last executing test programs:

1m19.604387898s ago: executing program 3 (id=899):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @rand_addr=0x64010100}]}, &(0x7f0000000080)=0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000002c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x81b}}, './file0\x00'})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB])
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x5, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r4, r4, &(0x7f0000000080), 0x7f03)

1m19.137661545s ago: executing program 0 (id=901):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000340), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000140)={0x16, 0x1, 0x0, "18e889d15b38429faa8ff62438eaed752e68f3a6d09382b392b049e33958b16c"})
socket$kcm(0x21, 0x2, 0x2)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="021800000b0000000000000000000000030005000000000002000000e0000001000000000000000003001200000000000200000000000000000000000000000003000600000000"], 0x58}}, 0x24000894)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0xb90b, 0xfffffffc, 0xfffffffe, 0x0, 0x0, 0x2, 0xffffffff}, 0x1c)
mount$fuse(0x0, &(0x7f0000000340)='./file0/file0\x00', &(0x7f00000008c0), 0x51000, &(0x7f0000000b00)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x1c00}}], [{@obj_user={'obj_user', 0x3d, '{\x87&\\,[}\''}}, {@smackfshat={'smackfshat', 0x3d, 'raw\x00'}}]}})
r4 = getuid()
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0)={0x0, 0x0, <r5=>0x0}, &(0x7f0000000600)=0xc)
sendmsg$unix(r3, &(0x7f00000006c0)={&(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000400)="b4261e82c2322a672fd98fe998a4e3d99111d71adccee1f79e84394e8e792ec3ec9789a27acc0bcb132798308dd73e6a31656ebeabaa06dfe6aa56f8406c415864ba0eac528c4682c3de0cc61d98f2d183268a72980b889e07", 0x59}, {&(0x7f0000000480)="9e0a426d99857947d6cfb5cc7dd0215a95b8cf46d2b688e0d07043d77704c78f8594bc6ed61f234d9207a02a6cc682279fc15953ee6e1d2eed74ce83dc6ba5ed4b5d87cad3d52a2a3e5ded0eee81a4682555226065fd254da9ae98397766ebb9ff533c901e27f09bd4c03713c5", 0x6d}, {&(0x7f0000000500)="a1fdc7d2a35c2988ecd88e2a84c500852b5862b7f16650ab88927b675d7eec19a018362ffdedf80e866c0d397350627b5d47814110c92e5e83df0f4ffc2be8e48cad4814a578bbf67b5cd6ef100ac3e9dac156034d62", 0x56}], 0x3, &(0x7f0000000640)=[@cred={{0x18, 0x1, 0x2, {r1}}}, @cred={{0x18, 0x1, 0x2, {r1}}}, @cred={{0x18, 0x1, 0x2, {r1, r4, r5}}}, @rights={{0x10, 0x1, 0x1, [r0]}}], 0x58, 0x4008011}, 0x10000000)
kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x7ffdd000, 0x8000}], 0x320000)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
syz_open_dev$radio(&(0x7f0000000100), 0x2, 0x2)
epoll_create(0x5)

1m16.729045489s ago: executing program 1 (id=905):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000b80)=ANY=[@ANYBLOB], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r3=>r1, {0xf49c}}, './file0\x00'})
io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f00000001c0)={&(0x7f0000001000)={[{0x0, 0x0, 0x1}]}, 0x1, 0x1}, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x8}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000240)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x94)
capset(&(0x7f00000004c0)={0x20080522}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2, 0x0, 0x80000})
r6 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x0)
ioctl$SG_IO(r6, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffc, 0x6, 0x1, @buffer={0x300, 0x0, 0x0}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x8356, 0x30, 0x3, 0x0})
socket$inet6(0xa, 0x2, 0x3a)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r7 = socket$kcm(0x15, 0x5, 0x0)
sendmsg$inet(r7, &(0x7f0000000080)={&(0x7f0000000000)={0xa, 0x0, @multicast2}, 0x10, 0x0}, 0x4000040)
read$FUSE(0xffffffffffffffff, &(0x7f0000006180)={0x2020}, 0x2020)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004082, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90d, 0xd, '\x00', @p_u8=0x0}})

