last executing test programs:

19m42.20748677s ago: executing program 32 (id=898):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c000000120005f700000000004a000000000000", @ANYRES16=r0, @ANYRES64=r0, @ANYRESOCT=r0], 0x3c}}, 0x0)
r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000640), 0x80, 0x0)
ioctl$TCSETSW(r1, 0x5433, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
r4 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8)
r5 = getpgrp(0x0)
sched_setaffinity(r5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r7 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r7, 0x1, 0x0)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
kcmp$KCMP_EPOLL_TFD(r5, r7, 0x7, 0xffffffffffffffff, 0x0)
sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0)

19m28.129306189s ago: executing program 3 (id=953):
r0 = socket(0x10, 0x2, 0x0)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000040), 0x4)
socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
write(r0, &(0x7f0000000000)="240000001d005f80004000000000000002000000010000000000080008000100", 0x20)

19m23.264132084s ago: executing program 3 (id=957):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9, 0x84, 0x144}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000dc0)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000d40), 0x21800, r0}, 0x38)

19m19.983231109s ago: executing program 3 (id=967):
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendmmsg$inet(r3, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0xffe3}], 0x1}}], 0x1, 0x4000800)

19m18.741815313s ago: executing program 3 (id=969):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000280))
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x80, &(0x7f0000000080), 0x0, 0x0, 0xfffffffffffffdc7}, 0xcc6684230f858bdc)

19m18.546177177s ago: executing program 3 (id=970):
ioprio_set$uid(0x3, 0x0, 0x6400)
ioprio_get$pid(0x1, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x140, 0x1a0)
r5 = fanotify_init(0x8, 0x8001)
fanotify_mark(r5, 0x105, 0x40001032, r4, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)

19m15.633544719s ago: executing program 3 (id=974):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x81)
close(r0)
r1 = socket$caif_stream(0x25, 0x1, 0x1)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
write$binfmt_script(r0, &(0x7f0000000340)={'#! ', './file0'}, 0xb)
r2 = socket$nl_route(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a1)
mount$cgroup2(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x800010, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', 0x0)
lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@random={'user.', '!\x00'}, &(0x7f0000000080)='cgroup2\x00', 0x8, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x200202, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r3=>0x0})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{0x0, 0x2}, 'syz1\x00', 0x40})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5800000055003d07000000000001000007000000", @ANYRES32, @ANYBLOB="20000280", @ANYRES32=r5, @ANYBLOB="0000000000000000000000000a005bb27bee004319ab0014200001"], 0x58}}, 0x0)
readv(r5, &(0x7f0000000080)=[{&(0x7f0000000240)=""/79, 0x4f}], 0x1)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000001a0001002dbd70000000000081808000000000000000008008000f"], 0x24}, 0x1, 0x0, 0x0, 0x20008004}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a4c000000060a0904000000000000000002000000200004801c0001800a00010072616e67650000000c0002800800d02217f00140000000000900010073797a30000000000900020073797a320000000014000000110001000000000000000000"], 0x74}}, 0x4004890)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000500)={'veth0_to_bridge\x00', @broadcast})
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=@newlink={0x30, 0x10, 0x20, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x503}, [@IFLA_GSO_MAX_SIZE={0x49, 0x29, 0x77a85}, @IFLA_LINK={0x8, 0x5, r3}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004800}, 0x4000004)

19m0.552180034s ago: executing program 33 (id=974):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x81)
close(r0)
r1 = socket$caif_stream(0x25, 0x1, 0x1)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
write$binfmt_script(r0, &(0x7f0000000340)={'#! ', './file0'}, 0xb)
r2 = socket$nl_route(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a1)
mount$cgroup2(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x800010, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', 0x0)
lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@random={'user.', '!\x00'}, &(0x7f0000000080)='cgroup2\x00', 0x8, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x200202, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r3=>0x0})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{0x0, 0x2}, 'syz1\x00', 0x40})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5800000055003d07000000000001000007000000", @ANYRES32, @ANYBLOB="20000280", @ANYRES32=r5, @ANYBLOB="0000000000000000000000000a005bb27bee004319ab0014200001"], 0x58}}, 0x0)
readv(r5, &(0x7f0000000080)=[{&(0x7f0000000240)=""/79, 0x4f}], 0x1)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000001a0001002dbd70000000000081808000000000000000008008000f"], 0x24}, 0x1, 0x0, 0x0, 0x20008004}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a4c000000060a0904000000000000000002000000200004801c0001800a00010072616e67650000000c0002800800d02217f00140000000000900010073797a30000000000900020073797a320000000014000000110001000000000000000000"], 0x74}}, 0x4004890)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000500)={'veth0_to_bridge\x00', @broadcast})
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=@newlink={0x30, 0x10, 0x20, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x503}, [@IFLA_GSO_MAX_SIZE={0x49, 0x29, 0x77a85}, @IFLA_LINK={0x8, 0x5, r3}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004800}, 0x4000004)

16m30.946458897s ago: executing program 2 (id=1376):
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200500, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
socket$packet(0x11, 0x3, 0x300)
socket(0x11, 0x800000003, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x15, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180200001e00000000000000000000007a02500003ffffff950000000016001b049cb83bd81ee7a5588a"], &(0x7f0000000080)='GPL\x00', 0x4, 0x98, &(0x7f00000001c0)=""/152, 0x40f00}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x69, 0x0, 0xfe}, {0x6}]})
r0 = io_uring_setup(0x5594, &(0x7f0000000080)={0x0, 0x10000000, 0x1, 0x200000, 0x229})
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000000)=[r0], 0x1)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x1}, 0x94)

16m30.656551057s ago: executing program 2 (id=1377):
syz_open_dev$vcsa(&(0x7f0000002900), 0x1, 0x40000)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x10, &(0x7f0000006680))
r0 = mq_open(&(0x7f0000000100)='&\x00', 0x40, 0x0, 0x0)
mq_notify(r0, 0x0)
syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e0000000000000000180100", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a00000014000780050015000000000008001240"], 0x60}}, 0x0)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5cb000)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NLBL_CALIPSO_C_LISTALL(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="24e1f0bdb43305617b6d000000", @ANYRES16=r4, @ANYBLOB="655727bd70007cdbdf250400000008000200020000000800010000000000"], 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000853)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$dri(0x0, 0x1, 0x0)
r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCDELRT(r6, 0x890c, 0x0)
creat(&(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0xf21963aaf523cb02)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket(0x1, 0x5, 0x0)
epoll_create1(0x80000)

16m29.321876903s ago: executing program 2 (id=1378):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000440)='\x00'/14, 0xe)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$L2TP_CMD_SESSION_CREATE(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x280000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x3c, 0x0, 0x8, 0x70bd25, 0x25dfdbfc, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x7}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e21}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e22}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4080)

16m28.266683276s ago: executing program 2 (id=1379):
r0 = socket(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x14)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4)
sendmsg$netlink(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="0201"], 0xdd12}], 0x1, 0x0, 0x0, 0x4000007}, 0x0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendto$inet(r0, &(0x7f0000000740)="22e18d6c8ff95f2692a2b5fc16516c33d2ff34f0df4da6ae9b0af96d01a042e39b9fe3a2d318b42bca2090e2f6ea6c0549f5aa49bfc8062b348fc38a0bbc553425c6f909ce59e9c44de42887eefc2e6b242c3bf50e95288fb289c12811494f796fe5418bd19dbb20f8cc2f28d427ce65141ce7b8948eae72c665a5070e3e82a149d841fc36b25a439f3e5bc1945f7a1155537f7ee86df76689377d2326957c07b97c9d52f072114d7baa591e286505900a73aaff0cd71ef983468a9891c41cef4915fdae16c4ad076f51ecb2eeebf809a867f68d2c", 0xd5, 0x40088c0, &(0x7f0000000340)={0x2, 0x4e21, @rand_addr=0x64010102}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$NL80211_CMD_NEW_MPATH(r3, &(0x7f0000000880)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000900)=ANY=[@ANYRESDEC, @ANYRES16=r0], 0x14}, 0x1, 0x0, 0x0, 0x4048809}, 0x8040)
ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f0000000a00))
sendmsg$TIPC_CMD_GET_NETID(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x4, 0x70bd2b, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x44845}, 0x20000800)
r4 = socket$l2tp(0x2, 0x2, 0x73)
writev(r4, &(0x7f00000004c0)=[{&(0x7f00000001c0)="fbac1646904b38c9daed51d69f64accd884306d5d1b5786b76ab3b6431c73be7e0afe6cbd2f4cd9d27226247b9729288cd6ab75f9fada7870ec7f4aba1cd8b3130edc2d9bbfe8f111c37fa5a80fe31621de5f1f501ded0395ce32afe346345b75a3ae5ae61fd90d9e17f9d8b2447d5e01a47821d8bc6f91efc42", 0x7a}, {&(0x7f00000006c0)="5abf82fc26695be0fe48efba4299c784f5987f31028901000000000000008000003f96345c1537407c9fc1d60fbf4e398e4de49d3b9b976ccddbfcde586f1a229a1cbe0c382a32add71b4299432d34f2a5d9a04fa002466b735e06749176de4390bd034e4aa5ec9970f80d7118655e49d3", 0x27}, {&(0x7f00000002c0)="5ead4db83d6d6275d0305945c6a4c643753e5e21bac3722f7fdc82c4673520259ba2b174a0a0d6102d6f114bb8fa6e0dfc8b9e2e75b9dc04ec68d375974ccdfadae9b23cd5ba2cc8dab1885b7a93a4379dbd724b3aa2a0654fba8b07e201c498e98b4ffc12a660", 0x67}, {&(0x7f0000000600)="a4fe5baba80f4a9bcd5bf1736d566d185050263b57c946ddb8e58ca4190cdffd51fa19714c8b4343a12071a45bd0a0e89f8b03983ab426af1e2b9d68289c4abea3f0342f2519dfceff41b6540067f8a58d93a2398200970c1d8291f837b50e94518ff2b584ddc43a526d5e1645d4067bba81e2d1082dce024cb0a87f85aba1f264164d1a5761aa76e658252c6458d88beef4cd20d5e11a01cdf03bab626457b1ee76424782b459341e95bd7b1c62e7822204e6", 0xb3}, {&(0x7f0000000400)="73f2d95c448d6e1364dfb76c6d9960b727fe343473381f2d3256ab9422b2d36db928e6b2d51912a630a3c050104c0347f2954f74e7b0bfbb5f8f6352d1eb0374f1e763d547cc470fc307aad7e3256ef008dff4738ba9861661984f5471a234534b316c4cc4102db3f440f5f8412cf7a6a3050ba727c43e01f7ff038875b09523a49023a4275337a19e7e5b3e8ce766", 0x8f}], 0x2a)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r5, 0x25, 0x0)

16m27.923529399s ago: executing program 2 (id=1380):
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x4)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x3938700}}, 0x0)

16m27.526150684s ago: executing program 2 (id=1384):
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x1, 0x20000)
pipe(&(0x7f0000001540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
splice(r3, 0x0, r2, 0x0, 0x406f413, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x1, 0x0, 0x3}, 0xe)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000000)=0x41dc, 0x4)
r5 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'syzkaller0\x00', <r6=>0x0})
openat(r1, &(0x7f0000000380)='./file0\x00', 0x200000, 0x5)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r6, {0xa, 0x9}, {0xa}, {0xc, 0x8}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x6000c014}, 0x20000000)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000340)={'syztnl2\x00', &(0x7f0000000280)={'ip6_vti0\x00', r6, 0x4, 0x6, 0x10, 0x2, 0x20, @private0, @private0, 0x7800, 0x1, 0x3, 0x7a}})
ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f0000000100)=0x8d9)
r7 = socket$netlink(0x10, 0x3, 0x10)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001c00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0xfffd}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x38, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_MASK={0x4}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x10c}}, 0x0)
ioctl$SIOCGSTAMPNS(r7, 0x8907, &(0x7f0000000180))
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
close(0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0x7, &(0x7f00000014c0)=""/4101, 0x0, 0xc}, 0x94)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmmsg$inet_sctp(r10, &(0x7f00000024c0)=[{&(0x7f0000000140)=@in6={0xa, 0x4e23, 0x5, @remote, 0xd39}, 0x1c, &(0x7f0000000780)=[{&(0x7f0000000700)="7bd4", 0x2}], 0x1, &(0x7f00000007c0)=[@dstaddrv4={0x18, 0x84, 0x7, @loopback}], 0x18, 0x20004004}], 0x1, 0x40804)
sendmsg$DEVLINK_CMD_RATE_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r9, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

16m10.850746654s ago: executing program 34 (id=1384):
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x1, 0x20000)
pipe(&(0x7f0000001540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
splice(r3, 0x0, r2, 0x0, 0x406f413, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x1, 0x0, 0x3}, 0xe)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000000)=0x41dc, 0x4)
r5 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'syzkaller0\x00', <r6=>0x0})
openat(r1, &(0x7f0000000380)='./file0\x00', 0x200000, 0x5)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r6, {0xa, 0x9}, {0xa}, {0xc, 0x8}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x6000c014}, 0x20000000)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000340)={'syztnl2\x00', &(0x7f0000000280)={'ip6_vti0\x00', r6, 0x4, 0x6, 0x10, 0x2, 0x20, @private0, @private0, 0x7800, 0x1, 0x3, 0x7a}})
ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f0000000100)=0x8d9)
r7 = socket$netlink(0x10, 0x3, 0x10)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001c00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0xfffd}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x38, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_MASK={0x4}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x10c}}, 0x0)
ioctl$SIOCGSTAMPNS(r7, 0x8907, &(0x7f0000000180))
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
close(0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0x7, &(0x7f00000014c0)=""/4101, 0x0, 0xc}, 0x94)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmmsg$inet_sctp(r10, &(0x7f00000024c0)=[{&(0x7f0000000140)=@in6={0xa, 0x4e23, 0x5, @remote, 0xd39}, 0x1c, &(0x7f0000000780)=[{&(0x7f0000000700)="7bd4", 0x2}], 0x1, &(0x7f00000007c0)=[@dstaddrv4={0x18, 0x84, 0x7, @loopback}], 0x18, 0x20004004}], 0x1, 0x40804)
sendmsg$DEVLINK_CMD_RATE_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r9, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

14m57.116465872s ago: executing program 0 (id=1597):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_GET_HW_INFO(r1, 0x3b8a, &(0x7f0000000380)={0x28, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r5, 0x80047c05, &(0x7f0000000080)=<r6=>0xffffffffffffffff)
capset(0x0, 0x0)
ioctl$MEDIA_REQUEST_IOC_QUEUE(r6, 0x7c80, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r7, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x4, 0x600, 0x1}}, 0x20)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[], 0x6c}, 0x1, 0x0, 0x0, 0x4}, 0x20000004)

14m56.003821715s ago: executing program 0 (id=1598):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300))
unshare(0x22020600)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="170000000000000004000000ff00000000000000", @ANYRES32, @ANYBLOB="8700"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000025cddc8b86d1ba8a63df2db8623876ef212af72a0dafa80bd7300dcfda4bc2d38221db8b4ab12fbe29cdaa05000000000000002bdfe0cb7df7605cd457ee163abac6229786e1a948457a993f2f559bf7356ec2faa20538eba5b3fd7c55b059ddf9dde54bcef421d65c17d6dc30636f7ed029ce9722804c53883901908beeb57df88ab0e449da"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, <r1=>0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000200)={r1, 0x0, &(0x7f0000001780)=""/4096}, 0x20)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5, r2})
r3 = socket$netlink(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000080)=0x1000, 0x4)

14m55.933691075s ago: executing program 0 (id=1599):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3c01}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000380)={0x24, 0x0, &(0x7f0000000200)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x455}}, 0x0, 0x0}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000740)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4800000010000104000000000100000000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000280012800b000100697036746e6c00001800028014000300ff"], 0x48}}, 0x0)

14m54.797573894s ago: executing program 0 (id=1603):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, &(0x7f0000000180))

14m54.666269724s ago: executing program 0 (id=1604):
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x2})
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000180)={0x53, 0xfffffffffffffffd, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)="b969aa80a65e", 0x0, 0xfffffff9, 0x0, 0x3, 0x0})
unshare(0x20000400)
pwritev(r0, &(0x7f0000000480)=[{&(0x7f00000001c0)="e7", 0x1}], 0x1000000000000020, 0xfffffffe, 0x80)
r2 = shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
shmdt(r2)
shmdt(r2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f40)=ANY=[@ANYBLOB="60000000030801010000000000000000030000000600024088e700003c00048008000a400000000908000a40000000010800034000000008080008400000000008000140000000070c000b4000007fff08000240000000000500030006"], 0x60}}, 0x0)
r4 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000001080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x5543, 0x81, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x80, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB="2d696f200672646d61202d6370756163637420b370696468202b6d656d6f7279202b64757669636573202d646576696365"], 0x4c)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount(&(0x7f00000001c0), &(0x7f00000006c0)='./file0\x00', &(0x7f0000000800)='9p\x00', 0x0, &(0x7f0000000900)='trans=tcp,')
syz_usb_control_io(r4, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x7, {0x7, 0x0, "392cdaab4a"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000380)={0x24, 0x0, &(0x7f0000000440)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)

14m54.045723306s ago: executing program 0 (id=1610):
r0 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x26020400)
ppoll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x124b}], 0x1, &(0x7f0000000100)={0x0, 0x3938700}, 0x0, 0x0)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, &(0x7f0000000040))
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="38000000031401002dbd700200000025090002007379fb0000000000080041007278650014003300626f6e645f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x2040100}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f00000000c0)=0x9, 0x4)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newlink={0x44, 0x10, 0x44b, 0xffffffff, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x1840, 0x42c04}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERY_USE_IFADDR={0x5}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0x24)

14m37.738692745s ago: executing program 35 (id=1610):
r0 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x26020400)
ppoll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x124b}], 0x1, &(0x7f0000000100)={0x0, 0x3938700}, 0x0, 0x0)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, &(0x7f0000000040))
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="38000000031401002dbd700200000025090002007379fb0000000000080041007278650014003300626f6e645f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x2040100}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f00000000c0)=0x9, 0x4)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newlink={0x44, 0x10, 0x44b, 0xffffffff, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x1840, 0x42c04}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERY_USE_IFADDR={0x5}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0x24)

11m33.784046362s ago: executing program 5 (id=1992):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
r1 = socket(0x40000000015, 0x5, 0x0)
r2 = epoll_create(0x1e)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000180)={0x10000000})
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$igmp(0x2, 0x3, 0x2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x1c, r5, 0x105, 0xffffffff, 0xa, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x4004050)
socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000040)=ANY=[@ANYBLOB="180000001400090527bd7000fddbdf25021800cbdd95914f79fba2f1087fb98aaeebb6593f57287d170d5c8215d1cbb88694c9aac6caa670ab8c951a717379b5659e537295a15f5fd2026449706384c5ab6fbd536edeae83a732fef264c538d9e7e0bee6d240d7fff8ebf3402e5f1522594353e1e25663e7a6d2f4e8ffa79993653df0c29f84d022ee2fd2bdae68452c7d4e83d1c1666184305553006979aa3faf8a69dc533b83d430917608521c290b613c4054aec54d011b1df6807d3438e76f4c2c31a7840f3a76c99d833f2856583a78026a95da144b47367f6b157299", @ANYRES32=0x0], 0x18}, 0x1, 0x0, 0x0, 0x4040014}, 0x0)
r7 = getpgrp(0x0)
sched_setaffinity(r7, 0x8, &(0x7f0000000040)=0x5)
prlimit64(r7, 0xe, &(0x7f0000000100)={0xa, 0x80000100008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = getpid()
sched_setscheduler(r8, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r9 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r9, 0x1, 0x0)
r10 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r10, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r11=>0xffffffffffffffff})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000000700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
sendmsg$inet(r11, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000640)}], 0x1}, 0x3)
setsockopt$inet_mreq(r3, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)

11m27.687023393s ago: executing program 5 (id=1999):
r0 = socket(0x2, 0x3, 0xff)
sendmmsg$inet(r0, &(0x7f0000004a80)=[{{&(0x7f0000000080)={0x2, 0x4e1d, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000140)="639a68bf7871573aa5415ce7b0bf185e7f592193", 0x14}], 0x1, &(0x7f0000000000)=[@ip_ttl={{0x14, 0x0, 0x34, 0x2}}, @ip_tos_u8={{0x11}}], 0x30}}], 0x1, 0x40048c0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
open(0x0, 0x80000, 0x40)
listen(r1, 0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5000000010004b0429bd7000000000007a00000056483e953fdb2bba155c566a1cff94b1606a2bff26cd828e02fe9f6af5a61fb8e2c7aff872d65bfad866fcbda438e9a158478516d651634815b2d57e5c2a3e80ea177a502ca3e8a5667006171de8a8f98f2fe15a42bc516901441c31c4413fb9e6b91afe69a827d971a445407bb70d4e803221d1c00980e1df79da1b6083013870a79e559aacff7ebded55db28d0734272c195402d1e700bbbf0d2c6e91f65cdb791fd97ce807386efdd9411ac7df139c6252695361e716277293a510fbf6d8cd6dde5f253a568d827ce40138a6fa7", @ANYRES32=0x0, @ANYBLOB="09a0010006800000300012800c0001006d6163766c616e00200002801c0005800a000400aaaaaaaaaabb00000a0004000000000000000000"], 0x50}}, 0x20000000)
syz_emit_ethernet(0x4e, &(0x7f0000001100)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x18, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}]}}}}}}}}, 0x0)

