last executing test programs:

29m25.033619961s ago: executing program 3 (id=195):
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$restrict_keyring(0x1d, r1, 0x0, 0x0)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
r2 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000340)={<r3=>r2})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r4 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a0300000905810300020000000904010000020d00000904010102020d0000090582010002000008090503"], 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f0000000340)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c, {0x10, 0x810, 0x10, 0x1000, 0x16, 0x10, 0x10, 0x10, 0x7, 0x10, 0x10, 0xd}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8)
close(r5)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000480)="d8001c00180081064e81f7050044fd56170d12a0b9b5457073", 0x19}], 0x1}, 0xc000)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000040)={r3})
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e3, &(0x7f0000000180)={r2, r6})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000640)=ANY=[@ANYBLOB="125923915ef1815e94f47938050100007516b7018c0d0e008f8e0018030109fe6935852398a0e4a3d4e356021b00", @ANYRES8=r0, @ANYRESOCT=r7, @ANYRES32=r3, @ANYBLOB="440b5f5dd80aefacb36028b71fba65a5212c633710b9df0bcf87eb626498841286233317ed35b78a17947a4aa9c351be18db8301cc875bd27b287d84ffda63dc93f6b3fde455b0135299b4f5124f4afc96daa3678fddc6334db979874ee0bc874599ef8bfb63bc0289a385de6ef058c1cd93a7e0490db17a18864bec55a4ca20c730852f66bbe31c2f5809717862a7d8024b5370084e8e34ba508373b4e119bf355cd1132a75e8eaa7e3dabb76a9b3a56a79fb1bd41f5f3d004cb8ccccaf39b1f822b973765562c104ba87552efbe1daa36d63093b6d7c96bac2a0f3e97b8f"], 0x0)
r8 = creat(0x0, 0xecf86c37d53049cc)
close(r8)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000140)={0x2, 0x0, [{0xa34, 0x0, 0x8}, {0x85a, 0x0, 0x6}]})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0xffffffffffffffe3, &(0x7f0000000080)=[{&(0x7f0000000000)="ca7dc54e2bbab4b1bcb4d9152ebab04b257abcba7bc6bb74ba9255c501ca2750b478b4ad6ed94876cd98fd21c91978894e5341b461c2cd11", 0x2}], 0x1}, 0x48885)
r9 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r9, 0x1, 0x4a, &(0x7f0000000640), 0x4)
socket$kcm(0xa, 0x3, 0x3a)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xb, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)

29m19.011375745s ago: executing program 3 (id=211):
r0 = creat(&(0x7f00000000c0)='./file1\x00', 0x67)
close(r0)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="180000005400e5012abd7000fffffdff07000000", @ANYRES32=0x0], 0x18}, 0x1, 0x0, 0x0, 0x40800}, 0x40c8480)
r2 = socket$unix(0x1, 0x1, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000001200), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rffno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYRESDEC=r2])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0xfffffffffffffffd, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x40008, 0x8000008b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
pidfd_send_signal(0xffffffffffffffff, 0x21, 0x0, 0x4)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@private2={0xfc, 0x2, '\x00', 0x8}, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x0, 0x1, 0x4, 0xa, 0x0, 0x0, 0x87}, {0x7, 0x6, 0x40000003, 0x0, 0x4}, {0x1, 0x4}, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x208000, 0x3c}, 0x0, @in=@private=0xa010102, 0x0, 0x0, 0x2, 0x7, 0x81, 0x0, 0x10000}}, 0xe8)
sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0xffe0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r7, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r8, 0x0, 0x98, 0x8000004})
ioctl$IOMMU_IOAS_MAP$PAGES(r7, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r8, 0x0, &(0x7f0000ff6000/0xa000)=nil, 0xa000})
ioctl$IOMMU_IOAS_MAP$PAGES(r7, 0x3b85, &(0x7f0000000500)={0x28, 0x4, r8, 0x0, &(0x7f0000931000/0x3000)=nil, 0x3000, 0x6})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r7, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r8, 0x0, 0x0, 0x0, 0x0, 0x1})
connect$unix(r5, 0x0, 0x0)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, 0x0, &(0x7f00000004c0)=0xffffffffffffff3e)

29m17.294074901s ago: executing program 3 (id=215):
r0 = socket$igmp(0x2, 0x3, 0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0x20, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}}, 0x0, 0x0, 0xd, 0x0, "50e482af8a3b3953d7d2ddc26f6d7fcfdcef78b3bb7ca71d37000667e0b8dd3a89446b04761c340f273410ad620a1d1d1e8e3d5d07cb37da86503ff8eadd32f0fc9a56bcd7a401a991c216437633b722"}, 0xd8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sysfs$2(0x2, 0x100000000, &(0x7f0000000200)=""/4096)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x3c}}, 0x0)
r3 = eventfd(0xaf5)
io_uring_register$IORING_REGISTER_EVENTFD(r1, 0x4, &(0x7f0000001300)=r3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448e3, &(0x7f0000000000)={0x0, 0x0, "00291f"})
r4 = getpgid(0xffffffffffffffff)
sched_setscheduler(r4, 0x1, &(0x7f00000012c0)=0xa0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x2}]}}]}, 0x3c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x8000010}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, 0x0, 0x0, 0x0)
sendmmsg$inet(r0, &(0x7f00000000c0)=[{{&(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000cc0)="50e07c99f73c2ffce1edb4590349a1b8fba813b348c69f495ba82389aed9735965a07af2a4420a4cfcaf1684eb093d92ad7957c35882163a1c3ce6c748d221406f022e88bdd24a8a9f7ca73c505fdfa7cb8836d728aef2c065133292a3096df4f87662836c97e966221e1a657acc9efe02c3153af5e80dbc0bfdf60f92e08a7ca5dd593fc81b29d9cc9ef537152bea1bf68af018dcb576c86b49426257cd805487660c1c7ad3a9520973e2a6fab63250bb21ab57ab0522153ecb42b1918435e03f11632eaf91565132887b00a4dc78c8093e3bfee46b18da40e040c289b897e42c25d051b97f39f1f7d7cc306236c7013e1d0a6d2dcb45c0e28d2f18b8cce790251c89001b99290e01d701000cf3f979a601bb1894e9da133997b087e706f504c9ec90af2c1d0be202b4e7f11a623485bd2e317e082f07f8ca2bc4cb2549cb677daf4b7d5afc1e1b5363c4a55066df5bcfb2f8c68e4c4fcecc5ab2cc04e019f346209d8e4be762e0bd5fc085e3e09342be6e2d43f50adf8b06c0d9c6a42d63598c3ce6c3145bbcc260b904c27a67e24f0ce5c2c6bc61af3815223ae8ef607953c66584ced9c48e3cb045f42c13dca1ba9ebd98d0e49085cd6cbcbad2ced0d21e78b2af7e8bc2df9defdd9aad2b4c3ba28096dd3d48883a1e2e159290754dd6d94b19e56934c4b10738f343da7c1c69ba1d76a114f44aac63125412ad6855bad30c1a31327c768292060465c64a7310e83fc47497523a2f8a2a49adcc0797e0e1ec91e62f95776abf0a07c0136f5b96d51d48984370b09647598ae2c6eb93372ca2d24120692c5e4510242f4c4a580509a086358aac71eaded71b179cb71473303c4c4cef03be4831bb81b3b515a599149c5ad4e554ea31bd88e0e86e5f5739f9e23861d186ff56dc3a1d45c4cfe2bf11d2e4003e462b95d8fe47814d949ca752523a6d7f9907eb4fb5bd5f8b48ce0745dcfc3dad7ccb85f44fe3d8973680d09a3000410567cef7a8ec8622359e6dcfd5e18eeda566997eeb9ae5ec2d8db5c9e07fd9d6a558726107bd244da7bc5f68cc643c32c11eab8c1c507b559aa8fd71f1202a921ce79d9db5d6f4fa0d649aa675f5b872dd379f8cc15e49b5f64b80544ff9a3f32428a88c6112a54951a9805fe920278fcb9aad51aaa04aca4acb073fc2fbee9a51c2aaa18e1e25ba45fdb394764aac406fecaeed40d33f3de71931e82b2529865124d67fecb6d91b2390b18e1a31f765e1d9ded182c86c089bbc0baa62002c0901025fcd347170d203d194dcf72814b769008df72007fee96a0e9b493dc01e615b3a6546e93bc3ecd1b374f776054b01fccce8d5b8a96889646c61c24e65798b8894deac42530f69bc77cac38f095d443610475afd69c54cc66202c65c11c8510100225bdfa59fa767947005d6c541a0920608ab7729f70d3d0836b32e32e80b0b85ace73d6244a869774ab70faeb9fa77ad6d6b097291c7c9dd36b91e28a436fd9f173c7b9ff9f6e1438622d4e6d6e13bad63c7ba77a436be9f7f59ab030590c48f4bb48a9ee325476635c15d399c028f9c6e0db4e231d3229ab786a1907bdfbce56f41f4453806875a291a28ef9ac1d88b5460aa3563a523bb70937aab1827fa58439ddb8a887f78f653e0c7ab996f7ab199a726be5437bd9609c07fca6a3420965ed30845364b33c314a4e9c3f6a80ecc24431d04525fa4e626a433c3513a04ba151a90395c1e9f0905765ea83a5edf73c69c34233c7ec813b1c3a6c86a2fcb356723941bae8a1ca8211399401206972c96fa5a2626ec3c043bc3581033c13a99f25760348983550c0f7b8f2b6f9588d70ba137203bdcdeea47e4e710efbf6146a416588f94c76536ad0c9bac16499c961d02d7618c2683970c67a1aebc7c39ad0e6a84dfc44cf21e074cbde836c7af6f1c680505f47ecd44d727e187ccb9ea2c3924e4a8dc3e38bd412d7b590259175b7230a03dfb2e5107ae7913cce2bfea8117b5734f7eb54ea41a5ab4a23be3c1a8a9ee3d2554d24b7f3515dbb546ea32245327c54c789934702b7f0b2c0bd921cf849fa648831d6565ab3fca135e9d0429", 0x5c5}], 0x1, &(0x7f0000000100)=[@ip_retopts={{0x14, 0x0, 0x7, {[@noop]}}}], 0x18}}], 0x1, 0x44000840)
r6 = dup(r0)
recvmmsg$unix(r6, &(0x7f0000003d80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000001340)=""/4096, 0x1000}], 0x1}}], 0x2, 0x40000062, 0x0)

29m14.452382852s ago: executing program 3 (id=217):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0)
ioctl$TIOCPKT(r1, 0x5420, &(0x7f00000001c0)=0x3f0f)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r2, &(0x7f0000000800)={&(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000640)=[{&(0x7f0000000880)=""/4096, 0x1000}], 0x1, 0x0, 0x6}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000001e80)=[{0x0}], 0x1}}, @mask_fadd={0x58, 0x114, 0x8, {{0xffff, 0x8000}, &(0x7f0000000000), &(0x7f0000000040)=0x2, 0x7, 0x90, 0xb, 0x1, 0x0, 0x2}}], 0xe8}, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"})
r3 = syz_open_pts(r1, 0x0)
ioctl$TCFLSH(r3, 0x540b, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = dup3(r5, r4, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0xfcffffffffffffff, &(0x7f0000000140)="cc"})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000740)=[@dead_binder_done], 0x0, 0x0, 0x0})
ioctl$TIOCL_PASTESEL(r6, 0x541c, &(0x7f0000000200))
io_cancel(0x0, 0x0, 0x0)
r7 = socket$inet6(0xa, 0xa, 0x8809)
sendmmsg$inet6(r7, &(0x7f00000000c0)=[{{&(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}, {{&(0x7f0000000180)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4622, 0x225, @mcast2, 0x6}, 0xc8359458)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r6)
listen(r0, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000380)={0x2, 0x4f26, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)

29m13.976746187s ago: executing program 3 (id=221):
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$restrict_keyring(0x1d, r1, 0x0, 0x0)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
r2 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000340)={<r3=>r2})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r4 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a0300000905810300020000000904010000020d00000904010102020d0000090582010002000008090503"], 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f0000000340)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c, {0x10, 0x810, 0x10, 0x1000, 0x16, 0x10, 0x10, 0x10, 0x7, 0x10, 0x10, 0xd}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8)
close(r5)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000480)="d8001c00180081064e81f7050044fd56170d12a0b9b5457073", 0x19}], 0x1}, 0xc000)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000040)={r3})
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e3, &(0x7f0000000180)={r2, r6})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000640)=ANY=[@ANYBLOB="125923915ef1815e94f47938050100007516b7018c0d0e008f8e0018030109fe6935852398a0e4a3d4e356021b00", @ANYRES8=r0, @ANYRESOCT=r7, @ANYRES32=r3, @ANYBLOB="440b5f5dd80aefacb36028b71fba65a5212c633710b9df0bcf87eb626498841286233317ed35b78a17947a4aa9c351be18db8301cc875bd27b287d84ffda63dc93f6b3fde455b0135299b4f5124f4afc96daa3678fddc6334db979874ee0bc874599ef8bfb63bc0289a385de6ef058c1cd93a7e0490db17a18864bec55a4ca20c730852f66bbe31c2f5809717862a7d8024b5370084e8e34ba508373b4e119bf355cd1132a75e8eaa7e3dabb76a9b3a56a79fb1bd41f5f3d004cb8ccccaf39b1f822b973765562c104ba87552efbe1daa36d63093b6d7c96bac2a0f3e97b8f"], 0x0)
r8 = creat(0x0, 0xecf86c37d53049cc)
close(r8)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000140)={0x2, 0x0, [{0xa34, 0x0, 0x8}, {0x85a, 0x0, 0x6}]})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0xffffffffffffffe3, &(0x7f0000000080)=[{&(0x7f0000000000)="ca7dc54e2bbab4b1bcb4d9152ebab04b257abcba7bc6bb74ba9255c501ca2750b478b4ad6ed94876cd98fd21c91978894e5341b461c2cd11", 0x2}], 0x1}, 0x48885)
r9 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r9, 0x1, 0x4a, &(0x7f0000000640), 0x4)
socket$kcm(0xa, 0x3, 0x3a)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xb, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)

29m9.77689421s ago: executing program 3 (id=234):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r4}})
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
ioctl$TCSETA(r6, 0x5406, 0x0)
r7 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r7, 0x0)
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x4000, 0x1fe00})
r8 = memfd_create(&(0x7f0000000a00)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d  \x97\xf5G\x97A\xc2\xd8\xf8Uq\xe6\x02\x00l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdb\xd8\xc7\xeb%\x8bOp\x1a\xbb\x1e\xfc5\r\x93\xca\xc8\xed\xbe\xcf\xfcN\xed\x00\x00\x00\x00\b\x00\x00\x00\x00\x02\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xcc\xfe\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80F\x8a#\xf8vD\xfc+\x19\xe1\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84\x90K\x1d\x13\xa5\xfb\xbfDZ\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nzKIK\xd98\xa7\x97y\xf2\xa9{\a\x8af\xd7\x00eH1\"\x1f\x81\xd0\x06nw\xe4\xe5\x93\xe3\x03\xec\x15\x17\x01]\r\x80\xcf\x1be\xb8\xa8\xde\xa1\xe8e\xfb\xa1Ei\x8bh$\xa8\xa3k\x8b\x992^\x99\"\xb1\xea\xed{\x87\t\xca\x14\xa0$\x94\xa3%#4\b\xc1\xbf\xa6\xbc]I\xb8e\xe2)\xeciH\xaf\'\xc1F}\x8e^w\x18\x02d\xaa`\xdb\xd7\xa0\x9bF\xfc\b\xa1 jf3o@\xe0\xb8\xc3\tq\x88\xd9\xfb\xf5\xed\xc9\"53?8\xbc\xc7\x9c\x89<\xd5}\xa13\x84\xba\x99\xb7\x01\xfd\x00$\xdd\xcbT\x0f\xf5z\x06k\x92\x95\fL\xda\xe4\xc1\xaeQ\x80\xe3\xf4\xe5.s\xc8\x13\xab\xac\xef\x82\xe6s\xc8\xc9\xc3\x8c\xa4\x06WBR*\xcf)73\xa9\xd2!\xb1\xa9$0F.\xb9a\xb5u\xa7\xd4\xfa\xef\xc8\x8eaM\xd3\x83H\xf0\x8f\xcf\']\xdc&\xcaY\x89\x14\x9f\x00'/942, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xe, 0x12, r8, 0x0)

28m53.487312966s ago: executing program 32 (id=234):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r4}})
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
ioctl$TCSETA(r6, 0x5406, 0x0)
r7 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r7, 0x0)
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x4000, 0x1fe00})
r8 = memfd_create(&(0x7f0000000a00)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d  \x97\xf5G\x97A\xc2\xd8\xf8Uq\xe6\x02\x00l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdb\xd8\xc7\xeb%\x8bOp\x1a\xbb\x1e\xfc5\r\x93\xca\xc8\xed\xbe\xcf\xfcN\xed\x00\x00\x00\x00\b\x00\x00\x00\x00\x02\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xcc\xfe\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80F\x8a#\xf8vD\xfc+\x19\xe1\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84\x90K\x1d\x13\xa5\xfb\xbfDZ\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nzKIK\xd98\xa7\x97y\xf2\xa9{\a\x8af\xd7\x00eH1\"\x1f\x81\xd0\x06nw\xe4\xe5\x93\xe3\x03\xec\x15\x17\x01]\r\x80\xcf\x1be\xb8\xa8\xde\xa1\xe8e\xfb\xa1Ei\x8bh$\xa8\xa3k\x8b\x992^\x99\"\xb1\xea\xed{\x87\t\xca\x14\xa0$\x94\xa3%#4\b\xc1\xbf\xa6\xbc]I\xb8e\xe2)\xeciH\xaf\'\xc1F}\x8e^w\x18\x02d\xaa`\xdb\xd7\xa0\x9bF\xfc\b\xa1 jf3o@\xe0\xb8\xc3\tq\x88\xd9\xfb\xf5\xed\xc9\"53?8\xbc\xc7\x9c\x89<\xd5}\xa13\x84\xba\x99\xb7\x01\xfd\x00$\xdd\xcbT\x0f\xf5z\x06k\x92\x95\fL\xda\xe4\xc1\xaeQ\x80\xe3\xf4\xe5.s\xc8\x13\xab\xac\xef\x82\xe6s\xc8\xc9\xc3\x8c\xa4\x06WBR*\xcf)73\xa9\xd2!\xb1\xa9$0F.\xb9a\xb5u\xa7\xd4\xfa\xef\xc8\x8eaM\xd3\x83H\xf0\x8f\xcf\']\xdc&\xcaY\x89\x14\x9f\x00'/942, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xe, 0x12, r8, 0x0)

28m45.954373896s ago: executing program 0 (id=287):
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x4ee59ce4, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x0)
fchdir(r1)
ioprio_set$pid(0x3, 0x0, 0x0)
open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000006280)={0x2020}, 0x2020)

28m45.747519655s ago: executing program 0 (id=288):
mknodat(0xffffffffffffff9c, 0x0, 0x1000, 0x10000)
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, 0x0)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
socket$packet(0x11, 0x2, 0x300)
socket$inet6(0xa, 0x2, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x84)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_io_uring_setup(0x460, &(0x7f0000000480)={0x0, 0x40000020, 0x10, 0x2, 0x34f}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc})
io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0xffffffffffffff8a)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r5, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x1, 0x4, 0x3, @private=0xa010102, @local}}}}}}, 0x0)
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f0000000080)={0x1, 0x0, 0x4, 0x2, @vifc_lcl_addr=@remote, @remote}, 0x10)
setsockopt$MRT_ADD_MFC_PROXY(r6, 0x0, 0xd2, &(0x7f00000000c0)={@multicast1=0x1c, @empty=0xe0000300, 0x0, "fc79348df081496d0420922f45a71c1daa8b610468cd140526c41efcd3a4a422", 0x3, 0x1, 0x85}, 0x3c)

28m43.194367754s ago: executing program 0 (id=293):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0)
r1 = syz_io_uring_setup(0xe41, &(0x7f0000000140)={0x0, 0x2119, 0x1000}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x40102, 0x0, 0xd}, &(0x7f0000000040)='./file0/file0\x00', 0x18})
sendmsg$IPSET_CMD_PROTOCOL(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000004c0)={0x14, 0x1, 0x6, 0x301, 0x0, 0x0, {0x7, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x2004090)
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000680)=@fd={0x6, 0x1, 0x4, 0x40, 0xc6b, {0x77359400}, {0x0, 0x8, 0x40, 0x10, 0x3, 0xff, "f2abd125"}, 0x3, 0x4, {}, 0x7})

28m42.293713035s ago: executing program 0 (id=295):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2}, 0x14)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xe315}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_MASTER={0x8, 0x1f}]}, 0x3c}}, 0x4)
bind$netlink(r2, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfc, 0x4}, 0xc)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

28m41.778076397s ago: executing program 0 (id=299):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000340)=@abs={0x1, 0x0, 0x104e22}, 0x6e)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x20)
bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80e02, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r3, <r4=>0xffffffffffffffff}, &(0x7f00000003c0), &(0x7f0000000400)}, 0x20)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0), &(0x7f00000000c0), 0xffffd6c0, r4}, 0x38)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3)
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000cce000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x4d, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}]}, &(0x7f0000000180)=0x10)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
fcntl$lock(r9, 0x5, &(0x7f0000000000)={0x0, 0x0, 0x2000000000})
getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r10=>0x0}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000000480)={r10, @in6={{0xa, 0x0, 0x0, @private1}}, 0x0, 0x0, 0x0, 0x0, 0x5b, 0x0, 0x1}, &(0x7f00000001c0)=0x9c)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000200)={0x2, 0x1, 0x100000, 0x1000, &(0x7f0000cd0000/0x1000)=nil})
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c01000019000100ffffffff00000000fc0000000000000000000000000000000a01010100000000000000000000000000000003000000000a00622008000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff1d0000000000000000000000000000000000000000000000ffffffffffffffffdd020000400000000400000000000000000001000000000084000500e0000002000000000000000000000000000000043c00000002000000ac1414bb00000000000000000000000006350000010300000000000004000000000000007f000001000000000000000000000000000000003200000000000000200100000000000000000000000000010000000000000000000000000300000000000000aa076ccdb7facb393dc595"], 0x13c}}, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

28m39.908306088s ago: executing program 0 (id=307):
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0xc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bind$alg(0xffffffffffffffff, &(0x7f00000018c0)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x11, 0x8, &(0x7f0000001180)=ANY=[@ANYRES16=r0, @ANYRESHEX=r1, @ANYRESOCT=r0, @ANYRES32=r0, @ANYRES8=r0], &(0x7f0000001140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x1, 0x80000000}, 0x8}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x2200c840)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x3b, 0x1, [{0xfe}]}})
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x6000003, 0x42031, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001080)={0x18, 0x5, &(0x7f0000001040)=ANY=[@ANYBLOB="1800000000000006000000000084e27fa40000000f000000c5000000a000020095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
syz_open_dev$tty1(0xc, 0x4, 0x1)
lstat(&(0x7f0000001440)='./file0\x00', &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
setgroups(0x2, &(0x7f0000001200)=[r5, 0x0])

28m27.031528682s ago: executing program 4 (id=345):
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
epoll_create(0x3)
setsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000440)=@assoc_value={0x0, 0x10000}, 0x8)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x20493859, 0x0, 0x0, 0x0, 0x5, 0xfeedcafe, 0x3, 0x7}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x22002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f00000003c0)={0x1, 0x0, &(0x7f0000fe5000/0x3000)=nil})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r3, 0x0, 0xbe}, 0x18)
getresuid(&(0x7f0000002a40), &(0x7f0000002a80), &(0x7f0000002ac0))
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
socket(0x2a, 0x2, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40186f40, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
select(0x0, 0x0, 0x0, 0x0, 0x0)

28m25.525480704s ago: executing program 4 (id=349):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x329143, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x48082, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r5, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000008c80)={@fallback, 0xffffffffffffffff, 0x19}, 0x20)

28m24.503754131s ago: executing program 33 (id=307):
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0xc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bind$alg(0xffffffffffffffff, &(0x7f00000018c0)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x11, 0x8, &(0x7f0000001180)=ANY=[@ANYRES16=r0, @ANYRESHEX=r1, @ANYRESOCT=r0, @ANYRES32=r0, @ANYRES8=r0], &(0x7f0000001140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x1, 0x80000000}, 0x8}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x2200c840)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x3b, 0x1, [{0xfe}]}})
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x6000003, 0x42031, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001080)={0x18, 0x5, &(0x7f0000001040)=ANY=[@ANYBLOB="1800000000000006000000000084e27fa40000000f000000c5000000a000020095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
syz_open_dev$tty1(0xc, 0x4, 0x1)
lstat(&(0x7f0000001440)='./file0\x00', &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
setgroups(0x2, &(0x7f0000001200)=[r5, 0x0])

28m24.467986088s ago: executing program 4 (id=354):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000000)={0x2, @pix_mp={0x4fc94c3d, 0x9, 0x34325852, 0x5, 0x8, [{0x10000, 0x100}, {0x1, 0x6}, {0x4, 0x7}, {0x2, 0x53}, {0xb88, 0xaec6}, {0xca2, 0x5}, {0xa, 0xac2}, {0xfffffff9}], 0x1, 0x10, 0x1, 0x2, 0x6}})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92) (async)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}]})
r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000001600)='./bus\x00', 0xc000, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
rename(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='./file0\x00') (async)
rename(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='./file0\x00')

28m23.894334145s ago: executing program 4 (id=356):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x1c)

28m21.940550001s ago: executing program 4 (id=360):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x14, r1, 0x511, 0xa000000, 0xfffffffe, {0x5}}, 0x21}}, 0xa000000)

28m21.32399924s ago: executing program 4 (id=363):
r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000"], 0x0)
syz_usb_disconnect(r0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
unshare(0x8000000)
r2 = semget$private(0x0, 0x4000, 0x555)
semctl$GETALL(r2, 0x0, 0xd, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000140000e5b7030000000700008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10)
socket$unix(0x1, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xb8}, [@ldst={0x6, 0x3}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[], 0x28}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18)
write$binfmt_misc(r8, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007008019000000000000000000000000af1e4ccfb7b3cad800", [0x0, 0x2000000000001]}})
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000140)=0x7)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000340)=0xfc)

28m6.126984827s ago: executing program 34 (id=363):
r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000"], 0x0)
syz_usb_disconnect(r0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
unshare(0x8000000)
r2 = semget$private(0x0, 0x4000, 0x555)
semctl$GETALL(r2, 0x0, 0xd, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000140000e5b7030000000700008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10)
socket$unix(0x1, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xb8}, [@ldst={0x6, 0x3}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[], 0x28}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18)
write$binfmt_misc(r8, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007008019000000000000000000000000af1e4ccfb7b3cad800", [0x0, 0x2000000000001]}})
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000140)=0x7)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000340)=0xfc)

4m42.793463937s ago: executing program 5 (id=4822):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000772904202404019957c2010203010902240001000010000904430002317d550009050202000202000009058202000200000051efc249f757ba"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f0000000000)=[{{0x1, 0x0, 0x0, 0x1}, {0x3, 0x0, 0x0, 0x1}}, {{0x0, 0x1}, {0x3, 0x0, 0x0, 0x1}}], 0x10)
r2 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000000), 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, 0x0, 0xc000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="1400000010000100edff0000000000000000000a58000000060a09040000000000000000020000002c000480280001800d00010073796e70726f787900000000140002800500020009000000080003400000000a0900010073797a30000000000900020073797a32"], 0x80}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fsopen(0x0, 0x1)
r6 = msgget$private(0x0, 0x200)
msgctl$IPC_RMID(r6, 0x0)
shutdown(0xffffffffffffffff, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0xc0c4}, 0x10)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x200000c4}, 0x4040)
r8 = openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_subtree(r8, 0x0, 0x0)
sendmsg$kcm(r2, &(0x7f0000000040)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x12}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000080)="62042700590200000000002f1eafbcf706e12b30087f5c582d26116642c47a5f8786ee601e65ab3c06d4b8bf4a81cb3e2473", 0x32}], 0x1}, 0x40)

4m36.890946083s ago: executing program 5 (id=4837):
r0 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$inet(r0, &(0x7f0000000280)={0x0, 0xfe0f, &(0x7f0000000000)=[{&(0x7f00000001c0)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000300000056a705251e618294ff0051f60a844000d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

