last executing test programs:

9m31.006561571s ago: executing program 32 (id=1415):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x4}, 0x38)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="a03728002d00010026bd7000fcdbdf250400000005000b00", @ANYRES32=r0, @ANYBLOB="81120c"], 0x37a0}, 0x1, 0x0, 0x0, 0x2004001d}, 0x20000000)

2m28.076603784s ago: executing program 33 (id=3008):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80b00, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$setregs(0xd, r1, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000044082, 0x0)
fallocate(r3, 0x11, 0x0, 0x4000000000002)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="d01000003f0007012dbd7000fbdbdf25047c00000400fc800c0001800600060008", @ANYRES64=r4], 0x10d0}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)

2m22.89702947s ago: executing program 34 (id=3075):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
rt_sigaction(0x8, 0x0, 0x0, 0x0, 0x0)
lseek(0xffffffffffffffff, 0x9, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x10, 0xfff1}}}, 0x24}}, 0x44884)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
rt_sigqueueinfo(0x0, 0x11, &(0x7f00000002c0)={0x9, 0x6, 0x100})
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x8012, r4, 0x2000)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x129a02, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x60880, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd25, 0x6, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {}, {0x8, 0x3}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8035}, @TCA_FLOWER_KEY_ARP_SHA={0xa, 0x3f, @local}, @TCA_FLOWER_KEY_ARP_SHA_MASK={0xa, 0x40, [0x0, 0x0, 0x0, 0xff, 0xff]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24020000}, 0x44010)
r8 = syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
r9 = syz_open_dev$char_usb(0xc, 0xb4, 0x800000000000)
syz_usb_disconnect(r8)
ioctl$EXT4_IOC_MIGRATE(r9, 0x6609)
r10 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r10, 0x0, 0x0)
syz_usb_control_io(r10, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)

2m3.436125855s ago: executing program 35 (id=3131):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
rt_sigaction(0x8, 0x0, 0x0, 0x0, 0x0)
lseek(0xffffffffffffffff, 0x9, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x10, 0xfff1}}}, 0x24}}, 0x44884)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
rt_sigqueueinfo(0x0, 0x11, &(0x7f00000002c0)={0x9, 0x6, 0x100})
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x8012, r4, 0x2000)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x129a02, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x60880, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd25, 0x6, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {}, {0x8, 0x3}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8035}, @TCA_FLOWER_KEY_ARP_SHA={0xa, 0x3f, @local}, @TCA_FLOWER_KEY_ARP_SHA_MASK={0xa, 0x40, [0x0, 0x0, 0x0, 0xff, 0xff]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24020000}, 0x44010)
r8 = syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
r9 = syz_open_dev$char_usb(0xc, 0xb4, 0x800000000000)
syz_usb_disconnect(r8)
ioctl$EXT4_IOC_MIGRATE(r9, 0x6609)
r10 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r10, 0x0, 0x0)
syz_usb_ep_write(r10, 0x81, 0x2, &(0x7f0000000280)="935a")

2m2.387646477s ago: executing program 3 (id=3180):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x24, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000002000200028bd7000000000000a0020640000000700000000080017004e204e2114000200fc010000000000000000010000000000"], 0x38}, 0x1, 0x0, 0x0, 0x24040804}, 0x4080001)

2m2.325161672s ago: executing program 3 (id=3182):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@ipv6_newrule={0x2c, 0x20, 0x2d2c6d60ea1da725, 0x70bd29, 0x25dfdbfd, {0xa, 0x0, 0x0, 0xcd, 0xff, 0x0, 0x0, 0x1, 0x10002}, [@FIB_RULE_POLICY=@FRA_PRIORITY={0x8}, @FIB_RULE_POLICY=@FRA_PROTOCOL={0x5, 0x15, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040090}, 0x40000)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in=@broadcast, 0xfffc, 0x0, 0x0, 0x0, 0xa, 0x0, 0x120}, {0x500000000000000, 0x0, 0x0, 0x0, 0x800000000}}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8)
r5 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r5, 0x0, 0x2044800)
sendmsg$key(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
close(r4)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b8000000120001"], 0xb8}}, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000000c0)=0xff)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x7f)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=@newlink={0x40, 0x10, 0x503, 0x70bd27, 0x20000, {0x0, 0x0, 0x0, 0x0, 0x1d961}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @private=0xa010100}]}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x7}]}, 0x40}}, 0x4080)
setsockopt$inet6_tcp_int(r6, 0x6, 0x8, &(0x7f0000000300)=0x1000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r6)
setsockopt$sock_int(r6, 0x1, 0x12, &(0x7f0000000140)=0x2, 0x4)

2m0.234283749s ago: executing program 7 (id=3189):
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x20004048, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @empty, 0x4}, 0x1c)
getsockopt$inet_int(r0, 0x0, 0xe, 0x0, &(0x7f0000000500)=0x3) (fail_nth: 2)

1m59.817829458s ago: executing program 7 (id=3190):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'wlan1\x00', <r2=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000080)={@private0, 0x73, r2})
ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f00000000c0)={@empty, 0x5c, r2})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x48, 0x0, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e21, 0x6, @local, 0x3ff}, 0x1c)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f00000001c0))
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000340)=0xd)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000640)=0x10)
close(r3)
r5 = syz_usb_connect$hid(0x2, 0x0, 0x0, 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_open_dev$dri(&(0x7f00000002c0), 0x64, 0x1a3900)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r8, @ANYBLOB="fe000000000000001c0012000c000100626f6e00000c0002000800010004"], 0x3c}, 0x1, 0x0, 0x0, 0x4000001}, 0x40000)
r9 = socket(0x28, 0x1, 0x7e6)
sendmsg$nl_route(r7, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000001000030400000000fcffffff00000000c019b351bcabbbd40c679b34ea348ec7287b38de1ffaf2ab25ca39247b6eeb5586647e733f6cceedfa14c465a9afe3eb0e02362a43ee5221b7510054bedcb889819e5219eb96e53ec4325182", @ANYRES32=r8, @ANYBLOB="7fff000000000000"], 0x20}}, 0x0)
socket(0x1, 0x803, 0x0)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)

1m59.796220059s ago: executing program 3 (id=3191):
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x541b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x5, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff07fff0e5373526a01edb"], 0x1c}, 0x1, 0x0, 0x0, 0x48050}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x0)
recvmmsg$unix(r2, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1}}], 0x4000000000003b9, 0x26022, 0x0)

1m58.514241765s ago: executing program 5 (id=3192):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, 0x0, 0x0)

1m58.304112874s ago: executing program 5 (id=3193):
syz_emit_ethernet(0x3e, &(0x7f0000001200)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd60b8192300087301fe8000000000000000000000000000aafe80000000000000000000000020b86567474f30f57551ad"], 0x0)
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000013c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x20363159, [0x0, 0x8000000], [0x8200, 0x1]}}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1d"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x12, r1, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000100)={r1, &(0x7f00000014c0)="c6b7b0e6f3b2b4d339a43ec492cbf6dabb9cfed30262f7e7c037c625eecd86e61761fd2a31408d7bfa392362a142dd3ead0f3793b6fb8eaac10c3b48ce7c99c02b0d2b2c13571a54f781598e0222662ee7075fb04907c31c879423f5326a2e740f49d5a48d4c344cbb2319b4523890f6dcb182200902f42ea9b2c3499b5309d0bb8c7651eea5307e34b239accd9483f5d9021e65b0c4f3ce952657110f2bc52561558927624932bbf10574a64e2853495870699dd796f981bc8570e2b8d0f133519565fc6f16c09545b2a8e11857ff36b62c1f6e7029340461ca3efaca81b1a984df5f7ee443433cc6dd13a27e6de93310fd8aae3b2de3d6b268ba58aaa86ab7d7e0a4837cba02efe2d2eb94ef25331ad06f35e816941330ce38b43dcbd8c12fc5eb1dd4aff5fa208d2347885482efd6e0eb7903bf7d47ab0040ed78c2caee1cfcb2d8394f3b2505dfda3dcca69fa342ed761d7d3d003c80f0b6cd7dd35c9a290c001c25dc03ed9f508f958b91ba65e2c33468573c37846c6e0c667bc0bfa1576d6e00d81943c16bceebb96763268aefafc0d2d42842b97525e51339a1c6445c44ac2626eddb01c5e55bea0a2dcd83a4b21f6fd02f941552e3050d292662011e3d8d30b62d11e7da8d83585b2c2458e80539e1f4933b77e211853608a3ad277faba32114298d2708d160a2eb52b5ba5663827166ffe9ee52c79d3f2dbf9b35f5d7957f1a73f516cb87291ed7673cc27d2fd32ecf5176f4ee010c56f157a0bd206f3ff715f75e4fbb3ac895ae1bff36bbbb4f90d27ca7cba5e6fb68970206b729f826a7f1d14968964c62455d6cda2ddd1865a8c3dffa88a57c026a963ebac16af99e5c112ff2d376242e7b6049ca3655c60bd41e88d3ebadd616b4835817a07d43c05e9a97c9b27fa6926f08be9efd4f66a502b7d4a8ee8277093488e3fde6b6fcdbede62c4296b0f77e73165c08f52c63a35d6f2db0f8895a09511d745b4193ee88c4fc1d63e0d175fcba5f61b659ded0bfae39b92240918d50ccf4ae36f514757c8ad099c3b9ab954a31039c26a30181c909d1d91d5bbc2e2971b11718da1cabecaad3af31a5df573c448d5612e48e66413257b06d76d251f80cd6a8586f131395cf9de6110c39a1aaee6f4857d7734c8eae683f2b63b08579c26030cda9bb9a1acd7516c0e39183f99de604ec39c72683d5e31eb51f1afe06baf006d79205bebde9247ee1e96b7767975abc72d591d92f8672a54323a2aed86c46380bf9fc40e3e0831483f478d01e9f090647ed8069bdc41e17de74b3bf930b32d3acbbfa023edf51f2faadce5db5d5da27873fd42c1a592ae769c28667c5fc4772f631022c7fc939721a4f4818ef94e3d7da3e05c756df0034a2d04fdddc787a1e030dc74cd198c87d7a8d0e7c47b8301a3825a5d44750b3125239df90a984d3cae183e8ada8eff6addae2411819339f7f9abc8c3b1bbcd967c48388e564666bf05730211c96f7606897470456a95338fa0040754df48963d85df41ebfd7b3911c6fd682176ea3d8f56733351128651515ea230c3e0b80cc5e0412ab2fc2275c8139e2115ca69d49d83580a7441ddd212cc855c1d8ed8c3a9a72d0eb77cd58effa7a9244d1d1457ed1f5fe5d6a438787456fc6b44bd1b65c2ae028da7439b5a110bd71e6a711af95678075c01505f1780d008ad460aa02be4b7ba029d1c84b1494e8f13972882b881dbbdfe7b5e2254611a94cf80d009e520d5ec8265fcc73edfa785782c626f077cae72176e14de436191c53746d4f886d706cfd0517b0cf9c2d01ee2281c22e7df5a903305e03bfe1dbc00de78c0a171da6a5633d4a6937a8fac02eab14ff17da3d4795f9859fc4c822493601e1cad0b082a828d555239e026ff014b5f1d7c5222792098969f0db4fb8c070584b21407cf55123625e82d97c2def06cef9e8de30fe03e46ae8734f7d6f65c848528ffd4db64f08d29f50f3867a9cdb6857a88b734ca6ac7196653ca046d1eddfd2803985a934a584d62ca3b854ef2b60cf1946cd1d0e71acd41220ba8e498597697df4cd4b869b74c7d0f6f74f9f06489149ce819f35e6179168220786697acb68f9fbd1cb405d8dc021285e510aa68ddced84b3d501d79945fed67a35e8f9c0408a4408553e9ae10aed7fb7e2d51655b34ca07b681e3a5bbaed8bf7236dd51a3ddaed15e7b8306af65a4b32d80cc23a6656448a38f6ed7b2cde4c0f8239c6f501f4004c7c0d9673d5fd1ae2cb301182d279924e2b10b6a51c0d54b83a9595e9fd428ad77560729a33edc4a5313ba81e003b18ed56d8923c7c92215817ea7c42e9b6c246f5818cc9cf4ede40d5a087e4df49ef66e5fd545e7bf289ee86ba11285de00b64d140c46b4949f659101d54054e76592eecdd69b7ac3b41b9a378fc696c50e6a5d12fbaa06efb6fa1f4705ae13e07c6cd02cc2de091a5f223c0a461de361e8369f470205de5e9581c8119ae4c9cad77ccc6ca9dc7d147a96ecd17bff15f924aaf93fedc4cd2fba0e637a6cfa0d2ef20ac89cbffb0e7fc658db86da976ffb60aecf608480b2306011fe015a748a369620ad0c6a0e54d1ba05cdc2404cf3a05a851e8001c4c48a0cc4787dabb8c1cf26bca339d8478c1b93434ff1ea47ed25ae703ba2915ce56ecaa82b929b717ab2cbf80817891d09ef3ce9f653e2234281758be93ba15dca6b33a1c19459591420190ff8d8b7a11699316018a0ba168aeaffa720e0ed3aa821af4f9de9b700300220233f7daca2d5c2499af198176a0278ef24f7f0f40c73986b86fa9aa47f5524b81e4a9b69aa214be79de07bcb8ac713b547c1d0a9ecc30852b6cbf9b0db886c191d010a0e2b7c3218a9fee6ff881cdd53221016c4e74f47500fd5df9778f0ba66067bd05aab15ef2b52e2fbd3e381dc6bc6b32243fc681ddf4b52cbeb53bc0ce37aa22dc1fd974460d88895be10f419f3a2e4a2e5460077579f26782b1e1bdbfb97d53c09a624a1e1a0130809bfb1760fbc109ce7f8f6641711709167458cb73d54f22f584d0bbe1e3cdef8f44f4f19941a738b1e3872be926a7ac2878898a6ca191b5813542bbf2c3bd56e03a9785424e0c0d24ff4f0f8476e2319b8e73e241fe2582c5b4efb7d6d22f8e74856e458bfa78946974fe1b20c9caeac29f76dc3f7c4927114cbc5a5bdfcf5925ec31ab14917665358069f0f3fe4e7e8fa098f660a13a7a71691abfba73b227d1c46a9892256310d50c2b00ba7b9abc437546f726041ffe6a23fbb0352fa3765a63e4e0f14b329677a618acce94a99e8a9e7c3fe394bf376004d16c7300b45a8e9deb5943372c1b433a05c2cc638fa137a77dbdb86b01f9e8f626a8b0e4470927741173076e4d7c2f0d6d5dea0452a7ff216dea380d848c087e668bcbce2984b38d730ed55fcc576a01a8d6bd01c3e396d7e75e54a3126dd99730a3cb4603cbb1f7b38f33be8a92d2cd7ee2873a4a97116d5789f10d81aa919dc00943b87501d61a60cec945b94e98930bdc62588c59458b319a050b7bf1253912f1eabf2f080cf7c88e35fe0f043deef2709478f914eeb72e333c141f01e047e9fc07f4885920f74f47f0d2b0494d1ceb34b4b3524e98d4c58d9bc61c3ddb03684f9969941c32e39dd5ea75832f3f325d8168a5d84dbd4fb52f61d6f4e8311abbd625ad9c6657370fb79460b2cad62d355797e0c050684624adeb1448ccfdfafd274c6c52ff9ab87553f0d96d6d475cea9ca8ae414181b77fb7d46e2b5226e06b601218340fe6373e34a7a33fa9cccf00447f81fbe83aee4d42468082a8774476eee4468b1fc4a618879883ee41c2399ea61dbdad857d92b47248b1114b2c34189cfd896acb330d84b785b21650292003027a5ac18b752ee5d3a31967aed3694fedbf2f481b9d3a7dcadcac442dd4ad64fb17916b578196813530c6b3903a7fa9e43352ced94f863d71814921430030566d72e92624e793d99145155575fd3cd4c207e441c7d3061a5087135a86b2d91e8919645357bca9bfdc51349d957bfb8cb86137fefe3aeffbcac0d73c2a689a0aafd5732c2b07ef2d7059cfda2434f0edf0ca49089115d2dfb7d24e241dd928fab7a2e7289575e1b09b580fd8d791430d20cb4c249ba4659771020605a3f93f8d3af5bcb7beae627722c867dba0ad9e3b744434dc89862548917a729bc5e37d06435274e8c3c64263d1f29a7cd637e9e24e8a65c7d5fa8e06bbe1952d41589a9203a0503069eca0f8bcc40a3e1fcf90accfd0a4df7518e93dbb336f71d2b07c400def8312def38598d16eef1a1dc4055130411a5d1c4f3425b5f3ba58855eb862311f7eeadf46a6102e7e03f3b3e1c1399a25e8eafc3e4861a3d6ff64ee090918361b933d875205a01f5b030580bfc5ca0948496d604e8437f4da6138db846d6c21305a4cedb5692238dfdfd91c71529712a35dcd4c2356371d43091827402024a2a31d97a066da607a7def8c00204177942137045b7912b69a11dc3e170aeec575c5a39ae2eb5a94f947f7ee36bdb416b3e792220ef6be1a0c827a31b2cee3f5d355058444d0abd334a5c23f98bfe0a453afa474827c3c9554aa5f08c43322858afccca6488c7946da2a0ce85422c4faa51cd55f16a12bd49f6004b30beecfd42b51cc8d1964662b833bb518e916276a000100000000000031555c30dd5763ab6eeeefa0dbae04a76e66050685ba765460ba8a491dedcb5e95e095531dd3e4c3b3f5e7745f2a231b05bc3eae375759f6d86563afdbc1d0cf7dcca031d92e24c0e29bb4a0eef7d0ba68bb8ef1725a2e529f73fe339b73f3daa3810023da4cc7bf0afbca81b5dffde87d33997f166414e22c86e5e46ba7812ae88ed8753eda3ecb90f9758ec00539ee08ceaf72b91396a726adc4a2d4d1e72555d1832157d0c863eb2713bd29fd232e73db5c9e65a2bbd3c01c5d979917af62a683cadf19c0ba98463bd839e9642cd7ee6383379907404350d721674bae24eb48e02fb0e194affef061d3940e79194e9d063ca560a92a4319602d55133facf7a5f6d77bfb661d6abc993b3e6918e8dcffcbd13368c639b135d3b5c59a6ab5c0880394465e1f4c7af5b0ebf436bee587239f1fb422ae80b39457d45d8c4867de4e752e115eb49866e55c7841a2615aa23e6ce7bdf6de7f5402fdf8d1f0231c85ad231314502abd5f711e5ede7942832159a675b4049c8561e5f2e5c6bffd41a0bf7c9787891f7d4afdbfc46d377048a186eb93583503a54813d966d5dc453d2ec969068af6277fb8d780f9b1573df31f0435aaa092a967da0749f45fe1803441727df384df85c75d77ddb4fefd73782ae09510caff5b384fba7e3f33b3fb1bc7e9caa29a4188ccb608f4710353a5421d323fce656e95aa62e68284e28acc9325d01838ee73439efe981fe47226be12e19c67366f3bdc0a7119610dbebaa5ae3d875fd495678a4cc4ae017afe5214b08fea95ece968231af196ca0f0295619385e828532ba3f183ab0460e4edc1f374eb1a048d1728851ebdb960fe4fc6ae6d8cf79a9cc414598aed43f29dd480f5ca8aecb22999cec77f1d1afb677bcc45a01902eef99288e85f3956cd6645f1e319475dfe2acfdfe21555b0616f9f2f0740c56d261d6d875ac487e3c87a54cdacffa5e9585b79e524791f2bd6b394244b1897a0055985ec5a6871d6d1caaa3fde69b1750bfd0ae8f368f3e35dc21fa67f9e60b9b80b4fa43e26c9482f0c0039ece92495983c5cadd82ff363cc9645d53aca98efb661253637f99589fa40aee0adfa07", &(0x7f00000003c0)=""/183}, 0x20)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000a00)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes)\x00'}, 0x58)
r3 = syz_open_dev$video4linux(&(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0585605, &(0x7f0000000080)={0x1, 0x1, @stop_pts=0x1})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r4 = syz_io_uring_setup(0x10d2, &(0x7f0000000340)={0x0, 0x6bf6, 0x100, 0x5, 0x12}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000300)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
io_uring_register$IORING_REGISTER_FILES(r4, 0x2, &(0x7f0000000040)=[r4], 0x1)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x47bc, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_QBUF(r0, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x7, 0x4, 0x10, 0xdb1, {0x0, 0x2710}, {}, 0x5, 0x2, {}, 0x58603})

1m57.964295128s ago: executing program 5 (id=3194):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$rfkill(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
listen(0xffffffffffffffff, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
sendmsg$sock(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r1, 0xc0a85322, &(0x7f00000003c0)={0x1003, 0x0, 'client0\x00', 0x0, "92c18f5458d5f54f", "c3e64652ce2fc415a5b53ac6428c8b50af67d6c99cdfe5c1e40001df2c325f95"})
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1, 0x8000000}}], 0x48}, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRESHEX=r1], 0x66)

1m57.340783189s ago: executing program 3 (id=3195):
r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0x20, r0, 0x0, 0x0)
r1 = socket(0x40000000015, 0x5, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
socket$unix(0x1, 0x5, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket(0x1e, 0x4, 0x0)
connect$tipc(r4, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendmmsg$unix(r4, &(0x7f0000004400), 0x400000000000203, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003000000018000180140002007665746830"], 0x2c}}, 0x0)
getsockopt(r1, 0x200000000114, 0x7, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9)
r7 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder-control\x00', 0x802, 0x0)
ioctl$BINDER_CTL_ADD(r7, 0xc1086201, &(0x7f0000000100)={'custom0\x00'})

1m56.659347475s ago: executing program 7 (id=3197):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x21, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000040)='T', 0x1, 0x8910, &(0x7f0000000000)={0xa, 0xfffc, 0xde, @loopback, 0x1}, 0x1c)

1m56.249143032s ago: executing program 7 (id=3199):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r0, &(0x7f00000000c0)=""/28, 0x1c)
getdents64(r0, &(0x7f0000001f80)=""/4104, 0x1008)

1m56.119901833s ago: executing program 5 (id=3200):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a00100000000280", 0x2a}, {&(0x7f0000000400)="6a6f8e5e", 0x4}], 0x2}, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000000440)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="00222200000096231306e53f870c0000002a9000070900be008300000000935cd376070b5d8c3ddace12280271dadf7dc60520e0f0fd0de110c19eb7277b16c7efe0d03a98cb2d780cea258c1e9a2d81eefc2dd0691afa34096b9f47f411165ac1d4375b52fa4e188022ae99156c08491758c0c5b5112d624fd89e"], 0x0}, 0x0)
r4 = syz_open_dev$evdev(&(0x7f0000000600), 0x6828, 0x0)
ioctl$EVIOCSKEYCODE_V2(r4, 0x40284504, &(0x7f0000000000)={0x3, 0x20, 0xfffc, 0x8, "c400523a6f29155cce66e2e7aadce2988b5ec056b7007f87586a324b565ffcbb"})
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r5=>0x0})
r6 = syz_open_dev$vcsa(&(0x7f0000000040), 0x4, 0x40000)
sendmsg$NL80211_CMD_GET_WIPHY(r6, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x1c, 0x0, 0x100, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0x8}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000801}, 0x45)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000200)={0x48, 0x5, r5, 0x0, <r7=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_REPLACE_IOAS(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0xb, r7, 0x0, r5})
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602240000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

1m55.858214384s ago: executing program 7 (id=3201):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000002680)={0x0, 0x0, &(0x7f0000002640)={&(0x7f0000002500)={0x14, 0x0, 0x3, 0x301, 0x70bd25, 0x25dfdbfb, {0x1, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20008002}, 0x0)

1m55.744083074s ago: executing program 3 (id=3202):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000180)=@assoc_value, 0x8)
r1 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3c, 0x0, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r1, 0x0, 0x0, 0x4000040)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000540)='\x00', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000300)='8', 0x1}], 0x1}}], 0x2, 0x20008050)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)={0x18, 0x24, 0x301, 0x0, 0x0, {0x1}, [@nested={0x4, 0xae}]}, 0x18}}, 0x4000)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000040)=0x80000004, 0x4)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x33, &(0x7f0000000640)={0x1, &(0x7f00000000c0)=[{0x6, 0x81, 0xca}]}, 0x10)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @loopback, 0xfffffffb}, 0x1c)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x17, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="00000000000000000100000000000000850000008600800018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000000000008500000086000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r5 = socket$netlink(0x10, 0x3, 0xc)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000206010200000000000000000500000005000100060000000d000300686173683a6e6574000000000900020073797a31000000000c00078008000640000000400500050002000000050004"], 0x54}}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
listen(r3, 0xb)

1m55.520275282s ago: executing program 7 (id=3203):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000016c0), 0x3af4701e)
r1 = userfaultfd(0x1)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000001ac0)={r2, 0x2000, {0x0, 0x0, 0x0, 0x1, 0x140000, 0x12000000, 0x0, 0x1e, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}})
r4 = dup(r3)
write$UHID_INPUT(r4, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0xfffffe38)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x8001, 0x0)
ioctl$FBIOPUTCMAP(r6, 0x4605, &(0x7f00000001c0)={0x4, 0x3, &(0x7f00000000c0)=[0x7, 0x6, 0xe53], &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)})
r7 = socket(0x200000100000011, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'gre0\x00', <r8=>0x0})
bind$packet(r7, &(0x7f0000000180)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt$packet_int(r7, 0x107, 0xf, &(0x7f0000000100)=0x3c0, 0x43)
sendfile(r7, r5, 0x0, 0x80004700)
sendmsg$nl_route(r0, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=@ipv6_getrule={0x1c, 0x22, 0x100, 0x70bd2c, 0x25dfdbff, {0xa, 0x0, 0x10, 0x30, 0x7, 0x0, 0x0, 0x4, 0x10}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20844}, 0x4)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a300000000040000000030a01010000000000000000020000000900010073797a30000000000900030073797a320000000014000480080001400000000008000240000000001400000011000100"], 0x88}}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0xfffffffffffff000}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x1}]}]}], {0x14}}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r11 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r11, 0x4010640d, &(0x7f0000000000)={0x5, 0x2})
r12 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, r12)
r13 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$UI_SET_MSCBIT(r13, 0x40045568, 0x29)
ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f0000000140)={'wlan0\x00'})

1m54.808348831s ago: executing program 3 (id=3204):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
rt_sigaction(0x8, 0x0, 0x0, 0x0, 0x0)
lseek(0xffffffffffffffff, 0x9, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x10, 0xfff1}}}, 0x24}}, 0x44884)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
rt_sigqueueinfo(0x0, 0x11, &(0x7f00000002c0)={0x9, 0x6, 0x100})
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x8012, r4, 0x2000)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x129a02, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x60880, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd25, 0x6, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {}, {0x8, 0x3}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8035}, @TCA_FLOWER_KEY_ARP_SHA={0xa, 0x3f, @local}, @TCA_FLOWER_KEY_ARP_SHA_MASK={0xa, 0x40, [0x0, 0x0, 0x0, 0xff, 0xff]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24020000}, 0x44010)
r8 = syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
r9 = syz_open_dev$char_usb(0xc, 0xb4, 0x800000000000)
syz_usb_disconnect(r8)
ioctl$EXT4_IOC_MIGRATE(r9, 0x6609)
r10 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r10, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r10, 0x81, 0x2, &(0x7f0000000280)="935a")

1m53.512153882s ago: executing program 5 (id=3209):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x881, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000d, 0x4008032, 0xffffffffffffffff, 0x0)
ioctl$TIOCSWINSZ(r1, 0x5414, &(0x7f00000014c0)={0xffff, 0x9, 0xa, 0xf7cf})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000001c0)="186536410f017d00440f20c03507000000440f22c00f23d80f219d970f23f8660f2263c4c17c77413e1c6767450f01cfb94d0800000f32c422d1b7900000c0fe", 0x40}], 0x1, 0x34, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

1m52.780942422s ago: executing program 5 (id=3212):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x101800)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x80)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r3 = io_uring_setup(0x45a6, &(0x7f0000000500)={0x0, 0x0, 0x1, 0x0, 0x228})
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, 0x0, 0x0)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
r5 = add_key$user(&(0x7f0000000440), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000240)="8b", 0x1, 0xfffffffffffffffb)
r6 = add_key$user(&(0x7f0000002300), &(0x7f0000002340)={'syz', 0x3}, &(0x7f0000000100)="370c099069effa43de3e1404db09b4ce1ef77bde4b371532dd16447c1b13403656c86711f6e750026f23029a50d44299c7bf5c78dc5efae2d041016160e8bef7b30c05e298aa9572540dd950307987eef2115e1bcf512bea3410ca5a9e9f827e4b13490dbbd4fc5a45e0738b959acafd2c12863045265bcbc2c9426ac3f614746b436fe86a72dc642dd67d970604a69b4f22cd0076beedc18056ab4bea4c825b69a7a77adcd5488684872b1bb9eb84586549e11b080468668e8fd0e52ce0705a", 0xc0, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r5, r6, r5}, &(0x7f00000005c0)=""/208, 0xd0, &(0x7f0000000580)={&(0x7f0000000340)={'md5\x00'}})
fstatfs(r4, &(0x7f0000000140)=""/166)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}, 0x20)
socket$netlink(0x10, 0x3, 0x8000000004)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x162e02, 0x0)
r8 = dup(r7)
fallocate(r8, 0x10, 0x0, 0x72000)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
readv(r0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/247, 0xf7}], 0x1)

1m40.291179358s ago: executing program 36 (id=3203):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000016c0), 0x3af4701e)
r1 = userfaultfd(0x1)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000001ac0)={r2, 0x2000, {0x0, 0x0, 0x0, 0x1, 0x140000, 0x12000000, 0x0, 0x1e, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}})
r4 = dup(r3)
write$UHID_INPUT(r4, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0xfffffe38)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x8001, 0x0)
ioctl$FBIOPUTCMAP(r6, 0x4605, &(0x7f00000001c0)={0x4, 0x3, &(0x7f00000000c0)=[0x7, 0x6, 0xe53], &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)})
r7 = socket(0x200000100000011, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'gre0\x00', <r8=>0x0})
bind$packet(r7, &(0x7f0000000180)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt$packet_int(r7, 0x107, 0xf, &(0x7f0000000100)=0x3c0, 0x43)
sendfile(r7, r5, 0x0, 0x80004700)
sendmsg$nl_route(r0, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=@ipv6_getrule={0x1c, 0x22, 0x100, 0x70bd2c, 0x25dfdbff, {0xa, 0x0, 0x10, 0x30, 0x7, 0x0, 0x0, 0x4, 0x10}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20844}, 0x4)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a300000000040000000030a01010000000000000000020000000900010073797a30000000000900030073797a320000000014000480080001400000000008000240000000001400000011000100"], 0x88}}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0xfffffffffffff000}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x1}]}]}], {0x14}}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r11 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r11, 0x4010640d, &(0x7f0000000000)={0x5, 0x2})
r12 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, r12)
r13 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$UI_SET_MSCBIT(r13, 0x40045568, 0x29)
ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f0000000140)={'wlan0\x00'})

1m39.456801409s ago: executing program 37 (id=3204):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
rt_sigaction(0x8, 0x0, 0x0, 0x0, 0x0)
lseek(0xffffffffffffffff, 0x9, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x10, 0xfff1}}}, 0x24}}, 0x44884)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
rt_sigqueueinfo(0x0, 0x11, &(0x7f00000002c0)={0x9, 0x6, 0x100})
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x8012, r4, 0x2000)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x129a02, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x60880, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd25, 0x6, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {}, {0x8, 0x3}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8035}, @TCA_FLOWER_KEY_ARP_SHA={0xa, 0x3f, @local}, @TCA_FLOWER_KEY_ARP_SHA_MASK={0xa, 0x40, [0x0, 0x0, 0x0, 0xff, 0xff]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24020000}, 0x44010)
r8 = syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
r9 = syz_open_dev$char_usb(0xc, 0xb4, 0x800000000000)
syz_usb_disconnect(r8)
ioctl$EXT4_IOC_MIGRATE(r9, 0x6609)
r10 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r10, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r10, 0x81, 0x2, &(0x7f0000000280)="935a")

1m37.65502818s ago: executing program 38 (id=3212):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x101800)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x80)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r3 = io_uring_setup(0x45a6, &(0x7f0000000500)={0x0, 0x0, 0x1, 0x0, 0x228})
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, 0x0, 0x0)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
r5 = add_key$user(&(0x7f0000000440), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000240)="8b", 0x1, 0xfffffffffffffffb)
r6 = add_key$user(&(0x7f0000002300), &(0x7f0000002340)={'syz', 0x3}, &(0x7f0000000100)="370c099069effa43de3e1404db09b4ce1ef77bde4b371532dd16447c1b13403656c86711f6e750026f23029a50d44299c7bf5c78dc5efae2d041016160e8bef7b30c05e298aa9572540dd950307987eef2115e1bcf512bea3410ca5a9e9f827e4b13490dbbd4fc5a45e0738b959acafd2c12863045265bcbc2c9426ac3f614746b436fe86a72dc642dd67d970604a69b4f22cd0076beedc18056ab4bea4c825b69a7a77adcd5488684872b1bb9eb84586549e11b080468668e8fd0e52ce0705a", 0xc0, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r5, r6, r5}, &(0x7f00000005c0)=""/208, 0xd0, &(0x7f0000000580)={&(0x7f0000000340)={'md5\x00'}})
fstatfs(r4, &(0x7f0000000140)=""/166)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}, 0x20)
socket$netlink(0x10, 0x3, 0x8000000004)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x162e02, 0x0)
r8 = dup(r7)
fallocate(r8, 0x10, 0x0, 0x72000)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
readv(r0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/247, 0xf7}], 0x1)

1m29.034277506s ago: executing program 6 (id=3266):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000180)=ANY=[@ANYBLOB="a03700002d41010026bd7000fcdbdf2504"], 0x37a0}, 0x1, 0x0, 0x0, 0x4000d}, 0x24000000)