11m15.891158175s ago: executing program 7 (id=2032):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x10000000000)
mremap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000084c000/0x3000)=nil)
syz_io_uring_setup(0x254c, &(0x7f0000000000)={0x0, 0x7c87, 0x800, 0x0, 0x39}, &(0x7f0000000080), &(0x7f00000001c0))
socket$alg(0x26, 0x5, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1ff)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8)
timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={{}, {0x0, 0x989680}}, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)="d800000018007b18e00212ba0d8105040a871100fe0f040b067c55a1bc0009001e0006990300000015000500fe800000000100000300014002000c59c266cd3e72d30901a8040098007f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090080001fb791643a5ee4b11602b2a10c11ce1b14d6d130dfe1d9d322fe04fba8cae8c9010000734d7a50f4fa61ee8362969ad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6cdd40dd60105e9f16e9cb58000000000000000000000000000be", 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0)
prlimit64(r1, 0xf, &(0x7f0000000200)={0x3, 0xfffffffffffffffb}, &(0x7f0000000240))
r6 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
linkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x400)
ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, 0x0)
syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0)

11m14.176971599s ago: executing program 7 (id=2033):
r0 = syz_open_dev$video(0x0, 0x8, 0x8000)
ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006fb68440e11d02c1947d0102030109021b00"], 0x0)

11m11.730218863s ago: executing program 5 (id=2034):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$sock_buf(r0, 0x1, 0x37, 0xfffffffffffffffd, &(0x7f0000000000)=0x2100)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/timers\x00', 0x0, 0x0)
tee(r3, r0, 0x10, 0x6)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r1, 0x0, 0x5001)
socket$kcm(0x10, 0x2, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
lseek(r4, 0x10000000005, 0x0)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r5, 0x0, 0x0, 0x20000800, &(0x7f0000000280)={0xa, 0x4e03, 0x5, @private2, 0x9}, 0x1c)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a70000000090a010400000000000000000a0000040900020073797a310000000008000a40000000020900010073797a3100000000080005400000000b2c00128014000180090001006c61737400000000e59e44e4d701d0690c000100636f756e726572000400028008000340000001"], 0x98}, 0x1, 0x0, 0x0, 0x4044050}, 0x40)

11m10.45370041s ago: executing program 5 (id=2039):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
ptrace$ARCH_MAP_VDSO_32(0x1e, r0, 0x10000, 0x2002)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prlimit64(r0, 0x0, &(0x7f0000000040)={0x1800000000, 0x4}, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00')
read(r3, &(0x7f0000001180)=""/4096, 0x1000)

11m10.301937505s ago: executing program 7 (id=2041):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x1b, &(0x7f0000000180)=0x100000001, 0x4)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r5, &(0x7f00000034c0)={0x2020}, 0x2020)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'bridge0\x00'})
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r6}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b70300000000002085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0xd6, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0xa0}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)

11m9.155109094s ago: executing program 5 (id=2043):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') (fail_nth: 1)

11m8.090931565s ago: executing program 7 (id=2045):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000200)={0x2a, 0x4, 0xfffffffe}, 0xc)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0})
io_uring_enter(0xffffffffffffffff, 0x3498, 0x969, 0x0, 0x0, 0x0)

11m7.838711642s ago: executing program 7 (id=2047):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000180)={0x28, 0x6, r1, 0x0, &(0x7f0000000300)="ea", 0x1, 0x7a})
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="c4000000190003000000000000000000e00004020000000000000000000000000000000000000000000000000000000000000000000000000a00000087000000713712361281e600e0e77658dc856eb5bea6fc3e5a2367f5dd680947c2031a075bdf500f791cb31105a53d61d223671aa67f8e814d42c8ad787c432a0ca419b24a452c12423f0f5565312ec81b4523e724224753fb1f7343a5eb7b99c2bbff35ea10c61a1477e4cef535196ba604b75b5ef8a3e40ebbb95020f843ee48c7cc27ab58b4419c0616113e3450141be43f4278c4a056e48225fd56d1492639463e9f76ba80461b7a7a58e80b8e4e70bf25c11e186c1ec847319c602629adccff551092658e09cadefb29fa46bb3d37c66fa83dcdd53f25cfa8", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbffffffffffffff0000000000000000000000000000000000000000000000020000000000000000000000000000000000000100000000000c0015005c07350081000000"], 0xc4}}, 0x2c000010)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
get_mempolicy(0x0, 0x0, 0x9, &(0x7f0000ffb000/0x2000)=nil, 0x7)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in=@rand_addr=0x64010102, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, 0x0, 0x6e6bb5}}, 0xb8}}, 0x0)
syz_io_uring_setup(0x2789, &(0x7f0000000100)={0x0, 0x1c26, 0x10, 0x0, 0x22, 0x0, r3}, &(0x7f00000002c0), &(0x7f0000000340))
dup(r3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0xffffd000)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x1, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x2)
io_setup(0x6, &(0x7f00000000c0))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

11m4.431648336s ago: executing program 5 (id=2051):
ioctl$BLKCRYPTOPREPAREKEY(0xffffffffffffffff, 0xc040128b, &(0x7f0000000300)={&(0x7f0000000140)="4c95a8fb36465ad35356e932b98b161f4d", 0x11, 0x0})
syz_emit_ethernet(0x4a, &(0x7f00000004c0)=ANY=[], 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000001c0)={'veth0\x00', 0x0})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x5, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cc, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x20012a3, 0x6, 0x1000, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x4, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x2, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x1, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801], [0x5, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0x100fff, 0x10000a, 0x2, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd100, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x1, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0x5, 0x7fffffff, 0x100009, 0xc, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x0, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0x3, 0x4, 0xfffffff9, 0x9, 0x0, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff000800034000000038540000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002800038024000080040002800400078004000180080003"], 0xe8}, 0x1, 0x0, 0x0, 0x404c005}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r2 = openat$incfs(0xffffffffffffffff, &(0x7f0000000100)='.pending_reads\x00', 0x84340, 0x120)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000500)={'macsec0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000440)={0x0, 0x600, &(0x7f0000000240)={&(0x7f0000000480)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x2000, {0x0, 0x0, 0x74, r4, {0xfffd, 0x2}, {0x10, 0xfff1}, {0xfff2, 0x3}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x14004804}, 0x840)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f0000000340)={'syztnl2\x00', r4, 0x4, 0x3, 0x6, 0x2322, 0x49, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @mcast2, 0x40, 0x1, 0x4, 0x3}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304})
r8 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='freezer.self_freezing\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x3e, &(0x7f0000000240)=r9, 0x4)
sendmsg$inet6(r8, &(0x7f00000002c0)={&(0x7f0000000080)={0xa, 0x4e21, 0x74, @private2, 0xffff}, 0x1c, &(0x7f0000000000)=[{0x0}], 0x1}, 0x8054)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r10 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r11 = dup(r10)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r12, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000400)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r10, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)

11m3.901845224s ago: executing program 7 (id=2053):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newlink={0x48, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x215, 0x1644}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FWMARK={0x8, 0x14, 0x4}, @IFLA_IPTUN_FLAGS={0x6, 0x8, 0xd}]}}}, @IFLA_MTU={0x8, 0x4, 0x9}]}, 0x48}, 0x1, 0xba01, 0x0, 0x24000801}, 0x800)

10m47.439685961s ago: executing program 36 (id=2051):
ioctl$BLKCRYPTOPREPAREKEY(0xffffffffffffffff, 0xc040128b, &(0x7f0000000300)={&(0x7f0000000140)="4c95a8fb36465ad35356e932b98b161f4d", 0x11, 0x0})
syz_emit_ethernet(0x4a, &(0x7f00000004c0)=ANY=[], 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000001c0)={'veth0\x00', 0x0})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x5, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cc, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x20012a3, 0x6, 0x1000, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x4, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x2, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x1, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801], [0x5, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0x100fff, 0x10000a, 0x2, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd100, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x1, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0x5, 0x7fffffff, 0x100009, 0xc, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x0, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0x3, 0x4, 0xfffffff9, 0x9, 0x0, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff000800034000000038540000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002800038024000080040002800400078004000180080003"], 0xe8}, 0x1, 0x0, 0x0, 0x404c005}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r2 = openat$incfs(0xffffffffffffffff, &(0x7f0000000100)='.pending_reads\x00', 0x84340, 0x120)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000500)={'macsec0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000440)={0x0, 0x600, &(0x7f0000000240)={&(0x7f0000000480)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x2000, {0x0, 0x0, 0x74, r4, {0xfffd, 0x2}, {0x10, 0xfff1}, {0xfff2, 0x3}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x14004804}, 0x840)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f0000000340)={'syztnl2\x00', r4, 0x4, 0x3, 0x6, 0x2322, 0x49, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @mcast2, 0x40, 0x1, 0x4, 0x3}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304})
r8 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='freezer.self_freezing\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x3e, &(0x7f0000000240)=r9, 0x4)
sendmsg$inet6(r8, &(0x7f00000002c0)={&(0x7f0000000080)={0xa, 0x4e21, 0x74, @private2, 0xffff}, 0x1c, &(0x7f0000000000)=[{0x0}], 0x1}, 0x8054)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r10 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r11 = dup(r10)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r12, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000400)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r10, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)

10m47.353738406s ago: executing program 37 (id=2053):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newlink={0x48, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x215, 0x1644}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FWMARK={0x8, 0x14, 0x4}, @IFLA_IPTUN_FLAGS={0x6, 0x8, 0xd}]}}}, @IFLA_MTU={0x8, 0x4, 0x9}]}, 0x48}, 0x1, 0xba01, 0x0, 0x24000801}, 0x800)

3m36.262650986s ago: executing program 6 (id=3436):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
preadv(r1, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
recvmsg(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)}, 0x40000101)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3m34.063490943s ago: executing program 6 (id=3441):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010018000000000000002c0000002c00000005000000030000000000001103000000ffffffff000000000000000200000000010000000000000e0200ffec01000000005f2e61"], 0x0, 0x49}, 0x28)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a)
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x18, r4, 0x301, 0x70bd28, 0x25dfdbfe, {0x1c}, [@HEADER={0x4}]}, 0x18}}, 0x20000034)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="c801000010000100"/20, @ANYRES32, @ANYBLOB="0000000000000000a8011a80a40102803c00018008"], 0x1c8}}, 0x0)
openat$userio(0xffffffffffffff9c, 0x0, 0x22242, 0x0)
r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r6, &(0x7f0000000180)={0x1a, 0x0, 0x3, 0xc, 0x2, 0x0, @multicast}, 0x10)
recvmmsg(r6, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}, 0xffff}], 0x57, 0xc0013181, 0x0)
sendmmsg(r6, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)

3m33.498347767s ago: executing program 1 (id=3443):
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20050840)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="102000003e0007012ebd700000000000017c000004004280100001800c0006000600000000000000e81f02"], 0x2010}, 0x1, 0x0, 0x0, 0x4048011}, 0xc084)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)

3m32.564684665s ago: executing program 1 (id=3445):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
removexattr(&(0x7f0000000940)='./file0\x00', &(0x7f0000000000)=@known='system.posix_acl_access\x00')

3m32.530826392s ago: executing program 6 (id=3446):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[], 0x48)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, 0x0, 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
pread64(r2, &(0x7f0000001840)=""/4096, 0x1000, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x6, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000003000000850000001c00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140), 0xa2040, 0x0)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$sock_inet_sctp_SIOCINQ(r4, 0x541b, &(0x7f0000000380))
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f00000002c0)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002502000020feffff7a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe5d6405000000000075040000000d00000700200000000000b70400001000e5207b0700fe00000010850000008a000000b70000000a00000095000000000000006458c2c62fc206000000f909a63796c113a80c19aab9d60700ffffffff483be3f0d3253730e78000000062c28b22756bedf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766aeb39439fce41f144631ac262dcae08c3d1a1fbe96dd87235b44174f7c013700e69274f8e9c31975e551558055dc2dc29edc33b375fa325dcf3e91e20f63d7030dbe7ff7f51fe89c3d17cf45a1616ad237682057034dfdc81f5a53cd640212c88e8b687a2446049577c75b76b775c1e301caf2465ed4b2ad56b848d046c52bfc3737127120ab17d82a294d174f240a3cdc725cfe6e839a1f80f59486578e45b008d39ab618f660e3c53ed4409aa92ae4fecd913060ca74ed8a303e22de12087a217d8d7be0ae1117cc791313b1318497dd5ebeef0d7e1795a6ff20f699870ebb137cffa79465da52ab2b3430ba0ba59152496a1ea5dd1e4dee46f6d3688603b5f25a588a31da4e481884074e211dd09a8b8039d0834507656ed7d552a990c1354d7638b2c2215dd9f606b01a92fabc6eb6fa033a86f8920e2168a80d7c86da5ad1d27c8d2a180e56046a49b989128ea736894d3eef8dca16ed63520be4654ddb14bfe4268c487c5a75c044e21021c089608c50adbc4e3f4c6a4ca86c7d2df5bc7c76e413d05e8f57b1e22d4af34f9d4d2e6e4d4f57f47aebdd5f98f67834c656b2fe09df4a1b15116fceaa404a6df278c7c629f584ba8d37c1137c2263ae02ad3718a03a886eb"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x139}, 0x48)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000200)=@ccm_128={{0x304}, "d50bb9be6a03d497", "40e62b51c177d8e64ab66ac3d49824a8", "f0b27018", "a54dc30d6d389b76"}, 0x28)
getsockopt$SO_TIMESTAMP(r3, 0x1, 0x23, &(0x7f0000000500), &(0x7f0000000540)=0x4)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x4, &(0x7f0000000280)=@gcm_128={{0x304}, "41c000", "0cfcb67ecace717eb34a87013860510f", "15f4807f", "d4c27feb98ae71cc"}, 0x28)
write$FUSE_INIT(r3, &(0x7f0000000300)={0x50, 0x0, 0x0, {0x7, 0x2d, 0x1, 0xffffffff80080002, 0xc115, 0xffff, 0x1000, 0x7, 0x0, 0x0, 0x2, 0x6}}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[], 0x50)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000001}, 0x44886)
sendmsg$NFT_BATCH(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000002000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000134000000140a03000000000000000000020000000900010073797a300000000008000340000000010900020073797a"], 0x98}}, 0x0)
setsockopt$inet_sctp6_SCTP_NODELAY(r4, 0x84, 0x3, &(0x7f0000000600)=0x8, 0x4)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="190000000400000200"/20, @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xd, &(0x7f0000000700)=ANY=[@ANYBLOB="1f2110c51800000000410000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000085000000a40000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
socket$inet_sctp(0x2, 0x5, 0x84)
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000006c0)=@o_path={&(0x7f0000000640)='./file0\x00', 0xffffffffffffffff, 0x4000, r3}, 0x18)

3m29.001525614s ago: executing program 1 (id=3447):
syz_usb_connect_ath9k(0x3, 0x0, 0x0, 0x0)
fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
capset(&(0x7f0000000000)={0x20080522, r0}, &(0x7f0000000040)={0x80000001, 0x81, 0x0, 0x400, 0x9, 0x9})
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_cancel(0x0, 0x0, 0x0)

3m29.000364284s ago: executing program 6 (id=3448):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000140)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mount$afs(0x0, 0x0, 0x0, 0x0, 0x0)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) (fail_nth: 1)
mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffd000/0x3000)=nil)

3m27.449127743s ago: executing program 6 (id=3449):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100024286bd10b00d815522f90102030109021200019ddb10010904"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000ac0)={0x44, &(0x7f00000004c0)=ANY=[@ANYRESHEX=r0, @ANYBLOB="b46101a979d6a7c5daf4e6d1d94303760da3afa8240759fedd10e57bb3bf01f8bcab4f169c3a72c7f96557411714b7b7", @ANYRESOCT=r0, @ANYRES32=r0, @ANYRES8=r0, @ANYRESHEX=r0, @ANYRES8=r0, @ANYRESDEC=r0, @ANYRES16=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f00000002c0)={0x1, 0x0, 0x1, &(0x7f0000000240)={0x22, "1a9c66bf2f615e427b2644e953449f6c12f206b2855cd8c82b1b9951cf5a1dee93"}})
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12011f00abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0)
setresuid(0xee00, 0xee00, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x81)
close(r2)
r3 = socket$caif_stream(0x25, 0x1, 0x1)
bpf$MAP_GET_NEXT_KEY(0x15, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
write$binfmt_script(r2, &(0x7f0000000340)={'#! ', './file0'}, 0xb)
r4 = getpid()
r5 = syz_pidfd_open(r4, 0x0)
setns(r5, 0x8000000)
r6 = syz_open_procfs(0x0, &(0x7f0000000480)='net/fib_triestat\x00')
pread64(r6, &(0x7f000004b680)=""/102363, 0x18fdb, 0x2)
lstat(&(0x7f0000000b40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000080))
syz_usb_control_io$printer(r1, &(0x7f0000000280)={0x14, &(0x7f00000001c0)={0x20, 0x23, 0x70, {0x70, 0xd, "c353ff322b2a8c6c198b130976f9a0543e1da0e01a744dfc637f25da24ba4ab3b79de7da1abb52a6e5e153c975df76baac3dbfe4b3e925d1bb500724cd3e5cd61370edd3219b66897fea624e2db9789e123bff7b1144f2e0137f1248f1cf39f3009571069f63438817f91b3448f2"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x455}}}, &(0x7f0000000800)={0x34, &(0x7f0000000580)={0x0, 0x15, 0xf3, "4829ac867496ed5f1952e690f2347244e7eca22fbb7b324751570b6c32197a0820e4b180adc17231484cafeefc1bc34a1cf649113eee01af1944a7ccb49cacfd981e13303c796a62db4558fa1f08f85f8642c94607566122498cbd3cee312fdcddbd51040c806bbdd6b58e7c07dffe0f4575cc18dcbd1414d87c9c1000b11788f4017d866c82ccd95dd2c2026bdb851bb136e8755705733b00e492cc9a370a957a9cdf48e5270aa1d187204309888c141a55c4baa9da45203cfa4008d17b8a551162be930c45fdba6b4ec46f1ad5b72a92102d378a8a7b58f9acf0d614686b0d746a13fdfaa997c275ceceeff556ea438bafde"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0xf5}, &(0x7f0000000680)={0x0, 0x8, 0x1, 0xa6}, &(0x7f00000006c0)={0x20, 0x0, 0x8a, {0x88, "0b1a8707184056b801d871748ecc4f65f2fbde514811f6f7bb1209bb0fefe468c20e051eed6212c81ad9cbae2f7e1c27b9571300e81cd071988e39362a0d3ccb6616d5bbe709808ec9682d0db33d473811003752fb482f7eca1792f9fa68580a9c20338317e21800b521c1c712b03014e1dd0f8d5917c479c30577c4d4870d2ab013ee6309660859"}}, &(0x7f0000000780)={0x20, 0x1, 0x1, 0x88}, &(0x7f00000007c0)={0x20, 0x0, 0x1, 0x4}})
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000001380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000100), 0x80, &(0x7f00000004c0)=ANY=[])
read$FUSE(r7, &(0x7f00000021c0)={0x2020}, 0x2020)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
writev(r8, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x488000, 0x0)
r9 = add_key$fscrypt_v1(0x0, &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff)
keyctl$setperm(0x5, r9, 0x2040403)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)

3m27.017055622s ago: executing program 8 (id=3451):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
preadv(r1, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
recvmsg(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)}, 0x40000101)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3m24.006505282s ago: executing program 8 (id=3453):
syz_open_dev$vcsa(&(0x7f0000002900), 0x1, 0x40000)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x10, &(0x7f0000006680))
r0 = mq_open(&(0x7f0000000100)='&\x00', 0x40, 0x0, 0x0)
mq_notify(r0, 0x0)
syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e0000000000000000180100", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a0000001400078005"], 0x60}}, 0x0)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5cb000)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000000c0), r4)
sendmsg$NLBL_CALIPSO_C_LISTALL(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="24e1f0bdb43305617b6d000000", @ANYRES16=r5, @ANYBLOB="655727bd70007cdbdf250400000008000200020000000800010000000000"], 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000853)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$dri(0x0, 0x1, 0x0)
r7 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCDELRT(r7, 0x890c, 0x0)
creat(&(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0xf21963aaf523cb02)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket(0x1, 0x5, 0x0)
epoll_create1(0x80000)

3m20.384481643s ago: executing program 9 (id=3454):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
syz_usb_connect(0x6, 0x24, &(0x7f0000000000)=ANY=[], 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
dup(r0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16, @ANYBLOB="01002bbd7000fedbdf250400000004000180f18947b92c1f6bcd1e0668e093a467f02b6b4d4d6a68923c75788b8979a4c9487fc31f032a88afd0ef4bf716c57ebfb5509c99bb8c637794c594f9ec96b582bb0000000000"], 0x18}, 0x1, 0x0, 0x0, 0x20040050}, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