1m15.865845307s ago: executing program 3 (id=907):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000140))
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r1, 0x118, 0x1, 0xffffffffffffffff, 0xfe93)
syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x8000000200000001, 0x20002)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)={0x14, 0x0, 0xdac7a804b810efff}, 0x14}}, 0x0)
setxattr$system_posix_acl(0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x670, 0x0, 0x2e0, 0x428, 0x2e0, 0x2e0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00', {}, {0xff}}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@unspec=@connmark={{0x30}}, @common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@uncond, 0x0, 0x120, 0x148, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}, {0x0, 0x0, 0x0, [0x4]}}]}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@dst={{0x48}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6d0)
bind$inet6(r2, &(0x7f0000000700)={0xa, 0x4e22, 0x400, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}, 0x1c)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000180)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/194, 0x0})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000040)=0x200000000)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

1m15.771733435s ago: executing program 4 (id=908):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r4, 0x4b72, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x200, &(0x7f0000003c40)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a73090000000000001b0f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"})

1m15.721362126s ago: executing program 1 (id=909):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00')
preadv(r1, &(0x7f0000000440)=[{&(0x7f0000000100)=""/230, 0xe6}], 0x1, 0x5f0e, 0x0) (async)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ff000040720501cb6526010203010902120001000000000904"], 0x0) (async)
unshare(0x22020600)
r3 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r3, 0x11b, 0x7, 0x0, &(0x7f00000000c0)) (async, rerun: 32)
syz_usb_ep_read(r2, 0x5, 0x16, &(0x7f0000000040)=""/22) (rerun: 32)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000080)=ANY=[], 0x10448) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) (async)
write$P9_RATTACH(r4, &(0x7f0000000280)={0x14, 0x69, 0x2, {0x80, 0x4, 0x5}}, 0x14) (async, rerun: 64)
syz_usb_control_io$uac1(r2, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0xffffffffffffffd4, 0x3, 0x200a}}}, 0x0) (async, rerun: 64)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, <r6=>0x0}, &(0x7f0000000180)=0xc)
setuid(r6) (async)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="0c0100000301050000000000000000000100000a08001a400000000874000d8008000200e000000208000200ac1414aa140004002001000000000000000000000000000024000380060002"], 0x10c}, 0x1, 0x0, 0x0, 0x1}, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000002600000000c0a670300000000000000000100000008000440000000000900010073797a300000000038000380340000000400018004000680140007800c000100636f756e74657200040002801400018006"], 0xe4}}, 0x0) (async)
setpriority(0x2, 0xff, 0x0) (async)
syz_usb_control_io$hid(r2, &(0x7f00000001c0)={0x24, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x443}}, 0x0, 0x0}, 0x0)
syz_usb_control_io(r2, &(0x7f00000004c0)={0x2c, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="000370000000700384dd123533e92acf05a0be467fa21d5d31958de3d45400f97aef481ba6a5d0"], 0x0, 0x0, 0x0}, 0x0)

1m14.409692472s ago: executing program 4 (id=910):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r0, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x1}}, 0x40)
r3 = syz_create_resource$binfmt(0x0)
r4 = openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff)
close(r4)
execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0)