1m28.599980249s ago: executing program 6 (id=3268):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="120100006325a640402000498b4d000000010902240001000000000904000002214c6a0009050702000000da000905890e"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000780)={0x0, 0x0, 0x2e, "d41efec0717c524312be40b532a3b9f6325b03cc37d442bd9dcb06448a5e6a76691230ec0a86c3069391ea70597f"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
fsetxattr$security_capability(r1, &(0x7f0000000100), &(0x7f0000000200)=@v3={0x3000000, [{0x100, 0x2}, {0x6, 0x3915}], 0xee01}, 0x18, 0x2)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r3=>0x0]}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000040)={r3, 0x6}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="b4050000000000006110180000000000760000000000000095000000000000005cb6bf6ef64107127b04c78e7ef363b6bc33ecc11b13e83ecbd1f61e39904a778741f77f5c50716f883347bfe9aa70f5b090554da8a3cd69fdba7290e29636e083dc70e863408d34da4443b7e18e4b21cc2e5046d4254b2aef141728315b2e313c35079350146dc5de546ef2fe7e9a7a4df5430a"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x401}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94)

1m27.93057051s ago: executing program 8 (id=3270):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r1 = syz_open_dev$video4linux(&(0x7f00000000c0), 0xe, 0x4000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x400000000000290, 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000001980))
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}}, 0x0)
r4 = gettid()
kcmp(r4, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff)

1m27.600091294s ago: executing program 8 (id=3271):
syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="12d8ed030100008e88052086800095d8b60102030109021200010000002000d629b796ea9d0a9500"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000380)=[{0x1e, 0x6000, 0x0, 0x0}], 0x1})
socket$inet6(0xa, 0x800, 0x48)
r1 = socket(0x10, 0x3, 0x0)
recvmmsg$unix(r1, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000003700)=[{&(0x7f00000011c0)=""/4096, 0x1000}, {&(0x7f00000004c0)=""/146, 0x92}], 0x2}}], 0x1, 0x2, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="2000000072009fb3000800000400000007000000", @ANYRES32=0x0, @ANYBLOB="0800010001"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x8000)
r2 = socket(0x10, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="029d365bb6646e09000000000000000000400000", @ANYRES32=r3, @ANYBLOB="8304050000000000180012800e00010077697265677561726400000004000280"], 0x38}, 0x1, 0x0, 0x0, 0x9005}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x8000000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = dup(r6)
ioctl$TCXONC(r7, 0x540a, 0x0)
write$6lowpan_control(r8, &(0x7f00000007c0)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
ioctl$TCXONC(r8, 0x540a, 0x2)
ioctl$TCXONC(r8, 0x540a, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000005700)=[@text32={0x20, 0x0}], 0x1, 0xc, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
r9 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r6, 0x40305829, &(0x7f0000000100)={0x17c04, 0xffffffffffffffff, 0x4, 0x200000002221, 0x71, 0x2})
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040000}, 0x40)
ioctl$KVM_REGISTER_COALESCED_MMIO(r10, 0x4010ae67, &(0x7f0000000040)={0x4000, 0x5000, 0x1})
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r11, 0x4090ae82, &(0x7f0000000200)={[0x6, 0x9, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x4002004c5, 0x1006, 0x45c4, 0xc597, 0x7, 0x6, 0xfffffffffffffffe, 0x8000, 0x80000004000000, 0xc], 0x80a0000, 0x2010d3})

1m25.495962865s ago: executing program 6 (id=3272):
r0 = syz_usb_connect(0x5, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000ead01c202505a4a463200102030109022d000100fd20000904a70103a598850009050a020004060c000905060220"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = socket(0x10, 0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28)
write$binfmt_script(r2, &(0x7f0000000500)={'#! ', './file0'}, 0xb)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
close_range(r1, r2, 0x0)
syz_usb_connect$printer(0x5, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x4b8, 0x202, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x4, 0x40, 0x1, [{{0x9, 0x4, 0x0, 0x2b, 0x2, 0x7, 0x1, 0x3, 0xc7, "", {{{0x9, 0x5, 0x1, 0x2, 0x8, 0x7f, 0xb}}}}}]}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x81, 0x6, 0xa9, 0x10, 0x9}, 0x113, &(0x7f00000000c0)={0x5, 0xf, 0x113, 0x2, [@generic={0x103, 0x10, 0x4, "7ca69d82bd8d6f6f05b300054d307c24480bcb284d101d63c773e564385754391c329c8fc875ea1eb11dd8746d99aae0a1365bc493617065fb585335c9c1508ccbfd6b317f2cda7fe3dc4afa7c852ba7935af7350011289b69ca30596f9358cc59f7a769392b787b6b4175ebe1cd3e0514b05515de925e23818ee85d95d164b8265679257bae3e1da7aaefd32b80cc409e68790154609b39dc08a8f8fcc018b8e833bb6baa139a817e8e206e06f764c82ac7923755083d1a7f9c6642dc4ab1506aaa32f4277e3ec425845a352e10fa6e933970f02b95fb9a0ce9c6701bded2a4bb2e78d4b45103056c514d4c9cf52d975f793bea49542b256d2cbb9f7cdf88a7"}, @wireless={0xb, 0x10, 0x1, 0x2, 0x0, 0x40, 0x4, 0x2424, 0x23}]}, 0x3, [{0x89, &(0x7f0000000200)=@string={0x89, 0x3, "3313b905bd72013416e5f69c8155458bc5455ba5fad35f86af463d93c4802c227fd000000cd871c649990ecf61043132b41cfbf932a21c129c5f3eeb48c7aa0347bb56c0918692c40ff2eeaec2da0e575c69b855b011059f69fb49d6c73dd7a321bd4f8cc2811b21a78d646b71150b783a485ecdc74c3e4735836e9347b31b12c7e352a4cb2b83"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x411}}, {0x34, &(0x7f0000000300)=@string={0x34, 0x3, "420f200c893e51f651f3f312c2d79dba01616d107c3a1963342a67e41e7d72159e3b81ebffda01cc7d9733b6d0f49fc41eab"}}]})
syz_usb_connect(0x5, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000ead01c202505a4a463200102030109022d000100fd20000904a70103a598850009050a020004060c000905060220"], 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
socket(0x10, 0x2, 0x0) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) (async)
connect$inet6(r2, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) (async)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28) (async)
write$binfmt_script(r2, &(0x7f0000000500)={'#! ', './file0'}, 0xb) (async)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) (async)
close_range(r1, r2, 0x0) (async)
syz_usb_connect$printer(0x5, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x4b8, 0x202, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x4, 0x40, 0x1, [{{0x9, 0x4, 0x0, 0x2b, 0x2, 0x7, 0x1, 0x3, 0xc7, "", {{{0x9, 0x5, 0x1, 0x2, 0x8, 0x7f, 0xb}}}}}]}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x81, 0x6, 0xa9, 0x10, 0x9}, 0x113, &(0x7f00000000c0)={0x5, 0xf, 0x113, 0x2, [@generic={0x103, 0x10, 0x4, "7ca69d82bd8d6f6f05b300054d307c24480bcb284d101d63c773e564385754391c329c8fc875ea1eb11dd8746d99aae0a1365bc493617065fb585335c9c1508ccbfd6b317f2cda7fe3dc4afa7c852ba7935af7350011289b69ca30596f9358cc59f7a769392b787b6b4175ebe1cd3e0514b05515de925e23818ee85d95d164b8265679257bae3e1da7aaefd32b80cc409e68790154609b39dc08a8f8fcc018b8e833bb6baa139a817e8e206e06f764c82ac7923755083d1a7f9c6642dc4ab1506aaa32f4277e3ec425845a352e10fa6e933970f02b95fb9a0ce9c6701bded2a4bb2e78d4b45103056c514d4c9cf52d975f793bea49542b256d2cbb9f7cdf88a7"}, @wireless={0xb, 0x10, 0x1, 0x2, 0x0, 0x40, 0x4, 0x2424, 0x23}]}, 0x3, [{0x89, &(0x7f0000000200)=@string={0x89, 0x3, "3313b905bd72013416e5f69c8155458bc5455ba5fad35f86af463d93c4802c227fd000000cd871c649990ecf61043132b41cfbf932a21c129c5f3eeb48c7aa0347bb56c0918692c40ff2eeaec2da0e575c69b855b011059f69fb49d6c73dd7a321bd4f8cc2811b21a78d646b71150b783a485ecdc74c3e4735836e9347b31b12c7e352a4cb2b83"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x411}}, {0x34, &(0x7f0000000300)=@string={0x34, 0x3, "420f200c893e51f651f3f312c2d79dba01616d107c3a1963342a67e41e7d72159e3b81ebffda01cc7d9733b6d0f49fc41eab"}}]}) (async)

1m24.383934377s ago: executing program 8 (id=3273):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1000000, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
migrate_pages(0x0, 0x6, 0x0, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x0, 0x4)
syz_open_dev$loop(&(0x7f0000000140), 0x39b, 0x2)
openat$cgroup_ro(r0, &(0x7f0000000000)='freezer.state\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet(0x2, 0xa, 0x0)
syz_open_dev$usbmon(&(0x7f0000000240), 0xfff, 0x484482)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
accept$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000200)=0xfffffffffffffde2)
sendmsg$key(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="020909082a0200002cbd7000ffdbdf2519000800d005000085c12af27893992fd39ad437ab0f22564f57c3971fa5fbd662ae30aa20321d903ebb695cbc630bfbca96391c13fb4c778eb0b633be87959cc3ba08ebd451b6a18d751fea4e65e3d4dd3d4328c8b7718a0782e008010dbabaff1cc9634171527877affaa958ce6e84145ab7d9654e83b5068d027da3b41e3156bfed84edf27fe40ff8c5b23041fa4fdeb9baa2174f489158bbda19b956784f43e7472d3a400f0dbc29e3f6c152ddfbe1f49f699000000000000004000200e83900000400000000000000080000000000000001000000000000000102090000800000ed5a618e26843b6589dbe0715307688ab38bf1169b76ff7e68bfaea7b5a6fb14acfdaf62ce2dde03bb732b48480a48f9b2b2faebcf4406708a0a4670b19b4a541410e4f74cc6f73a7e02af6f89b84c2f365cf706bb222e9acb60c223711cc76c5e5b5f067989c9b011497c77d22bca3be24d783bc95711311fe637c605530099a3616c03cabec1b568423f8d916527d06a7795c0508fab49ac6ae8e47a398e0373062776004acdb2e0048d1f5a249a543911fa82bde879eef92ad440850a889a8d44c62cbf5d40f379bb899b083d39d0c0e16a0be6ec6b37a8d0237d31fc60b8ca51c70db875a389286a7209f1fd80af0ceb1bfbadd00524d010bfd3bd18b18f08ef20023d37e6da0999f107f376da6eef6237eae72c572651d8536aef9d3f0337fc68387ee02dfc74a0c28a2c54d5d8fe4a870968ef5509189b0b334ff5d6a7ecf0852795daf9713a326daff08cae5da199a32a0c0e794e904ce6936fe9db07dd5eb678cfbd92222a75c26dd5abd9de94cabca8464d5133dbb785959ae1f7427b5b02b11659f462cdd529c7ccacf700e44366714764493e9b2d860a52701a4f182ca1ba822b1973be4c94bde946a86147ebed5355bb416ece216aa3ed0f6ac60947857cbe58ea17f48696562d07a5ff56e6170c92b5b41fe47aa4e5f1f5ea7e6e5f78e4038ee3ddb7164a41e2d40856adf4d91b20895967570834e5dfd9c7c109be4475d77cccee53d1f8f840ac3f6f58a456c67fb25f6754a2ce1600d47f01df0717ffffc851772886bcc0c69b4ed5920d1a0138734a2dd06d5c2d62e80cb83de6983945a971bc5320a93291b9d3aafe26ca2b06da4252cf7f76624105449cb70327caaf4874022971be399bd8738e93ce7452efcf3bfbe2d91c7714d1bf85db432d8bd524510da70600cea0e2dbaaf57647d2f61cc97f6c1446da6317000b10c83ab3373e9ec8404a9d10c39f9f51ab0f335ddcb0c6e4d3807005d9b0b306bda6f266dc1e6c52b84b983cceb74b4d1381834ed4d08a0afe2c4c9baa2ea04961c2e9e2ca536a1c612408354a19c554f6031fc974aed88f479ffbc47b70d87c5cd56bda66ee3c3a6ce5278e09792e01d20441025e506ac61827127d02c946cdb41ed01624bfa6d922dd3ed65439a540e24912fdeb6a00f9484b03eebc275318265a1bd376dbfd739742774d2ae29719a459e245094bce42cd12f4664a4348dc9a1e290762ecb54cebc08769d81b7333feeeee0ef7066ec6db7ddbadd6dadcab8afb06f2321dccaf9ba46448cce9a9bdd0634d957a2b2e6aa8b23a50c4768ac79b7a9edcacef8e04b2d9c436671174a2a4b4f347c2b18d2e1526dd0df99ea67caf6288021a6fd3f05996ee45b0b38f47d17a4e38b42d52470a3ee0321ec6f9c7a9163399a7c93258df27f41948a12e848cc83431461492054ae82f5ba56468de8197bea1f48e2297dcdb5ce40b23d21f674928c096a75d0a5bd688159e744037495881005a48675f4cae7e3f85a8c99db4cb2b63cbd8df8b54c6c230cc3eb8139f5a2e158cce47b710928de6c3c57d010d00763c5dcf42547ccc275627f1a3a1d8e8ceb9c1d6392113c50b35128ab3a081f0e5a8bac15309eeb9d7873e581d523b15eeeed7487e974c983ea24824af6fb9a5fd3e667d4a9c1df8d1c631d9a2e7a4689c923fece8828a52e5cc09982188ee65a5a4b7ee415d83283c053bacad2ca5cc7ea28f36b4b6a0d35f79e56d2d3a4b23b478d2556ab5c9760e021770386b8afe05235d053afa4e0a0c8115f970ee3ef0e929b671499f6c2502573149ac3f4dc77b6c70e4ddd250e7f8f2fa45b514eeb4f49b52ba72f6174ce13695be2a90c559b004df02f91655f31257cceac154b9cca655d0e552658b994a286e25f12a609daef6b736f540af5cfc0c4a9193af17bf23a3c4655e8e570b5708579b41d9d778dbdc2b990aae3aa45a31d056f376a519eb2d092b9c514925430dfe595867bf52070968619b76e62d902bc1e399009c4e13d958d741c6e35086fbc99c3dd6c9d479731963f0e2df9446fba8c8f2464086ada6de0d2eb5957eb82f105174bba6176d08916c3b2d1d0b911521afe0ac1b94da75a9fefc8f347c803654c218b8365216e7959f0506592dbfdaecc02e09cfd794804e8c70e3ac885ad0f89fc10b69dccd95194476fb79315c6a69a5eb50f3400e3e1dfd13f2f92ef4f291a1c2657777b70f0a25abcc8c059292e92405fb0b13926532324a03543626301ec6b26b6aec654e1f023d328d80b292c99caa7ef295cff40a493b4028deb8a271b36f1446d5611831e6fc3b6ab3ef622c2abba923ff39718488a36584c3b9f9a5108d3cce271a4675708ae900c765c8b6c8f70c33eab5d2e247ecef3ca95d5c6a79f6395acb63a0a8a08f5259713649c0479d4bd74011d6435cb86dae07eb6ded4b6aca2e0f3f6f7d172f427ba0b3cbbac3f2f6ac8cbf27cae47529e7f492cf6e3e011bc20982b2be27954827721ec95b0331d25e33907d64df3c22fe2af4f0b38ea8d2716b6ad36c370efa35925563681928b0710f8184845aa1fa23b536981617d2911d71e29d75d2b4b4c559a7da5fbedc0e882bef896475da75429a08a902229090f91137f06b6d2c980e60b73b2a8fb5f05c54151cc069a2aa5890d7e3db75dbf7456e0140d9e71c8b2721d0b3e827c75dc83b71b4d3a4dd13874be9842056bb8103d40419747e9ff959971a86e467654708747dea2bc8d616834aefd3eea7f257aae1e06c09d7889b4c39b5a7eefd280df97e6e2805072fe65db07a8ee5022175c4b21d3c6f4d0bf3110938bcc4e0c110e41a3c499b1a697968bfaeb225132bb148b3952788655a5b56772053b2073e9d69d6e3da8a00ee7898ae6de86599dafba6d7a7aae155c21bb745269cb8a6d4e8591f1249e19beca478eec265b5dcd5cec7de1712f0bf88bf05b5cb5747f6c3ed25f7e78b9b7261e9304690fb9d787712609f138529697c34a30174f46a312b5f688e91867cdb51d9216830afdbeb9b1ecd29e92e6136641bdbb5fa4089c6c6cf3854ad1f3eedda16b91c136255ab8c3ed47f4a7bd97e7069191addd3a92652c695963a364bbe81f3307fc8394c96d3d0336ec39ced69fb639636dcb9709925e5ec7ad6ebb64417b17a04dc275a5d126fe35a97a00f0142999a4c12a6b8a1ac4574fe24a1c513b390b6ca02decd511d9037fe60b2ba25046941ce88647a1c1f5e9cfd86776f75559705b4d48acda9419968cd768b7b195247eacff82e2f03e4b23cb8adea079ac27022a2b214e8237103f8998e8f6011dd68442cba7c28a7d2825b8706e27666e86fb497853996491286f7a7aaa5b331bb895b4e10ebffce4ad545f11d7865658b7b5e97f1288212049ccbd361febd8bd5866b76cc99c9039b0c2d4eae6d89033088d0124d11575c58e3401af122f1f2a19f7061f7732031b9156ac409aff1b4f3b30421c4e0f539b64cd8cc87a5a478579054e8bbf2c801862f24498b83058f1453f46d1ab82e4c916a53eebaafd3d2d03fd24bb7c44e22bbdaab540e6a44ec15cae584d133fd7322b0197917981f640c0d27d151e74632992605b4e98c7b903c87b431a1760b6d73ca407d6a8f4ff711a1d0ba5cc288f50a38dd9d03be3f451e86616b29384c9db73a18d7f57b92aa00aff8645ddd305078a96459f41c38128dd4795b5f77f4aa33551d34e329a9ca8a4527f3dedf9053591b35f1af8f4751c23fe7d4ea3741d4e77c5dda8234a6a2aa5437c9367584dacaf1acec9bfecd278043c08533aace57fb5ebcdd1c4399aa2f4e752ddc82769fd263eb45619e2c12c2353e9c6a94081b497ddb28a68d9453dbd1e6005c94ec974319b47d4932186de996b479162e1220991fda6a530480f55179f9859897de632054580d78ecb96aaaf008eeaea37ff41bc9bf000df89dade98a5ce6ad0d6fda60905af6d0e8e8b5562ee4c2577b59503ab74754b06356a1583d8cef0a9e7d1902cc95c851d7f576f4d3bd90ea121031526044166821d467a88ba6ade1b6209a659a95af78057dd4449afc0a0b167edd95eda789faba2feca2439f7c392dc8123a6a547de69d4fad34cb13af5759fbb0b2f518bc691e049ce8c7f4bb5fb7e1836e5049d365fe4df8e9942330f76579698c06a959d7a3989097a3e573991ccd405af3f74a6d7d547712747a2faa042949212debf2275804158176ccc3d600dd1aa2412585ce5abe4fdc3720f6eb5b63366c890ad2f6ae97a4e8472da6a1984116bd64f23c68108f567cbcefc51e619b7a704ea2077b02efe9f37b0256000600d7d85ce4b023feeb3e4d59eb5359ce3e28efcb5464a5c19ddc685a50a9a34cb50f9c1284cef954dbad31ac2548e2d29f04492615204c57660acae840d749185ea19ca54effc63cf3a4a77bd75e712fd9db7510eea419bcf1929f291ece3d0989a18daf66be211a1f3cf9c914f0637f5f62383f1f3e09612e8c35e8fcb52663c66f7af272834bb816163eb981507ee7ad98bd86273f4ff8a84da7e2f9810d28b6f212f15f9e7610b5266410fe45ea8ec600957728da741647dfbc3a67590e3a588264571f9a816fa9c655684bb7fb18d5c496ff1ba8b974fc68a31401576c6f352e281976a6d0c3d518e7a9cd615070ef3d7479410e7f01babfa4f1eacc4794016ddd5b9304a5a814b21f31176cea08214a54b3848b3eb852c710335948e846668142a4499e96bd2f86721dd366d7b56c4e2f767cd7d27a4a2c262a31bde0c035c058a2348d0c05c211fad3d7ef7bc80d7a6b5ba65bf863e9dd2f0361846be10a396bd006bf8c027247c183eb75499759c458d403172177bb777986b91e8ee099622ecd087015ffd8225ff279e6c8369518cfbf08dba41f20bea1e46663079e82133353359f44cdcdece8a3ed04978c054bdfb97a5a59a5fd5869038c3772b3a0006beaf50f78c4c47caad0eabfb20aea0a777d1388b9860b928e4a24ab6fdc9b4314e0d381a6076ce6fdc744f8bde6d8c234d2724d4969546dbbcd1c667d1eb04a316cc3ae8cd478cd331f2194d071dd239bc94dba5caabe9529ebf4ed6dc823c48b7a3953e5fc072efe312a44a44b7cd20a4c763f4c2e6218cea0c475ff19cc29b321b3e5e761d1c6e916f0501f7b3aa50efba9af8ffcefb58dfc29d7f57b9fe5d6500cca5ae3a236361b57bb52a90af905c034ab812adedba2112c8fc1ffa7f5d7dca3fd6cfc25ec249fcf9cf12ee5e28944ee54c87c09a20ba0cac2ff27d831be1dbece1798c4c7397842d893e079f72422f74f5c365f6c1506722b0d212e93fb46779b7478e2f6227ef3f0b7d215d9408a28ff71a651f964a7861023787965fdea005f41cf9c4a4b0f9aa2921d7559c93c1f237a4e5514c8f648522173d8eab39470e85efe8fb87dba1206f4431e46c2594738c5d4b335089a7830cf29f3417aba63cf29057113fe74a3ef05428db9c3a722f2c7e265ab43ff8897b4da79a4eb80f24702224649c19b0115e5ee5740a2f43033e6a22076b8d3e338e420e81801a1ff4f57a4ae0ee6a46913e017c5f4995bdb4a82acaab36a8f643f01b82b4c9d4e5eca69b0b051f9757704442e4ed66c54b37577b6294c17555caf5c27ee3d84bdd1fb598a8d0375e38f458a0ca1438d6579b6320075f4ca9bfdadb99d1ae5c72ae18452cf7e21f0017cbcc266e58668fe5e99132fef5c7ddb9d82d0513543a748fb3efe49c9b0ecde8e4e47b890482405c5a57f618e3e2eb273a1401530a8acffdc64f0473b3db8b5fae0df27bfb8a42d08001800020734006bbe8e431d553598ff5d231f12cca186a2999728c8fa34c8627387f8457d8d9cae765ece3bb1568f0216dd017e33963988ad66a30000000002000a00070000000600"/4432], 0x1150}}, 0x40000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x2}, 0x80)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r3, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
keyctl$join(0x1, &(0x7f0000000100)={'syz', 0x2})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0xd5)
pselect6(0x40, &(0x7f0000000080)={0x5, 0x0, 0x120004000000, 0x2, 0x69, 0x6ba, 0x1000003000, 0x49}, 0x0, &(0x7f0000000180)={0x600000, 0x7, 0x0, 0x9, 0x86, 0x9, 0x7ffffffe, 0x8}, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

1m23.667587815s ago: executing program 6 (id=3274):
socket(0xa, 0x5, 0x0)
syz_clone(0x80000011, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x6, &(0x7f00000003c0))
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x62081, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000080)={0x2812, 0x1}, 0x18, 0x0)
landlock_restrict_self(r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet6(r4, 0x0, 0x0)
r5 = open$dir(&(0x7f0000000240)='./file0\x00', 0x800, 0x100)
openat$incfs(r5, &(0x7f0000000280)='.log\x00', 0x800, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
pread64(0xffffffffffffffff, &(0x7f00000000c0)=""/4082, 0xff2, 0x7)
r6 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r6, &(0x7f0000000740)=[{&(0x7f0000000300)=""/49, 0x31}], 0x1, 0x6, 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
preadv(r7, &(0x7f0000000200)=[{0x0}], 0x1, 0x10001, 0x7)

1m21.568390622s ago: executing program 6 (id=3280):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2000000, 0x50, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendto$inet6(r0, &(0x7f0000000340)="d293e61f27813490c0b2ebae28c4c7190c066a6bd4f6cd1629d9b5390f4a025ca54b67f5c79fd71099f20a767e04ff8847d59f79a1c1bc1a4bcec71620d2e2b561bcd99e069f2382914e086da44bb7add982b21ca4beb0b74903f9f06a5304341c883a4925685bb117fdbd6bd57edee34b961e819b3affcb3fbd1d5c1611a39a916cc55230a374a7580d54", 0x8b, 0x4, &(0x7f0000000140)={0xa, 0x4e22, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3}, 0x1c)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x218, 0x0) (async)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYRES64], 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
clock_gettime(0x8, &(0x7f0000001ac0))
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0) (async)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x101001a, &(0x7f0000000480)=ANY=[], 0xfb, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') (async)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r5, &(0x7f0000004100)={0x2020}, 0x2020)
write$vga_arbiter(r4, &(0x7f0000000200)=ANY=[@ANYBLOB="746172676574205043493a5b89"], 0x14)
syz_usb_disconnect(0xffffffffffffffff) (async)
syz_usb_disconnect(0xffffffffffffffff)
clock_gettime(0x0, &(0x7f0000000300))
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x18, &(0x7f0000000180)=0x29, 0x4)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
read$FUSE(r7, &(0x7f0000004340)={0x2020}, 0x2020)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) (async)
sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ_RESET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000a00)={0x14, 0x15, 0xa, 0x903, 0x0, 0x0, {0x0, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x24008819}, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x22, &(0x7f0000000080)=0x1, 0x4)

1m20.444223524s ago: executing program 8 (id=3282):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
pipe2$watch_queue(&(0x7f00000001c0), 0x80)
sendmmsg$inet6(r2, 0x0, 0x0, 0x4000)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$evdev(0x0, 0x8, 0x800)
fsetxattr$security_evm(r3, &(0x7f0000000200), &(0x7f0000000240)=@sha1={0x1, "6bcfc674bf8cfd83adbb89a036d38b508c770dc1"}, 0x15, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
semget$private(0x0, 0x4000000009, 0x0)
r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x100000b2, 0xa6040)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000180)={0x2, 0x100000, 0x80000, {r4}}, 0x20)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x1e0, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4})
r7 = socket(0x10, 0x803, 0x0)
r8 = openat$kvm(0xffffff9c, &(0x7f0000000480), 0x80, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000000093000040"])
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r7, &(0x7f0000000600)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r11, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="5000000010000305000000000007000000000300", @ANYRES32=0x0, @ANYBLOB="0000000000380000280012800b00010069703667726500001800028014000700fe8000000000000000000000000000aa08000a00", @ANYRES32=r11], 0x50}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0)

1m18.311591418s ago: executing program 6 (id=3289):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
rt_sigaction(0x8, 0x0, 0x0, 0x0, 0x0)
lseek(0xffffffffffffffff, 0x9, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x10, 0xfff1}}}, 0x24}}, 0x44884)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
rt_sigqueueinfo(0x0, 0x11, &(0x7f00000002c0)={0x9, 0x6, 0x100})
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x8012, r4, 0x2000)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x129a02, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x60880, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd25, 0x6, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {}, {0x8, 0x3}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8035}, @TCA_FLOWER_KEY_ARP_SHA={0xa, 0x3f, @local}, @TCA_FLOWER_KEY_ARP_SHA_MASK={0xa, 0x40, [0x0, 0x0, 0x0, 0xff, 0xff]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24020000}, 0x44010)
r8 = syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
syz_usb_disconnect(r8)
ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609)
r9 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r9, 0x0, 0x0)
syz_usb_control_io(r9, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r9, 0x81, 0x2, &(0x7f0000000280)="935a")

1m17.888464533s ago: executing program 8 (id=3290):
socket(0xa, 0x5, 0x0)
syz_clone(0x80000011, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x6, &(0x7f00000003c0))
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x62081, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000080)={0x2812, 0x1}, 0x18, 0x0)
landlock_restrict_self(r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet6(r4, 0x0, 0x0)
r5 = open$dir(&(0x7f0000000240)='./file0\x00', 0x800, 0x100)
openat$incfs(r5, &(0x7f0000000280)='.log\x00', 0x800, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
pread64(0xffffffffffffffff, &(0x7f00000000c0)=""/4082, 0xff2, 0x7)
r6 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r6, &(0x7f0000000740)=[{&(0x7f0000000300)=""/49, 0x31}], 0x1, 0x6, 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
preadv(r7, &(0x7f0000000200)=[{0x0}], 0x1, 0x10001, 0x7)

1m16.027391677s ago: executing program 8 (id=3293):
munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000)
socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000001c0))
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x15, &(0x7f00000000c0)={&(0x7f00000002c0)={0x98, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xffffffffffffffe2, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x98}}, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0xd, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000440)={0x2, @pix={0x0, 0xffff, 0x52424752, 0x0, 0x0, 0x4, 0xb, 0x0, 0x0, 0x0, 0x1}})
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0xb4, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xb4}}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r8 = dup(r7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r8, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
open_by_handle_at(r6, &(0x7f0000000240)=ANY=[], 0x10000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)
ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, &(0x7f0000000000))
ioctl$KVM_HYPERV_EVENTFD(r3, 0x4018aebd, &(0x7f0000000140)={0x3, r8, 0x1})
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="280000002000010000000000000100000200000000000000000000000c001440000000000000000058071fe7db51a3345c2db64242c7450d83acb10920f7e823bf3616fff3850c268175d0fd6a8845dab59da6ac27b674d37cf3e02f03d0321c53967042fcee05", @ANYRES8=r6, @ANYRESOCT=r3], 0x28}}, 0x20000000)

1m3.264652868s ago: executing program 39 (id=3289):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
rt_sigaction(0x8, 0x0, 0x0, 0x0, 0x0)
lseek(0xffffffffffffffff, 0x9, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x10, 0xfff1}}}, 0x24}}, 0x44884)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
rt_sigqueueinfo(0x0, 0x11, &(0x7f00000002c0)={0x9, 0x6, 0x100})
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x8012, r4, 0x2000)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x129a02, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x60880, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd25, 0x6, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {}, {0x8, 0x3}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8035}, @TCA_FLOWER_KEY_ARP_SHA={0xa, 0x3f, @local}, @TCA_FLOWER_KEY_ARP_SHA_MASK={0xa, 0x40, [0x0, 0x0, 0x0, 0xff, 0xff]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24020000}, 0x44010)
r8 = syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
syz_usb_disconnect(r8)
ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609)
r9 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r9, 0x0, 0x0)
syz_usb_control_io(r9, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r9, 0x81, 0x2, &(0x7f0000000280)="935a")

1m0.888641045s ago: executing program 40 (id=3293):
munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000)
socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000001c0))
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x15, &(0x7f00000000c0)={&(0x7f00000002c0)={0x98, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xffffffffffffffe2, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x98}}, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0xd, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000440)={0x2, @pix={0x0, 0xffff, 0x52424752, 0x0, 0x0, 0x4, 0xb, 0x0, 0x0, 0x0, 0x1}})
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0xb4, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xb4}}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r8 = dup(r7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r8, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
open_by_handle_at(r6, &(0x7f0000000240)=ANY=[], 0x10000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)
ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, &(0x7f0000000000))
ioctl$KVM_HYPERV_EVENTFD(r3, 0x4018aebd, &(0x7f0000000140)={0x3, r8, 0x1})
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="280000002000010000000000000100000200000000000000000000000c001440000000000000000058071fe7db51a3345c2db64242c7450d83acb10920f7e823bf3616fff3850c268175d0fd6a8845dab59da6ac27b674d37cf3e02f03d0321c53967042fcee05", @ANYRES8=r6, @ANYRESOCT=r3], 0x28}}, 0x20000000)

22.719401334s ago: executing program 0 (id=3446):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
fcntl$dupfd(r0, 0x0, r0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
syz_open_dev$vbi(&(0x7f0000000440), 0x0, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$iommufd(0xffffffffffffff9c, &(0x7f00000005c0), 0x40, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6(0xa, 0x200000000003, 0x87)
socket$netlink(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000010025bd7000fadbdf2500000000", @ANYRES32=r2, @ANYBLOB="138000002b9201002400128009000100626f6e6400000000140002", @ANYRES64=r1], 0x44}, 0x1, 0x0, 0x0, 0x40448e0}, 0x4000)

22.280828831s ago: executing program 0 (id=3447):
setsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000180)=@assoc_value, 0x8)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000540)='\x00', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000300)='8', 0x1}], 0x1}}], 0x2, 0x20008050)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)={0x18, 0x24, 0x301, 0x0, 0x0, {0x1}, [@nested={0x4, 0xae}]}, 0x18}}, 0x4000)
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x80000004, 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000640)={0x1, &(0x7f00000000c0)=[{0x6, 0x81, 0xca}]}, 0x10)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r1 = socket$netlink(0x10, 0x3, 0xc)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000206010200000000000000000500000005000100060000000d000300686173683a6e6574000000000900020073797a31000000000c00078008000640000000400500050002000000050004"], 0x54}}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
listen(r0, 0xb)

21.548213109s ago: executing program 0 (id=3453):
mremap(&(0x7f0000c52000/0x2000)=nil, 0x2000, 0x2000, 0x0, &(0x7f0000c51000/0x2000)=nil)
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000002, 0x187031, 0xffffffffffffffff, 0x0)

21.14577667s ago: executing program 0 (id=3457):
r0 = socket(0x200000100000011, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000240)={'batadv0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x800b, 0x4)
sendmsg$netlink(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="34000000020000010000000500000000d96e6c8d5e8508"], 0x34}], 0x1, 0x0, 0x0, 0x80}, 0x0)