3m20.339997116s ago: executing program 8 (id=3455):
r0 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f00000009c0)=[@nested_amd_vmsave={0x183, 0x18}, @out_dx={0x6a, 0x28, {0x7dfd, 0x6, 0x3}}, @enable_nested={0x12c, 0x18}, @wr_crn={0x67, 0x20, {0x8, 0x8000000000000000}}, @cpuid={0x64, 0x18, {0x8, 0x5}}, @nested_amd_stgi={0x17e, 0x10}, @nested_amd_inject_event={0x180, 0x38, {0x1, 0x10, 0x3, 0x71, 0x3}}, @wr_crn={0x67, 0x20, {0x3, 0x4}}, @nested_load_code={0x12e, 0x76, {0x3, "66baf80cb8ae5f8c82ef66bafc0c66edb90d0800000f32c4e179d7d166b86a000f00d8b805000000b9000000000f01d9420fc77d0566baf80cb869855285ef66bafc0cb085ee0f01cff3400f0866baf80cb84485d78cef66bafc0cb055ee"}}, @enable_nested={0x12c, 0x18}, @wr_crn={0x67, 0x20, {0x0, 0x1}}, @nested_amd_vmload={0x182, 0x18}, @nested_amd_invlpga={0x17d, 0x20, {0xd000, 0x7347}}, @nested_vmresume={0x130, 0x18, 0x2}, @nested_amd_stgi={0x17e, 0x10}, @rdmsr={0x66, 0x18}, @nested_load_code={0x12e, 0x4f, {0x2, "2e2e0f79c4650f0138c421945cbeb411000040f48f4820a642f5594e0fc75cacad0f01c90fc7b100600000440f0056f23e65450f794fd1"}}, @uexit={0x0, 0x18, 0x5}, @nested_load_code={0x12e, 0x57, {0x0, "64450fb0800030000066ba430066b8fa1c66ef2e26450368d2450f557d6b470fc769bb430f225b0f8f290000000fc7ac2600000000c4637969ebf5450f2080"}}, @nested_vmresume={0x130, 0x18, 0x1}, @in_dx={0x69, 0x20, {0xa04e, 0x2}}, @set_irq_handler={0xc8, 0x20, {0xf3, 0x2}}, @nested_vmlaunch={0x12f, 0x18, 0x1}, @uexit={0x0, 0x18, 0x8ad}, @wrmsr={0x65, 0x20, {0x9da, 0x3}}, @nested_vmlaunch={0x12f, 0x18}, @nested_amd_clgi={0x17f, 0x10}, @code={0xa, 0x5a, {"2e660f3882a4bfc4b300000fc75a00640f019dce8a6177c46126c26e0501460f23d1b90c080000b8f55c0000ba000000000f300f01be88000000470f01c30f09c4a2adaebe08000000"}}], 0x406})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r3 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps_rollup\x00')
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
read$FUSE(r3, &(0x7f0000002400)={0x2020}, 0x2020)

3m19.400076842s ago: executing program 4 (id=3458):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x1, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "a5976ac6bcd41fd8"}}, 0x48}}, 0x410)
sendmsg$can_bcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x1, 0x200, 0x8000, {0x0, 0x2710}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "ee6a491530f05065"}}, 0x48}, 0x1, 0x0, 0x0, 0x4048855}, 0x0)

3m19.202340135s ago: executing program 9 (id=3459):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setitimer(0x2, 0x0, 0x0)

3m18.730486843s ago: executing program 4 (id=3460):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, 0x0, 0x0)

3m17.447465305s ago: executing program 1 (id=3461):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x4000}, 0x0)
r1 = getpid()
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0xf}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xb0}}, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r5, 0x0, 0x25, 0x10, @val=@tracing={0xffffffffffffffff, 0x4}}, 0x20)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000000)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0xc, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @loopback, @empty, {[@timestamp_prespec={0x44, 0x1c, 0xfd, 0x3, 0x0, [{@rand_addr=0x64010101}, {@dev}, {@multicast2}]}]}}}}}}}, 0x0)
r7 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
sendfile(r7, r6, 0x0, 0x3a)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc010)
r8 = mq_open(&(0x7f0000000040)='-\'$(:*{:\x00', 0x40, 0x24, 0x0)
mq_getsetattr(r8, 0x0, 0x0)

3m16.442761521s ago: executing program 8 (id=3462):
syz_clone3(&(0x7f0000000080)={0x180801400, &(0x7f0000000000)=<r0=>0xffffffffffffffff, 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58)
process_madvise(r0, 0x0, 0x0, 0x0, 0x0)

3m15.888961277s ago: executing program 1 (id=3463):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
preadv(r1, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
recvmsg(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)}, 0x40000101)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3m15.84949065s ago: executing program 8 (id=3464):
r0 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x2)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000140)={'\x00', 0x0, 0x5, 0x2, 0x2, 0x9, '\x00\x00\x00\x00\x00\x00\x00\x00@\x00', "249e4502", "9e068dd9", '\x00', ["fdfff732b98200bb08844f10", "d78cb8b0ff00000000fc00", "0000effffffff700c00500"]})
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000080)=ANY=[@ANYRES32=r0], &(0x7f0000000040)='GPL\x00', 0x387, 0x0, 0x0, 0x1e00, 0x21}, 0x94)
epoll_create(0xfff) (async)
socket$nl_audit(0x10, 0x3, 0x9) (async)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280), &(0x7f00000002c0)=0xc) (async)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000300)={{0x1, 0x1, 0x18, <r2=>r1, {0xee00, 0xee00}}, './file0\x00'}) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = getpgrp(0x0)
sched_setaffinity(r5, 0x8, &(0x7f0000000040)=0x5) (async)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x2, 0x0) (async)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
r7 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r7, 0x1, 0x0) (async)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000200)=0x4337, 0x3d) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) (async)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000008c0), 0x40400) (async)
syz_open_dev$tty1(0xc, 0x4, 0x1) (async)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000180)={<r9=>0x0}, &(0x7f00000001c0)=0xc)
r10 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r11=>0x0}, &(0x7f0000cab000)=0xc)
setregid(0xffffffffffffffff, r11) (async)
sendmmsg$unix(r4, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000ac0)=[@cred={{0x1c, 0x1, 0x2, {r9, 0x0, r11}}}], 0x20, 0x20088009}}], 0x1, 0x0) (async)
connect$unix(r2, &(0x7f0000000700)=@abs={0x0, 0x0, 0x4e23}, 0x6e)

3m15.554371216s ago: executing program 8 (id=3465):
r0 = syz_usb_connect(0x2, 0x2d, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109", @ANYBLOB="9fcf"], 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r2 = dup(r1)
write$UHID_INPUT(r2, &(0x7f0000002140)={0xf, {"a2e3ad214fc752f91b500e0f30f70e06d038e7ff7fc6e5539b3275078b089b3b08385d090890e0878f0e1ac6e7049b3d6d959bffe8d178708c523c921b1b5b31300d3b5d0736cd3b78130baa61d8e809fc889b0709b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b906000000783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51015f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ff33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f761f13a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a99cc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000029566e78000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ebbd633500", 0x1000}}, 0x1006)

3m15.49470461s ago: executing program 1 (id=3466):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="12010109022400010004100009047e100226d5180809050602ff03000000090582020800"/54], 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="2c98"])
syz_usb_control_io(r0, &(0x7f0000000880)={0x2c, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0003f4000000f403"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f00000004c0)={0x14, 0x0, &(0x7f0000000e00)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x10000000}}, 0x10)
bind$tipc(r1, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42, 0x4000001}}}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
read(r3, &(0x7f0000000280)=""/229, 0xe5)
bind$tipc(r2, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x2, 0xfffffffd}}, 0x10)
bind$tipc(r1, &(0x7f00000000c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x1}, 0x4000000}}, 0x10)
ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000180)={0x0, 0x1, 0xe91d, 0x9})
sendmsg$tipc(r1, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0}, 0x0)
r4 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e4020109021b000100000000090400fb0160291d000905"], 0x0)
syz_usb_disconnect(r4)
syz_usb_control_io(r4, &(0x7f0000000100)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="2001df849d21ee219a064d7b91f500000000"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x103041, 0x0)
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x812)
writev(r6, 0x0, 0xe)
ioctl$KVM_GET_XSAVE2(r5, 0x9000aecf, &(0x7f0000ffc000/0x4000)=nil)

3m15.353762286s ago: executing program 9 (id=3467):
socket$netlink(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x161200, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x26, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={0x0, 0xb4}, 0x1, 0x0, 0x0, 0x20004844}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
recvmsg(r3, &(0x7f0000000440)={&(0x7f00000006c0)=@qipcrtr, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000280)}, {&(0x7f0000000740)=""/221, 0xdd}, {&(0x7f0000000840)=""/189, 0xbd}], 0x3, &(0x7f0000000a00)=""/135, 0x87}, 0x40000101)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

3m14.838510635s ago: executing program 4 (id=3468):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
removexattr(&(0x7f0000000940)='./file0\x00', &(0x7f0000000000)=@known='system.posix_acl_access\x00')

3m14.723635407s ago: executing program 6 (id=3469):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$sock_buf(r0, 0x1, 0x37, 0xfffffffffffffffd, &(0x7f0000000000)=0x2100)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/timers\x00', 0x0, 0x0)
tee(r3, r0, 0x10, 0x6)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r1, 0x0, 0x5001)
socket$kcm(0x10, 0x2, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
lseek(r4, 0x10000000005, 0x0)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r5, 0x0, 0x0, 0x20000800, &(0x7f0000000280)={0xa, 0x4e03, 0x5, @private2, 0x9}, 0x1c)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a70000000090a010400000000000000000a0000040900020073797a310000000008000a40000000020900010073797a3100000000080005400000000b2c00128014000180090001006c61737400000000e59e44e4d701d0690c000100636f756e726572000400028008000340000001"], 0x98}, 0x1, 0x0, 0x0, 0x4044050}, 0x40)

3m14.690131959s ago: executing program 4 (id=3470):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000900)=@newtaction={0x1bc, 0x30, 0xffff, 0x70bd27, 0x0, {}, [{0x1a8, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x10000, 0x0, 0x0, 0x3, 0x0, {0x0, 0x2, 0x0, 0x0, 0xfffe}, {0x0, 0x0, 0x0, 0x0, 0xfffd}}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_gact={0x54, 0x2, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x1, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x2532}}]}, {0x4}, {0xc, 0x3}, {0xc}}}, @m_sample={0xa4, 0x1b, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x7f}, @TCA_SAMPLE_RATE={0x8, 0x3, 0xffffff17}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0xaad8, 0x3, 0x10000000, 0xffffffff, 0x7}}]}, {0x4f, 0x6, "1fc1a4557119563010f3b28b53b2b9ad32803822b24bac50a0d278a9d9d315e97d5dd811b5e8ff123eeff4dbbfefee46224db762686794a8b9b33cac3e4748117b4698cf366ea24384340d"}, {0xc}, {0xc, 0x8, {0x2, 0x7}}}}, @m_mpls={0x40, 0xb, 0x0, 0x0, {{0x9}, {0x14, 0x2, 0x0, 0x1, [@TCA_MPLS_BOS={0x5}, @TCA_MPLS_LABEL={0x8, 0x5, 0x25ffb}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x1bc}}, 0x0)

3m14.228246699s ago: executing program 9 (id=3471):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1, 0x2, 0x4, 0x9}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000400)={r1}, 0xc)
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_disconn_complete={{0x5, 0x4}, {0x0, 0xc9, 0x10}}}, 0x7)

3m14.098912913s ago: executing program 4 (id=3472):
r0 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f00000009c0)=[@nested_amd_vmsave={0x183, 0x18}, @out_dx={0x6a, 0x28, {0x7dfd, 0x6, 0x3}}, @enable_nested={0x12c, 0x18}, @wr_crn={0x67, 0x20, {0x8, 0x8000000000000000}}, @cpuid={0x64, 0x18, {0x8, 0x5}}, @nested_amd_stgi={0x17e, 0x10}, @nested_amd_inject_event={0x180, 0x38, {0x1, 0x10, 0x3, 0x71, 0x3}}, @wr_crn={0x67, 0x20, {0x3, 0x4}}, @nested_load_code={0x12e, 0x76, {0x3, "66baf80cb8ae5f8c82ef66bafc0c66edb90d0800000f32c4e179d7d166b86a000f00d8b805000000b9000000000f01d9420fc77d0566baf80cb869855285ef66bafc0cb085ee0f01cff3400f0866baf80cb84485d78cef66bafc0cb055ee"}}, @enable_nested={0x12c, 0x18}, @wr_crn={0x67, 0x20, {0x0, 0x1}}, @nested_amd_vmload={0x182, 0x18}, @nested_amd_invlpga={0x17d, 0x20, {0xd000, 0x7347}}, @nested_vmresume={0x130, 0x18, 0x2}, @nested_amd_stgi={0x17e, 0x10}, @rdmsr={0x66, 0x18}, @nested_load_code={0x12e, 0x4f, {0x2, "2e2e0f79c4650f0138c421945cbeb411000040f48f4820a642f5594e0fc75cacad0f01c90fc7b100600000440f0056f23e65450f794fd1"}}, @uexit={0x0, 0x18, 0x5}, @nested_load_code={0x12e, 0x57, {0x0, "64450fb0800030000066ba430066b8fa1c66ef2e26450368d2450f557d6b470fc769bb430f225b0f8f290000000fc7ac2600000000c4637969ebf5450f2080"}}, @nested_vmresume={0x130, 0x18, 0x1}, @in_dx={0x69, 0x20, {0xa04e, 0x2}}, @set_irq_handler={0xc8, 0x20, {0xf3, 0x2}}, @nested_vmlaunch={0x12f, 0x18, 0x1}, @uexit={0x0, 0x18, 0x8ad}, @wrmsr={0x65, 0x20, {0x9da, 0x3}}, @nested_vmlaunch={0x12f, 0x18}, @nested_amd_clgi={0x17f, 0x10}, @code={0xa, 0x5a, {"2e660f3882a4bfc4b300000fc75a00640f019dce8a6177c46126c26e0501460f23d1b90c080000b8f55c0000ba000000000f300f01be88000000470f01c30f09c4a2adaebe08000000"}}], 0x406})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r3 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps_rollup\x00')
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
read$FUSE(r3, &(0x7f0000002400)={0x2020}, 0x2020)

3m14.030363697s ago: executing program 9 (id=3473):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
read(r0, &(0x7f00000003c0)=""/166, 0xa6)
socket$inet_udp(0x2, 0x2, 0x0)
io_submit(0x0, 0x0, &(0x7f0000004200))
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
semctl$IPC_RMID(0x0, 0x0, 0x0)
r4 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000000c0)=0x3)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x3, @dev={0xfe, 0x80, '\x00', 0x2a}, 0x0, 0x1}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000000)="75b6bc80", 0x4}, {0x0}], 0x2}, 0x40810)

3m13.02010774s ago: executing program 4 (id=3474):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0)
madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x66)
prlimit64(0x0, 0xe, &(0x7f0000000b40)={0xa, 0x8b}, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000040))
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
r5 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000))
ioctl$PAGEMAP_SCAN(r5, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000b24000/0x1000)=nil, 0x7ffffffa, 0x0, 0x0, 0x6, 0x0, 0x2, 0x44, 0x18})
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000800000000100000028000000", @ANYRES32, @ANYBLOB="00595d887d3d9bbd84c168987e68ae0d00000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)

3m4.27062338s ago: executing program 9 (id=3475):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000453000/0x18000)=nil, &(0x7f0000000500)=[@text16={0x10, 0x0}], 0x1, 0x1a, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

25.008733463s ago: executing program 38 (id=3465):
r0 = syz_usb_connect(0x2, 0x2d, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109", @ANYBLOB="9fcf"], 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r2 = dup(r1)
write$UHID_INPUT(r2, &(0x7f0000002140)={0xf, {"a2e3ad214fc752f91b500e0f30f70e06d038e7ff7fc6e5539b3275078b089b3b08385d090890e0878f0e1ac6e7049b3d6d959bffe8d178708c523c921b1b5b31300d3b5d0736cd3b78130baa61d8e809fc889b0709b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b906000000783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51015f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ff33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f761f13a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a99cc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000029566e78000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ebbd633500", 0x1000}}, 0x1006)

21.99413817s ago: executing program 39 (id=3475):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000453000/0x18000)=nil, &(0x7f0000000500)=[@text16={0x10, 0x0}], 0x1, 0x1a, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

12.950161354s ago: executing program 40 (id=3466):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="12010109022400010004100009047e100226d5180809050602ff03000000090582020800"/54], 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="2c98"])
syz_usb_control_io(r0, &(0x7f0000000880)={0x2c, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0003f4000000f403"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f00000004c0)={0x14, 0x0, &(0x7f0000000e00)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x10000000}}, 0x10)
bind$tipc(r1, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42, 0x4000001}}}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
read(r3, &(0x7f0000000280)=""/229, 0xe5)
bind$tipc(r2, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x2, 0xfffffffd}}, 0x10)
bind$tipc(r1, &(0x7f00000000c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x1}, 0x4000000}}, 0x10)
ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000180)={0x0, 0x1, 0xe91d, 0x9})
sendmsg$tipc(r1, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0}, 0x0)
r4 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e4020109021b000100000000090400fb0160291d000905"], 0x0)
syz_usb_disconnect(r4)
syz_usb_control_io(r4, &(0x7f0000000100)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="2001df849d21ee219a064d7b91f500000000"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x103041, 0x0)
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x812)
writev(r6, 0x0, 0xe)
ioctl$KVM_GET_XSAVE2(r5, 0x9000aecf, &(0x7f0000ffc000/0x4000)=nil)

10.849636619s ago: executing program 41 (id=3469):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$sock_buf(r0, 0x1, 0x37, 0xfffffffffffffffd, &(0x7f0000000000)=0x2100)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/timers\x00', 0x0, 0x0)
tee(r3, r0, 0x10, 0x6)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r1, 0x0, 0x5001)
socket$kcm(0x10, 0x2, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
lseek(r4, 0x10000000005, 0x0)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r5, 0x0, 0x0, 0x20000800, &(0x7f0000000280)={0xa, 0x4e03, 0x5, @private2, 0x9}, 0x1c)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a70000000090a010400000000000000000a0000040900020073797a310000000008000a40000000020900010073797a3100000000080005400000000b2c00128014000180090001006c61737400000000e59e44e4d701d0690c000100636f756e726572000400028008000340000001"], 0x98}, 0x1, 0x0, 0x0, 0x4044050}, 0x40)

