
[  355.930785][ T8552]  ? __fget_files+0x2a/0x420
[  355.930804][ T8552]  ? __fget_files+0x3a0/0x420
[  355.930818][ T8552]  ? __fget_files+0x2a/0x420
[  355.930854][ T8552]  fdget_pos+0x247/0x320
[  355.930873][ T8552]  ksys_read+0x79/0x250
[  355.930885][ T8552]  ? __fget_files+0x3a0/0x420
[  355.930900][ T8552]  ? __fget_files+0x2a/0x420
[  355.930916][ T8552]  ? __pfx_ksys_read+0x10/0x10
[  355.930934][ T8552]  ? do_syscall_64+0xbe/0x3b0
[  355.930953][ T8552]  do_syscall_64+0xfa/0x3b0
[  355.930970][ T8552]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.930984][ T8552]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  355.930998][ T8552]  ? clear_bhb_loop+0x60/0xb0
[  355.931016][ T8552]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.931030][ T8552] RIP: 0033:0x7f7b6478d5fc
[  355.931043][ T8552] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  355.931055][ T8552] RSP: 002b:00007f7b6558a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  355.931070][ T8552] RAX: ffffffffffffffda RBX: 00007f7b649b5fa0 RCX: 00007f7b6478d5fc
[  355.931081][ T8552] RDX: 000000000000000f RSI: 00007f7b6558a0a0 RDI: 0000000000000005
[  355.931090][ T8552] RBP: 00007f7b6558a090 R08: 0000000000000000 R09: 0000000000000000
[  355.931099][ T8552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  355.931107][ T8552] R13: 00007f7b649b6038 R14: 00007f7b649b5fa0 R15: 00007ffd192336c8
[  355.931130][ T8552]  </TASK>
[  356.398048][   T24] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  356.558444][   T24] usb 5-1: Using ep0 maxpacket: 8
[  357.834180][ T1218] libceph: connect (1)[c::]:6789 error -101
[  357.850883][ T1218] libceph: mon0 (1)[c::]:6789 connect error
[  357.866023][ T8583] ceph: No mds server is up or the cluster is laggy
[  358.418876][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[  358.461340][   T24] usb 5-1: unable to read config index 0 descriptor/start: -71
[  358.469039][   T24] usb 5-1: can't read configurations, error -71
[  358.546764][ T8591] 
[  358.549175][ T8591] ======================================================
[  358.556230][ T8591] WARNING: possible circular locking dependency detected
[  358.563458][ T8591] 6.16.0-syzkaller #0 Not tainted
[  358.568522][ T8591] ------------------------------------------------------
[  358.575557][ T8591] syz.3.585/8591 is trying to acquire lock:
[  358.581547][ T8591] ffff8880255f4188 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  358.592565][ T8591] 
[  358.592565][ T8591] but task is already holding lock:
[  358.599956][ T8591] ffff8880255f4230 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x131/0xeb0
[  358.608907][ T8591] 
[  358.608907][ T8591] which lock already depends on the new lock.
[  358.608907][ T8591] 
[  358.619333][ T8591] 
[  358.619333][ T8591] the existing dependency chain (in reverse order) is:
[  358.628370][ T8591] 
[  358.628370][ T8591] -> #2 (&nbd->config_lock){+.+.}-{4:4}:
[  358.636241][ T8591]        lock_acquire+0x120/0x360
[  358.641301][ T8591]        __mutex_lock+0x182/0xe80
[  358.646354][ T8591]        refcount_dec_and_mutex_lock+0x30/0xa0
[  358.652531][ T8591]        nbd_config_put+0x2c/0x790
[  358.657667][ T8591]        nbd_release+0xfe/0x140
[  358.662549][ T8591]        bdev_release+0x533/0x650
[  358.667600][ T8591]        blkdev_release+0x15/0x20
[  358.672653][ T8591]        __fput+0x449/0xa70
[  358.677195][ T8591]        fput_close_sync+0x119/0x200
[  358.682520][ T8591]        __x64_sys_close+0x7f/0x110
[  358.687778][ T8591]        do_syscall_64+0xfa/0x3b0
[  358.692825][ T8591]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.699254][ T8591] 
[  358.699254][ T8591] -> #1 (&disk->open_mutex){+.+.}-{4:4}:
[  358.707165][ T8591]        lock_acquire+0x120/0x360
[  358.712240][ T8591]        __mutex_lock+0x182/0xe80
[  358.717388][ T8591]        __del_gendisk+0x129/0x9e0
[  358.722530][ T8591]        del_gendisk+0xe8/0x160
[  358.727399][ T8591]        loop_remove+0x42/0xc0
[  358.732199][ T8591]        loop_control_ioctl+0x4ac/0x5a0
[  358.737753][ T8591]        __se_sys_ioctl+0xfc/0x170
[  358.742892][ T8591]        do_syscall_64+0xfa/0x3b0
[  358.747944][ T8591]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.754362][ T8591] 
[  358.754362][ T8591] -> #0 (&set->update_nr_hwq_lock){++++}-{4:4}:
[  358.762809][ T8591]        validate_chain+0xb9b/0x2140
[  358.768196][ T8591]        __lock_acquire+0xab9/0xd20
[  358.773409][ T8591]        lock_acquire+0x120/0x360
[  358.778448][ T8591]        down_write+0x96/0x1f0
[  358.783234][ T8591]        blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  358.789501][ T8591]        nbd_start_device+0x16c/0xac0
[  358.794886][ T8591]        nbd_ioctl+0x636/0xeb0