20.811680201s ago: executing program 0 (id=3460):
pipe(&(0x7f0000000140))
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
mknod$loop(&(0x7f0000000140)='./mnt\x00', 0xfff, 0x1)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002d00)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4870000002000000480000000000000095000000000000002ba728041598d6fbd307ce99e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f071326bd9174842fa9ea4318123341cf9d90a0e168c1884d005d94f204e345c652fbc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc84e974a22a550d6f97181980400003e05df3ceb9f1feae5737ecaa81d666963c474c2a19eed87b277be335c75e04ad6ee1cbf9b0a4def23d410f6296b32ae343881dcc7b1b85f3c3d44ae8a3a3641110bfc4e90a634196508000000000000f0f4ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd5821124dcecb0c005d2a1bcf9436e101040000f73902ebcfcf49822775985b231f000000ccb0ecf31b715f5888b2a858ab3f11afc9bd08c676d2b89432fb465b3dad9d2ba7f1521b3ebb0cc52f49129b9b6150e320c9901de2eb879a15943b6dc8ea15aab9dd6968698e3095c4c5c7a156cec33a7bb727667d81ff2757ca1e5efdd4c968dacf81e65998b9091957d1d11a5730baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba165d876defd3541772f26e27c44cfd7bb5097379cf1756869cebc7b0b2d85d6d29983e830a9cdd1d0a017c100344c52a6f387a1340a1c8889464f90c284a4db539621fbb70f01a2c02dec4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae610afd01409d9a337ac5d58bcb5e5fc231514952c5255f22bd8b325d9b76e57f041b665ab0249886c0a65cc99d5893521372c8d8b7bacac24000020a4a24d8dbd75062e1daef9dead619cc6e7baa72706287793c3d2a2661edcd3545236c204682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b993508000000e480cd9d4850a049ee19b67d17ef0477aeb12b1d255be1ed66d9051f22614d1f62734d678039a97d2b74f9e8e97f4e8e7025123e783df8b8a17e3a9a7d85832f9acee4f1b56e9623128d743792cead3c058a5b700d64d160abe33df726608510136ce8bf239414a1d98ea93e3d35dbb6c23b90cf36e83b8a4309b402d264b09f2779a0bcb02e69d384146056d125cf4aadd80800000000000000e88d10acd06864eac44c42fbe334bdc3e9768fc360b130dc6111fe3293e8e02f819a2aa34dba1c25be27945507a3477b437525b81aef2f0b4c4f63483026b5e34d44705b76ef29f7f6e0a2be625eae975e02069f6f24e1e1bc976d965ddabb01085f16bff63a06578d6d184e5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8eae87691e6e365a70c3f15871565bba8dd8a8ca049f798abe646f738bebdfc9d8a5edd7a19ca7a42bc3f1db37c17f22a287c6d31a13db5dfef409eb1d3c91c05000000000000000c4736c81936315418f26770cca4e2f89800d18c2a30003b952ae1ebfd0ca88368ee6ce139e8b5822422cf4c9dde943d34c432e1001171792c65986146666a549092398af45ba38c41fa7e0fffeac41824ca1fd0eb68aa243c9035c788d5480e5aee9c9e5f2e5a3628995b1531bd20360d33d8f9ffffff5f4bf6ea0000000000000080ca02ee3686da707b56d8db491ba0cc33f6be92c55969a2b52a25419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9bc31f09832d4788be2a442aa81b259e9eb1bf5314844051f3a642aca9ff98c9036471ccff0522903e7bcf62e18f7796bbc280b95e8e0d6fd5644b0ebde3885b06548862de809d3dae3cccf109f7c78e8479a345e805e4acd27dfa82cafc6b64b1f4659834aecbed6d44b11a443c5ba92a326dd10921aa79c62800844c7a59f55ee205a11ab50fb402e7da6ada561ec1117cc186b01fd5c20680c580dc31b0963ff953ce09148e8dfea9d03a61bbd2bb173518507a3cd0e37c4da0a71eee31071d5d642498181c69cee3b2e414ddd6a12ff4bdf6e96c247b6025d4376067e25357d3b521a5b927d3392a7503718aea2417952cf6a0c6de4e61b49cad1e4d6b000000000000005b2d16877299acefc0fb5bc1422c3d425d988eedebcf242b780a687c9acae2a5a71c2a16a32ceb377f5d54f9b2fa90b2905906e611be56e9eb0cab20c290a1f6c09272dbc3b2c0ab2b5baa1b07b16e81f278e54a479f1a068658e3656cfa196d6c050000000000000000814955c62a7d72b317399e572a7f6a4657b7cbe066c9179ffd097d61fcfd0fa1d46cfb110e3e8cff5579e83f2820f95eaa0c609f666950c24311740e36de8f65708cfffce788c99ef8f62fd2398e999b220125da8eb07947512365abbc5b84ef524bdf184727c67910051f204662264607d548dbdffe14b4907c49f604e5a92e3f9de595d31dd084adfe00007267f226019ef0a25bc15da71e893856a2182c3167d8ba73f7c6294b159a426ce44cd73f000000a66fc501eae0c3504c1400697ba69fd9b7eaf49aff6a6aea529610db8dfef86c3cc698e9fddf1b132876159972281a90c3a4cf415df25fbcdd35cf8368f068c4481844bdd0dda553e1cb0966d5686013d382956d50055dce0d1ac225c1d77612b1ec52e743dbc51f25cc07a202b704577316913cf667fa65e476f688de2d6c54ea192a569eed05d0d7536b3205c68d4ee0fe318ed3112c76dcf128a1d5595b773ef4c8a7ba4e10381de8808ff02dd0a7b996ecf1c65e6d9db90c87123d9cb3945330f7a270ee0cca35b133b249b800a34b0942d97b55d808c41ca8fec0b2f39f505140751b60f29a83e4bc0ef2ffea443e4aa221cc38a503add16a2c98cb589e1dac1912b4142a3be30f50b2d947ffff0000eb38030d0c0ce0598700130000000000000000000000554361e1628ee0017ad19ca787f2c078aa260701ce0800000080623902000000000000000000003d118a04fa6a80c4928c01ccab57bdf4eb265ad15004f967543fe6e6ddc2a12165fe3a08bf9475ee0eee3539369b0e566fedbd215a6ddd4fe03dcc7a922e16410d820747b7e806c0f3b6f14c884d150a0ff07f2e0000bfb083c56d3bed0a61fab880f8885c612ebff8523d14cfb12aca274c000000005e5155611969f6e67dd83b20206207cb8b2cd2fab6fa6d7fdaed6a27a2e4db1d5adc80014ff11d9dbceba41d8dfce410333a054e82b1d050331ce0aeacb843b94d67f69f49eb4dd3b1b85b018359c32df01db8ebce0dbc36cade09c6b44f6b93d28db8ae4db5624d8a02f7be91bec65e4b3373059587dd6528bbc48e3379d477d482faff738c39c61cac1195043bd5b70c0860c1083a169a8263e9aec56b9f7795fa27634a7f06359e3058d2dd69c4e5cc11b36d9ed9c4b2867f583de6fc582f789722bd1500e64c495abdb72de2c739d38c72f6f4fb1946081dcc825d5b5b747e9fa1b5226cd31e131263f1fcd5d45a630b46d04af906f0be464d829dd2dfcf7400002b7827f6d957e51bb1f1b44a50200c9dfadfaff2e32baa9c0edaac7144e174dba582a951d2b03c27219cec4fbc7b6e99c3f00188941e3fbf008cbace177ae250fd757a22e21ec05aa45c91e1345ca936184c3fc28153283e13654123cfaf4e666e80f34d0adad1e2116bc385f888405d48f0d386da0cc6068018e45772a68f2ea3fb7e7207000000b24088014c8e64f03d053c4e02ddd08b262e422eff1c9f124b892b0a9462b07d4f88c0693bd9c54ad2ab5227aa59ef2b53ac528c0800000000000000ebfde0c4a37c2d55c176680c4207000000e4aa467f995c9bc99e60441d4dbebead3b436427762618810bac7308c6d3298ea932b66572825e62d18462d3b2342ba48c145ff4674a94fa078cc552d064da2bb69a0d269076f8957176578f44ffb8895fbd4e2a757a4249a855632ca30e09789811bd5e06840f8848df72230a28e0304569bfa0350b6dde9e96273de1758505aa1ba89dfb12be7a7c6dd18f6148354df7e60a489dc543ccdee1fff9d8f8d78844de27a77ef1181d5055c2a193a5763ed7749a17296c76818b60426082c86619dacc8a884c4de8572a044faf0c8e4377776c8703ecf2e3f1c3d6410000000400008369f062639e3ddcf725be54f626448fb7bfc74c183b26e31b71a390ccea4be07278dd12fa16848797397b76908fa03613cd961b98b26a0879ccba4a78c82958764bce07a7f70df1cef6d4db1ddbda1db18e4f41c390fd3cb862216ece39a9ec60bd3bfb41cb630343b32ee5f9329dcaf33be8c87cc510557460d14421e1d26322ab64388f2ceae70922989f66827fe9acd2ec3ece39f3b4ffdc4dfea3da6ddb002512e2313253801044e751168e32d7bd6800000000a21008b8d26dabe977c503c30ef7c489e5ea1fff041e54de54cfeb258f2387dad096b72a78d934927492cfc773c731cca9b13b3f6e7760ab0929c46f51ea5643f3df4f4044f3ad0a6ba739e72d8b8b2935d81534bea8372bc590c111d573e04280659a096eaa495a4154daae7d1800c130d920964845c50c8ba4763b19b6008f6d7a5091895c7a4b7816ab706503be879b18b778b0f61ecfde2f8bbb32cfeb766ec4430ee0ad45a0a263ddc4b2f47680c8d53439f8d388dab87112c83997badaf8ed85cd5b03a7352a0fb83398566d1bc133582ce2d9f601cd23eba4432180b2d5c3019879cd949a5be1b241b3d0d0d52a3529cc9e704a9d8d54f4f7b776a969a4505e18fe5284985ca7d112c397d776e3baba918b7df456bd970e761e00f3b0efa5ce4246d9f08ba60da3be556c518a1f19504c7cea1491a9eadd27d747ca9cc5f92e30b2ca3cf0b142a8554c87e8026d4e586cf5f7c9d412e6eb4f66a076c8bca6b294305969dabb6c932b57a5dd4234bf1ed3bd095229ee3cbb86883d574c5af4bb78370561de3fbf55bfcd2db3979eb1be120b5795443324023353c959fd965702f1cd5bcb3c16d4b8bdd9fc87c862c247e140379ef098c7b3fa79a6638a245b6a74f14dde9bd4ee48e62cdc70f486ce38641e4e4309aa9f4bd097fa1530db966d9919544ab4890301e51f9525436f5d9591460340f5093161a78a249783945407f2576d6f35a99e3521d7991e3fdfde5ee7f6a8ff8181a68ef15a2ebfe9e22d7c745949ab5cc15b9f5659799b5e006f09f5173e260b82f80ae10adebbf9f623f75bfd4d83c4859ca9b652cea33daeeef07b60c78a21965bcf91919071c7ded1ca0fbea5cbe54ee42fb6809317dc0b7587d9322f8cd09e32675a187465bdfa101bcd9ac680839b375af12c160247dd960e70eb7ee60c52a900440aa9bd9a6b15a4a34dc73c3c4936d8986300fdc264b28537df387e64420f2f5fa2a31d24c1ed888a57fcc50400a084a38a3630ffc465f36a4b770fab0946148161184be39134542e934f3a538b011cb3928b4306301855c89afe795d881d4361e7fbd1fc2331b4e34733480bc497662a8234a7eeab3e65d6b0f5d92edff04416eedcd15b9ddbcb3cf9228afda6b17d44a276b205eabd0069f7e26aea50f537dc77b683ed83d2f9110e00a705f48e9d13378cf09bca22e8f45c4f360d5fff8b57a2a35f21c4513bcc0800000000000000dc5cc7ad7290c60bc609bff9be7cd922f474c3faa78fd42cba7c78d6d912656b6313497625e2f9afaba05b17ca242b7ca8d6556175aee38142a8aac5f677c2f8a6967f2cb5e97aae97a5e5579a706243688ac4d38a4601b4aadb2d319fe7d6bf1272fa3fa701338d7bce390e8bf959081ed39e63a431901d615a26ff95e1620a6c26eda4f92d83499a173e7217001f58ed5406ba14bfe611e5958458af7b3c5319fdb4c40b8d01365fdee93af6fad7c7a8da8646dc1379d1aceb72fd929e7de4e9620000000000000000000000000000007cf90000008f8a9da7a8a167815c6ffcd1b6863cde9ab45ecd8f06423198bb00cdf76877f407be46b0755d6be5afbb4cb3a8de259a8beb2223f28b855e2bdf4b31b91e5062a42a55bd95e93f77f2499391cf0000000000000000000000000000195007ad27d1d61dc4d5512f117f0ed554c2c88c4468a4808ae562a6bb1ff447d6e12da22ee9f0422a84f361684861169f498909c4841f4d5a0fa3b7d833075fdcd9c1d169b03d7df7f4150fad8b9e92eaf86992adbda360dd91de51c6df335445492608162fb0804dabdeac6fb70042f906eefd37f1d190a1c8a0d9de7f34dcc8cbd7b565fc675f3bf7aac559411808ee703ec3ad461c6ddc571994cb504c46eabbc2ff4b97df394bc75b5e7f45a4450753b576af95820540e1ac91a43954f0b1260fa3b351b5a424d2b2944866aff582486308aca33c9571d1928175737473eaba14c9818c05d57de4df75f08206c24f781a72f26159b0abf05a90364414c4be434323c0f1050494aed7d791966edcb89d555e9907222e9af2546f0d6f9e51d40e30c85bb10cef93aacbb2d1278ddfcb9c65fd6d55239b1b7097c262740c13c53937b6f11ca6d544789ad36df5721e198f3d7f3a70d987c534cd7ac8da762e6d8752637405ffc1399a79f6c266dda1593f18ea2fb93111c1416f5a07fd7d74f956b2f4f4f3e9bcc03613cfb2b89b42babeb5756a21af5d2f980f1eb505cee397fd4e2cf068804b31b8be623a04c103e0dd4f0c3626f6bffa8f9d597123da046692211f7ad0711469f4839d394ed227336c2394b9ba1c299e88bca4fd70723dcab03ed8de938a69c31cdb5dcc77df25bcae53d9f35125c9d19d6f948f29ed4cab2cff308f3d6230c0e1442f21163ed895e869bd37653abbf7ab3d48c15d8f4a99a1c84bfe7b76c0bb42cf72a1b871b6edf1ce441c720054ab2aaa9f1d7ce20f8827c967f61a4acffb1ffbe54dbf4b65f23f1e740412a6e90dbeaee4d177f7bd016ebf7aec4a80671f193d28eaf71043ca144f9dbdc8743d9dd16d17f87c8a84f66053460fa6de2a29c2ba81e4780689b03bb02c0249a645cb6282b91f7d0f412a823b81c8d6c39a4483efeaf68e6920255a38f3459b89eb3c1ebba6a1507dadd4e7bcbec4d5c6be67f2760ac557c71e79b79939d0f41ae12241b464390d2ff9c60d49c3cfb455ffa1a8cbe9df811bc8a917f2199884edcd83ff6978f9d1ddf702864330e896ef31c914685f74a4198d71b35fb3b6fe08d0bf6ede50ae5eea1633621f5b4ca1829d5525ff4e0b357e8dcc9026206d6ff395db6b034d6bdf697d0d05d79917684b1ba7153caee53f8769b72c566d8bf9545d857d6db6a9ad9f0d36d3bea290d73cbfd15044d245db5a8624a94555777cad157b12b98bbb1e4a71a3ca616c652fcf6c0354b96f20effea6bbbabe9287becc537db31fcca6216e63ac479f383a7de333167c0179b146806b71cbf473f05320a51373bcbf7cc2cde3e108bb8e2229ddb771c1bd8a0982cf85d01efcc572276f8dac8ce8cab40b409c8e9f9dc086ce70645d411be8563236eb1a5db6337e9d03c5cf3012eb1fe916038236df9cc3327fd0b4342f630e58d35fb5f635adcc92338f4d68ef91886b4392fd5b384600000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f00000002c0), &(0x7f0000000240)=r5}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000000000fe9d000040"])
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, &(0x7f00000000c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x1, 0x4})
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000340)=ANY=[@ANYRESHEX, @ANYBLOB="75f940eaca11ef5fd9be17102a3bb01cf2e058e2384188ae0e19419bbcbdfe12d70cffc4c6b8aa8783b94923d3b823c523c78c4fae3c015f1d18bcff53aaabf8b4510d5bb4eb03d07e85e87eb8df11c5702df9d2187af299057ba38ec786c3a6a9cb430dcab9b962dc3e2164340d2dcda82e40fb4be018663fede9dac50fb466cad513591947c31c12752eeb7c20556e66db4895022902eccb9f1ab2b44afc76cf69b83d97286d1dc3c30daaa5b729419a9927cbbd0a3037d1b6f0f0d5636a9360df6588de3cffa939fe0deea5a38d00dfbc6907d816f5fbaa4606e863d5b0a612193bc4ddb569ed5c45abd54ecb87f52e7bdfec4932", @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRES16=r3, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r7, &(0x7f0000006300)={0x2020, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_INIT(r7, &(0x7f0000000040)={0x50, 0x0, r8, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r7, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000777a078afbd825c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000023000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000db2100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cc2351270000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x10, 0x2, 0x0)
connect$pppoe(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x0, {0x4, @local, 'erspan0\x00'}}, 0x1e)
socket$pppoe(0x18, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r9=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@file={0x0, './mnt\x00'}, 0x6e)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

20.438484185s ago: executing program 0 (id=3462):
recvmmsg(0xffffffffffffffff, &(0x7f00000078c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000007c00)=""/4096, 0x1000}, 0x6}, {{0x0, 0x0, &(0x7f0000004200)=[{0x0}, {0x0}, {&(0x7f0000002dc0)=""/27, 0x1b}], 0x3}, 0x3}], 0x2, 0x2, 0x0)
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmsg$unix(r0, &(0x7f00000000c0)={&(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4040801}, 0x20008840)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000080)=0x7, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000001c0)=0x45d9, 0x4d)
recvmmsg(r0, &(0x7f0000000c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/57, 0x39}, 0x8}], 0x3ffffffffffff2e, 0x1000400000de, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x13, r2, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(0xffffffffffffffff, 0xc038943b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x27, &(0x7f0000000080)={@local, @empty, @val={@val={0x88a8, 0x1, 0x1}, {0x8100, 0x6, 0x1, 0x1}}, {@x25={0x805, {0x1, 0x4, 0xf4, "76022ce5b06e2db86f2273a43825"}}}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_NODE_GET(r4, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x140, r5, 0x2, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xc8, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x400, @empty, 0x7}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x10, @private0, 0x401}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x5, @remote, 0x8}}, {0x14, 0x2, @in={0x2, 0x4e23, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}, @TIPC_NLA_BEARER={0x10, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}]}]}, @TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x200}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfffffffb}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1000}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfffffccc}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x101}]}]}, 0x140}, 0x1, 0x0, 0x0, 0x48040}, 0x20040800)
socket$inet_udp(0x2, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x1ff)

13.369346374s ago: executing program 4 (id=3480):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$get_persistent(0x16, 0x0, r0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r1 = socket$tipc(0x1e, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet(0xa, 0x801, 0x84)
socket$kcm(0x10, 0x2, 0x0)
connect$tipc(r1, &(0x7f0000003100)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10)
sendmmsg$inet(r1, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f00000002c0)="91199893b794f675ec88239fef317c764ee3a8ecbdc2a8c32d46f77944d1de9f924d05d3566b8eb8f5750393c669559d05543efa2927ef0d2b10e3d4f8541f34e1c7c8ca2d1e811f67f3dc50fdd469af72a49e684e28a364f5da124dff2b55a5536aa670b82da70bf0f19cd420371848ddc41d65649fde307c1971599f2fec84845e32bb2b6ebda099de12e8b64842024389524a1c5a97608000d1030d99e2a6e23a0bc8", 0xa4}, {&(0x7f0000000380)="11a68683394e1541cc444dff7adf30f079408cb066a6f8f4d33c4f11850de78c586d1a2ccff92e8e83fb82e447d9b88de42182e9e8c97415f41ef8a504215a2b2fdb1404c9659fdb988d0f527c3675cf2b", 0x51}, {&(0x7f0000000400)="875ad17d55c11f1ea6ec6cd17661afc73209e32142961e4660591bf3ca40d05a507ac0b0e71f7ed4c63f52a003cc8102f20dc6e33b5dc6de64ac815cf87867507cc072f0cb762aa5deb8731a699d3c7c69f85266ba51eb244f20129de491adaeb0c2d2eb13c1f215ddff92b05148f0ad513018b14798e45e55ecb916d4dd89f2df7e33c470998f325bf453f929d86196", 0x90}, {&(0x7f00000004c0)="1273dd9951adeaefffe3c4957c86dbff8693adf2202b620b3aec000cf330bb7249", 0x21}, {&(0x7f0000000500)="4167c4fd9ea8b423c01e798bbd631e888a04e31e6865a2d55b31833b82989759c0f3241bb5ebe979636a5f22244112d95d11a07cb172724ec37ef9faaf227d64f5190c9d82dfe194b2cf6d77e917e513170fa1e8e4c82dd9898b4ad23e677261595ec62844104d7ca15aa7eec90685ad92f2cd5b745910e47d703315a0d1d3a6d143575da2604e54bb1ddb295e590a1392770befa52aaf1651d375682bcf94e5da4ea37e1cde1d2a80890d896cfe4d08801bc50d9bc08480de2b2710b694ff7fb5bda12cd8a8cb8dc18bf0c265b71aef50ec0ee22e1968a4f3487d8487026bc2b721692064dcfdd1b6b6aec3e8da3d0ab7d3cc51e2db33c169e6354ea425fbfc1bc39057e64d3aff3749d60edcf0a50fe0e973b5ee3a7cd45ad967564fdbc9832869346037dabe420448b5089ab553c2c87e94befac8d3a0c2a56ca2ab778c2f34f571217c837580e8a524db35baea8024482bb32306182faaf39bb1c4e992c4440889e274952ed3d17d5e87224fec8048e6b7344270e046ab2fdda270ad4e5f651fd6eede5d42d9599265520d45d6f500fd733372a62ab4f496b56839b0d6418961a3b6016c26409daba4f2beeceeb38cc6ba75f57e8ee45d8a6c2ecc031c9469d937b9d7db91ded158ebd7f7d512d445f4104130a429ce7fce52d3fec37df953fc6e6adaa781b820b4bb6d4ffd2c10a16f9583890118793bae09157d3ac5625ad8e66a367488e2722bb82161661711d91a5540a92e3de7506861875575d40465cda28989cbc46fb3d80c2bc7e96afbde1cbd2e89103c55bde669c77b774ea570b26e93a1be5e50269ea5f3355869ac5a9701ac0e7d8f69b0a3186e118c6e2ce8e946c95bd729d94d237e5915e2711cc82826f147176a8a0555b9e11fb9a8ad736d016d202cea43b10a5102e48387ab70069b876051ac0557528c14748aa9cc0e0d9bf512533bdc83610d9f801ec4ed512a4a877e2f45b0cbe87ee25a314d481153eefe8643fb2f3e0478353552b0ae863635ab12e7bf0e4f046e8ba9cb7ce3189d52b2a27ff9e4eb5bf8b12d09d610705eec149589bdd38c951de63de4e3065e45eeb261a72c980349387514cb42467e1fe5812abaf4670e993c6fb561e5cccf7a472ee874bbfe73412bc63f706424f174afd1a3f16fb8b8305d932d33ab211d473d210b87e2f20b6ba951a2b98206793c04516fd57fc7365cec4a1831548470ebefe7f9487cc7b287b2f45eb69b4e165b9f3404d8ac84b2b57ace34de669a85fd885ecb055a6fd2ba5d5396737c702c082bfb35f3ccace91eacfc7a71b2bca1e228170ad6d194aa7c2dc2cf5f0bce153ac1befb2b82e6cf1f12d28812e309f5da0dbe1cad03172d296fa13247b1952ec988316f668aa65e1ca7e9e383b115ce5c25130955c118a0b4567bd180c07ce18bd0c459cc33ed7ba1c43262034a60711315ed81bbc95b7e3088dbd22b976fcd18bae330f08c89236f770478305fac20b5d9bd5cbc98c5c0f9713345c7362bc0e0bc78d212433bcdc6142989bc6ab82160df897825aa906d739dac905a434c90b2cbc72223011ea11480278b681cdcdf5fa63ac5f8b8f1f3ef7d4eb02f422e9fc52b98163630cd2f130f076a33bb011bb8e42800c9475f5cbee042b79fda44b6432b126f085a17553b82d9cae519ec239a9cccb99444f24b8f11e255e31e0d53a28e36949a3f8238c2ea3f4e3d8cf3b85b031c962504d00a4e7928b5fa2fab311bcc54d68738086ce70a8e5bdaf425033036a85e59aa3bb1b01f8b6c6a2e221c69e48565b55a196b2dc9cb067b4ccf8a7c81e31795a8b74e8940455126f19c8bbb9b941cc66c9443fd13e20c2074a9c3bc1740262c1fcb8e9ca5ac5729dfe6e25561eba41ccae8ca2e851affc1ab4ec912925ef7ccf72e97c577413260ccda170d75741336f837258a59da907460a2917f652c6e4ebc0467da8a95f2ceae9afcc4e0d1f4b95fc68b2f5e32af96fb12a8e7f3140dd235a30e5ad94e78cf58ad75ca8a871a70820090ba510e7563c0f78cf364369a51fa6683ff8d24924ceb922927eb0ba1395b7a4f37d92913a9688ef8428a887f1161f10aeab749f5ea8ca24e579008f542a9b785841dae071b94b5a8ba79985930f60ac2c93aa002d84b212e2e2b6c9c2a0694595dad99fd1f27d0044481ef5b364a059599ef982a114a61094b3b7d0f9a7b78d7615cc8573430e676987ab7421fde9abeb29e4529beb6a2724bed86a7b1d27ee73585892f083fad4307696a4166356b9c20a9579bbf3e8cda9ad7ec2b2bb973d05cf8d9457dc03eee2cfbf630dd917768ae652c0627e32ebb4c62951dfbd8e074dfdf02c5517ace50d5813c8d8d7f1fc0fc63a4fae5c2bcf26560c627500e03692384630be287790d545403adc500ef732d66e269b8b051aa57bb865a9b709c7a0426188daf29caf1d062b104592b4f6acc86895956d8085424dba0bfafdf900419f2227db1eca75b338091d23da2067566c6d54de1604bf8d4cce8a0b4484c4645a305861bc46ebccafbe500e01d51236b40027d1b2c7a72937b15899bb982c880d83ed6b70502bd0d68d2a2146a85c6518a11c386df610243ec513e7a284a81c841f9201ee3b9d3a8f44cdf52ec842e07c1f2f35e2a5b17278dce1f9b7fa09866ecb0d2e78fc8095b7dee81d3e308fd10a1490036194bfa89c118bd9c72d4747b90724d7bd0a7ead28c89c23cc6667c1a8b362ca5385d24b2c1265957764a4e46176365a5348bcf85c457921e7fa6c9e165b6c4d8bd9e8782c96839a5fd2679cd08f656ca5b41d00f8429d517a0d776049918e73b4a258fd2a1576b6420b67fc9ff3520556881ef4838e973f552edebde686af1d55e6172e5bb9b01543d32c0c7753b380dd9ed3f5c0b663a9b1bcb4bd36a365172aeee96a8d69c1e5c5b6c88fc9453ace6aa24bdfc1cfa27ea8cc36c80cace296259545a4e155d154ccbf00ae4ff912c583c871b7cdb46813584ea14bb6943d16b3f12e8fe149076e5e646e1dca0bf121a2e2fa09816e9056aa1143988ff17c21c49981445d98d88fd4bba6a59d9f97d301d90e3754103389b36308713c1ba31031e42f2d759343a95bbae9c01a3bb3e6b537b658d1c028c8ec3126bf79db223a3320e25a671ef834c924f02c1bbab338517accb8378f945cb1d65d4dff90f1e3af8168e33a5a124aef715b656075f6a62099afa110f2fe5eb83e0b3e36df91be2125be6500e5f3a81f8bc116f42734c784f6bb6c7e968610243b06026a9def4e85f8344fae36602aa3795cf71ecf7e57a3da0bef859daf649abc6390e86edaa84eefe48999ddba9067b90dd5ea2477f150ab588dadfe79ab7524157d1b94c738ca3345ce8657bfac981cb30b7c0f05f96dafcdce3e41471943609b121de1eda3e95a1c31bada084beec699512c7d5cec71e06a57c177ca1f383120bf46a9c805c9220d3d0c6807d60e6b7f9c80de1d815bdf1ebe62338862719eab55ef4971a69c76aa2f25c3c9d0c2e5c7857a86f9ab26c3c6aa395f2c366548f60a40abbe14dd011358d9b3695b8a091e16552478aeee1e2e91abd67deeb15732f428c3304a2bf2e4cbb3768875b35d126ca46d29e506ee1e0aba7a17eba27c19d7626064c0a17d7ee7f2f220e5e28bd7d691dffa84f2a2f92c924b87da382ae9a688ad4322fa0cc72604fc43e17002b8f3844a7431205de46818310d0fcf4676f45c9941dde767c9a4376e13cd7e91308cc0df25a4c79e390674fa0161695cc9e9bee12620d8571a4b3800370cd01bf0546758a048563539edf15d58b108159ea5fe0f038281c7855bbd92cc86de38df60b8597f4bce4ae9cae1647b5024bfb73630cdf4d1827a5f0ff779a1e6c6efbc6561d06b249986703b9dc61a63e2068e4786e6a8be34a808143301ef00f21bee8399d88ecffddb4867790d4d1cbe827a5a220834ba831d3ba424ff8fc9a99b175d2feca9f581e24bb69bdc4f64a6ea0c9c37d6976d15e9388519a2bed100a2a8358215a8b63b6e25a677875ee2bc3fd9c77783b39a166b863376b496775b83804a2c7f5363cca9ade819034afc2f7b40ffc316089556dec2e55e1bd92c9b905d6b1b9160d6c492d4384acd7e380874939b1ab02dbbacfbedd74cd524b4eab643e8b92d38d9fae446afd8d774d1c933bce8c341f0ff283acec3bbbbfdb06a15eb88ca6600542dda45334a374e31bae", 0xba7}], 0x5}, 0x1800}], 0x300, 0x0)

10.751043735s ago: executing program 2 (id=3483):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6000000002060101000000070000000000000003140007800800114000000000050015008f000000050005000a000000050001000700000005000400000000000900020073797a310000000011000300686173683a69702c706f7274"], 0x60}, 0x1, 0x0, 0x0, 0x20000805}, 0x0)

10.284067634s ago: executing program 2 (id=3486):
r0 = socket(0x2a, 0x800, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x48}, 0x2) (async)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x48}, 0x2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500f0e66f1500000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e00300002800800010010000000100005800a000400aaaaaaaaaabb000008000300030000000a000400aaaaaaaab1aa000008000500", @ANYRES32=r4], 0x68}, 0x1, 0x0, 0x0, 0x4010}, 0x24040000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6}, 0x0) (async)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYBLOB], 0xa)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000000c0)={0x0, 0x7}, 0x8)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in=@loopback, @in=@remote, 0x0, 0xfff7, 0x1, 0x0, 0xa, 0x80, 0x0, 0x84, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x400200000, 0x2000000000000800, 0x200000000, 0x7ffffffffffffffd, 0x7, 0xffffffff}, {0x0, 0x0, 0x400001}, 0x0, 0x6e6bb4, 0x0, 0x0, 0x0, 0x2}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xffffffff, 0x62}, 0x0, @in6=@mcast2, 0x3507, 0x3, 0x3, 0x1, 0xfffffffe, 0x4000001, 0xfffffff7}}, 0xe8)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) (async)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x7, 0x7, 0x6, '\x00', 0x6}) (async)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x7, 0x7, 0x6, '\x00', 0x6})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r8, 0x4400ae8f, &(0x7f0000000bc0)={"c718ae3ddd25e4c2826499cb6a055b56a5a7336f377a556f824db28eb6743cf045afd0e932534b9eb3b847abbcef63c85319991745999ed89ff49783a84d57cf175a89f8733d74a1bdddcb0a6c3f7535ef976e79da1b52de6403f6710d606fafaf685ec19f369b7829b12aa2b8cd2ab52f9c688683979cdb9516cb61f2adb9aefd44fce30bddb81ebefa818f31f60d89a4e390920c7ed0e2512fd59f719e734b0a1d1f3ff7babb54258a1585514aac353b21fe733671e0543929c06f72fc598939003ac6777f3497523536fd25ac4f1e265f5038fa7455f2cc6131d4a189a16b0f0b89e6a495e1d95b840c36488adc22cb2d1b8af57f6dce7214152ba1b3c0d3ad0a6db821518e44b24cb36a02d76ea11a1c45879fc77e7bb2af8c345ddddf49f41228df2114f2c27d16499fa36097a5015ad61a6a9484c09e0a2dfb50f7b7ca71135dc32804a80380a6e20e0ae03be775e472cd31d6a31e615937c38e746a5cf6c9d8194242990dd497a2c52af50300000000000000cebbd983c3f86dbe92c4b751c04693cb09af88521ab305ceabf6d2bab40bb1b219fbe95ace2f6c49fea798e76b4ef336dff5ac0f7ab022b800ac1aa42fd231b52465a410177ed85dcc9c6d794e2aa0b90cdc409541aa85fa16e3cbc3a9d6c83ffd4d01e5ba898555eeffccf0cb28ce5df0ba31cb793675276162de2fdcb486455bca57edf4fb14e1533554eb22527d66a28a960c430f6136927f54e670c46292454fe28485f35405025844fd24fe846f6656c77d9b5f2b4750ac4805897b02c85caba80000bb96f71f468c9e746d860238b3b113ab1eef51e1507f8832d5d69528083d44548e491477cda51d7e083a134097438e9d7ea34eae8a2e6b516327db9310c7478a37f5c562037196131cc7c84fa29c3c2576f2ae7570b5a98aaa49ca7ddfd5a8c046ce82e4a2d06082ad7a3ab0dfbe208630b1410b674781855752c9c57c1c5ab0a74a336ce89b3a9c0d37a3ca4e698a798a85faf7f4f1dc020b7dd5750062c9810c4bc1ad7afe338f2b0f29059e684fe16098eb30da105be01ca11a293635dfc6d25ecc770ba72792fd3c6851d951b770d0f9edafb1cb4241350d85b04ed737a9bfd7e8301c43b65a95dda76d6850860ba3195040b14c8ad1a8b52472787621147182352a1dbd93595cbc26e813ccd75e16f9247fe82ed150c121f0041022522ec76476f0a9cffa3be1d3ffffffffffffffff29358bbfd8b7a12fe94a0355beb9420eee0a5c11220100c782b89e9430de84b220e8c0df4bd40be3400c58f149319f891fe86fba751dab3326bf2deb9e782b37ec9c7adf36025a091a4b3600"})
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10)
r9 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r9, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000400)=@ethtool_wolinfo={0x6, 0x0, 0x2, "f9090800"}})