4m36.453863307s ago: executing program 5 (id=4841):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r0 = getpid()
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(0xffffffffffffffff, 0x3ba0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = syz_io_uring_setup(0xa0, &(0x7f0000000380)={0x0, 0x105cc6, 0x400, 0xfffffffe, 0x207}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, 0x0, 0x40000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0xc000000, &(0x7f0000000000)=[{0x0}, {0x0}], 0x2, 0x12})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)

4m36.378297642s ago: executing program 7 (id=4842):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@bloom_filter={0x1e, 0x0, 0x7fefc, 0x8, 0x0, 0x1}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000280)={r1, 0x0, &(0x7f0000000200)=""/76}, 0x20)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r2, &(0x7f0000000000)=[{&(0x7f00000000c0)="4f3bf5835e00000000225121d6958c78cfc0e1f14f1b257f40", 0x19}], 0x1)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000980)={@flat=@weak_handle={0x77682a85, 0x1, 0x1}, @fd={0x70742a85, 0x0, r0}, @flat=@handle={0x73682a85, 0x0, 0x3}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})

4m35.431852738s ago: executing program 7 (id=4844):
r0 = socket$inet6(0xa, 0x2, 0x200000)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x73, 0xfffff034}, {0x50, 0x0, 0x5, 0x2}, {0x6, 0x0, 0x2, 0xffffffff}]}, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r2, &(0x7f00000002c0)={0x2, 0x4e24, @local}, 0x64)
setsockopt$IP_VS_SO_SET_DEL(r2, 0x0, 0x484, 0x0, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x56a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xb, {[@main=@item_4={0x3, 0x0, 0xa, "230600"}, @main=@item_4={0x3, 0x0, 0x8, "f46f17d0"}, @global=@item_012={0x0, 0x1, 0x6}]}}, 0x0}, 0x0)
sendmmsg$inet6(r0, &(0x7f0000002fc0)=[{{&(0x7f0000000340)={0xa, 0x4e23, 0xfffffff9, @mcast1, 0x9}, 0x1c, &(0x7f00000004c0)=[{&(0x7f00000005c0)="05", 0x1}], 0x1}}], 0x1, 0x24000045)
sendmmsg$inet6(r0, &(0x7f0000001b40)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x3, @mcast2, 0x5}, 0x1c, 0x0, 0x0, &(0x7f0000000700)=[@rthdrdstopts={{0x18, 0x29, 0x37, {0x1}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x1}}], 0x30}}], 0x1, 0x880)

4m35.352450963s ago: executing program 5 (id=4846):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000001180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000240)='./file1/file4\x00', &(0x7f00000001c0), 0x0, 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_FLUSH(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB="c4000000", @ANYRES16=r2, @ANYBLOB="01000000000000000000011500002c000280060002004e2000000800090010000000060002004e210000080007000101000006000f000700000008000400ff7fffff1400028008000600020000000800090008000000080004000200000060000180080009005600000007000600666f00000c0007002000000002000000080008000100000008000b00736970000600010002000000080005"], 0xc4}}, 0x4008800)
sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000540)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000500)={&(0x7f0000000300)={0x1c, r2, 0x800, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xa4f}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x1)
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, &(0x7f0000000180))
r4 = syz_open_procfs(0x0, &(0x7f0000000580)='oom_score_adj\x00')
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'ip6tnl0\x00'})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
splice(r1, &(0x7f0000000040), r5, &(0x7f0000000080)=0x9, 0xfffffffffffffffd, 0x7)
ioctl$VIDIOC_S_OUTPUT(r4, 0xc004562f, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$vim2m_VIDIOC_TRY_FMT(r4, 0xc0d05640, &(0x7f0000000400)={0x1, @sdr={0x0, 0x4}})
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r7 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x1)
ioctl$IOC_PR_PREEMPT(r7, 0x401870cb, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r6}, 0x18)
dup(r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)

4m34.528623106s ago: executing program 5 (id=4847):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x19)
ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000340)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f7", 0x1}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x10320)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f000001c380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="58000000070a01010000"], 0x58}, 0x1, 0x0, 0x0, 0x8c0}, 0x4000)

4m33.593185719s ago: executing program 5 (id=4852):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'dummy0\x00', &(0x7f0000000500)=@ethtool_dump={0x4e, 0x9, 0x9}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x50, 0x50, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x3, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x5, 0x0, 0x8, 0x2, [{0xe, 0x2}, {0x2, 0x2}, {0xa, 0x1}, {0x5, 0x2}, {0x0, 0x2}]}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x6c}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0xf0aa, '\x00', 0x0, r2, 0x0, 0x1}, 0x50)
write$binfmt_script(r1, &(0x7f0000000080), 0x4)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
fallocate(r1, 0x1, 0x3, 0x2d22)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x8, 0x0, 'queue1\x00'})
write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r3, 0xc0bc5351, &(0x7f0000000300)={0x8af, 0x0, 'client0\x00', 0x7, "2d9f00fad115e257", "7b5d2c8228a883da6422be49d101fdc1f8cfe58ff1d9c516b684cc84e8749217", 0x7f, 0x7})
syslog(0x0, &(0x7f0000000080)=""/188, 0xbc)

4m33.169282147s ago: executing program 35 (id=4852):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'dummy0\x00', &(0x7f0000000500)=@ethtool_dump={0x4e, 0x9, 0x9}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x50, 0x50, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x3, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x5, 0x0, 0x8, 0x2, [{0xe, 0x2}, {0x2, 0x2}, {0xa, 0x1}, {0x5, 0x2}, {0x0, 0x2}]}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x6c}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0xf0aa, '\x00', 0x0, r2, 0x0, 0x1}, 0x50)
write$binfmt_script(r1, &(0x7f0000000080), 0x4)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
fallocate(r1, 0x1, 0x3, 0x2d22)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x8, 0x0, 'queue1\x00'})
write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r3, 0xc0bc5351, &(0x7f0000000300)={0x8af, 0x0, 'client0\x00', 0x7, "2d9f00fad115e257", "7b5d2c8228a883da6422be49d101fdc1f8cfe58ff1d9c516b684cc84e8749217", 0x7f, 0x7})
syslog(0x0, &(0x7f0000000080)=""/188, 0xbc)

4m31.950175511s ago: executing program 7 (id=4858):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x630c00)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = epoll_create(0xb398)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000140))
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="8420696fc651a4b464b923cb41d912119175f52b6d656d00"], 0xe)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000004700)={'team0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r4, {}, {}, {0x8, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_GET_KEY(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000880)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000009000000080003", @ANYRES32=r7, @ANYBLOB="0c009902000000006600000005000800040000001100070052ec9a90b770fc900e1a90d0ac000000758fb97ff2bf219d4d1e6122bc14022dc2d0ea3ad1c438f24c7dce41a70598aae684aa19fbc6fcadfa18497d90c87e90473c90fb42b6b07d6976e7cb7ac4361023c8de01b46baa71f72304b47d54f2ebb893666388a93055268cb136f12aba88f1426949573ec0fdb6368f535bfea9090d1c29059615f4f206b446158a56a159ae6f88b193c2d122461094d500cbb03d844f90792c867bc4b4bd501b50075fd4d2019f27f3ad35638cc56136fec6587b694ccfcad65f7a5824e891999fd7446a81789369d4bc7b9d1af5826c7b1370011751eada447e25a8704707c61b09ceaea16bbb9530988f3259644670ef097244c8fd95b8c3a46d0462dda40fb46894d4dbf4a979d223fb0c2755b9c438697530bac483cd33c784fa5bbf4bb0a2a110038c838dd0052bb29faebce1ac2cc245b36cf8507c95c615511630413e47a40eb5bc0fe22e41b420bdf51d8e5247f87b076377f226"], 0x44}}, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f00000000c0)={0xf0f003, 0x4})

4m30.676939874s ago: executing program 7 (id=4860):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000001180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000240)='./file1/file4\x00', &(0x7f00000001c0), 0x0, 0x0)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_FLUSH(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB="c4000000", @ANYRES16=r1, @ANYBLOB="01000000000000000000011500002c000280060002004e2000000800090010000000060002004e210000080007000101000006000f000700000008000400ff7fffff1400028008000600020000000800090008000000080004000200000060000180080009005600000007000600666f00000c0007002000000002000000080008000100000008000b00736970000600010002000000080005"], 0xc4}}, 0x4008800)
sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f0000000540)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000500)={&(0x7f0000000300)={0x1c, r1, 0x800, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xa4f}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x1)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180))

4m30.011371917s ago: executing program 7 (id=4862):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x19)
ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000340)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f7", 0x1}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x10320)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f000001c380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="58000000070a01010000"], 0x58}, 0x1, 0x0, 0x0, 0x8c0}, 0x4000)

4m28.039396502s ago: executing program 7 (id=4870):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000f00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4)

4m27.516510026s ago: executing program 36 (id=4870):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000f00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4)

19.460200983s ago: executing program 1 (id=6737):
signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
syz_io_uring_setup(0x20000112, &(0x7f00000000c0)={0x0, 0x9816, 0x4, 0xffffffff}, &(0x7f0000000240), &(0x7f0000000040))
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx2\x00'}, 0x58)
r1 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000040), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
fstatfs(0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth0_to_team\x00'})
add_key(&(0x7f00000000c0)='pkcs7_test\x00', 0x0, &(0x7f0000000200), 0x0, 0xfffffffffffffffc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b14, 0x0)
fanotify_mark(0xffffffffffffffff, 0x4, 0x8000000, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000300)={0x1}, 0x8, 0x800)
getsockopt$inet6_opts(r1, 0x29, 0x39, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r4 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r4, 0x0, 0x0, 0x44840)
recvmsg$can_j1939(r4, 0x0, 0x1)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac14"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b80)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

18.85332154s ago: executing program 1 (id=6742):
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = mq_open(&(0x7f0000000080)='$@\x00', 0x40, 0xb4, &(0x7f0000000100)={0x6, 0x1, 0x7ff, 0x13})
r1 = mq_open(&(0x7f0000000180)='$@\x00', 0x1, 0x185, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x3ff, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x7, 0x0)
mq_timedreceive(r0, &(0x7f0000000280)=""/4096, 0x1000, 0x0, 0x0)

18.762342407s ago: executing program 1 (id=6743):
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setregid(0x0, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4895)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
shmdt(0x0)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(0xffffffffffffffff, 0x5761, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200000054000480500001800a000100696e6e657200000040000280080002"], 0xa8}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x4, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_TARGET={0x8, 0x1, 0xa000}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x404c810}, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r3, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f0003"], 0x270}, 0x1, 0x0, 0x0, 0x8015}, 0x4)
sendmmsg(r1, &(0x7f0000000000), 0x400000000000235, 0x0)

10.949282827s ago: executing program 2 (id=6768):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000300)={0xe0, 0x10, 0x509, 0x0, 0x0, "", [@generic="6f6d888f1d1c4e5ad85ce4966d", @typed={0xbd, 0x0, 0x0, 0x0, @binary="2b0e13e735a3184f123d6da2f1acfac0ee2dd2b184b27db1f302de337c0004000000000000bf852c8986626691b01b5f44e4ce2d712d2828da0a9423debbb86f9dba4a2dba4dbe076c292c2800c446a567de243ab0d67683f7bb11c9cab3b3eed8a8bef4ff1631aa78acefca03c1a66db4424a8ba100024db5dd5e995aa0912086d9f4606d2e4cc898739222c5d3a83cb6b707f3336336ebb7d68143be79a8614b52dd4b9657ce940be783c334d2a000"/185}]}, 0xe0}], 0x1}, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x1c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000e80)={<r10=>0xffffffffffffffff}, 0x2, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r9, &(0x7f00000000c0)={0x13, 0x10, 0x8, {0x0, r10, 0x1}}, 0x18)
getsockopt$inet6_IPV6_IPSEC_POLICY(r8, 0x29, 0x22, &(0x7f0000000100)={{{@in6=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0}}, {{@in6=@remote}, 0x0, @in6=@local}}, &(0x7f0000000240)=0xe8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800000, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[{@afid={'afid', 0x3d, 0x4ed3}}, {@nodevmap}], [{@dont_measure}, {@pcr={'pcr', 0x3d, 0x3}}, {@fowner_eq={'fowner', 0x3d, r11}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@fowner_lt}]}})
ftruncate(r7, 0x2000009)

8.578433179s ago: executing program 6 (id=6776):
timer_create(0x0, 0x0, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
r1 = mq_open(&(0x7f0000000080)='$@\x00', 0x40, 0xb4, &(0x7f0000000100)={0x6, 0x1, 0x7ff, 0x13})
r2 = mq_open(&(0x7f0000000180)='$@\x00', 0x1, 0x185, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x3ff, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x7, 0x0)
mq_timedreceive(r1, &(0x7f0000000280)=""/4096, 0x1000, 0x0, 0x0)

7.801018949s ago: executing program 2 (id=6777):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x80000000005, 0x100000001000087}, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000000), 0x7ff, 0x40400)
ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000080)={0x9, 0x1, 0x4, {0x3, 0x403, 0x9, 0x1c}}) (fail_nth: 3)

7.69923444s ago: executing program 2 (id=6778):
syz_open_dev$vim2m(&(0x7f0000000180), 0x3, 0x2)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.events\x00', 0x275a, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000001540)={'tunl0\x00', {0x2, 0x4e23, @local}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/kexec_crash_size', 0x202, 0x0)
sendfile(r4, r4, 0x0, 0x6)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000400000900010073797a3000000000080003400000000a1400000011000100"/99], 0x64}}, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000040), 0x1, 0x121000)
r6 = syz_open_dev$video4linux(&(0x7f00000004c0), 0x5, 0x400000)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r6, 0xc0305602, &(0x7f0000000240)={0x0, 0x7, 0x1, 0x1})
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x13, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000008000000180100002520732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000f98500000006000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000006000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r7, 0x0, 0xe, 0x0, &(0x7f0000000740)="ba37bc6e74cc160f3f46dd21efc8", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$IOC_PR_RESERVE(r5, 0x401070c9, &(0x7f0000000480)={0x28d3, 0x40})
r8 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000000000105e04f900000800000001090224000100000000094400010103005481b20642623b6273924ddc200d172d"], 0x0)
syz_usb_control_io(r8, 0x0, 0x0)
syz_usb_control_io(r8, &(0x7f00000003c0)={0x18, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x4000000, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x8}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)

7.334196236s ago: executing program 6 (id=6779):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fc6055565563d0f6", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r0 = syz_open_dev$dri(&(0x7f000000c380), 0x7fffffffffffffff, 0x102)
syz_usb_connect$hid(0x4, 0x3f, &(0x7f000000c500)=ANY=[@ANYBLOB="1201000200000008d904ea8e70a040000102030109022d00010107500609030070290e020301020507210800480122f0060905810300020501060905020320"], &(0x7f000000c880)={0xa, &(0x7f000000c540)={0xa, 0x6, 0x200, 0x6, 0xc0, 0x0, 0x8, 0x28}, 0x5a, &(0x7f000000c580)=ANY=[@ANYBLOB="050f5a00061410040691a72b23990b07fba28000a56b108b0d10100a0ee1ff0f00000f08000f00000003100b20100a032501400000f0000e809f8000003f00003f000000003f00000000ff000b1001040d0080f107001403100b"], 0x4, [{0xb5, &(0x7f000000c600)=@string={0xb5, 0x3, "0855fa4737671b84a1f9df5b49b04509bb052d94e19fc0cdf7823302c233a55b68d6763f49fc350a1eaebb9682b55ebd31d5e0e044741ceb3589902a3af87e972dd16b33c20aa53ea67dfa135f68dd112d293fedaf3db824e05a371f89d0080110f303caf3f40a1b8659f1cb6cd627df42abd03d82d6693edb30f580c0b0f4ad8c9084d2143628ae3a5269489e47091cdc642cddf56f9bd516ca133fea3e0473e5be853c68c727dd9c82a364b80893625330a0"}}, {0x7e, &(0x7f000000c6c0)=@string={0x7e, 0x3, "5c9b473200f340b7f5cf113848de3191ae2db172f0a7beb2a25be4ec62b67f7b92aa43143ed307156a93f8ed542f8b27de8c2d671dd6e063326a7643c734df36d63d2465ec3271cbf6a01e1d3c304af76824f35fd90ae290c271e4eec29256b8b65b1a075ba4492508e08e2d60c3c03ba32ea8991f66959d59b117f1"}}, {0x4, &(0x7f000000c780)=@lang_id={0x4, 0x3, 0x36454b885e6c21c4}}, {0x99, &(0x7f000000c7c0)=@string={0x99, 0x3, "014244175d186a0cb1cea53eb3d81442b7d393d6cea639f4cf66fd97245f0e409c91b7720949db49d1edc900d11071e87a2b6f7138d6982ecc5718815e860f042555f6469340a868b1da5568eb405615d1e721cbfa946c375310187ee42c83607f26e3e62be8ef5ba49eed6d1d19c878aae66ba9eb9010b4fe8c981af4dd9872390b1fcb04fd73056216e428f150b324f8aa4b012875d0"}}]})
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f000000c3c0)={0x0, <r1=>0x0})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f000000c400)={<r2=>0x0})
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020900000700000000000000000000000500", @ANYRES32], 0x38}}, 0x0)
r4 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
close(r4)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000680)={&(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240), 0x6, 0x0, 0xa})
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f0000000400)={0x0, 0x0, 0x0, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000600)={r6, 0x0, 0x0, 0x0, 0x3, [<r7=>0x0, 0x0, 0x0, <r8=>0x0], [0x800000], [0x0, 0x1001000], [0x0, 0x0, 0xe8a6]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r4, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r7, 0x0, 0x0, r8], [0x2b8]})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f000000c440)={<r9=>0x0})
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f000000c480)={0x0, 0x2, 0x1ff, 0x5, 0x3, [r1, r2, r7, r9], [0x8, 0x8001, 0xd43], [0x6, 0xffff, 0xbc85], [0x0, 0x4, 0x800000]})
r10 = add_key$user(&(0x7f0000000340), &(0x7f0000000540)={'syz', 0x0}, &(0x7f0000000380)="c2baf1afe81b5e0d16fbe9cf2f4fd4807349780c056f0db61b89afcd548c6423b72e9d27", 0x24, 0xfffffffffffffffd)
r11 = socket$nl_route(0x10, 0x3, 0x0)
fcntl$getownex(r11, 0x10, &(0x7f00000000c0))
sendmsg$nl_route(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=r10, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x48051)
socket$netlink(0x10, 0x3, 0x0)
pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, <r12=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r12, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r13 = dup(r12)
write$FUSE_BMAP(r13, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r13, &(0x7f0000000000)=ANY=[@ANYBLOB="38010000fe0000"], 0x138)
read$FUSE(r13, &(0x7f0000000580)={0x2020, 0x0, 0x0, 0x0, 0x0, <r14=>0x0}, 0x2020)
ioctl$sock_FIOSETOWN(r13, 0x8901, &(0x7f0000000040)=r14)
ioctl$SCSI_IOCTL_DOORLOCK(r13, 0x5380)

5.181012927s ago: executing program 6 (id=6784):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a68000000060a09040000000000000000020000003c000480380001800a00010072616e6765000000280002800800014000000008080002400000000308000480040001000c00038005000100430000000900010073797a3000000a000900020073797a3200000000140000001100010000000000000000000000000a"], 0x90}}, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000c92a000000092100000001220500090581030000000000"], 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000080)={0x0, 0x0, 0x8, 0xfffd, 0x9, "000100"})
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x1)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f00000013c0)=ANY=[@ANYBLOB='\x00\"1wI'], 0x0}, 0x0)
syz_usb_control_io(r1, &(0x7f0000000180)={0x2c, 0x0, &(0x7f0000000700)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x480a}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r1, &(0x7f00000009c0)={0xffffff98, 0x0, &(0x7f0000000380)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r3 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
ioctl$IMADDTIMER(r3, 0x80044940, &(0x7f0000000080)=0x14)
ioctl$IMADDTIMER(r3, 0x80044940, &(0x7f0000000200)=0x32)
close(r3)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r4, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
preadv(r5, &(0x7f0000000000), 0x0, 0x2, 0x2)
r6 = socket(0x2, 0x3, 0xff)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
connect$inet(r6, &(0x7f00000000c0)={0x2, 0xfff9, @multicast1}, 0x10)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe", 0x2c}], 0x1}], 0x1, 0x40800)
r7 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r7, 0x107, 0x17, &(0x7f0000000000), 0x4)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x400, 0x200)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000400000009500000100000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5.002700339s ago: executing program 8 (id=6786):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000300)={0xe0, 0x10, 0x509, 0x0, 0x0, "", [@generic="6f6d888f1d1c4e5ad85ce4966d", @typed={0xbd, 0x0, 0x0, 0x0, @binary="2b0e13e735a3184f123d6da2f1acfac0ee2dd2b184b27db1f302de337c0004000000000000bf852c8986626691b01b5f44e4ce2d712d2828da0a9423debbb86f9dba4a2dba4dbe076c292c2800c446a567de243ab0d67683f7bb11c9cab3b3eed8a8bef4ff1631aa78acefca03c1a66db4424a8ba100024db5dd5e995aa0912086d9f4606d2e4cc898739222c5d3a83cb6b707f3336336ebb7d68143be79a8614b52dd4b9657ce940be783c334d2a000"/185}]}, 0xe0}], 0x1}, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x1c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000e80)={<r10=>0xffffffffffffffff}, 0x2, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r9, &(0x7f00000000c0)={0x13, 0x10, 0x8, {0x0, r10, 0x1}}, 0x18)
getsockopt$inet6_IPV6_IPSEC_POLICY(r8, 0x29, 0x22, &(0x7f0000000100)={{{@in6=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0}}, {{@in6=@remote}, 0x0, @in6=@local}}, &(0x7f0000000240)=0xe8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800000, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[{@afid={'afid', 0x3d, 0x4ed3}}, {@nodevmap}], [{@dont_measure}, {@pcr={'pcr', 0x3d, 0x3}}, {@fowner_eq={'fowner', 0x3d, r11}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@fowner_lt}]}})
ftruncate(r7, 0x2000009)

4.485431315s ago: executing program 2 (id=6787):
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000380)={0x20, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getpid()
socketpair(0x9, 0x2, 0xfffffff8, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = socket(0x1d, 0x2, 0x6)
setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, &(0x7f0000000000)={@local, @remote, 0x1, "fdd77be12aa6783abe55fa90ffa79a7077c5036496609978ed3b4e1054229431", 0xd, 0x6d, 0x3}, 0x3c)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x60208000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x8, 0x801, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TIMEOUT_L4PROTO={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4008085)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
close(0x3)
getpid()
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000000c000000bca30000000000002403000020feffff620af8fff8ffffff71a4f8ff000000001f03000000000000e5000200000000002604fdffff02000014010000033800001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48)
ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, 0x0)

3.829774412s ago: executing program 2 (id=6788):
timer_create(0x0, 0x0, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
r1 = mq_open(&(0x7f0000000080)='$@\x00', 0x40, 0xb4, &(0x7f0000000100)={0x6, 0x1, 0x7ff, 0x13})
r2 = mq_open(&(0x7f0000000180)='$@\x00', 0x1, 0x185, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x3ff, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x7, 0x0)
mq_timedreceive(r1, &(0x7f0000000280)=""/4096, 0x1000, 0x0, 0x0)

3.610285541s ago: executing program 8 (id=6789):
socket$nl_route(0x10, 0x3, 0x0)
accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x80000)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
write$FUSE_INIT(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff}, 0x13f}}, 0x45)
r4 = fcntl$dupfd(r2, 0x0, r2)
write$RDMA_USER_CM_CMD_BIND(r4, &(0x7f0000000080)={0x14, 0x88, 0xfa00, {r3, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}, 0x500, 0x40420f00}}}, 0x90)
bind$rds(r4, &(0x7f0000000080)={0x2, 0x4e24, @rand_addr=0x64010101}, 0x10)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f0000000200)={<r7=>0x0, 0x8, 0x1}, &(0x7f0000000240)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f0000000280)={0x3, 0x9, 0x8000, 0x5, 0x7, 0x9, 0x1, 0x7d, r7}, 0x20)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x6, [@typedef={0x4, 0x0, 0x0, 0x7}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x0, 0x0, 0x8}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x2}]}]}, {0x0, [0x0, 0x0, 0x0, 0xda]}}, 0x0, 0x52, 0x0, 0x1}, 0x28)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000480)=ANY=[@ANYRES32=r8, @ANYRES32=r9, @ANYBLOB="050000000000"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r8}, &(0x7f00000006c0), &(0x7f0000000700)=r6}, 0x20)
sendmsg$inet(r5, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3)

3.447397762s ago: executing program 8 (id=6791):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$PIO_SCRNMAP(r0, 0x4b41, &(0x7f0000000300)="4b1882c1724022642bbfd76884e56b01e31564fbb402fa5c40f7c2215aaa53a4b8d18ed5ad25835a4c3761c06d72eaefc719a33f012765929e0f87a528805e0dc983b59a98a2b335d6ce474785e5d782d5cea849d32976ab6200866eea24866ce6e572e6c44d9d1cc9f537cd74f9950c7516773e1e3366fa6882d05c44e25c18b5d7f04563c5cf66f0")
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = gettid()
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000080)='ceph\x00', &(0x7f0000000100)="82", 0x1) (fail_nth: 5)
tkill(r2, 0xb)