1m13.783787746s ago: executing program 1 (id=911):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
pwritev(r3, &(0x7f00000008c0)=[{&(0x7f0000000240)="01000000", 0x4}, {&(0x7f0000000200)="f697079a161cfb7702311e629acda76933ddd0c24174eb4d4d28f9", 0x1b}, {&(0x7f0000000340)="747369587e0a4e47adce", 0xa}], 0x3, 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000800), 0x161200, 0x0)
r4 = socket(0x15, 0x5, 0x0)
getsockopt(r4, 0x200000000114, 0x271d, 0x0, &(0x7f0000000000))
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00'})
r5 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_OUTPUT(r5, 0xc004562f, &(0x7f00000000c0)=0x1)
ioctl$VIDIOC_S_DV_TIMINGS(r5, 0xc0845657, &(0x7f0000000580)={0x0, @bt={0x13, 0x7c5, 0x1, 0x2800, 0xd59f82, 0x2, 0x5, 0xb, 0x8, 0x0, 0xbef, 0x1, 0x7, 0x9, 0x2b, 0x4, {0xffff945a, 0x1}, 0x9, 0xf1}})
writev(0xffffffffffffffff, &(0x7f00000001c0)=[{0x0}, {&(0x7f00000004c0)}, {&(0x7f0000000740)}], 0x3)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000140)={{0x2, 0x1, 0xb, 0x3, 0x5, 0x0, 0x3, 0x80, 0x5, 0x4, 0x10, 0x8}, {0x8000000, 0x0, 0x4, 0x2, 0x12, 0x7, 0x5, 0xde, 0x35, 0x4, 0x2, 0xcb}, {0x3000, 0x3000, 0x4, 0x8, 0x8, 0x8, 0x3, 0x3, 0x9, 0x8, 0xe}, {0xd000, 0xeeee0000, 0x9, 0x3, 0x6, 0x80, 0x3, 0x1, 0xf5, 0x5, 0xf3, 0x40}, {0xf000, 0x8080000, 0xd, 0x1, 0xaa, 0x35, 0xff, 0x1, 0x0, 0x6, 0x4}, {0x100000, 0xdddd0000, 0x3, 0x2, 0x22, 0xbf, 0x0, 0xb0, 0x3, 0x81, 0xbd, 0x6}, {0x0, 0xeeee0000, 0x8, 0x3, 0x6, 0xc0, 0x7f, 0x8, 0x6, 0x8, 0x0, 0x60}, {0xf000, 0x100000, 0xe, 0xfd, 0x7c, 0x7, 0x4, 0x5, 0x2a, 0x3, 0x7, 0xf1}, {0x10000, 0x8}, {0xd5d50002, 0x63e4}, 0x10, 0x0, 0xf000, 0xa, 0xd, 0xc000, 0xeeee0000, [0x7, 0x3, 0x9, 0x80]})
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_IOAS_MAP(r6, 0x3b85, &(0x7f00000004c0)={0x28, 0x5, r7, 0x0, &(0x7f00000003c0)="cff372e4", 0x4, 0xf})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r6, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r7, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r7, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000, 0xfffffffffffffffb})
ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000000300)={0x8, 0x2, 0x7, 0x800, 0x4})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000003500)={'veth1_macvtap\x00', <r8=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000001d00"/20, @ANYRES32=r8, @ANYBLOB="9400e6040a000200aaaaaaaaaa0c0000"], 0x28}}, 0x800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)

1m13.154022724s ago: executing program 1 (id=913):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)}, &(0x7f0000000080)=0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000002c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x81b}}, './file0\x00'})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB])
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x5, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r4, r4, &(0x7f0000000080), 0x7f03)

1m13.099067779s ago: executing program 4 (id=914):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @broadcast}, @in6={0xa, 0x4e24, 0x2, @private0, 0x7}], 0x2c)
sendmsg$inet_sctp(r0, &(0x7f0000000140)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f00000002c0)=[{}], 0x1, 0x0, 0x0, 0xc04c000}, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000540)={'pcm3724\x00', [0x109, 0x80008000, 0x86c, 0xc, 0x80000000, 0x0, 0x1, 0xf, 0x1000, 0x1, 0x1, 0x5, 0x4, 0x746, 0x100, 0x6, 0xffffffa7, 0x2000001, 0x0, 0x65c, 0x3ff, 0x10004, 0x800, 0xe2e0, 0x9, 0x6, 0x4, 0x3, 0x7, 0x5, 0x5, 0x1]})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44045}, 0x10)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
r2 = dup(0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, r2)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0xf59}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
r4 = io_uring_setup(0x1abf, &(0x7f0000000000)={0x0, 0xa4ec, 0x400, 0x1, 0x102a8})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r4, 0x13, &(0x7f0000000080)=[0xfff, 0x6], 0x2)
r5 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r5, 0x0, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, {0x0, 0xf}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_IP_TTL={0x5, 0x52, 0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x90}, 0x20084084)