0s ago: executing program 42 (id=3474):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0)
madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x66)
prlimit64(0x0, 0xe, &(0x7f0000000b40)={0xa, 0x8b}, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000040))
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
r5 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000))
ioctl$PAGEMAP_SCAN(r5, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000b24000/0x1000)=nil, 0x7ffffffa, 0x0, 0x0, 0x6, 0x0, 0x2, 0x44, 0x18})
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000800000000100000028000000", @ANYRES32, @ANYBLOB="00595d887d3d9bbd84c168987e68ae0d00000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)

kernel console output (not intermixed with test programs):

port of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1200.984538][T14363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1201.107047][T14444] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1201.107066][T14444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1201.107093][T14444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1201.381857][T14365] hsr_slave_0: entered promiscuous mode
[ 1201.383894][T14365] hsr_slave_1: entered promiscuous mode
[ 1201.384857][T14365] debugfs: 'hsr0' already exists in 'hsr'
[ 1201.384881][T14365] Cannot create hsr debugfs directory
[ 1201.508773][T14363] hsr_slave_0: entered promiscuous mode
[ 1201.509768][T14363] hsr_slave_1: entered promiscuous mode
[ 1201.511817][T14363] debugfs: 'hsr0' already exists in 'hsr'
[ 1201.511841][T14363] Cannot create hsr debugfs directory
[ 1201.539081][T14444] hsr_slave_0: entered promiscuous mode
[ 1201.540163][T14444] hsr_slave_1: entered promiscuous mode
[ 1201.541670][T14444] debugfs: 'hsr0' already exists in 'hsr'
[ 1201.541687][T14444] Cannot create hsr debugfs directory
[ 1202.431275][T14631] netlink: 356 bytes leftover after parsing attributes in process `syz.8.2312'.
[ 1204.687181][T14647] netlink: 356 bytes leftover after parsing attributes in process `syz.8.2314'.
[ 1206.311927][T14670] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2323'.
[ 1207.691846][T14678] netlink: 356 bytes leftover after parsing attributes in process `syz.6.2325'.
[ 1212.192376][T14732] netlink: 356 bytes leftover after parsing attributes in process `syz.8.2333'.
[ 1214.088151][T14754] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2340'.
[ 1214.088171][T14754] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2340'.
[ 1214.122277][   T68] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1214.651795][T14764] netlink: 356 bytes leftover after parsing attributes in process `syz.6.2341'.
[ 1215.994475][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1215.994556][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1216.092482][ T5886] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[ 1216.275120][ T5886] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[ 1216.275368][ T5886] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[ 1216.275406][ T5886] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[ 1216.286995][ T5886] usb 7-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 1216.287027][ T5886] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1216.287048][ T5886] usb 7-1: Product: syz
[ 1216.287064][ T5886] usb 7-1: Manufacturer: syz
[ 1216.287078][ T5886] usb 7-1: SerialNumber: syz
[ 1216.393957][ T5886] usb 7-1: config 0 descriptor??
[ 1216.401458][T14773] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1216.401606][T14773] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1216.426447][ T5886] usb 7-1: ucan: probing device on interface #0
[ 1216.703789][T12750] bridge_slave_1: left allmulticast mode
[ 1216.703878][T12750] bridge_slave_1: left promiscuous mode
[ 1216.706785][T12750] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1216.832917][T12750] bridge_slave_0: left allmulticast mode
[ 1216.832949][T12750] bridge_slave_0: left promiscuous mode
[ 1216.833441][T12750] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1216.926439][T12750] bridge_slave_1: left allmulticast mode
[ 1216.926534][T12750] bridge_slave_1: left promiscuous mode
[ 1216.926943][T12750] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1217.013335][T12750] bridge_slave_0: left allmulticast mode
[ 1217.013997][T12750] bridge_slave_0: left promiscuous mode
[ 1217.017696][T12750] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1217.118475][T12750] bridge_slave_1: left allmulticast mode
[ 1217.118509][T12750] bridge_slave_1: left promiscuous mode
[ 1217.131047][T12750] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1217.207326][T12750] bridge_slave_0: left allmulticast mode
[ 1217.207425][T12750] bridge_slave_0: left promiscuous mode
[ 1217.207845][T12750] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1217.771350][ T5886] usb 7-1: ucan: failed to retrieve device info
[ 1217.771376][ T5886] usb 7-1: ucan: probe failed; try to update the device firmware
[ 1219.514969][T12750] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1219.579388][T12750] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1219.622906][T12750] bond0 (unregistering): Released all slaves
[ 1220.786260][T12750] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1220.852508][T12750] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1220.894995][T12750] bond0 (unregistering): Released all slaves
[ 1222.090566][T12750] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1222.155053][T12750] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1222.178668][T12750] bond0 (unregistering): Released all slaves
[ 1222.393901][ T5887] usb 7-1: USB disconnect, device number 26
[ 1223.790777][T14807] netlink: 356 bytes leftover after parsing attributes in process `syz.8.2350'.
[ 1224.176057][T14811] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2351'.
[ 1224.176089][T14811] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2351'.
[ 1224.178542][T14812] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2351'.
[ 1224.346218][T12750] hsr_slave_0: left promiscuous mode
[ 1224.394892][T12750] hsr_slave_1: left promiscuous mode
[ 1224.397394][T12750] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1224.421655][T12750] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1225.136868][T12750] hsr_slave_0: left promiscuous mode
[ 1225.158185][T12750] hsr_slave_1: left promiscuous mode
[ 1225.158990][T12750] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1225.216316][T12750] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1226.221290][T12750] hsr_slave_0: left promiscuous mode
[ 1226.280356][T12750] hsr_slave_1: left promiscuous mode
[ 1226.288207][T12750] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1226.345688][T12750] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1226.524051][ T5879] IPVS: starting estimator thread 0...
[ 1226.615086][T14836] IPVS: using max 9 ests per chain, 21600 per kthread
[ 1226.679240][ T5879] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[ 1227.136341][ T5879] usb 7-1: Using ep0 maxpacket: 16
[ 1227.520594][ T5879] usb 7-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[ 1227.520709][ T5879] usb 7-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[ 1227.520733][ T5879] usb 7-1: Product: syz
[ 1227.520749][ T5879] usb 7-1: Manufacturer: syz
[ 1227.520763][ T5879] usb 7-1: SerialNumber: syz
[ 1227.532860][ T5879] usb 7-1: config 0 descriptor??
[ 1227.797414][ T5879] usb 7-1: USB disconnect, device number 27
[ 1228.615822][T12750] team0 (unregistering): Port device team_slave_1 removed
[ 1228.902127][T12750] team0 (unregistering): Port device team_slave_0 removed
[ 1228.983801][T14861] FAULT_INJECTION: forcing a failure.
[ 1228.983801][T14861] name failslab, interval 1, probability 0, space 0, times 0
[ 1228.983837][T14861] CPU: 0 UID: 0 PID: 14861 Comm: syz.6.2369 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1228.983857][T14861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1228.983867][T14861] Call Trace:
[ 1228.983874][T14861]  <TASK>
[ 1228.983881][T14861]  dump_stack_lvl+0xe8/0x150
[ 1228.983912][T14861]  should_fail_ex+0x46b/0x600
[ 1228.983936][T14861]  should_failslab+0xa8/0x100
[ 1228.983964][T14861]  __kmalloc_noprof+0xdf/0x7c0
[ 1228.983989][T14861]  ? tomoyo_encode+0x28b/0x550
[ 1228.984010][T14861]  tomoyo_encode+0x28b/0x550
[ 1228.984045][T14861]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1228.984072][T14861]  ? tomoyo_path_number_perm+0x219/0x630
[ 1228.984097][T14861]  tomoyo_path_number_perm+0x246/0x630
[ 1228.984122][T14861]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1228.984143][T14861]  ? __lock_acquire+0x6b5/0x2cf0
[ 1228.984164][T14861]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1228.984227][T14861]  ? __fget_files+0x2a/0x420
[ 1228.984248][T14861]  ? __fget_files+0x2a/0x420
[ 1228.984262][T14861]  ? __fget_files+0x3a6/0x420
[ 1228.984276][T14861]  ? __fget_files+0x2a/0x420
[ 1228.984295][T14861]  security_file_ioctl+0xc3/0x2a0
[ 1228.984326][T14861]  __se_sys_ioctl+0x47/0x170
[ 1228.984347][T14861]  do_syscall_64+0xe2/0xf80
[ 1228.984375][T14861]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1228.984392][T14861]  ? clear_bhb_loop+0x60/0xb0
[ 1228.984413][T14861]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1228.984430][T14861] RIP: 0033:0x7fa45d51aeb9
[ 1228.984450][T14861] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1228.984468][T14861] RSP: 002b:00007fa45b776028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1228.984492][T14861] RAX: ffffffffffffffda RBX: 00007fa45d795fa0 RCX: 00007fa45d51aeb9
[ 1228.984508][T14861] RDX: 0000200000000080 RSI: 00000000c0345642 RDI: 0000000000000004
[ 1228.984522][T14861] RBP: 00007fa45b776090 R08: 0000000000000000 R09: 0000000000000000
[ 1228.984535][T14861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1228.984548][T14861] R13: 00007fa45d796038 R14: 00007fa45d795fa0 R15: 00007ffc307911b8
[ 1228.984580][T14861]  </TASK>
[ 1228.984691][T14861] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1230.114146][T10787] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1230.127686][T10787] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1230.138105][T10787] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1230.157126][T10787] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1230.158423][T10787] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1230.601207][ T8944] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1230.623829][ T8944] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1230.625536][ T8944] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1230.626804][ T8944] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1230.628195][ T8944] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1232.406340][T10787] Bluetooth: hci1: command tx timeout
[ 1232.962277][T10787] Bluetooth: hci2: command tx timeout
[ 1233.123483][T12750] team0 (unregistering): Port device team_slave_1 removed
[ 1233.453954][T12750] team0 (unregistering): Port device team_slave_0 removed
[ 1234.609397][T10787] Bluetooth: hci1: command tx timeout
[ 1235.121810][T10787] Bluetooth: hci2: command tx timeout
[ 1235.281065][T15001] FAULT_INJECTION: forcing a failure.
[ 1235.281065][T15001] name failslab, interval 1, probability 0, space 0, times 0
[ 1235.281136][T15001] CPU: 1 UID: 0 PID: 15001 Comm: syz.6.2427 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1235.281162][T15001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1235.281176][T15001] Call Trace:
[ 1235.281184][T15001]  <TASK>
[ 1235.281193][T15001]  dump_stack_lvl+0xe8/0x150
[ 1235.281228][T15001]  should_fail_ex+0x46b/0x600
[ 1235.281255][T15001]  ? security_inode_alloc+0x39/0x310
[ 1235.281279][T15001]  should_failslab+0xa8/0x100
[ 1235.281318][T15001]  ? security_inode_alloc+0x39/0x310
[ 1235.281338][T15001]  kmem_cache_alloc_noprof+0x83/0x6a0
[ 1235.281376][T15001]  security_inode_alloc+0x39/0x310
[ 1235.281402][T15001]  inode_init_always_gfp+0x9bf/0xd70
[ 1235.281440][T15001]  ? __pfx_sock_alloc_inode+0x10/0x10
[ 1235.281467][T15001]  alloc_inode+0x82/0x1b0
[ 1235.281499][T15001]  __sock_create+0x12d/0x9d0
[ 1235.281538][T15001]  __sys_socket+0xd6/0x1b0
[ 1235.281569][T15001]  __x64_sys_socket+0x7a/0x90
[ 1235.281600][T15001]  do_syscall_64+0xe2/0xf80
[ 1235.281629][T15001]  ? rcu_is_watching+0x15/0xb0
[ 1235.281656][T15001]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1235.281679][T15001]  ? clear_bhb_loop+0x60/0xb0
[ 1235.281705][T15001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1235.281726][T15001] RIP: 0033:0x7fa45d51aeb9
[ 1235.281746][T15001] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1235.281765][T15001] RSP: 002b:00007fa45b734028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[ 1235.281790][T15001] RAX: ffffffffffffffda RBX: 00007fa45d796180 RCX: 00007fa45d51aeb9
[ 1235.281806][T15001] RDX: 0000000000000002 RSI: 0000000000000005 RDI: 0000000000000023
[ 1235.281819][T15001] RBP: 00007fa45b734090 R08: 0000000000000000 R09: 0000000000000000
[ 1235.281834][T15001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1235.281847][T15001] R13: 00007fa45d796218 R14: 00007fa45d796180 R15: 00007ffc307911b8
[ 1235.281882][T15001]  </TASK>
[ 1235.282663][T15001] socket: no more sockets
[ 1236.816358][T12750] team0 (unregistering): Port device team_slave_1 removed
[ 1236.852184][T10787] Bluetooth: hci1: command tx timeout
[ 1237.057653][T12750] team0 (unregistering): Port device team_slave_0 removed
[ 1237.350206][T10787] Bluetooth: hci2: command tx timeout
[ 1238.779496][T14839] netlink: 356 bytes leftover after parsing attributes in process `syz.8.2358'.
[ 1239.058921][T10787] Bluetooth: hci1: command tx timeout
[ 1239.569490][T10787] Bluetooth: hci2: command tx timeout
[ 1240.834767][ T8944] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1240.850017][ T8944] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1240.857128][ T8944] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1240.865914][ T8944] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1240.873761][ T8944] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1240.932213][T15115] kvm: pic: level sensitive irq not supported
[ 1240.935303][T15115] kvm: pic: single mode not supported
[ 1240.935316][T15115] kvm: pic: level sensitive irq not supported
[ 1241.921549][T14872] chnl_net:caif_netlink_parms(): no params data found
[ 1242.231505][T15153] faux_driver vkms: [drm] Unknown color mode 256; guessing buffer size.
[ 1242.857613][T14867] chnl_net:caif_netlink_parms(): no params data found
[ 1243.076090][ T8944] Bluetooth: hci0: command tx timeout
[ 1243.560670][T14872] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1243.560900][T14872] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1243.561130][T14872] bridge_slave_0: entered allmulticast mode
[ 1243.564156][T14872] bridge_slave_0: entered promiscuous mode
[ 1243.694537][T14872] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1243.694683][T14872] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1243.694934][T14872] bridge_slave_1: entered allmulticast mode
[ 1243.698221][T14872] bridge_slave_1: entered promiscuous mode
[ 1244.003441][T14872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1244.115737][T14872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1244.194938][T15116] chnl_net:caif_netlink_parms(): no params data found
[ 1244.274962][T14867] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1244.275205][T14867] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1244.275453][T14867] bridge_slave_0: entered allmulticast mode
[ 1244.306857][T14867] bridge_slave_0: entered promiscuous mode
[ 1244.393228][T14867] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1244.393398][T14867] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1244.393641][T14867] bridge_slave_1: entered allmulticast mode
[ 1244.396839][T14867] bridge_slave_1: entered promiscuous mode
[ 1244.482310][T14872] team0: Port device team_slave_0 added
[ 1244.536120][T14872] team0: Port device team_slave_1 added
[ 1244.741412][T14867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1244.860372][T14867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1244.883355][T14872] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1244.883373][T14872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1244.883403][T14872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1245.083760][T14872] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1245.083773][T14872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1245.083789][T14872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1245.300204][ T8944] Bluetooth: hci0: command tx timeout
[ 1245.739154][T14867] team0: Port device team_slave_0 added
[ 1246.069397][T15116] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1246.069638][T15116] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1246.069923][T15116] bridge_slave_0: entered allmulticast mode
[ 1246.073005][T15116] bridge_slave_0: entered promiscuous mode
[ 1246.083135][T14867] team0: Port device team_slave_1 added
[ 1246.133388][T15116] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1246.133538][T15116] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1246.133749][T15116] bridge_slave_1: entered allmulticast mode
[ 1246.135369][T15116] bridge_slave_1: entered promiscuous mode
[ 1246.406377][T14872] hsr_slave_0: entered promiscuous mode
[ 1246.407306][T14872] hsr_slave_1: entered promiscuous mode
[ 1246.407983][T14872] debugfs: 'hsr0' already exists in 'hsr'
[ 1246.408001][T14872] Cannot create hsr debugfs directory
[ 1246.472023][T14867] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1246.472043][T14867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1246.472090][T14867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1246.481112][T14867] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1246.481128][T14867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1246.481154][T14867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1246.494254][T15116] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1246.530616][T15116] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1247.050889][T15116] team0: Port device team_slave_0 added
[ 1247.189242][T15116] team0: Port device team_slave_1 added
[ 1247.363780][T14867] hsr_slave_0: entered promiscuous mode
[ 1247.367395][T14867] hsr_slave_1: entered promiscuous mode
[ 1247.368434][T14867] debugfs: 'hsr0' already exists in 'hsr'
[ 1247.368461][T14867] Cannot create hsr debugfs directory
[ 1247.523331][ T8944] Bluetooth: hci0: command tx timeout
[ 1247.604296][T15116] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1247.604316][T15116] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1247.604346][T15116] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1247.759135][T15116] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1247.759155][T15116] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1247.759186][T15116] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1248.577117][T15116] hsr_slave_0: entered promiscuous mode
[ 1248.588223][T15116] hsr_slave_1: entered promiscuous mode
[ 1248.606488][T15116] debugfs: 'hsr0' already exists in 'hsr'
[ 1248.606518][T15116] Cannot create hsr debugfs directory
[ 1249.750325][ T8944] Bluetooth: hci0: command tx timeout
[ 1250.155839][T12750] bridge_slave_1: left allmulticast mode
[ 1250.155870][T12750] bridge_slave_1: left promiscuous mode
[ 1250.156235][T12750] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1250.233099][T12750] bridge_slave_0: left allmulticast mode
[ 1250.233134][T12750] bridge_slave_0: left promiscuous mode
[ 1250.233476][T12750] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1250.339307][T12750] bridge_slave_1: left allmulticast mode
[ 1250.339330][T12750] bridge_slave_1: left promiscuous mode
[ 1250.339572][T12750] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1250.432269][T12750] bridge_slave_0: left allmulticast mode
[ 1250.432291][T12750] bridge_slave_0: left promiscuous mode
[ 1250.432461][T12750] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1250.532649][T12750] bridge_slave_1: left allmulticast mode
[ 1250.532684][T12750] bridge_slave_1: left promiscuous mode
[ 1250.532957][T12750] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1250.626754][T12750] bridge_slave_0: left allmulticast mode
[ 1250.626788][T12750] bridge_slave_0: left promiscuous mode
[ 1250.627065][T12750] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1251.276167][T12750] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1251.405557][T12750] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1251.496790][T12750] bond0 (unregistering): Released all slaves
[ 1251.874919][T12750] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1251.982232][T12750] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1252.051477][T12750] bond0 (unregistering): Released all slaves
[ 1252.441748][T12750] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1252.578613][T12750] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1252.659672][T12750] bond0 (unregistering): Released all slaves
[ 1253.678382][T15532] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2658'.
[ 1253.678412][T15532] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2658'.
[ 1253.766350][T12750] hsr_slave_0: left promiscuous mode
[ 1253.889716][T12750] hsr_slave_1: left promiscuous mode
[ 1253.890973][T12750] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1253.982517][T12750] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1254.273361][T12750] hsr_slave_0: left promiscuous mode
[ 1254.323920][T12750] hsr_slave_1: left promiscuous mode
[ 1254.325122][T12750] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1254.367329][T12750] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1254.558078][T12750] hsr_slave_0: left promiscuous mode
[ 1254.604869][T12750] hsr_slave_1: left promiscuous mode
[ 1254.605928][T12750] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1254.654777][T12750] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1255.883831][T12750] team0 (unregistering): Port device team_slave_1 removed
[ 1256.078982][T12750] team0 (unregistering): Port device team_slave_0 removed
[ 1257.701390][T12750] team0 (unregistering): Port device team_slave_1 removed
[ 1257.922361][T12750] team0 (unregistering): Port device team_slave_0 removed
[ 1259.492272][T12750] team0 (unregistering): Port device team_slave_1 removed
[ 1259.668347][T12750] team0 (unregistering): Port device team_slave_0 removed
[ 1261.351492][T15813] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2790'.
[ 1261.354313][T14872] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1261.431547][T14872] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1261.511870][T14872] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1261.640490][T12261] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[ 1261.748674][T14872] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1261.816259][T12261] usb 9-1: Using ep0 maxpacket: 16
[ 1261.818801][T12261] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1261.818827][T12261] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1261.824462][T12261] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1261.824492][T12261] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1261.824513][T12261] usb 9-1: Product: syz