3.332780705s ago: executing program 9 (id=6792):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x92)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newsa={0x154, 0x10, 0x1, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b}, {@in, 0x0, 0x32}, @in=@local, {}, {0xfffffffffffffffd, 0x0, 0x8000000, 0x200}, {0x0, 0x0, 0x2}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xcd}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}, @replay_esn_val={0x1c, 0x17, {0x0, 0x0, 0x0, 0x0, 0x70bd28}}]}, 0x154}}, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000004200)={0x50, 0x0, r2}, 0x50)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000040)={<r3=>r0, 0x4, 0x28a54e11, 0xd074})
ioctl$sock_bt_hci(r3, 0x400448dc, &(0x7f00000001c0)="9742bc7fa45023ab5efa7cc152a597506e419e3d631d9abc629e1e56db305d4ac667d5a429e47f37632262851b1cf72fffb9507b80d77eb7b538711c6e410a29e48ea23abdb69ee7ab66a27333a55b46c96efc8661499ad40238015dc4d56cca6b72cfeeffa5034cbf176b5df934e38fc79f4545e17ef62f46320c8c0bf78ab86e38cc6d9d322b6c98b11e737ff3e9fdf845190fa6f625fa8d7b59174f90cc9b19d19ba73c39e364c4392c548cd542e8c76c4636a71c0b66befb4cedcb99a78b825f5eb70fd1bce7c508c93e82147f7aefed0d6d72520fdaa030d84fd247482925a320a4d32ad5")
close(r0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42000, 0x0)
syz_fuse_handle_req(r1, &(0x7f00000042c0), 0x2000, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r1, &(0x7f00000088c0)="4580093898a1d16b31cb53b0531f71a24a5b16ae40538efd584367d8522393a724be4985a9234289e0a62e5d9f4b77e235d059981bb4467fdef6b1fe779ab734263d9b3bd46378b1c6399295e7c1e8e04c5b356add1915b7e45b9e381867914e2cc80cd84e62cba8a9388be6679add1c7f801288db0f703ba884b3e0b4e64b227dedf9e86cea33761b16d7bed53bb6c2ca9485022fbbe2854f0ab1cf379bf4e8b53631525338c05e8d8201150169057d7f91506fe413fd930062efbbc2f2e299f1ee56a0e2eb000aa18b21448bb4c74bedc875f3c1060b02dfaa6b09bfedc5f6a21e6af2c270d0874bf56695e4fa97f2a01a4454652ec26710ca2c0e085610c1ec535d2d2520e34f8e995655fc3813751bb05093bce378eb6e7c52daa5943013677e2de843a01cd6b8da3ede72cd58a6e3551e0a63c2d3c2a2a2e19476169d9fd5206973bb01a309b083b2a6e6599678c63f4c79ea43b05873ac8110c0c36600b1c542ec5dacd40f7afbb744556ff81b63e192bdccdcf29f87c250ebc4cc1c7ad9063e646c3b8cb8e2671f9cb03e559232339f29ee8faedc557de70d1f28ff4250c44bf0d5d848d22c0ecc6c2dddde581f59179a1f110712585313f0d79cd9e8d0af6c0995a1688d85bd9919347b0bd4ded8b35606780e070dd1921affe83f1bbe5288692ef99d5266e74e1a321ae4549693720348ac5ed7bed7f65a0a86c2537b19b62120f541c76e607bca0c27c9eeacf8e36190ce2d7ab194d8893306edd40a0893e1612c0a1b2ed8a3f02587967d031e58ada05b1663bd3f23c81effb5f36c661c2c2a8968a64a488d6a93472031519d1086b7256586009a0ecc7ca765dcf9cf77e51abcafe124c65cd5303265b15bc7748340eca92d53e2d40a67e9171cd9ac663ce10f66d345b620f0373caf524a329e5919b3bb6aae9366963668737ccfcd6e738d66407416e813cfcf07094c9e852f280aeb8f2d2dca47e5d3be2c0a212b3165fdeab9b04ae43a7b8bb4b85868e237481906dd1011399e4eff809e88c2d7c01f413aee2a1de58f6856b6ab09b04455b724107fed5d18b786b626039a8ac8e6c53b080bec59bfecf7c4100441e4cb899a351d89422a5e1b3dbcefc0badd0398c54d91d9cf06d3d8643efb51da9c7ffb55e76d2eeac599e162ddea7d399b6d101a1e70e2615824d508c2b5f1550eb1bb825bedf17870765796c0a4090c85aeca36a79a74f42056ef0a05901d808c496234c893a71d5e76a002696045cd2f88afb7235cc2620891c046d8c08ffb71f7b7cafeb4d10976264a9606d5db8472b4a55a5abcbc6bee60394defcde03abc1c4659b63dbfb32198f9d3923607ba11e1728cd5dffa0a29e50f9d55ccd98fecb3e9fe42f08a41739bd0fe48a72e925fa747a483a5bfbf7830d54e8c5513d1bc6201afafef1743a705f2af9055f8fbcefc352b8f6ce3abfc2984e464947e22f3a26305d6421a633f6db0c3949df8d4f051d51e3c9daa0e00c47750b9c8c49e93905a9f3d5b98e6a098eed84d7d16102d24e82a4e85bf95d114b4137dc23f14cc0d7159c67d47a0394e7edf8f84086d6ec5d3db779cb560d9eb4163bd8992b50468105b05d5152688f8df2310f2652889202bc460d3aed5f50167c689ffde48eb8836501239bf80a12c5ade458db4fc618e23e254675a1c510491ddde26062c22833a5d80bf43bc05fc2db6f554a9da0a33026115661fe37a7e6d2905f8e763828564b2787e0d4eecfdf077866de9b33c53efca0da9c4cff7948b083bf7fa79c4fe0060583e0f6e53dec70cb700d1e29f2ad58f16ef642e2bbad4c1b79aa19781fd243f161f9a1176430e58a3909e9f4e250860ef8ff3654879e83b784cf660b72899ee251aadbc479e1276d05850867653b09bd92b85b6cb3001448ef886c75482dc0c3bcd721cad899b6a3a805dcaddb2d3ac61d269a160264642ef93c6ed39f75f08f900dfdfbef529fd537e4470b99d2d5deddea41bf9615d1d1e62cc01a7847513318fbd746fd76445b1073979b6fca255c0f49b18a477341d9336e2c2ae1d107ecf46e0cb92a99a5282e7338cdbedbae2f8f5b36313f507324712d535236c68cbf4bc837d5a1b80d68a4ac517ec313c870f3be015e0ad43c83716685baaf31eee7edfb23af6422a91dd167c6c2e6a585a1d14aafecf8d2bb7d9973a8dffe5838cccd5a385c6258e66f8bf54b378f38afa1e112ac3f785e163257d1f8b5337234b5079d16700187831e3a7df5508fecc1d93e4d926ed1ded9ecce4290de878035f8af16f2dbcbedf929987f355c389ae6c791e796e46326efffeb8a2506d40b8a9ef7c35a90e10eadae0e767b63e0f169ca5a30fdfa43546e2c5171dd801133c6ab986c545b4e73aaa9b3572f92690afc498f1248f8923ebe207f11c0587275569d20895d4662256c3a29ba4518781f8871b84a6b9b6d40d58dc149c38f4eb48bfb70d1b3c5cf2191825ac3b5e554f31c99ea292787fc2e10ad66893b19f22814fc0cfbb82413a8b8856eb13c9e9ced57255d9fb043f882008b7e4439ef068c8d81a60d1affafc43210b827144c1014799f2ebb91d04344e945fdf22d638dca602782c5f17c0e8fc68d00e305bde420231f51449c9fb8b20b329dd21a353085e255ca3522d05b429a49f9ec6c837be07194fef1f9be89080972c3b1f7452e8c9c48c1430efb2558b128f9d58f17576a0a839e3e17e23f74c6227d6481edfd8fd3cb65360577db6ac173a169e932bb1af16963f3c9175b62bc9a221fdc77c029dea920a0ed119248d256264bbf9b85ad4b73b3caaf5faad6546566889dd49e789f188fb6464afdfd160d6208556d52149369d5c29159eb910377af1ade2e3cb6263585c170150e40793120fe24aae427742445ce75ffa76571ebf39aec1e7f94da5b936a58eadd9daa2efeb701e8caa4bc0cecec3e4a5012f8b33e1b895b12acd3b5575691438840bd8df25f60e087563b63d59413fc404b0337e3969db4ffc318110a74f400b261dfecaa54a4f0eac627b3906a121ba316c023bd92bc6aebb4bd4eff374e6c076f7785680ee9768dde2e8d5b7d7287493b9b090af28ab2899c2f0220a4be2979c282f0a062c501dacf69121907a4d746a5578fb6323870b2e113908056df94f5548c5509577c0512b6f16090b79540487238cde05b529397104c43471e6b806e487452dbe1fc7ec60842f9597da099af5c29777f3f9866a118c02bc62a1defdd863ab6dedebd3739290fb547ceca0253bc60f842f15697203ab4a4bd9314e825039f9ba648a3642df81692a5fef5b62ba32b6b78c23650ad56a02cee90a20d7be1a54376e3f0ee4e2f36bdde8eee8d61a8fe24172d695318ac42485f9dc837a4f8d071f910253aa256f875a0bab8ec82b2fd5e20e443bb8d6857ddb0bb69c1efe527785ad1eedc8f5543dbfa811781a0e0a5657795726730fdf5b1434ce981071fb8abfc10b07ee2acab7056bd3476eb850510c2caa80587bd1533574bd7f029d0ef416c22b5b451348612827a15589d0ec74006f0acaa91aeffb2b39fa2ba98f9ab32937f62b9fda193da816f009b05247af1c76ddfea0ea9c3a83f5ee58bf470cfcad1687243819282242f9f3169429a105cd6ab468d6107d2206624e05c4b26128744029cec346bbe787f5cf2bfbe79690624341d41dcbd10a648fc49f3b331b08d73ce2f887530b075ff8ffa8dae8f69446e45123d947454bc8f5e93fccddada1f223bd84d7a9cc08816d58d6fad16e4d40cd52ea4cf8ca28bdff995968a2ce1fc0532dd0e50397534b9fef5b9e4d8986593d43cf179530aab329bc4afd26e7ea7c4e875f9bd7c51db55674939cc1a57ac3299d5a0320acda5e54acdf6d8bb61af7577bb92dbbf70b59d69678b06ea04ace4288da1690e737549d0e61cc814843f4ee0773a78b02c4b203616fbf63402a6352e31fc561cb3b48f3f887a5d98252b649c7faaa967cbecafd4363c214c00760d19d925349523028aff2436cddeef29b452a05934527862e7fb6528de83e3f2d2969633fc70bef596daed510832dc44e810b2e34a2fb67a13f985f94fecb93fcd0c24c0a1356c76a00d6fc813e94638231b8c5b66a429ac7b4950e7a93ed32d0078c2f8883f318e2b2bbdb2733cb29b1ca0395cace62f488ad5bfb149a5985abe3b837a65006653d55c0c71ab8a1c0f4994b28b20a010e93a21193648c08285c52e3b8ea60fc4b1692daeee22ac8c40cc67c477f73a706e60ae3750a9c6099283c923490b238d3161073b47603e625f8ec3050cf6bcea7e066162970d7d7a0bc4c157a8386e716f9819b72e0baed00ec6e59d14a8f18d0a71c3a663ff52b8f7e61c920757ce9b132887d4500d109d6c98c2ce2a69baa7b58c9047c135851ef62a60fd420834152c028ab60e2279c68772455083d5805b3064a765e285833493b2c7fac19d1dc7e5c909757a6a1fb78a983f5fa66323698c05e166b25234362cd379a8fd5338c48fc15ba59c1dcbb6172f9d65076446b7a0db1deb7c3bec42d6cf39e21619bd8c7834c4c972f2fa330c18edb3f8ab157655d3cfe9aaf104de7a546bc256ff856c9037de1de70122efa4c1ad7bb62b7697db86f69d4c0517708925fb0c9404a9b64067f644b17d8bb20ec560d783827058473066c110200893f623bbc48e6001682d09cb0144f58c153ee43abb15249a49d6d6d1438338535b02989c95df2f66a772553fba8f1f61023e6f91af7db6d874388c8002eb4a11bd719526643738dd2ff19662bd1fd5c9c46dd691ab65f2247f45522976ac32352ffbb5a431a6a08934ea7fed11c37aaaae99202262a42958fa77ca0f35a6c67a85b4a46164843b8625e47b2a282481415dfa7f83c2ed4fcbabbc8b3684742001ce98bdb5c15188233c4e7bb87ee3af08313af7822d3c45c027a061bace195fac29f0083dbe553e078c266343880d84373cf195e0c728fb2921d7e988c5c715d44ff02d849603e55cf4b2f744a90088c7a28d396f47a98a23e2312627b78e6715e6703a58db3c83f8c42da33ce86c9a3c17ed9ae636e53e70ea924e22f15a157811ea6d2fc96114e94ba2f475cf762fb494176a6d149d099fd508208c80644518f395f792eaba914409e54fb7c77319bc713c449a335ae4234b365308f9ba8d5fc5892f3e49e3d47394175f0947725b1233e6d142c8daa82d93a6ae26511116339284b5c229ca72c47c130fae5f42b753e72e77629bce4ee34ba274c2eb5db9a037786b6cc5cb1164f7be373144a6fde69930ee0e39a6e1d353a0e5e19b0476e39be3f2e243ba4a0db5f0a9e73538291736c22f57d4117897939217da05ea31ca54106b4ede1a61cfa8f3338f24d382dbfb6f9d828c0a4aad0dcfd0d2b0d4eccbae71c72b855167069c2705efaaaa789a11ff5dee5186420a5ea7fd8ce7d96168b66c595d3d367a9b0122606c1a027cf52cd387e8e5e4d7acb4d29981b1c48da04dca0276f11936cfe03d0e654e0df00727c8f6df166d2af99b3a5c00d7e78bbda294e80928935c5c4054f1544def46929eb9c3ea436e7e1e4a6af8a29c7fc5a614dc737721e8315fafe8e668a5707228620226553fe092e70cf8a31299a95464d57c44eb99d49b7ee4e21531d2b1277e0e1e1a16c2c7ff90aa49d7bddd86dc2dd24ed51fb4ea3026cdd38e07a515af157ccc1655967d1344858fffef8dfba2becbdb2383ec1fa7ae7c0ebc3ffe973b8fc4c3a43e2c2de61d7c2429b80354e54174a9256ed4142d86eb89784fc65fdd2e0695f3e457cb118eb70de1c3f90a56a28a2a2d1c438f9dde30b1eb759a7c109e6a5c5d1086285fac72eabb26233fe6cce54a581dfcdb41cc5fac1732823a9c303d77294a108b4d29010664b5e3a513d6875221c20baa55ff273e77346d6223939b3d8b2efe570446fe9e77f2be5367587cfbe98d4b6847c9b13ed0b818cc3469bd8f3988043b880667c07566ccfa8975be5995011fd1349cdc5cb06a95a355c5a11a1688468df7e6a537eb0efc5010ecf72d4c53faa74b93a809532f3038991014b391adfa6d17c3cd6bf9df18cb4941aa228e402009418f67952e5f22455f89ed434dcf522b02f350f0d1a79db837630830306a094d82ddcba3657e6ef13b7e7252b76f05c5f78127d16b13443d337911f988479ea1d8d78f60f516fc22118d64b982013dcc272160488bf16fcc4674bed5ab2b3af7f8089fa679d009a60bd23c82cce41837784f8c208ec8177ef63aa1f492ae9b7791e94006f60f606c3f35c5e53073485da4a4a714cb6f0dcedaea0fe49ab85568e215695efa82053b58842bf4e4df721304fc9c5ac0828ca66c7223cff63aa13afb68436635b374ccf1b14ea528ab7e4acacfd7285d88521161086a99133f1ba2ea483ba69c38fe32e2afa6cb079fb268b585fe90bbefaef5eebdec882ab3863bccb7bcb3c49f4f9ae3bb43c087ce30b2f05e780aa7b80886ba2506322ee793fd99e7d56632a468b53635811247033208de3d17a36142f53b2f1dbd57727c4935ecb554b5e91038f342b035285f1eb4a1e65e577f407312aed0dd68983d6e20d56aa3302c888a889b5c1b485303c7591105642cc96e7d34eef7808b51e1a0f845ce63d904704527f4acfcc0a5d8fa69bd0648e721daff09b70ec95ff2f173f2d62bd566829a55eb2e6d45465cf520e0b505550014851db1fbf84dde8412d1aac3df64a8b39d42cd18d699e94d0a16b5ee63fc7ea82c19688893790360773445c439e1fe5e5ccafa85a4fc45e5b811861fe9d8d6a3994a8c658b6fab904852f80a3276c4df48d4bbd36fac4d16103eef0e422488221a9189d910a204d8d1a79f755fccab38754d6b5e5c5b4f1cba75658bd43f2fb0752ef479a23d62dd7631aa7d9c76467ac2917b9e4b33d14ef56cd950f9ba114e94f1db8234ece2b3787f2806314df385de62b86228ce20a6579f9933c8bb9401c41642b00e644b78cd1d04ebfec1178237cd7e706d79d332b0e766ffc6f6353417c4726b6dbef648ed779c329485a9dc48c7111b447372e2042f402a079c2de283fa2221932c1ae1882018d8bda50b79f49ec3cdce34c09b783b1923036b95378ba4c1c343889e8bfba59e47c7b40364a78c8597ce696e43d3cf81fa78e106c9bd6a99c56fa4e0e0ae1d7a78355337c135ae75e4f9b754807fca65fd06dec18561d57b2855836c4340c179ea76959abde59f5e8b8a5f573d844fe26a3536e4f8b0c75ecc66b6e4625bc6185fc41fd5bbe96351e71958f87a6d28aa50039b16f26a71975a4c37cc0c028ba8a608b66de5ede49ccf3d78bd7a81a9322854a9589b4dd6f962972ef05f8deb8d331b9e21c6a63cdb78f58f86927bff15e319166478c53d08ad8e2ad155aefa2d43a51bac1e4450b7c52b92d75567a2297290ec04ea5f5b65f1f8ad0bb0502504aacd37b8a67d0c957e3cdb7f2eb8d1412e3cea7e69f7398dbb4e4986a24c7070e786ec60157ca3996ec0142e677665629480bee5de63b13384512e6c5fc7d6a5bddfdf63911fa888f71ab601e6018ed28fcd3577cceef79a7e22c84b77621a8e3561af825ed82eee51c24ed0665a06afdde6e53db6c75e27f2049dbfce61da141c5c338541b3bb4d03c8acacac73e1e60228aac37f0675d8ed56b4e940cd5522dcd6c86a6fc71654f6f6994dec3af199eaca80e8888777cdbd6142518f12111e81e4ffe1cdd8b93545cdd64baac4f37751723b5e96f5aaa67da6685cfcc4267ca2696f81371a40cb43d16f69c6b2884b270dc66a41102fd2ecb20e565fc48fb85ac08471d35d17cd9eb01953534fe958cd6661397cccbfcc93e288543c3bcdbd3fef547cb62765a9eb25218c4799a36037ddcc1087d9ff1f071db65d1bef02a7f71a3a9b2ea574cc7807d400608f07f0ad49fdc1f78b31ca2c1325978a062a678034c8bf7c5ba2b568a2e363b3a28b4d919106d70e0399e231ea50cadc1be84e7781fa49e5334ce5e66b62d1939df3c48cfd52fd42ac5d80bca8a98d5ac9fe5a1b55606bf92d7c5ac294ab45691b235229ab984ddc35424eaa8a52dc9eada4ec0070553ede17e603580cc87fd5def48b53b8d9f8a28537859c0cb248a760dd434b6147f7380a4791cfd6aed2ca157e86703d7051ebb8a1ab077bad6b7c526b2e53dd6bbc5825bcff00657f78d808f6b80d04192fbfba468a54bdb068e14ecd1c746b9827efa99828b223691ad03b51a0d65653cd31e320032805f6773b31c6f7055389ea64d881b43a99f50bb4ce088548d32f14ea8a1b76b5251384609583a2bde4f2a43ef410b007079254405b5748a46aa322a6a5d95e03b23995a0242362d47e011c53b1ad08b24608c841317e8cdf3667c8ad9666d14704c7c2997a43b1a46c60e41ceb35449b72aa8f9ed99c7e1740dd2d4af0b7fa8d9ae022b7739968c3d93de715fb239400f96ac936a55d82c2e5be0c062c3fd807e5cc96e1afe310d7973e2bbc5dd23b4e48a96ebc8956df7be624c6fdbde324e884cfef902f485b5d38a7d019020da89190c989966dec55f8e4c5e433cfe36a6042b6fe9af91788ad0ce5d70878ef8c483b095b2dd4b62e8ebfba2f2d8a5005df1a7055eef6a7f40a35d79ad782ae73e4977fcd39b38cfdf4cbbdcb0a94ab6e7648f054d044766355dd54f2720247aa36ce7876d449ee41191f1e7f60feb0b4928f6bce900e089727f8d7595a1c4fc483353e713f53846b40a09e88e642d0a42678a324a743d965a709c1967e2262eee92b153841917ae0fb923e687f5eb56167c10a3495b9412cb2e0004978fdb6109d70fe93d532c13b09cab04bfabfed657e61b436d52ee3d504cd3fa34f530226437ab76024e574601e3a9480d809de9ee3f7c5f438aad36234dc522de47a18a5c993da28fac3717206e57674156b40b822f47d68374b49ecc64e13940c19c33b7728c28cdd8f747b3176f5886c4ffe7b890a73a0cc0b28019fd6a6f239652c2fec8dfd4a7b6d7d18318a87c343892db5ff81f2ec2f94e1e0cb607815e0c783abd3e5c1c85dd6fc83677efd14bcc88c9c67e73769b5916662aca1470e28f91772d80baa3bf9e1bedeed8bc6194c8a2f77ca89ac69b3065a89beda8b035168070b4e2b8467e2bfd91248c62ebc1089a91803fcaf75cdc54428d5ee466d5c901ebc690a155a8ffd01e5976612a6ff524bb9c2c706aec7f89595b91ad7040d97b89fbb8729f57853abc30b7c85ed39b624593b1b3d40da689718dc8f2ea16c0d5e6a019e7764ddd528fab311f9ad1eac649640b9b681ac943c454b34dc9c7f490f51a19dcda40d84ce1cd2845a29b03bf1db1143bfb43cb0a05c027fa2b1e63e7b4cb43269203a12eaa3e7c4ada4a01c9a04a4ac7d9d69b3b8da50d96aa0d55121cf56c91b894a1beaeac59144abd5d421f3fe8ae45cc1755f99805d46058d9c44d4d77142553e7bcff51266d06498790ef69d58518932a1d5b914c516adabeafe140f4a56d62d4ff45f557c959597fcd67d443e7054bc69132eef9dc8a0be5833dfe68c6373cfbc165d47e46da75c1d44b14bd4c8b568988439de7ebf6cc34f16deef013846024c53e6364793bd56de3bdf086ebbd14941b942dccd13041fac950d8440438ee2455982bb0ae79e00217ec62b1bc31d2e2ef1dbeab36b729ac4ccf2074f4d8bb46dcf36000b80c74c5cae8db365d492d2f169d2da0227a97cc2523545d8a3e499a120be96a6f07abbb4dd5f348a3691db1d851f7039e2921eb8c263a87ec56850eb35bfcfd75d700c161954b3c42142d493f8b138e92540c5a90fa91cb117b1ec45e0911085d5b2458c17dddf4b220e50667d5fdbc95919d9b498eb748a92cce6bfca17339c886a26c9a0ed960226767b1f20cfbfdd82865d2ba8aa6305f6ce3bb8ec8a9decb275693af4abc71de61915361ec30e9ee2869073801cbce600c297177761b5a487fbe6e2c6e1689b7afb4c5cd612b0c14ae5255dd979fa8cc69e91126402190b79238db8b4a90a23c60144267e2f70f178343e1edde7c04066430a20048941fd6a5ac4e68e8fc91dee05845a037840e70f8e6ef4fc6a04ed6b4cf67ec4655f5fff615fa12b8d4083197e5d30b9fd4db5586c880a2edeedbbef14670418383179e7013e735f131d5f00620c8d2080f4ac63ccc90b77cae271782ed792a0db358302d58cb77420ecdc7544628ca1f300c337cbf0c0c8dc10387b5c214b0a6514896e092663c94d87e217fc80af8a2af0ae4d5dbb4888f7a6b19b709265f9e6510489685a8f2fa7354752c8338b526cd7e3f23011be1fcc1d09732494d53b3129df037b0f9f7a1d650e7f33747cd08c36dc4233e6e506d62bbf71a83b40bc3b9f5656e2e1fbdb2da87ae18307b44153afd1ac378bc198ab256da795cd6a73c613ee98c44172c029bc98f5dedb8e59e2f7f16a3da9ebb57d910163f051e83039cfe4a4665c9ad404c8b0cea48eafc1913262640f0de4beafdd8401fbc3a6c365082553588df6c049fab0c91d3368eff2fb9cec71d5fb7556525aeab4cfdbc3308c7573b02967893b20c7144b2041757aed6d2c8f97eeecb9f980b10ee5834b389a013de370ce100d5656da4669a65a8aaf071b8cc1f8d761cc4d5a68d7b66f59f24e1e5973d4ad4ccbd80460048b1722df76554f016a283c585cf94f0e142c62f2bd9647cc298bef173f07d39b0235170a82e8ed3f988afe97f7db65f33e841418bf3668fd87d2acd84235ecb75c006c0921dcb41e9aa63e23af391d3be43eef4052570572706d5fc91b86ccdbdc2d725506653947d19f8d1fcd6b8ce652f00f878ffd512060cd1e090bfcb04d37faf10b1ad9c9b42604de918f5f5fc6f2b1ea9cab85e1c7c28db8c3a395462231d64466706981776bee909a60f3c33d47f221f065f7a158548b4e6440606f1ed35414179bf3d2b525c19e288c040ac9e4a6c4dadcce8c20b37c3d3d030f0e4faf8088fde26dc5fd9fad0db9457b414a71ee9bf4860859f0110be4c0ccbf66f5f84753f6661ad754fb9f9fce4406ec02a5665cb5d24bd206758b0518dd916bdba0172d362a79970884f5ac27828b291e95675990688c1f50f8e602e0aff46c157d5974b2661cf1b1868f895e63b2c842b1425160928a37333e31eb8586677ca88e5106c3329268b3824c7a593c301ba2071d5751688164d8b1eef49b9f00d009b6df26ebd9c3e4462736e8dd7aa427f0f9738a4761fdcbc59f53bd4983025704084651cc48e311a3507db3267b4952b095f7ea22ff44bb0447859b29903fdf51873afa136a93918d1dc21c4fc830c2474f1d1408bbf2506d892a9a5ee73092ba9b85d9373eebdc60ef5349b13f0ec2b5031488be413afbbccde997ce8252aeaa2a74da28d0f7ee4575675e4fbb818f32c928c3d96a16344eee26b056d29f272d781043b9e261e3b0e33f7495d9ec86ff16e8a13e640dea5528925bf301d8f4df79200650bbe54e08286aa2504b18cc1274c75bc2c0bf90d65ed34b5162d3c75369d411c7b5d19b916b7a9a388ec57590d4f143b4697a5e924f7163a9611fcb1dd72e17da4a45b10d53b086fc66f4f41e8dcaf7e", 0x2000, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="9000000000000000ff000000000000000300000000000000ace500000000000005"], 0x0, 0x0, 0x0, 0x0})
getdents64(r4, &(0x7f0000000c80)=""/135, 0x87)

3.278332554s ago: executing program 8 (id=6793):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x17, &(0x7f0000000800)=ANY=[@ANYBLOB="180000000500000000000000050000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000007a0000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000008500000095000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x1, 0xd4, &(0x7f0000000040)=""/212, 0x0, 0x8}, 0x94)

3.093404225s ago: executing program 8 (id=6794):
socket$inet_udp(0x2, 0x2, 0x0)
write$qrtrtun(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}]}, 0x28}}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x600, &(0x7f0000000840)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

2.927553895s ago: executing program 8 (id=6795):
syz_open_dev$vim2m(&(0x7f0000000180), 0x3, 0x2)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.events\x00', 0x275a, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000001540)={'tunl0\x00', {0x2, 0x4e23, @local}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/kexec_crash_size', 0x202, 0x0)
sendfile(r4, r4, 0x0, 0x6)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000400000900010073797a3000000000080003400000000a1400000011000100"/99], 0x64}}, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000040), 0x1, 0x121000)
r6 = syz_open_dev$video4linux(&(0x7f00000004c0), 0x5, 0x400000)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r6, 0xc0305602, &(0x7f0000000240)={0x0, 0x7, 0x1, 0x1})
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x13, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000008000000180100002520732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000f98500000006000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000006000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r7, 0x0, 0xe, 0x0, &(0x7f0000000740)="ba37bc6e74cc160f3f46dd21efc8", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$IOC_PR_RESERVE(r5, 0x401070c9, &(0x7f0000000480)={0x28d3, 0x40})
r8 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000000000105e04f900000800000001090224000100000000094400010103005481b20642623b6273924ddc200d172d"], 0x0)
syz_usb_control_io(r8, 0x0, 0x0)
syz_usb_control_io(r8, &(0x7f00000003c0)={0x18, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x4000000, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x8}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)

2.801586378s ago: executing program 2 (id=6796):
r0 = socket$caif_seqpacket(0x25, 0x5, 0x4)
setsockopt$CAIFSO_LINK_SELECT(r0, 0x116, 0x7f, 0x0, 0x0)
pipe2$9p(&(0x7f0000000000), 0x4800)
syz_io_uring_setup(0x364d, &(0x7f0000000580)={0x0, 0x2c68, 0x8, 0x2, 0xfffffffb}, &(0x7f00000000c0), &(0x7f0000001880))
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10)
r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405668, 0x0)
ioctl$FS_IOC_SETFLAGS(r7, 0x40186f40, &(0x7f0000000440)=0x1f)
setns(r2, 0x24020000)
syz_clone(0x120e1100, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[], 0x0)
r8 = fsopen(&(0x7f0000000100)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0)

2.775163768s ago: executing program 9 (id=6797):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000280)={0x0, r0}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f00000007c0)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$ax25(0x3, 0x5, 0x0)
migrate_pages(r1, 0xa94b, 0x0, &(0x7f0000000bc0)=0x27e0407a)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_DEL(r4, &(0x7f0000004a80)={0x0, 0x0, &(0x7f0000004a40)={&(0x7f00000049c0)={0x14, 0x3, 0x7, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x40005}, 0x50)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc2c45512, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f0000000140), &(0x7f0000000180)=0x4)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(0xffffffffffffffff, &(0x7f00000001c0)="0a000300010000", 0x7)

2.500388441s ago: executing program 1 (id=6745):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000102000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r0, @ANYBLOB="0000000002000000b705000008000000850000005d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x4}, 0x94)

1.109081636s ago: executing program 1 (id=6798):
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4895)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
shmdt(0x0)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(0xffffffffffffffff, 0x5761, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200000054000480500001800a000100696e6e657200000040000280080002"], 0xa8}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x4, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_TARGET={0x8, 0x1, 0xa000}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x404c810}, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r3, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f0003"], 0x270}, 0x1, 0x0, 0x0, 0x8015}, 0x4)
sendmmsg(r1, &(0x7f0000000000), 0x400000000000235, 0x0)

1.108762168s ago: executing program 6 (id=6799):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000780)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="1000000001000000000000000000", 0x0, 0x202, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9}, 0x50)