[  358.799685][ T8591]        blkdev_ioctl+0x5a8/0x6d0
[  358.804725][ T8591]        __se_sys_ioctl+0xfc/0x170
[  358.809856][ T8591]        do_syscall_64+0xfa/0x3b0
[  358.814894][ T8591]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.821309][ T8591] 
[  358.821309][ T8591] other info that might help us debug this:
[  358.821309][ T8591] 
[  358.831536][ T8591] Chain exists of:
[  358.831536][ T8591]   &set->update_nr_hwq_lock --> &disk->open_mutex --> &nbd->config_lock
[  358.831536][ T8591] 
[  358.845734][ T8591]  Possible unsafe locking scenario:
[  358.845734][ T8591] 
[  358.853199][ T8591]        CPU0                    CPU1
[  358.858561][ T8591]        ----                    ----
[  358.863925][ T8591]   lock(&nbd->config_lock);
[  358.868530][ T8591]                                lock(&disk->open_mutex);
[  358.875651][ T8591]                                lock(&nbd->config_lock);
[  358.882769][ T8591]   lock(&set->update_nr_hwq_lock);
[  358.887994][ T8591] 
[  358.887994][ T8591]  *** DEADLOCK ***
[  358.887994][ T8591] 
[  358.896168][ T8591] 1 lock held by syz.3.585/8591:
[  358.901107][ T8591]  #0: ffff8880255f4230 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x131/0xeb0
[  358.910453][ T8591] 
[  358.910453][ T8591] stack backtrace:
[  358.916356][ T8591] CPU: 1 UID: 0 PID: 8591 Comm: syz.3.585 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  358.916377][ T8591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  358.916388][ T8591] Call Trace:
[  358.916395][ T8591]  <TASK>
[  358.916402][ T8591]  dump_stack_lvl+0x189/0x250
[  358.916426][ T8591]  ? __pfx_dump_stack_lvl+0x10/0x10
[  358.916446][ T8591]  ? __pfx__printk+0x10/0x10
[  358.916469][ T8591]  ? print_lock_name+0xde/0x100
[  358.916492][ T8591]  print_circular_bug+0x2ee/0x310
[  358.916515][ T8591]  check_noncircular+0x134/0x160
[  358.916538][ T8591]  validate_chain+0xb9b/0x2140
[  358.916559][ T8591]  ? stack_depot_save_flags+0x40/0x900
[  358.916585][ T8591]  __lock_acquire+0xab9/0xd20
[  358.916604][ T8591]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  358.916627][ T8591]  lock_acquire+0x120/0x360
[  358.916641][ T8591]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  358.916668][ T8591]  ? __mutex_trylock_common+0x153/0x260
[  358.916691][ T8591]  down_write+0x96/0x1f0
[  358.916712][ T8591]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  358.916734][ T8591]  ? __pfx_down_write+0x10/0x10
[  358.916754][ T8591]  ? rcu_is_watching+0x15/0xb0
[  358.916772][ T8591]  ? trace_contention_end+0x39/0x120
[  358.916792][ T8591]  ? __mutex_lock+0x330/0xe80
[  358.916811][ T8591]  blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  358.916836][ T8591]  ? blkdev_common_ioctl+0xfc3/0x2450
[  358.916856][ T8591]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  358.916873][ T8591]  ? nbd_ioctl+0x131/0xeb0
[  358.916896][ T8591]  ? __pfx___mutex_lock+0x10/0x10
[  358.916917][ T8591]  nbd_start_device+0x16c/0xac0
[  358.916939][ T8591]  ? security_capable+0x7e/0x2e0
[  358.916963][ T8591]  nbd_ioctl+0x636/0xeb0
[  358.916987][ T8591]  ? __pfx_nbd_ioctl+0x10/0x10
[  358.917008][ T8591]  ? __asan_memset+0x22/0x50
[  358.917032][ T8591]  ? smack_file_ioctl+0x24a/0x340
[  358.917048][ T8591]  ? __pfx_smack_file_ioctl+0x10/0x10
[  358.917064][ T8591]  ? __pfx_nbd_ioctl+0x10/0x10
[  358.917087][ T8591]  blkdev_ioctl+0x5a8/0x6d0
[  358.917107][ T8591]  ? __pfx_blkdev_ioctl+0x10/0x10
[  358.917125][ T8591]  ? __fget_files+0x2a/0x420
[  358.917146][ T8591]  ? bpf_lsm_file_ioctl+0x9/0x20
[  358.917166][ T8591]  ? __pfx_blkdev_ioctl+0x10/0x10
[  358.917185][ T8591]  __se_sys_ioctl+0xfc/0x170
[  358.917211][ T8591]  do_syscall_64+0xfa/0x3b0
[  358.917230][ T8591]  ? lockdep_hardirqs_on+0x9c/0x150
[  358.917253][ T8591]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.917270][ T8591]  ? clear_bhb_loop+0x60/0xb0
[  358.917290][ T8591]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.917306][ T8591] RIP: 0033:0x7f7b6478ebe9
[  358.917322][ T8591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  358.917337][ T8591] RSP: 002b:00007f7b65569038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  358.917355][ T8591] RAX: ffffffffffffffda RBX: 00007f7b649b6090 RCX: 00007f7b6478ebe9
[  358.917369][ T8591] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000005
[  358.917379][ T8591] RBP: 00007f7b64811e19 R08: 0000000000000000 R09: 0000000000000000
[  358.917390][ T8591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  358.917400][ T8591] R13: 00007f7b649b6128 R14: 00007f7b649b6090 R15: 00007ffd192336c8
[  358.917419][ T8591]  </TASK>
[  359.268548][ T5853] block nbd3: Receive control failed (result -107)
[  359.638298][ T8587] block nbd3: shutting down sockets