[ 1261.824527][T12261] usb 9-1: Manufacturer: syz
[ 1261.824543][T12261] usb 9-1: SerialNumber: syz
[ 1262.165470][T12261] usb 9-1: 0:2 : does not exist
[ 1262.178346][T12261] usb 9-1: 5:0: failed to get current value for ch 0 (-22)
[ 1262.334379][T12261] usb 9-1: USB disconnect, device number 18
[ 1262.415732][T14867] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1262.459754][T15802] udevd[15802]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1262.529446][T14867] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1262.710114][T14867] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1262.881606][T14867] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1263.116455][T15116] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1263.225374][T15116] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1263.309836][T15116] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1263.333424][T15116] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1264.131724][T14872] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1264.251518][T14872] 8021q: adding VLAN 0 to HW filter on device team0
[ 1264.262401][T14867] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1264.313964][ T4161] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1264.314145][ T4161] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1264.358064][  T147] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1264.358394][  T147] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1264.403980][T14867] 8021q: adding VLAN 0 to HW filter on device team0
[ 1264.692459][T15116] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1264.698994][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1264.699391][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1264.825534][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1264.825698][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1264.914397][T15116] 8021q: adding VLAN 0 to HW filter on device team0
[ 1265.097723][T15925] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2826'.
[ 1265.173396][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1265.173544][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1265.234825][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1265.235087][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1265.513093][T15936] overlayfs: missing 'lowerdir'
[ 1266.036648][T14872] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1266.456635][T15116] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1266.461950][T14867] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1266.769442][T14867] veth0_vlan: entered promiscuous mode
[ 1266.835703][T14867] veth1_vlan: entered promiscuous mode
[ 1266.987061][T14867] veth0_macvtap: entered promiscuous mode
[ 1267.047001][T14867] veth1_macvtap: entered promiscuous mode
[ 1267.201003][T14867] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1267.232389][T14867] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1267.233315][T14872] veth0_vlan: entered promiscuous mode
[ 1267.334735][   T68] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1267.340797][   T68] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1267.363422][   T68] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1267.364181][T14872] veth1_vlan: entered promiscuous mode
[ 1267.395532][   T68] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1267.659977][T16003] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2849'.
[ 1267.781804][T15116] veth0_vlan: entered promiscuous mode
[ 1267.925843][T15116] veth1_vlan: entered promiscuous mode
[ 1267.933938][T14872] veth0_macvtap: entered promiscuous mode
[ 1267.937799][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1267.937828][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1268.006231][T14872] veth1_macvtap: entered promiscuous mode
[ 1268.067726][T16009] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2851'.
[ 1268.077237][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1268.077257][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1268.175008][T14872] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1268.212845][T14872] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1268.244832][T15116] veth0_macvtap: entered promiscuous mode
[ 1268.260774][   T68] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1268.281741][   T68] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1268.291038][T15116] veth1_macvtap: entered promiscuous mode
[ 1268.314934][   T68] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1268.315685][   T68] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1268.444738][   T37] kauditd_printk_skb: 9 callbacks suppressed
[ 1268.444752][   T37] audit: type=1326 audit(1769548172.871:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16019 comm="syz.1.2075" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f592a93aeb9 code=0x0
[ 1268.446222][T15116] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1268.579238][T15116] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1268.782274][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1268.784377][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1268.784650][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1268.784920][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1268.905374][T16033] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2862'.
[ 1269.136167][T12750] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1269.136192][T12750] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1270.348420][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1270.348445][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1270.574743][   T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1270.574765][   T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1270.783474][   T37] audit: type=1326 audit(1769548175.060:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16059 comm="syz.8.2875" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9dc1c3aeb9 code=0x0
[ 1270.789799][T16061] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2874'.
[ 1270.852116][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1270.852140][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1271.848229][T16089] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2885'.
[ 1271.889694][T16092] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2886'.
[ 1271.913883][T10787] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1271.938152][T10787] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1271.944124][T10787] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1271.971426][T10787] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1271.973893][T10787] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1272.154799][ T5919] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[ 1272.336905][ T5919] usb 2-1: Using ep0 maxpacket: 16
[ 1272.343079][ T5919] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1272.343107][ T5919] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1273.447384][ T5919] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1273.447419][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1273.447439][ T5919] usb 2-1: Product: syz
[ 1273.514347][ T5919] usb 2-1: Manufacturer: syz
[ 1273.514398][ T5919] usb 2-1: SerialNumber: syz
[ 1274.207655][T10787] Bluetooth: hci5: command tx timeout
[ 1274.352235][ T5919] usb 2-1: 0:2 : does not exist
[ 1274.368680][ T5919] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[ 1274.513226][ T5919] usb 2-1: USB disconnect, device number 3
[ 1274.846526][T15802] udevd[15802]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1274.847440][T16123] netlink: 20 bytes leftover after parsing attributes in process `syz.9.2897'.
[ 1275.116000][ T5879] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[ 1276.398206][ T5879] usb 5-1: Using ep0 maxpacket: 16
[ 1276.400797][ T5879] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1276.400821][ T5879] usb 5-1: config 0 has no interfaces?
[ 1276.403904][ T5879] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[ 1276.403931][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1276.403951][ T5879] usb 5-1: Product: syz
[ 1276.403965][ T5879] usb 5-1: Manufacturer: syz
[ 1276.403981][ T5879] usb 5-1: SerialNumber: syz
[ 1276.456542][ T5879] usb 5-1: config 0 descriptor??
[ 1276.511489][T10787] Bluetooth: hci5: command tx timeout
[ 1276.771345][T16091] chnl_net:caif_netlink_parms(): no params data found
[ 1276.974747][T16155] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2908'.
[ 1277.434326][T16091] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1277.440479][T16091] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1277.440702][T16091] bridge_slave_0: entered allmulticast mode
[ 1277.465516][T16091] bridge_slave_0: entered promiscuous mode
[ 1277.480399][T16091] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1277.480637][T16091] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1277.480845][T16091] bridge_slave_1: entered allmulticast mode
[ 1277.483732][T16091] bridge_slave_1: entered promiscuous mode
[ 1277.905299][T16091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1277.943130][T16091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1278.803874][T10787] Bluetooth: hci5: command tx timeout
[ 1279.483152][T16091] team0: Port device team_slave_0 added
[ 1279.498460][T16091] team0: Port device team_slave_1 added
[ 1279.648296][T16091] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1279.648316][T16091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1279.648346][T16091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1279.703802][T16091] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1279.703820][T16091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1279.703852][T16091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1280.091335][T11897] usb 5-1: USB disconnect, device number 6
[ 1280.220008][T16091] hsr_slave_0: entered promiscuous mode
[ 1280.221563][T16091] hsr_slave_1: entered promiscuous mode
[ 1280.222621][T16091] debugfs: 'hsr0' already exists in 'hsr'
[ 1280.222648][T16091] Cannot create hsr debugfs directory
[ 1280.700473][T11897] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[ 1280.858585][T11897] usb 5-1: Using ep0 maxpacket: 32
[ 1280.861608][T11897] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1280.866600][T11897] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1280.866631][T11897] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1280.866653][T11897] usb 5-1: Product: syz
[ 1280.866668][T11897] usb 5-1: Manufacturer: syz
[ 1280.866692][T11897] usb 5-1: SerialNumber: syz
[ 1280.926524][T11897] usb 5-1: config 0 descriptor??
[ 1280.965691][T10787] Bluetooth: hci5: command tx timeout
[ 1281.958340][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1281.958422][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1282.655838][T16091] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1282.845304][T11897] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[ 1283.004993][T11897] usb 10-1: Using ep0 maxpacket: 16
[ 1283.008235][T11897] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1283.008263][T11897] usb 10-1: config 0 has no interfaces?
[ 1283.012269][T11897] usb 10-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[ 1283.012302][T11897] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1283.012324][T11897] usb 10-1: Product: syz
[ 1283.012339][T11897] usb 10-1: Manufacturer: syz
[ 1283.012354][T11897] usb 10-1: SerialNumber: syz
[ 1283.041273][T11897] usb 10-1: config 0 descriptor??
[ 1283.978899][T16091] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1284.658581][T11897] usb 5-1: USB disconnect, device number 7
[ 1284.954373][   T49] usb 10-1: USB disconnect, device number 2
[ 1285.542697][T16091] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1287.902857][ T5886] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[ 1288.086040][ T5886] usb 9-1: Using ep0 maxpacket: 32
[ 1288.088046][ T5886] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1288.090864][ T5886] usb 9-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1288.090894][ T5886] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1288.090916][ T5886] usb 9-1: Product: syz
[ 1288.090931][ T5886] usb 9-1: Manufacturer: syz
[ 1288.090946][ T5886] usb 9-1: SerialNumber: syz
[ 1288.126308][ T5886] usb 9-1: config 0 descriptor??
[ 1288.599624][T16091] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1288.683540][T16091] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1288.762775][T16091] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1288.860915][T16091] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1289.397392][T16091] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1289.428528][T16091] 8021q: adding VLAN 0 to HW filter on device team0
[ 1289.511463][T16091] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1289.511492][T16091] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1289.591872][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1289.592046][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1289.596758][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1289.596951][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1290.890212][ T5879] usb 9-1: USB disconnect, device number 19
[ 1290.959455][ T5919] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[ 1291.059477][T16091] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1291.130122][ T5919] usb 2-1: Using ep0 maxpacket: 32
[ 1291.134644][ T5919] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1291.135977][ T5919] usb 2-1: config 1 has an invalid interface number: 15 but max is 0
[ 1291.136005][ T5919] usb 2-1: config 1 has no interface number 0
[ 1291.136055][ T5919] usb 2-1: config 1 interface 15 altsetting 8 endpoint 0x8D has an invalid bInterval 250, changing to 7
[ 1291.136082][ T5919] usb 2-1: config 1 interface 15 has no altsetting 0
[ 1291.194590][ T5919] usb 2-1: New USB device found, idVendor=19d2, idProduct=7e26, bcdDevice=96.b3
[ 1291.194624][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1291.194646][ T5919] usb 2-1: Product: syz
[ 1291.194661][ T5919] usb 2-1: Manufacturer: syz
[ 1291.194676][ T5919] usb 2-1: SerialNumber: syz
[ 1292.147619][T16385] qrtr: Invalid version 255
[ 1292.201425][T16091] veth0_vlan: entered promiscuous mode
[ 1292.257376][T16091] veth1_vlan: entered promiscuous mode
[ 1292.391409][T16091] veth0_macvtap: entered promiscuous mode
[ 1292.410107][T16091] veth1_macvtap: entered promiscuous mode
[ 1293.490108][T16091] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1293.601982][T16091] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1293.660584][   T68] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1293.671143][   T68] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1293.688640][   T68] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1293.689203][   T68] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1293.842508][ T5919] rndis_host 2-1:1.15: invalid descriptor buffer length
[ 1293.842543][ T5919] usb 2-1: bad CDC descriptors
[ 1293.920218][ T5919] usb 2-1: USB disconnect, device number 4
[ 1294.324701][T16409] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2973'.
[ 1294.524393][T16417] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.2977'.
[ 1294.974677][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1294.974702][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1296.773777][  T147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1296.773801][  T147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1297.706775][T16425] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2979'.
[ 1297.706804][T16425] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2979'.
[ 1300.549672][ T5879] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[ 1301.091109][T16490] openvswitch: netlink: IP tunnel TTL not specified.
[ 1301.146381][ T5879] usb 10-1: device descriptor read/64, error -71
[ 1302.712044][ T5879] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[ 1302.911166][ T5879] usb 10-1: device descriptor read/64, error -71
[ 1303.043156][ T5879] usb usb10-port1: attempt power cycle
[ 1303.895328][ T5879] usb usb10-port1: Cannot enable. Maybe the USB cable is bad?
[ 1304.055635][ T5879] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[ 1304.077110][ T5879] usb 10-1: Using ep0 maxpacket: 16
[ 1304.079614][ T5879] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1304.079638][ T5879] usb 10-1: config 0 has no interfaces?
[ 1304.082789][ T5879] usb 10-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[ 1304.082819][ T5879] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1304.082840][ T5879] usb 10-1: Product: syz
[ 1304.082856][ T5879] usb 10-1: Manufacturer: syz
[ 1304.082870][ T5879] usb 10-1: SerialNumber: syz
[ 1304.170650][ T5879] usb 10-1: config 0 descriptor??
[ 1304.503827][ T5879] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[ 1304.673224][ T5879] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[ 1304.673260][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1304.714982][ T5879] usb 5-1: config 0 descriptor??
[ 1304.743074][ T5879] gspca_main: STV06xx-2.14.0 probing 046d:0870
[ 1304.798963][T16517] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3010'.
[ 1304.798991][T16517] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3010'.
[ 1304.974854][T16516] qrtr: Invalid version 255
[ 1305.386018][T16513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1305.401198][T16513] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1305.438385][ T5879] usb 5-1: USB disconnect, device number 8
[ 1305.550926][T16519] binder: 16518:16519 ioctl c0306201 200000000540 returned -22
[ 1305.606300][T16520] binder: 16518:16520 ioctl c0306201 200000000640 returned -22
[ 1305.756267][ T5879] usb 10-1: USB disconnect, device number 6
[ 1305.995339][T16528] openvswitch: netlink: IP tunnel TTL not specified.
[ 1307.197975][ T5886] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[ 1307.359197][ T5886] usb 10-1: Using ep0 maxpacket: 16
[ 1307.361598][ T5886] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1307.361624][ T5886] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1307.364396][ T5886] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1307.364425][ T5886] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1307.364445][ T5886] usb 10-1: Product: syz
[ 1307.364458][ T5886] usb 10-1: Manufacturer: syz
[ 1307.364484][ T5886] usb 10-1: SerialNumber: syz
[ 1307.403506][T12948] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[ 1307.550770][T12948] usb 7-1: device descriptor read/64, error -71
[ 1307.619295][ T5886] usb 10-1: 0:2 : does not exist
[ 1307.645143][ T5886] usb 10-1: 5:0: failed to get current value for ch 0 (-22)
[ 1307.732981][ T5886] usb 10-1: USB disconnect, device number 7
[ 1307.807337][T12948] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[ 1307.892363][T15802] udevd[15802]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1308.003390][T12948] usb 7-1: device descriptor read/64, error -71
[ 1308.143091][T12948] usb usb7-port1: attempt power cycle
[ 1308.615246][T12948] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[ 1308.631167][T12948] usb 7-1: device descriptor read/8, error -71
[ 1308.972534][T12948] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[ 1308.994753][T12948] usb 7-1: device descriptor read/8, error -71
[ 1309.119092][T12948] usb usb7-port1: unable to enumerate USB device
[ 1309.427503][T10787] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[ 1309.427533][T10787] CPU: 1 UID: 0 PID: 10787 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1309.427560][T10787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1309.427575][T10787] Workqueue: hci4 hci_rx_work
[ 1309.427617][T10787] Call Trace:
[ 1309.427626][T10787]  <TASK>
[ 1309.427636][T10787]  dump_stack_lvl+0xe8/0x150
[ 1309.427673][T10787]  sysfs_create_dir_ns+0x271/0x2a0
[ 1309.427701][T10787]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1309.427728][T10787]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1309.427759][T10787]  ? rt_spin_unlock+0x160/0x200
[ 1309.427787][T10787]  kobject_add_internal+0x631/0xd10
[ 1309.427832][T10787]  kobject_add+0x163/0x240
[ 1309.427872][T10787]  ? __pfx_kobject_add+0x10/0x10
[ 1309.427915][T10787]  ? get_device_parent+0x370/0x3a0
[ 1309.427947][T10787]  device_add+0x408/0xb80
[ 1309.427983][T10787]  hci_conn_add_sysfs+0xd5/0x210
[ 1309.428020][T10787]  le_conn_complete_evt+0xf1d/0x1430
[ 1309.428061][T10787]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1309.428090][T10787]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1309.428120][T10787]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1309.428164][T10787]  ? skb_pull_data+0xfb/0x200
[ 1309.428198][T10787]  hci_le_conn_complete_evt+0x187/0x470
[ 1309.428235][T10787]  hci_event_packet+0x7af/0x12c0
[ 1309.428285][T10787]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1309.428312][T10787]  ? __pfx_hci_event_packet+0x10/0x10
[ 1309.428343][T10787]  ? rt_spin_unlock+0x14f/0x200
[ 1309.428376][T10787]  ? hci_send_to_monitor+0xe2/0x590
[ 1309.428405][T10787]  hci_rx_work+0x3ee/0x1030
[ 1309.428445][T10787]  ? process_scheduled_works+0xa0f/0x17a0
[ 1309.428481][T10787]  process_scheduled_works+0xaec/0x17a0
[ 1309.428547][T10787]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1309.428578][T10787]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1309.428616][T10787]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1309.428646][T10787]  ? schedule+0x90/0x360
[ 1309.428683][T10787]  worker_thread+0xda6/0x1360
[ 1309.428723][T10787]  ? __kthread_parkme+0x19c/0x1f0
[ 1309.428754][T10787]  kthread+0x726/0x8b0
[ 1309.428783][T10787]  ? __pfx_worker_thread+0x10/0x10
[ 1309.428804][T10787]  ? __pfx_kthread+0x10/0x10
[ 1309.428829][T10787]  ? rt_spin_unlock+0x14f/0x200
[ 1309.428857][T10787]  ? rt_spin_unlock+0x160/0x200
[ 1309.428878][T10787]  ? __pfx_kthread+0x10/0x10
[ 1309.428905][T10787]  ret_from_fork+0x51b/0xa40
[ 1309.428932][T10787]  ? __pfx_ret_from_fork+0x10/0x10
[ 1309.428952][T10787]  ? __switch_to+0xc82/0x1410
[ 1309.428990][T10787]  ? __pfx_kthread+0x10/0x10
[ 1309.429020][T10787]  ret_from_fork_asm+0x1a/0x30
[ 1309.429078][T10787]  </TASK>
[ 1309.429190][T10787] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1309.429234][T10787] Bluetooth: hci4: failed to register connection device
[ 1310.637201][T16566] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3023'.
[ 1310.637352][T16566] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3023'.
[ 1311.002576][T16569] overlayfs: failed to resolve './file0': -2
[ 1314.120684][T16572] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3031'.
[ 1314.120712][T16572] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3031'.
[ 1314.664101][ T8944] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[ 1314.664129][ T8944] CPU: 0 UID: 0 PID: 8944 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1314.664154][ T8944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1314.664167][ T8944] Workqueue: hci0 hci_rx_work
[ 1314.664205][ T8944] Call Trace:
[ 1314.664214][ T8944]  <TASK>
[ 1314.664223][ T8944]  dump_stack_lvl+0xe8/0x150