1.090971942s ago: executing program 9 (id=6800):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='freezer.self_freezing\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)="180c4552", 0x4)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x4000002, 0x5, 0x0, 0x0, 0x8, 0xc, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd0000000000002000", [0x4, 0x7fffffff]}})

1.037854626s ago: executing program 9 (id=6801):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, 0x0, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000b80)='n', 0x1}], 0x1}, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000040)={0x0, 0x9, 0x7a8, 0x6}, 0x14)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "db57cda808852139", "252432e72844858a068b92a5a810f4dc", "11802ff5", "5aee41448c84afb7"}, 0x28)
close(0x4)

934.055862ms ago: executing program 9 (id=6802):
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setregid(0x0, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, 0x0, 0x4004000)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4895)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
shmdt(0x0)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(0xffffffffffffffff, 0x5761, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x17, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)=[0x1, 0xffffffffffffffff], 0x0, 0x10, 0x3ff}, 0x94)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200000054000480500001800a000100696e6e657200000040000280080002"], 0xa8}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x4, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_TARGET={0x8, 0x1, 0xa000}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x404c810}, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r3, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f"], 0x270}, 0x1, 0x0, 0x0, 0x8015}, 0x4)
sendmmsg(r1, &(0x7f0000000000), 0x400000000000235, 0x0)

710.243073ms ago: executing program 6 (id=6803):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x17, &(0x7f0000000800)=ANY=[@ANYBLOB="180000000500000000000000050000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000007a0000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000008500000095000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x1, 0xd4, &(0x7f0000000040)=""/212, 0x0, 0x8}, 0x94)

31.963822ms ago: executing program 9 (id=6804):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000540)={'c6xdigio\x00', [0x0, 0x80008000, 0x86c, 0xa, 0x0, 0x0, 0x1, 0xf, 0x5, 0x1, 0x80008, 0x5, 0x9, 0x41, 0x1138fcec, 0x6, 0xffffffa7, 0x2000001, 0xfffffffd, 0x65c, 0x3ff, 0x10004, 0x80800, 0xe2e3, 0x9, 0x6, 0x4, 0x80003, 0x0, 0x5, 0x5]})
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0a41, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1, 0x5d032, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x80)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r3, 0x40046205, &(0x7f0000000000)=0x1)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="19000000091401002dbd7000fddbdf250800010000000000d8b80bdc2ed16e115b271ebbedb96feafb0789cd11aabed514d584d948d1321aed4cf634d3e0cd7142d1d64d66765ecc9d3a9696f5fc48c67617fb0299f62987236e5eebd452057d7c1b4ff2ae607a082203527f42ac118feaa797aa002e7fed57192d70d21a5517786fe761e1287a6fff74575cb78e1de056b391b4d36758eed7c2829fa77097ac0d368b13a48480e93ed124"], 0x18}}, 0xc050)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x9c, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)={0x30, 0x30, 0x30}}}, @acquire_done], 0x1, 0x0, &(0x7f0000001ac0)="d4"})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000004c0)='fdinfo\x00')
fchdir(r6)
syz_fuse_handle_req(r5, &(0x7f0000006680)="8e503ba12553ae35664093744598ff2ed98313cfeff69bbb1f3ba451bc98d27cf439225d75522ac543a153ac5284bf131a87e53d0b20f8dddcb2af841def3e560070344be18fcee4983553ba856738012b512e3dc760fb581a17e5622e0e22e22546476d6cc6d6d94d828a2fa22ec77a1cf082f5ca88f1f8976e8b6c3a7a537f8f50b432bf4df69c912bfcc539a65851f86b23f24e714e0643429ec1198ea1647316538a3ce23fad21e19e087c0dedc7aa6d5e4b0dcbfcbe22c857f5a848aef15126b9ecc810249cbbc82c8b6ba49e46b71cb79f6ef9449d0838b9130946398941a4c64f6e2d84118b60ed4ccfed8a26446032fecf87434e71b7989253f64feb6d2e1013673a9600b1915174e55ad78d1d666fb75c24142e44ceca89a18ca66b4b5e66ba953ca42fb6a36d4a3612a2948393f67a7d1d0957a8553c73855fd007abbb6c3d4bbc943f3b102bb2ea6f40e714516a3de91acc6e1468e9e7b66ee57815da23054153d9d5fca6bdb26ed8f7754d88154d46df2f2e4964ee5d7f47e9218d6877c3b232c945cddeef70b24e5c6c434fa30fd0a2ad1c348c3658494f7cfdfb6bb56b43f1d9b2d049c1166161c3232ada01f3c789b2d6958cdd9f044a654f8397d64cb928f4d57f0c4e9739afbf3afbf0e9f84d56a1aba6db7538d98404b7cdfa97f8770a6df4a13145c1d0cfb7ec0349b5639d9180eada54b2f8c12472fb379901e6d514fbfd6d41d2dd77eb42608a784fc016ae48fb126776b10be5c03f62ec90987e766d20d821a17c03e0d867f4aa3f4902fb803e8261833aa9397e107e6c100daa3d8b792bf4b5081ef56670762b5ae3f528836029ca332f44fcc5cf3750f39091985032afa8dd2e80b69cbffc29aa13fcdc0ff811a108794b4154ecaf70e58a9f70a573cf9d1040e23f5a04a873a583e4ab0fa5f77d620c60f0a45cdc789b849e9e8746528846bbbf8251a84f2aa97ccc3e49f4c9b6abf0248344e86a71486eba9e62ff5920bb80ceccc5813f068da0d5aa208c440b7889118d2f4e8baf22a84544f232d6a3a1aedf31d5fc22f0ece56ac611b1363ff35e5071342a0257d3f146dc3ea1cc795d2f06afeb1d6995e50eb2d2d21dc6c4377a2626dd9486446517d03a4a03c43ef2e255a92b775c198bfe92c21375599235aac33c69190bbbfaad76860d0c9e70ad53273460c370b06bdf94ee8bfc31c48609ff6de0d39f873ec11e8c2835f17b3f18891c8ae335a7074fb5a5c794007a327fbb2622e71d62e43f50a00cc59b7eeb3f8ceed5d87fa5eb62a7a8c74ec90b1096a0b24606bf14b1f13f78ea4ab522304c7ca1d7b8ae47b5859f6a0d9baf3b6ffd29a4fb6782732febcfa51446aa87691ac81bf891717fbf8e4deaccac63477d3bc7b8ed52e9b6ca3fd39eefee6a337c2ad76df9739e2fbff34bf36027be0cfbebfe5b2fd168d75b2fd64479e2faf85654c013955e04044a9b7bf8b3d42da91962796bfe6eb53fe29e36a7a7512a155c712ae561d885703cb26d72e6f1df3976cc665960f871f3110309ffb6b5a79e54057a7a286c62c11e973ef671e86051686f77992f985d729740f38fecf83e03a1fef542cd6b4cee48546f67873a9c682c4afe4a5beccfc64085c622c5a0b5a1f6355f938d16925cabe61426a837c48fd6ad790afe54448fb296a03322f3427e132e8c0623bd311af8a619c2d91415e851744941700f09a2d8471def9dbc448c6aefb4c664f8902c872cc7de9d26e8b300b55b1d08a80257095efef35d9b497487607a22bc95c68f39aeeae243e76ccd40dd1b7ccad6eb39b35d91d239b2b005c8bb6e50037ffb1253276e20384398a5e97ad705fcffd04c720539ddf80cf4e929e82e3fec3d7542e0b7495733eb5da29f6dff5a34ec88a71881f660a5bc9481e755fd3c5683e95ed97cc91ab0edf49afda477aea42bc436b364747d973d61be806e1e63b6982e42814a13c5adb3bd767ec724d2d654afb106198fba6b4c798f4b82f329c2b8055ac4d247da971e32eb4cb971c9ac99d18c0a216d48dd7dffd372e0cad9ce6f05b06e47842c2f53b7c987139c6ddac3446fdb163342f8ca8f5401db91d324a6b710f28dece5839d37760c2515d6ad815a746cd7ccd3a438a5d3f28ca331f6874dedbab107c64127a7590a2813c1287ca977807827d52df80a9c19bc7ef335791da1be53c89f6de8ee1f02f26069b786f22bfd23cd8366e3ca02c0b296d0966d7f8fdbc0ef06895c547224f1a01c92d5f43f81b35539469d1fd9cd76dbf8cdd21b479a6474578863c9906ce6b12d0dbf5a458dafc042fcabe64aeebeb70c0da9300ed22e5d2851c5e77b20f9da1cd26cd810e0b8f1ba17d7c819e8a8ad86aa5bc4eb64748b75ab4a85f05bb1dc542234ac175eced1fe8f3fbd86f1c7349a360f5af0244818df303dce6842ea7afa722be19cf162d671256e5659c77c5569d827b28dc44b7dbb7d9433bc9eff26edbff36cf796b8afb285393f2dab6bb9a3ed40dd065ba8a8ab62cb575e696b97a2853b1700835ae429b983a5bb88972e367f5996a21e9a3b00e943e15c1163fdee023e1cf6e8dc42655cb175590fb6b8c46148b37957c5026aa94e96cbb71bcf9e7899c489edd9b34ca2d3d0dbd29f135cb158652ded6c959820b26a5fb6e8f3a6cfb80bcfa52c36ae0a3868914bda36b5ac09d2ae6cfccff9859550cfc5c6c3b30cddf6a2130c0c563445ae10634f38c65a47aeb8c72a0f25a6747a6787e703e1723303dd6d5bd4303240cb6d4659ee32d80b92859327e882ec84d9bb2a6976d9c6fa450d5598c6af1c92fc4ed7614e3192a06e62e704278424e2e5d521ec4f2cbd87d9b8a65405e807f6247e3f9228e8a5c44e31c9de9247d1b8248ce71d34663cbfcce728c9f08628629fca3f334566118aeb86470886147d714d2dce240408fac3c971b851dd33cb7997e238a2362195ba4f0e83d5c1c5039328817f258d6645bcbc20512398a7a34e2288585b4dc626c6867f3af5a0f573492cdb04e5613bd95bcfe6a61541c3912b4e841b34db2820ed5aca226dcba496f9586b83ab44ed3b9f34cfd2397f36dc4f9811815b975a208b6cd163031296b289b7d202036bca9c4e862f6b1d6356c3c54d47de63e0d0b38e7b9e41e1b25d94fbd03853f786fcf2325020355469e52dd2cfc879e2758382f609173cb2c01775030d1d536af97f5bd0a4b71ad9bf3e5becfccd7dce72fa8882733d2c32cab1338ce67f301be74b1c51dbacff9bdc22868f3f16531cb86b7597aff03040a821c4f7cae2b5b92db792f327dce81e79ac83d4ca15aa248ddc2fad518ebd360c5ac8ff3636e15e8ff61501b1e5c6338847ff43c0d3ed38c87aa623c318c8facffb72fbad8bf4effdd2013dc60ad91f1f5a791905b572321ce0956ffded80e2152b0672875fe71923de673ce343a665d327560c5267223b6fa636ef188b94d4a42884721b4f2d51f90ff3e5145aab164fb56982648a7215601d23017b749c01b684082e250330d109af89bf5d20ca788fbd95fd8d1c128aad3306c4e1bd1c054def7b7ea1948e3c95826078991d234808f55c2314706c8177d7674b2378792afe66b2d65484b481b0e52d8b60e0980163fcf2fffa2cd81f4dbf57afd76fd4e71ec8a6604a697fcaf57e65bba50489f6f0c5b4c046a14303eac05700550ee10fa29d8f68a9eb02fa504b640865f7e2c21f1451ed7d75c90a4734ba64327bc3597b5aff23d0a8f1229f0539720bece2b980f85e11c5ecbf3a560e5dedc40e1260349ccbc647d4d9763b17a45fe1b63e5d16e1a49d55c0011e3ab898b64a6618682bd7bb7e8ed18dafa1b462f20f6aaf2d7c4777a6fb73aa7a1720d67a644f4f4b0bc3ff965e696fd3513979f2e72289dec447af56b240380cfa2a9ce38a808e961d26b6ee6810c75778e9d23a93b3f79b3b293f138f23ef2596b60ecd4afc2036debb7e14f61774d84c1325ee7b8f95dc80c12b001e32e894516473a82aa2c24b5ff7f8c3374e245f1b3ff2a8cf0cc33ecd4b9b7528c34cf54d77756ed3e1b74a0e66c9c1dd8e53c123872c084f70e8a04efe8a8c3527ba75f4d9ced8469229ad7453a1376cae90b155638696103216a07b02e93e3924c4a98d159ce8633b2c8bda44ef28f37ba5edf1e80184c9ac2c8b0db77096dbf2f866536ac4f5ee9eed4bb8dfe0dad4361e901450ba499c119aa1af2a1a7c527b09562a47d8260bd7647e29ee422432f063a84d195e9c843e6f6fa684dd044bd09b8cb3e7a976df68049f09caba37b69a595cea61667f2631e561be743309568b4c37fdaed8ebc628889bc3bf9c5a63bc74e9358a9c2228f51370eb483ee39e682cd4f56f15a16217904c6189ef50044e04f244da23d1c9f41a5209f4f485df4ad8d1922203d365eb11102d48c93c09b700e177aef00f8bf729c0406b89de32490fca998bd34f80c99be60601d4de10e9a86a5a22652eb9df948daa66529b6445cdde70ad125d06e41a3469216233a8b9eeb928f2d041eded321d518f0435ca377e90ae49e95793aabccf299c1f1a82ddec49b2b8732aecd1610d5f09cc5e509d4065c5cfb4edc55f6a15fbaf4dea24439ea95b63bae312ed90e47787000810f22ab9b6aa0622ab969fa30b724b24d82447d6a357468b2d1ec61a80ae680ff7b8b894158218b0e63f99103879f3c1dae33aedec60a1e755755604e33a6698cd0e378b0a0b04017278411f33eade9c4c0e3b7d0d6e62fdc3ebf5559310e0a2913d5aff1ce1bead51578b3879c0e25d96a7a150ba655c97875d864c3a6d5b595ff9dd9698857b3b0bab2d087bbf7f80f5a7225cdebf794ede16a61ca73201f311f87ef9cececb8fd07b2bf384a22a8ae988a5e91e6355e26ac923e78004968bf7f4ae3b319e61a422a43841831a51e2c41df8a118da5239c87b4b0aceb32854413d53e0228090babc167ed6600041390ce04e96c94c65c51fdc00e617e4ed870fe9ed2bbef84c1e1f3f796b2867b0f383b6e01ba2b82ecfced722ac5a7c092716d18b9b41674c342a1a6a7ef961893d451648cce5d0ccb4c180e0493a53f5453de43a6535c486acbfb9f480f3255f998831b684a468a88840e1e7e8a310ef296ce89bef65b7e54265c88bff204e48963cea9945608260e5de37b949acacc938e8e2de9fff925022c010f94a0cd6c7bf16d4e3132034a8a3301f1c1950b9a31ee8227b17cbf460db666f6207a59783064115eac2d4f29f9483ebcd34e8792809d5c25a380b2137bbcd7cda502f4a41a043f7d626e922adec9b4c6478ac0df9842bd4e8912deb2ad2026461510ca392383ee9a7ad0388ae499951a4283db39ca57ed9bebf43dcaa6caa391169077a189641fda3151d8e3a3a0b525dcafa2d9d7b2a01468e658c10c27a8ba74b487a968b05031a3d53b59139068b28ca87c5bfd9db867c0e9b9abd91142c96dbf8883e1a89db8d96c9f0a8999a4f9d6b07f32d6f8bb2ea6d2eaa8a531edf85f25aef35c84eb4bf3f46ab4213602be20cad885d404ef47fafc7793247247848f1c3a06ea31c23d0cbffa07aa5981714dc85736e95cd4d60ed1f25351b1c723e4f042f55f02d24a089862df124c75cc4f618853914439c1406a393a0f1ec0f2346f4cbd6beb17713149d67b9bf1854c814bd8ba3a199218e6eac655db998c955df382c8dee2b4d30c750a63a08e9a88009840e96a331bde3767bce177fc5c44528cb673e862e24c2dc2399be1435cd20916e9e060f8bef39d4b47f335dde4493e0e44b0f619822a35e69b7c5d93dc69575ff71ced7c858e43dbee46f4e50846288cbc8fecbb9291d455a015fdd6e1412aec0e6104d0377074b8e160ec7d813bbc6d3b8e6b0256bce8d255d7a592b408cdf6e63164c99d94f00a693e06c2ecba9dc6d36c6a35697c1647f942df4c805c18344b8e5ac885689068f864c395e8c970702e40cf6c683d10455c7ad75fc035ae260f359c2d8c91305406c6f56ec535be445601c75ffdde1758904787f29a558d0f3bd04bfa08f1612a7ee8a7acf129ed5eb854bba757d34afa354098ed8b4e3a599db4b7611a665fcbbb182a0774cb026a00714d8b91c7fb8691b629b6a93f92da2f3701348885dcefe5a548c90101e50dbaf3f4907611623f7616bcea943bd3feedecf3b3681b4d04a938ac83d9f18a21991a90dc17005e7c56d2e09a0f4ad9f3c676e7da478e96122046d0a167f7e1a28d97d514aa68d24dac8501a1a35ddb6f3703311b26bfa3319361ff5e4d38cd55a04ef1b4fb417a3b638cde7f8569531a22c0fa12ad3a55dfe3c2642205fe1ba0c82d36f8815ec52f6381fe789fcf89efb305498a9b1f0ffafe01bcc5581f5b5d195bba77797085ab1837fd081cf5f086da2a16b6a7f8ca9efbc4c9cf771961b70626120e3715b16b222932291e4ee2449591b1807d56a53d4d86f25011704e7d5efcb799ab130ec2aacd54afd3c43c8acda1c5874ce23234b090c4eaa8ddaedf979b1218a5b9dfb36b8196ce05924dcdc7f50d96b95d0c288551a0498ff23f56c7ccdfb8966480477849c7471bea99cb0af35dbcaa5e781b5ddecf3cde51d78067aed9ca267550dfae119a3d83710ecb92fe80841837b41a40d262f5fad16c20203d1cc3455ca63ebdf0f5dbb7a498b4629dcb87333f2d58726871e6b5adf60faa0f8c9cb4718005e5e199457330da1a11cd0d7e78f617b6805fff8fa45c2cb56e1e17904773e165d2a39470ce1616418e7e15481c798afed92efad9c2babcc3e3346f8022ce30b3e1db015a2b9f5dbd4560ee9776c77eb9cff5cf2af28ebf1085650e29bd8dac01b814e6c285bf964da2eb1a442aeb671589a02c29d58208829c9501c355644ac28c38835f4025dcdabfd3852b1a16e45e9c032e97f7f2f0f612739c6569f44731692e3f3b97ba5bcd0b7f2dea1ee6303b5f92514c022e54aa4c587eff74a5d509c17785686c613bf6b778e3624ff3653674e6daab3f788ec9cf879f06957a673a20fdccf721ced05a0d23e074de82614f775a84dfcd31c621cf0369e28791ab742b62f271218fa1bc8681e9d41b4a93b05cc693013d54d367b1e6e1a7e74b43b44b920192ed8fbb63b89f393e5ffab584d7c201d1b99b7bc6907033109986a4fe7bb79e803315c4df94ed471cba889e148645fd1748374015ea8c696ff64bf6d23bce7e5efa7c7e6215ceefa938cd88aa0374da4ee1e10cbfa96d5283b4a0867f4d76b8492fc618e2bca34ba9bc2ff3368756080a78a1ece2f0d1d1cc30cb721677de3c4cd6da378697c40419bc1f2184b86b8e40abd627aab9c308d8fd2db8daf8b43225003ea9124c11dfcbd1b6ea959a86623e360b40c381d991892c1fa6c0c81bb4d03d8d3656cedd1e48539192fc8bd1474ce961159816dcdc76e95ed9d9893e91a0ca670cd1152cb014310facf952fa9fd0d30900196b604c10596c1a31c1e70416824c207656426b09ef9b558496ae87fc7449bfdba0d5628e9af6397385ddadc986424fde545c07664fb6ef2756ed9e443e39257eef2179fb9e4a9e84062f9b6048125151e2e7fad2560df277323b5e22ab2731dc802d6f372d2a335b5da7e5a86508329b3dceb56f0d4f9f6f9e48507af3ec99fc172c237e67ece3d51198a033a9c66f3243ef694893af85421ff6f93ecb95eacceba5fdc1a76810e999a40733b46433328b24ee17b718b135b74dd535202c7966de2de5a26412e600971704bb90007e42d3e6a3acd33e7358da6b32883c9ad30c2abb1cdef7452e211734c6fb6d199a397bea8aa3cf1f014929941c34ba06096e70d852fc420effc7924ec29c03bea29f289c82338f0115e00de549007456d5867253a5b9bb4493bcff815a3100fc45a0de0aad7b0b5c641ed1be3e8f07fb3b1a8a496ecfd3dff5abf0d8f5854621faeb4a9920d8c52b7a0338d49fd21d99c24e1943de3ba2668aea7bc95bcf21e2bf0b2d5f899f33d0cec31b60df4ef5a23e1b173cc89390c8bc3ee96e38de06f6016a2b0eafe86af9dc59bead4f5f948a81b1008a95e3ab39f8009bdb4f268f3002245e73ee2ff50cf1cd37e867cbe44ad370b9336e0dddcffb6dd8f2f79155235300bce6385e544105e6d278d345870216e61100337a871ab51b2cde74fe976e1f8b77a90bb8b51eefe7e4201db41915f482edbe1f8ae268314d5af95ffdeb94aba3f4e316990792d281a123d7febbba7f6abaed7ccfc0c567d4bd1c2d9ca217535167c9a09f1ad0ecaa99cc08338fead5deef7fab77d2082d893b91c27f8ea4e48e052a2a31c8e3f9510c4ce94ef16053bcc25eafa324e5a1d045a3de8f7d731e58ec9130427552323bcfde47f6b55b5634e8cb190fe183af132f12d72ef5e4d98508b57106ccb647ab505369c728958a0789c67ee80acc4bbf41b97fa56d8701c3ec5ead411aed16882dfb026c50c28b5fcc442c432837a82f8bfd47650b83aa71b909be61ea77cc029a0c615f8e390874995d19e224c38349c64bc166f50c54332d1a3eff0071d7a0b11a901c56a847b93ab5bd0bfad8f965cbfb53c2184c588fb7dbc5c693a3ade89b303e801a650b79c1ea957aabed937998b5df77ff29fd43515e8a5ffe441e323fefa45a2775237e1c749897d448f1f3ef60c7755d1a1441b96a136a86d341471d57c68c859813656658266c40b8bb8bafded8ed0d940f8c5954923eb43ad5afb58eb452d6430990bc924afb97191f31cd1a1f58e30b0c243f9636245c459280d16da1df1a30ff63de677554d6b252487455e8aff91370c4a0ba9f341384cf8483d18b9d3f2fc51b07ba8a5fa795d7925189ca344f0fddb8bf55e35013f6fab3806b3c4d17499ec1ae819d4f3aa6b6a570c2ea68558fa33373394584dbf11d41f7059b55f186bd54bdc30dea390872737bf0312f4c68dc963d28d5b218eca6314e23b7381cfbcd01c325d9a3869f1176eb82c183b37d65c8500a48e9bbb1c465e27bfb668a16100e5384d9116aa35f3b00b4ee3bc84700ab17283d4db6b420e6140d14d09b51ad020fc8e505d2c820ac307d45b211213c18487ce12dff233a5caf87cd94a77d0eba69d61452f41c1f82cbe32b567a39a4615a6d2155cc73c3b90dc55daf33c8d9eba3eb0e182c79dede1293dd30840ebf048df8a93e38d0136e856d94ea105cd04323406dc429b5551538625109105d88b1ac480d0fb1e9d1977099707f9f9534b683d855c4d3c30a29c6678a3221e0dea7772f8859f572420708da9a030ddf973cf9f221404117b05efb76bb08ecf34aa9b36b0418c74f90a07e8e5c91e1d7c8a8ea596c0de9b10c222e9588c2bbc77d860b7197b42b42a1ab834ce24fccbbe20f2579ec6dbd4efb9aa1a3d2e062de594d289273e98342440045a0c134e400003b50d4243826b029ecd177cf3d2cf3d164ddc58f88a970a0bbdc7f0d60271cab0df2dde79d1b929cd3028effccbe94c05008f4261297024e4f72604d52db9da7b0e5f2f4f59ebe77b319c54aaab9581a8355b75594eb6dc0fc25e91052c89764256ca464f9f6e45bc34d6e5aa28e1fd93997b58f21feff551aa3ecb5375c19ee4543f7339418c11b9ea18fe2637a9bc9744cc9fcb21a7643eb87683694732154bd1eec746f1c57bac65cf18a83267ea437f7993644c510ac44307703ea28b20e52644dbaabbe9ee1e23a38b29b91cf9077fecdb98ff4e4749c9d6ad2901c5a891c07a8b0c26ad1f8126e6db537df7fff65486afeb85eda80e2a04d09d46720330700267cbcf205b5c00076c01d9db0a64d5426864d14cce1781098afdc28f9f5948ab7791627baf78c3e9df2c0ed9ce50b083bc7a34ee0087f4efde579e2dea313e4e20580c5e63d5ef4509c05a9dc38ced91340bbb9cf948bb03ea5e60c666a1a5c4acd385d0c1a01797b9b3183f4afbc925dd2641d21410b4b1af2f21f8cca330fbc08834e1e8210fdcf332f70f08b48a2655cf017ec8a19640f2f263c54876d6f4ad2193be944667f6498baa32225d2b5b82abd3f2fc64033f1db9adff6b1c788555d5ffa1a35d4a691802447b163ba9a615d6c958036528bbab84230d676145054828d530f0e3af417ad0480eaf2004b9002b644bcd8f0ecf860c31766ace95769ab4fd01f297c595b45e6c7b1c9f662044f43fc82b6244e5d08b1e556599096c034600e20ff000d996b6ba3a6700116127b9468c9567ad920ddcf7ccf9c0a74f49984e24a7aaa2321ee58583c1bdba668cb98c319f682ffc5957015ba1799930d4b676bd3bc76037f6bc2d9ddcb47efebd366a90dc7e67076ebc25e2ef2929a89faee06aa04538a3ae7b196dfecd33725ce9f859c5df4713b220ecd18b1613ba76aebbe8f9f93eeaea9e88e46e7ed24c4efbd86fcd57a4f9fc76152175782871ab211a18ae303be8e9459aab930597d17875c5f5f24d9b16bd8dc4e25f6a7a1de05763da11ee7e26e1e32ee0a5ab2de5d069d03a6ea95a33abc1025d59800fccfff1f0e0f7335e2778b8731cbae94828dbe70507c5369f36d457e98d6042e342cbffde2ee74e05cf0f8aa7185de485e5050294472cd8c7ae03977b62cb287a9d6e4d66650dbc4d89e58ad4f7c24d46573acf85f633d1af73cf655788b431bf22315bdae78d9f6f9cfe32330cbf77bb0195a60244d4bcd0ea35b94bcdf7255ff58f1fb11a09a06747337c95f332a0ade622d49ce0f2943517fb4da8049f3c1b53cb68475c2eb52551d40cbeaf5e79a748c5314bb531b4fc28494b65ee8513427e1fd3cc990fe4ef5ead14b65f1c3e9e0598edf42e2862e2eb180b3e674fc3005859ac56ad17022a8f48b49dcc97e991cfece1d52b7ca82e711944a877567ca0da0663276480d69fa4be56f425bb84dc9177d3e3ed45fb737ce026b8df38336f9efedb89a8650f9fb73918d300c909e9f9189458e1930f09b05433980e79a2eacd0dda32852bdb1a417e4ba62b83d0e17ac8d39834f41c8cd49517013ec658c4e10b38d0788df96764d13ce074271b51041671240549d18540271c8898a5c9e4be4895881235d59666a1f0f3b3cd098786afd6ab4781b73275232b488fb3d9eff77e71f8448a95c653fc80d069c15aa2a80d5799e6c45eb27ea8d6675f28f7aa7cfe3cef877c91ecf3e576e942a20312ffb48a64a91876ec5d1ad2f6a68946e73db4785894736106906731793c3482365d4151051c8d5f16dcb0348628e3aba4087ea8c9ce24bb93190fa12916f529c8eed6dfd3f5bc24d09b1ad377699de3f687b392ec921d81e35dc27bd14be4d004e713c3d07cf600255d45fdfb326b4327c9507c6f69d01236eb9383133dbaa787ba37de14a12e850ec60381a9ffab939ce16cb9b490685343048c0933bc280e809fc8114096ae2d303bbcbbc941b70b5d1d03f59f0b534fa195cbcf34e57d2aaee9c1dcddb5eafd8399fd1d53bfdb48a6f6d3153bb903ce411800f7220bdcfa312ac603672c163a0896b85409859b817cd304e73f278634fab0b1dbe226d7e4f93f220180c3434c7c22ac3143e06702f9a21e66a46d4980bd20d9b0c62846362d0a1151584a28a87902dd0f35187850d501c68900", 0x2000, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={0x0})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180), 0x0})
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc})
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r7 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_TRY_FMT(r7, 0xc0d05640, &(0x7f0000000180)={0xb, @vbi={0x8, 0x7, 0x2001, 0x50313134, [0x4, 0x3], [0x3ff, 0x9], 0x13a}})