10.243294922s ago: executing program 4 (id=3487):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r2)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r3, &(0x7f00000000c0)=""/28, 0x1c)
getdents64(r3, &(0x7f0000001f80)=""/4104, 0x1008)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000400), r5, 0x0, 0x3, 0x1}}, 0x20)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cgroups\x00', 0x0, 0x0)
read$FUSE(r6, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000ec0)=@raw={'raw\x00', 0xc08, 0x3, 0x440, 0x310, 0x5002004a, 0xb, 0x310, 0xea13, 0x3a8, 0x3c8, 0x3c8, 0x3a8, 0x3c8, 0x3, 0x0, {[{{@ip={@multicast2, @private=0xa010101, 0xff, 0xffffffff, 'bridge0\x00', 'veth0_macvtap\x00', {}, {0xff}, 0x5c, 0x3, 0x2}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{}, {0x16}, {0x4}, {}, {}, {0x0, 0x0, 0x5e}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x6}, {0x0, 0x0, 0x4}, {}, {0x4, 0x8}, {}, {}, {0x1}, {0x0, 0x0, 0x0, 0x7f}, {0x0, 0x4}, {}, {}, {}, {0xfffc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {0x0, 0x0, 0x40}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x80}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfd}]}}, @common=@inet=@socket3={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4a0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4})
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f0000000280)={0x3, 0x0, 0x1, 0xffff, 0xa, 0x1ff, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

8.142917489s ago: executing program 2 (id=3491):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg$inet(r1, &(0x7f0000004880)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = syz_io_uring_setup(0x66e, &(0x7f0000000240)={0x0, 0x29cc, 0x10100}, &(0x7f0000000380)=<r3=>0x0, &(0x7f0000000200)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000001480)=[{&(0x7f00000002c0)=""/188, 0xbc}], 0x1})
io_uring_enter(r2, 0x567, 0x0, 0x1000000000000, 0x0, 0x0)

8.015579051s ago: executing program 4 (id=3492):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
fcntl$dupfd(r0, 0x0, r0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
syz_open_dev$vbi(&(0x7f0000000440), 0x0, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$iommufd(0xffffffffffffff9c, &(0x7f00000005c0), 0x40, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6(0xa, 0x200000000003, 0x87)
socket$netlink(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'bond0\x00'})
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000010025bd7000fadbdf2500000000", @ANYBLOB="138000002b9201002400128009000100626f6e6400000000140002800800", @ANYRES64=r1], 0x44}, 0x1, 0x0, 0x0, 0x40448e0}, 0x4000)

7.900178672s ago: executing program 2 (id=3493):
openat$iommufd(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000006940)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000003c0)=""/6, 0x6}], 0x1}, 0x53}], 0x1, 0x2, 0x0)
socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$sock(r3, &(0x7f00000044c0), 0x4000000000001c0, 0x0)
recvfrom(r4, &(0x7f00000000c0)=""/60, 0x3c, 0x40, 0x0, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0)
write$binfmt_script(r5, &(0x7f0000000100), 0xfffffd9d)
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000000)={'team0\x00', &(0x7f0000000140)=@ethtool_sfeatures={0x3b, 0x2, [{0x7f, 0x4}, {0xffffff7e, 0x1}]}})
r7 = socket(0x1e, 0x4, 0x0)
connect$tipc(r7, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10)
sendfile(r7, r5, 0x0, 0x8010002b)

7.771726074s ago: executing program 4 (id=3494):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x800000000000001, 0x0, 0x2, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r3 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x0, 0x10d)
syz_emit_ethernet(0x7a, &(0x7f0000000280)={@random="856b934629fa", @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "381f34", 0x44, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8100, 0x0, 0x896f}, {}, {}, {0xa888}, {0x8, 0x22eb, 0x0, {{0x0, 0x2, 0x9}}}}}}}}}, 0x0)
rt_sigqueueinfo(0x0, 0x21, &(0x7f00000002c0)={0x0, 0x0, 0x19})
syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0x58)
syz_usb_disconnect(0xffffffffffffffff)
getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000380)={{{@in=@private, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@broadcast}, 0x0, @in6=@initdev}}, &(0x7f0000000040)=0xe8)
ioctl$TUNSETOWNER(r3, 0x400454cc, r4)
getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r3, 0x84, 0x1c, &(0x7f0000000000), &(0x7f0000000240)=0x4)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, &(0x7f0000000200)="f40f01c13e0f00ddf3a50f01c8b814010f00d80fec4f0066b9860a00000f32070bc43a6df9106df910c0663503000000440f22c0", 0x34}], 0x1, 0xa, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000"], 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000000c0)={[{0x3, 0x8da, 0x9, 0xfb, 0x9, 0x5, 0x4, 0x81, 0x8, 0x9, 0x77, 0x0, 0x316}, {0x7d, 0x3, 0x10, 0xfe, 0x4, 0x7, 0x3, 0x2, 0x7, 0x3b, 0xa6, 0xfe, 0x10000000}, {0x1c38, 0x9, 0x80, 0x5, 0x0, 0x6, 0x9, 0x6, 0x3, 0x8, 0x4, 0x0, 0x847}], 0x8})
close_range(r0, 0xffffffffffffffff, 0x0)

5.658558671s ago: executing program 9 (id=3499):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000080)=<r2=>0xffffffffffffffff)
ioctl$VIDIOC_QBUF(r1, 0xc058560f, &(0x7f00000000c0)=@overlay={0x7ff, 0x7, 0x4, 0xe000, 0x6, {}, {0x3, 0xa, 0x81, 0x8, 0x8, 0x6, "33e7b9f6"}, 0x100, 0x3, {}, 0x40, 0x0, r2})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = syz_open_dev$video(&(0x7f0000000040), 0xd3e, 0x0)
ioctl$VIDIOC_G_SELECTION(r6, 0xc040565e, &(0x7f0000000240)={0x1, 0x0, 0x0, {0x80000004, 0x8000001, 0x2, 0x5}})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x81f8943c, &(0x7f0000001500)={<r7=>0x0, ""/256, <r8=>0x0, <r9=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f0000001700)={0xffffffffffffffff, [{r8, r9}, {r8, r9}, {r8, r9}, {r8, r9}, {r8, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {0x0, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r8, <r10=>r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r8}, {r7, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {0x0, r9}, {r8}, {r7, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {<r11=>r7, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {0x0, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {0x0, r9}, {r8, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {0x0, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {0x0, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {0x0, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {<r12=>r8, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {0x0, r9}, {0x0, r9}, {r8, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8}, {r7, r9}, {r8, r9}, {r7, r9}, {}, {r7, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, <r13=>r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8}, {r8, r9}, {r8, r9}, {r8, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r8, <r14=>r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {0x0, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r8}, {r7, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {r7, r9}, {r7, r9}, {r7, r9}, {r7, r9}, {r7, r9}, {r7, r9}, {r8, r9}, {r8, r9}, {0x0, r9}, {r7, r9}, {<r15=>r8, r9}, {r7, r9}, {r8, r9}, {r8, r9}], 0x3d, "d94f8855f202c9"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f0000000500)={0x5, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r16=>0x0}, {}, {}, {}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {0x0, r14}, {}, {}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r12}, {}, {}, {}, {r15}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r13}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r10}], 0x7f, "d8e60987fba2c4"})
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r2, 0xc0709411, &(0x7f0000000280)={{r16, 0xffffffff, 0x7, 0x2, 0x0, 0x8000000000000000, 0x80000001, 0x8, 0x100, 0x4, 0x7fff, 0x7, 0x5dd27d8, 0x3, 0x401}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000340), 0x50000, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="020000000000005a02010040"])
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000140)={0x0, 0x5, 0x3, {0xa, @pix={0xa2df, 0x3ee7, 0x32314752, 0x0, 0x43, 0xfffffffb, 0x3, 0x6, 0x1, 0x0, 0x1, 0x3}}})

5.131791427s ago: executing program 41 (id=3462):
recvmmsg(0xffffffffffffffff, &(0x7f00000078c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000007c00)=""/4096, 0x1000}, 0x6}, {{0x0, 0x0, &(0x7f0000004200)=[{0x0}, {0x0}, {&(0x7f0000002dc0)=""/27, 0x1b}], 0x3}, 0x3}], 0x2, 0x2, 0x0)
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmsg$unix(r0, &(0x7f00000000c0)={&(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4040801}, 0x20008840)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000080)=0x7, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000001c0)=0x45d9, 0x4d)
recvmmsg(r0, &(0x7f0000000c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/57, 0x39}, 0x8}], 0x3ffffffffffff2e, 0x1000400000de, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x13, r2, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(0xffffffffffffffff, 0xc038943b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x27, &(0x7f0000000080)={@local, @empty, @val={@val={0x88a8, 0x1, 0x1}, {0x8100, 0x6, 0x1, 0x1}}, {@x25={0x805, {0x1, 0x4, 0xf4, "76022ce5b06e2db86f2273a43825"}}}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_NODE_GET(r4, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x140, r5, 0x2, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xc8, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x400, @empty, 0x7}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x10, @private0, 0x401}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x5, @remote, 0x8}}, {0x14, 0x2, @in={0x2, 0x4e23, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}, @TIPC_NLA_BEARER={0x10, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}]}]}, @TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x200}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfffffffb}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1000}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfffffccc}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x101}]}]}, 0x140}, 0x1, 0x0, 0x0, 0x48040}, 0x20040800)
socket$inet_udp(0x2, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x1ff)

4.837425598s ago: executing program 9 (id=3502):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$sock(r1, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4080050)
io_setup(0xff, &(0x7f0000000380)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x6000000, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000480)='m', 0x1}])

4.424220872s ago: executing program 9 (id=3504):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
fcntl$dupfd(r0, 0x0, r0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
syz_open_dev$vbi(&(0x7f0000000440), 0x0, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$iommufd(0xffffffffffffff9c, &(0x7f00000005c0), 0x40, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6(0xa, 0x200000000003, 0x87)
socket$netlink(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYRES32=r2, @ANYBLOB="138000002b9201002400128009000100626f6e6400000000140002800800", @ANYRES64=r1], 0x44}, 0x1, 0x0, 0x0, 0x40448e0}, 0x4000)

4.121683983s ago: executing program 9 (id=3506):
r0 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev, 0x2}, 0xff3c, 0x0, 0x0, 0x0, 0x0, 0x3f000000}, 0xe07e872420dfefca)

3.849918557s ago: executing program 9 (id=3508):
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) (async)
r2 = socket(0x10, 0x2, 0x0) (async)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r4 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e24, 0x4, @loopback}], 0x1c) (async)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, 0x0, &(0x7f0000000240))
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002700)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000fc0)={0x1114, 0x33, 0x100, 0x70bd26, 0x25dfdbfd, "", [@nested={0xfa4, 0xfb, 0x0, 0x1, [@nested={0xf91, 0x13, 0x0, 0x1, [@generic="783cabcf3de8f3c211caac293bfba1f6c66248e2705bfdeaf3e518701e75b6870e949c9efe541264de467766dfe253da80bc4601fddfb29d68a356ca39cba5bb876bdee1d1f6640bb64e313f030da7715e4e5f282235c21405e318614f33083a4b615d83fbc2757362a21e81598dd1c94f416f7fe0291ee066acb78990917d93450dc091617b2b9b856b762e98782567c7ae32d25d68ac22ba4415ab4e9411b60459b5fe04a16c83cb50e70b539e77b39213d9c96b5f0eaa04346eb659528defaefebc201f6fd8a70ef275ffc1ccaf61d56015c4bb63039c3b5db172b76ef8c834ae9df36f8764c27785f4098f8bbe8190e92a2f53d0e17cbd0e3150c8839cfd779a96807dfb84d6d424978b1060dc0fe13a00d526681c018bd90b954e1dd4f36787f6cf693c4a428c8cc5a6c0c77a940f5911f6191babbb44ddb0874a2e573d9a4c41cc89134dc1498259ae3da6f5e2bb40631050a2b28b86f43fa397c8cb73698f2625d966e2695db75c2d719077e59f4278644ce09c0b5cd873f4ce68a6d88819c0caf1c3b58612897c74636701d99260c2ed0e29392f96e6b46a5d8e4797d49f7db2400f81bbdfe7fedab277d090a977eb6d3143e34ab570975d403d9d5975d8a1b373d0322e954d8921cca83c962e55959bb2b82ab789e617a67200d503f89c88d6e8f04deb2773349669e22cdc62f0d6037bc11334f3b7f3c203866d39f6f2f15215fa9a707960c2f6d5229ee00a879a842724c9f633dcb55114d5b4ae228f59001fdea972a1e2893ca0f1855a3918dda375af22d6531cf30c28f84ab3f45d7893f65a9ac09cca966c896c79172b1f8b8da2af3c82ad641eb3db53966e1f670fa1f94465c356331e7a9e39be91d6b2719780d650d54e75277ba22818857a3ce176b85f447a52d43e52d621422695ce1bbeaaa3611d296953b63f08238844704293e37334ef7dc826b87704ffa5e634c89fe70223869ef8484d0dbab21bf206fae62fa6b645ecd4f1f0ea1107ec9ae55882dd92b099da4cd71ab2493b81a3eee6f617dd53af22ff15b01e97689db12b6fe53f941207303d1e822a7b98303617efdaa4e844df85dac246617b3aff4cd0bb5db224a59fa4e7161c4862114cdec7a7b9f4ffcbd7e8a9dc761dc3368a0f37541463227ae5cf525441ab99b9ba09d70b4c2ad9719a5c48258398e77adb9d1f8dcc64d8d658cfcd1b5fef2669f1b2c19f0988268611a644f02f13b86377a9203c36091545f09d62c96c98732c2619cc81dbd4ca19dd62141ce8421dbc28de8b32fa91631b8957025c89812d5fdd72d79aa5d1f765aaa08317915d35ebdfc8a880923596ffbbe4bc6bbd81427869350d59a206c96c813efb25bade849f515e6b6a47c6ccb2131e60c8c05891ea8f065baf49459218c32257c13a82b423cee266dbf51f500ce996d76a723e662f3c3d2fddaff5c050f2ef2e17d0fafb0c42a82184201d8732fa4f1c370384fed4b0d8ee842f2de5523aed2e09e2c484f940a1736359711eb655bd00504e76f3c72f26970d3c05b00ea25803e8be24d7751baadfda870d3e0e64514f0b290a052071cd8f71a2c6ff4850b891c3f1818e0774794c46c62d511db9ee5b960404c866850602205b15b287e6d3279e6a5d1dce653ef770f68af6a16dfa552145e18dd0b185571f29542c24b753ee6ee5f5fb448afcfe643d540e7a120ebf36f2e4f3a30b46d8497ad69b5a55ee023709f640d44e1ba6a4da79579fbaf66676c8e2f60a1a8e3fe123a70b4604e75db29ee19bb8805e22195aeda6b0412c750e0043a53c673e24f9bf68544089b1bc8fe1763e0b157106cec5b21847eeea377c258bac16ff48a208b4c7d3cd1fcf410d22148beb6f95317061c1de7e2d87c448bc2c00069d2e886a7a37c4ced954d2b06ee6de91785a967d4dd117b83fdf7786133abd08ac3399ba7e6f521d933e14966ca444056c4289ec24c76b9eed38ceae0c5493dbe53c20063ac6f9290663cad2b4c73b5276bc5a17847e9098563928694a0316d7d73c4a439bd0fb91fdb520d9b92c5c686ed1122383012b84f4846f4d5e0c5fedf74c9c07ec64da1f2157feee49aa476a4d2b830f528f1c8bf8b7b76ecf7d2266ed1b9d8278a5923501cf134fb9e59f1ee9a5c1397387c2959e0743e634cc41782b57f8c7ea51525150c443066b352f84050fbfb72f55680f24461c791024efa74022caa8d58f1e9985e910f25aa92bfe756ab3eacf8079e7eb7f970165b3ff1bf1ca457ab5f4d9a1a08448ffca704fcee8030a7d8aca43ae64b0be45efd5151bcea83845720d210aa76ef748810e46ffb0cdb7bad706a24d6cb076171a6b79f5de5ac6b8190919a68b1b41b173914dd37d599f7a78587c4ee606b31949a88e6a790eca971c348d32f05a22e68d22793282b716d151d9de60e24cc049e3bf4cce36fe43b5ea824a7b3c854860ceed13d466439263353e81940e7ded03f31211cc714f4cdf240516025f1f5621cced4b88a4e48c940d6f46ff2f57f0583046b650a440c4ea8e9fab79e98d7529db2f11cc7529bb361cf8cb65600ffb36eb5fd93acbdd58398ecbb0befd277e267051f93dc3e7c6a5212c2ed990eb60d9d451b4458cb44cd691dac77ece483236e3006b7f7913e39f685ca41bcd1692494370acb70d0cfdc9e6de0bcd602040a0bc2de02a8cd477fef88b5410f5dfea1cd32d25464853d56c82abd3c11caebd992ca656e88a10ca2779f887472d5064fddd7397eb0205c419b23c2756a3b9b722ff273907c50f8b176834edcc1268e036214a2a25651c719541a4f7729ef7e32dee27c5b910bfea677c562138b30b3355b462c8f910874acc292f6787f8d94fa1cb2e648789cc67d05eb49d6d3c8788a024e3c523c4ee282764090044b44f30a9848daf2522b76448ecb9249ffe58dad4363b1d08181131a89af718ecbd5ffe44e032ca26664eecabc9aa57a875b5964ea492b7e759606a3f4ab36130a8a43a19be74709dea4eeebf5e53706685122e6603247996d672dacdf1bbadf5df111cfe7e72f5b2c6cdc32c1e4eed30147c9a51c5abd4214c577c4c8d1725daf906d145c6ff2c9ab0fc3da4edfb92be40b4af234c2bc147b2d08a801b539928cb754f2f6d2d4280ee0c834ee4f5eb8b0662ffa6f7154307b0fe55fe248a3f953a09b06244674adbf31dd7489be3f26423140ffe98671ca413d678047096fcad53f5bca7e602354553af02c225a67e4e8eabf298495a99de9653638405ebe78dc75e6d16c39e1547dadbc07a014369e39175991368d05be623656c4ecb3735612546b9a9c1490f834cab7567e61c8b2669aa62f156f2ff3b76b32e11b0e0acb6c7ccd6623bef1a5ccbe5f477ae90b3918899fc6b6075c514deaf387d5f09cd59f3fb3c0a9614f1eec092a8f7c6bd200e04da47085d58adc08f1f0651f7ce0cea5792a30aa2bee9970913fc9e79bcf0b5c55adfa6967a44b84ffcd3ce7fb47a610773eb9323b8ab3b5b9670f3ddc06e673e5ebe929f1ae4508decd56a2cefc34bab4703bbd3d83fcfdc27fc4e8a799a34742526848f6aae932ec98959f46ea50f12e0ad3ba4ef50a7b4defdf2fcf8dd2afdb8f29a1b7eed384b17c8b4ff4cfc220745cef2c083615eee226bccb8f2b7faf5a8948e60edc37a644b70011ff8b608da74a3873b2d8a6ba50dcce8a5ed6fe96c599c6d0b8a431f0b96789e974ea48400b94c2d1fbb7a8908de838cc64d4de93d506dfb450012df4af40d5980aed567e0b94281f8109ae7cb42f8253783a9ccb1cdd07245b31c0a00f13b42eedea9dd6d031f283a277f140f7ccacffc4e76829fede0479d59a542f873524651dbed995a00749e1b06182f073ebc3122ef1b007436d9eeb89d4f82ad366361ae8bb54e795b5c3d0594ccab1d5019f4b9191fd7c84598c866a8f98b2759738a65af53943b466aec83bb055e8f6c6e7755862de6c4c203fa67663702783f5f19459620a99f4de75fc85efedc44cf65adaaead7038406ebc507048b115c44209057f887f204a60ad9f6abc9b7983b930be5115cd91de9723bef58d29e421e123c7fa19ac3de2900827041d096ce0d589d45159c322ff3529687b89a10dd6c628977aedb1547ab6630995b48edba0a6f0e9ce99166dd7acdab5253f6bd4c3891c45d6ce4cf136a7791bc553769b57559215f79051388cff4761a3a63f6c73d8d7aafa8053e4f764f1c37b8b57128ecea00d7046c7532576bd413e01bf6df40bb1c3bf0480efbb1407003a98b1014552d2a1ecf99ba29c063ba96b3555cca24a211c2c604766a6b503a875040039f23f7ed46566519ee1aed0167c774555b623bee2bcfe83459af5527b312a19298e8323cd9b3fe5e075ee0867aadae8bc81939919d6d36834a87c1bf9e47d467395892aa09f12cfc172a2a9a44a43ff880219487798a206fbaca25172b3f00867d3f100f355ccb987bd0c41c015d791bae97c258ea4138a377fee51219e917893248391b7b2fa8d1bedc3ac71e5dd6ac382a0c8e0753f16bda800108d9dcbf9ccb192136b1cc555129afd8821b007543ff2d14f07003fe05cdd5fd133295c36bd44aca53c8fd91428fbd72951d4a97006636456baeac6c4d2f75d864e5aec7e738d865f2a0e5bdfadccc2486241fb38c024f981b08c8ad06bd48e99ee116c764d894f39e603949a4644ab2ed942d933876f16949c833f0bf1962b908087ff77b9318945edd47cf5c6b329e0dc403944fc9fc49e0c88f0177ba649ce61b4758ccdce20df2abbc45fec9e350286898d3fbc0ace3f75a5d8667438217ad564903ce64ee98e90ea770e431bec58c7d624278c5dc5955a555056be562308c7a003abdeb13456d43c245bcaa63c4ed17a4fb73cd53d890130322ad78c9b53073e7146ee8cc36f29f632c0e554dbcf161ab7a01badd56a0d84c8f337a2a3248c4ec96445158cb59060c352df81f6b85cccda5a0d737d44101a413d9edf5ed0bf16537520bd544e25540124ac7fc202bb8db6b141fca9cc25e85b4d064535de0dc5b8868025b71f8950ddc35d6b1bf04d8440c8ea2660fa3476578981bb467e9a54a9ebb2561f1414d34a922168537cde92375d6bb4e35cf4e2655cb0daca2a1b75013a9a5f72768b061492a381d1e339970a322f07ff3d0b9af33af6a191ed778a99b721eb89a294ebf76748230837f75cb9f5f31a0dcc4b9f6dcc99487e5799e1ff5db60f7193308a4b40dcac5e9aa3a288c03d724a5e2da794590446c236234eb0b34cc60fde282400039d7a263fad5b2df94907c54b07cc0d3e6d97a64e7306131f741caec8bfca4e40b033f4633a63d0845db13b0b59b3eb0ad2cde32856ee356d8e910524f71aa75d1b527bd0c69c7126f7d18644c3547acedcac805f9077778362d40004e8fb4d6de7f3dd679e1519f8896174be1fb9313a90bd3c5f2999cb0e1d96cbad7a1d9a708558d4984343d4b05f16acda0edba81d898efea1d7bb10baeaf2141d5b40b2131983132c6c16add15f83d122f305d67067321bc004960d47cb7e41e530a025498fa1d07b3040be112638801625d3e7e90d73b398bfe6d473278c5feba0b895347fc3395aa7c33", @typed={0x8, 0x122, 0x0, 0x0, @fd=r3}, @typed={0x8, 0x10, 0x0, 0x0, @u32=0x7}]}, @typed={0xc, 0x123, 0x0, 0x0, @u64}]}, @generic="d90a58cde601d565cdddcc6aa3fcc8c25583297245b4d7973d0df9b022c59bb26343d8fac6abbe023d9e0640355e0034d2aca4a49132b88c8660af242102d45a28332c4b796cc5268b9a5ec5b61042577e3e5ea90f21384e8c5852110520bfd976705ca7e25e8a5ac6dd7bdadeb451f164c86cdb89561b05f0b9e143b1917e3dd99ee920f46511a803ab9cf9dd2d6aaf8aee259d1476cd960ce44acbc6a970c4fdd6f99aeee46de8efec7151b1e4cc13cd723e9cfa7ba2f69b60189d7aff553101c449174d1e18b6c5b148275100a3f8bd0c4c96296c43028aa284f8f626392a21d31e5e06fe98065e0246d46b7fe927a881c18c044e5c139e", @typed={0x14, 0xbe, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0xa}}, @typed={0x8, 0x63, 0x0, 0x0, @uid}, @typed={0x8, 0x18, 0x0, 0x0, @u32=0x4}, @nested={0x3d, 0xee, 0x0, 0x1, [@typed={0x8, 0x39, 0x0, 0x0, @fd}, @typed={0x8, 0xc0, 0x0, 0x0, @ipv4=@empty}, @nested={0x4, 0x4f}, @generic="f01254c8a325874b7a364f60eb18eb3e374838d32bfdcf", @typed={0x8, 0x9e, 0x0, 0x0, @ipv4=@rand_addr=0x64010102}, @generic="a5fa1bc096f7"]}]}, 0x1114}], 0x1, 0x0, 0x0, 0x10004800}, 0xc000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = dup(r6)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) (async)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000280)={<r9=>0x0, 0x40}, &(0x7f00000002c0)=0x8)
setsockopt$inet_sctp_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f0000000080)=@assoc_id=r9, 0x4) (async)
setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f0000000480)=ANY=[@ANYBLOB="211d00000000000007e6"], 0xf0) (async)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x101000, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
close_range(r10, 0xffffffffffffffff, 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 32)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (rerun: 32)
fcntl$lock(0xffffffffffffffff, 0x5, 0x0)

3.565277136s ago: executing program 4 (id=3509):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000180)=ANY=[@ANYBLOB="a03700002d00060026bd7000fcdbdf2504"], 0x37a0}, 0x1, 0x0, 0x0, 0x4000d}, 0x24000000)

3.332763651s ago: executing program 2 (id=3511):
socket$inet6(0xa, 0x1, 0x8010000000000084)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, 0x0, &(0x7f00000000c0))
ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, &(0x7f0000000100))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000940)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000008c0)=[0x0], &(0x7f00000190c0), 0x0, 0x1, 0x0, 0x0, r4, 0xddff})
syz_emit_ethernet(0x5a, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000008004500004c000000000021907800080000ffffffff050090780a0101024a0000000000000000000004ac1e0001ac141401071300e000000200000000ffffffffac14140c008cb230aa57149e5a"], 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0201, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x2, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32, @ANYBLOB], 0x3c}}, 0x0)

3.078794956s ago: executing program 4 (id=3512):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
sendfile(r0, r0, 0x0, 0x10000000009)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000100)={0xa00, 0x4000a00})
ioctl$BLKGETSIZE64(r0, 0x80081272, &(0x7f0000000000))
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=@ipv6_newroute={0x2c, 0x18, 0x111, 0x1, 0x0, {0xa, 0x0, 0x80, 0x0, 0x0, 0x2, 0xff, 0x8, 0x2000}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x6}, @RTA_EXPIRES={0x8, 0x17, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4805}, 0x4)
sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x30, 0x7, 0x6, 0x301, 0x0, 0x0, {0x3, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x30}}, 0x20040000)

2.800003082s ago: executing program 1 (id=3513):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$VHOST_VDPA_GET_CONFIG(0xffffffffffffffff, 0x8008af73, &(0x7f00000000c0)={0x0, 0x48, ""/72})
syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$sg(&(0x7f0000000140), 0xfffffffffffffff7, 0x28a440)
ppoll(0x0, 0x0, &(0x7f0000000040)={0x0, 0x3938700}, 0x0, 0x0)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r2 = fsopen(&(0x7f0000000000)='sockfs\x00', 0x0)
fcntl$lock(r2, 0x5, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendto$inet(r3, &(0x7f0000000000)="f461c5bbd75c3583", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10)
socket$inet_sctp(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x42, 0x1fb)
close(r6)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']})
syz_open_procfs(0x0, 0x0)

2.085324911s ago: executing program 9 (id=3514):
socket$netlink(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x800020, 0x0, 0xffffffffffffffc0, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = gettid()
ptrace$getregset(0x4204, r2, 0x201, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xb8}}, 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0xb8}}, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
io_setup(0x8, 0x0)
io_submit(0x0, 0x0, 0x0)
mq_timedreceive(0xffffffffffffffff, &(0x7f0000000180)=""/204, 0xcc, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x40000)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000003e040000000000003f000000000000005504000001ed0a002500000017ffffffcc040000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9e104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d8582755a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f1300010000949b3aab06b1e042ff2164d80c8ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1e0600bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d93c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee6330000000000000000000000000000000000004000000000000000038600008fb854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8265e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb66701f4578ba4cb9b706e605a88c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f6a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cf026657a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2cccb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400090300000021911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c796369f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a8f01bc4b73cc31df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21c24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a3c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d68000000000099347593f67da85d1c962bfb320d1553a74ec3bf003ba62b1784dbf0168a7e85f28b77bdebce96bf386a6dd5df162a16f2b7e8a4de0ffc464a87f91f81866d2ef0af71ebb07a739c3cb1b7000000000000"], &(0x7f00000001c0)='GPL\x00'}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1800}, 0x50)

1.907542938s ago: executing program 1 (id=3515):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
fcntl$dupfd(r0, 0x0, r0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
syz_open_dev$vbi(&(0x7f0000000440), 0x0, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$iommufd(0xffffffffffffff9c, &(0x7f00000005c0), 0x40, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6(0xa, 0x200000000003, 0x87)
socket$netlink(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYRES32=r2, @ANYBLOB="138000002b9201002400128009000100626f6e6400000000140002800800", @ANYRES64=r1], 0x44}, 0x1, 0x0, 0x0, 0x40448e0}, 0x4000)

1.230981279s ago: executing program 1 (id=3516):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_qrtr_TIOCINQ(r0, 0x891c, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)={0x9c, 0x42, 0x107, 0xfffffffe, 0x0, {0x3, 0x7c}, [@nested={0x86, 0x142, 0x0, 0x1, [@typed={0xc, 0xf7, 0x0, 0x0, @u64=0x101}, @nested={0x28, 0x58, 0x0, 0x1, [@nested={0x1c, 0xca, 0x0, 0x1, [@nested={0x4, 0xbd}, @typed={0x4, 0x121}, @nested={0x4, 0xac}, @typed={0x8, 0x6b, 0x0, 0x0, @uid=0xee01}, @nested={0x4, 0x58}]}, @typed={0x8, 0x69, 0x0, 0x0, @u32}]}, @generic="a19901423d84bdc264921f90f17bb1ef1a50329959bfa5ba3ddb543de92b998772f1eb990483107fe7102e7a6ab9b01e585b1ee2a6dbe5b82dd96f1ce2f7d72f53abae4d4f4b235a7527adb26759"]}]}, 0x9c}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0xc020662a, &(0x7f0000000080)={0xe6, 0xde8, 0x2, 0x2, 0x4, 0x0, [{0xa8, 0x80, 0x100, '\x00', 0x3504}, {0x80, 0x9, 0x5, '\x00', 0x800}, {0x9, 0x6, 0x4, '\x00', 0x4}, {0x5, 0x100000000, 0x75, '\x00', 0x1100}]})
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f00000001c0)=<r3=>0xffffffffffffffff)
ioctl$vim2m_VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000200)=@overlay={0x6, 0x2, 0x4, 0x4, 0x6c3a, {0x77359400}, {0x4, 0x1, 0x2, 0x6, 0xd, 0x3, "de1687e9"}, 0x1, 0x3, {}, 0xb, 0x0, r3})

788.282991ms ago: executing program 1 (id=3517):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES64=0x0, @ANYRESOCT=0x0, @ANYRES64=0x0], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d00000006000000040000000100000001000000", @ANYRES32=r0], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r1}, &(0x7f0000000840), &(0x7f0000000000)=r0}, 0x20)
close(r0)
r2 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
shmat(r2, &(0x7f0000ff9000/0x1000)=nil, 0x4000)
shmctl$IPC_RMID(r2, 0x0)
r3 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
symlinkat(&(0x7f0000000000)='.\x00', r4, &(0x7f0000000140)='./file0\x00')
readlinkat(r4, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240)=""/65, 0x41)
readlinkat(r4, &(0x7f0000000800)='./file0/../file0\x00', &(0x7f0000000b00)=""/228, 0xe4)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r1, &(0x7f0000000900)}, 0x20)

765.302418ms ago: executing program 2 (id=3518):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x101800)
r1 = syz_open_dev$dri(&(0x7f0000000340), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x80)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r4 = io_uring_setup(0x45a6, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, 0x0, 0x0)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
r6 = add_key$user(&(0x7f0000000440), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000240)="8b", 0x1, 0xfffffffffffffffb)
r7 = add_key$user(&(0x7f0000002300), &(0x7f0000002340)={'syz', 0x3}, &(0x7f0000000100)="370c099069effa43de3e1404db09b4ce1ef77bde4b371532dd16447c1b13403656c86711f6e750026f23029a50d44299c7bf5c78dc5efae2d041016160e8bef7b30c05e298aa9572540dd950307987eef2115e1bcf512bea3410ca5a9e9f827e4b13490dbbd4fc5a45e0738b959acafd2c12863045265bcbc2c9426ac3f614746b436fe86a72dc642dd67d970604a69b4f22cd0076beedc18056ab4bea4c825b69a7a77adcd5488684872b1bb9eb84586549e11b080468668e8fd0e52ce0705a", 0xc0, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r6, r7, r6}, &(0x7f00000005c0)=""/208, 0xd0, &(0x7f0000000580)={&(0x7f0000000340)={'md5\x00'}})
fstatfs(r5, &(0x7f0000000140)=""/166)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}, 0x20)
socket$netlink(0x10, 0x3, 0x8000000004)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x162e02, 0x0)
r9 = dup(r8)
fallocate(r9, 0x10, 0x0, 0x72000)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
readv(r0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/247, 0xf7}], 0x1)

547.284852ms ago: executing program 1 (id=3519):
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x16)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000000)={0x5c, 0x5, 0x46})
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f000001f500)={0x4, 0x3, 0x2, {0x1, @pix={0xa, 0x80, 0x34343459, 0x0, 0x5, 0xb, 0x5, 0xfeedcafe, 0x1, 0x1, 0x2, 0x5}}})