[ 1314.664259][ T8944]  sysfs_create_dir_ns+0x271/0x2a0
[ 1314.664287][ T8944]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1314.664314][ T8944]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1314.664356][ T8944]  ? rt_spin_unlock+0x160/0x200
[ 1314.664383][ T8944]  kobject_add_internal+0x631/0xd10
[ 1314.664428][ T8944]  kobject_add+0x163/0x240
[ 1314.664468][ T8944]  ? __pfx_kobject_add+0x10/0x10
[ 1314.664511][ T8944]  ? get_device_parent+0x370/0x3a0
[ 1314.664546][ T8944]  device_add+0x408/0xb80
[ 1314.664579][ T8944]  hci_conn_add_sysfs+0xd5/0x210
[ 1314.664617][ T8944]  le_conn_complete_evt+0xf1d/0x1430
[ 1314.664657][ T8944]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1314.664685][ T8944]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1314.664716][ T8944]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1314.664748][ T8944]  ? skb_pull_data+0xfb/0x200
[ 1314.664780][ T8944]  hci_le_conn_complete_evt+0x187/0x470
[ 1314.664813][ T8944]  hci_event_packet+0x7af/0x12c0
[ 1314.664852][ T8944]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1314.664876][ T8944]  ? __pfx_hci_event_packet+0x10/0x10
[ 1314.664911][ T8944]  ? rt_spin_unlock+0x14f/0x200
[ 1314.664944][ T8944]  ? hci_send_to_monitor+0xe2/0x590
[ 1314.664973][ T8944]  hci_rx_work+0x3ee/0x1030
[ 1314.665013][ T8944]  ? process_scheduled_works+0xa0f/0x17a0
[ 1314.665050][ T8944]  process_scheduled_works+0xaec/0x17a0
[ 1314.665115][ T8944]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1314.665146][ T8944]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1314.665182][ T8944]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1314.665214][ T8944]  ? schedule+0x90/0x360
[ 1314.665252][ T8944]  worker_thread+0xda6/0x1360
[ 1314.665306][ T8944]  kthread+0x726/0x8b0
[ 1314.665348][ T8944]  ? __pfx_worker_thread+0x10/0x10
[ 1314.665371][ T8944]  ? __pfx_kthread+0x10/0x10
[ 1314.665395][ T8944]  ? rt_spin_unlock+0x14f/0x200
[ 1314.665424][ T8944]  ? rt_spin_unlock+0x160/0x200
[ 1314.665445][ T8944]  ? __pfx_kthread+0x10/0x10
[ 1314.665474][ T8944]  ret_from_fork+0x51b/0xa40
[ 1314.665502][ T8944]  ? __pfx_ret_from_fork+0x10/0x10
[ 1314.665523][ T8944]  ? __switch_to+0xc82/0x1410
[ 1314.665563][ T8944]  ? __pfx_kthread+0x10/0x10
[ 1314.665592][ T8944]  ret_from_fork_asm+0x1a/0x30
[ 1314.665648][ T8944]  </TASK>
[ 1314.667110][ T8944] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1314.667160][ T8944] Bluetooth: hci0: failed to register connection device
[ 1314.667706][ T8944] Bluetooth: hci0: link tx timeout
[ 1314.668002][ T8944] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[ 1314.675056][ T8944] Bluetooth: hci0: link tx timeout
[ 1314.675073][ T8944] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1316.038813][T16609] overlayfs: failed to resolve './file0': -2
[ 1316.911054][ T8944] Bluetooth: hci0: command 0x0406 tx timeout
[ 1319.868648][ T8944] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[ 1319.868676][ T8944] CPU: 0 UID: 0 PID: 8944 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1319.868702][ T8944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1319.868718][ T8944] Workqueue: hci2 hci_rx_work
[ 1319.868758][ T8944] Call Trace:
[ 1319.868767][ T8944]  <TASK>
[ 1319.868778][ T8944]  dump_stack_lvl+0xe8/0x150
[ 1319.868814][ T8944]  sysfs_create_dir_ns+0x271/0x2a0
[ 1319.868842][ T8944]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1319.868870][ T8944]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1319.868901][ T8944]  ? rt_spin_unlock+0x160/0x200
[ 1319.868929][ T8944]  kobject_add_internal+0x631/0xd10
[ 1319.868975][ T8944]  kobject_add+0x163/0x240
[ 1319.869034][ T8944]  ? __pfx_kobject_add+0x10/0x10
[ 1319.869074][ T8944]  ? get_device_parent+0x370/0x3a0
[ 1319.869109][ T8944]  device_add+0x408/0xb80
[ 1319.869143][ T8944]  hci_conn_add_sysfs+0xd5/0x210
[ 1319.869181][ T8944]  le_conn_complete_evt+0xf1d/0x1430
[ 1319.869221][ T8944]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1319.869250][ T8944]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1319.869281][ T8944]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1319.869321][ T8944]  ? skb_pull_data+0xfb/0x200
[ 1319.869361][ T8944]  hci_le_conn_complete_evt+0x187/0x470
[ 1319.869397][ T8944]  hci_event_packet+0x7af/0x12c0
[ 1319.869438][ T8944]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1319.869464][ T8944]  ? __pfx_hci_event_packet+0x10/0x10
[ 1319.869498][ T8944]  ? rt_spin_unlock+0x14f/0x200
[ 1319.869533][ T8944]  ? hci_send_to_monitor+0xe2/0x590
[ 1319.869566][ T8944]  hci_rx_work+0x3ee/0x1030
[ 1319.869611][ T8944]  ? process_scheduled_works+0xa0f/0x17a0
[ 1319.869652][ T8944]  process_scheduled_works+0xaec/0x17a0
[ 1319.869721][ T8944]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1319.869755][ T8944]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1319.869794][ T8944]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1319.869827][ T8944]  ? schedule+0x90/0x360
[ 1319.869865][ T8944]  worker_thread+0xda6/0x1360
[ 1319.869917][ T8944]  kthread+0x726/0x8b0
[ 1319.869946][ T8944]  ? __pfx_worker_thread+0x10/0x10
[ 1319.869968][ T8944]  ? __pfx_kthread+0x10/0x10
[ 1319.869990][ T8944]  ? rt_spin_unlock+0x14f/0x200
[ 1319.870014][ T8944]  ? rt_spin_unlock+0x160/0x200
[ 1319.870033][ T8944]  ? __pfx_kthread+0x10/0x10
[ 1319.870059][ T8944]  ret_from_fork+0x51b/0xa40
[ 1319.870087][ T8944]  ? __pfx_ret_from_fork+0x10/0x10
[ 1319.870109][ T8944]  ? __switch_to+0xc82/0x1410
[ 1319.870149][ T8944]  ? __pfx_kthread+0x10/0x10
[ 1319.870179][ T8944]  ret_from_fork_asm+0x1a/0x30
[ 1319.870233][ T8944]  </TASK>
[ 1319.870384][ T8944] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1319.870428][ T8944] Bluetooth: hci2: failed to register connection device
[ 1320.080768][T16650] openvswitch: netlink: IP tunnel TTL not specified.
[ 1321.138713][T16653] overlayfs: failed to resolve './file0': -2
[ 1321.673042][ T5809] Bluetooth: hci0: command 0x0406 tx timeout
[ 1322.814363][T16667] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3052'.
[ 1322.814525][T16667] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3052'.
[ 1326.667155][   T37] audit: type=1326 audit(1769548226.834:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16691 comm="syz.9.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1326.667227][   T37] audit: type=1326 audit(1769548226.834:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16691 comm="syz.9.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1326.667278][   T37] audit: type=1326 audit(1769548226.843:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16691 comm="syz.9.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1326.667324][   T37] audit: type=1326 audit(1769548226.843:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16691 comm="syz.9.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1326.667371][   T37] audit: type=1326 audit(1769548226.843:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16691 comm="syz.9.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1326.667416][   T37] audit: type=1326 audit(1769548226.853:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16691 comm="syz.9.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1326.667463][   T37] audit: type=1326 audit(1769548226.853:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16691 comm="syz.9.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1326.667511][   T37] audit: type=1326 audit(1769548226.853:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16691 comm="syz.9.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1326.667558][   T37] audit: type=1326 audit(1769548226.853:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16691 comm="syz.9.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1328.021994][T16709] qrtr: Invalid version 0
[ 1329.755060][ T9992] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[ 1329.958197][ T9992] usb 10-1: Using ep0 maxpacket: 32
[ 1329.960737][ T9992] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1329.963878][ T9992] usb 10-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1329.963905][ T9992] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1329.963926][ T9992] usb 10-1: Product: syz
[ 1329.963941][ T9992] usb 10-1: Manufacturer: syz
[ 1329.963958][ T9992] usb 10-1: SerialNumber: syz
[ 1329.976887][ T9992] usb 10-1: config 0 descriptor??
[ 1330.269863][ T5886] usb 10-1: USB disconnect, device number 8
[ 1332.420560][   T37] audit: type=1326 audit(1769548232.633:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16729 comm="syz.9.3082" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1332.420798][   T37] audit: type=1326 audit(1769548232.633:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16729 comm="syz.9.3082" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1332.421158][   T37] audit: type=1326 audit(1769548232.643:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16729 comm="syz.9.3082" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1332.421414][   T37] audit: type=1326 audit(1769548232.643:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16729 comm="syz.9.3082" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1332.421692][   T37] audit: type=1326 audit(1769548232.643:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16729 comm="syz.9.3082" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1332.421895][   T37] audit: type=1326 audit(1769548232.652:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16729 comm="syz.9.3082" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1332.422301][   T37] audit: type=1326 audit(1769548232.652:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16729 comm="syz.9.3082" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1332.422555][   T37] audit: type=1326 audit(1769548232.652:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16729 comm="syz.9.3082" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1332.422810][   T37] audit: type=1326 audit(1769548232.652:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16729 comm="syz.9.3082" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1332.422982][   T37] audit: type=1326 audit(1769548232.662:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16729 comm="syz.9.3082" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b6956aeb9 code=0x7ffc0000
[ 1334.389484][  T187] bridge_slave_1: left allmulticast mode
[ 1334.389518][  T187] bridge_slave_1: left promiscuous mode
[ 1334.389787][  T187] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1334.503629][  T187] bridge_slave_0: left allmulticast mode
[ 1334.503662][  T187] bridge_slave_0: left promiscuous mode
[ 1334.503990][  T187] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1334.556172][T16768] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3085'.
[ 1334.556328][T16768] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3085'.
[ 1336.112738][T16780] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3099'.
[ 1336.191633][  T187] bond_slave_0: left promiscuous mode
[ 1336.191744][  T187] bond_slave_1: left promiscuous mode
[ 1337.768036][ T9992] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[ 1337.923793][ T9992] usb 9-1: no configurations
[ 1337.923817][ T9992] usb 9-1: can't read configurations, error -22
[ 1338.069846][ T9992] usb 9-1: new high-speed USB device number 21 using dummy_hcd
[ 1338.156272][T16810] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.3107'.
[ 1338.255304][ T9992] usb 9-1: no configurations
[ 1338.255327][ T9992] usb 9-1: can't read configurations, error -22
[ 1338.287281][ T9992] usb usb9-port1: attempt power cycle
[ 1338.821499][ T9992] usb 9-1: new high-speed USB device number 22 using dummy_hcd
[ 1338.988335][ T9992] usb 9-1: no configurations
[ 1338.988411][ T9992] usb 9-1: can't read configurations, error -22
[ 1339.826809][ T9992] usb 9-1: new high-speed USB device number 23 using dummy_hcd
[ 1339.850050][ T9992] usb 9-1: no configurations
[ 1339.850072][ T9992] usb 9-1: can't read configurations, error -22
[ 1339.850678][ T9992] usb usb9-port1: unable to enumerate USB device
[ 1341.631075][T16833] kvm: kvm [16832]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x2625
[ 1341.650316][T16833] kvm: kvm [16832]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0xe8d0
[ 1341.655353][T16833] kvm: kvm [16832]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x4a51
[ 1341.662744][T16833] kvm: kvm [16832]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0xa41a
[ 1341.674004][T16833] kvm: kvm [16832]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x10000ef33
[ 1341.679378][T16833] kvm: kvm [16832]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x36ce
[ 1341.679469][T16833] kvm: kvm [16832]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[ 1341.681821][T16833] kvm: kvm [16832]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xa4ba
[ 1341.681906][T16833] kvm: kvm [16832]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[ 1341.688361][T16833] kvm: kvm [16832]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x625f
[ 1341.919292][T16845] openvswitch: netlink: IP tunnel TTL not specified.
[ 1343.057793][  T187] bond0 (unregistering): left allmulticast mode
[ 1343.057820][  T187] bond_slave_0: left allmulticast mode
[ 1343.057851][  T187] bond_slave_1: left allmulticast mode
[ 1343.277219][T16850] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.3119'.
[ 1344.530317][  T187] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1344.572438][ T9992] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[ 1344.745358][ T9992] usb 2-1: no configurations
[ 1344.745382][ T9992] usb 2-1: can't read configurations, error -22
[ 1344.882303][ T9992] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[ 1345.044647][ T9992] usb 2-1: no configurations
[ 1345.044670][ T9992] usb 2-1: can't read configurations, error -22
[ 1345.045305][ T9992] usb usb2-port1: attempt power cycle
[ 1345.406220][ T9992] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[ 1345.439613][ T9992] usb 2-1: no configurations
[ 1345.439637][ T9992] usb 2-1: can't read configurations, error -22
[ 1345.577259][ T9992] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[ 1345.602530][ T9992] usb 2-1: no configurations
[ 1345.602552][ T9992] usb 2-1: can't read configurations, error -22
[ 1345.603139][ T9992] usb usb2-port1: unable to enumerate USB device
[ 1345.696673][  T187] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1345.719572][  T187] bond0 (unregistering): Released all slaves
[ 1345.762001][T16814] netlink: 'syz.4.3108': attribute type 3 has an invalid length.
[ 1345.764317][T16814] netlink: 'syz.4.3108': attribute type 3 has an invalid length.
[ 1347.369052][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1347.369133][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1347.447153][T16878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3129'.
[ 1349.334562][T16894] netlink: 'syz.6.3135': attribute type 3 has an invalid length.
[ 1349.334894][T16894] netlink: 'syz.6.3135': attribute type 3 has an invalid length.
[ 1349.553582][T16904] openvswitch: netlink: IP tunnel TTL not specified.
[ 1352.802138][T16938] netlink: 'syz.9.3150': attribute type 3 has an invalid length.
[ 1352.802471][T16938] netlink: 'syz.9.3150': attribute type 3 has an invalid length.
[ 1354.642928][  T187] hsr_slave_0: left promiscuous mode
[ 1355.460882][T16960] openvswitch: netlink: IP tunnel TTL not specified.
[ 1355.915771][  T187] hsr_slave_1: left promiscuous mode
[ 1355.916874][  T187] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1355.916901][  T187] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1357.439731][  T187] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1357.439764][  T187] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1358.272498][  T187] veth1_macvtap: left promiscuous mode
[ 1358.272620][  T187] veth0_macvtap: left promiscuous mode
[ 1358.272937][  T187] veth1_vlan: left promiscuous mode
[ 1358.273139][  T187] veth0_vlan: left promiscuous mode
[ 1358.733997][T16980] kvm_pr_unimpl_wrmsr: 1 callbacks suppressed
[ 1358.734022][T16980] kvm: kvm [16979]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xd8d9
[ 1358.734119][T16980] kvm: kvm [16979]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[ 1358.761819][T16980] kvm_intel: kvm [16979]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xdc02
[ 1358.767530][T16980] kvm: kvm [16979]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xc1e
[ 1358.767629][T16980] kvm: kvm [16979]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[ 1358.767846][T16980] kvm_intel: kvm [16979]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x68d1
[ 1358.768185][T16980] kvm: kvm [16979]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x68d1
[ 1358.768276][T16980] kvm: kvm [16979]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[ 1361.459538][T17018] qrtr: Invalid version 0
[ 1363.494745][   T49] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[ 1363.685313][   T49] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[ 1363.685348][   T49] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[ 1363.685374][   T49] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[ 1363.789164][   T49] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 1363.789202][   T49] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1363.789224][   T49] usb 5-1: Product: syz
[ 1363.789239][   T49] usb 5-1: Manufacturer: syz
[ 1363.789254][   T49] usb 5-1: SerialNumber: syz
[ 1363.838287][   T49] usb 5-1: config 0 descriptor??
[ 1363.864707][T17030] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1363.864869][T17030] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1363.868194][   T49] usb 5-1: ucan: probing device on interface #0
[ 1364.042562][  T187] team0 (unregistering): Port device team_slave_1 removed
[ 1364.341216][  T187] team0 (unregistering): Port device team_slave_0 removed
[ 1365.217388][   T49] usb 5-1: ucan: failed to retrieve device info
[ 1365.217413][   T49] usb 5-1: ucan: probe failed; try to update the device firmware
[ 1365.982482][ T8944] Bluetooth: hci2: command 0x0406 tx timeout
[ 1365.982527][ T8944] Bluetooth: hci1: command 0x0406 tx timeout
[ 1366.737890][  T187] team0 (unregistering): Port device dummy0 removed
[ 1367.226225][T16988] netlink: 'syz.9.3163': attribute type 3 has an invalid length.
[ 1367.226461][T16988] netlink: 'syz.9.3163': attribute type 3 has an invalid length.
[ 1367.466204][   T49] usb 5-1: USB disconnect, device number 9
[ 1369.673837][T12304] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[ 1369.834226][T12304] usb 10-1: Using ep0 maxpacket: 16
[ 1369.844083][T12304] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1369.844115][T12304] usb 10-1: config 0 has no interfaces?
[ 1369.848117][T12304] usb 10-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[ 1369.848146][T12304] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1369.848165][T12304] usb 10-1: Product: syz
[ 1369.848178][T12304] usb 10-1: Manufacturer: syz
[ 1369.848191][T12304] usb 10-1: SerialNumber: syz
[ 1369.885033][T12304] usb 10-1: config 0 descriptor??
[ 1371.584216][T12254] usb 10-1: USB disconnect, device number 9
[ 1371.931175][T17074] netlink: 'syz.1.3188': attribute type 3 has an invalid length.
[ 1371.931504][T17074] netlink: 'syz.1.3188': attribute type 3 has an invalid length.
[ 1371.935856][  T187] IPVS: stop unused estimator thread 0...
[ 1372.038918][T10787] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[ 1372.038949][T10787] CPU: 0 UID: 0 PID: 10787 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1372.038981][T10787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1372.038996][T10787] Workqueue: hci1 hci_rx_work
[ 1372.039037][T10787] Call Trace:
[ 1372.039047][T10787]  <TASK>
[ 1372.039056][T10787]  dump_stack_lvl+0xe8/0x150
[ 1372.039093][T10787]  sysfs_create_dir_ns+0x271/0x2a0
[ 1372.039120][T10787]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1372.039148][T10787]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1372.039179][T10787]  ? rt_spin_unlock+0x160/0x200
[ 1372.039206][T10787]  kobject_add_internal+0x631/0xd10
[ 1372.039252][T10787]  kobject_add+0x163/0x240
[ 1372.039291][T10787]  ? __pfx_kobject_add+0x10/0x10
[ 1372.039334][T10787]  ? get_device_parent+0x370/0x3a0
[ 1372.039368][T10787]  device_add+0x408/0xb80
[ 1372.039403][T10787]  hci_conn_add_sysfs+0xd5/0x210
[ 1372.039438][T10787]  le_conn_complete_evt+0xf1d/0x1430
[ 1372.039470][T10787]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1372.039493][T10787]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1372.039522][T10787]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1372.039554][T10787]  ? skb_pull_data+0xfb/0x200
[ 1372.039586][T10787]  hci_le_conn_complete_evt+0x187/0x470
[ 1372.039621][T10787]  hci_event_packet+0x7af/0x12c0
[ 1372.039660][T10787]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1372.039683][T10787]  ? __pfx_hci_event_packet+0x10/0x10
[ 1372.039723][T10787]  ? rt_spin_unlock+0x14f/0x200
[ 1372.039756][T10787]  ? hci_send_to_monitor+0xe2/0x590
[ 1372.039787][T10787]  hci_rx_work+0x3ee/0x1030
[ 1372.039830][T10787]  ? process_scheduled_works+0xa0f/0x17a0
[ 1372.039866][T10787]  process_scheduled_works+0xaec/0x17a0
[ 1372.039932][T10787]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1372.039965][T10787]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1372.040002][T10787]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1372.040031][T10787]  ? schedule+0x90/0x360
[ 1372.040065][T10787]  worker_thread+0xda6/0x1360
[ 1372.040105][T10787]  ? __kthread_parkme+0x19c/0x1f0
[ 1372.040136][T10787]  kthread+0x726/0x8b0
[ 1372.040167][T10787]  ? __pfx_worker_thread+0x10/0x10
[ 1372.040187][T10787]  ? __pfx_kthread+0x10/0x10
[ 1372.040211][T10787]  ? rt_spin_unlock+0x14f/0x200
[ 1372.040237][T10787]  ? rt_spin_unlock+0x160/0x200
[ 1372.040256][T10787]  ? __pfx_kthread+0x10/0x10
[ 1372.040284][T10787]  ret_from_fork+0x51b/0xa40
[ 1372.040312][T10787]  ? __pfx_ret_from_fork+0x10/0x10
[ 1372.040332][T10787]  ? __switch_to+0xc82/0x1410
[ 1372.040368][T10787]  ? __pfx_kthread+0x10/0x10
[ 1372.040395][T10787]  ret_from_fork_asm+0x1a/0x30
[ 1372.040444][T10787]  </TASK>
[ 1372.043299][T10787] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1372.043350][T10787] Bluetooth: hci1: failed to register connection device
[ 1372.048983][T17077] netlink: 'syz.9.3189': attribute type 3 has an invalid length.
[ 1372.049209][T17077] netlink: 'syz.9.3189': attribute type 3 has an invalid length.
[ 1372.175363][T17071] kvm: kvm [17069]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x2625
[ 1372.196592][T17071] kvm: kvm [17069]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0xe8d0
[ 1372.213034][T17071] kvm: kvm [17069]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x4a51
[ 1372.221659][T17071] kvm: kvm [17069]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0xa41a
[ 1372.263396][T17071] kvm: kvm [17069]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x10000ef33
[ 1372.281950][T17071] kvm: kvm [17069]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x36ce
[ 1372.282045][T17071] kvm: kvm [17069]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[ 1372.284911][T17071] kvm: kvm [17069]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xa4ba