10.3027ms ago: executing program 1 (id=6805):
socket$xdp(0x2c, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1f}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x2, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty}, {0x0, 0x7, 0x10, 0x0, @gue={{0x2, 0x1, 0x3, 0xfd, 0x100, @val=0x80}}}}}}}, 0x0)
r4 = add_key$keyring(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, r4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = socket$nl_audit(0x10, 0x3, 0x9)
recvmmsg(r6, 0x0, 0x0, 0x2, 0x0)
sendmsg(r7, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
socket$inet(0x2, 0x2, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x40082)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)
connect$netlink(r8, &(0x7f00000005c0), 0xc)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000000206050800000000000000000000000005000400000000000900020073797a30000000001400078008001340000000000800064000000000050005000000000005000100060000000d000300686173683a6d6163"], 0x5c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
keyctl$KEYCTL_MOVE(0x1e, r4, r4, r5, 0x0)

0s ago: executing program 6 (id=6806):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7d}]}, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)

kernel console output (not intermixed with test programs):

peed USB device number 92 using dummy_hcd
[ 1651.416196][ T5952] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[ 1651.441959][ T5952] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1651.452263][ T5952] usb 3-1: New USB device found, idVendor=0458, idProduct=5005, bcdDevice= 0.00
[ 1651.478506][ T5952] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1651.505923][ T5952] usb 3-1: config 0 descriptor??
[ 1651.594952][T26195] QAT: Device 253 not found
[ 1651.616188][T26195] netlink: 'syz.1.4876': attribute type 1 has an invalid length.
[ 1651.652005][T26195] /dev/nullb0: Can't open blockdev
[ 1651.965252][ T5842] Bluetooth: hci0: command tx timeout
[ 1652.038223][T26110] chnl_net:caif_netlink_parms(): no params data found
[ 1652.072578][ T5952] kye 0003:0458:5005.000E: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[ 1652.122835][ T5952] kye 0003:0458:5005.000E: hidraw0: USB HID v0.00 Device [HID 0458:5005] on usb-dummy_hcd.2-1/input0
[ 1652.162255][ T5966] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[ 1652.174530][ T5952] kye 0003:0458:5005.000E: tablet-enabling feature report not found
[ 1652.218157][ T5966] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -71
[ 1652.235650][ T5952] kye 0003:0458:5005.000E: tablet enabling failed
[ 1652.270714][ T5966] usb 7-1: USB disconnect, device number 88
[ 1652.279957][ T5952] usb 3-1: USB disconnect, device number 92
[ 1652.357308][T26199] fido_id[26199]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[ 1652.689358][ T5842] Bluetooth: hci1: command tx timeout
[ 1652.853022][T26217] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4879'.
[ 1653.273075][T26223] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4881'.
[ 1653.282783][T26223] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4881'.
[ 1653.424907][T26110] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1653.473259][T26110] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1653.493625][T26110] bridge_slave_0: entered allmulticast mode
[ 1653.512179][T26110] bridge_slave_0: entered promiscuous mode
[ 1653.530226][T26110] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1653.548339][T26110] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1653.559660][T26110] bridge_slave_1: entered allmulticast mode
[ 1653.567814][T26110] bridge_slave_1: entered promiscuous mode
[ 1653.655211][ T5966] usb 3-1: new full-speed USB device number 93 using dummy_hcd
[ 1653.704516][T26110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1653.727140][T26110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1653.741887][T10760] IPVS: stop unused estimator thread 0...
[ 1653.792883][T26110] team0: Port device team_slave_0 added
[ 1653.803702][T26110] team0: Port device team_slave_1 added
[ 1653.831780][T26110] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1653.841066][T26110] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1653.868218][T26110] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1653.883078][T26110] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1653.891817][T26110] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1653.932326][T26110] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1654.049150][T23698] Bluetooth: hci0: command tx timeout
[ 1654.099227][T26239] comedi comedi0: Minor 3 could not be opened
[ 1654.181435][ T5966] usb 3-1: config 0 has an invalid descriptor of length 178, skipping remainder of the config
[ 1654.220228][ T5966] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1654.229723][ T5966] usb 3-1: New USB device found, idVendor=045e, idProduct=00f9, bcdDevice= 8.00
[ 1654.239114][ T5966] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1654.247188][ T5952] usb 7-1: new full-speed USB device number 89 using dummy_hcd
[ 1654.258301][ T5966] usb 3-1: config 0 descriptor??
[ 1654.268631][T10760] netdevsim netdevsim7 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1654.283801][T10760] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1654.357848][   T10] usb 2-1: new high-speed USB device number 88 using dummy_hcd
[ 1654.409954][T26110] hsr_slave_0: entered promiscuous mode
[ 1654.418966][T26110] hsr_slave_1: entered promiscuous mode
[ 1654.428895][T26110] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1654.429760][ T5952] usb 7-1: not running at top speed; connect to a high speed hub
[ 1654.444498][T26110] Cannot create hsr debugfs directory
[ 1654.467354][ T5952] usb 7-1: config 95 has an invalid interface number: 1 but max is 0
[ 1654.485281][ T5952] usb 7-1: config 95 has no interface number 0
[ 1654.491968][ T5952] usb 7-1: config 95 interface 1 has no altsetting 0
[ 1654.502260][ T5952] usb 7-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79
[ 1654.512169][ T5952] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1654.520603][ T5952] usb 7-1: Product: syz
[ 1654.524809][ T5952] usb 7-1: Manufacturer: syz
[ 1654.529947][ T5952] usb 7-1: SerialNumber: syz
[ 1654.540334][   T10] usb 2-1: Using ep0 maxpacket: 16
[ 1654.567612][   T10] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 8.00
[ 1654.586384][T10760] netdevsim netdevsim7 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1654.596830][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1654.607308][   T10] usb 2-1: config 0 descriptor??
[ 1654.622757][T10760] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1654.638652][   T10] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[ 1654.661408][   T10] usb 2-1: Detected FT4232H
[ 1654.738212][T10760] netdevsim netdevsim7 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1654.749101][T10760] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1654.765518][T23698] Bluetooth: hci1: command tx timeout
[ 1654.958774][T26239] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1655.141535][T26239] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1655.382701][   T30] audit: type=1400 audit(1753351186.277:1312): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=26220 comm="syz.2.4880" daddr=::ffff:255.255.255.255 dest=20004
[ 1655.435840][   T10] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[ 1655.457416][   T10] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[ 1655.479777][   T10] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1655.495659][   T10] usb 2-1: USB disconnect, device number 88
[ 1655.510930][   T10] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1655.522305][   T10] ftdi_sio 2-1:0.0: device disconnected
[ 1655.577113][T10760] netdevsim netdevsim7 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1655.581081][ T5952] usb 7-1: USB disconnect, device number 89
[ 1655.596571][T10760] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1656.379034][T26266] QAT: Device 253 not found
[ 1656.406404][T26188] chnl_net:caif_netlink_parms(): no params data found
[ 1656.432004][T26266] netlink: 'syz.1.4886': attribute type 1 has an invalid length.
[ 1656.455698][T26266] /dev/nullb0: Can't open blockdev
[ 1656.485277][T22427] usb 7-1: new high-speed USB device number 90 using dummy_hcd
[ 1656.629406][ T5966] usb 3-1: USB disconnect, device number 93
[ 1656.646940][T22427] usb 7-1: Using ep0 maxpacket: 32
[ 1656.659412][T22427] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[ 1656.676366][T22427] usb 7-1: config 0 has no interface number 0
[ 1656.695542][T22427] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1656.707809][T10760] bridge_slave_1: left allmulticast mode
[ 1656.715110][T22427] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1656.719833][T10760] bridge_slave_1: left promiscuous mode
[ 1656.723111][T22427] usb 7-1: Product: syz
[ 1656.741299][T22427] usb 7-1: Manufacturer: syz
[ 1656.747244][T22427] usb 7-1: SerialNumber: syz
[ 1656.845349][T23698] Bluetooth: hci1: command tx timeout
[ 1656.862092][T10760] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1656.862739][T22427] usb 7-1: config 0 descriptor??
[ 1656.915108][T10760] bridge_slave_0: left allmulticast mode
[ 1656.920844][T10760] bridge_slave_0: left promiscuous mode
[ 1656.958205][T10760] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1657.270756][T22427] smsc95xx v2.0.0
[ 1657.557380][T22427] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1657.618010][T22427] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1657.636687][T26278] netlink: 68 bytes leftover after parsing attributes in process `syz.2.4889'.
[ 1658.925362][T23698] Bluetooth: hci1: command tx timeout
[ 1659.089829][T26287] FAULT_INJECTION: forcing a failure.
[ 1659.089829][T26287] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1659.112110][T26287] CPU: 1 UID: 0 PID: 26287 Comm: syz.2.4890 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1659.112134][T26287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1659.112145][T26287] Call Trace:
[ 1659.112154][T26287]  <TASK>
[ 1659.112162][T26287]  dump_stack_lvl+0x189/0x250
[ 1659.112185][T26287]  ? __pfx____ratelimit+0x10/0x10
[ 1659.112203][T26287]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1659.112220][T26287]  ? __pfx__printk+0x10/0x10
[ 1659.112240][T26287]  ? __might_fault+0xb0/0x130
[ 1659.112266][T26287]  should_fail_ex+0x414/0x560
[ 1659.112287][T26287]  _copy_from_user+0x2d/0xb0
[ 1659.112309][T26287]  ___sys_recvmsg+0x12e/0x510
[ 1659.112331][T26287]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1659.112370][T26287]  ? __fget_files+0x3a0/0x420
[ 1659.112397][T26287]  __x64_sys_recvmsg+0x198/0x260
[ 1659.112416][T26287]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[ 1659.112444][T26287]  ? rcu_is_watching+0x15/0xb0
[ 1659.112461][T26287]  ? trace_sys_enter+0x25/0x120
[ 1659.112481][T26287]  do_syscall_64+0xfa/0x3b0
[ 1659.112497][T26287]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1659.112514][T26287]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1659.112530][T26287]  ? clear_bhb_loop+0x60/0xb0
[ 1659.112549][T26287]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1659.112565][T26287] RIP: 0033:0x7f811638e9a9
[ 1659.112580][T26287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1659.112593][T26287] RSP: 002b:00007f811718c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 1659.112611][T26287] RAX: ffffffffffffffda RBX: 00007f81165b6160 RCX: 00007f811638e9a9
[ 1659.112623][T26287] RDX: 0000000000000038 RSI: 0000200000000b40 RDI: 0000000000000004
[ 1659.112634][T26287] RBP: 00007f811718c090 R08: 0000000000000000 R09: 0000000000000000
[ 1659.112643][T26287] R10: 0000000000000143 R11: 0000000000000246 R12: 0000000000000001
[ 1659.112653][T26287] R13: 0000000000000001 R14: 00007f81165b6160 R15: 00007fff3a3a4608
[ 1659.112679][T26287]  </TASK>
[ 1659.488912][T10760] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1659.502323][T10760] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1659.515910][T10760] bond0 (unregistering): Released all slaves
[ 1659.538631][T10760] bond1 (unregistering): Released all slaves
[ 1659.860732][T10760] tipc: Left network mode
[ 1659.865387][T22427] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[ 1659.897720][T22427] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -71
[ 1659.943392][T22427] usb 7-1: USB disconnect, device number 90
[ 1660.102813][T26110] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1660.279266][T26299] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4892'.
[ 1660.288786][T26299] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4892'.
[ 1661.826370][T26309] QAT: Device 253 not found
[ 1661.834453][T26309] netlink: 'syz.2.4896': attribute type 1 has an invalid length.
[ 1661.856958][T26309] /dev/nullb0: Can't open blockdev
[ 1661.911763][T26110] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1661.947187][T26110] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1661.959678][T26305] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4893'.
[ 1661.965466][T26110] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1661.975557][T26305] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4893'.
[ 1662.149888][T26188] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1662.233768][T26188] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1662.327975][T26188] bridge_slave_0: entered allmulticast mode
[ 1662.388112][T26188] bridge_slave_0: entered promiscuous mode
[ 1663.335987][T26188] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1663.343170][T26188] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1663.405671][T26188] bridge_slave_1: entered allmulticast mode
[ 1663.413340][T26188] bridge_slave_1: entered promiscuous mode
[ 1663.762386][T26335] overlayfs: workdir and upperdir must be separate subtrees
[ 1664.255982][T10760] hsr_slave_0: left promiscuous mode
[ 1664.279643][T10760] hsr_slave_1: left promiscuous mode
[ 1664.304181][T10760] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1664.334343][T10760] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1664.370376][T10760] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1664.390674][T10760] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1664.518677][T10760] veth1_macvtap: left promiscuous mode
[ 1664.578206][T10760] veth0_macvtap: left promiscuous mode
[ 1664.631925][T10760] veth1_vlan: left promiscuous mode
[ 1664.661909][T10760] veth0_vlan: left promiscuous mode
[ 1664.835400][ T5952] usb 7-1: new full-speed USB device number 91 using dummy_hcd
[ 1664.998568][ T5952] usb 7-1: not running at top speed; connect to a high speed hub
[ 1665.016586][ T5952] usb 7-1: config 95 has an invalid interface number: 1 but max is 0
[ 1665.041142][ T5952] usb 7-1: config 95 has no interface number 0
[ 1665.055508][ T5952] usb 7-1: config 95 interface 1 has no altsetting 0
[ 1665.084640][ T5952] usb 7-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79
[ 1665.110452][ T5952] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1665.135214][ T5952] usb 7-1: Product: syz
[ 1665.139526][ T5952] usb 7-1: Manufacturer: syz
[ 1665.154876][ T5952] usb 7-1: SerialNumber: syz
[ 1666.072448][ T5952] usb 7-1: USB disconnect, device number 91
[ 1666.302517][T26042] udevd[26042]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:95.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1666.432680][T26367] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4905'.
[ 1666.782467][T26372] QAT: Device 253 not found
[ 1666.792552][T26372] netlink: 'syz.6.4906': attribute type 1 has an invalid length.
[ 1666.809056][T26372] /dev/nullb0: Can't open blockdev
[ 1667.140486][T26188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1667.170939][T26188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1667.298944][T26188] team0: Port device team_slave_0 added
[ 1667.320992][T26188] team0: Port device team_slave_1 added
[ 1667.503833][T26188] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1667.515529][T26188] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1667.542676][T26188] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1667.563481][T26380] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1667.788043][T26188] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1667.795993][T26188] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1667.822521][T26188] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1668.770686][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1668.963963][ T5952] usb 7-1: new high-speed USB device number 92 using dummy_hcd
[ 1669.211528][ T5952] usb 7-1: Using ep0 maxpacket: 8
[ 1669.219762][T26188] hsr_slave_0: entered promiscuous mode
[ 1669.249337][T26188] hsr_slave_1: entered promiscuous mode
[ 1669.369483][ T5952] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[ 1669.372914][T26188] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1669.380585][ T5952] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1669.398156][ T5952] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1669.409626][ T5952] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[ 1669.415694][T26188] Cannot create hsr debugfs directory
[ 1669.421062][ T5952] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 1669.549667][ T5952] usb 7-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[ 1669.609079][T10760] IPVS: stop unused estimator thread 0...
[ 1669.648683][ T5952] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1669.989831][ T5952] usb 7-1: config 0 descriptor??
[ 1670.013483][T26386] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1670.275310][T26110] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1670.670866][T26110] 8021q: adding VLAN 0 to HW filter on device team0
[ 1670.839182][T10761] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1670.846405][T10761] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1670.939038][T26386] binder: Unknown parameter 'func'
[ 1671.002883][T17878] usb 7-1: USB disconnect, device number 92
[ 1671.012108][T23698] Bluetooth: hci5: Opcode 0x0c03 failed: -19
[ 1671.062672][T10756] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1671.069945][T10756] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1671.842015][T26110] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1671.863033][T26110] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1671.943400][T26188] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1671.960764][T26427] QAT: Device 253 not found
[ 1671.966769][T26427] netlink: 'syz.6.4917': attribute type 1 has an invalid length.
[ 1671.996772][T26188] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1672.047897][T26427] /dev/nullb0: Can't open blockdev
[ 1672.050702][T26188] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1672.105925][T26188] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1672.618356][T26446] ipvlan2: entered promiscuous mode
[ 1672.623840][T26446] ipvlan2: entered allmulticast mode
[ 1672.781158][T26449] ubi: mtd0 is already attached to ubi31
[ 1672.814397][T26446] hsr0: entered allmulticast mode
[ 1672.828700][T26446] hsr_slave_0: entered allmulticast mode
[ 1672.834417][T26446] hsr_slave_1: entered allmulticast mode
[ 1673.266773][T26188] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1673.329763][T26110] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1674.722350][T26188] 8021q: adding VLAN 0 to HW filter on device team0
[ 1674.787136][T21995] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1674.794337][T21995] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1674.932833][T21995] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1674.940112][T21995] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1675.270492][T13747] usb 3-1: new high-speed USB device number 94 using dummy_hcd
[ 1675.437252][T13747] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1675.476072][T13747] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1675.514881][T13747] usb 3-1: config 1 has no interface number 0
[ 1675.548554][T13747] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1675.586510][T13747] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[ 1675.614472][T13747] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1675.665273][T13747] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1675.673326][T13747] usb 3-1: Product: syz
[ 1675.717630][T13747] usb 3-1: Manufacturer: syz
[ 1675.722292][T13747] usb 3-1: SerialNumber: syz
[ 1675.800695][T26188] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1675.968490][T26110] veth0_vlan: entered promiscuous mode
[ 1675.993705][T26475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1676.037782][T26110] veth1_vlan: entered promiscuous mode
[ 1676.046838][T26475] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1676.123615][T26475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1676.158383][T26110] veth0_macvtap: entered promiscuous mode
[ 1676.159022][T26475] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1676.197791][T26110] veth1_macvtap: entered promiscuous mode
[ 1676.250736][T26474] [U] 
[ 1676.272553][T13747] cdc_ncm 3-1:1.1: bind() failure
[ 1676.291866][T26110] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1676.319208][T13747] usb 3-1: USB disconnect, device number 94
[ 1676.330694][T26110] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1676.442621][T26110] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1676.473267][T26110] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1676.486967][T26110] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1676.500180][T26110] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1676.807006][T10751] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1676.841294][T10751] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1677.013453][T26188] veth0_vlan: entered promiscuous mode
[ 1677.029049][T10751] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1677.044303][T10751] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1677.073818][T26188] veth1_vlan: entered promiscuous mode
[ 1677.188177][T26533] netlink: 'syz.2.4935': attribute type 5 has an invalid length.
[ 1677.212202][T26188] veth0_macvtap: entered promiscuous mode
[ 1677.247296][T26188] veth1_macvtap: entered promiscuous mode
[ 1677.316319][T26188] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1677.364537][T26188] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1677.478135][T26188] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1677.517086][T26188] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1677.696223][T26188] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1677.737325][T26188] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1678.368133][T21995] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1678.402637][T21995] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1678.524493][T10761] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1678.570755][T10761] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1678.664187][T26569] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4946'.
[ 1678.949329][T26578] netlink: 32 bytes leftover after parsing attributes in process `syz.9.4871'.
[ 1678.977594][T11399] IPVS: starting estimator thread 0...
[ 1679.068365][T26582] IPVS: using max 32 ests per chain, 76800 per kthread
[ 1681.104055][T11399] kernel write not supported for file /vcsa (pid: 11399 comm: kworker/0:2)
[ 1683.469662][T26731] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4995'.
[ 1683.755380][T26738] netlink: 96 bytes leftover after parsing attributes in process `syz.8.4996'.
[ 1685.143974][T26772] 9pnet_fd: Insufficient options for proto=fd
[ 1686.136480][T26804] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1687.622875][T26875] netlink: 28 bytes leftover after parsing attributes in process `syz.8.5041'.
[ 1688.087963][   T30] audit: type=1400 audit(1753351218.977:1313): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=26891 comm="syz.9.5046" daddr=::ffff:0.0.0.0 dest=20002
[ 1689.735305][T26972] netlink: 'syz.8.5076': attribute type 46 has an invalid length.
[ 1690.120182][T26988] fuse: Bad value for 'fd'
[ 1690.137316][T26988] 9pnet_fd: Insufficient options for proto=fd
[ 1690.633556][T27009] 9pnet_fd: Insufficient options for proto=fd
[ 1690.810584][T27021] netlink: 164 bytes leftover after parsing attributes in process `syz.6.5096'.
[ 1691.021421][T26996] block device autoloading is deprecated and will be removed.
[ 1692.538663][T27093] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1694.474367][T27179] 9pnet_fd: Insufficient options for proto=fd
[ 1696.755192][T27280] 9pnet_fd: Insufficient options for proto=fd
[ 1696.878821][T27285] 9pnet_fd: Insufficient options for proto=fd
[ 1697.054079][T27294] netlink: 12 bytes leftover after parsing attributes in process `syz.9.5187'.
[ 1697.102968][   T30] audit: type=1400 audit(1753351227.997:1314): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=27296 comm="syz.8.5188" daddr=::ffff:0.0.0.0 dest=20002
[ 1697.209829][T27302] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5190'.
[ 1697.444822][T27311] fuse: Bad value for 'fd'
[ 1697.661612][T27324] 9pnet_fd: Insufficient options for proto=fd
[ 1697.720386][T27328] 9pnet_fd: Insufficient options for proto=fd
[ 1699.393248][T27410] fuse: Bad value for 'fd'
[ 1700.763637][T27457] 9pnet_fd: Insufficient options for proto=fd
[ 1701.119525][T27474] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1701.433467][T27490] (unnamed net_device) (uninitialized): peer notification delay (6) is not a multiple of miimon (100), value rounded to 0 ms
[ 1701.614568][T27490] bond1: entered allmulticast mode
[ 1701.657824][T27490] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1701.854273][T27512] fuse: Bad value for 'fd'
[ 1701.938751][T27515] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5261'.
[ 1701.975496][T27515] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5261'.
[ 1702.013114][T27515] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5261'.
[ 1702.038480][T27515] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5261'.
[ 1702.509362][T27534] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[ 1705.602310][T27676] fuse: Bad value for 'fd'
[ 1705.833759][T27687] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5323'.
[ 1706.348625][T27713] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5336'.
[ 1706.898332][T27748] fuse: Bad value for 'fd'
[ 1707.330583][T27765] fuse: Bad value for 'fd'
[ 1707.789966][   T30] audit: type=1326 audit(1753351238.687:1315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27785 comm="syz.6.5366" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffbe218e9a9 code=0x0
[ 1707.846326][   T30] audit: type=1326 audit(1753351238.737:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27785 comm="syz.6.5366" exe="/root/syz-executor" sig=31 arch=c000003e syscall=436 compat=0 ip=0x7ffbe218e9a9 code=0x0
[ 1708.301811][T27805] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5373'.
[ 1708.762039][T27826] fuse: Bad value for 'fd'
[ 1709.005731][T27839] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled
[ 1711.133104][T27903] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5412'.
[ 1711.144388][T27903] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1711.446409][T27917] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5416'.
[ 1711.509068][T27921] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5417'.
[ 1711.945457][T27940] netlink: 12 bytes leftover after parsing attributes in process `syz.9.5423'.
[ 1713.271862][T28003] fuse: Bad value for 'fd'
[ 1713.533131][T28022] 9pnet_fd: Insufficient options for proto=fd
[ 1713.847943][T28037] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1714.120006][T28056] netlink: 12 bytes leftover after parsing attributes in process `syz.9.5460'.
[ 1714.557783][T28073] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1714.773624][T28083] fuse: Bad value for 'fd'
[ 1715.766750][   T30] audit: type=1400 audit(1753351246.667:1317): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=28119 comm="syz.2.5483" dest=20002
[ 1716.963642][T28178] 9pnet_fd: Insufficient options for proto=fd
[ 1717.656044][T28212] fuse: Bad value for 'fd'
[ 1718.549528][T28252] fuse: Bad value for 'fd'
[ 1719.954413][T28299] fuse: Bad value for 'fd'
[ 1720.673397][   T30] audit: type=1400 audit(1753351251.567:1318): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=28323 comm="syz.8.5558" daddr=::ffff:0.0.0.0 dest=20002
[ 1721.584299][T28359] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5566'.
[ 1722.430168][T28377] fuse: Bad value for 'fd'
[ 1723.305438][T28417] netlink: 24 bytes leftover after parsing attributes in process `syz.8.5584'.
[ 1724.025458][T28451] netlink: 24 bytes leftover after parsing attributes in process `syz.8.5599'.
[ 1725.384729][T28503] fuse: Bad value for 'group_id'
[ 1725.425407][T28503] fuse: Bad value for 'group_id'
[ 1726.070362][T28527] netlink: 24 bytes leftover after parsing attributes in process `syz.8.5618'.
[ 1727.710047][T28576] fuse: Bad value for 'fd'
[ 1728.402415][T28606] netlink: 24 bytes leftover after parsing attributes in process `syz.9.5642'.
[ 1728.937380][T28635] netlink: 12 bytes leftover after parsing attributes in process `syz.8.5651'.
[ 1729.907836][   T30] audit: type=1400 audit(1753351260.807:1319): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=28665 comm="syz.6.5663" dest=20001
[ 1730.210073][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1731.140906][T28704] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5675'.
[ 1731.482998][T28714] fuse: Bad value for 'fd'
[ 1732.633188][T28771] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5700'.
[ 1737.014227][T28915] fuse: Bad value for 'fd'
[ 1737.217850][T28925] sctp: [Deprecated]: syz.9.5755 (pid 28925) Use of int in maxseg socket option.
[ 1737.217850][T28925] Use struct sctp_assoc_value instead
[ 1737.284350][T28919] sctp: [Deprecated]: syz.9.5755 (pid 28919) Use of int in max_burst socket option deprecated.
[ 1737.284350][T28919] Use struct sctp_assoc_value instead
[ 1738.039751][T28962] fuse: Bad value for 'group_id'
[ 1738.054950][T28962] fuse: Bad value for 'group_id'
[ 1739.923998][T29023] fuse: Bad value for 'group_id'
[ 1739.943986][T29023] fuse: Bad value for 'group_id'
[ 1741.233643][T29080] fuse: Bad value for 'user_id'
[ 1741.242347][T29080] fuse: Bad value for 'user_id'
[ 1741.828578][T29118] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5834'.
[ 1743.320811][T29209] veth0_vlan: entered allmulticast mode
[ 1743.349921][T29209] veth0_vlan: left promiscuous mode
[ 1743.355337][T29209] veth0_vlan: entered promiscuous mode
[ 1743.573690][T29219] fuse: Unknown parameter 'grou00000000000000000000'