0s ago: executing program 1 (id=3520):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
utimes(&(0x7f0000000240)='./file0\x00', 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0xa, &(0x7f0000000000)=0x2, 0x4)
io_setup(0x2, &(0x7f0000000100))
eventfd(0x2000100)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x11, 0x800, 0xfffff7fc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x78}}, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r5=>0x0})
sendto$packet(r4, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14)
r6 = syz_open_dev$sg(&(0x7f0000000080), 0x6f5e, 0xa0000)
ioctl$SG_IO(r6, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffd, 0x6, 0x10, @buffer={0x20, 0x0, 0x0}, &(0x7f0000000380)="35eeafc163c2", 0x0, 0x100004, 0x0, 0x3, 0x0})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
r8 = fsopen(&(0x7f0000000300)='btrfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r8, 0x2, &(0x7f0000000080)='discard', &(0x7f0000000200)='\t', 0x1)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002dc0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b04000000000000000002000000400004803c0001800a00010072616e67650000002c0002800c000480050001006b0000000c000380050002005d000000080001400000000008000240000000010900010073797a30000000000900020073797a32"], 0x94}}, 0x0)
ioctl$USBDEVFS_CONNECTINFO(0xffffffffffffffff, 0x40085511, &(0x7f00000000c0))
syz_usb_connect(0x0, 0x3d, &(0x7f0000000440)=ANY=[@ANYBLOB="1201000092e59e208c106901b9750102030109022b0001000010000904db00020dfa00030915800000e600fc000705db224370bf09050b02"], 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000007c0)=@newlink={0x4c, 0x10, 0xf11, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x104}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x18, 0x2, 0x0, 0x1, [@IFLA_HSR_PROTOCOL={0x5, 0x7, 0x1}, @IFLA_HSR_SUPERVISION_ADDR={0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3a}}]}}}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x40400)

kernel console output (not intermixed with test programs):