[ 1372.285000][T17071] kvm: kvm [17069]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[ 1372.309507][T17071] kvm: kvm [17069]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x625f
[ 1372.594797][T17085] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3183'.
[ 1373.813951][T17101] netlink: 356 bytes leftover after parsing attributes in process `syz.8.3193'.
[ 1374.835840][T17108] binder: 17107:17108 ioctl c0306201 200000000540 returned -22
[ 1375.774522][T17112] binder: 17107:17112 ioctl c0306201 200000000640 returned -22
[ 1375.904764][T17113] netlink: 'syz.6.3200': attribute type 3 has an invalid length.
[ 1375.904999][T17113] netlink: 'syz.6.3200': attribute type 3 has an invalid length.
[ 1377.986979][T17146] netlink: 356 bytes leftover after parsing attributes in process `syz.6.3209'.
[ 1378.906406][T17161] openvswitch: netlink: IP tunnel TTL not specified.
[ 1379.785237][ T9992] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[ 1380.540093][ T9992] usb 5-1: device descriptor read/64, error -71
[ 1380.919979][T17166] overlayfs: missing 'lowerdir'
[ 1381.251754][ T9992] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[ 1381.622718][ T9992] usb 5-1: device descriptor read/64, error -71
[ 1381.690222][ T5886] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[ 1382.022588][ T9992] usb usb5-port1: attempt power cycle
[ 1382.151122][ T5886] usb 10-1: Using ep0 maxpacket: 32
[ 1382.357050][T17184] syz.1.3221 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 1383.009932][T17187] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3222'.
[ 1383.106093][ T5886] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1383.106131][ T5886] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1383.106172][ T5886] usb 10-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1383.106197][ T5886] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1383.150246][ T5886] usb 10-1: config 0 descriptor??
[ 1383.542223][T17198] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3228'.
[ 1383.618046][ T5886] savu 0003:1E7D:2D5A.0005: hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.9-1/input0
[ 1383.817594][ T5886] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[ 1383.847065][T12254] usb 10-1: USB disconnect, device number 10
[ 1383.977796][ T5886] usb 7-1: Using ep0 maxpacket: 16
[ 1383.980519][ T5886] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1383.980649][ T5886] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1384.014129][ T5886] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1384.014164][ T5886] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1384.014187][ T5886] usb 7-1: Product: syz
[ 1384.014202][ T5886] usb 7-1: Manufacturer: syz
[ 1384.014217][ T5886] usb 7-1: SerialNumber: syz
[ 1384.295737][ T5886] usb 7-1: 0:2 : does not exist
[ 1384.309917][ T5886] usb 7-1: 5:0: failed to get current value for ch 0 (-22)
[ 1384.381173][ T5886] usb 7-1: USB disconnect, device number 32
[ 1384.669745][T17210] overlayfs: missing 'lowerdir'
[ 1385.220192][T15802] udevd[15802]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1385.391537][T17218] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3233'.
[ 1386.877552][T17226] openvswitch: netlink: IP tunnel TTL not specified.
[ 1387.724337][T12254] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[ 1387.901339][T12254] usb 2-1: device descriptor read/64, error -71
[ 1388.195573][T12254] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[ 1388.251391][T17239] gfs2: error -5 reading superblock
[ 1388.272704][T17241] overlayfs: missing 'lowerdir'
[ 1388.341784][T12254] usb 2-1: device descriptor read/64, error -71
[ 1388.460166][T12254] usb usb2-port1: attempt power cycle
[ 1390.753636][T17261] openvswitch: netlink: IP tunnel TTL not specified.
[ 1392.293599][T17277] overlayfs: missing 'lowerdir'
[ 1392.389033][T17275] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3255'.
[ 1392.819331][T11897] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[ 1393.920102][T11897] usb 10-1: device descriptor read/64, error -71
[ 1394.198080][T11897] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[ 1394.340049][T11897] usb 10-1: device descriptor read/64, error -71
[ 1394.454978][T11897] usb usb10-port1: attempt power cycle
[ 1395.114833][T11897] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[ 1395.340685][T11897] usb 10-1: device descriptor read/8, error -71
[ 1395.857395][T17304] openvswitch: netlink: IP tunnel TTL not specified.
[ 1396.069549][T11897] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[ 1396.120058][T11897] usb 10-1: device descriptor read/8, error -71
[ 1396.427185][T11897] usb usb10-port1: unable to enumerate USB device
[ 1397.394373][T17321] overlayfs: missing 'lowerdir'
[ 1397.484868][T17323] FAULT_INJECTION: forcing a failure.
[ 1397.484868][T17323] name failslab, interval 1, probability 0, space 0, times 0
[ 1397.484908][T17323] CPU: 0 UID: 0 PID: 17323 Comm: syz.4.3268 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1397.484934][T17323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1397.484947][T17323] Call Trace:
[ 1397.484956][T17323]  <TASK>
[ 1397.484965][T17323]  dump_stack_lvl+0xe8/0x150
[ 1397.485002][T17323]  should_fail_ex+0x46b/0x600
[ 1397.485031][T17323]  should_failslab+0xa8/0x100
[ 1397.485065][T17323]  __kmalloc_noprof+0xdf/0x7c0
[ 1397.485095][T17323]  ? iovec_from_user+0x87/0x250
[ 1397.485121][T17323]  ? __fget_files+0x2a/0x420
[ 1397.485144][T17323]  iovec_from_user+0x87/0x250
[ 1397.485185][T17323]  __import_iovec+0x163/0x7e0
[ 1397.485216][T17323]  ? __fget_files+0x2a/0x420
[ 1397.485233][T17323]  ? __fget_files+0x3a6/0x420
[ 1397.485256][T17323]  import_iovec+0x73/0xa0
[ 1397.485287][T17323]  __se_sys_vmsplice+0x27a/0x1490
[ 1397.485323][T17323]  ? task_work_run+0x21f/0x270
[ 1397.485355][T17323]  ? __pfx___se_sys_vmsplice+0x10/0x10
[ 1397.485387][T17323]  ? get_signal+0x122/0x1310
[ 1397.485418][T17323]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1397.485472][T17323]  ? ksys_write+0x248/0x270
[ 1397.485504][T17323]  ? rcu_is_watching+0x15/0xb0
[ 1397.485545][T17323]  do_syscall_64+0xe2/0xf80
[ 1397.485573][T17323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1397.485594][T17323]  ? trace_irq_disable+0x37/0x100
[ 1397.485622][T17323]  ? clear_bhb_loop+0x60/0xb0
[ 1397.485649][T17323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1397.485670][T17323] RIP: 0033:0x7fa8575eaeb9
[ 1397.485689][T17323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1397.485708][T17323] RSP: 002b:00007fa855825028 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
[ 1397.485732][T17323] RAX: ffffffffffffffda RBX: 00007fa857866090 RCX: 00007fa8575eaeb9
[ 1397.485749][T17323] RDX: 0000000000000014 RSI: 0000200000000140 RDI: 0000000000000007
[ 1397.485762][T17323] RBP: 00007fa855825090 R08: 0000000000000000 R09: 0000000000000000
[ 1397.485777][T17323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1397.485790][T17323] R13: 00007fa857866128 R14: 00007fa857866090 R15: 00007fff23aeb108
[ 1397.485824][T17323]  </TASK>
[ 1397.828859][T17330] netlink: 212368 bytes leftover after parsing attributes in process `syz.9.3270'.
[ 1398.491975][T17343] gfs2: error -5 reading superblock
[ 1398.596748][T17336] kvm_pr_unimpl_wrmsr: 1 callbacks suppressed
[ 1398.596773][T17336] kvm: kvm [17335]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x8166
[ 1398.688681][T17336] kvm: kvm [17335]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[ 1398.788337][T17349] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3276'.
[ 1399.115710][ T5886] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[ 1399.340205][ T5886] usb 7-1: device descriptor read/64, error -71
[ 1399.596930][ T5886] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[ 1399.735882][ T5886] usb 7-1: device descriptor read/64, error -71
[ 1400.121037][T17359] overlayfs: missing 'lowerdir'
[ 1400.353723][ T5886] usb usb7-port1: attempt power cycle
[ 1400.733761][T17369] netlink: 212368 bytes leftover after parsing attributes in process `syz.8.3281'.
[ 1400.752280][ T5886] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[ 1400.756510][T17368] netlink: 'syz.4.3283': attribute type 3 has an invalid length.
[ 1400.756728][T17368] netlink: 'syz.4.3283': attribute type 3 has an invalid length.
[ 1400.788211][ T5886] usb 7-1: device descriptor read/8, error -71
[ 1401.652196][ T5886] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[ 1401.671601][ T5886] usb 7-1: device descriptor read/8, error -71
[ 1401.788942][ T5886] usb usb7-port1: unable to enumerate USB device
[ 1402.569144][T17381] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3288'.
[ 1402.690074][T17382] qrtr: Invalid version 255
[ 1402.927948][T17384] kvm: kvm [17383]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x8166
[ 1402.967070][T17384] kvm: kvm [17383]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[ 1402.985984][ T5886] usb 10-1: new full-speed USB device number 15 using dummy_hcd
[ 1403.159012][ T5886] usb 10-1: config 0 has an invalid interface number: 8 but max is 0
[ 1403.159044][ T5886] usb 10-1: config 0 has no interface number 0
[ 1403.159652][ T5886] usb 10-1: config 0 interface 8 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1403.162111][ T5886] usb 10-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1403.162189][ T5886] usb 10-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1403.162211][ T5886] usb 10-1: Product: syz
[ 1403.162227][ T5886] usb 10-1: SerialNumber: syz
[ 1403.187895][ T5886] usb 10-1: config 0 descriptor??
[ 1403.212449][ T5886] usbhid 10-1:0.8: couldn't find an input interrupt endpoint
[ 1404.033780][T17403] overlayfs: missing 'workdir'
[ 1404.288165][T17407] netlink: 'syz.1.3295': attribute type 3 has an invalid length.
[ 1404.288417][T17407] netlink: 'syz.1.3295': attribute type 3 has an invalid length.
[ 1404.778058][T17411] netlink: 356 bytes leftover after parsing attributes in process `syz.6.3294'.
[ 1405.610251][ T5809] Bluetooth: hci5: command 0x0406 tx timeout
[ 1405.986706][ T5886] usb 10-1: USB disconnect, device number 15
[ 1406.694378][T17424] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[ 1408.004555][T17447] overlayfs: missing 'workdir'
[ 1408.063876][T11897] usb 10-1: new high-speed USB device number 16 using dummy_hcd
[ 1408.224538][T11897] usb 10-1: Using ep0 maxpacket: 16
[ 1408.230156][T11897] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1408.230185][T11897] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1408.247791][T11897] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1408.247826][T11897] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1408.247847][T11897] usb 10-1: Product: syz
[ 1408.247863][T11897] usb 10-1: Manufacturer: syz
[ 1408.247877][T11897] usb 10-1: SerialNumber: syz
[ 1408.289216][T17457] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.3308'.
[ 1408.703992][ T5886] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[ 1408.740744][T11897] usb 10-1: 0:2 : does not exist
[ 1408.887413][ T5886] usb 5-1: Using ep0 maxpacket: 16
[ 1409.454189][ T5886] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1409.454222][ T5886] usb 5-1: config 0 has no interfaces?
[ 1409.488766][ T5886] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[ 1409.488800][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1409.488822][ T5886] usb 5-1: Product: syz
[ 1409.488838][ T5886] usb 5-1: Manufacturer: syz
[ 1409.488854][ T5886] usb 5-1: SerialNumber: syz
[ 1409.495596][ T5886] usb 5-1: config 0 descriptor??
[ 1409.749004][T11897] usb 10-1: 5:0: failed to get current value for ch 0 (-22)
[ 1409.838385][T12304] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[ 1409.914152][T11897] usb 10-1: USB disconnect, device number 16
[ 1410.013117][T12304] usb 7-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1410.013189][T12304] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1410.031499][T12304] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1410.031529][T12304] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1410.031548][T12304] usb 7-1: Manufacturer: syz
[ 1410.067486][T12304] usb 7-1: config 0 descriptor??
[ 1410.169929][T15802] udevd[15802]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1410.245548][T12304] rc_core: IR keymap rc-hauppauge not found
[ 1410.245573][T12304] Registered IR keymap rc-empty
[ 1410.248972][T12304] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[ 1410.302118][T12304] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input23
[ 1410.344276][T12304] usb 7-1: USB disconnect, device number 37
[ 1410.593553][T17471] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[ 1411.327618][T17483] overlayfs: missing 'workdir'
[ 1411.543985][T12254] usb 5-1: USB disconnect, device number 13
[ 1414.268137][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1414.268220][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1414.311128][T17503] gfs2: error -5 reading superblock
[ 1414.711099][T17505] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3323'.
[ 1415.244695][T17511] qrtr: Invalid version 0
[ 1415.653926][T17514] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3326'.
[ 1415.654002][T17514] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3326'.
[ 1416.659317][T17521] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3327'.
[ 1416.817187][T17523] overlayfs: missing 'lowerdir'
[ 1416.915638][T12304] usb 10-1: new high-speed USB device number 17 using dummy_hcd
[ 1417.075922][T12304] usb 10-1: Using ep0 maxpacket: 16
[ 1417.083187][T12304] usb 10-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[ 1417.083222][T12304] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1417.083243][T12304] usb 10-1: Product: syz
[ 1417.083258][T12304] usb 10-1: Manufacturer: syz
[ 1417.083273][T12304] usb 10-1: SerialNumber: syz
[ 1417.428790][T12948] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[ 1417.573667][T17521] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3327'.
[ 1417.596264][T12304] usb 10-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[ 1417.599845][T12948] usb 2-1: Using ep0 maxpacket: 16
[ 1417.602166][T12948] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1417.602188][T12948] usb 2-1: config 0 has no interfaces?
[ 1417.605013][T12948] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[ 1417.605038][T12948] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1417.605056][T12948] usb 2-1: Product: syz
[ 1417.605068][T12948] usb 2-1: Manufacturer: syz
[ 1417.605081][T12948] usb 2-1: SerialNumber: syz
[ 1417.623801][T12948] usb 2-1: config 0 descriptor??
[ 1417.680379][T12304] usb 10-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1417.680899][T12304] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[ 1417.680956][T12304] usb 10-1: media controller created
[ 1417.733416][T12304] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1417.790397][T17534] qrtr: Invalid version 0
[ 1419.567218][T12304] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1421.050645][ T5879] usb 2-1: USB disconnect, device number 12
[ 1422.386714][T12304] dvb_usb_gl861 10-1:157.0: probe with driver dvb_usb_gl861 failed with error -5
[ 1422.437606][T12304] usb 10-1: USB disconnect, device number 17
[ 1422.552169][T17555] overlayfs: missing 'lowerdir'
[ 1423.682727][T17566] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3338'.
[ 1423.682756][T17566] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3338'.
[ 1423.683639][T17564] netlink: 356 bytes leftover after parsing attributes in process `syz.1.3340'.
[ 1423.864693][T17567] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3341'.
[ 1424.125454][T17575] netlink: 'syz.9.3346': attribute type 3 has an invalid length.
[ 1424.125590][T17575] netlink: 'syz.9.3346': attribute type 3 has an invalid length.
[ 1424.423951][T17579] netlink: 132 bytes leftover after parsing attributes in process `syz.9.3349'.
[ 1424.530660][T17583] dlm: plock device version mismatch: kernel (1.2.0), user (8.0.139)
[ 1425.746812][T12304] usb 9-1: new high-speed USB device number 24 using dummy_hcd
[ 1426.013328][T12304] usb 9-1: Using ep0 maxpacket: 16
[ 1426.015809][T12304] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1426.015834][T12304] usb 9-1: config 0 has no interfaces?
[ 1426.019227][T12304] usb 9-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[ 1426.019258][T12304] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1426.019280][T12304] usb 9-1: Product: syz
[ 1426.019296][T12304] usb 9-1: Manufacturer: syz
[ 1426.019312][T12304] usb 9-1: SerialNumber: syz
[ 1427.470314][T12304] usb 9-1: config 0 descriptor??
[ 1427.844130][T11897] usb 9-1: USB disconnect, device number 24
[ 1429.786860][T17610] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3357'.
[ 1429.787035][T17610] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3357'.
[ 1430.663786][T12304] usb 10-1: new full-speed USB device number 18 using dummy_hcd
[ 1430.680629][T17612] binder: 17611:17612 ioctl c0306201 200000000540 returned -22
[ 1430.743586][T17615] netlink: 'syz.8.3360': attribute type 3 has an invalid length.
[ 1430.743911][T17615] netlink: 'syz.8.3360': attribute type 3 has an invalid length.
[ 1430.768956][T17614] binder: 17611:17614 ioctl c0306201 200000000640 returned -22
[ 1430.861224][T12304] usb 10-1: config 0 has an invalid interface number: 8 but max is 0
[ 1430.861886][T12304] usb 10-1: config 0 has no interface number 0
[ 1430.861940][T12304] usb 10-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F
[ 1430.861967][T12304] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1430.917984][T12304] usb 10-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1430.918020][T12304] usb 10-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1430.918042][T12304] usb 10-1: Product: syz
[ 1430.918057][T12304] usb 10-1: SerialNumber: syz
[ 1430.968207][T12304] usb 10-1: config 0 descriptor??
[ 1430.990963][T12304] usbhid 10-1:0.8: couldn't find an input interrupt endpoint
[ 1433.676698][T12304] usb 10-1: USB disconnect, device number 18
[ 1433.975393][T17635] overlayfs: missing 'lowerdir'
[ 1434.205613][ T9992] usb 9-1: new high-speed USB device number 25 using dummy_hcd
[ 1434.224214][T12304] usb 10-1: new high-speed USB device number 19 using dummy_hcd
[ 1434.362672][ T9992] usb 9-1: Using ep0 maxpacket: 16
[ 1434.365187][ T9992] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1434.365216][ T9992] usb 9-1: config 0 has no interfaces?
[ 1434.368974][ T9992] usb 9-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[ 1434.369006][ T9992] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1434.369027][ T9992] usb 9-1: Product: syz
[ 1434.369052][ T9992] usb 9-1: Manufacturer: syz
[ 1434.369067][ T9992] usb 9-1: SerialNumber: syz
[ 1434.402257][ T9992] usb 9-1: config 0 descriptor??
[ 1434.458879][T12304] usb 10-1: Using ep0 maxpacket: 32
[ 1434.496380][T12304] usb 10-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1434.496402][T12304] usb 10-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1434.496415][T12304] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1434.496448][T12304] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1434.496461][T12304] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1434.496475][T12304] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1434.496501][T12304] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1434.496515][T12304] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1434.506019][T12304] usb 10-1: config 0 descriptor??
[ 1434.782641][T12304] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 19 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1434.808872][T12304] usb 10-1: USB disconnect, device number 19
[ 1435.980424][T12304] usblp0: removed
[ 1436.457349][T12304] usb 10-1: new high-speed USB device number 20 using dummy_hcd
[ 1436.814021][T17666] netlink: 356 bytes leftover after parsing attributes in process `syz.1.3374'.
[ 1437.398761][ T5809] Bluetooth: hci5: command 0x0406 tx timeout
[ 1438.970314][T12304] usb 10-1: Using ep0 maxpacket: 32
[ 1439.001379][T17672] qrtr: Invalid version 0
[ 1440.232305][T12304] usb 10-1: device descriptor read/all, error -71
[ 1440.677974][T17677] gfs2: error -5 reading superblock
[ 1440.767817][ T9992] usb 9-1: USB disconnect, device number 25
[ 1442.461389][T17696] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3384'.
[ 1442.461498][T17696] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3384'.
[ 1443.225277][T17654] usb 9-1: new low-speed USB device number 26 using dummy_hcd
[ 1443.230200][T17698] binder: 17697:17698 ioctl 4018620d 0 returned -22
[ 1443.431043][T17654] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1443.431082][T17654] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1443.431099][T17654] usb 9-1: config 168 interface 0 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[ 1443.432856][T17654] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1443.432891][T17654] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1443.432907][T17654] usb 9-1: config 168 interface 0 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[ 1443.473052][T17654] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1443.473112][T17654] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1443.473139][T17654] usb 9-1: config 168 interface 0 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[ 1443.676834][T17702] openvswitch: netlink: IP tunnel TTL not specified.
[ 1444.667677][T17654] usb 9-1: string descriptor 0 read error: -22
[ 1444.667793][T17654] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1444.667808][T17654] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1444.724368][T17654] adutux 9-1:168.0: interrupt endpoints not found
[ 1444.914656][T12948] usb 9-1: USB disconnect, device number 26
[ 1445.205849][T17711] netlink: 356 bytes leftover after parsing attributes in process `syz.6.3379'.
[ 1445.313929][T17712] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1445.313970][T17712] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1445.328575][T17710] binder: 17708:17710 ioctl c0306201 0 returned -14
[ 1445.397844][T17716] binder: 17708:17716 ioctl c0306201 200000000640 returned -22
[ 1445.522903][T17719] qrtr: Invalid version 0
[ 1447.031049][   T31] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[ 1447.212902][   T31] usb 7-1: Using ep0 maxpacket: 16
[ 1447.215377][   T31] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1447.215404][   T31] usb 7-1: config 0 has no interfaces?
[ 1447.218548][   T31] usb 7-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[ 1447.218580][   T31] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1447.218602][   T31] usb 7-1: Product: syz
[ 1447.218618][   T31] usb 7-1: Manufacturer: syz
[ 1447.218634][   T31] usb 7-1: SerialNumber: syz
[ 1447.247315][   T31] usb 7-1: config 0 descriptor??
[ 1448.599342][T17732] netlink: 60 bytes leftover after parsing attributes in process `syz.8.3396'.
[ 1448.637809][T17735] binder: 17733:17735 ioctl c0306201 0 returned -14
[ 1448.654850][T17732] netlink: 28 bytes leftover after parsing attributes in process `syz.8.3396'.
[ 1448.654880][T17732] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3396'.
[ 1448.654898][T17732] netlink: 28 bytes leftover after parsing attributes in process `syz.8.3396'.