[ 1744.436927][T29239] fuse: Bad value for 'fd'
[ 1744.469927][T26983] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[ 1744.536194][T29241] fuse: Bad value for 'fd'
[ 1744.635240][T26983] usb 10-1: Using ep0 maxpacket: 8
[ 1744.657186][T26983] usb 10-1: config 179 has an invalid interface number: 65 but max is 0
[ 1744.668579][T26983] usb 10-1: config 179 has no interface number 0
[ 1744.728781][T26983] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1744.753300][T26983] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1745.133061][T29253] Set syz0 is full, maxelem 0 reached
[ 1745.200087][T26983] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1745.212976][T26983] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1745.285090][T29257] fuse: Unknown parameter 'grou00000000000000000000'
[ 1745.431304][T26983] usb 10-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1745.478838][T26983] usb 10-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1745.544799][T26983] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1745.640248][T29228] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[ 1745.934978][T29228] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(4)
[ 1745.941548][T29228] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1745.958108][T29228] vhci_hcd vhci_hcd.0: Device attached
[ 1745.967134][T29228] bridge0: port 3(netdevsim0) entered blocking state
[ 1746.041737][T29228] bridge0: port 3(netdevsim0) entered disabled state
[ 1746.069940][T29228] netdevsim netdevsim9 netdevsim0: entered allmulticast mode
[ 1746.132587][T29228] netdevsim netdevsim9 netdevsim0: entered promiscuous mode
[ 1746.173067][T29228] bridge0: port 3(netdevsim0) entered blocking state
[ 1746.179959][T29228] bridge0: port 3(netdevsim0) entered forwarding state
[ 1746.206502][T26198] usb 51-1: new low-speed USB device number 2 using vhci_hcd
[ 1746.230435][T29280] overlayfs: failed to clone upperpath
[ 1746.277140][T29270] vhci_hcd: connection reset by peer
[ 1746.300204][T17878] usb 10-1: USB disconnect, device number 2
[ 1746.300263][    C0] xpad 10-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1746.314610][    C0] xpad 10-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1746.350007][T10761] vhci_hcd: stop threads
[ 1746.373809][T10761] vhci_hcd: release socket
[ 1746.404184][T10761] vhci_hcd: disconnect device
[ 1746.425681][   T30] audit: type=1400 audit(1753351277.317:1320): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=29283 comm="syz.8.5903" dest=20000
[ 1746.999816][T29292] fuse: Bad value for 'fd'
[ 1749.052377][ T5842] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1749.068822][ T5842] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1749.079884][ T5842] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1749.106478][ T5842] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1749.114423][ T5842] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1749.532797][   T30] audit: type=1400 audit(1753351280.427:1321): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=29347 comm="syz.9.5923" dest=20000
[ 1749.995685][   T30] audit: type=1400 audit(1753351280.887:1322): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=29355 comm="syz.1.5925" daddr=::ffff:255.255.255.255 dest=20004
[ 1750.504893][T10761] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1750.521039][T10761] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1750.647518][T29335] chnl_net:caif_netlink_parms(): no params data found
[ 1750.778006][T10761] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1750.788662][T10761] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1750.905779][T29371] syzkaller0: entered promiscuous mode
[ 1750.920793][T29371] syzkaller0: entered allmulticast mode
[ 1751.114031][T10761] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1751.130234][T29384] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5934'.
[ 1751.140814][T10761] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1751.165361][T23698] Bluetooth: hci5: command tx timeout
[ 1751.395172][T26198] vhci_hcd: vhci_device speed not set
[ 1752.239034][T29408] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5941'.
[ 1753.253917][T23698] Bluetooth: hci5: command tx timeout
[ 1754.797940][T10761] netdevsim netdevsim2 netdevsim0 (unregistering): left allmulticast mode
[ 1755.335161][T23698] Bluetooth: hci5: command tx timeout
[ 1755.374586][T10761] bridge0: port 3(netdevsim0) entered disabled state
[ 1755.529442][T10761] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1755.573893][T10761] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1755.758778][T29335] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1755.776507][T29335] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1755.827741][T29335] bridge_slave_0: entered allmulticast mode
[ 1755.833713][   T30] audit: type=1400 audit(1753351286.717:1323): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=29438 comm="syz.8.5951" daddr=::ffff:255.255.255.255 dest=20004
[ 1755.865702][T29335] bridge_slave_0: entered promiscuous mode
[ 1755.891176][T29335] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1755.901725][T29335] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1755.911080][T29335] bridge_slave_1: entered allmulticast mode
[ 1755.920961][T29335] bridge_slave_1: entered promiscuous mode
[ 1756.185151][T29335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1756.298524][T29335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1756.690502][T29457] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5956'.
[ 1756.805421][T29335] team0: Port device team_slave_0 added
[ 1756.832368][T10761] bridge_slave_1: left allmulticast mode
[ 1756.866285][T10761] bridge_slave_1: left promiscuous mode
[ 1756.883440][T10761] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1756.899427][T10761] bridge_slave_0: left allmulticast mode
[ 1756.912996][T10761] bridge_slave_0: left promiscuous mode
[ 1756.928013][T10761] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1757.356464][T29464] QAT: Device 253 not found
[ 1757.402437][T29464] /dev/nullb0: Can't open blockdev
[ 1757.415591][T23698] Bluetooth: hci5: command tx timeout
[ 1757.772688][T29478] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5965'.
[ 1760.290878][T10761] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1760.358977][T10761] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1760.407306][T10761] bond0 (unregistering): Released all slaves
[ 1760.437191][T29512] netlink: 20 bytes leftover after parsing attributes in process `syz.8.5975'.
[ 1761.383725][T10761] bond1 (unregistering): Released all slaves
[ 1761.470074][T29335] team0: Port device team_slave_1 added
[ 1761.595491][T10761] tipc: Left network mode
[ 1761.762913][T29335] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1761.784133][T29335] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1761.900026][T29335] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1762.223859][T29335] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1762.240183][T29335] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1762.291246][T29335] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1762.326148][T29533] netlink: 'syz.8.5983': attribute type 12 has an invalid length.
[ 1762.334667][T29533] netlink: 'syz.8.5983': attribute type 29 has an invalid length.
[ 1762.342714][T29533] netlink: 148 bytes leftover after parsing attributes in process `syz.8.5983'.
[ 1762.351840][T29533] netlink: 'syz.8.5983': attribute type 2 has an invalid length.
[ 1762.359608][T29533] netlink: 43 bytes leftover after parsing attributes in process `syz.8.5983'.
[ 1762.368849][ T5966] usb 10-1: new full-speed USB device number 3 using dummy_hcd
[ 1762.578522][ T5966] usb 10-1: config 0 has an invalid descriptor of length 178, skipping remainder of the config
[ 1762.804754][T29539] Set syz0 is full, maxelem 0 reached
[ 1762.813050][ T5966] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1762.861196][ T5966] usb 10-1: New USB device found, idVendor=045e, idProduct=00f9, bcdDevice= 8.00
[ 1762.873536][ T5966] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1762.889645][ T5966] usb 10-1: config 0 descriptor??
[ 1762.984579][T29335] hsr_slave_0: entered promiscuous mode
[ 1762.997666][T29335] hsr_slave_1: entered promiscuous mode
[ 1763.004924][T29335] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1763.056181][T29335] Cannot create hsr debugfs directory
[ 1763.290578][T10761] hsr_slave_0: left promiscuous mode
[ 1763.384234][T10761] hsr_slave_1: left promiscuous mode
[ 1763.431890][T10761] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1763.459288][T10761] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1763.486627][T29552] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5988'.
[ 1763.525237][T29552] netlink: 20 bytes leftover after parsing attributes in process `syz.8.5988'.
[ 1763.536308][T10761] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1763.556441][T10761] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1763.648377][T10761] veth1_macvtap: left promiscuous mode
[ 1763.654114][T10761] veth0_macvtap: left promiscuous mode
[ 1763.660372][T10761] veth1_vlan: left promiscuous mode
[ 1763.670503][T10761] veth0_vlan: left promiscuous mode
[ 1763.873349][   T30] audit: type=1400 audit(1753351294.767:1324): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=29522 comm="syz.9.5980" daddr=::ffff:255.255.255.255 dest=20004
[ 1764.321561][   T30] audit: type=1400 audit(1753351295.217:1325): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=29571 comm="syz.6.5992" daddr=::ffff:172.20.20.170 dest=16384
[ 1765.649776][ T5966] usb 10-1: USB disconnect, device number 3
[ 1765.920286][T29552] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1765.929451][T29552] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1765.938475][T29552] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1765.947416][T29552] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1766.504418][T29590] syz.9.5998 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 1767.553361][T29605] netlink: 'syz.8.6002': attribute type 9 has an invalid length.
[ 1767.566514][T29605] netlink: 'syz.8.6002': attribute type 9 has an invalid length.
[ 1768.130805][ T5842] Bluetooth: hci0: command 0x0406 tx timeout
[ 1768.786492][T29634] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6010'.
[ 1768.831600][T29630] netlink: 20 bytes leftover after parsing attributes in process `syz.9.6009'.
[ 1768.852776][T29634] netlink: 20 bytes leftover after parsing attributes in process `syz.8.6010'.
[ 1769.322209][T29335] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1769.345201][ T5952] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[ 1769.367254][T29335] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1769.410056][T29335] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1769.464310][T29651] netlink: 'syz.6.6013': attribute type 9 has an invalid length.
[ 1769.468105][T29335] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1769.536094][ T5952] usb 10-1: Using ep0 maxpacket: 32
[ 1769.549013][T29657] netlink: 'syz.6.6013': attribute type 9 has an invalid length.
[ 1769.568784][ T5952] usb 10-1: config 0 has an invalid interface number: 67 but max is 0
[ 1769.600599][ T5952] usb 10-1: config 0 has no interface number 0
[ 1769.616611][ T5952] usb 10-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1769.631174][ T5952] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1769.655080][ T5952] usb 10-1: Product: syz
[ 1769.659483][ T5952] usb 10-1: Manufacturer: syz
[ 1769.674876][ T5952] usb 10-1: SerialNumber: syz
[ 1769.687739][ T5952] usb 10-1: config 0 descriptor??
[ 1769.711223][ T5952] smsc95xx v2.0.0
[ 1770.494598][ T5952] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1770.574774][ T5952] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1770.982903][T29673] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1771.005408][T29335] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1771.055530][ T5952] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[ 1771.081040][T29335] 8021q: adding VLAN 0 to HW filter on device team0
[ 1771.096000][ T5952] smsc95xx 10-1:0.67: probe with driver smsc95xx failed with error -71
[ 1771.133651][T20536] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1771.140917][T20536] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1771.149137][ T5952] usb 10-1: USB disconnect, device number 4
[ 1771.207761][T20536] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1771.215048][T20536] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1772.807509][T29335] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1773.002255][T29335] veth0_vlan: entered promiscuous mode
[ 1773.061486][T29335] veth1_vlan: entered promiscuous mode
[ 1773.285657][ T5842] Bluetooth: hci1: command 0x0406 tx timeout
[ 1773.412591][   T30] audit: type=1400 audit(1753351304.117:1326): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=29707 comm="syz.1.6027" dest=20003
[ 1773.859274][T29335] veth0_macvtap: entered promiscuous mode
[ 1773.869962][T29335] veth1_macvtap: entered promiscuous mode
[ 1773.930815][T29335] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1773.993022][T29335] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1774.044855][T29335] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1774.103109][T29335] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1774.161234][T29335] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1774.224006][T29335] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1774.729637][T20536] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1774.777639][T20536] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1774.894279][T21994] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1774.961137][T21994] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1775.659939][T29764] lo speed is unknown, defaulting to 1000
[ 1775.666166][T29764] lo speed is unknown, defaulting to 1000
[ 1775.678115][T29764] lo speed is unknown, defaulting to 1000
[ 1775.818799][T29764] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[ 1775.959027][T29764] lo speed is unknown, defaulting to 1000
[ 1775.979346][T29764] lo speed is unknown, defaulting to 1000
[ 1775.997845][T29764] lo speed is unknown, defaulting to 1000
[ 1776.017334][T29764] lo speed is unknown, defaulting to 1000
[ 1776.036753][T29764] lo speed is unknown, defaulting to 1000
[ 1776.044421][T29764] lo speed is unknown, defaulting to 1000
[ 1776.637811][T29778] netlink: 20 bytes leftover after parsing attributes in process `syz.8.6046'.
[ 1776.841908][T29784] netlink: 24 bytes leftover after parsing attributes in process `syz.8.6047'.
[ 1776.961588][T29789] netlink: 'syz.2.6048': attribute type 9 has an invalid length.
[ 1777.021704][T29789] netlink: 'syz.2.6048': attribute type 9 has an invalid length.
[ 1777.771536][T29794] netlink: 'syz.9.6049': attribute type 12 has an invalid length.
[ 1777.781789][T29794] netlink: 'syz.9.6049': attribute type 29 has an invalid length.
[ 1777.789806][T29794] netlink: 148 bytes leftover after parsing attributes in process `syz.9.6049'.
[ 1777.801340][T29794] netlink: 51 bytes leftover after parsing attributes in process `syz.9.6049'.
[ 1779.115233][T26983] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[ 1779.275098][T26983] usb 3-1: Using ep0 maxpacket: 32
[ 1779.308233][T26983] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[ 1779.355059][T26983] usb 3-1: config 0 has no interface number 0
[ 1779.385112][T26983] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1779.414816][T26983] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1779.525238][T26983] usb 3-1: Product: syz
[ 1779.529456][T26983] usb 3-1: Manufacturer: syz
[ 1779.545532][T29827] fuse: Unknown parameter '0xffffffffffffffff'
[ 1779.733660][T26983] usb 3-1: SerialNumber: syz
[ 1779.793439][T26983] usb 3-1: config 0 descriptor??
[ 1779.937921][T26983] smsc95xx v2.0.0
[ 1780.248304][T29839] netlink: 24 bytes leftover after parsing attributes in process `syz.9.6063'.
[ 1780.354559][T26983] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1780.726497][T26983] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1780.961813][T26983] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[ 1780.974718][T26983] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71
[ 1781.033364][T26983] usb 3-1: USB disconnect, device number 95
[ 1782.424154][T29870] fuse: Bad value for 'fd'
[ 1782.729665][T29884] fuse: Unknown parameter '0x0000000000000003'
[ 1782.914919][T29893] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6077'.
[ 1783.397686][T29895] netlink: 'syz.2.6076': attribute type 12 has an invalid length.
[ 1783.406290][T29895] netlink: 'syz.2.6076': attribute type 29 has an invalid length.
[ 1783.414091][T29895] netlink: 148 bytes leftover after parsing attributes in process `syz.2.6076'.
[ 1783.423207][T29895] netlink: 'syz.2.6076': attribute type 2 has an invalid length.
[ 1783.431765][T29895] netlink: 43 bytes leftover after parsing attributes in process `syz.2.6076'.
[ 1784.513454][   T30] audit: type=1400 audit(1753351315.407:1327): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=29908 comm="syz.6.6081" daddr=::ffff:255.255.255.255 dest=20004
[ 1784.765271][T17878] usb 10-1: new full-speed USB device number 5 using dummy_hcd
[ 1784.953853][T17878] usb 10-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[ 1784.986768][T17878] usb 10-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[ 1785.004152][T17878] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1785.186449][T17878] usb 10-1: Product: syz
[ 1785.190768][T17878] usb 10-1: Manufacturer: syz
[ 1785.195723][T17878] usb 10-1: SerialNumber: syz
[ 1785.377684][T29940] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6093'.
[ 1785.396172][T29942] netlink: 20 bytes leftover after parsing attributes in process `syz.8.6094'.
[ 1786.021658][T17878] comedi comedi5: Wrong number of endpoints
[ 1786.089783][T17878] ni6501 10-1:5.0: driver 'ni6501' failed to auto-configure device.
[ 1786.128058][T29953] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6098'.
[ 1786.153832][ T5966] IPVS: starting estimator thread 0...
[ 1786.229576][T17878] usb 10-1: USB disconnect, device number 5
[ 1786.245887][T29956] IPVS: using max 50 ests per chain, 120000 per kthread
[ 1786.490664][T29967] fuse: Bad value for 'rootmode'
[ 1786.716466][T29972] netlink: 'syz.9.6105': attribute type 12 has an invalid length.
[ 1786.724543][T29972] netlink: 'syz.9.6105': attribute type 29 has an invalid length.
[ 1786.732648][T29972] netlink: 148 bytes leftover after parsing attributes in process `syz.9.6105'.
[ 1786.742686][T29972] netlink: 51 bytes leftover after parsing attributes in process `syz.9.6105'.
[ 1786.865558][T29970] fuse: Unknown parameter '0x0000000000000003'
[ 1787.621577][T29985] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6110'.
[ 1787.780643][T29995] netlink: 'syz.6.6112': attribute type 9 has an invalid length.
[ 1787.789522][T29995] netlink: 'syz.6.6112': attribute type 9 has an invalid length.
[ 1787.863927][T29998] fuse: Unknown parameter 'use00000000000000000000'
[ 1789.962401][   T30] audit: type=1400 audit(1753351320.857:1328): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=30021 comm="syz.6.6122" daddr=::ffff:255.255.255.255 dest=20004
[ 1790.097929][T30035] fuse: Unknown parameter 'use00000000000000000000'
[ 1790.192379][T30037] fuse: Bad value for 'fd'
[ 1790.987348][T30045] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6131'.
[ 1791.358852][T30045] team0 (unregistering): Port device team_slave_0 removed
[ 1791.393554][T30045] team0 (unregistering): Port device team_slave_1 removed
[ 1791.650654][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1791.768843][T30061] fuse: Unknown parameter 'use00000000000000000000'
[ 1794.288618][T30108] netlink: 'syz.6.6152': attribute type 9 has an invalid length.
[ 1794.304662][T30108] netlink: 'syz.6.6152': attribute type 9 has an invalid length.
[ 1795.802206][   T30] audit: type=1400 audit(1753351326.697:1329): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=30128 comm="syz.1.6159" daddr=::ffff:255.255.255.255 dest=20004
[ 1797.781606][T30170] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6172'.
[ 1798.675477][T30170] team0 (unregistering): Port device team_slave_0 removed
[ 1798.714140][T30170] team0 (unregistering): Port device team_slave_1 removed
[ 1799.298177][T30190] netlink: 68 bytes leftover after parsing attributes in process `syz.9.6179'.
[ 1799.902195][T30194] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6180'.
[ 1799.967010][T30198] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1800.048839][T30201] Set syz0 is full, maxelem 0 reached
[ 1801.423873][T30217] netlink: 20 bytes leftover after parsing attributes in process `syz.6.6189'.
[ 1802.139940][T30228] netlink: 68 bytes leftover after parsing attributes in process `syz.9.6192'.
[ 1802.532835][T30233] netlink: 20 bytes leftover after parsing attributes in process `syz.8.6194'.
[ 1802.630464][T30235] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1803.954455][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1803.964939][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1803.985876][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1803.998265][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1804.028479][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1804.354517][T30256] overlayfs: failed to clone upperpath
[ 1804.741849][T10760] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1804.765407][T10760] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1804.951701][T30267] siw: device registration error -23
[ 1805.550336][T30248] lo speed is unknown, defaulting to 1000
[ 1805.679256][T30273] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6206'.
[ 1805.692499][T30274] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1805.806190][T30272] netlink: 20 bytes leftover after parsing attributes in process `syz.9.6205'.
[ 1806.127269][T23698] Bluetooth: hci3: command tx timeout
[ 1806.177707][T10760] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1806.188347][T10760] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1806.217333][T30276] netlink: 'syz.1.6208': attribute type 12 has an invalid length.
[ 1806.225353][T30276] netlink: 'syz.1.6208': attribute type 29 has an invalid length.
[ 1806.233194][T30276] netlink: 148 bytes leftover after parsing attributes in process `syz.1.6208'.
[ 1806.242844][T30276] netlink: 'syz.1.6208': attribute type 2 has an invalid length.
[ 1806.250593][T30276] netlink: 43 bytes leftover after parsing attributes in process `syz.1.6208'.
[ 1806.812404][T10760] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1807.049461][T10760] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1807.550843][T10760] bridge0: port 3(netdevsim0) entered disabled state
[ 1807.627241][T30299] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6213'.
[ 1807.640922][T10760] netdevsim netdevsim6 netdevsim0 (unregistering): left allmulticast mode
[ 1807.650614][T10760] netdevsim netdevsim6 netdevsim0 (unregistering): left promiscuous mode
[ 1807.665663][T10760] bridge0: port 3(netdevsim0) entered disabled state
[ 1807.696365][T10760] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1807.707002][T10760] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1808.070999][T30248] chnl_net:caif_netlink_parms(): no params data found
[ 1808.205928][T23698] Bluetooth: hci3: command tx timeout
[ 1808.420623][T10760] bridge_slave_1: left allmulticast mode
[ 1808.448339][T30310] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6217'.
[ 1808.479820][T10760] bridge_slave_1: left promiscuous mode
[ 1808.505534][T10760] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1808.576268][T10760] bridge_slave_0: left allmulticast mode
[ 1808.581969][T10760] bridge_slave_0: left promiscuous mode
[ 1808.615218][T10760] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1808.649093][T30315] fuse: Bad value for 'fd'
[ 1808.653519][T30314] netlink: 32 bytes leftover after parsing attributes in process `syz.8.6219'.
[ 1808.682271][T11399] IPVS: starting estimator thread 0...
[ 1808.785740][T30316] IPVS: using max 32 ests per chain, 76800 per kthread
[ 1808.991989][T30322] netlink: 20 bytes leftover after parsing attributes in process `syz.8.6222'.
[ 1809.084845][T10760] bond1 (unregistering): (slave ip6gretap1): Releasing active interface
[ 1809.157865][T30327] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6224'.
[ 1809.177887][T30327] netlink: 20 bytes leftover after parsing attributes in process `syz.8.6224'.
[ 1810.107648][T10760] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1810.127763][T10760] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1810.147992][T10760] bond0 (unregistering): Released all slaves
[ 1810.285885][T23698] Bluetooth: hci3: command tx timeout
[ 1810.456152][T10760] bond1 (unregistering): Released all slaves
[ 1810.484667][T30339] netlink: 'syz.2.6228': attribute type 12 has an invalid length.
[ 1810.492654][T30339] netlink: 'syz.2.6228': attribute type 29 has an invalid length.
[ 1810.500530][T30339] netlink: 'syz.2.6228': attribute type 2 has an invalid length.
[ 1810.737178][T30248] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1810.755831][T30248] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1810.763804][T30248] bridge_slave_0: entered allmulticast mode
[ 1810.775119][T30248] bridge_slave_0: entered promiscuous mode
[ 1810.782845][T10760] : left promiscuous mode
[ 1810.788287][T30347] fuse: Bad value for 'fd'
[ 1810.866261][T30248] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1810.885421][T30248] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1810.910639][T30248] bridge_slave_1: entered allmulticast mode
[ 1810.977484][T30248] bridge_slave_1: entered promiscuous mode
[ 1810.994683][T10760] tipc: Left network mode
[ 1811.479841][T30369] __nla_validate_parse: 3 callbacks suppressed
[ 1811.479859][T30369] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6236'.
[ 1811.627201][T30373] netlink: 68 bytes leftover after parsing attributes in process `syz.9.6237'.
[ 1812.068394][T30248] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1812.094819][T30248] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1812.365500][T23698] Bluetooth: hci3: command tx timeout
[ 1812.445941][T30384] fuse: Bad value for 'fd'
[ 1812.451143][T30248] team0: Port device team_slave_0 added
[ 1813.346973][T30248] team0: Port device team_slave_1 added
[ 1813.370432][T30390] netlink: 'syz.2.6241': attribute type 12 has an invalid length.
[ 1813.378532][T30390] netlink: 'syz.2.6241': attribute type 29 has an invalid length.
[ 1813.386442][T30390] netlink: 148 bytes leftover after parsing attributes in process `syz.2.6241'.
[ 1813.511953][T10760] hsr_slave_0: left promiscuous mode
[ 1813.540560][T10760] hsr_slave_1: left promiscuous mode
[ 1813.565394][T10760] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1813.583078][T10760] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1813.601171][T10760] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1813.609854][T10760] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1813.644194][T10760] veth1_macvtap: left promiscuous mode
[ 1813.650779][T10760] veth0_macvtap: left promiscuous mode
[ 1813.663383][T10760] veth1_vlan: left promiscuous mode
[ 1813.669568][T10760] veth0_vlan: left promiscuous mode
[ 1813.699367][T30406] netlink: 'syz.2.6244': attribute type 9 has an invalid length.
[ 1814.216252][T30410] netlink: 'syz.2.6244': attribute type 9 has an invalid length.
[ 1814.281744][T30413] netlink: 68 bytes leftover after parsing attributes in process `syz.8.6247'.
[ 1815.815901][T30426] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6251'.
[ 1815.954337][T30432] netlink: 20 bytes leftover after parsing attributes in process `syz.8.6254'.
[ 1817.591553][T17878] lo speed is unknown, defaulting to 1000
[ 1817.623213][T17878] infiniband syz0: ib_query_port failed (-19)
[ 1817.630166][T30248] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1817.640494][T30248] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1817.702080][T30248] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1817.774613][T30248] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1817.800247][T30248] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1817.830926][T30248] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1817.847919][T30445] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6258'.
[ 1818.064578][T30248] hsr_slave_0: entered promiscuous mode
[ 1818.078613][T30248] hsr_slave_1: entered promiscuous mode
[ 1818.089972][T30248] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1818.097901][T30248] Cannot create hsr debugfs directory
[ 1818.248838][T10760] IPVS: stop unused estimator thread 0...
[ 1818.767826][T30457] overlayfs: failed to resolve './file0': -2
[ 1818.784172][T30459] loop6: detected capacity change from 0 to 524287999
[ 1818.807330][T30459] buffer_io_error: 14 callbacks suppressed
[ 1818.807346][T30459] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1818.853158][T30459] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1818.867194][T30459] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1818.881988][T30459] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1818.898245][T30459] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1818.922825][T30459] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1818.948754][T30459] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1818.985685][T30459] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1819.003878][T30459] ldm_validate_partition_table(): Disk read failed.
[ 1819.020368][T30469] netlink: 28 bytes leftover after parsing attributes in process `syz.8.6263'.
[ 1819.034626][T30459] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1819.064487][T30459] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1819.086274][T30459] Dev loop6: unable to read RDB block 0
[ 1819.092747][T30459]  loop6: unable to read partition table
[ 1819.111158][T30459] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[ 1819.159245][   T30] audit: type=1400 audit(1753351350.057:1330): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=30465 comm="syz.8.6263" daddr=::ffff:255.255.255.255 dest=20004
[ 1819.724411][T30248] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1819.765975][T30248] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1819.784449][T30484] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6267'.