T17678] tmpfs: Unknown parameter '‹˜žôø®¹çr%ÞÒ´\wÓ R(4æÀ;¯«a;‘
[  944.321155][T17678] ž	MU¶ÁgÊ6••
&x@2<�›5Ê�„ëæ2TþóñÌ­Z5üÀwìšVý•þU„�Í]©´±¡TÎ
ž®m¼ÎùšÜçPåZ¼ª<
M;€ëžxY9]gÅž‚‹ônñÛÆìæ;O‡�‘Ûó훌u
[  944.321155][T17678] ~^à>Ƥùηr&­öœãàDòq�.;ÙÂ쀯<2³A‡¦úU,00000000000000000000003'
[  944.443558][ T5830] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  944.603399][   T90] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  944.647948][ T5830] usb 9-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  944.691139][ T5830] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  944.700571][ T5830] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  944.727823][ T5830] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  944.783429][   T90] usb 7-1: Using ep0 maxpacket: 16
[  944.791908][   T90] usb 7-1: config 4 has an invalid interface number: 51 but max is 0
[  944.809601][   T90] usb 7-1: config 4 has no interface number 0
[  944.816105][ T5830] snd-usb-audio 9-1:27.0: probe with driver snd-usb-audio failed with error -2
[  944.826121][   T90] usb 7-1: config 4 interface 51 altsetting 2 bulk endpoint 0x1 has invalid maxpacket 16
[  944.838355][   T90] usb 7-1: config 4 interface 51 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  944.848424][   T90] usb 7-1: config 4 interface 51 has no altsetting 0
[  944.857946][   T90] usb 7-1: New USB device found, idVendor=954f, idProduct=4199, bcdDevice= f.76
[  944.869658][   T90] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  944.877808][   T90] usb 7-1: Product: syz
[  944.882053][   T90] usb 7-1: Manufacturer: syz
[  944.892313][   T90] usb 7-1: SerialNumber: syz
[  944.915239][T17678] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  944.922705][T17678] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  945.139676][T17678] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  945.150206][T17680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  945.161490][T17680] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  945.176632][T17678] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  945.231668][   T90] cdc_eem 7-1:4.51 usb0: register 'cdc_eem' at usb-dummy_hcd.6-1, CDC EEM Device, be:99:66:cd:00:b5
[  945.478656][  T985] usb 7-1: USB disconnect, device number 6
[  945.504097][  T985] cdc_eem 7-1:4.51 usb0: unregister 'cdc_eem' usb-dummy_hcd.6-1, CDC EEM Device
[  946.149425][ T5198] ldm_validate_partition_table(): Disk read failed.
[  946.188090][ T5198] Dev loop6: unable to read RDB block 0
[  946.200067][ T5198]  loop6: unable to read partition table
[  946.279085][ T5198] ldm_validate_partition_table(): Disk read failed.
[  946.291661][ T5198] Dev loop6: unable to read RDB block 0
[  946.320674][ T5198]  loop6: unable to read partition table
[  946.342531][ T5198] ldm_validate_partition_table(): Disk read failed.
[  946.363748][ T5198] Dev loop6: unable to read RDB block 0
[  946.379397][ T5198]  loop6: unable to read partition table
[  947.433742][ T5830] usb 9-1: USB disconnect, device number 7
[  947.941025][ T5198] buffer_io_error: 182 callbacks suppressed
[  947.941045][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  947.965133][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  947.973088][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  947.984659][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  947.993784][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  948.001739][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  948.042819][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  948.051368][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  948.062347][ T5198] ldm_validate_partition_table(): Disk read failed.
[  948.084783][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  948.096099][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  948.120753][ T5198] Dev loop6: unable to read RDB block 0
[  948.129607][ T5198]  loop6: unable to read partition table
[  948.154186][ T5198] ldm_validate_partition_table(): Disk read failed.
[  948.161948][ T5198] Dev loop6: unable to read RDB block 0
[  948.170560][ T5198]  loop6: unable to read partition table
[  951.059874][T16880] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  951.080113][T16880] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  951.089659][T16880] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  951.110904][T16880] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  951.120665][T16880] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  951.517746][ T5198] ldm_validate_partition_table(): Disk read failed.
[  951.556156][ T5198] Dev loop6: unable to read RDB block 0
[  951.580476][ T5198]  loop6: unable to read partition table
[  951.646137][T17714] chnl_net:caif_netlink_parms(): no params data found
[  951.734869][ T5198] ldm_validate_partition_table(): Disk read failed.
[  951.747921][ T5198] Dev loop6: unable to read RDB block 0
[  951.784408][ T5198]  loop6: unable to read partition table
[  951.882666][ T5198] ldm_validate_partition_table(): Disk read failed.
[  951.898287][T12214] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  951.906971][ T5198] Dev loop6: unable to read RDB block 0
[  951.914168][T12214] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  951.920384][ T5198]  loop6: unable to read partition table
[  951.929696][T12214] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  951.940475][T17714] bridge0: port 1(bridge_slave_0) entered blocking state
[  951.951902][T12214] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  951.959969][T12214] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  951.969375][T17714] bridge0: port 1(bridge_slave_0) entered disabled state
[  952.027773][T17714] bridge_slave_0: entered allmulticast mode
[  952.049940][T17714] bridge_slave_0: entered promiscuous mode
[  952.082460][T17714] bridge0: port 2(bridge_slave_1) entered blocking state
[  952.101295][T17714] bridge0: port 2(bridge_slave_1) entered disabled state
[  952.119573][T17714] bridge_slave_1: entered allmulticast mode
[  952.129057][T17714] bridge_slave_1: entered promiscuous mode
[  952.282006][T17714] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  952.308510][T17714] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  952.334875][ T5198] ldm_validate_partition_table(): Disk read failed.
[  952.341918][ T5198] Dev loop6: unable to read RDB block 0
[  952.355864][ T5198]  loop6: unable to read partition table
[  952.520964][ T5198] ldm_validate_partition_table(): Disk read failed.
[  952.538085][ T5198] Dev loop6: unable to read RDB block 0
[  952.556794][ T5198]  loop6: unable to read partition table
[  952.570418][T17714] team0: Port device team_slave_0 added
[  952.589005][T17739] syz.6.3242 (17739): attempted to duplicate a private mapping with mremap.  This is not supported.
[  952.601738][T17714] team0: Port device team_slave_1 added
[  952.771335][ T5198] ldm_validate_partition_table(): Disk read failed.
[  952.810212][ T5198] Dev loop6: unable to read RDB block 0
[  952.817551][ T5198]  loop6: unable to read partition table
[  952.886885][T17714] batman_adv: batadv0: Adding interface: batadv_slave_0
[  952.923350][T17714] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  952.988399][T17714] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  953.017076][ T5198] buffer_io_error: 118 callbacks suppressed
[  953.017095][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  953.088396][T17714] batman_adv: batadv0: Adding interface: batadv_slave_1
[  953.103239][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  953.111263][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  953.135157][T17714] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  953.162711][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  953.179237][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  953.189226][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  953.199880][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  953.217728][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  953.233762][T16880] Bluetooth: hci8: command tx timeout
[  953.254797][T17714] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  953.292418][ T5198] ldm_validate_partition_table(): Disk read failed.
[  953.332971][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  953.373555][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  953.397665][ T5198] Dev loop6: unable to read RDB block 0
[  953.413828][ T5198]  loop6: unable to read partition table
[  953.558657][ T5198] ldm_validate_partition_table(): Disk read failed.
[  953.590817][ T5198] Dev loop6: unable to read RDB block 0
[  953.600671][T12214] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  953.611915][T12214] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  953.622055][T12214] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  953.633621][T12214] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  953.650863][T12214] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  953.656331][T17714] hsr_slave_0: entered promiscuous mode
[  953.663196][ T5198]  loop6: unable to read partition table
[  953.734604][T17714] hsr_slave_1: entered promiscuous mode
[  953.741406][T17714] debugfs: 'hsr0' already exists in 'hsr'
[  953.755702][T17714] Cannot create hsr debugfs directory
[  953.838636][ T5198] ldm_validate_partition_table(): Disk read failed.
[  953.856682][ T5198] Dev loop6: unable to read RDB block 0
[  953.866896][ T5198]  loop6: unable to read partition table
[  954.024089][T16880] Bluetooth: hci9: command tx timeout
[  954.056512][ T5198] ldm_validate_partition_table(): Disk read failed.
[  954.076442][T17729] chnl_net:caif_netlink_parms(): no params data found
[  954.094410][ T5198] Dev loop6: unable to read RDB block 0
[  954.134698][ T5198]  loop6: unable to read partition table
[  954.220349][ T5198] ldm_validate_partition_table(): Disk read failed.
[  954.229787][ T5198] Dev loop6: unable to read RDB block 0
[  954.239412][ T5198]  loop6: unable to read partition table
[  954.415562][T17770] fuse: Bad value for 'fd'
[  955.290877][T17729] bridge0: port 1(bridge_slave_0) entered blocking state
[  955.298768][T17729] bridge0: port 1(bridge_slave_0) entered disabled state
[  955.339523][T16880] Bluetooth: hci8: command tx timeout
[  955.358270][T17729] bridge_slave_0: entered allmulticast mode
[  955.404841][T17729] bridge_slave_0: entered promiscuous mode
[  955.494139][T17729] bridge0: port 2(bridge_slave_1) entered blocking state
[  955.503489][T17729] bridge0: port 2(bridge_slave_1) entered disabled state
[  955.614651][T17729] bridge_slave_1: entered allmulticast mode
[  955.646239][T17729] bridge_slave_1: entered promiscuous mode
[  955.703843][T16880] Bluetooth: hci10: command tx timeout
[  956.116324][T16880] Bluetooth: hci9: command tx timeout
[  956.546732][T17729] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  956.560869][T17729] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  956.587646][T17758] chnl_net:caif_netlink_parms(): no params data found
[  957.091839][T17729] team0: Port device team_slave_0 added
[  957.114311][T17714] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  957.240633][T17729] team0: Port device team_slave_1 added
[  957.312311][ T5198] ldm_validate_partition_table(): Disk read failed.
[  957.333406][T17714] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  957.356396][ T5198] Dev loop6: unable to read RDB block 0
[  957.366422][ T5198]  loop6: unable to read partition table
[  957.383632][T16880] Bluetooth: hci8: command tx timeout
[  957.429587][T17729] batman_adv: batadv0: Adding interface: batadv_slave_0
[  957.483321][T17729] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  957.576775][T17729] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  957.592597][ T5198] ldm_validate_partition_table(): Disk read failed.
[  957.599547][T17714] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  957.619457][ T5198] Dev loop6: unable to read RDB block 0
[  957.636604][ T5198]  loop6: unable to read partition table
[  957.652679][T17714] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  957.687390][T17729] batman_adv: batadv0: Adding interface: batadv_slave_1
[  957.707767][T17796] input: syz1 as /devices/virtual/input/input55
[  957.713502][T17729] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  957.771619][T17729] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  957.806155][T16880] Bluetooth: hci10: command tx timeout
[  957.987406][ T5198] ldm_validate_partition_table(): Disk read failed.
[  958.002601][T17758] bridge0: port 1(bridge_slave_0) entered blocking state
[  958.007606][T17808] Invalid logical block size (134217728)
[  958.016847][ T5198] Dev loop6: unable to read RDB block 0
[  958.022880][ T5198]  loop6: unable to read partition table
[  958.032605][T17758] bridge0: port 1(bridge_slave_0) entered disabled state
[  958.042345][T17758] bridge_slave_0: entered allmulticast mode
[  958.055397][T17758] bridge_slave_0: entered promiscuous mode
[  958.129660][ T5198] buffer_io_error: 118 callbacks suppressed
[  958.129680][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  958.146875][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  958.155327][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  958.163607][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  958.173447][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  958.184314][T16880] Bluetooth: hci9: command tx timeout
[  958.189524][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  958.196978][T17758] bridge0: port 2(bridge_slave_1) entered blocking state
[  958.206926][T17758] bridge0: port 2(bridge_slave_1) entered disabled state
[  958.210672][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  958.216633][T17758] bridge_slave_1: entered allmulticast mode
[  958.233050][T17758] bridge_slave_1: entered promiscuous mode
[  958.257849][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  958.266319][ T5198] ldm_validate_partition_table(): Disk read failed.
[  958.274627][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  958.282552][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  958.291091][ T5198] Dev loop6: unable to read RDB block 0
[  958.298476][ T5198]  loop6: unable to read partition table
[  958.322517][ T5198] ldm_validate_partition_table(): Disk read failed.
[  958.373703][ T5198] Dev loop6: unable to read RDB block 0
[  958.381113][ T5198]  loop6: unable to read partition table
[  958.472380][T17729] hsr_slave_0: entered promiscuous mode
[  958.504512][T17729] hsr_slave_1: entered promiscuous mode
[  958.545603][T17729] debugfs: 'hsr0' already exists in 'hsr'
[  958.552777][T17729] Cannot create hsr debugfs directory
[  958.878032][T17758] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  958.890567][T17758] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  959.068931][T17758] team0: Port device team_slave_0 added
[  959.093067][T17758] team0: Port device team_slave_1 added
[  959.463495][T16880] Bluetooth: hci8: command tx timeout
[  959.780905][T17758] batman_adv: batadv0: Adding interface: batadv_slave_0
[  959.814931][T17758] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  959.840854][    C1] vkms_vblank_simulate: vblank timer overrun
[  959.854585][ T5198] ldm_validate_partition_table(): Disk read failed.
[  959.858532][T17758] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  959.864014][ T5198] Dev loop6: unable to read RDB block 0
[  959.876982][T17758] batman_adv: batadv0: Adding interface: batadv_slave_1
[  959.884407][T16880] Bluetooth: hci10: command tx timeout
[  959.884837][T17758] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  959.916243][ T5198]  loop6: unable to read partition table
[  959.941394][T17822] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3262'.
[  960.048741][T17758] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  960.071949][T17824] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3089888063 (3089888063 ns) > initial count (2126324423 ns). Using initial count to start timer.
[  960.263499][T16880] Bluetooth: hci9: command tx timeout
[  960.484726][T17758] hsr_slave_0: entered promiscuous mode
[  960.498330][T17758] hsr_slave_1: entered promiscuous mode
[  960.520219][T17758] debugfs: 'hsr0' already exists in 'hsr'
[  960.540497][T17758] Cannot create hsr debugfs directory
[  960.997869][ T5198] ldm_validate_partition_table(): Disk read failed.
[  961.020040][ T5198] Dev loop6: unable to read RDB block 0
[  961.041008][ T5198]  loop6: unable to read partition table
[  961.519272][ T5198] ldm_validate_partition_table(): Disk read failed.
[  961.526386][ T5198] Dev loop6: unable to read RDB block 0
[  961.546897][ T5198]  loop6: unable to read partition table
[  961.799957][T17758] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  961.833727][ T5198] ldm_validate_partition_table(): Disk read failed.
[  961.846358][ T5198] Dev loop6: unable to read RDB block 0
[  961.852402][ T5198]  loop6: unable to read partition table
[  961.922823][T17714] 8021q: adding VLAN 0 to HW filter on device bond0
[  961.946079][T16880] Bluetooth: hci10: command tx timeout
[  962.006746][T17758] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  962.079201][T17714] 8021q: adding VLAN 0 to HW filter on device team0
[  962.101744][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  962.108939][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  962.120285][T17844] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3269'.
[  962.134500][ T5902] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  962.200024][T17758] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  962.265602][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  962.272765][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  962.306286][ T5902] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  962.309614][T17844] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  962.319113][ T5902] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  962.332021][T17844] team0: Device ipvlan2 is already an upper device of the team interface
[  962.352503][ T5902] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  962.373979][ T5902] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  962.393326][ T5902] usb 7-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  962.410345][ T5902] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  962.421413][ T5902] usb 7-1: config 0 descriptor??
[  962.572362][T17758] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  962.648088][ T5902] hdpvr 7-1:0.0: firmware version 0x1e dated þÀq|RC¾@µ2£¹ö2[Ì7ÔB½�ËDŠ^jvi0ì
[  962.648088][ T5902] †Ã“‘êpY
[  962.821049][T17714] 8021q: adding VLAN 0 to HW filter on device batadv0
[  962.876817][T17714] veth0_vlan: entered promiscuous mode
[  962.938301][T17714] veth1_vlan: entered promiscuous mode
[  963.080341][T17714] veth0_macvtap: entered promiscuous mode
[  963.169886][T17714] veth1_macvtap: entered promiscuous mode
[  963.185676][T17729] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  963.250787][T17729] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  963.258734][  T985] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  963.280946][T17729] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  963.368185][T17729] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  963.393434][  T985] usb 9-1: device descriptor read/64, error -71
[  963.404087][T17714] batman_adv: batadv0: Interface activated: batadv_slave_0
[  963.450256][T17714] batman_adv: batadv0: Interface activated: batadv_slave_1
[  963.533240][T17758] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  963.548498][T17758] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  963.570794][ T1153] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  963.586727][ T1153] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  963.606873][T17758] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  963.641705][ T1153] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  963.654902][  T985] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  963.676496][T17758] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  963.731979][ T1153] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  963.807488][  T985] usb 9-1: device descriptor read/64, error -71
[  963.924060][  T985] usb usb9-port1: attempt power cycle
[  964.065336][   T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  964.083567][   T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  964.242800][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  964.279417][T17729] 8021q: adding VLAN 0 to HW filter on device bond0
[  964.288504][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  964.305693][  T985] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  964.344517][  T985] usb 9-1: device descriptor read/8, error -71
[  964.421258][T17729] 8021q: adding VLAN 0 to HW filter on device team0
[  964.472510][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state
[  964.479699][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state
[  964.557152][T17758] 8021q: adding VLAN 0 to HW filter on device bond0
[  964.581364][ T8918] bridge0: port 2(bridge_slave_1) entered blocking state
[  964.588606][ T8918] bridge0: port 2(bridge_slave_1) entered forwarding state
[  964.613407][  T985] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  964.706490][  T985] usb 9-1: device descriptor read/8, error -71
[  964.750720][T17758] 8021q: adding VLAN 0 to HW filter on device team0
[  964.806999][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state
[  964.814223][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state
[  964.831959][  T985] usb usb9-port1: unable to enumerate USB device
[  964.880515][ T1153] bridge0: port 2(bridge_slave_1) entered blocking state
[  964.887726][ T1153] bridge0: port 2(bridge_slave_1) entered forwarding state
[  964.925938][T17729] 8021q: adding VLAN 0 to HW filter on device batadv0
[  964.969783][ T5902] hdpvr 7-1:0.0: device init failed
[  964.990385][ T5902] hdpvr 7-1:0.0: probe with driver hdpvr failed with error -12
[  965.003171][ T5198] buffer_io_error: 86 callbacks suppressed
[  965.003190][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  965.032564][ T5902] usb 7-1: USB disconnect, device number 7
[  965.088679][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  965.102832][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  965.111540][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  965.121524][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  965.131798][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  965.140380][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  965.150764][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  965.175783][ T5198] ldm_validate_partition_table(): Disk read failed.
[  965.184737][T17729] veth0_vlan: entered promiscuous mode
[  965.186162][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  965.201317][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  965.213575][ T5198] Dev loop6: unable to read RDB block 0
[  965.219578][ T5198]  loop6: unable to read partition table
[  965.231134][T17729] veth1_vlan: entered promiscuous mode
[  965.388828][T17758] 8021q: adding VLAN 0 to HW filter on device batadv0
[  965.426302][T17729] veth0_macvtap: entered promiscuous mode
[  965.495037][ T5902] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  965.615451][T17729] veth1_macvtap: entered promiscuous mode
[  965.693551][ T5902] usb 7-1: Using ep0 maxpacket: 32
[  965.700491][ T5902] usb 7-1: config 0 has an invalid interface number: 167 but max is 0
[  965.736672][ T5902] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  965.750194][T17729] batman_adv: batadv0: Interface activated: batadv_slave_0
[  965.774676][ T5902] usb 7-1: config 0 has no interface number 0
[  965.782962][T17729] batman_adv: batadv0: Interface activated: batadv_slave_1
[  965.792699][ T5902] usb 7-1: config 0 interface 167 altsetting 1 bulk endpoint 0xA has invalid maxpacket 1024
[  965.808324][ T5902] usb 7-1: config 0 interface 167 altsetting 1 bulk endpoint 0x6 has invalid maxpacket 32
[  965.846932][ T5902] usb 7-1: config 0 interface 167 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  965.867321][ T5902] usb 7-1: config 0 interface 167 has no altsetting 0
[  965.879970][ T5902] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice=20.63
[  965.889723][ T5902] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  965.897520][T17758] veth0_vlan: entered promiscuous mode
[  965.904554][ T5902] usb 7-1: Product: syz
[  965.910029][ T5902] usb 7-1: Manufacturer: syz
[  965.920247][T17871] xt_CT: No such helper "pptp"
[  965.925231][ T5902] usb 7-1: SerialNumber: syz
[  965.935676][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  965.936616][ T5902] usb 7-1: config 0 descriptor??
[  965.955446][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  965.955923][T17867] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  965.972221][T17867] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  965.993468][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  966.002232][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  966.139172][T17758] veth1_vlan: entered promiscuous mode
[  966.220080][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  966.220099][   T30] audit: type=1326 audit(1759958740.304:6792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17866 comm="syz.6.3272" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4813b8eec9 code=0x0
[  966.271567][T17875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  966.323912][T17875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  966.405237][T17875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  966.440050][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  966.510962][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  966.534048][T17875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  966.557227][T17758] veth0_macvtap: entered promiscuous mode
[  966.587993][T17758] veth1_macvtap: entered promiscuous mode
[  966.769709][ T5902] usbtest 7-1:0.167: couldn't get endpoints, -22
[  966.821585][ T8918] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  966.822885][ T5198] ldm_validate_partition_table(): Disk read failed.
[  966.844479][ T5198] Dev loop6: unable to read RDB block 0
[  966.850550][ T5198]  loop6: unable to read partition table
[  966.870021][ T5902] usbtest 7-1:0.167: probe with driver usbtest failed with error -22
[  966.879989][ T8918] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  966.900556][T17758] batman_adv: batadv0: Interface activated: batadv_slave_0
[  966.912295][ T5902] usb 7-1: USB disconnect, device number 8
[  966.957337][T17758] batman_adv: batadv0: Interface activated: batadv_slave_1
[  967.069277][ T8918] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  967.096732][ T8918] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  967.247567][ T1153] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  967.297870][ T1153] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  967.447532][T17891] netlink: 136 bytes leftover after parsing attributes in process `syz.2.3236'.
[  967.468132][T17891] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check.
[  968.063447][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  968.071286][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  968.301575][ T1153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  968.317861][ T1153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  968.929725][ T5198] ldm_validate_partition_table(): Disk read failed.
[  968.940545][ T5198] Dev loop6: unable to read RDB block 0
[  968.960773][ T5198]  loop6: unable to read partition table
[  969.220153][T17912] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3279'.
[  969.643627][   T24] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  969.833797][   T24] usb 7-1: device descriptor read/64, error -71
[  970.263744][   T24] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  970.523576][   T24] usb 7-1: device descriptor read/64, error -71
[  970.667557][   T24] usb usb7-port1: attempt power cycle
[  971.014020][   T24] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  971.064299][T17923] netlink: 'syz.8.3282': attribute type 1 has an invalid length.
[  971.090175][   T24] usb 7-1: device descriptor read/8, error -71
[  971.262229][T17923] bond2: entered promiscuous mode
[  971.270539][T17923] 8021q: adding VLAN 0 to HW filter on device bond2
[  971.365159][   T24] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  971.406476][   T24] usb 7-1: device descriptor read/8, error -71
[  971.546964][   T24] usb usb7-port1: unable to enumerate USB device
[  971.612836][T17932] 8021q: adding VLAN 0 to HW filter on device bond2
[  971.622348][T17932] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  971.634068][  T985] usb 10-1: new full-speed USB device number 2 using dummy_hcd
[  971.645746][T17932] bond2: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  971.676403][T17932] bond2: (slave ip6gre1): making interface the new active one
[  971.684096][T17932] ip6gre1: entered promiscuous mode
[  971.699656][T17932] bond2: (slave ip6gre1): Enslaving as an active interface with an up link
[  971.806804][  T985] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  971.820889][  T985] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  971.831468][  T985] usb 10-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  971.842223][  T985] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  971.855796][  T985] usb 10-1: config 0 descriptor??
[  972.070416][   T24] usb 10-1: USB disconnect, device number 2
[  972.154349][ T5198] buffer_io_error: 38 callbacks suppressed
[  972.154367][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  972.174129][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  972.183689][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  972.191730][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  972.203699][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  972.217058][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  972.261275][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  972.283192][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  972.295926][ T5198] ldm_validate_partition_table(): Disk read failed.
[  972.305722][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  972.313828][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[  972.344930][ T5198] Dev loop6: unable to read RDB block 0
[  972.351927][ T5198]  loop6: unable to read partition table
[  972.636389][   T24] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  972.807355][   T24] usb 3-1: Using ep0 maxpacket: 16
[  973.740609][T17960] tipc: Started in network mode
[  973.758443][T17960] tipc: Node identity 6607f1fdbd8f, cluster identity 4711
[  973.796841][T17960] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  973.869929][T17961] syzkaller0: entered promiscuous mode
[  973.886417][T17961] syzkaller0: entered allmulticast mode
[  974.230907][T17962] tipc: Resetting bearer <eth:syzkaller0>
[  974.477892][T17959] tipc: Resetting bearer <eth:syzkaller0>
[  974.623599][T17959] tipc: Disabling bearer <eth:syzkaller0>
[  974.827904][T17973] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3293'.
[  975.882915][   T24] usb 3-1: unable to get BOS descriptor or descriptor too short
[  975.914039][   T24] usb 3-1: unable to read config index 0 descriptor/start: -71
[  975.921648][   T24] usb 3-1: can't read configurations, error -71
[  976.072095][T17984] netlink: 'syz.2.3298': attribute type 10 has an invalid length.
[  976.232163][T17984] team0: Port device netdevsim0 added
[  976.634422][  T985] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  976.677189][T17996] input: syz1 as /devices/virtual/input/input56
[  976.796611][  T985] usb 10-1: Using ep0 maxpacket: 32
[  976.808991][  T985] usb 10-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  976.819230][  T985] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  976.828332][  T985] usb 10-1: Product: syz
[  976.832827][  T985] usb 10-1: Manufacturer: syz
[  976.837733][  T985] usb 10-1: SerialNumber: syz
[  976.845477][  T985] usb 10-1: config 0 descriptor??
[  976.855334][  T985] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  978.183884][  T985] gspca_stk1135: reg_w 0x7 err -110
[  978.190171][  T985] gspca_stk1135: serial bus timeout: status=0x00
[  978.243317][  T985] gspca_stk1135: Sensor write failed
[  978.248661][  T985] gspca_stk1135: serial bus timeout: status=0x00
[  978.255674][  T985] gspca_stk1135: Sensor write failed
[  978.260990][  T985] gspca_stk1135: serial bus timeout: status=0x00
[  978.268054][  T985] gspca_stk1135: Sensor read failed
[  978.277788][  T985] gspca_stk1135: serial bus timeout: status=0x00
[  978.284546][  T985] gspca_stk1135: Sensor read failed
[  978.293589][  T985] gspca_stk1135: Detected sensor type unknown (0x0)
[  978.300308][  T985] gspca_stk1135: serial bus timeout: status=0x00
[  978.307081][  T985] gspca_stk1135: Sensor read failed
[  978.312428][  T985] gspca_stk1135: serial bus timeout: status=0x00
[  978.319227][  T985] gspca_stk1135: Sensor read failed
[  978.324713][  T985] gspca_stk1135: serial bus timeout: status=0x00
[  978.333609][  T985] gspca_stk1135: Sensor write failed
[  978.339004][  T985] gspca_stk1135: serial bus timeout: status=0x00
[  978.346653][  T985] gspca_stk1135: Sensor write failed
[  978.352192][  T985] stk1135 10-1:0.0: probe with driver stk1135 failed with error -110
[  979.101679][T18009] fuse: Bad value for 'fd'
[  980.473422][ T5830] usb 3-1: new full-speed USB device number 57 using dummy_hcd
[  980.493024][   T24] usb 10-1: USB disconnect, device number 3
[  980.623490][ T5830] usb 3-1: device descriptor read/64, error -71
[  980.874177][ T5830] usb 3-1: new full-speed USB device number 58 using dummy_hcd
[  981.065472][ T5830] usb 3-1: device descriptor read/64, error -71
[  981.173838][ T5830] usb usb3-port1: attempt power cycle
[  981.286646][  T985] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  981.373456][  T814] usb 1-1: new high-speed USB device number 123 using dummy_hcd
[  981.463590][  T985] usb 10-1: Using ep0 maxpacket: 16
[  981.481795][  T985] usb 10-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  981.509281][  T985] usb 10-1: config 0 interface 0 has no altsetting 0
[  981.515136][ T5830] usb 3-1: new full-speed USB device number 59 using dummy_hcd
[  981.518500][  T985] usb 10-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  981.542054][  T985] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  981.556633][ T5830] usb 3-1: device descriptor read/8, error -71
[  981.562527][  T985] usb 10-1: config 0 descriptor??
[  981.594096][  T814] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  981.621087][  T814] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  981.642029][  T814] usb 1-1: Product: syz
[  981.648037][  T814] usb 1-1: Manufacturer: syz
[  981.652749][  T814] usb 1-1: SerialNumber: syz
[  981.665978][  T814] usb 1-1: config 0 descriptor??
[  981.825744][ T5830] usb 3-1: new full-speed USB device number 60 using dummy_hcd
[  981.854079][ T5830] usb 3-1: device descriptor read/8, error -71
[  981.882219][   T24] usb 1-1: USB disconnect, device number 123
[  981.966957][ T5830] usb usb3-port1: unable to enumerate USB device
[  982.128910][  T985] nzxt-smart2 0003:1E71:2009.002A: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.9-1/input0
[  983.336823][T18037] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3314'.
[  984.060851][ T5902] usb 10-1: USB disconnect, device number 4
[  984.143359][ T5830] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  984.324734][T18053] netlink: 'syz.9.3320': attribute type 27 has an invalid length.
[  984.405969][ T5830] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  984.440284][ T5830] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  984.491888][T18054] TCP: tcp_parse_options: Illegal window scaling value 94 > 14 received
[  984.587397][ T5830] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  984.662806][ T5830] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  984.684776][ T5830] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  984.745433][ T5830] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  984.752970][ T5830] usb 3-1: invalid MIDI out EP 0
[  984.953806][ T5830] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  985.595308][T18053] bridge0: port 2(bridge_slave_1) entered disabled state
[  985.603054][T18053] bridge0: port 1(bridge_slave_0) entered disabled state
[  985.619466][T18059] FAULT_INJECTION: forcing a failure.
[  985.619466][T18059] name failslab, interval 1, probability 0, space 0, times 0
[  985.652773][ T5830] usb 3-1: USB disconnect, device number 61
[  985.751130][T18059] CPU: 1 UID: 0 PID: 18059 Comm: syz.0.3321 Not tainted syzkaller #0 PREEMPT(full) 
[  985.751158][T18059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  985.751172][T18059] Call Trace:
[  985.751181][T18059]  <TASK>
[  985.751190][T18059]  dump_stack_lvl+0x189/0x250
[  985.751216][T18059]  ? __pfx____ratelimit+0x10/0x10
[  985.751239][T18059]  ? __pfx_dump_stack_lvl+0x10/0x10
[  985.751261][T18059]  ? __pfx__printk+0x10/0x10
[  985.751297][T18059]  should_fail_ex+0x414/0x560
[  985.751327][T18059]  should_failslab+0xa8/0x100
[  985.751348][T18059]  __kmalloc_cache_noprof+0x6f/0x6f0
[  985.751375][T18059]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  985.751400][T18059]  ? sctp_add_bind_addr+0x8c/0x370
[  985.751430][T18059]  sctp_add_bind_addr+0x8c/0x370
[  985.751456][T18059]  sctp_copy_local_addr_list+0x30b/0x4e0
[  985.751483][T18059]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  985.751506][T18059]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  985.751531][T18059]  ? sctp_v6_is_any+0x64/0x80
[  985.751555][T18059]  ? sctp_copy_one_addr+0x93/0x360
[  985.751588][T18059]  sctp_bind_addr_copy+0xb3/0x3c0
[  985.751613][T18059]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  985.751637][T18059]  sctp_connect_new_asoc+0x2e0/0x690
[  985.751670][T18059]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  985.751699][T18059]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  985.751727][T18059]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  985.751754][T18059]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  985.751782][T18059]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  985.751803][T18059]  ? security_sctp_bind_connect+0x7e/0x2e0
[  985.751826][T18059]  sctp_sendmsg+0x155c/0x2810
[  985.751865][T18059]  ? __pfx_sctp_sendmsg+0x10/0x10
[  985.751897][T18059]  ? aa_sk_perm+0x81e/0x950
[  985.751921][T18059]  ? __lock_acquire+0xab9/0xd20
[  985.751944][T18059]  ? __pfx_aa_sk_perm+0x10/0x10
[  985.751972][T18059]  ? sock_rps_record_flow+0x19/0x410
[  985.751994][T18059]  ? inet_sendmsg+0x2f4/0x370
[  985.752012][T18059]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  985.752034][T18059]  __sock_sendmsg+0x19c/0x270
[  985.752066][T18059]  ____sys_sendmsg+0x52d/0x830
[  985.752099][T18059]  ? __pfx_____sys_sendmsg+0x10/0x10
[  985.752132][T18059]  ? import_iovec+0x74/0xa0
[  985.752155][T18059]  ___sys_sendmsg+0x21f/0x2a0
[  985.752180][T18059]  ? __pfx____sys_sendmsg+0x10/0x10
[  985.752241][T18059]  ? __fget_files+0x2a/0x420
[  985.752259][T18059]  ? __fget_files+0x3a0/0x420
[  985.752288][T18059]  __sys_sendmmsg+0x227/0x430
[  985.752318][T18059]  ? __pfx___sys_sendmmsg+0x10/0x10
[  985.752351][T18059]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  985.752397][T18059]  ? ksys_write+0x22a/0x250
[  985.752426][T18059]  ? __pfx_ksys_write+0x10/0x10
[  985.752458][T18059]  __x64_sys_sendmmsg+0xa0/0xc0
[  985.752483][T18059]  do_syscall_64+0xfa/0xfa0
[  985.752505][T18059]  ? lockdep_hardirqs_on+0x9c/0x150
[  985.752528][T18059]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  985.752547][T18059]  ? clear_bhb_loop+0x60/0xb0
[  985.752570][T18059]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  985.752595][T18059] RIP: 0033:0x7f27bf38eec9
[  985.752613][T18059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  985.752630][T18059] RSP: 002b:00007f27c026d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  985.752653][T18059] RAX: ffffffffffffffda RBX: 00007f27bf5e6090 RCX: 00007f27bf38eec9
[  985.752669][T18059] RDX: 0000000000000002 RSI: 0000200000002a80 RDI: 0000000000000003
[  985.752683][T18059] RBP: 00007f27c026d090 R08: 0000000000000000 R09: 0000000000000000
[  985.752696][T18059] R10: 000000000400c005 R11: 0000000000000246 R12: 0000000000000002
[  985.752709][T18059] R13: 00007f27bf5e6128 R14: 00007f27bf5e6090 R15: 00007f27bf70fa28
[  985.752745][T18059]  </TASK>
[  986.962949][T18062] netlink: 'syz.0.3322': attribute type 10 has an invalid length.
[  987.172266][T18065] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3322'.
[  987.812806][T18053] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  987.942852][T18053] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  988.088662][T12214] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  988.099700][T12214] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  988.121161][T12214] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  988.131181][T12214] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  988.139411][T12214] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  989.004468][T18062] bond0: (slave wlan1): Opening slave failed
[  989.064442][ T8918] netdevsim netdevsim9 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  989.119193][ T8918] netdevsim netdevsim9 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  989.191057][ T8918] netdevsim netdevsim9 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  989.235766][ T8918] netdevsim netdevsim9 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  989.515675][   T30] audit: type=1326 audit(1759958763.604:6793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18083 comm="syz.0.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27bf38eec9 code=0x7ffc0000
[  989.635341][   T30] audit: type=1326 audit(1759958763.604:6794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18083 comm="syz.0.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27bf38eec9 code=0x7ffc0000
[  989.693396][   T30] audit: type=1326 audit(1759958763.604:6795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18083 comm="syz.0.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27bf38eec9 code=0x7ffc0000
[  989.721844][   T30] audit: type=1326 audit(1759958763.604:6796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18083 comm="syz.0.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27bf38eec9 code=0x7ffc0000
[  989.785399][   T30] audit: type=1326 audit(1759958763.604:6798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18083 comm="syz.0.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f27bf38eec9 code=0x7ffc0000
[  989.812590][   T30] audit: type=1326 audit(1759958763.604:6799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18083 comm="syz.0.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27bf38eec9 code=0x7ffc0000
[  989.847776][T18069] chnl_net:caif_netlink_parms(): no params data found
[  989.883483][   T30] audit: type=1326 audit(1759958763.604:6800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18083 comm="syz.0.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27bf38eec9 code=0x7ffc0000
[  989.921508][   T30] audit: type=1326 audit(1759958763.604:6797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18083 comm="syz.0.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27bf38eec9 code=0x7ffc0000
[  990.042900][   T30] audit: type=1326 audit(1759958763.604:6801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18083 comm="syz.0.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27bf38eec9 code=0x7ffc0000
[  990.183410][T16880] Bluetooth: hci11: command tx timeout
[  990.205235][   T30] audit: type=1326 audit(1759958763.604:6802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18083 comm="syz.0.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f27bf38eec9 code=0x7ffc0000
[  990.319840][T18069] bridge0: port 1(bridge_slave_0) entered blocking state
[  990.327114][T18069] bridge0: port 1(bridge_slave_0) entered disabled state
[  990.344151][T18069] bridge_slave_0: entered allmulticast mode
[  990.352066][T18069] bridge_slave_0: entered promiscuous mode
[  990.377674][T18069] bridge0: port 2(bridge_slave_1) entered blocking state
[  990.385016][T18069] bridge0: port 2(bridge_slave_1) entered disabled state
[  990.392272][T18069] bridge_slave_1: entered allmulticast mode
[  990.409201][T18069] bridge_slave_1: entered promiscuous mode
[  990.632495][T18069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  990.670033][T18069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  990.744982][T12214] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  990.758937][T12214] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  990.766116][   T90] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  990.775535][T12214] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  990.786700][T12214] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  990.797166][T12214] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  990.851802][T18102] delete_channel: no stack
[  990.921444][T18069] team0: Port device team_slave_0 added
[  990.946374][   T90] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  990.962998][T18069] team0: Port device team_slave_1 added
[  990.974284][   T90] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  990.986016][   T90] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  990.999459][   T90] usb 3-1: config 0 descriptor??
[  991.166265][T18106] dlm: plock device version mismatch: kernel (1.2.0), user (1.8192.0)
[  991.201105][T18069] batman_adv: batadv0: Adding interface: batadv_slave_0
[  991.230424][   T90] usbhid 3-1:0.0: can't add hid device: -71
[  991.232429][T18069] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  991.236658][   T90] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  991.682866][   T90] usb 3-1: USB disconnect, device number 62
[  991.688533][T18069] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  991.733646][T18069] batman_adv: batadv0: Adding interface: batadv_slave_1
[  991.768710][T18069] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  991.820433][T18069] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  991.932334][T18069] hsr_slave_0: entered promiscuous mode
[  991.939850][T18069] hsr_slave_1: entered promiscuous mode
[  991.948107][T18069] debugfs: 'hsr0' already exists in 'hsr'
[  991.963797][T18069] Cannot create hsr debugfs directory
[  991.999413][T18108] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3335'.
[  992.013394][   T90] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  992.189171][   T90] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  992.213441][   T90] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  992.233541][   T90] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  992.245789][   T90] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  992.258612][   T90] usb 3-1: config 0 descriptor??
[  992.264298][T16880] Bluetooth: hci11: command tx timeout