[ 1448.698378][T17732] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3396'.
[ 1449.091713][T17739] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3398'.
[ 1449.091839][T17739] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3398'.
[ 1450.114623][ T5879] usb 7-1: USB disconnect, device number 38
[ 1451.698582][T17748] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1451.698630][T17748] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1451.762919][T17751] qrtr: Invalid version 0
[ 1453.531190][T17757] binder: 17755:17757 ioctl c0306201 0 returned -14
[ 1453.917034][T17760] binder: 17755:17760 ioctl c0306201 200000000640 returned -22
[ 1454.337470][T17767] binder: 17764:17767 ioctl c0306201 0 returned -14
[ 1454.946498][T17775] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3410'.
[ 1455.155974][ T5886] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[ 1455.202828][T17783] FAULT_INJECTION: forcing a failure.
[ 1455.202828][T17783] name failslab, interval 1, probability 0, space 0, times 0
[ 1455.202866][T17783] CPU: 0 UID: 0 PID: 17783 Comm: syz.6.3413 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1455.202892][T17783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1455.202905][T17783] Call Trace:
[ 1455.202913][T17783]  <TASK>
[ 1455.202923][T17783]  dump_stack_lvl+0xe8/0x150
[ 1455.202960][T17783]  should_fail_ex+0x46b/0x600
[ 1455.202988][T17783]  should_failslab+0xa8/0x100
[ 1455.203023][T17783]  __kmalloc_noprof+0xdf/0x7c0
[ 1455.203052][T17783]  ? kfree+0x4d/0x8f0
[ 1455.203076][T17783]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1455.203105][T17783]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1455.203128][T17783]  ? tomoyo_domain+0xd8/0x130
[ 1455.203155][T17783]  ? tomoyo_path_number_perm+0x219/0x630
[ 1455.203186][T17783]  tomoyo_path_number_perm+0x246/0x630
[ 1455.203219][T17783]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1455.203244][T17783]  ? __lock_acquire+0x6b5/0x2cf0
[ 1455.203271][T17783]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1455.203340][T17783]  ? __fget_files+0x2a/0x420
[ 1455.203363][T17783]  ? __fget_files+0x2a/0x420
[ 1455.203380][T17783]  ? __fget_files+0x3a6/0x420
[ 1455.203398][T17783]  ? __fget_files+0x2a/0x420
[ 1455.203421][T17783]  security_file_ioctl+0xc3/0x2a0
[ 1455.203455][T17783]  __se_sys_ioctl+0x47/0x170
[ 1455.203484][T17783]  do_syscall_64+0xe2/0xf80
[ 1455.203512][T17783]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1455.203532][T17783]  ? trace_irq_disable+0x37/0x100
[ 1455.203556][T17783]  ? clear_bhb_loop+0x60/0xb0
[ 1455.203581][T17783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1455.203601][T17783] RIP: 0033:0x7f42676caeb9
[ 1455.203622][T17783] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1455.203640][T17783] RSP: 002b:00007f4265926028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1455.203663][T17783] RAX: ffffffffffffffda RBX: 00007f4267945fa0 RCX: 00007f42676caeb9
[ 1455.203679][T17783] RDX: 0000200000000040 RSI: 00000000c0b45545 RDI: 0000000000000003
[ 1455.203694][T17783] RBP: 00007f4265926090 R08: 0000000000000000 R09: 0000000000000000
[ 1455.203707][T17783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1455.203719][T17783] R13: 00007f4267946038 R14: 00007f4267945fa0 R15: 00007ffe65ffc248
[ 1455.203755][T17783]  </TASK>
[ 1455.203765][T17783] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1455.412483][   T31] usb 10-1: new high-speed USB device number 22 using dummy_hcd
[ 1455.455291][ T5886] usb 2-1: Using ep0 maxpacket: 16
[ 1455.470285][ T5886] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1455.470315][ T5886] usb 2-1: config 0 has no interfaces?
[ 1455.485225][ T5886] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[ 1455.485260][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1455.485281][ T5886] usb 2-1: Product: syz
[ 1455.485296][ T5886] usb 2-1: Manufacturer: syz
[ 1455.485311][ T5886] usb 2-1: SerialNumber: syz
[ 1455.530240][ T5886] usb 2-1: config 0 descriptor??
[ 1455.583668][   T31] usb 10-1: Using ep0 maxpacket: 32
[ 1455.586371][   T31] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1455.591506][   T31] usb 10-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[ 1455.591537][   T31] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1455.591552][   T31] usb 10-1: Product: syz
[ 1455.591568][   T31] usb 10-1: Manufacturer: syz
[ 1455.591577][   T31] usb 10-1: SerialNumber: syz
[ 1455.618636][   T31] usb 10-1: config 0 descriptor??
[ 1455.683718][   T31] input: syz syz as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/input/input24
[ 1455.703548][   T31] usbtouchscreen 10-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -8
[ 1455.881228][   T31] usbtouchscreen 10-1:0.0: probe with driver usbtouchscreen failed with error -8
[ 1455.904214][T17654] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 1456.007069][T17793] qrtr: Invalid version 0
[ 1457.628750][T17654] usb 5-1: Using ep0 maxpacket: 32
[ 1457.630988][T17654] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1457.631016][T17654] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1457.634996][T17654] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1457.635024][T17654] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1457.635035][T17654] usb 5-1: Product: syz
[ 1457.635044][T17654] usb 5-1: Manufacturer: syz
[ 1457.635053][T17654] usb 5-1: SerialNumber: syz
[ 1457.755506][T17654] usb 5-1: config 0 descriptor??
[ 1457.784310][T17797] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1457.784374][T17797] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1458.260328][   T31] usb 5-1: USB disconnect, device number 14
[ 1458.422551][T17801] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3418'.
[ 1458.423514][T17801] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3418'.
[ 1459.057191][  T830] usb 10-1: USB disconnect, device number 22
[ 1459.185905][T12948] usb 2-1: USB disconnect, device number 13
[ 1459.353981][T17804] binder: 17803:17804 ioctl c0306201 0 returned -14
[ 1459.498288][T17806] binder: 17805:17806 ioctl c0306201 0 returned -14
[ 1459.526408][T17808] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3423'.
[ 1459.562128][T17812] binder: 17805:17812 ioctl c0306201 200000000640 returned -22
[ 1460.393805][T17826] qrtr: Invalid version 0
[ 1462.044369][T17830] netlink: 24 bytes leftover after parsing attributes in process `syz.9.3424'.
[ 1462.112839][T17830] bond1: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0)
[ 1462.233097][T12948] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[ 1462.393422][T12948] usb 2-1: Using ep0 maxpacket: 16
[ 1462.396051][T12948] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1462.396078][T12948] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1462.399265][T12948] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1462.399294][T12948] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1462.399316][T12948] usb 2-1: Product: syz
[ 1462.399331][T12948] usb 2-1: Manufacturer: syz
[ 1462.399347][T12948] usb 2-1: SerialNumber: syz
[ 1463.221077][T12948] usb 2-1: 0:2 : does not exist
[ 1463.245176][T12948] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[ 1463.325159][T12948] usb 2-1: USB disconnect, device number 14
[ 1463.393414][T17830] bond1 (unregistering): Released all slaves
[ 1463.824043][T17743] udevd[17743]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1465.346094][  T830] usb 10-1: new high-speed USB device number 23 using dummy_hcd
[ 1465.922825][  T830] usb 10-1: Using ep0 maxpacket: 32
[ 1465.926865][  T830] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1465.926893][  T830] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1465.959156][  T830] usb 10-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1465.959186][  T830] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1465.959206][  T830] usb 10-1: Product: syz
[ 1465.959219][  T830] usb 10-1: Manufacturer: syz
[ 1465.959232][  T830] usb 10-1: SerialNumber: syz
[ 1465.992760][  T830] usb 10-1: config 0 descriptor??
[ 1466.196207][T17862] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3435'.
[ 1466.220415][ T9992] usb 10-1: USB disconnect, device number 23
[ 1467.145016][T17876] qrtr: Invalid version 0
[ 1469.922021][T17890] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.3443'.
[ 1470.223982][T17896] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3446'.
[ 1474.236040][T17902] FAULT_INJECTION: forcing a failure.
[ 1474.236040][T17902] name failslab, interval 1, probability 0, space 0, times 0
[ 1474.236105][T17902] CPU: 0 UID: 0 PID: 17902 Comm: syz.6.3448 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1474.236132][T17902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1474.236145][T17902] Call Trace:
[ 1474.236153][T17902]  <TASK>
[ 1474.236162][T17902]  dump_stack_lvl+0xe8/0x150
[ 1474.236187][T17902]  should_fail_ex+0x46b/0x600
[ 1474.236202][T17902]  ? getname_flags+0xb7/0x540
[ 1474.236219][T17902]  should_failslab+0xa8/0x100
[ 1474.236238][T17902]  ? getname_flags+0xb7/0x540
[ 1474.236253][T17902]  kmem_cache_alloc_noprof+0x83/0x6a0
[ 1474.236281][T17902]  getname_flags+0xb7/0x540
[ 1474.236300][T17902]  do_sys_openat2+0xca/0x220
[ 1474.236314][T17902]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1474.236326][T17902]  ? ksys_write+0x248/0x270
[ 1474.236342][T17902]  ? __pfx_ksys_write+0x10/0x10
[ 1474.236364][T17902]  __x64_sys_openat+0x138/0x170
[ 1474.236379][T17902]  do_syscall_64+0xe2/0xf80
[ 1474.236395][T17902]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1474.236407][T17902]  ? clear_bhb_loop+0x60/0xb0
[ 1474.236421][T17902]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1474.236432][T17902] RIP: 0033:0x7f426768b78e
[ 1474.236448][T17902] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1474.236458][T17902] RSP: 002b:00007f4265904b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1474.236473][T17902] RAX: ffffffffffffffda RBX: 00007f42659056c0 RCX: 00007f426768b78e
[ 1474.236482][T17902] RDX: 0000000000141102 RSI: 00007f4265904c00 RDI: ffffffffffffff9c
[ 1474.236490][T17902] RBP: 00007f4265904c00 R08: 0000000000000000 R09: 0000000000000000
[ 1474.236498][T17902] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[ 1474.236506][T17902] R13: 00007f4267946128 R14: 00007f4267946090 R15: 00007ffe65ffc248
[ 1474.236524][T17902]  </TASK>
[ 1478.091055][T17916] openvswitch: netlink: IP tunnel TTL not specified.
[ 1478.602689][T17654] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[ 1478.704203][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1478.704286][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1478.752920][T17923] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3453'.
[ 1479.691361][T17927] FAULT_INJECTION: forcing a failure.
[ 1479.691361][T17927] name failslab, interval 1, probability 0, space 0, times 0
[ 1479.691387][T17927] CPU: 1 UID: 0 PID: 17927 Comm: syz.9.3452 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1479.691401][T17927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1479.691409][T17927] Call Trace:
[ 1479.691413][T17927]  <TASK>
[ 1479.691419][T17927]  dump_stack_lvl+0xe8/0x150
[ 1479.691441][T17927]  should_fail_ex+0x46b/0x600
[ 1479.691457][T17927]  should_failslab+0xa8/0x100
[ 1479.691477][T17927]  __kmalloc_cache_node_noprof+0x8a/0x6e0
[ 1479.691495][T17927]  ? __get_vm_area_node+0x171/0x350
[ 1479.691513][T17927]  __get_vm_area_node+0x171/0x350
[ 1479.691531][T17927]  __vmalloc_node_range_noprof+0x372/0x1730
[ 1479.691547][T17927]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[ 1479.691578][T17927]  ? do_sys_openat2+0x168/0x220
[ 1479.691591][T17927]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1479.691612][T17927]  ? __lock_acquire+0x6b5/0x2cf0
[ 1479.691628][T17927]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[ 1479.691643][T17927]  __vmalloc_noprof+0xd2/0x120
[ 1479.691659][T17927]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[ 1479.691678][T17927]  bpf_prog_alloc_no_stats+0x4a/0x4d0
[ 1479.691697][T17927]  bpf_prog_alloc+0x3c/0x1a0
[ 1479.691715][T17927]  bpf_prog_load+0x7ba/0x1ae0
[ 1479.691739][T17927]  ? __pfx_bpf_prog_load+0x10/0x10
[ 1479.691755][T17927]  ? __might_fault+0xaf/0x130
[ 1479.691782][T17927]  ? bpf_lsm_bpf+0x9/0x20
[ 1479.691793][T17927]  ? security_bpf+0x7e/0x2d0
[ 1479.691812][T17927]  __sys_bpf+0x570/0x920
[ 1479.691829][T17927]  ? __pfx___sys_bpf+0x10/0x10
[ 1479.691843][T17927]  ? rt_mutex_slowunlock+0x1cb/0x300
[ 1479.691864][T17927]  ? ksys_write+0x248/0x270
[ 1479.691880][T17927]  ? __pfx_ksys_write+0x10/0x10
[ 1479.691898][T17927]  __x64_sys_bpf+0x7c/0x90
[ 1479.691914][T17927]  do_syscall_64+0xe2/0xf80
[ 1479.691929][T17927]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1479.691940][T17927]  ? trace_irq_disable+0x37/0x100
[ 1479.691955][T17927]  ? clear_bhb_loop+0x60/0xb0
[ 1479.691969][T17927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1479.691980][T17927] RIP: 0033:0x7f3b6956aeb9
[ 1479.691992][T17927] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1479.692003][T17927] RSP: 002b:00007f3b67784028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1479.692018][T17927] RAX: ffffffffffffffda RBX: 00007f3b697e6180 RCX: 00007f3b6956aeb9
[ 1479.692027][T17927] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[ 1479.692034][T17927] RBP: 00007f3b67784090 R08: 0000000000000000 R09: 0000000000000000
[ 1479.692042][T17927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1479.692049][T17927] R13: 00007f3b697e6218 R14: 00007f3b697e6180 R15: 00007fff82e58a18
[ 1479.692067][T17927]  </TASK>
[ 1479.692255][T17927] syz.9.3452: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1479.692534][T17927] CPU: 1 UID: 0 PID: 17927 Comm: syz.9.3452 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1479.692549][T17927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1479.692556][T17927] Call Trace:
[ 1479.692560][T17927]  <TASK>
[ 1479.692565][T17927]  dump_stack_lvl+0xe8/0x150
[ 1479.692583][T17927]  warn_alloc+0x263/0x3e0
[ 1479.692600][T17927]  ? should_fail_ex+0x343/0x600
[ 1479.692615][T17927]  ? __pfx_warn_alloc+0x10/0x10
[ 1479.692631][T17927]  ? __kmalloc_cache_node_noprof+0x296/0x6e0
[ 1479.692649][T17927]  ? __get_vm_area_node+0x171/0x350
[ 1479.692666][T17927]  ? __get_vm_area_node+0x2e1/0x350
[ 1479.692685][T17927]  __vmalloc_node_range_noprof+0x397/0x1730
[ 1479.692715][T17927]  ? do_sys_openat2+0x168/0x220
[ 1479.692729][T17927]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1479.692749][T17927]  ? __lock_acquire+0x6b5/0x2cf0
[ 1479.692765][T17927]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[ 1479.692780][T17927]  __vmalloc_noprof+0xd2/0x120
[ 1479.692796][T17927]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[ 1479.692814][T17927]  bpf_prog_alloc_no_stats+0x4a/0x4d0
[ 1479.692833][T17927]  bpf_prog_alloc+0x3c/0x1a0
[ 1479.692851][T17927]  bpf_prog_load+0x7ba/0x1ae0
[ 1479.692875][T17927]  ? __pfx_bpf_prog_load+0x10/0x10
[ 1479.692891][T17927]  ? __might_fault+0xaf/0x130
[ 1479.692918][T17927]  ? bpf_lsm_bpf+0x9/0x20
[ 1479.692929][T17927]  ? security_bpf+0x7e/0x2d0
[ 1479.692947][T17927]  __sys_bpf+0x570/0x920
[ 1479.692964][T17927]  ? __pfx___sys_bpf+0x10/0x10
[ 1479.692978][T17927]  ? rt_mutex_slowunlock+0x1cb/0x300
[ 1479.692999][T17927]  ? ksys_write+0x248/0x270
[ 1479.693014][T17927]  ? __pfx_ksys_write+0x10/0x10
[ 1479.693033][T17927]  __x64_sys_bpf+0x7c/0x90
[ 1479.693048][T17927]  do_syscall_64+0xe2/0xf80
[ 1479.693063][T17927]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1479.693074][T17927]  ? trace_irq_disable+0x37/0x100
[ 1479.693088][T17927]  ? clear_bhb_loop+0x60/0xb0
[ 1479.693103][T17927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1479.693114][T17927] RIP: 0033:0x7f3b6956aeb9
[ 1479.693124][T17927] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1479.693134][T17927] RSP: 002b:00007f3b67784028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1479.693146][T17927] RAX: ffffffffffffffda RBX: 00007f3b697e6180 RCX: 00007f3b6956aeb9
[ 1479.693154][T17927] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[ 1479.693162][T17927] RBP: 00007f3b67784090 R08: 0000000000000000 R09: 0000000000000000
[ 1479.693169][T17927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1479.693176][T17927] R13: 00007f3b697e6218 R14: 00007f3b697e6180 R15: 00007fff82e58a18
[ 1479.693194][T17927]  </TASK>
[ 1479.693198][T17927] Mem-Info:
[ 1479.693204][T17927] active_anon:281 inactive_anon:29332 isolated_anon:0
[ 1479.693204][T17927]  active_file:35286 inactive_file:36435 isolated_file:0
[ 1479.693204][T17927]  unevictable:17690 dirty:337 writeback:0
[ 1479.693204][T17927]  slab_reclaimable:12989 slab_unreclaimable:107985
[ 1479.693204][T17927]  mapped:41021 shmem:23088 pagetables:1736
[ 1479.693204][T17927]  sec_pagetables:0 bounce:0
[ 1479.693204][T17927]  kernel_misc_reclaimable:0
[ 1479.693204][T17927]  free:1256440 free_pcp:692 free_cma:0
[ 1479.693236][T17927] Node 0 active_anon:1124kB inactive_anon:117328kB active_file:140940kB inactive_file:145740kB unevictable:69224kB isolated(anon):0kB isolated(file):0kB mapped:147700kB dirty:1348kB writeback:0kB shmem:90816kB kernel_stack:14436kB pagetables:6788kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1479.693263][T17927] Node 1 active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:16384kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:32kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1479.693296][T17927] Node 0 DMA free:11264kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1479.693330][T17927] lowmem_reserve[]: 0 2507 2507 2507 2507
[ 1479.693351][T17927] Node 0 DMA32 free:1161972kB boost:0kB min:3932kB low:6472kB high:9012kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1124kB inactive_anon:117328kB active_file:140940kB inactive_file:145740kB unevictable:69224kB writepending:1348kB zspages:0kB present:3129332kB managed:2567404kB mlocked:0kB bounce:0kB free_pcp:2724kB local_pcp:656kB free_cma:0kB
[ 1479.693388][T17927] lowmem_reserve[]: 0 0 0 0 0
[ 1479.693407][T17927] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:620kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1479.693440][T17927] lowmem_reserve[]: 0 0 0 0 0
[ 1479.693458][T17927] Node 1 Normal free:3852524kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:44kB local_pcp:44kB free_cma:0kB
[ 1479.693493][T17927] lowmem_reserve[]: 0 0 0 0 0
[ 1479.693512][T17927] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 2*4096kB (M) = 11264kB
[ 1479.693581][T17927] Node 0 DMA32: 2052*4kB (U) 2620*8kB (UME) 1628*16kB (UME) 504*32kB (UE) 1200*64kB (UME) 848*128kB (UME) 552*256kB (UME) 352*512kB (UM) 266*1024kB (UM) 144*2048kB (UM) 4*4096kB (UM) = 1161904kB
[ 1479.693674][T17927] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1479.693730][T17927] Node 1 Normal: 197*4kB (UME) 43*8kB (UME) 38*16kB (UME) 207*32kB (UME) 99*64kB (UME) 31*128kB (UME) 10*256kB (UM) 5*512kB (UM) 3*1024kB (UME) 4*2048kB (UME) 932*4096kB (M) = 3852524kB
[ 1479.693823][T17927] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1479.693833][T17927] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[ 1479.693842][T17927] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1479.693851][T17927] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1479.693860][T17927] 111727 total pagecache pages
[ 1479.693864][T17927] 0 pages in swap cache
[ 1479.693868][T17927] Free swap  = 124996kB
[ 1479.693872][T17927] Total swap = 124996kB
[ 1479.693877][T17927] 2097051 pages RAM
[ 1479.693881][T17927] 0 pages HighMem/MovableOnly
[ 1479.693885][T17927] 423430 pages reserved
[ 1479.693889][T17927] 0 pages cma reserved
[ 1482.261202][T17654] usb 5-1: Using ep0 maxpacket: 16
[ 1482.596850][T17654] usb 5-1: device descriptor read/all, error -71
[ 1482.869279][T17933] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.3456'.
[ 1484.576544][ T9992] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[ 1484.747452][ T9992] usb 7-1: Using ep0 maxpacket: 16
[ 1484.790914][ T9992] usb 7-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[ 1484.790949][ T9992] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1484.790971][ T9992] usb 7-1: Product: syz
[ 1484.790987][ T9992] usb 7-1: Manufacturer: syz
[ 1484.791002][ T9992] usb 7-1: SerialNumber: syz
[ 1485.504255][ T9992] usb 7-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[ 1485.540929][ T9992] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1485.547054][ T9992] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[ 1485.547121][ T9992] usb 7-1: media controller created
[ 1485.638632][ T9992] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1485.884356][ T9992] zl10353_read_register: readreg error (reg=127, ret==-32)
[ 1486.750639][T17954] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1486.751269][T17954] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1486.847667][ T9992] dvb_usb_gl861 7-1:157.0: probe with driver dvb_usb_gl861 failed with error -5
[ 1487.430852][  T830] usb 9-1: new full-speed USB device number 27 using dummy_hcd
[ 1487.505924][T17654] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[ 1487.600968][  T830] usb 9-1: unable to read config index 0 descriptor/start: -61
[ 1487.601020][  T830] usb 9-1: can't read configurations, error -61
[ 1487.646448][T17654] usb 2-1: device descriptor read/64, error -71
[ 1487.742979][  T830] usb 9-1: new full-speed USB device number 28 using dummy_hcd
[ 1487.895732][ T5919] usb 7-1: USB disconnect, device number 39
[ 1487.911912][T17654] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[ 1487.957943][  T830] usb 9-1: unable to read config index 0 descriptor/start: -61
[ 1487.957983][  T830] usb 9-1: can't read configurations, error -61
[ 1487.958339][  T830] usb usb9-port1: attempt power cycle
[ 1488.083040][T17654] usb 2-1: device descriptor read/64, error -71
[ 1488.201192][T17654] usb usb2-port1: attempt power cycle
[ 1488.328953][  T830] usb 9-1: new full-speed USB device number 29 using dummy_hcd
[ 1488.354569][  T830] usb 9-1: unable to read config index 0 descriptor/start: -61
[ 1488.354610][  T830] usb 9-1: can't read configurations, error -61
[ 1488.426570][T17987] netlink: 'syz.4.3470': attribute type 3 has an invalid length.
[ 1488.426805][T17987] netlink: 'syz.4.3470': attribute type 3 has an invalid length.
[ 1488.461051][T17988] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3469'.
[ 1488.461192][T17988] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3469'.
[ 1488.489598][  T830] usb 9-1: new full-speed USB device number 30 using dummy_hcd
[ 1488.515126][  T830] usb 9-1: unable to read config index 0 descriptor/start: -61
[ 1488.515169][  T830] usb 9-1: can't read configurations, error -61
[ 1488.515626][  T830] usb usb9-port1: unable to enumerate USB device
[ 1488.565413][T17654] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[ 1488.586456][T17654] usb 2-1: device descriptor read/8, error -71
[ 1489.205506][T17654] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[ 1489.227680][T17654] usb 2-1: device descriptor read/8, error -71
[ 1489.346672][T17654] usb usb2-port1: unable to enumerate USB device
[ 1604.375286][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1604.375308][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P16/2:b..l
[ 1604.375338][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=83825, q=718 ncpus=2)