[ 1819.821420][T30248] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1819.849476][T30248] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1820.182283][T30248] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1820.271100][T30248] 8021q: adding VLAN 0 to HW filter on device team0
[ 1820.282569][T30481] [U] [Œæî
[ 1820.320112][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1820.327288][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1820.538204][T10760] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1820.545422][T10760] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1821.058050][T30521] netlink: 'syz.2.6274': attribute type 12 has an invalid length.
[ 1821.066057][T30521] netlink: 'syz.2.6274': attribute type 29 has an invalid length.
[ 1821.073860][T30521] netlink: 148 bytes leftover after parsing attributes in process `syz.2.6274'.
[ 1821.083015][T30521] netlink: 59 bytes leftover after parsing attributes in process `syz.2.6274'.
[ 1822.294320][T30248] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1823.747486][T30584] netlink: 'syz.8.6291': attribute type 2 has an invalid length.
[ 1823.772620][T30584] netlink: 164 bytes leftover after parsing attributes in process `syz.8.6291'.
[ 1824.114509][T30248] veth0_vlan: entered promiscuous mode
[ 1824.190798][T30248] veth1_vlan: entered promiscuous mode
[ 1824.378469][T30248] veth0_macvtap: entered promiscuous mode
[ 1824.413450][T30248] veth1_macvtap: entered promiscuous mode
[ 1824.482287][T30248] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1824.511487][T30248] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1824.514981][T11399] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[ 1824.530119][T30248] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1824.550825][T30248] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1824.562896][T30248] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1824.612780][T30248] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1824.703938][T11399] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1824.868626][T11399] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1824.908005][T11399] usb 10-1: config 1 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1825.574706][T11399] usb 10-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1825.687366][T11399] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1825.700640][T30617] pim6reg: entered allmulticast mode
[ 1825.715026][T11399] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1825.724137][T30618] pim6reg: left allmulticast mode
[ 1825.729363][T10761] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1825.729384][T10761] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1825.776085][T11399] usb 10-1: Product: syz
[ 1825.789058][T11399] usb 10-1: Manufacturer: syz
[ 1825.818923][T11399] usb 10-1: SerialNumber: syz
[ 1826.003340][T30626] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6301'.
[ 1826.077147][T10761] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1826.128897][T10761] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1827.109707][T30599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1827.183345][T30599] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1827.275759][T11399] cdc_ncm 10-1:1.0: bind() failure
[ 1827.316248][T11399] cdc_ncm 10-1:1.1: probe with driver cdc_ncm failed with error -71
[ 1827.350387][T11399] cdc_mbim 10-1:1.1: probe with driver cdc_mbim failed with error -71
[ 1827.386769][T11399] usbtest 10-1:1.1: probe with driver usbtest failed with error -71
[ 1827.513719][T11399] usb 10-1: USB disconnect, device number 6
[ 1828.813321][T30680] fuse: Unknown parameter 'fd0xffffffffffffffff'
[ 1828.861926][T30681] netlink: 'syz.1.6316': attribute type 1 has an invalid length.
[ 1829.406638][T30692] Bluetooth: MGMT ver 1.23
[ 1830.145524][T30698] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6321'.
[ 1830.459579][T30705] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6324'.
[ 1831.473762][T30718] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6325'.
[ 1831.592142][T30723] fuse: Unknown parameter 'fd0x0000000000000003'
[ 1831.609870][T30722] erspan0: entered promiscuous mode
[ 1831.645926][T30722] erspan0: left promiscuous mode
[ 1831.836655][T30726] netlink: 'syz.9.6328': attribute type 9 has an invalid length.
[ 1831.884662][T30726] netlink: 'syz.9.6328': attribute type 9 has an invalid length.
[ 1832.891467][T30743] ieee802154 phy1 wpan1: encryption failed: -22
[ 1832.974345][T30744] batadv_slave_1: entered promiscuous mode
[ 1832.983999][T30744] batadv_slave_1: left promiscuous mode
[ 1834.315771][T30762] binder: 30761:30762 ioctl 541c 200000000200 returned -22
[ 1835.747143][   T30] audit: type=1326 audit(1753351366.507:1331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30794 comm="syz.9.6355" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f848bd8e9a9 code=0x0
[ 1836.035129][ T5952] usb 7-1: new high-speed USB device number 93 using dummy_hcd
[ 1836.223217][T30799] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6356'.
[ 1836.427298][ T5952] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1836.450332][ T5952] usb 7-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1836.470912][ T5952] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1836.501199][ T5952] usb 7-1: config 0 descriptor??
[ 1838.473280][T30832] overlayfs: failed to clone upperpath
[ 1838.966947][T26983] usb 7-1: USB disconnect, device number 93
[ 1840.343667][T26983] usb 7-1: new high-speed USB device number 94 using dummy_hcd
[ 1840.505587][T26983] usb 7-1: Using ep0 maxpacket: 16
[ 1840.513801][T26983] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1840.527785][T26983] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1840.537973][T26983] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1840.554583][T26983] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1840.565020][T26983] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1840.580574][T26983] usb 7-1: config 0 descriptor??
[ 1840.653352][T30867] netlink: 'syz.2.6378': attribute type 9 has an invalid length.
[ 1840.671680][T30867] netlink: 'syz.2.6378': attribute type 9 has an invalid length.
[ 1840.810654][T30840] Bluetooth: MGMT ver 1.23
[ 1841.135410][T26983] shield 0003:0955:7214.000F: unknown main item tag 0x0
[ 1841.142614][T26983] shield 0003:0955:7214.000F: unknown main item tag 0x0
[ 1841.152088][T26983] shield 0003:0955:7214.000F: unknown main item tag 0x0
[ 1841.159693][T26983] shield 0003:0955:7214.000F: unknown main item tag 0x0
[ 1841.169215][T26983] shield 0003:0955:7214.000F: unknown main item tag 0x0
[ 1841.871201][T26983] input: HID 0955:7214 Haptics as /devices/virtual/input/input40
[ 1841.886679][T30840] netlink: 'syz.6.6369': attribute type 2 has an invalid length.
[ 1841.916258][T30840] netlink: 244 bytes leftover after parsing attributes in process `syz.6.6369'.
[ 1842.084859][T26983] shield 0003:0955:7214.000F: Registered Thunderstrike controller
[ 1842.124758][T26983] shield 0003:0955:7214.000F: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.6-1/input0
[ 1842.160516][   T30] audit: type=1800 audit(1753351373.057:1332): pid=30881 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.8.6384" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[ 1842.220446][T30881] overlayfs: failed to clone upperpath
[ 1842.220516][T30882] overlayfs: failed to clone upperpath
[ 1842.254390][T17878] shield 0003:0955:7214.000F: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[ 1842.680146][T26983] usb 7-1: USB disconnect, device number 94
[ 1842.707522][T30881] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6384'.
[ 1842.732681][T30882] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6384'.
[ 1842.793570][T17878] shield 0003:0955:7214.000F: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[ 1842.853104][T30891] netlink: 'syz.1.6385': attribute type 10 has an invalid length.
[ 1842.870122][T17878] shield 0003:0955:7214.000F: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[ 1842.896113][T17878] shield 0003:0955:7214.000F: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[ 1844.795385][T26983] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[ 1844.808904][T30926] netlink: 'syz.8.6399': attribute type 4 has an invalid length.
[ 1844.819108][T30926] netlink: 152 bytes leftover after parsing attributes in process `syz.8.6399'.
[ 1845.090008][T26983] usb 10-1: Using ep0 maxpacket: 32
[ 1845.305811][T26983] usb 10-1: config 1 has an invalid interface number: 242 but max is 0
[ 1845.533696][T26983] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1845.555004][T26983] usb 10-1: config 1 has 2 interfaces, different from the descriptor's value: 1
[ 1845.571585][T26983] usb 10-1: config 1 has no interface number 1
[ 1845.578774][T26983] usb 10-1: config 1 interface 242 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1845.648702][T26983] usb 10-1: config 1 interface 242 has no altsetting 0
[ 1845.656848][T30926] : renamed from bond0 (while UP)
[ 1845.673965][T26983] usb 10-1: New USB device found, idVendor=2eca, idProduct=c101, bcdDevice= 7.df
[ 1845.715843][T26983] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1845.724243][T26983] usb 10-1: Product: syz
[ 1845.732896][T26983] usb 10-1: Manufacturer: syz
[ 1845.739508][T26983] usb 10-1: SerialNumber: syz
[ 1846.754742][T26983] aqc111 10-1:1.242: probe with driver aqc111 failed with error -22
[ 1846.842425][   T30] audit: type=1400 audit(1753351377.737:1333): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=30955 comm="syz.2.6405" dest=16385
[ 1846.962710][T26983] usb 10-1: USB disconnect, device number 7
[ 1847.149158][T30966] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6408'.
[ 1848.345076][   T30] audit: type=1400 audit(1753351379.237:1334): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=30983 comm="syz.2.6412"
[ 1848.459253][   T30] audit: type=1400 audit(1753351379.307:1335): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=30971 comm="syz.1.6410" daddr=::ffff:255.255.255.255 dest=20004
[ 1848.851096][T31001] netlink: 40 bytes leftover after parsing attributes in process `syz.9.6420'.
[ 1851.342459][T31026] netlink: 'syz.2.6425': attribute type 10 has an invalid length.
[ 1851.363984][T31026] bond0: (slave wlan1): Enslaving as an active interface with an up link
[ 1851.895297][T31030] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1851.946417][T31030] batadv_slave_0: entered promiscuous mode
[ 1852.409010][T23698] Bluetooth: hci1: unexpected event for opcode 0x0c56
[ 1853.115965][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1853.934478][T31071] bridge0: port 3(netdevsim0) entered blocking state
[ 1853.953003][T31071] bridge0: port 3(netdevsim0) entered disabled state
[ 1853.962479][T31071] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[ 1853.979569][T31071] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[ 1854.002598][T31071] bridge0: port 3(netdevsim0) entered blocking state
[ 1854.009449][T31071] bridge0: port 3(netdevsim0) entered forwarding state
[ 1854.025305][T31074] vivid-000: disconnect
[ 1854.065397][T31074] vivid-000: reconnect
[ 1854.817820][   T30] audit: type=1326 audit(1753351385.707:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31086 comm="syz.2.6443" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f6038e9a9 code=0x0
[ 1855.227349][T31101] bridge1: entered promiscuous mode
[ 1855.310716][T31103] netlink: 'syz.6.6451': attribute type 10 has an invalid length.
[ 1855.329333][T31103] bond0: (slave wlan1): Enslaving as an active interface with an up link
[ 1855.419644][T31107] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input41
[ 1855.524697][T31111] ucma_write: process 77 (syz.6.6452) changed security contexts after opening file descriptor, this is not allowed.
[ 1855.735068][ T5966] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[ 1855.885205][ T5966] usb 10-1: Using ep0 maxpacket: 8
[ 1855.922020][ T5966] usb 10-1: config 179 has an invalid interface number: 65 but max is 0
[ 1855.925390][T26983] usb 7-1: new high-speed USB device number 95 using dummy_hcd
[ 1855.935018][ T5966] usb 10-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[ 1856.116844][T31125] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[ 1856.130496][ T5966] usb 10-1: config 179 has no interface number 0
[ 1856.139284][ T5966] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1856.149396][ T5966] usb 10-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[ 1856.165096][T26983] usb 7-1: Using ep0 maxpacket: 32
[ 1856.175417][ T5966] usb 10-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1856.184740][ T5966] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1856.198991][T26983] usb 7-1: config 0 has an invalid interface number: 35 but max is 0
[ 1856.220510][T26983] usb 7-1: config 0 has no interface number 0
[ 1856.253538][T26983] usb 7-1: config 0 interface 35 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1856.292379][T26983] usb 7-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1856.327895][T26983] usb 7-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[ 1856.359751][T26983] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1856.405359][T26983] usb 7-1: Product: syz
[ 1856.409777][T26983] usb 7-1: Manufacturer: syz
[ 1856.414405][T26983] usb 7-1: SerialNumber: syz
[ 1856.451394][T26983] usb 7-1: config 0 descriptor??
[ 1856.491546][T31110] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(4)
[ 1856.498127][T31110] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1856.540771][T31110] vhci_hcd vhci_hcd.0: Device attached
[ 1856.651082][T22427] usb 10-1: USB disconnect, device number 8
[ 1856.661713][T31136] vhci_hcd: connection closed
[ 1856.669753][T10756] vhci_hcd: stop threads
[ 1856.713142][T10756] vhci_hcd: release socket
[ 1856.723236][T10756] vhci_hcd: disconnect device
[ 1856.762181][ T5966] vhci_hcd: vhci_device speed not set
[ 1856.995418][T26983] radio-si470x 7-1:0.35: this is not a si470x device.
[ 1857.036350][T26983] radio-raremono 7-1:0.35: this is not Thanko's Raremono.
[ 1857.049259][T31149] netlink: 'syz.8.6462': attribute type 9 has an invalid length.
[ 1857.062131][T31149] netlink: 'syz.8.6462': attribute type 9 has an invalid length.
[ 1857.296757][T26983] usb 7-1: USB disconnect, device number 95
[ 1857.692647][   T30] audit: type=1326 audit(1753351388.587:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31168 comm="syz.6.6470" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0fe8d8e9a9 code=0x0
[ 1858.759207][T31188] netlink: 'syz.8.6474': attribute type 9 has an invalid length.
[ 1858.773675][T31188] netlink: 'syz.8.6474': attribute type 9 has an invalid length.
[ 1858.901809][T31189] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1859.665655][T31214] netlink: 32 bytes leftover after parsing attributes in process `syz.8.6484'.
[ 1860.056596][T31219] netlink: 'syz.9.6485': attribute type 4 has an invalid length.
[ 1860.065442][T31219] netlink: 152 bytes leftover after parsing attributes in process `syz.9.6485'.
[ 1860.830468][T31219] : renamed from bond0 (while UP)
[ 1860.921467][T31230] netlink: 'syz.6.6488': attribute type 9 has an invalid length.
[ 1860.994365][T31231] netlink: 'syz.6.6488': attribute type 9 has an invalid length.
[ 1861.549797][T31246] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6494'.
[ 1861.857961][T31253] ptrace attach of "./syz-executor exec"[30248] was attempted by "./syz-executor exec"[31253]
[ 1862.595799][T31253] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1862.604047][T31253] overlayfs: failed to set xattr on upper
[ 1862.610295][T31253] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1862.618690][T31253] overlayfs: ...falling back to index=off.
[ 1862.624631][T31253] overlayfs: ...falling back to uuid=null.
[ 1862.630677][T31253] overlayfs: maximum fs stacking depth exceeded
[ 1862.705124][T31259] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6497'.
[ 1862.796258][ T5952] IPVS: starting estimator thread 0...
[ 1862.909053][T31262] IPVS: using max 30 ests per chain, 72000 per kthread
[ 1864.471576][T31293] netlink: 20 bytes leftover after parsing attributes in process `syz.8.6506'.
[ 1864.526135][T31292] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[ 1864.867761][T31299] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6509'.
[ 1865.048625][T31306] netlink: 104 bytes leftover after parsing attributes in process `syz.2.6511'.
[ 1865.077360][T31308] FAULT_INJECTION: forcing a failure.
[ 1865.077360][T31308] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1865.096331][T31310] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6514'.
[ 1865.105589][T31310] netlink: 20 bytes leftover after parsing attributes in process `syz.9.6514'.
[ 1865.109117][T31308] CPU: 1 UID: 0 PID: 31308 Comm: syz.6.6513 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1865.109142][T31308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1865.109155][T31308] Call Trace:
[ 1865.109165][T31308]  <TASK>
[ 1865.109180][T31308]  dump_stack_lvl+0x189/0x250
[ 1865.109208][T31308]  ? __pfx____ratelimit+0x10/0x10
[ 1865.109227][T31308]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1865.109247][T31308]  ? __pfx__printk+0x10/0x10
[ 1865.109268][T31308]  ? __might_fault+0xb0/0x130
[ 1865.109298][T31308]  should_fail_ex+0x414/0x560
[ 1865.109324][T31308]  _copy_from_user+0x2d/0xb0
[ 1865.109348][T31308]  kstrtouint_from_user+0xc4/0x170
[ 1865.109371][T31308]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1865.109408][T31308]  proc_fail_nth_write+0x88/0x240
[ 1865.109429][T31308]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1865.109456][T31308]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1865.109479][T31308]  vfs_write+0x27e/0xa90
[ 1865.109504][T31308]  ? __pfx_vfs_write+0x10/0x10
[ 1865.109523][T31308]  ? __fget_files+0x2a/0x420
[ 1865.109546][T31308]  ? __fget_files+0x3a0/0x420
[ 1865.109564][T31308]  ? __fget_files+0x2a/0x420
[ 1865.109592][T31308]  ksys_write+0x145/0x250
[ 1865.109612][T31308]  ? __pfx_ksys_write+0x10/0x10
[ 1865.109626][T31308]  ? rcu_is_watching+0x15/0xb0
[ 1865.109650][T31308]  ? do_syscall_64+0xbe/0x3b0
[ 1865.109674][T31308]  do_syscall_64+0xfa/0x3b0
[ 1865.109692][T31308]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1865.109710][T31308]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1865.109728][T31308]  ? clear_bhb_loop+0x60/0xb0
[ 1865.109749][T31308]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1865.109766][T31308] RIP: 0033:0x7f0fe8d8d45f
[ 1865.109783][T31308] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1865.109799][T31308] RSP: 002b:00007f0fe9bab030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1865.109818][T31308] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0fe8d8d45f
[ 1865.109831][T31308] RDX: 0000000000000001 RSI: 00007f0fe9bab0a0 RDI: 0000000000000004
[ 1865.109842][T31308] RBP: 00007f0fe9bab090 R08: 0000000000000000 R09: 0000000000000000
[ 1865.109854][T31308] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[ 1865.109865][T31308] R13: 0000000000000000 R14: 00007f0fe8fb5fa0 R15: 00007fff39cce148
[ 1865.109894][T31308]  </TASK>
[ 1865.218569][T31314] netlink: 40 bytes leftover after parsing attributes in process `syz.6.6516'.
[ 1865.441588][T31310] netdevsim netdevsim9 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1865.451137][T31310] netdevsim netdevsim9 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1865.460431][T31310] netdevsim netdevsim9 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1865.469262][T31310] netdevsim netdevsim9 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1866.744454][T31336] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6519'.
[ 1866.885662][T31343] netlink: 104 bytes leftover after parsing attributes in process `syz.1.6525'.
[ 1866.937904][T31348] FAULT_INJECTION: forcing a failure.
[ 1866.937904][T31348] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1866.980041][T31348] CPU: 1 UID: 0 PID: 31348 Comm: syz.9.6527 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1866.980070][T31348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1866.980081][T31348] Call Trace:
[ 1866.980089][T31348]  <TASK>
[ 1866.980102][T31348]  dump_stack_lvl+0x189/0x250
[ 1866.980127][T31348]  ? __pfx____ratelimit+0x10/0x10
[ 1866.980147][T31348]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1866.980167][T31348]  ? __pfx__printk+0x10/0x10
[ 1866.980196][T31348]  ? __might_fault+0xb0/0x130
[ 1866.980226][T31348]  should_fail_ex+0x414/0x560
[ 1866.980252][T31348]  _copy_from_user+0x2d/0xb0
[ 1866.980276][T31348]  wext_handle_ioctl+0xba/0x1c0
[ 1866.980303][T31348]  ? __pfx_wext_handle_ioctl+0x10/0x10
[ 1866.980323][T31348]  ? __lock_acquire+0xab9/0xd20
[ 1866.980345][T31348]  ? __asan_memset+0x22/0x50
[ 1866.980368][T31348]  ? smack_file_ioctl+0x24a/0x340
[ 1866.980393][T31348]  sock_ioctl+0x15f/0x790
[ 1866.980416][T31348]  ? __pfx_sock_ioctl+0x10/0x10
[ 1866.980436][T31348]  ? __fget_files+0x2a/0x420
[ 1866.980454][T31348]  ? __fget_files+0x3a0/0x420
[ 1866.980472][T31348]  ? __fget_files+0x2a/0x420
[ 1866.980495][T31348]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1866.980516][T31348]  ? __pfx_sock_ioctl+0x10/0x10
[ 1866.980534][T31348]  __se_sys_ioctl+0xf9/0x170
[ 1866.980562][T31348]  do_syscall_64+0xfa/0x3b0
[ 1866.980580][T31348]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1866.980600][T31348]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1866.980617][T31348]  ? clear_bhb_loop+0x60/0xb0
[ 1866.980639][T31348]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1866.980656][T31348] RIP: 0033:0x7f848bd8e9a9
[ 1866.980673][T31348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1866.980689][T31348] RSP: 002b:00007f848ccb0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1866.980709][T31348] RAX: ffffffffffffffda RBX: 00007f848bfb5fa0 RCX: 00007f848bd8e9a9
[ 1866.980722][T31348] RDX: 0000200000000000 RSI: 0000000000008b34 RDI: 0000000000000003
[ 1866.980734][T31348] RBP: 00007f848ccb0090 R08: 0000000000000000 R09: 0000000000000000
[ 1866.980746][T31348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1866.980757][T31348] R13: 0000000000000000 R14: 00007f848bfb5fa0 R15: 00007ffdd537deb8
[ 1866.980787][T31348]  </TASK>
[ 1867.321766][T31350] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6529'.
[ 1867.375077][T22427] usb 7-1: new full-speed USB device number 96 using dummy_hcd
[ 1867.737932][T22427] usb 7-1: config 0 has an invalid descriptor of length 178, skipping remainder of the config
[ 1867.777180][T22427] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1867.790101][T31362] netlink: 12 bytes leftover after parsing attributes in process `syz.9.6534'.
[ 1867.806276][T22427] usb 7-1: New USB device found, idVendor=045e, idProduct=00f9, bcdDevice= 8.00
[ 1867.855103][T22427] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1867.866875][T22427] usb 7-1: config 0 descriptor??
[ 1867.910027][T31362] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1868.066994][T31364] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1868.074084][T31364] bond0: (slave vti0): The slave device specified does not support setting the MAC address
[ 1868.106357][T31364] bond0: (slave vti0): Error -95 calling set_mac_address
[ 1868.898684][   T30] audit: type=1400 audit(1753351399.107:1338): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=31369 comm="syz.2.6536" dest=20004
[ 1869.989118][T31386] netlink: 40 bytes leftover after parsing attributes in process `syz.9.6542'.
[ 1870.533294][T17878] usb 7-1: USB disconnect, device number 96
[ 1870.861849][T31411] netlink: 'syz.8.6550': attribute type 10 has an invalid length.
[ 1871.034773][T31411] wlan1: mtu less than device minimum
[ 1871.040549][T31411] : (slave wlan1): Error -22 calling dev_set_mtu
[ 1871.235407][ T5966] usb 7-1: new high-speed USB device number 97 using dummy_hcd
[ 1871.264472][   T30] audit: type=1800 audit(1753351402.157:1339): pid=31422 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.8.6554" name="nullb0" dev="tmpfs" ino=1912 res=0 errno=0
[ 1871.496016][ T5966] usb 7-1: device descriptor read/64, error -71
[ 1871.517314][T31431] netlink: 'syz.8.6558': attribute type 1 has an invalid length.
[ 1871.675939][T31439] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6559'.
[ 1871.713317][   T30] audit: type=1400 audit(1753351402.607:1340): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=31432 comm="syz.2.6559" daddr=::ffff:255.255.255.255 dest=20004
[ 1871.745422][ T5966] usb 7-1: new high-speed USB device number 98 using dummy_hcd
[ 1871.770022][T31441] netlink: 'syz.1.6562': attribute type 12 has an invalid length.
[ 1871.787220][T31441] netlink: 'syz.1.6562': attribute type 29 has an invalid length.
[ 1871.806747][T31441] netlink: 148 bytes leftover after parsing attributes in process `syz.1.6562'.
[ 1871.820057][T31441] netlink: 'syz.1.6562': attribute type 2 has an invalid length.
[ 1871.831065][T31441] netlink: 43 bytes leftover after parsing attributes in process `syz.1.6562'.
[ 1871.937614][ T5966] usb 7-1: device descriptor read/64, error -71
[ 1872.075621][ T5966] usb usb7-port1: attempt power cycle
[ 1872.123147][T31445] netlink: 'syz.8.6564': attribute type 4 has an invalid length.
[ 1872.131312][T31445] netlink: 152 bytes leftover after parsing attributes in process `syz.8.6564'.
[ 1872.895280][ T5966] usb 7-1: new high-speed USB device number 99 using dummy_hcd
[ 1872.925882][ T5966] usb 7-1: device descriptor read/8, error -71
[ 1872.962368][T31458] netlink: 'syz.8.6566': attribute type 9 has an invalid length.
[ 1872.971049][T31458] netlink: 'syz.8.6566': attribute type 9 has an invalid length.
[ 1873.305113][ T5966] usb 7-1: new high-speed USB device number 100 using dummy_hcd
[ 1873.340122][ T5966] usb 7-1: device descriptor read/8, error -71
[ 1873.465490][ T5966] usb usb7-port1: unable to enumerate USB device
[ 1873.468486][T31479] netlink: 'syz.1.6575': attribute type 1 has an invalid length.
[ 1873.931769][T31493] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1874.013689][T31497] netlink: 'syz.6.6583': attribute type 10 has an invalid length.
[ 1874.084475][T31502] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6584'.
[ 1875.651081][ T5842] Bluetooth: hci5: command 0x0406 tx timeout
[ 1875.930756][T31546] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6598'.
[ 1876.733151][T31568] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6604'.
[ 1876.755881][   T30] audit: type=1400 audit(1753351407.657:1341): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=31559 comm="syz.1.6604" daddr=::ffff:255.255.255.255 dest=20004
[ 1876.965217][T26983] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[ 1877.127325][T26983] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1877.138514][T26983] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1877.149775][T26983] usb 10-1: config 1 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1877.178256][T26983] usb 10-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1877.300990][T26983] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1877.313207][T26983] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1877.321480][T26983] usb 10-1: Product: syz
[ 1877.342868][T26983] usb 10-1: Manufacturer: syz
[ 1877.359945][T26983] usb 10-1: SerialNumber: syz
[ 1877.621251][   T30] audit: type=1400 audit(1753351408.517:1342): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=31581 comm="syz.2.6611" daddr=::ffff:10.1.1.1 dest=20001
[ 1877.785444][   T30] audit: type=1400 audit(1753351408.677:1343): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=31585 comm="syz.8.6612" dest=20001
[ 1878.549277][T31592] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6613'.
[ 1878.620459][T31595] validate_nla: 4 callbacks suppressed
[ 1878.620474][T31595] netlink: 'syz.6.6616': attribute type 1 has an invalid length.
[ 1878.674110][T31598] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6616'.
[ 1878.700116][T31595] bond1: entered promiscuous mode
[ 1878.708612][T31595] bond1: entered allmulticast mode
[ 1878.731814][T31598] bridge2: the hash_elasticity option has been deprecated and is always 16
[ 1878.770320][T31598] bond1: (slave bridge2): making interface the new active one
[ 1878.787721][T31598] bridge2: entered promiscuous mode
[ 1878.793376][T31598] bridge2: entered allmulticast mode
[ 1878.801069][T31598] bond1: (slave bridge2): Enslaving as an active interface with an up link
[ 1878.937052][T31562] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1879.143562][T31562] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1879.188671][T26983] cdc_ncm 10-1:1.0: bind() failure
[ 1879.213834][T26983] cdc_ncm 10-1:1.1: probe with driver cdc_ncm failed with error -71
[ 1879.240976][T26983] cdc_mbim 10-1:1.1: probe with driver cdc_mbim failed with error -71
[ 1879.251861][T26983] usbtest 10-1:1.1: probe with driver usbtest failed with error -71
[ 1879.263205][T26983] usb 10-1: USB disconnect, device number 9
[ 1879.385273][T31611] sch_tbf: burst 1 is lower than device lo mtu (65550) !
[ 1880.430839][T31634] netlink: 'syz.6.6626': attribute type 12 has an invalid length.
[ 1880.438799][T31634] netlink: 'syz.6.6626': attribute type 29 has an invalid length.
[ 1880.446742][T31634] netlink: 148 bytes leftover after parsing attributes in process `syz.6.6626'.
[ 1881.402847][T31655] ubi: mtd0 is already attached to ubi31
[ 1881.740666][T31664] overlayfs: failed to clone upperpath
[ 1882.017939][T31666] overlayfs: failed to clone upperpath
[ 1883.119240][ T5952] usb 7-1: new high-speed USB device number 101 using dummy_hcd
[ 1883.329203][ T5952] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1883.353660][ T5952] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1883.384133][ T5952] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1883.409732][ T5952] usb 7-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1883.479544][ T5952] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1883.622464][ T5952] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1883.631044][ T5952] usb 7-1: Product: syz
[ 1883.637432][ T5952] usb 7-1: Manufacturer: syz
[ 1883.642134][ T5952] usb 7-1: SerialNumber: syz
[ 1884.261867][T31696] netlink: 'syz.2.6643': attribute type 12 has an invalid length.
[ 1884.266227][T31691] macsec1: entered allmulticast mode
[ 1884.294299][T31691] bond0: entered allmulticast mode
[ 1884.300117][T31691] bond_slave_0: entered allmulticast mode
[ 1884.312391][T31691] bond_slave_1: entered allmulticast mode
[ 1884.324324][T31691] bond0: left allmulticast mode
[ 1884.340516][T31691] bond_slave_0: left allmulticast mode
[ 1884.349824][T31691] bond_slave_1: left allmulticast mode
[ 1884.398889][T31702] netlink: 'syz.2.6645': attribute type 10 has an invalid length.