[  992.828223][T16880] Bluetooth: hci12: command tx timeout
[  992.838468][   T90] plantronics 0003:047F:FFFF.002B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  992.888934][T18103] chnl_net:caif_netlink_parms(): no params data found
[  993.307847][    C1] plantronics 0003:047F:FFFF.002B: hid_field_extract() called with n (132) > 32! (swapper/1)
[  993.934170][T18125] xt_CT: No such helper "pptp"
[  994.343417][T12214] Bluetooth: hci11: command tx timeout
[  994.470963][T18103] bridge0: port 1(bridge_slave_0) entered blocking state
[  994.482126][T18103] bridge0: port 1(bridge_slave_0) entered disabled state
[  994.489872][T18103] bridge_slave_0: entered allmulticast mode
[  994.507412][T18103] bridge_slave_0: entered promiscuous mode
[  994.535043][T18103] bridge0: port 2(bridge_slave_1) entered blocking state
[  994.543534][T18103] bridge0: port 2(bridge_slave_1) entered disabled state
[  994.551013][T18103] bridge_slave_1: entered allmulticast mode
[  994.569542][T18103] bridge_slave_1: entered promiscuous mode
[  994.908269][T12214] Bluetooth: hci12: command tx timeout
[  995.005007][T18103] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  995.060165][   T10] usb 3-1: USB disconnect, device number 63
[  995.083864][T18130] ipvlan2: entered promiscuous mode
[  995.110522][T18130] bridge0: port 3(ipvlan2) entered blocking state
[  995.135982][T18130] bridge0: port 3(ipvlan2) entered disabled state
[  995.148384][T18130] ipvlan2: entered allmulticast mode
[  995.165392][T18130] bridge0: entered allmulticast mode
[  995.183716][T18130] ipvlan2: left allmulticast mode
[  995.188786][T18130] bridge0: left allmulticast mode
[  995.289673][T18103] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  995.443926][T18103] team0: Port device team_slave_0 added
[  995.476238][T18103] team0: Port device team_slave_1 added
[  995.483361][T18060] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[  995.649627][T18103] batman_adv: batadv0: Adding interface: batadv_slave_0
[  995.657018][T18103] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  995.684118][T18060] usb 1-1: Using ep0 maxpacket: 8
[  995.689880][T18103] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  995.736602][T18060] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  995.753573][T18069] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  995.763487][T18060] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  995.792328][T18060] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  995.793798][T18069] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  995.815873][T18060] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  995.826070][T18060] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  995.840154][T18060] usb 1-1: New USB device found, idVendor=1870, idProduct=0001, bcdDevice=e6.7f
[  995.849737][T18060] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  995.858378][T18060] usb 1-1: Product: syz
[  995.862556][T18060] usb 1-1: Manufacturer: syz
[  995.867636][T18060] usb 1-1: SerialNumber: syz
[  995.880300][T18060] usb 1-1: config 0 descriptor??
[  995.901399][T18103] batman_adv: batadv0: Adding interface: batadv_slave_1
[  995.908879][T18060] usbtouchscreen 1-1:0.0: probe with driver usbtouchscreen failed with error -8
[  995.912372][T18103] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  995.960684][T12214] Bluetooth: hci1: command 0x0406 tx timeout
[  995.972727][T18103] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  995.985766][T18069] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  996.085423][T18069] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  996.145748][T18103] hsr_slave_0: entered promiscuous mode
[  996.178203][T18103] hsr_slave_1: entered promiscuous mode
[  996.187837][T18132] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3339'.
[  996.200853][T18132] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3339'.
[  996.221145][T18103] debugfs: 'hsr0' already exists in 'hsr'
[  996.231546][T18103] Cannot create hsr debugfs directory
[  996.249132][ T5902] usb 1-1: USB disconnect, device number 124
[  996.431969][T16880] Bluetooth: hci11: command tx timeout
[  996.983772][T16880] Bluetooth: hci12: command tx timeout
[  997.161935][T18103] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  997.315469][T18060] usb 1-1: new full-speed USB device number 125 using dummy_hcd
[  997.408507][T18103] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  997.480259][T18060] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  997.498237][T18069] 8021q: adding VLAN 0 to HW filter on device bond0
[  997.516376][T18060] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  997.568075][T18060] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  997.589443][T18060] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  997.613017][T18060] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  997.624947][T18103] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  997.637400][T18060] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  997.645553][T18060] usb 1-1: Product: syz
[  997.649730][T18060] usb 1-1: Manufacturer: syz
[  997.659678][T18060] usb 1-1: SerialNumber: syz
[  997.684025][T18155] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  997.695061][T18060] cdc_mbim 1-1:1.0: skipping garbage
[  997.708495][T18069] 8021q: adding VLAN 0 to HW filter on device team0
[  997.744481][T13920] IPVS: starting estimator thread 0...
[  997.752977][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state
[  997.760231][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state
[  997.817218][T18167] tipc: Started in network mode
[  997.828942][T18167] tipc: Node identity ac1414aa, cluster identity 4711
[  997.860473][T18167] tipc: Enabled bearer <udp:s>, priority 10
[  997.874784][T18168] IPVS: using max 27 ests per chain, 64800 per kthread
[  997.906866][T18155] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  997.928278][T18155] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  997.970617][T18103] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  998.058899][ T1153] bridge0: port 2(bridge_slave_1) entered blocking state
[  998.066141][ T1153] bridge0: port 2(bridge_slave_1) entered forwarding state
[  998.271593][T18069] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  998.474325][T18103] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  998.509585][T18103] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  998.565199][T18103] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  998.640404][T18173] netlink: 'syz.2.3349': attribute type 33 has an invalid length.
[  998.648492][T18173] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3349'.
[  998.728794][T18103] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  998.924240][T18069] 8021q: adding VLAN 0 to HW filter on device batadv0
[  998.974853][ T5909] tipc: Node number set to 2886997162
[  998.992287][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  999.006091][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  999.083784][T16880] Bluetooth: hci12: command tx timeout
[  999.343371][ T5909] usb 10-1: new full-speed USB device number 5 using dummy_hcd
[  999.500061][ T5909] usb 10-1: device descriptor read/64, error -71
[  999.667872][T18069] veth0_vlan: entered promiscuous mode
[  999.802555][T18069] veth1_vlan: entered promiscuous mode
[  999.813440][ T5909] usb 10-1: new full-speed USB device number 6 using dummy_hcd
[ 1000.003429][ T5909] usb 10-1: device descriptor read/64, error -71
[ 1000.041854][T18103] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1000.146433][ T5909] usb usb10-port1: attempt power cycle
[ 1000.206361][T18103] 8021q: adding VLAN 0 to HW filter on device team0
[ 1000.227611][T18069] veth0_macvtap: entered promiscuous mode
[ 1000.301620][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1000.308794][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1000.421284][T18069] veth1_macvtap: entered promiscuous mode
[ 1000.467961][ T8918] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1000.475208][ T8918] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1000.506425][T18069] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1000.514545][ T5909] usb 10-1: new full-speed USB device number 7 using dummy_hcd
[ 1000.544456][ T5909] usb 10-1: device descriptor read/8, error -71
[ 1000.569439][T18069] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1000.619306][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1000.638467][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1000.690650][T14434] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1000.723772][T14434] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1000.801571][ T5909] usb 10-1: new full-speed USB device number 8 using dummy_hcd
[ 1000.875347][ T5909] usb 10-1: device descriptor read/8, error -71
[ 1000.931655][T18060] cdc_mbim 1-1:1.0: bind() failure
[ 1000.954336][T18060] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[ 1000.968669][T18060] cdc_ncm 1-1:1.1: bind() failure
[ 1000.991096][T18060] usb 1-1: USB disconnect, device number 125
[ 1001.003171][ T5909] usb usb10-port1: unable to enumerate USB device
[ 1001.019848][T18103] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1001.116204][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1001.141149][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1001.220097][T14439] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1001.229525][T14439] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1001.270767][T18103] veth0_vlan: entered promiscuous mode
[ 1001.301026][T18103] veth1_vlan: entered promiscuous mode
[ 1001.438680][T18103] veth0_macvtap: entered promiscuous mode
[ 1001.491128][T18103] veth1_macvtap: entered promiscuous mode
[ 1001.541870][T18103] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1001.626524][T18103] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1001.708507][T14439] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1001.746269][T14439] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1001.812389][T14439] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1001.835333][T14439] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1002.263150][   T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1002.290623][T18209] FAULT_INJECTION: forcing a failure.
[ 1002.290623][T18209] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1002.303521][   T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1002.334560][T18209] CPU: 1 UID: 0 PID: 18209 Comm: syz.0.3356 Not tainted syzkaller #0 PREEMPT(full) 
[ 1002.334602][T18209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1002.334619][T18209] Call Trace:
[ 1002.334634][T18209]  <TASK>
[ 1002.334648][T18209]  dump_stack_lvl+0x189/0x250
[ 1002.334692][T18209]  ? __pfx____ratelimit+0x10/0x10
[ 1002.334715][T18209]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1002.334735][T18209]  ? __pfx__printk+0x10/0x10
[ 1002.334766][T18209]  should_fail_ex+0x414/0x560
[ 1002.334794][T18209]  _copy_to_user+0x31/0xb0
[ 1002.334813][T18209]  simple_read_from_buffer+0xe1/0x170
[ 1002.334844][T18209]  proc_fail_nth_read+0x1b3/0x220
[ 1002.334870][T18209]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1002.334896][T18209]  ? rw_verify_area+0x2a6/0x4d0
[ 1002.334920][T18209]  ? __lock_acquire+0xab9/0xd20
[ 1002.334937][T18209]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1002.334961][T18209]  vfs_read+0x1fd/0xa30
[ 1002.334986][T18209]  ? fdget_pos+0x247/0x320
[ 1002.335007][T18209]  ? __pfx___mutex_lock+0x10/0x10
[ 1002.335032][T18209]  ? __pfx_vfs_read+0x10/0x10
[ 1002.335059][T18209]  ? __fget_files+0x2a/0x420
[ 1002.335082][T18209]  ? __fget_files+0x3a0/0x420
[ 1002.335098][T18209]  ? __fget_files+0x2a/0x420
[ 1002.335124][T18209]  ksys_read+0x145/0x250
[ 1002.335148][T18209]  ? __fget_files+0x2a/0x420
[ 1002.335166][T18209]  ? __pfx_ksys_read+0x10/0x10
[ 1002.335195][T18209]  ? do_syscall_64+0xbe/0xfa0
[ 1002.335221][T18209]  do_syscall_64+0xfa/0xfa0
[ 1002.335243][T18209]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1002.335265][T18209]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1002.335294][T18209]  ? clear_bhb_loop+0x60/0xb0
[ 1002.335319][T18209]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1002.335338][T18209] RIP: 0033:0x7f27bf38d8dc
[ 1002.335356][T18209] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1002.335374][T18209] RSP: 002b:00007f27c028e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1002.335395][T18209] RAX: ffffffffffffffda RBX: 00007f27bf5e5fa0 RCX: 00007f27bf38d8dc
[ 1002.335411][T18209] RDX: 000000000000000f RSI: 00007f27c028e0a0 RDI: 0000000000000004
[ 1002.335424][T18209] RBP: 00007f27c028e090 R08: 0000000000000000 R09: 0000000000000000
[ 1002.335437][T18209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1002.335449][T18209] R13: 00007f27bf5e6038 R14: 00007f27bf5e5fa0 R15: 00007f27bf70fa28
[ 1002.335482][T18209]  </TASK>
[ 1002.676461][T14439] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1002.682871][T18198] loop9: detected capacity change from 0 to 7
[ 1002.706724][T18198] Dev loop9: unable to read RDB block 7
[ 1002.722828][T18198]  loop9: AHDI p1 p2
[ 1002.733133][T14439] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1002.763858][T18198] loop9: partition table partially beyond EOD, truncated
[ 1002.816647][T18198] loop9: p1 size 4227858431 extends beyond EOD, truncated
[ 1003.047956][T18216] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1003.123425][T18216] mac80211_hwsim hwsim54 syzkaller0: entered promiscuous mode
[ 1003.225662][T18216] mac80211_hwsim hwsim54 syzkaller0: entered allmulticast mode
[ 1003.348460][T18224] fuse: Bad value for 'fd'
[ 1003.364672][T18224] netlink: 'syz.4.3359': attribute type 1 has an invalid length.
[ 1003.426173][T18216] tipc: Resetting bearer <eth:syzkaller0>
[ 1003.487627][T18227] Invalid logical block size (3328)
[ 1004.046691][T18240] netlink: 'syz.1.3366': attribute type 1 has an invalid length.
[ 1004.115652][T18240] netlink: 260 bytes leftover after parsing attributes in process `syz.1.3366'.
[ 1004.174573][T16077] tipc: Node number set to 3683185149
[ 1004.183822][T18240] FAULT_INJECTION: forcing a failure.
[ 1004.183822][T18240] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1004.232151][T18240] CPU: 0 UID: 0 PID: 18240 Comm: syz.1.3366 Not tainted syzkaller #0 PREEMPT(full) 
[ 1004.232169][T18240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1004.232177][T18240] Call Trace:
[ 1004.232182][T18240]  <TASK>
[ 1004.232188][T18240]  dump_stack_lvl+0x189/0x250
[ 1004.232205][T18240]  ? __pfx____ratelimit+0x10/0x10
[ 1004.232218][T18240]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1004.232229][T18240]  ? __pfx__printk+0x10/0x10
[ 1004.232240][T18240]  ? __might_fault+0xb0/0x130
[ 1004.232260][T18240]  should_fail_ex+0x414/0x560
[ 1004.232276][T18240]  _copy_from_user+0x2d/0xb0
[ 1004.232287][T18240]  ___sys_sendmsg+0x158/0x2a0
[ 1004.232302][T18240]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1004.232337][T18240]  ? __might_fault+0xb0/0x130
[ 1004.232352][T18240]  __sys_sendmmsg+0x227/0x430
[ 1004.232370][T18240]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1004.232388][T18240]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1004.232411][T18240]  ? ksys_write+0x22a/0x250
[ 1004.232428][T18240]  ? __pfx_ksys_write+0x10/0x10
[ 1004.232445][T18240]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1004.232458][T18240]  do_syscall_64+0xfa/0xfa0
[ 1004.232470][T18240]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1004.232482][T18240]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1004.232492][T18240]  ? clear_bhb_loop+0x60/0xb0
[ 1004.232505][T18240]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1004.232515][T18240] RIP: 0033:0x7f3fda98eec9
[ 1004.232526][T18240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1004.232536][T18240] RSP: 002b:00007f3fdb8bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1004.232549][T18240] RAX: ffffffffffffffda RBX: 00007f3fdabe5fa0 RCX: 00007f3fda98eec9
[ 1004.232557][T18240] RDX: 0400000000000235 RSI: 0000200000000000 RDI: 0000000000000003
[ 1004.232564][T18240] RBP: 00007f3fdb8bd090 R08: 0000000000000000 R09: 0000000000000000
[ 1004.232571][T18240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1004.232578][T18240] R13: 00007f3fdabe6038 R14: 00007f3fdabe5fa0 R15: 00007f3fdad0fa28
[ 1004.232594][T18240]  </TASK>
[ 1004.438234][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1004.841817][T16880] Bluetooth: hci11: Malformed LE Event: 0x02
[ 1005.095340][T18257] fuse: Unknown parameter 'fâ
[ 1005.095340][T18257] ‰»RN4@ì¸w!V�˜“põi/•¨WÇu&#'
[ 1006.146125][T18284] FAULT_INJECTION: forcing a failure.
[ 1006.146125][T18284] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1006.225816][T18284] CPU: 1 UID: 0 PID: 18284 Comm: syz.4.3377 Not tainted syzkaller #0 PREEMPT(full) 
[ 1006.225845][T18284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1006.225858][T18284] Call Trace:
[ 1006.225866][T18284]  <TASK>
[ 1006.225884][T18284]  dump_stack_lvl+0x189/0x250
[ 1006.225911][T18284]  ? __pfx____ratelimit+0x10/0x10
[ 1006.225935][T18284]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1006.225957][T18284]  ? __pfx__printk+0x10/0x10
[ 1006.225978][T18284]  ? __might_fault+0xb0/0x130
[ 1006.226017][T18284]  should_fail_ex+0x414/0x560
[ 1006.226046][T18284]  _copy_from_user+0x2d/0xb0
[ 1006.226067][T18284]  ip_tunnel_parm_from_user+0xa2/0x380
[ 1006.226090][T18284]  ? __pfx_ip_tunnel_parm_from_user+0x10/0x10
[ 1006.226115][T18284]  ? rcu_is_watching+0x15/0xb0
[ 1006.226138][T18284]  ? trace_contention_end+0x39/0x120
[ 1006.226174][T18284]  ip_tunnel_siocdevprivate+0x99/0x180
[ 1006.226195][T18284]  ? __lock_acquire+0xab9/0xd20
[ 1006.226213][T18284]  ? __pfx_ip_tunnel_siocdevprivate+0x10/0x10
[ 1006.226244][T18284]  ? netdev_name_node_lookup+0xdf/0x120
[ 1006.226275][T18284]  dev_ifsioc+0xb54/0xf00
[ 1006.226304][T18284]  dev_ioctl+0x84c/0x1150
[ 1006.226327][T18284]  sock_ioctl+0x719/0x790
[ 1006.226357][T18284]  ? __pfx_sock_ioctl+0x10/0x10
[ 1006.226387][T18284]  ? __fget_files+0x3a0/0x420
[ 1006.226405][T18284]  ? __fget_files+0x2a/0x420
[ 1006.226427][T18284]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1006.226448][T18284]  ? __pfx_sock_ioctl+0x10/0x10
[ 1006.226475][T18284]  __se_sys_ioctl+0xf9/0x170
[ 1006.226501][T18284]  do_syscall_64+0xfa/0xfa0
[ 1006.226523][T18284]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1006.226547][T18284]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1006.226567][T18284]  ? clear_bhb_loop+0x60/0xb0
[ 1006.226591][T18284]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1006.226611][T18284] RIP: 0033:0x7f694dd8eec9
[ 1006.226629][T18284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1006.226647][T18284] RSP: 002b:00007f694eb66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1006.226668][T18284] RAX: ffffffffffffffda RBX: 00007f694dfe5fa0 RCX: 00007f694dd8eec9
[ 1006.226684][T18284] RDX: 0000200000000200 RSI: 00000000000089f1 RDI: 0000000000000003
[ 1006.226698][T18284] RBP: 00007f694eb66090 R08: 0000000000000000 R09: 0000000000000000
[ 1006.226710][T18284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1006.226722][T18284] R13: 00007f694dfe6038 R14: 00007f694dfe5fa0 R15: 00007f694e10fa28
[ 1006.226754][T18284]  </TASK>
[ 1007.350762][T18297] netlink: 48 bytes leftover after parsing attributes in process `syz.9.3383'.
[ 1007.361422][T18298] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3381'.
[ 1007.451225][T18303] netlink: 'syz.1.3382': attribute type 10 has an invalid length.
[ 1007.498231][T18302] FAULT_INJECTION: forcing a failure.
[ 1007.498231][T18302] name failslab, interval 1, probability 0, space 0, times 0
[ 1007.514533][T18298] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3381'.
[ 1007.532720][T18298] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3381'.
[ 1007.537686][T18303] bond0: (slave wlan1): Enslaving as an active interface with an up link
[ 1007.550400][T18302] CPU: 1 UID: 0 PID: 18302 Comm: syz.9.3384 Not tainted syzkaller #0 PREEMPT(full) 
[ 1007.550427][T18302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1007.550440][T18302] Call Trace:
[ 1007.550449][T18302]  <TASK>
[ 1007.550458][T18302]  dump_stack_lvl+0x189/0x250
[ 1007.550485][T18302]  ? __pfx____ratelimit+0x10/0x10
[ 1007.550508][T18302]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1007.550529][T18302]  ? __pfx__printk+0x10/0x10
[ 1007.550553][T18302]  ? __pfx___might_resched+0x10/0x10
[ 1007.550574][T18302]  ? fs_reclaim_acquire+0x7d/0x100
[ 1007.550608][T18302]  should_fail_ex+0x414/0x560
[ 1007.550637][T18302]  should_failslab+0xa8/0x100
[ 1007.550658][T18302]  kmem_cache_alloc_noprof+0x74/0x6e0
[ 1007.550684][T18302]  ? stack_depot_save_flags+0x40/0x860
[ 1007.550707][T18302]  ? __kernfs_new_node+0xd7/0x7e0
[ 1007.550735][T18302]  __kernfs_new_node+0xd7/0x7e0
[ 1007.550756][T18302]  ? __lock_acquire+0xab9/0xd20
[ 1007.550781][T18302]  ? __pfx___kernfs_new_node+0x10/0x10
[ 1007.550806][T18302]  ? kernfs_root+0x1c/0x230
[ 1007.550836][T18302]  ? kernfs_root+0x1c/0x230
[ 1007.550859][T18302]  ? kernfs_root+0x1c/0x230
[ 1007.550880][T18302]  ? kernfs_root+0x1c/0x230
[ 1007.550908][T18302]  kernfs_new_node+0x102/0x210
[ 1007.550945][T18302]  __kernfs_create_file+0x4b/0x2e0
[ 1007.550979][T18302]  sysfs_add_file_mode_ns+0x238/0x300
[ 1007.551009][T18302]  sysfs_create_file_ns+0x128/0x1a0
[ 1007.551028][T18302]  ? module_add_driver+0x300/0x310
[ 1007.551052][T18302]  ? __pfx_sysfs_create_file_ns+0x10/0x10
[ 1007.551077][T18302]  ? module_add_driver+0x300/0x310
[ 1007.551101][T18302]  bus_add_driver+0x3b5/0x640
[ 1007.551135][T18302]  driver_register+0x23a/0x320
[ 1007.551160][T18302]  usb_gadget_register_driver_owner+0xf9/0x270
[ 1007.551192][T18302]  raw_ioctl+0x149a/0x3c90
[ 1007.551221][T18302]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1007.551249][T18302]  ? do_vfs_ioctl+0xbe8/0x1430
[ 1007.551273][T18302]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1007.551297][T18302]  ? __pfx_raw_ioctl+0x10/0x10
[ 1007.551316][T18302]  ? css_rstat_updated+0x23a/0x4f0
[ 1007.551347][T18302]  ? __pfx_css_rstat_updated+0x10/0x10
[ 1007.551415][T18302]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1007.551438][T18302]  ? __pfx_raw_ioctl+0x10/0x10
[ 1007.551460][T18302]  __se_sys_ioctl+0xf9/0x170
[ 1007.551487][T18302]  do_syscall_64+0xfa/0xfa0
[ 1007.551509][T18302]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1007.551532][T18302]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1007.551553][T18302]  ? clear_bhb_loop+0x60/0xb0
[ 1007.551577][T18302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1007.551597][T18302] RIP: 0033:0x7ff4e598eacb
[ 1007.551615][T18302] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 1007.551633][T18302] RSP: 002b:00007ff4e68a4f10 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1007.551655][T18302] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007ff4e598eacb
[ 1007.551669][T18302] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 1007.551681][T18302] RBP: 00007ff4e68a5fe0 R08: 0000000000000000 R09: 00392e6364755f79
[ 1007.551696][T18302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1007.551708][T18302] R13: 00007ff4e68a4fb0 R14: 0000200000000280 R15: 00007ff4e5d10320
[ 1007.551742][T18302]  </TASK>
[ 1007.551752][T18302] bus_add_driver: uevent attr (raw-gadget.0) failed
[ 1007.619744][   T30] kauditd_printk_skb: 26 callbacks suppressed
[ 1007.619761][   T30] audit: type=1800 audit(1759958781.704:6829): pid=18305 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3381" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1007.753385][   T24] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[ 1007.935611][T18306] loop8: detected capacity change from 0 to 8
[ 1008.066952][T18306] Dev loop8: unable to read RDB block 8
[ 1008.073372][T18306]  loop8: unable to read partition table
[ 1008.079225][T18306] loop8: partition table beyond EOD, truncated
[ 1008.091611][   T24] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1008.130895][   T24] usb 10-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1008.171382][T18306] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– �) failed (rc=-5)
[ 1008.201590][   T24] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1008.246785][   T24] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1008.295469][   T24] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1008.324067][   T24] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1008.336624][   T24] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1008.344935][   T24] usb 10-1: Product: syz
[ 1008.349193][   T24] usb 10-1: Manufacturer: syz
[ 1008.359398][   T24] cdc_wdm 10-1:1.0: skipping garbage
[ 1008.364966][   T24] cdc_wdm 10-1:1.0: skipping garbage
[ 1008.372623][   T24] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[ 1008.387619][   T24] cdc_wdm 10-1:1.0: Unknown control protocol
[ 1008.487939][T18319] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1008.593380][T16077] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[ 1008.775692][T16077] usb 1-1: Using ep0 maxpacket: 32
[ 1008.790602][T16077] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[ 1008.824596][T16077] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1008.854940][T16077] usb 1-1: Product: syz
[ 1008.884443][T16077] usb 1-1: Manufacturer: syz
[ 1008.907956][T16077] usb 1-1: SerialNumber: syz
[ 1008.966400][T16077] usb 1-1: config 0 descriptor??
[ 1009.095528][   T24] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 1009.109426][ T5909] usb 10-1: USB disconnect, device number 9
[ 1009.288976][T16077] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: version d4.15 found at bus 001 address 126
[ 1009.345292][   T24] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1009.383665][   T24] usb 5-1: config 0 has no interface number 0
[ 1009.408381][   T24] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1009.459171][   T24] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1009.475971][   T24] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[ 1009.486224][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1009.490673][ T5909] usb 1-1: USB disconnect, device number 126
[ 1009.503184][T18328] netlink: zone id is out of range
[ 1009.564766][T18330] FAULT_INJECTION: forcing a failure.
[ 1009.564766][T18330] name failslab, interval 1, probability 0, space 0, times 0
[ 1009.577847][T18330] CPU: 0 UID: 0 PID: 18330 Comm: syz.9.3392 Not tainted syzkaller #0 PREEMPT(full) 
[ 1009.577873][T18330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1009.577886][T18330] Call Trace:
[ 1009.577895][T18330]  <TASK>
[ 1009.577903][T18330]  dump_stack_lvl+0x189/0x250
[ 1009.577929][T18330]  ? __pfx____ratelimit+0x10/0x10
[ 1009.577952][T18330]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1009.577972][T18330]  ? __pfx__printk+0x10/0x10
[ 1009.577997][T18330]  ? __pfx___might_resched+0x10/0x10
[ 1009.578024][T18330]  should_fail_ex+0x414/0x560
[ 1009.578052][T18330]  should_failslab+0xa8/0x100
[ 1009.578073][T18330]  __kmalloc_cache_noprof+0x6f/0x6f0
[ 1009.578101][T18330]  ? alloc_pipe_info+0xe9/0x4d0
[ 1009.578135][T18330]  alloc_pipe_info+0xe9/0x4d0
[ 1009.578165][T18330]  splice_direct_to_actor+0xa5d/0xcc0
[ 1009.578212][T18330]  ? rcu_is_watching+0x15/0xb0
[ 1009.578234][T18330]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1009.578263][T18330]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1009.578289][T18330]  ? preempt_schedule_irq+0xde/0x150
[ 1009.578312][T18330]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1009.578342][T18330]  do_splice_direct+0x181/0x270
[ 1009.578373][T18330]  ? __pfx_do_splice_direct+0x10/0x10
[ 1009.578403][T18330]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1009.578427][T18330]  ? do_sendfile+0x4b5/0x7e0
[ 1009.578453][T18330]  do_sendfile+0x4da/0x7e0
[ 1009.578482][T18330]  ? __pfx_do_sendfile+0x10/0x10
[ 1009.578502][T18330]  ? irqentry_exit+0x74/0x90
[ 1009.578535][T18330]  __se_sys_sendfile64+0x13e/0x190
[ 1009.578558][T18330]  ? __pfx___se_sys_sendfile64+0x10/0x10
[ 1009.578581][T18330]  ? do_syscall_64+0xbe/0xfa0
[ 1009.578608][T18330]  do_syscall_64+0xfa/0xfa0
[ 1009.578629][T18330]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1009.578652][T18330]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.578671][T18330]  ? clear_bhb_loop+0x60/0xb0
[ 1009.578695][T18330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.578714][T18330] RIP: 0033:0x7ff4e598eec9
[ 1009.578738][T18330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1009.578755][T18330] RSP: 002b:00007ff4e6865038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1009.578775][T18330] RAX: ffffffffffffffda RBX: 00007ff4e5be6180 RCX: 00007ff4e598eec9
[ 1009.578791][T18330] RDX: 0000000000000000 RSI: 000000000000000a RDI: 000000000000000a
[ 1009.578803][T18330] RBP: 00007ff4e6865090 R08: 0000000000000000 R09: 0000000000000000
[ 1009.578816][T18330] R10: 0000000000040008 R11: 0000000000000246 R12: 0000000000000001
[ 1009.578829][T18330] R13: 00007ff4e5be6218 R14: 00007ff4e5be6180 R15: 00007ff4e5d0fa28
[ 1009.578861][T18330]  </TASK>
[ 1009.841479][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1009.895672][T18328] netlink: get zone limit has 4 unknown bytes
[ 1010.210833][   T24] usb 5-1: config 0 descriptor??
[ 1010.691258][T18324] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1010.770627][T18324] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1010.806305][   T24] prodikeys 0003:041E:2801.002C: unknown main item tag 0x0
[ 1010.823577][   T24] prodikeys 0003:041E:2801.002C: unknown main item tag 0x0
[ 1010.865971][   T24] prodikeys 0003:041E:2801.002C: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.4-1/input1
[ 1011.052586][   T24] hid_prodikeys: hid-prodikeys: failed to find output report
[ 1011.052586][   T24] 
[ 1011.151107][   T24] usb 5-1: USB disconnect, device number 14
[ 1011.331518][T18345] FAULT_INJECTION: forcing a failure.
[ 1011.331518][T18345] name failslab, interval 1, probability 0, space 0, times 0
[ 1011.404295][T18345] CPU: 1 UID: 0 PID: 18345 Comm: syz.9.3396 Not tainted syzkaller #0 PREEMPT(full) 
[ 1011.404323][T18345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1011.404337][T18345] Call Trace:
[ 1011.404346][T18345]  <TASK>
[ 1011.404355][T18345]  dump_stack_lvl+0x189/0x250
[ 1011.404381][T18345]  ? __pfx____ratelimit+0x10/0x10
[ 1011.404404][T18345]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1011.404432][T18345]  ? __pfx__printk+0x10/0x10
[ 1011.404459][T18345]  ? __pfx___might_resched+0x10/0x10
[ 1011.404479][T18345]  ? fs_reclaim_acquire+0x7d/0x100
[ 1011.404513][T18345]  should_fail_ex+0x414/0x560
[ 1011.404541][T18345]  should_failslab+0xa8/0x100
[ 1011.404562][T18345]  kmem_cache_alloc_node_noprof+0x77/0x710
[ 1011.404589][T18345]  ? __alloc_skb+0x112/0x2d0
[ 1011.404608][T18345]  ? netlink_autobind+0xdb/0x300
[ 1011.404634][T18345]  __alloc_skb+0x112/0x2d0
[ 1011.404657][T18345]  netlink_sendmsg+0x5c6/0xb30
[ 1011.404687][T18345]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1011.404711][T18345]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1011.404738][T18345]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1011.404757][T18345]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1011.404778][T18345]  __sock_sendmsg+0x21c/0x270
[ 1011.404809][T18345]  ____sys_sendmsg+0x505/0x830
[ 1011.404838][T18345]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1011.404868][T18345]  ? import_iovec+0x74/0xa0
[ 1011.404891][T18345]  ___sys_sendmsg+0x21f/0x2a0
[ 1011.404915][T18345]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1011.404973][T18345]  ? __fget_files+0x2a/0x420
[ 1011.404989][T18345]  ? __fget_files+0x3a0/0x420
[ 1011.405015][T18345]  __x64_sys_sendmsg+0x19b/0x260
[ 1011.405040][T18345]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1011.405073][T18345]  ? __pfx_ksys_write+0x10/0x10
[ 1011.405103][T18345]  ? do_syscall_64+0xbe/0xfa0
[ 1011.405130][T18345]  do_syscall_64+0xfa/0xfa0
[ 1011.405152][T18345]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1011.405174][T18345]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1011.405193][T18345]  ? clear_bhb_loop+0x60/0xb0
[ 1011.405217][T18345]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1011.405236][T18345] RIP: 0033:0x7ff4e598eec9
[ 1011.405253][T18345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1011.405270][T18345] RSP: 002b:00007ff4e68a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1011.405291][T18345] RAX: ffffffffffffffda RBX: 00007ff4e5be5fa0 RCX: 00007ff4e598eec9
[ 1011.405306][T18345] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[ 1011.405319][T18345] RBP: 00007ff4e68a7090 R08: 0000000000000000 R09: 0000000000000000
[ 1011.405331][T18345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1011.405344][T18345] R13: 00007ff4e5be6038 R14: 00007ff4e5be5fa0 R15: 00007ff4e5d0fa28
[ 1011.405376][T18345]  </TASK>
[ 1011.863667][T18060] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[ 1012.023622][T18060] usb 2-1: Using ep0 maxpacket: 8
[ 1012.026002][T18060] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1012.026031][T18060] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1012.032678][T18060] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1012.032696][T18060] pvrusb2: **********
[ 1012.032706][T18060] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1012.032720][T18060] pvrusb2: Important functionality might not be entirely working.
[ 1012.032731][T18060] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1012.032745][T18060] pvrusb2: **********
[ 1012.148451][T18357] tipc: Enabling of bearer <udp:s}> rejected, failed to enable media
[ 1012.148677][T18357] netlink: 64 bytes leftover after parsing attributes in process `syz.9.3399'.
[ 1012.236574][ T2346] pvrusb2: Invalid write control endpoint
[ 1012.467930][T18346] pvrusb2: Invalid write control endpoint
[ 1012.500594][ T2346] pvrusb2: Invalid write control endpoint
[ 1012.500636][ T2346] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1012.500649][ T2346] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1012.500655][ T2346] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1012.500666][ T2346] pvrusb2: Device being rendered inoperable
[ 1012.507146][ T2346] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[ 1012.507261][ T2346] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[ 1012.521637][ T2346] pvrusb2: Attached sub-driver cx25840
[ 1012.521683][ T2346] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1012.521691][ T2346] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1012.782781][   T24] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[ 1013.146388][T18365] syz_tun: entered allmulticast mode
[ 1013.153518][   T24] usb 3-1: Using ep0 maxpacket: 8
[ 1013.162378][   T24] usb 3-1: config 0 has an invalid interface number: 113 but max is 0
[ 1013.184237][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1013.201961][   T24] usb 3-1: config 0 has no interface number 0
[ 1013.219519][   T24] usb 3-1: config 0 interface 113 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1013.236577][T18364] syz_tun: left allmulticast mode
[ 1013.253372][   T24] usb 3-1: config 0 interface 113 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 7
[ 1013.382180][   T24] usb 3-1: New USB device found, idVendor=0b48, idProduct=1006, bcdDevice=c0.0a
[ 1013.392622][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1013.411517][   T24] usb 3-1: Product: syz
[ 1013.424772][   T24] usb 3-1: Manufacturer: syz
[ 1013.429414][   T24] usb 3-1: SerialNumber: syz
[ 1013.476042][   T24] usb 3-1: config 0 descriptor??
[ 1013.501338][   T24] ttusb_dec_send_command: command bulk message failed: error -8
[ 1013.513920][   T24] ttusb-dec 3-1:0.113: probe with driver ttusb-dec failed with error -8
[ 1013.529689][   T24] usbhid 3-1:0.113: couldn't find an input interrupt endpoint
[ 1014.357218][   T24] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[ 1014.685721][ T5909] usb 2-1: USB disconnect, device number 31
[ 1015.227080][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1015.239860][   T24] usb 1-1: config 0 has no interfaces?
[ 1015.245589][   T24] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1015.297987][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1015.371284][   T24] usb 1-1: config 0 descriptor??
[ 1015.389092][   T90] usb 3-1: USB disconnect, device number 64
[ 1015.915646][   T90] usb 1-1: USB disconnect, device number 127
[ 1017.043126][T18399] FAULT_INJECTION: forcing a failure.
[ 1017.043126][T18399] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1017.183485][T18399] CPU: 1 UID: 0 PID: 18399 Comm: syz.9.3412 Not tainted syzkaller #0 PREEMPT(full) 
[ 1017.183513][T18399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1017.183526][T18399] Call Trace:
[ 1017.183535][T18399]  <TASK>
[ 1017.183544][T18399]  dump_stack_lvl+0x189/0x250
[ 1017.183570][T18399]  ? __pfx____ratelimit+0x10/0x10
[ 1017.183592][T18399]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1017.183614][T18399]  ? __pfx__printk+0x10/0x10
[ 1017.183635][T18399]  ? __might_fault+0xb0/0x130
[ 1017.183672][T18399]  should_fail_ex+0x414/0x560
[ 1017.183701][T18399]  _copy_from_user+0x2d/0xb0
[ 1017.183720][T18399]  ___sys_recvmsg+0x12e/0x510
[ 1017.183748][T18399]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1017.183798][T18399]  ? __might_fault+0xb0/0x130
[ 1017.183824][T18399]  do_recvmmsg+0x307/0x770
[ 1017.183852][T18399]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1017.183887][T18399]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1017.183927][T18399]  __x64_sys_recvmmsg+0x190/0x240
[ 1017.183954][T18399]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1017.183978][T18399]  ? do_syscall_64+0xbe/0xfa0
[ 1017.183998][T18399]  do_syscall_64+0xfa/0xfa0
[ 1017.184017][T18399]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1017.184033][T18399]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1017.184050][T18399]  ? clear_bhb_loop+0x60/0xb0
[ 1017.184072][T18399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1017.184089][T18399] RIP: 0033:0x7ff4e598eec9
[ 1017.184103][T18399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1017.184120][T18399] RSP: 002b:00007ff4e68a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1017.184138][T18399] RAX: ffffffffffffffda RBX: 00007ff4e5be5fa0 RCX: 00007ff4e598eec9
[ 1017.184153][T18399] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1017.184165][T18399] RBP: 00007ff4e68a7090 R08: 0000000000000000 R09: 0000000000000000
[ 1017.184177][T18399] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002
[ 1017.184188][T18399] R13: 00007ff4e5be6038 R14: 00007ff4e5be5fa0 R15: 00007ff4e5d0fa28
[ 1017.184217][T18399]  </TASK>
[ 1017.415515][T18403] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3412'.
[ 1017.425712][T18401] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1017.551760][T18401] bond0: (slave lo): Error: Device can not be enslaved while up
[ 1018.325536][T18410] netlink: 4268 bytes leftover after parsing attributes in process `syz.9.3413'.
[ 1018.415699][T18060] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[ 1018.893088][T18413] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3415'.
[ 1019.013379][T18060] usb 5-1: Using ep0 maxpacket: 8
[ 1019.028632][T18060] usb 5-1: config 2 has an invalid interface number: 241 but max is 0
[ 1019.076252][T18060] usb 5-1: config 2 has no interface number 0
[ 1019.145380][T18060] usb 5-1: config 2 interface 241 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1019.185785][T18060] usb 5-1: config 2 interface 241 has no altsetting 0
[ 1019.246002][T18060] usb 5-1: New USB device found, idVendor=110a, idProduct=1130, bcdDevice=b3.a3
[ 1019.256164][T18060] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1019.305103][T18060] usb 5-1: Product: syz
[ 1019.315621][T18060] usb 5-1: Manufacturer: syz
[ 1019.337559][T18060] usb 5-1: SerialNumber: syz
[ 1019.350312][T18060] ti_usb_3410_5052 5-1:2.241: TI USB 3410 1 port adapter converter detected
[ 1019.365251][T18060] ti_usb_3410_5052 5-1:2.241: missing endpoints
[ 1019.383690][ T5902] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[ 1019.576915][   T90] usb 5-1: USB disconnect, device number 15
[ 1019.613344][ T5902] usb 2-1: Using ep0 maxpacket: 16
[ 1019.623950][ T5902] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1019.631460][ T5902] usb 2-1: New USB device found, idVendor=0dfc, idProduct=0101, bcdDevice= 0.00
[ 1019.649650][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1019.670532][ T5902] usb 2-1: config 0 descriptor??
[ 1020.137299][ T5902] usbhid 2-1:0.0: can't add hid device: -32
[ 1020.145055][ T5902] usbhid 2-1:0.0: probe with driver usbhid failed with error -32
[ 1020.643541][   T24] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[ 1020.913764][   T24] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1020.925125][   T24] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1020.933976][   T24] usb 3-1: config 1 has an invalid descriptor of length 6, skipping remainder of the config
[ 1020.947533][   T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1020.969042][   T24] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1020.980522][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1020.992646][   T24] usb 3-1: Product: syz
[ 1020.997667][   T24] usb 3-1: Manufacturer: syz
[ 1021.002570][   T24] usb 3-1: SerialNumber: syz
[ 1021.513553][ T5902] usb 1-1: new low-speed USB device number 2 using dummy_hcd
[ 1021.706881][ T5902] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1021.723573][ T5902] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1021.744218][ T5902] usb 1-1: config 0 descriptor??
[ 1022.098704][ T5902] asix 1-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 1022.168651][T18447] netlink: 'syz.4.3425': attribute type 33 has an invalid length.
[ 1022.183743][   T90] usb 2-1: USB disconnect, device number 32
[ 1022.203436][T18447] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3425'.
[ 1022.313379][T18450] netlink: 'syz.1.3426': attribute type 1 has an invalid length.
[ 1023.440862][T18454] snd_dummy snd_dummy.0: control 0:-3:0:syz0:0 is already present
[ 1024.492164][   T24] usb 3-1: 0:2 : does not exist
[ 1024.625547][ T5902] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1024.662172][   T24] usb 3-1: USB disconnect, device number 65
[ 1024.680013][ T5902] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[ 1024.764863][ T5902] asix 1-1:0.0: probe with driver asix failed with error -71
[ 1024.840253][ T5902] usb 1-1: USB disconnect, device number 2
[ 1025.673405][ T5902] usb 2-1: new full-speed USB device number 33 using dummy_hcd
[ 1025.876513][ T5902] usb 2-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=30.62
[ 1025.922062][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1025.931825][ T5902] usb 2-1: Product: syz
[ 1025.940134][ T5902] usb 2-1: Manufacturer: syz
[ 1025.946113][ T5902] usb 2-1: SerialNumber: syz
[ 1025.954023][ T5902] usb 2-1: config 0 descriptor??
[ 1025.970810][ T5902] usb 2-1: selecting invalid altsetting 3
[ 1025.986456][ T5902] comedi comedi5: could not set alternate setting 3 in high speed
[ 1026.000423][ T5902] usbdux 2-1:0.0: driver 'usbdux' failed to auto-configure device.
[ 1026.008565][T16077] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[ 1026.020623][T18491] tipc: Started in network mode
[ 1026.021459][ T5902] usbdux 2-1:0.0: probe with driver usbdux failed with error -22
[ 1026.050659][T18491] tipc: Node identity 86c9d63e39bd, cluster identity 4711
[ 1026.076503][T18492] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[ 1026.089058][T18491] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1026.102757][T18491] syzkaller0: entered promiscuous mode
[ 1026.113368][T18491] syzkaller0: entered allmulticast mode
[ 1026.171779][T18478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1026.183183][T18491] tipc: Resetting bearer <eth:syzkaller0>
[ 1026.193329][T16077] usb 10-1: Using ep0 maxpacket: 32
[ 1026.208913][T16077] usb 10-1: config 0 has an invalid interface number: 146 but max is 0
[ 1026.227617][T18478] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1026.228345][T16077] usb 10-1: config 0 has no interface number 0
[ 1026.246122][T18490] tipc: Resetting bearer <eth:syzkaller0>
[ 1026.257967][T16077] usb 10-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1026.281072][T18488] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1026.294433][T16077] usb 10-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[ 1026.313304][T16077] usb 10-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[ 1026.332827][T18490] tipc: Disabling bearer <eth:syzkaller0>
[ 1026.349207][T16077] usb 10-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[ 1026.403761][T16077] usb 10-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[ 1026.447791][T16077] usb 10-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1026.567632][T16077] usb 10-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1026.593310][T16077] usb 10-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 19968, setting to 1024
[ 1026.620946][T16077] usb 10-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1026.650964][T16077] usb 10-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 1026.671325][T16880] Bluetooth: hci5: command 0x0406 tx timeout
[ 1026.739151][T16077] usb 10-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[ 1026.783397][T16077] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1026.791517][T16077] usb 10-1: Product: syz
[ 1026.843527][T16077] usb 10-1: Manufacturer: syz
[ 1026.916548][T16077] usb 10-1: SerialNumber: syz
[ 1027.041157][T16077] usb 10-1: config 0 descriptor??
[ 1027.067479][T18482] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[ 1027.075158][T18482] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[ 1027.083660][T16077] microtek usb (rev 0.4.3): will this work? Response EP is not usually 3
[ 1027.092109][T16077] microtek usb (rev 0.4.3): will this work? Image data EP is not usually 2
[ 1027.114906][T16077] scsi host1: microtekX6
[ 1028.544104][T16077] usb 10-1: USB disconnect, device number 10
[ 1028.571004][T18060] usb 2-1: USB disconnect, device number 33
[ 1028.603948][T18523] xt_recent: hitcount (4294967295) is larger than allowed maximum (65535)
[ 1028.654536][T18523] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3449'.
[ 1028.884822][T18528] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3450'.
[ 1029.776685][   T30] audit: type=1326 audit(1759958803.854:6830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18555 comm="syz.4.3459" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f694dd8eec9 code=0x0
[ 1029.850417][T18557] IPVS: set_ctl: invalid protocol: 72 0.0.0.0:512
[ 1030.399316][T18569] FAULT_INJECTION: forcing a failure.
[ 1030.399316][T18569] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1030.505114][T18569] CPU: 1 UID: 0 PID: 18569 Comm: syz.9.3463 Not tainted syzkaller #0 PREEMPT(full) 
[ 1030.505144][T18569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1030.505157][T18569] Call Trace:
[ 1030.505165][T18569]  <TASK>
[ 1030.505175][T18569]  dump_stack_lvl+0x189/0x250
[ 1030.505205][T18569]  ? __pfx____ratelimit+0x10/0x10
[ 1030.505232][T18569]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1030.505254][T18569]  ? __pfx__printk+0x10/0x10