[ 1884.680901][T31678] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1884.695190][T31678] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1884.711654][ T5952] cdc_ncm 7-1:1.0: bind() failure
[ 1884.726300][ T5952] cdc_ncm 7-1:1.1: probe with driver cdc_ncm failed with error -71
[ 1884.736369][ T5952] cdc_mbim 7-1:1.1: probe with driver cdc_mbim failed with error -71
[ 1884.746170][ T5952] usbtest 7-1:1.1: probe with driver usbtest failed with error -71
[ 1884.770960][ T5952] usb 7-1: USB disconnect, device number 101
[ 1885.957995][T31728] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6653'.
[ 1886.058938][T31736] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6657'.
[ 1886.167267][T31728] hsr_slave_1 (unregistering): left promiscuous mode
[ 1886.345106][ T5952] usb 7-1: new high-speed USB device number 102 using dummy_hcd
[ 1886.553921][ T5952] usb 7-1: Using ep0 maxpacket: 8
[ 1886.565881][ T5952] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1886.603985][ T5952] usb 7-1: config 16 interface 0 has no altsetting 0
[ 1886.626921][ T5952] usb 7-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=1a.35
[ 1886.640513][ T5952] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1886.661998][ T5952] usb 7-1: Product: syz
[ 1886.679635][ T5952] usb 7-1: Manufacturer: syz
[ 1886.692689][ T5952] usb 7-1: SerialNumber: syz
[ 1886.866880][T31754] No source specified
[ 1886.945661][ T5952] usb 7-1: ucan: probing device on interface #0
[ 1886.962910][ T5952] usb 7-1: ucan: invalid endpoint configuration
[ 1886.983161][ T5952] usb 7-1: ucan: probe failed; try to update the device firmware
[ 1887.023671][ T5952] usb 7-1: USB disconnect, device number 102
[ 1887.130241][T31764] delete_channel: no stack
[ 1887.135065][T31764] delete_channel: no stack
[ 1888.888814][T31787] openvswitch: netlink: Duplicate or invalid key (type 0).
[ 1888.896882][T31787] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1888.953703][   T30] audit: type=1400 audit(1753351419.828:1344): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=31786 comm="syz.2.6674"
[ 1889.665255][ T5952] usb 7-1: new high-speed USB device number 103 using dummy_hcd
[ 1889.815101][ T5952] usb 7-1: device descriptor read/64, error -71
[ 1890.075011][ T5952] usb 7-1: new high-speed USB device number 104 using dummy_hcd
[ 1890.235229][ T5952] usb 7-1: device descriptor read/64, error -71
[ 1890.605476][T31835] netlink: 'syz.9.6685': attribute type 12 has an invalid length.
[ 1890.613450][T31835] netlink: 'syz.9.6685': attribute type 29 has an invalid length.
[ 1890.621451][T31835] netlink: 148 bytes leftover after parsing attributes in process `syz.9.6685'.
[ 1890.707824][ T5952] usb usb7-port1: attempt power cycle
[ 1891.117332][ T5952] usb 7-1: new high-speed USB device number 105 using dummy_hcd
[ 1891.145767][ T5952] usb 7-1: device descriptor read/8, error -71
[ 1891.885319][ T5952] usb 7-1: new high-speed USB device number 106 using dummy_hcd
[ 1891.936628][ T5952] usb 7-1: device descriptor read/8, error -71
[ 1891.952999][T31866] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1892.056689][ T5952] usb usb7-port1: unable to enumerate USB device
[ 1892.102836][T31876] overlayfs: failed to resolve './file1': -2
[ 1892.321757][T31886] netlink: 'syz.2.6703': attribute type 22 has an invalid length.
[ 1892.368357][T31886] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6703'.
[ 1892.411520][T31886] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1892.420406][T31886] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1892.429223][T31886] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1892.437977][T31886] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1892.534006][T31886] netlink: 'syz.2.6703': attribute type 22 has an invalid length.
[ 1892.646921][T31886] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6703'.
[ 1893.172541][T31903] No control pipe specified
[ 1893.209568][T31905] vlan2: entered allmulticast mode
[ 1893.218138][T31905] : entered allmulticast mode
[ 1893.222859][T31903] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6710'.
[ 1893.228559][T31905] bond_slave_0: entered allmulticast mode
[ 1893.252748][T31905] bond_slave_1: entered allmulticast mode
[ 1893.270006][T31910] FAULT_INJECTION: forcing a failure.
[ 1893.270006][T31910] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1893.304728][T31910] CPU: 1 UID: 0 PID: 31910 Comm: syz.6.6712 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1893.304755][T31910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1893.304767][T31910] Call Trace:
[ 1893.304775][T31910]  <TASK>
[ 1893.304783][T31910]  dump_stack_lvl+0x189/0x250
[ 1893.304809][T31910]  ? __pfx____ratelimit+0x10/0x10
[ 1893.304830][T31910]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1893.304850][T31910]  ? __pfx__printk+0x10/0x10
[ 1893.304872][T31910]  ? __might_fault+0xb0/0x130
[ 1893.304902][T31910]  should_fail_ex+0x414/0x560
[ 1893.304928][T31910]  _copy_from_iter+0x575/0x16f0
[ 1893.304960][T31910]  ? __pfx__copy_from_iter+0x10/0x10
[ 1893.304980][T31910]  ? __build_skb_around+0x257/0x3e0
[ 1893.305008][T31910]  ? skb_put+0x11b/0x210
[ 1893.305029][T31910]  ? tipc_msg_build+0x8c6/0xcf0
[ 1893.305053][T31910]  tipc_msg_build+0x72b/0xcf0
[ 1893.305081][T31910]  ? __pfx_tipc_msg_build+0x10/0x10
[ 1893.305097][T31910]  ? tipc_nametbl_lookup_mcast_nodes+0x2e/0x9d0
[ 1893.305124][T31910]  ? tipc_nametbl_lookup_mcast_nodes+0x4ac/0x9d0
[ 1893.305146][T31910]  ? tipc_nametbl_lookup_mcast_nodes+0x2e/0x9d0
[ 1893.305177][T31910]  __tipc_sendmsg+0x1a58/0x2960
[ 1893.305202][T31910]  ? process_measurement+0x72d/0x1a40
[ 1893.305228][T31910]  ? __pfx___tipc_sendmsg+0x10/0x10
[ 1893.305263][T31910]  ? __pfx_woken_wake_function+0x10/0x10
[ 1893.305288][T31910]  ? __pfx_process_measurement+0x10/0x10
[ 1893.305305][T31910]  ? tomoyo_check_open_permission+0x16a/0x3b0
[ 1893.305324][T31910]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[ 1893.305359][T31910]  ? __lock_acquire+0xab9/0xd20
[ 1893.305389][T31910]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1893.305408][T31910]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1893.305428][T31910]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1893.305445][T31910]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1893.305475][T31910]  tipc_sendmsg+0x55/0x70
[ 1893.305492][T31910]  ? __pfx_tipc_sendmsg+0x10/0x10
[ 1893.305509][T31910]  __sock_sendmsg+0x219/0x270
[ 1893.305531][T31910]  ____sys_sendmsg+0x52d/0x830
[ 1893.305557][T31910]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1893.305584][T31910]  ? import_iovec+0x74/0xa0
[ 1893.305605][T31910]  ___sys_sendmsg+0x21f/0x2a0
[ 1893.305627][T31910]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1893.305676][T31910]  ? __fget_files+0x2a/0x420
[ 1893.305691][T31910]  ? __fget_files+0x3a0/0x420
[ 1893.305716][T31910]  __sys_sendmmsg+0x227/0x430
[ 1893.305755][T31910]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1893.305773][T31910]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1893.305810][T31910]  ? ksys_write+0x22a/0x250
[ 1893.305825][T31910]  ? __pfx_ksys_write+0x10/0x10
[ 1893.305836][T31910]  ? rcu_is_watching+0x15/0xb0
[ 1893.305860][T31910]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1893.305883][T31910]  do_syscall_64+0xfa/0x3b0
[ 1893.305899][T31910]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1893.305915][T31910]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1893.305932][T31910]  ? clear_bhb_loop+0x60/0xb0
[ 1893.305951][T31910]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1893.305965][T31910] RIP: 0033:0x7f0fe8d8e9a9
[ 1893.305980][T31910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1893.305992][T31910] RSP: 002b:00007f0fe9bab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1893.306007][T31910] RAX: ffffffffffffffda RBX: 00007f0fe8fb5fa0 RCX: 00007f0fe8d8e9a9
[ 1893.306017][T31910] RDX: 04000000000001f4 RSI: 0000200000006740 RDI: 0000000000000003
[ 1893.306026][T31910] RBP: 00007f0fe9bab090 R08: 0000000000000000 R09: 0000000000000000
[ 1893.306038][T31910] R10: 0000000000000081 R11: 0000000000000246 R12: 0000000000000002
[ 1893.306048][T31910] R13: 0000000000000000 R14: 00007f0fe8fb5fa0 R15: 00007fff39cce148
[ 1893.306074][T31910]  </TASK>
[ 1893.705861][T31913] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1893.796038][T22427] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[ 1893.955160][T22427] usb 10-1: Using ep0 maxpacket: 16
[ 1893.966827][T22427] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1893.978592][T22427] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1894.001044][T22427] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1894.015235][T22427] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1894.031838][T22427] usb 10-1: Product: syz
[ 1894.037012][T22427] usb 10-1: Manufacturer: syz
[ 1894.042403][T22427] usb 10-1: SerialNumber: syz
[ 1894.055988][T22427] usb 10-1: config 0 descriptor??
[ 1894.108616][T22427] em28xx 10-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1894.163201][T22427] em28xx 10-1:0.0: Audio interface 0 found (Vendor Class)
[ 1894.849440][T22427] em28xx 10-1:0.0: chip ID is em2874
[ 1894.850354][T31936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1894.863642][T31936] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1895.523819][T22427] usb 10-1: USB disconnect, device number 10
[ 1895.607111][T22427] em28xx 10-1:0.0: Disconnecting em28xx
[ 1895.643317][T22427] em28xx 10-1:0.0: Freeing device
[ 1895.674219][T31945] netlink: 'syz.2.6724': attribute type 12 has an invalid length.
[ 1895.682327][T31945] netlink: 'syz.2.6724': attribute type 29 has an invalid length.
[ 1895.690298][T31945] netlink: 148 bytes leftover after parsing attributes in process `syz.2.6724'.
[ 1895.699384][T31945] netlink: 'syz.2.6724': attribute type 2 has an invalid length.
[ 1895.707105][T31945] netlink: 43 bytes leftover after parsing attributes in process `syz.2.6724'.
[ 1898.099083][T31994] netlink: 'syz.1.6743': attribute type 12 has an invalid length.
[ 1898.106994][T31994] netlink: 'syz.1.6743': attribute type 29 has an invalid length.
[ 1898.115257][T31994] netlink: 148 bytes leftover after parsing attributes in process `syz.1.6743'.
[ 1898.124516][T31994] netlink: 'syz.1.6743': attribute type 2 has an invalid length.
[ 1898.132433][T31994] netlink: 43 bytes leftover after parsing attributes in process `syz.1.6743'.
[ 1898.655390][T17878] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[ 1898.687265][ T5842] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1898.702798][ T5842] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1898.712339][ T5842] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1898.746627][ T5842] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1898.808059][ T5842] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1898.815600][T17878] usb 10-1: Using ep0 maxpacket: 32
[ 1898.849594][T17878] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1898.865006][T17878] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1898.875114][T17878] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1898.891272][T17878] usb 10-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[ 1898.901364][T17878] usb 10-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[ 1898.910004][T17878] usb 10-1: Product: syz
[ 1898.914680][T17878] usb 10-1: Manufacturer: syz
[ 1898.919570][T17878] usb 10-1: SerialNumber: syz
[ 1898.981435][T17878] input: appletouch as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/input/input42
[ 1899.119400][T32012] netlink: 'syz.6.6746': attribute type 9 has an invalid length.
[ 1899.174672][T32013] netlink: 'syz.6.6746': attribute type 9 has an invalid length.
[ 1900.077918][T21991] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1900.120416][T21991] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1900.309245][T32025] netlink: zone id is out of range
[ 1900.332141][T32025] netlink: zone id is out of range
[ 1900.370166][T21991] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1900.434211][T21991] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1900.446590][T32025] netlink: set zone limit has 4 unknown bytes
[ 1900.659491][T21991] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1900.702717][T21991] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1900.809832][T21991] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1900.827831][T21991] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1900.925153][ T5842] Bluetooth: hci6: command tx timeout
[ 1901.112659][T17878] usb 10-1: USB disconnect, device number 11
[ 1901.193938][T17878] appletouch 10-1:1.0: input: appletouch disconnected
[ 1901.431930][T21991] bridge_slave_1: left allmulticast mode
[ 1901.460756][T21991] bridge_slave_1: left promiscuous mode
[ 1901.615579][T32054] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6757'.
[ 1901.635132][T32054] netlink: 20 bytes leftover after parsing attributes in process `syz.9.6757'.
[ 1901.674085][T21991] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1901.704097][T21991] bridge_slave_0: left allmulticast mode
[ 1902.635044][T21991] bridge_slave_0: left promiscuous mode
[ 1902.640914][T21991] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1902.782518][T32060] netlink: 16 bytes leftover after parsing attributes in process `syz.8.6755'.
[ 1903.017273][ T5842] Bluetooth: hci6: command tx timeout
[ 1903.144142][T32065] 9pnet_fd: Insufficient options for proto=fd
[ 1904.106003][T32069] netlink: 68 bytes leftover after parsing attributes in process `syz.6.6760'.
[ 1904.677041][T32075] FAULT_INJECTION: forcing a failure.
[ 1904.677041][T32075] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1904.696730][T32075] CPU: 1 UID: 0 PID: 32075 Comm: syz.6.6763 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1904.696763][T32075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1904.696775][T32075] Call Trace:
[ 1904.696783][T32075]  <TASK>
[ 1904.696792][T32075]  dump_stack_lvl+0x189/0x250
[ 1904.696818][T32075]  ? __pfx____ratelimit+0x10/0x10
[ 1904.696838][T32075]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1904.696858][T32075]  ? __pfx__printk+0x10/0x10
[ 1904.696893][T32075]  should_fail_ex+0x414/0x560
[ 1904.696917][T32075]  _copy_from_user+0x2d/0xb0
[ 1904.696942][T32075]  copy_from_sockptr_offset+0x66/0xa0
[ 1904.696969][T32075]  do_ipt_set_ctl+0x8ae/0xcd0
[ 1904.696999][T32075]  ? rcu_is_watching+0x15/0xb0
[ 1904.697018][T32075]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[ 1904.697059][T32075]  ? __pfx___mutex_lock+0x10/0x10
[ 1904.697080][T32075]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1904.697118][T32075]  nf_setsockopt+0x26f/0x290
[ 1904.697145][T32075]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1904.697171][T32075]  do_sock_setsockopt+0x179/0x1b0
[ 1904.697200][T32075]  __x64_sys_setsockopt+0x13f/0x1b0
[ 1904.697230][T32075]  do_syscall_64+0xfa/0x3b0
[ 1904.697248][T32075]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1904.697267][T32075]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1904.697285][T32075]  ? clear_bhb_loop+0x60/0xb0
[ 1904.697304][T32075]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1904.697327][T32075] RIP: 0033:0x7f0fe8d8e9a9
[ 1904.697343][T32075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1904.697359][T32075] RSP: 002b:00007f0fe9bab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1904.697379][T32075] RAX: ffffffffffffffda RBX: 00007f0fe8fb5fa0 RCX: 00007f0fe8d8e9a9
[ 1904.697393][T32075] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004
[ 1904.697405][T32075] RBP: 00007f0fe9bab090 R08: 00000000000002b3 R09: 0000000000000000
[ 1904.697417][T32075] R10: 0000200000000d40 R11: 0000000000000246 R12: 0000000000000001
[ 1904.697428][T32075] R13: 0000000000000000 R14: 00007f0fe8fb5fa0 R15: 00007fff39cce148
[ 1904.697457][T32075]  </TASK>
[ 1905.155574][ T5842] Bluetooth: hci6: command tx timeout
[ 1906.708663][T21991] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1906.721121][T21991] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1906.732437][T21991] bond0 (unregistering): Released all slaves
[ 1906.905092][T32007] chnl_net:caif_netlink_parms(): no params data found
[ 1907.021528][   T30] audit: type=1400 audit(1753351437.918:1345): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=32095 comm="syz.6.6769" daddr=::ffff:172.20.20.187
[ 1907.202765][ T5842] Bluetooth: hci6: command tx timeout
[ 1907.203677][T32103] netlink: 68 bytes leftover after parsing attributes in process `syz.9.6770'.
[ 1908.159596][T32007] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1908.205436][T32007] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1908.212748][T32007] bridge_slave_0: entered allmulticast mode
[ 1908.277035][T32007] bridge_slave_0: entered promiscuous mode
[ 1908.575860][T21991] hsr_slave_0: left promiscuous mode
[ 1908.601803][T21991] hsr_slave_1: left promiscuous mode
[ 1908.632186][T21991] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1908.645320][T21991] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1908.660842][T21991] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1908.669490][T21991] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1908.698531][T21991] veth1_macvtap: left promiscuous mode
[ 1908.704347][T21991] veth0_macvtap: left promiscuous mode
[ 1908.710256][T21991] veth1_vlan: left promiscuous mode
[ 1909.353085][T32132] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6778'.
[ 1909.519892][   T30] audit: type=1400 audit(1753351440.418:1346): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=32129 comm="syz.2.6778" daddr=::ffff:255.255.255.255 dest=20004
[ 1909.557105][T32135] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6779'.
[ 1909.585024][T32135] netlink: 20 bytes leftover after parsing attributes in process `syz.6.6779'.
[ 1910.521422][T32007] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1910.530984][T32007] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1910.548666][T32007] bridge_slave_1: entered allmulticast mode
[ 1910.558499][T32007] bridge_slave_1: entered promiscuous mode
[ 1910.600524][T32135] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1910.609762][T32135] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1910.618724][T32135] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1910.627505][T32135] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1910.724569][T32007] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1910.763942][T32007] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1910.949760][T32007] team0: Port device team_slave_0 added
[ 1910.971465][T32007] team0: Port device team_slave_1 added
[ 1911.062341][T32007] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1911.071163][T21991] IPVS: stop unused estimator thread 0...
[ 1911.074295][T32007] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1911.106819][T32007] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1911.130806][T32007] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1911.153282][T32007] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1911.183160][T32007] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1911.336361][T32146] netlink: 68 bytes leftover after parsing attributes in process `syz.9.6783'.
[ 1911.678483][T32007] hsr_slave_0: entered promiscuous mode
[ 1911.708107][T32007] hsr_slave_1: entered promiscuous mode
[ 1911.996272][T26198] usb 10-1: new full-speed USB device number 12 using dummy_hcd
[ 1912.005650][ T5952] usb 7-1: new high-speed USB device number 107 using dummy_hcd
[ 1912.169032][ T5952] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 201, using maximum allowed: 30
[ 1912.189546][T26198] usb 10-1: config 0 has an invalid interface number: 237 but max is 0
[ 1912.203862][ T5952] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1912.234868][T26198] usb 10-1: config 0 has no interface number 0
[ 1912.265234][ T5952] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1912.288527][T26198] usb 10-1: config 0 interface 237 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 10
[ 1912.322321][ T5952] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 201
[ 1912.335593][T26198] usb 10-1: config 0 interface 237 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1912.356679][ T5952] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1912.375037][T26198] usb 10-1: config 0 interface 237 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 10
[ 1912.400213][ T5952] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1912.408697][T26198] usb 10-1: config 0 interface 237 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1912.423257][T26198] usb 10-1: New USB device found, idVendor=045e, idProduct=84bd, bcdDevice=89.b6
[ 1912.433456][ T5952] usb 7-1: config 0 descriptor??
[ 1912.438672][T26198] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1912.447476][T26198] usb 10-1: Product: syz
[ 1912.455722][T26198] usb 10-1: Manufacturer: syz
[ 1912.494611][T26198] usb 10-1: SerialNumber: syz
[ 1912.503757][T26198] usb 10-1: config 0 descriptor??
[ 1912.517953][T26198] xpad 10-1:0.237: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[ 1912.530257][T26198] input: Generic X-Box pad as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.237/input/input44
[ 1912.538254][T32007] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1912.568183][T32007] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1912.583958][T32007] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1912.602435][T32007] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1912.726919][T22427] usb 10-1: USB disconnect, device number 12
[ 1912.788347][T32007] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1912.810587][T32007] 8021q: adding VLAN 0 to HW filter on device team0
[ 1912.837462][T13508] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1912.844641][T13508] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1912.882212][T13508] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1912.889468][T13508] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1912.934141][T32007] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1913.192748][T32007] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1913.343528][T32007] veth0_vlan: entered promiscuous mode
[ 1913.407939][T32007] veth1_vlan: entered promiscuous mode
[ 1913.414400][T32178] Invalid logical block size (768)
[ 1913.446042][ T5966] libceph: connect (1)[c::]:6789 error -101
[ 1913.452498][ T5966] libceph: mon0 (1)[c::]:6789 connect error
[ 1913.484606][T32007] veth0_macvtap: entered promiscuous mode
[ 1913.491521][T32180] ceph: No mds server is up or the cluster is laggy
[ 1913.503811][T32007] veth1_macvtap: entered promiscuous mode
[ 1913.589273][T32007] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1913.611036][T32007] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1913.673361][T32007] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1913.688307][T32007] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1913.697895][T32007] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1913.725252][T32007] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1913.844800][T32197] netlink: 'syz.8.6794': attribute type 10 has an invalid length.
[ 1913.860483][T32197] wlan1: mtu less than device minimum
[ 1913.870631][T32197] : (slave wlan1): Error -22 calling dev_set_mtu
[ 1913.930285][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1913.961275][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1914.034157][T21994] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1914.052414][T21994] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1914.239383][T32211] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6795'.
[ 1915.325702][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1915.540863][   T30] audit: type=1400 audit(1753351446.438:1347): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=32201 comm="syz.8.6795" daddr=::ffff:255.255.255.255 dest=20004
[ 1915.696195][ T5966] usb 7-1: USB disconnect, device number 107
[ 1916.108194][T32231] netlink: 'syz.1.6798': attribute type 12 has an invalid length.
[ 1916.116339][T32231] netlink: 'syz.1.6798': attribute type 29 has an invalid length.
[ 1916.124393][T32231] netlink: 148 bytes leftover after parsing attributes in process `syz.1.6798'.
[ 1916.135520][T32231] netlink: 'syz.1.6798': attribute type 2 has an invalid length.
[ 1916.143568][T32231] netlink: 43 bytes leftover after parsing attributes in process `syz.1.6798'.
[ 1916.175300][T32232] netlink: 'syz.9.6802': attribute type 12 has an invalid length.
[ 1916.183343][T32232] netlink: 'syz.9.6802': attribute type 29 has an invalid length.
[ 1916.191665][T32232] netlink: 148 bytes leftover after parsing attributes in process `syz.9.6802'.
[ 1916.913320][T32240] comedi comedi0: c6xdigio: a I/O base address must be specified
[ 1917.353044][T32240] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000031: 0000 [#1] SMP KASAN PTI
[ 1917.364994][T32240] KASAN: null-ptr-deref in range [0x0000000000000188-0x000000000000018f]
[ 1917.373410][T32240] CPU: 0 UID: 0 PID: 32240 Comm: syz.9.6804 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1917.385466][T32240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1917.395523][T32240] RIP: 0010:kasan_byte_accessible+0x12/0x30
[ 1917.401442][T32240] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 e9 d0 6b 49 09 cc 66 66 66 66 66 66 2e
[ 1917.421065][T32240] RSP: 0018:ffffc9000bd1f880 EFLAGS: 00010202
[ 1917.427133][T32240] RAX: dffffc0000000000 RBX: ffffffff8b685236 RCX: 8bcf385b418d3000
[ 1917.435100][T32240] RDX: 0000000000000000 RSI: ffffffff8b685236 RDI: 0000000000000031
[ 1917.443070][T32240] RBP: ffffffff825a2aed R08: 0000000000000001 R09: 0000000000000000
[ 1917.451034][T32240] R10: dffffc0000000000 R11: ffffed102815e623 R12: 0000000000000000
[ 1917.459001][T32240] R13: 0000000000000188 R14: 0000000000000188 R15: 0000000000000001
[ 1917.466969][T32240] FS:  00007f848ccb06c0(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000
[ 1917.475914][T32240] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1917.482489][T32240] CR2: 0000200000404030 CR3: 0000000069406000 CR4: 00000000003526f0
[ 1917.490488][T32240] DR0: 0000000000000000 DR1: 0000000000006800 DR2: 0000000000009951
[ 1917.498551][T32240] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1917.506524][T32240] Call Trace:
[ 1917.509796][T32240]  <TASK>
[ 1917.512729][T32240]  __kasan_check_byte+0x12/0x40
[ 1917.517580][T32240]  lock_acquire+0x8d/0x360
[ 1917.521997][T32240]  down_write+0x96/0x1f0
[ 1917.526237][T32240]  ? kernfs_remove_by_name_ns+0x3d/0x130
[ 1917.531866][T32240]  ? __pfx_down_write+0x10/0x10
[ 1917.536714][T32240]  ? kernfs_root+0x1c/0x230
[ 1917.541210][T32240]  ? kernfs_root+0x1c/0x230
[ 1917.545712][T32240]  ? kernfs_root+0x1ea/0x230
[ 1917.550293][T32240]  kernfs_remove_by_name_ns+0x3d/0x130
[ 1917.555752][T32240]  bus_remove_driver+0x198/0x2f0
[ 1917.560695][T32240]  comedi_device_detach+0x134/0x720
[ 1917.565894][T32240]  ? comedi_request_region+0x11a/0x180
[ 1917.571367][T32240]  comedi_device_attach+0x568/0x670
[ 1917.576569][T32240]  comedi_unlocked_ioctl+0x686/0xfc0
[ 1917.581852][T32240]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1917.587659][T32240]  ? __pfx_smack_log+0x10/0x10
[ 1917.592420][T32240]  ? smk_access+0x14c/0x4e0
[ 1917.596940][T32240]  ? rcu_is_watching+0x15/0xb0
[ 1917.601698][T32240]  ? trace_irq_disable+0x37/0x110
[ 1917.606722][T32240]  ? preempt_schedule_irq+0xde/0x150
[ 1917.611999][T32240]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1917.617708][T32240]  ? smack_file_ioctl+0x24a/0x340
[ 1917.622729][T32240]  ? irqentry_exit+0x74/0x90
[ 1917.627310][T32240]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1917.632511][T32240]  ? __se_sys_ioctl+0x52/0x170
[ 1917.637273][T32240]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1917.643071][T32240]  __se_sys_ioctl+0xf9/0x170
[ 1917.647660][T32240]  do_syscall_64+0xfa/0x3b0
[ 1917.652159][T32240]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1917.657432][T32240]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1917.663497][T32240]  ? clear_bhb_loop+0x60/0xb0
[ 1917.668174][T32240]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1917.674063][T32240] RIP: 0033:0x7f848bd8e9a9
[ 1917.678474][T32240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1917.698078][T32240] RSP: 002b:00007f848ccb0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1917.706486][T32240] RAX: ffffffffffffffda RBX: 00007f848bfb5fa0 RCX: 00007f848bd8e9a9
[ 1917.714449][T32240] RDX: 0000200000000540 RSI: 0000000040946400 RDI: 0000000000000003
[ 1917.722409][T32240] RBP: 00007f848be10d69 R08: 0000000000000000 R09: 0000000000000000
[ 1917.730374][T32240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1917.738341][T32240] R13: 0000000000000000 R14: 00007f848bfb5fa0 R15: 00007ffdd537deb8
[ 1917.746314][T32240]  </TASK>
[ 1917.749334][T32240] Modules linked in:
[ 1917.754486][T32240] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1917.796498][T32240] RIP: 0010:kasan_byte_accessible+0x12/0x30
[ 1917.802565][T32240] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 e9 d0 6b 49 09 cc 66 66 66 66 66 66 2e
[ 1917.823605][T32240] RSP: 0018:ffffc9000bd1f880 EFLAGS: 00010202
[ 1917.829911][T32240] RAX: dffffc0000000000 RBX: ffffffff8b685236 RCX: 8bcf385b418d3000
[ 1917.868055][T32246] netlink: 44 bytes leftover after parsing attributes in process `syz.6.6807'.
[ 1917.895342][T32246] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6807'.
[ 1917.904302][T32246] netlink: 20 bytes leftover after parsing attributes in process `syz.6.6807'.
[ 1917.940069][T32240] RDX: 0000000000000000 RSI: ffffffff8b685236 RDI: 0000000000000031
[ 1917.964373][T32240] RBP: ffffffff825a2aed R08: 0000000000000001 R09: 0000000000000000
[ 1918.195145][T32240] R10: dffffc0000000000 R11: ffffed102815e623 R12: 0000000000000000
[ 1918.203192][T32240] R13: 0000000000000188 R14: 0000000000000188 R15: 0000000000000001
[ 1918.211446][T32240] FS:  00007f848ccb06c0(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[ 1918.220502][T32240] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1918.227463][T32240] CR2: 0000200000404030 CR3: 0000000069406000 CR4: 00000000003526f0
[ 1918.238782][T10761] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1918.265039][T32240] DR0: 0000000000000000 DR1: 0000000000006800 DR2: 0000000000009951
[ 1918.273070][T32240] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1918.295364][T10761] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1918.306496][T32240] Kernel panic - not syncing: Fatal exception
[ 1918.312865][T32240] Kernel Offset: disabled
[ 1918.317211][T32240] Rebooting in 86400 seconds..