[ 1030.505287][T18569]  should_fail_ex+0x414/0x560
[ 1030.505316][T18569]  _copy_to_user+0x31/0xb0
[ 1030.505338][T18569]  simple_read_from_buffer+0xe1/0x170
[ 1030.505372][T18569]  proc_fail_nth_read+0x1b3/0x220
[ 1030.505400][T18569]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1030.505428][T18569]  ? rw_verify_area+0x2a6/0x4d0
[ 1030.505452][T18569]  ? __lock_acquire+0xab9/0xd20
[ 1030.505471][T18569]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1030.505496][T18569]  vfs_read+0x1fd/0xa30
[ 1030.505521][T18569]  ? fdget_pos+0x247/0x320
[ 1030.505544][T18569]  ? __pfx___mutex_lock+0x10/0x10
[ 1030.505569][T18569]  ? __pfx_vfs_read+0x10/0x10
[ 1030.505597][T18569]  ? __fget_files+0x2a/0x420
[ 1030.505619][T18569]  ? __fget_files+0x3a0/0x420
[ 1030.505636][T18569]  ? __fget_files+0x2a/0x420
[ 1030.505663][T18569]  ksys_read+0x145/0x250
[ 1030.505692][T18569]  ? __pfx_ksys_read+0x10/0x10
[ 1030.505723][T18569]  ? do_syscall_64+0xbe/0xfa0
[ 1030.505750][T18569]  do_syscall_64+0xfa/0xfa0
[ 1030.505773][T18569]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1030.505795][T18569]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1030.505816][T18569]  ? clear_bhb_loop+0x60/0xb0
[ 1030.505842][T18569]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1030.505862][T18569] RIP: 0033:0x7ff4e598d8dc
[ 1030.505879][T18569] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1030.505897][T18569] RSP: 002b:00007ff4e68a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1030.505919][T18569] RAX: ffffffffffffffda RBX: 00007ff4e5be5fa0 RCX: 00007ff4e598d8dc
[ 1030.505933][T18569] RDX: 000000000000000f RSI: 00007ff4e68a70a0 RDI: 0000000000000006
[ 1030.505945][T18569] RBP: 00007ff4e68a7090 R08: 0000000000000000 R09: 0000000000000000
[ 1030.505958][T18569] R10: 0000200000000c40 R11: 0000000000000246 R12: 0000000000000001
[ 1030.505972][T18569] R13: 00007ff4e5be6038 R14: 00007ff4e5be5fa0 R15: 00007ff4e5d0fa28
[ 1030.506005][T18569]  </TASK>
[ 1030.745281][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1031.161797][T18575] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3464'.
[ 1031.694606][T18592] FAULT_INJECTION: forcing a failure.
[ 1031.694606][T18592] name failslab, interval 1, probability 0, space 0, times 0
[ 1031.707444][   T30] audit: type=1326 audit(1759958805.774:6831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18591 comm="syz.2.3473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f696bb8eec9 code=0x7ffc0000
[ 1031.744880][T18592] CPU: 1 UID: 0 PID: 18592 Comm: syz.2.3473 Not tainted syzkaller #0 PREEMPT(full) 
[ 1031.744910][T18592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1031.744923][T18592] Call Trace:
[ 1031.744931][T18592]  <TASK>
[ 1031.744941][T18592]  dump_stack_lvl+0x189/0x250
[ 1031.744973][T18592]  ? __pfx____ratelimit+0x10/0x10
[ 1031.744996][T18592]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1031.745017][T18592]  ? __pfx__printk+0x10/0x10
[ 1031.745034][T18592]  ? vsnprintf+0x386/0xf00
[ 1031.745065][T18592]  ? __pfx_snprintf+0x10/0x10
[ 1031.745099][T18592]  should_fail_ex+0x414/0x560
[ 1031.745127][T18592]  should_failslab+0xa8/0x100
[ 1031.745149][T18592]  __kmalloc_noprof+0xcb/0x7f0
[ 1031.745175][T18592]  ? aa_label_asxprint+0x70/0x130
[ 1031.745203][T18592]  aa_label_asxprint+0x70/0x130
[ 1031.745228][T18592]  apparmor_lsmprop_to_secctx+0x9d/0x170
[ 1031.745258][T18592]  audit_log_subj_ctx+0xfa/0x510
[ 1031.745289][T18592]  ? __pfx_audit_log_subj_ctx+0x10/0x10
[ 1031.745323][T18592]  ? apparmor_current_getlsmprop_subj+0xdd/0x190
[ 1031.745351][T18592]  audit_log_task_context+0x8c/0xd0
[ 1031.745378][T18592]  ? __pfx_audit_log_task_context+0x10/0x10
[ 1031.745407][T18592]  ? audit_log_start+0x7f4/0xa20
[ 1031.745439][T18592]  audit_log_task+0x190/0x3c0
[ 1031.745467][T18592]  ? __pfx_audit_log_task+0x10/0x10
[ 1031.745495][T18592]  ? __pfx___cant_migrate+0x10/0x10
[ 1031.745524][T18592]  audit_seccomp+0x86/0x190
[ 1031.745553][T18592]  __seccomp_filter+0xce4/0x1e10
[ 1031.745591][T18592]  ? __pfx___seccomp_filter+0x10/0x10
[ 1031.745616][T18592]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1031.745638][T18592]  ? signal_setup_done+0x230/0x310
[ 1031.745665][T18592]  ? arch_do_signal_or_restart+0x485/0x790
[ 1031.745696][T18592]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1031.745740][T18592]  ? __secure_computing+0xe2/0x2a0
[ 1031.745765][T18592]  syscall_trace_enter+0xaa/0x160
[ 1031.745786][T18592]  ? asm_int80_emulation+0x1a/0x20
[ 1031.745806][T18592]  do_int80_emulation+0x101/0x390
[ 1031.745831][T18592]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1031.745850][T18592]  ? clear_bhb_loop+0x60/0xb0
[ 1031.745869][T18592]  ? clear_bhb_loop+0x60/0xb0
[ 1031.745893][T18592]  asm_int80_emulation+0x1a/0x20
[ 1031.745912][T18592] RIP: 0033:0x200000000006
[ 1031.745935][T18592] Code: Unable to access opcode bytes at 0x1fffffffffdc.
[ 1031.745946][T18592] RSP: 002b:00007f696ca91a78 EFLAGS: 00000206 ORIG_RAX: 000000000000000f
[ 1031.745973][T18592] RAX: ffffffffffffffda RBX: 00007f696bde5fa0 RCX: 00007f696bb8eec9
[ 1031.745989][T18592] RDX: 00007f696ca91a80 RSI: 00007f696ca91bb0 RDI: 000000000000000d
[ 1031.746002][T18592] RBP: 00007f696ca92090 R08: 0000000000000000 R09: 0000000000000000
[ 1031.746015][T18592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1031.746027][T18592] R13: 00007f696bde6038 R14: 00007f696bde5fa0 R15: 00007f696bf0fa28
[ 1031.746060][T18592]  </TASK>
[ 1031.746071][T18592] audit: error in audit_log_subj_ctx
[ 1031.769803][   T30] audit: type=1326 audit(1759958805.784:6832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18591 comm="syz.2.3473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f696bb8d710 code=0x7ffc0000
[ 1031.792852][T16880] Bluetooth: hci6: command 0x0406 tx timeout
[ 1031.796431][   T30] audit: type=1326 audit(1759958805.784:6833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18591 comm="syz.2.3473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f696bb8d97f code=0x7ffc0000
[ 1032.180257][   T30] audit: type=1326 audit(1759958805.784:6834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18591 comm="syz.2.3473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f696bb8eec9 code=0x7ffc0000
[ 1032.206248][   T30] audit: type=1326 audit(1759958805.784:6835): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=18591 comm="syz.2.3473" exe="/root/syz-executor" sig=0 arch=40000003 syscall=15 compat=1 ip=0x200000000006 code=0x7ffc0000
[ 1032.227632][   T30] audit: type=1326 audit(1759958806.174:6836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18591 comm="syz.2.3473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f696bb8d8dc code=0x7ffc0000
[ 1032.259399][   T30] audit: type=1326 audit(1759958806.174:6837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18591 comm="syz.2.3473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f696bb8d97f code=0x7ffc0000
[ 1032.345378][   T30] audit: type=1326 audit(1759958806.174:6838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18591 comm="syz.2.3473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f696bb8db2a code=0x7ffc0000
[ 1032.469387][T18602] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1032.549524][T18603] syzkaller0: entered promiscuous mode
[ 1032.596961][T18603] syzkaller0: entered allmulticast mode
[ 1032.741553][T18603] tipc: Resetting bearer <eth:syzkaller0>
[ 1032.764942][T18601] tipc: Resetting bearer <eth:syzkaller0>
[ 1032.870888][T18601] tipc: Disabling bearer <eth:syzkaller0>
[ 1034.313623][T16077] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[ 1034.455205][T18618] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3477'.
[ 1034.573382][T16077] usb 3-1: Using ep0 maxpacket: 16
[ 1034.703637][T16077] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1034.759948][T16077] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1034.949583][T16077] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1035.078139][T16077] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1035.122482][T16077] usb 3-1: Product: syz
[ 1035.133497][T16077] usb 3-1: Manufacturer: syz
[ 1035.138144][T16077] usb 3-1: SerialNumber: syz
[ 1035.145663][T16077] usb 3-1: config 0 descriptor??
[ 1035.156911][T16077] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1035.166578][T16077] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[ 1035.414370][ T5909] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[ 1035.675543][ T5909] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1035.820321][T16077] em28xx 3-1:0.0: chip ID is em2800
[ 1035.832617][ T5909] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1035.843761][ T5909] usb 5-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[ 1035.852818][ T5909] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1035.867549][ T5909] usb 5-1: config 0 descriptor??
[ 1036.339988][ T5909] samsung 0003:0419:0600.002D: unknown global tag 0xc
[ 1036.514953][ T5909] samsung 0003:0419:0600.002D: item 0 2 1 12 parsing failed
[ 1036.529552][ T5909] samsung 0003:0419:0600.002D: parse failed
[ 1036.549349][ T5909] samsung 0003:0419:0600.002D: probe with driver samsung failed with error -22
[ 1036.566405][ T5909] usb 5-1: USB disconnect, device number 16
[ 1036.912804][T16077] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[ 1037.128595][T16077] em28xx 3-1:0.0: AC97 chip type couldn't be determined
[ 1037.156689][T16077] em28xx 3-1:0.0: No AC97 audio processor
[ 1037.727568][T13920] usb 3-1: USB disconnect, device number 66
[ 1038.104906][T13920] em28xx 3-1:0.0: Disconnecting em28xx
[ 1038.135741][T13920] em28xx 3-1:0.0: Freeing device
[ 1038.216502][T18636] FAULT_INJECTION: forcing a failure.
[ 1038.216502][T18636] name failslab, interval 1, probability 0, space 0, times 0
[ 1038.261767][T18636] CPU: 0 UID: 0 PID: 18636 Comm: syz.2.3481 Not tainted syzkaller #0 PREEMPT(full) 
[ 1038.261796][T18636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1038.261809][T18636] Call Trace:
[ 1038.261817][T18636]  <TASK>
[ 1038.261826][T18636]  dump_stack_lvl+0x189/0x250
[ 1038.261852][T18636]  ? __pfx____ratelimit+0x10/0x10
[ 1038.261875][T18636]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1038.261962][T18636]  ? __pfx__printk+0x10/0x10
[ 1038.261976][T18636]  ? __lock_acquire+0xab9/0xd20
[ 1038.261992][T18636]  should_fail_ex+0x414/0x560
[ 1038.262007][T18636]  should_failslab+0xa8/0x100
[ 1038.262019][T18636]  __kmalloc_cache_noprof+0x6f/0x6f0
[ 1038.262034][T18636]  ? __tipc_nl_bearer_enable+0xab3/0x13f0
[ 1038.262053][T18636]  __tipc_nl_bearer_enable+0xab3/0x13f0
[ 1038.262073][T18636]  ? __pfx___tipc_nl_bearer_enable+0x10/0x10
[ 1038.262090][T18636]  ? __mutex_lock+0x335/0x1350
[ 1038.262108][T18636]  ? __asan_memcpy+0x40/0x70
[ 1038.262123][T18636]  ? nla_put+0xd0/0x150
[ 1038.262139][T18636]  ? tipc_nl_compat_bearer_enable+0x427/0x5d0
[ 1038.262161][T18636]  ? __pfx_tipc_nl_compat_bearer_enable+0x10/0x10
[ 1038.262174][T18636]  ? __nla_parse+0x40/0x60
[ 1038.262191][T18636]  tipc_nl_compat_doit+0x3bc/0x5f0
[ 1038.262206][T18636]  ? __pfx_tipc_nl_compat_doit+0x10/0x10
[ 1038.262224][T18636]  ? bpf_lsm_capable+0x9/0x20
[ 1038.262237][T18636]  ? security_capable+0x7e/0x2e0
[ 1038.262255][T18636]  tipc_nl_compat_recv+0x83c/0xbe0
[ 1038.262268][T18636]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[ 1038.262277][T18636]  ? __mutex_trylock_common+0x153/0x260
[ 1038.262292][T18636]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1038.262304][T18636]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1038.262314][T18636]  ? __pfx___tipc_nl_bearer_enable+0x10/0x10
[ 1038.262327][T18636]  ? __pfx_tipc_nl_compat_bearer_enable+0x10/0x10
[ 1038.262342][T18636]  ? trace_contention_end+0x39/0x120
[ 1038.262360][T18636]  genl_family_rcv_msg_doit+0x215/0x300
[ 1038.262380][T18636]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1038.262407][T18636]  genl_rcv_msg+0x60e/0x790
[ 1038.262424][T18636]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1038.262438][T18636]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[ 1038.262450][T18636]  ? __asan_memcpy+0x40/0x70
[ 1038.262462][T18636]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1038.262480][T18636]  netlink_rcv_skb+0x208/0x470
[ 1038.262490][T18636]  ? __lock_acquire+0xab9/0xd20
[ 1038.262500][T18636]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1038.262514][T18636]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1038.262535][T18636]  ? down_read+0x1ad/0x2e0
[ 1038.262551][T18636]  genl_rcv+0x28/0x40
[ 1038.262563][T18636]  netlink_unicast+0x82c/0x9e0
[ 1038.262583][T18636]  ? __pfx_netlink_unicast+0x10/0x10
[ 1038.262600][T18636]  ? netlink_sendmsg+0x642/0xb30
[ 1038.262613][T18636]  ? skb_put+0x11b/0x210
[ 1038.262626][T18636]  netlink_sendmsg+0x805/0xb30
[ 1038.262649][T18636]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1038.262662][T18636]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1038.262678][T18636]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1038.262688][T18636]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1038.262699][T18636]  __sock_sendmsg+0x21c/0x270
[ 1038.262717][T18636]  ____sys_sendmsg+0x505/0x830
[ 1038.262732][T18636]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1038.262749][T18636]  ? import_iovec+0x74/0xa0
[ 1038.262762][T18636]  ___sys_sendmsg+0x21f/0x2a0
[ 1038.262775][T18636]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1038.262808][T18636]  ? __fget_files+0x2a/0x420
[ 1038.262818][T18636]  ? __fget_files+0x3a0/0x420
[ 1038.262833][T18636]  __x64_sys_sendmsg+0x19b/0x260
[ 1038.262846][T18636]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1038.262864][T18636]  ? __pfx_ksys_write+0x10/0x10
[ 1038.262881][T18636]  ? do_syscall_64+0xbe/0xfa0
[ 1038.262901][T18636]  do_syscall_64+0xfa/0xfa0
[ 1038.262913][T18636]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1038.262925][T18636]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1038.262935][T18636]  ? clear_bhb_loop+0x60/0xb0
[ 1038.262948][T18636]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1038.262959][T18636] RIP: 0033:0x7f696bb8eec9
[ 1038.262970][T18636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1038.262980][T18636] RSP: 002b:00007f696ca92038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1038.262993][T18636] RAX: ffffffffffffffda RBX: 00007f696bde5fa0 RCX: 00007f696bb8eec9
[ 1038.263001][T18636] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000006
[ 1038.263008][T18636] RBP: 00007f696ca92090 R08: 0000000000000000 R09: 0000000000000000
[ 1038.263019][T18636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1038.263025][T18636] R13: 00007f696bde6038 R14: 00007f696bde5fa0 R15: 00007f696bf0fa28
[ 1038.263043][T18636]  </TASK>
[ 1038.708321][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1040.885691][T18060] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[ 1041.253424][T18060] usb 2-1: Using ep0 maxpacket: 16
[ 1041.273681][T18060] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1041.333303][T18060] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1041.459588][T18060] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1041.492117][T18060] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1041.512409][T18060] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1041.545151][T18060] usb 2-1: config 0 descriptor??
[ 1042.109673][T18665] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3490'.
[ 1042.181218][T18060] usbhid 2-1:0.0: can't add hid device: -71
[ 1042.233379][T18060] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1042.283722][T18060] usb 2-1: USB disconnect, device number 34
[ 1042.552161][T18669] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3492'.
[ 1042.818723][T18673] FAULT_INJECTION: forcing a failure.
[ 1042.818723][T18673] name failslab, interval 1, probability 0, space 0, times 0
[ 1042.877900][T18673] CPU: 1 UID: 0 PID: 18673 Comm: syz.1.3495 Not tainted syzkaller #0 PREEMPT(full) 
[ 1042.877929][T18673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1042.877941][T18673] Call Trace:
[ 1042.877950][T18673]  <TASK>
[ 1042.877960][T18673]  dump_stack_lvl+0x189/0x250
[ 1042.877987][T18673]  ? __pfx____ratelimit+0x10/0x10
[ 1042.878010][T18673]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1042.878032][T18673]  ? __pfx__printk+0x10/0x10
[ 1042.878055][T18673]  ? __pfx___might_resched+0x10/0x10
[ 1042.878077][T18673]  ? fs_reclaim_acquire+0x7d/0x100
[ 1042.878117][T18673]  should_fail_ex+0x414/0x560
[ 1042.878145][T18673]  should_failslab+0xa8/0x100
[ 1042.878164][T18673]  __kmalloc_cache_noprof+0x6f/0x6f0
[ 1042.878192][T18673]  ? snd_pcm_oss_change_params_locked+0x172/0x3e40
[ 1042.878230][T18673]  snd_pcm_oss_change_params_locked+0x172/0x3e40
[ 1042.878262][T18673]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1042.878290][T18673]  ? rcu_is_watching+0x15/0xb0
[ 1042.878320][T18673]  ? trace_contention_end+0x39/0x120
[ 1042.878343][T18673]  ? __mutex_lock+0x335/0x1350
[ 1042.878384][T18673]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 1042.878416][T18673]  ? __pfx___mutex_lock+0x10/0x10
[ 1042.878454][T18673]  ? __fget_files+0x2a/0x420
[ 1042.878477][T18673]  snd_pcm_oss_get_active_substream+0x1e2/0x280
[ 1042.878511][T18673]  snd_pcm_oss_ioctl+0x9e4/0xdd0
[ 1042.878540][T18673]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[ 1042.878568][T18673]  __se_sys_ioctl+0xf9/0x170
[ 1042.878596][T18673]  do_syscall_64+0xfa/0xfa0
[ 1042.878617][T18673]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1042.878641][T18673]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1042.878664][T18673]  ? clear_bhb_loop+0x60/0xb0
[ 1042.878688][T18673]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1042.878707][T18673] RIP: 0033:0x7f3fda98eec9
[ 1042.878725][T18673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1042.878743][T18673] RSP: 002b:00007f3fdb8bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1042.878765][T18673] RAX: ffffffffffffffda RBX: 00007f3fdabe5fa0 RCX: 00007f3fda98eec9
[ 1042.878781][T18673] RDX: 0000000000000000 RSI: 0000000080045002 RDI: 0000000000000003
[ 1042.878794][T18673] RBP: 00007f3fdb8bd090 R08: 0000000000000000 R09: 0000000000000000
[ 1042.878807][T18673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1042.878819][T18673] R13: 00007f3fdabe6038 R14: 00007f3fdabe5fa0 R15: 00007f3fdad0fa28
[ 1042.878853][T18673]  </TASK>
[ 1043.983322][ T5909] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[ 1044.716629][ T5909] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1044.745445][ T5909] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[ 1044.764717][ T5909] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1044.786308][ T5909] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1045.031700][ T5909] usb 5-1: config 0 descriptor??
[ 1045.311722][ T5909] usb 5-1: USB disconnect, device number 17
[ 1046.666797][T16880] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[ 1046.682051][T16880] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[ 1046.693411][T16880] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[ 1046.702089][T16880] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[ 1046.711420][T16880] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[ 1047.147125][T18725] netlink: 'syz.1.3510': attribute type 10 has an invalid length.
[ 1047.299028][T18725] macvlan0: entered promiscuous mode
[ 1047.351802][T18725] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[ 1047.511333][T18714] chnl_net:caif_netlink_parms(): no params data found
[ 1047.713061][T18736] IPv6: Can't replace route, no match found
[ 1048.305692][T18714] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1048.314290][T18714] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1048.329782][T18714] bridge_slave_0: entered allmulticast mode
[ 1048.410597][T18714] bridge_slave_0: entered promiscuous mode
[ 1048.443027][T18714] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1048.522880][T18714] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1048.531371][T18714] bridge_slave_1: entered allmulticast mode
[ 1048.543021][T18714] bridge_slave_1: entered promiscuous mode
[ 1048.572304][ T5198] buffer_io_error: 6 callbacks suppressed
[ 1048.572317][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1048.625304][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1048.799208][T16880] Bluetooth: hci13: command tx timeout
[ 1048.896477][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1048.912064][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1048.926624][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1048.935044][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1048.958109][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1048.969722][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1048.978912][ T5198] ldm_validate_partition_table(): Disk read failed.
[ 1049.000119][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1049.011301][T18714] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1049.027499][T18714] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1049.040566][ T5198] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1049.058242][ T5198] Dev loop6: unable to read RDB block 0
[ 1049.072283][ T5198]  loop6: unable to read partition table
[ 1049.247210][T18714] team0: Port device team_slave_0 added
[ 1049.325394][T18714] team0: Port device team_slave_1 added
[ 1049.486027][T18753] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3516'.
[ 1049.694457][T18714] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1049.723118][T18714] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1049.838517][T18714] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1049.857218][T18714] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1049.864361][T18714] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1049.890246][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1049.941268][T18714] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1050.323165][T18714] hsr_slave_0: entered promiscuous mode
[ 1050.330324][T18714] hsr_slave_1: entered promiscuous mode
[ 1050.338719][T18714] debugfs: 'hsr0' already exists in 'hsr'
[ 1050.344906][T18714] Cannot create hsr debugfs directory
[ 1050.823898][   T31] INFO: task syz.4.3075:17123 blocked for more than 143 seconds.
[ 1050.836986][   T31]       Not tainted syzkaller #0
[ 1050.838927][   T52] Bluetooth: hci13: command tx timeout
[ 1050.852380][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1050.890732][   T31] task:syz.4.3075      state:D stack:24744 pid:17123 tgid:17123 ppid:12869  task_flags:0x440040 flags:0x00080002
[ 1050.943561][ T5909] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[ 1051.063656][   T31] Call Trace:
[ 1051.066974][   T31]  <TASK>
[ 1051.069911][   T31]  __schedule+0x1798/0x4cc0
[ 1051.104500][ T5909] usb 2-1: Using ep0 maxpacket: 32
[ 1051.145578][ T5909] usb 2-1: config 0 has an invalid interface number: 219 but max is 0
[ 1051.154395][ T5909] usb 2-1: config 0 has no interface number 0
[ 1051.160527][ T5909] usb 2-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[ 1051.183742][ T5909] usb 2-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[ 1051.195319][   T31]  ? __pfx___schedule+0x10/0x10
[ 1051.200210][   T31]  ? schedule+0x91/0x360
[ 1051.214023][   T31]  schedule+0x165/0x360
[ 1051.218305][ T5909] usb 2-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 1051.273454][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1051.322698][   T31]  rwsem_down_read_slowpath+0x5fd/0x8f0
[ 1051.333636][ T5909] usb 2-1: config 0 interface 219 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[ 1051.353477][   T31]  ? rwsem_down_read_slowpath+0x4b8/0x8f0
[ 1051.360624][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[ 1051.368475][ T5909] usb 2-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[ 1051.374807][   T31]  ? page_cache_ra_order+0x3a2/0xe70
[ 1051.446110][   T31]  down_read+0x98/0x2e0
[ 1051.450357][   T31]  page_cache_ra_order+0x3a2/0xe70
[ 1051.455887][   T31]  do_sync_mmap_readahead+0x25e/0x7a0
[ 1051.461546][   T31]  ? __pfx_do_sync_mmap_readahead+0x10/0x10
[ 1051.468190][   T31]  ? count_memcg_event_mm+0x1d/0x250
[ 1051.473977][   T31]  ? count_memcg_event_mm+0x1d/0x250
[ 1051.479313][   T31]  filemap_fault+0x6b9/0x12b0
[ 1051.484587][   T31]  ? __pfx_filemap_fault+0x10/0x10
[ 1051.489732][   T31]  ? kmem_cache_alloc_noprof+0x3b8/0x6e0
[ 1051.495892][   T31]  ? __raw_spin_lock_init+0x45/0x100
[ 1051.501451][   T31]  ? pte_alloc_one+0x1f9/0x310
[ 1051.527737][   T31]  __do_fault+0x135/0x390
[ 1051.532157][   T31]  __handle_mm_fault+0x1719/0x5400
[ 1051.551712][   T31]  ? lock_vma_under_rcu+0x1a3/0x450
[ 1051.559949][   T31]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1051.567728][   T31]  ? lock_vma_under_rcu+0x3d2/0x450
[ 1051.575736][   T31]  ? __pfx_do_futex+0x10/0x10
[ 1051.580469][   T31]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[ 1051.590453][   T31]  handle_mm_fault+0x40a/0x8e0
[ 1051.597680][   T31]  do_user_addr_fault+0xa7c/0x1380
[ 1051.605683][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1051.613100][   T31]  ? trace_page_fault_user+0x84/0x1e0
[ 1051.620877][   T31]  exc_page_fault+0x82/0x100
[ 1051.639386][   T31]  asm_exc_page_fault+0x26/0x30
[ 1051.657503][   T31] RIP: 0033:0x7fb0e0756b18
[ 1051.661984][   T31] RSP: 002b:00007fb0e0b0fb88 EFLAGS: 00010202
[ 1051.679529][   T31] RAX: 00002000000000c0 RBX: 0000000000000004 RCX: 6b7369642f726577
[ 1051.690365][   T31] RDX: 000000000000000f RSI: 776f702f7379732f RDI: 00002000000000c0
[ 1051.701515][   T31] RBP: 00007fb0e09e7da0 R08: 0000001b2e120000 R09: 0000000000000001
[ 1051.711995][   T31] R10: 0000000000000001 R11: 0000000000000009 R12: 00007fb0e09e618c
[ 1051.722458][   T31] R13: 00007fb0e0b0fc80 R14: fffffffffffffffe R15: 00007fb0e0b0fca0
[ 1051.733499][   T31]  </TASK>
[ 1051.738480][   T31] INFO: task syz.4.3075:17125 blocked for more than 144 seconds.
[ 1051.779803][   T31]       Not tainted syzkaller #0
[ 1051.798100][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1051.810005][   T31] task:syz.4.3075      state:D stack:25064 pid:17125 tgid:17123 ppid:12869  task_flags:0x440040 flags:0x00080003
[ 1051.824653][   T31] Call Trace:
[ 1051.829837][   T31]  <TASK>
[ 1051.835713][   T31]  __schedule+0x1798/0x4cc0
[ 1051.843445][   T31]  ? __pfx___schedule+0x10/0x10
[ 1051.848952][   T31]  ? schedule+0x91/0x360
[ 1051.855035][   T31]  schedule+0x165/0x360
[ 1051.861944][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1051.868570][   T31]  rwsem_down_read_slowpath+0x5fd/0x8f0
[ 1051.888607][   T31]  ? rwsem_down_read_slowpath+0x4b8/0x8f0
[ 1051.913948][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[ 1051.927951][   T31]  ? page_cache_ra_order+0x3a2/0xe70
[ 1051.933703][   T31]  down_read+0x98/0x2e0
[ 1051.937917][   T31]  page_cache_ra_order+0x3a2/0xe70
[ 1051.943093][   T31]  do_sync_mmap_readahead+0x25e/0x7a0
[ 1051.956372][   T31]  ? __pfx_do_sync_mmap_readahead+0x10/0x10
[ 1051.962325][   T31]  ? count_memcg_event_mm+0x1d/0x250
[ 1051.968215][   T31]  ? count_memcg_event_mm+0x1d/0x250
[ 1051.973905][   T31]  filemap_fault+0x6b9/0x12b0
[ 1051.983825][   T31]  ? __pfx_filemap_fault+0x10/0x10
[ 1051.989012][   T31]  ? __pfx_filemap_map_pages+0x10/0x10
[ 1052.011811][   T31]  ? __handle_mm_fault+0x2789/0x5400
[ 1052.022599][   T31]  __do_fault+0x135/0x390
[ 1052.029008][   T31]  __handle_mm_fault+0x35e3/0x5400
[ 1052.037641][   T31]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1052.043196][   T31]  ? find_vma+0xe7/0x160
[ 1052.048108][   T31]  ? __pfx_find_vma+0x10/0x10
[ 1052.052823][   T31]  handle_mm_fault+0x40a/0x8e0
[ 1052.058167][   T31]  do_user_addr_fault+0x764/0x1380
[ 1052.063675][   T31]  exc_page_fault+0x82/0x100
[ 1052.068309][   T31]  asm_exc_page_fault+0x26/0x30
[ 1052.073187][   T31] RIP: 0010:rep_movs_alternative+0x30/0x90
[ 1052.081700][   T31] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 7d 35 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08
[ 1052.104920][   T31] RSP: 0018:ffffc9000d707a18 EFLAGS: 00050206
[ 1052.111039][   T31] RAX: 00007ffffffff001 RBX: 0000000000000038 RCX: 0000000000000038
[ 1052.124125][   T31] RDX: 0000000000000001 RSI: 0000200000056000 RDI: ffffc9000d707aa0
[ 1052.134615][   T31] RBP: ffffc9000d707c30 R08: ffffc9000d707ad7 R09: 1ffff92001ae0f5a
[ 1052.142638][   T31] R10: dffffc0000000000 R11: fffff52001ae0f5b R12: 0000000000000002
[ 1052.154732][   T31] R13: dffffc0000000000 R14: ffffc9000d707aa0 R15: 0000200000056000
[ 1052.162773][   T31]  _copy_from_user+0x7a/0xb0
[ 1052.167913][   T31]  ___sys_recvmsg+0x12e/0x510
[ 1052.172632][   T31]  ? trace_irq_disable+0x37/0x110
[ 1052.178194][   T31]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1052.183971][   T31]  ? __might_fault+0xb0/0x130
[ 1052.190939][   T31]  do_recvmmsg+0x307/0x770
[ 1052.196207][   T31]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1052.201536][   T31]  ? count_memcg_event_mm+0x21/0x260
[ 1052.218400][   T31]  __x64_sys_recvmmsg+0x190/0x240
[ 1052.226585][   T31]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1052.232204][   T31]  ? do_syscall_64+0xbe/0xfa0
[ 1052.239182][   T31]  do_syscall_64+0xfa/0xfa0
[ 1052.246323][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1052.253802][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1052.268461][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1052.273197][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1052.275827][T16880] Bluetooth: hci7: command 0x0406 tx timeout
[ 1052.279606][   T31] RIP: 0033:0x7fb0e078eec9
[ 1052.290248][   T31] RSP: 002b:00007fb0e16cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1052.298813][   T31] RAX: ffffffffffffffda RBX: 00007fb0e09e6090 RCX: 00007fb0e078eec9
[ 1052.307305][   T31] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1052.315427][   T31] RBP: 00007fb0e0811f91 R08: 0000000000000000 R09: 0000000000000000
[ 1052.331134][   T31] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[ 1052.339561][   T31] R13: 00007fb0e09e6128 R14: 00007fb0e09e6090 R15: 00007fb0e0b0fa28
[ 1052.350133][   T31]  </TASK>
[ 1052.357283][   T31] INFO: task syz.4.3075:17127 blocked for more than 144 seconds.
[ 1052.365214][   T31]       Not tainted syzkaller #0
[ 1052.370186][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1052.378931][   T31] task:syz.4.3075      state:D stack:26088 pid:17127 tgid:17123 ppid:12869  task_flags:0x440140 flags:0x00080002
[ 1052.392480][   T31] Call Trace:
[ 1052.395856][   T31]  <TASK>
[ 1052.398831][   T31]  __schedule+0x1798/0x4cc0
[ 1052.403933][   T31]  ? __pfx___schedule+0x10/0x10
[ 1052.408857][   T31]  ? schedule+0x91/0x360
[ 1052.413142][   T31]  schedule+0x165/0x360
[ 1052.417469][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1052.422974][   T31]  rwsem_down_read_slowpath+0x5fd/0x8f0
[ 1052.428715][   T31]  ? rwsem_down_read_slowpath+0x4b8/0x8f0
[ 1052.434534][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[ 1052.440645][   T31]  ? page_cache_ra_order+0x3a2/0xe70
[ 1052.446350][   T31]  down_read+0x98/0x2e0
[ 1052.450558][   T31]  page_cache_ra_order+0x3a2/0xe70
[ 1052.495752][   T31]  do_sync_mmap_readahead+0x25e/0x7a0
[ 1052.502504][   T31]  ? __pfx_do_sync_mmap_readahead+0x10/0x10
[ 1052.509262][   T31]  ? count_memcg_event_mm+0x1d/0x250
[ 1052.516085][   T31]  ? count_memcg_event_mm+0x1d/0x250
[ 1052.521404][   T31]  filemap_fault+0x6b9/0x12b0
[ 1052.527443][   T31]  ? __pfx_filemap_fault+0x10/0x10
[ 1052.532572][   T31]  ? kmem_cache_alloc_noprof+0x3b8/0x6e0
[ 1052.539644][   T31]  ? __raw_spin_lock_init+0x45/0x100
[ 1052.546311][   T31]  ? pte_alloc_one+0x1f9/0x310
[ 1052.552415][   T31]  __do_fault+0x135/0x390
[ 1052.556873][   T31]  __handle_mm_fault+0x1719/0x5400
[ 1052.563384][   T31]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1052.568888][   T31]  ? __pfx___might_resched+0x10/0x10
[ 1052.574254][   T31]  handle_mm_fault+0x40a/0x8e0
[ 1052.579048][   T31]  __get_user_pages+0x165c/0x2a00
[ 1052.584331][   T31]  populate_vma_page_range+0x29f/0x3a0
[ 1052.589835][   T31]  ? __pfx_populate_vma_page_range+0x10/0x10
[ 1052.596061][   T31]  ? userfaultfd_unmap_complete+0x278/0x2d0
[ 1052.601983][   T31]  ? down_read+0x1ad/0x2e0
[ 1052.606502][   T31]  __mm_populate+0x24c/0x380
[ 1052.611509][   T31]  ? __pfx___mm_populate+0x10/0x10
[ 1052.616684][   T31]  ? up_write+0x1f2/0x420
[ 1052.621034][   T31]  vm_mmap_pgoff+0x387/0x4d0
[ 1052.626118][   T31]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 1052.631257][   T31]  ? __fget_files+0x2a/0x420
[ 1052.636273][   T31]  ? __fget_files+0x2a/0x420
[ 1052.640900][   T31]  ? __fget_files+0x2a/0x420
[ 1052.653582][   T31]  ksys_mmap_pgoff+0x51f/0x760
[ 1052.658412][   T31]  do_syscall_64+0xfa/0xfa0
[ 1052.662928][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1052.683331][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1052.693660][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1052.698376][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1052.723282][   T31] RIP: 0033:0x7fb0e078eec9
[ 1052.727739][   T31] RSP: 002b:00007fb0e16ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1052.738038][   T31] RAX: ffffffffffffffda RBX: 00007fb0e09e6180 RCX: 00007fb0e078eec9
[ 1052.747507][   T31] RDX: 000000000300000a RSI: 0000000000b36000 RDI: 0000200000000000
[ 1052.756015][   T31] RBP: 00007fb0e0811f91 R08: 0000000000000007 R09: 0000000000002000
[ 1052.764530][   T31] R10: 0000000000008012 R11: 0000000000000246 R12: 0000000000000000
[ 1052.772658][   T31] R13: 00007fb0e09e6218 R14: 00007fb0e09e6180 R15: 00007fb0e0b0fa28
[ 1052.781121][   T31]  </TASK>
[ 1052.784581][   T31] 
[ 1052.784581][   T31] Showing all locks held in the system:
[ 1052.792381][   T31] 2 locks held by rcu_exp_gp_kthr/18:
[ 1052.905767][T16880] Bluetooth: hci13: command tx timeout
[ 1052.915640][   T31]  #0: ffff8880b863a058 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[ 1052.933359][   T31]  #1: ffff8880b8624048 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880
[ 1052.942325][   T31] 1 lock held by khungtaskd/31:
[ 1052.948560][   T31]  #0: ffffffff8e13d320 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1052.959904][   T31] 3 locks held by kworker/u8:4/60:
[ 1052.966377][   T31]  #0: ffff888027526148 ((wq_completion)loop6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1052.978738][   T31]  #1: ffffc9000211fba0 ((work_completion)(&worker->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1052.990881][   T31]  #2: ffff888148c0c128 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blkdev_write_iter+0x50b/0x710
[ 1053.003095][   T31] 1 lock held by udevd/5198:
[ 1053.007956][   T31] 2 locks held by getty/5589:
[ 1053.012641][   T31]  #0: ffff88814e1e80a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1053.022894][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1053.034361][   T31] 3 locks held by kworker/0:6/5909:
[ 1053.039596][   T31]  #0: ffff888144681148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1053.051067][   T31]  #1: ffffc90004557ba0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1053.063044][   T31]  #2: ffff8881453cd198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[ 1053.072244][   T31] 4 locks held by kworker/u9:1/12214:
[ 1053.077716][   T31]  #0: ffff8880267a6148 ((wq_completion)hci7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1053.088585][   T31]  #1: ffffc9000b59fba0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1053.102153][   T31]  #2: ffff88802363cdc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[ 1053.120521][   T31]  #3: ffff88802363c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
[ 1053.154259][   T31] 3 locks held by kworker/1:3/13920:
[ 1053.159621][   T31]  #0: ffff88813ff19948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1053.173097][   T31]  #1: ffffc9000c8efba0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1053.183816][   T31]  #2: ffffffff8e142db8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1053.195224][   T31] 3 locks held by kworker/u8:10/14434:
[ 1053.200698][   T31]  #0: ffff88813ff29948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1053.213024][   T31]  #1: ffffc9000b54fba0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1053.275697][   T31]  #2: ffffffff8f4df908 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[ 1053.287984][   T31] 2 locks held by syz.0.3008/17064:
[ 1053.293355][   T31] 1 lock held by syz.4.3075/17123:
[ 1053.298475][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.311932][   T31] 1 lock held by syz.4.3075/17125:
[ 1053.317216][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.328497][   T31] 1 lock held by syz.4.3075/17127:
[ 1053.333770][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.344594][   T31] 1 lock held by syz.1.3131/17326:
[ 1053.349708][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.361119][   T31] 1 lock held by syz.1.3131/17329:
[ 1053.382759][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.395733][   T31] 1 lock held by syz.1.3131/17330:
[ 1053.402147][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.413407][   T31] 1 lock held by syz.1.3131/17331:
[ 1053.418529][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.430870][   T31] 1 lock held by syz.3.3204/17607:
[ 1053.436434][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.447524][   T31] 1 lock held by syz.3.3204/17609:
[ 1053.452646][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.464055][   T31] 1 lock held by syz.3.3204/17610:
[ 1053.469183][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.497159][   T31] 1 lock held by syz.5.3212/17643:
[ 1053.502312][   T31]  #0: ffff888148c0c128 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530
[ 1053.521997][   T31] 5 locks held by syz-executor/17714:
[ 1053.527730][   T31]  #0: ffff88802b288dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[ 1053.539204][   T31]  #1: ffff88802b2880b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[ 1053.549285][   T31]  #2: ffffffff8f648c28 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[ 1053.561640][   T31]  #3: ffff88804f555b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[ 1053.572887][   T31]  #4: ffffffff8e142db8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1053.612559][   T31] 1 lock held by syz.6.3289/17941:
[ 1053.618081][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.629467][   T31] 1 lock held by syz.6.3289/17947:
[ 1053.635316][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.646387][   T31] 1 lock held by syz.6.3289/17949:
[ 1053.651507][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.662760][   T31] 1 lock held by syz.6.3289/17950:
[ 1053.668190][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.693505][   T31] 1 lock held by syz.8.3293/17969:
[ 1053.698649][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.725439][   T31] 1 lock held by syz.8.3293/17971:
[ 1053.730591][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.745034][   T31] 1 lock held by syz.8.3293/17973:
[ 1053.752058][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.765312][   T31] 1 lock held by syz.8.3293/17974:
[ 1053.771980][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.803175][   T31] 1 lock held by syz.8.3293/17975:
[ 1053.817748][   T31]  #0: ffff888148c0c128 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530
[ 1053.831403][   T31] 1 lock held by syz.0.3462/18564:
[ 1053.838728][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.851732][   T31] 1 lock held by syz.0.3462/18565:
[ 1053.859134][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.871916][   T31] 1 lock held by syz.0.3462/18566:
[ 1053.879285][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.918365][   T31] 1 lock held by syz.0.3462/18567:
[ 1053.923894][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.935108][   T31] 1 lock held by syz.4.3512/18730:
[ 1053.940731][   T31]  #0: ffff888148c0c2c8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x3a2/0xe70
[ 1053.955971][   T31] 1 lock held by syz.4.3512/18732:
[ 1053.961103][   T31]  #0: ffff888148c0c128 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blkdev_common_ioctl+0x1ab6/0x2550
[ 1053.972768][   T31] 1 lock held by syz.2.3518/18762:
[ 1053.993860][   T31]  #0: ffff888148c0c128 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530
[ 1054.018866][   T31] 
[ 1054.022353][   T31] =============================================
[ 1054.022353][   T31] 
[ 1054.152471][   T31] NMI backtrace for cpu 1
[ 1054.152499][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1054.152523][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1054.152536][   T31] Call Trace:
[ 1054.152544][   T31]  <TASK>
[ 1054.152552][   T31]  dump_stack_lvl+0x189/0x250
[ 1054.152582][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1054.152603][   T31]  ? __pfx__printk+0x10/0x10
[ 1054.152637][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1054.152669][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1054.152702][   T31]  ? __pfx__printk+0x10/0x10
[ 1054.152726][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1054.152759][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1054.152792][   T31]  watchdog+0xf60/0xfa0
[ 1054.152817][   T31]  ? watchdog+0x1e2/0xfa0
[ 1054.152842][   T31]  kthread+0x711/0x8a0
[ 1054.152870][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1054.152889][   T31]  ? __pfx_kthread+0x10/0x10
[ 1054.152917][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1054.152938][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1054.152959][   T31]  ? __pfx_kthread+0x10/0x10
[ 1054.152986][   T31]  ret_from_fork+0x4bc/0x870
[ 1054.153009][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1054.153036][   T31]  ? __switch_to_asm+0x39/0x70
[ 1054.153057][   T31]  ? __switch_to_asm+0x33/0x70
[ 1054.153078][   T31]  ? __pfx_kthread+0x10/0x10
[ 1054.153105][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1054.153144][   T31]  </TASK>
[ 1054.153153][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1054.299907][    C0] NMI backtrace for cpu 0
[ 1054.299924][    C0] CPU: 0 UID: 0 PID: 18714 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[ 1054.299952][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1054.299963][    C0] RIP: 0010:__kasan_check_byte+0x2c/0x40
[ 1054.299993][    C0] Code: 1f 00 41 56 53 48 89 f3 49 89 fe e8 2e 15 00 00 84 c0 75 16 be 01 00 00 00 4c 89 f7 31 d2 48 89 d9 89 c3 e8 c6 03 00 00 89 d8 <5b> 41 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90
[ 1054.300008][    C0] RSP: 0018:ffffc90010acf7e8 EFLAGS: 00000202
[ 1054.300025][    C0] RAX: 0000000000000001 RBX: ffffffff8b4dd2e7 RCX: 508fc65113969600
[ 1054.300038][    C0] RDX: 0000000000000001 RSI: ffffffff8b4dd2e7 RDI: 1ffff110170c803b
[ 1054.300051][    C0] RBP: ffffffff8216f00e R08: 0000000000000001 R09: 0000000000000000
[ 1054.300062][    C0] R10: dffffc0000000000 R11: fffff52002159f04 R12: 0000000000000000
[ 1054.300074][    C0] R13: ffff8880b86401d8 R14: ffff8880b86401d8 R15: 0000000000000001
[ 1054.300087][    C0] FS:  0000000000000000(0000) GS:ffff888125d12000(0000) knlGS:0000000000000000
[ 1054.300102][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1054.300114][    C0] CR2: 00002000003eb000 CR3: 00000000670da000 CR4: 00000000003526f0
[ 1054.300129][    C0] Call Trace:
[ 1054.300136][    C0]  <TASK>
[ 1054.300144][    C0]  lock_acquire+0x8d/0x360
[ 1054.300161][    C0]  ? __pfx_do_raw_spin_trylock+0x10/0x10
[ 1054.300185][    C0]  ? __page_table_check_zero+0xba/0x530
[ 1054.300210][    C0]  _raw_spin_trylock+0x47/0x80
[ 1054.300227][    C0]  ? __free_frozen_pages+0x65e/0xd30
[ 1054.300251][    C0]  __free_frozen_pages+0x65e/0xd30
[ 1054.300278][    C0]  vfree+0x25a/0x400
[ 1054.300300][    C0]  ? __pfx_kcov_close+0x10/0x10
[ 1054.300317][    C0]  kcov_close+0x28/0x50
[ 1054.300332][    C0]  __fput+0x44c/0xa70
[ 1054.300355][    C0]  task_work_run+0x1d4/0x260
[ 1054.300380][    C0]  ? __pfx_task_work_run+0x10/0x10
[ 1054.300403][    C0]  ? do_exit+0x6b0/0x2300
[ 1054.300424][    C0]  ? kmem_cache_free+0x19b/0x690
[ 1054.300450][    C0]  do_exit+0x6b5/0x2300
[ 1054.300475][    C0]  ? do_raw_spin_lock+0x121/0x290
[ 1054.300497][    C0]  ? __pfx_do_exit+0x10/0x10
[ 1054.300526][    C0]  do_group_exit+0x21c/0x2d0
[ 1054.300548][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1054.300569][    C0]  get_signal+0x1285/0x1340
[ 1054.300595][    C0]  arch_do_signal_or_restart+0xa0/0x790
[ 1054.300623][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1054.300655][    C0]  ? exit_to_user_mode_loop+0x40/0x130
[ 1054.300682][    C0]  exit_to_user_mode_loop+0x72/0x130
[ 1054.300707][    C0]  do_syscall_64+0x2bd/0xfa0
[ 1054.300727][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1054.300743][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1054.300761][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1054.300779][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1054.300795][    C0] RIP: 0033:0x7f94fcd90d5c
[ 1054.300809][    C0] Code: Unable to access opcode bytes at 0x7f94fcd90d32.
[ 1054.300818][    C0] RSP: 002b:00007f94fd10f650 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1054.300834][    C0] RAX: 0000000000000064 RBX: 00007f94fdb14620 RCX: 00007f94fcd90d5c
[ 1054.300847][    C0] RDX: 0000000000000064 RSI: 00007f94fdb14670 RDI: 0000000000000003
[ 1054.300858][    C0] RBP: 0000000000000000 R08: 00007f94fd10f6a4 R09: 000000000000000c
[ 1054.300869][    C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[ 1054.300880][    C0] R13: 0000000000000000 R14: 00007f94fdb14670 R15: 0000000000000000
[ 1054.300900][    C0]  </TASK>
[ 1054.738253][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1054.745146][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1054.754263][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1054.764323][   T31] Call Trace:
[ 1054.767607][   T31]  <TASK>
[ 1054.770538][   T31]  dump_stack_lvl+0x99/0x250
[ 1054.775134][   T31]  ? __asan_memcpy+0x40/0x70
[ 1054.779734][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1054.784945][   T31]  ? __pfx__printk+0x10/0x10
[ 1054.789553][   T31]  vpanic+0x237/0x6d0
[ 1054.793547][   T31]  ? __pfx_vpanic+0x10/0x10
[ 1054.798059][   T31]  ? preempt_schedule_common+0x83/0xd0
[ 1054.803530][   T31]  panic+0xb9/0xc0
[ 1054.807262][   T31]  ? __pfx_panic+0x10/0x10
[ 1054.811691][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1054.817077][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[ 1054.823244][   T31]  watchdog+0xf9f/0xfa0
[ 1054.827407][   T31]  ? watchdog+0x1e2/0xfa0
[ 1054.831744][   T31]  kthread+0x711/0x8a0
[ 1054.835824][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1054.840503][   T31]  ? __pfx_kthread+0x10/0x10
[ 1054.845111][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1054.850315][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1054.855518][   T31]  ? __pfx_kthread+0x10/0x10
[ 1054.860128][   T31]  ret_from_fork+0x4bc/0x870
[ 1054.864721][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1054.869844][   T31]  ? __switch_to_asm+0x39/0x70
[ 1054.874618][   T31]  ? __switch_to_asm+0x33/0x70
[ 1054.879389][   T31]  ? __pfx_kthread+0x10/0x10
[ 1054.883991][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1054.888780][   T31]  </TASK>
[ 1054.892055][   T31] Kernel Offset: disabled
[ 1054.896368][   T31] Rebooting in 86400 seconds..