1m12.623489427s ago: executing program 2 (id=915):
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x44}, @hci_rp_read_local_commands={{0x2d}, {0x6, "8f23e93dbf411511a1d7b45070ff1def0737a9ab0f480b1b371bbe5806bd4d543c193412e9d770a6b18c79ff0253b4b40e390a967b85c8c3586c23c6b762e2dc"}}}}, 0x47)
mmap$KVM_VCPU(&(0x7f0000b8b000/0x3000)=nil, 0x930, 0x300000b, 0x12, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
r0 = openat$sequencer(0xffffff9c, 0x0, 0x88302, 0x0)
openat$audio(0xffffffffffffff9c, 0x0, 0x20301, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r0, 0x4004510d, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
mkdir(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r6 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
write$sndseq(r6, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x7}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0x2}, {}, {}, @connect={{0x6, 0x1}, {0x6, 0xf}}}, {0x13, 0x0, 0x0, 0x0, @time={0x4, 0x7}, {}, {0x0, 0x80}, @raw8={"f81c703db135dc80a185eb39"}}, {0x0, 0x0, 0x0, 0x0, @time={0x6}, {}, {0x0, 0xfd}, @time}], 0x70)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0xb4, 0x11, 0x148, 0x0, 0x10, 0x18c, 0x2a8, 0x2a8, 0x18c, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xffffff00, 0x0, 'virt_wifi0\x00', 'erspan0\x00', {}, {0xff}, 0x6, 0x1}, 0x10, 0x94, 0xb4, 0x1c, {}, [@inet=@rpfilter={{0x24}}]}, @unspec=@TRACE={0x20}}, {{@ip={@multicast1, @rand_addr=0x64010102, 0x0, 0xffffffff, 'syzkaller0\x00', 'veth1_to_batadv\x00', {0xff}, {}, 0x0, 0x0, 0x40}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0xc, 0x2ab, 0x4, 0x9, '\x00', 'syz1\x00', {0xfffffffc}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x27c)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001afcff00bca300000000000024030000c0feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000200000000002604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0), 0x10}, 0x94)
socket$inet(0x2, 0x2, 0x0)

1m12.167863079s ago: executing program 0 (id=916):
r0 = socket(0xa, 0x1, 0x84)
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000400)={0x1, {{0x2, 0x4e23, @multicast2}}, {{0x2, 0x4e23, @broadcast}}}, 0x108)
socket(0xa, 0x1, 0x84)
socket(0xa, 0x1, 0x84)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="12000000050000000400000002"], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$KDFONTOP_GET(0xffffffffffffffff, 0x4b72, &(0x7f0000000000)={0x1, 0x1, 0x15, 0xe, 0x79, &(0x7f0000000d00)})
syz_clone3(&(0x7f0000000340)={0x200103000, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {0xb3, 0x8, 0x0, 0xe26}, 0x23, [0x29c, 0x9, 0x61, 0xd, 0x40, 0x3, 0x5fc1027d, 0x1, 0x100, 0xe, 0x7, 0x9, 0xffffff00, 0xffffffff, 0x7801, 0x7, 0x6, 0x3ff, 0xffffffff, 0x9, 0x6, 0x7, 0x4, 0x681, 0x3, 0x1, 0x8, 0x1, 0x6, 0x8000, 0x89bd, 0x5, 0x3, 0x4, 0xdc, 0x6, 0x7, 0x18, 0x7, 0x4, 0x6, 0xbb, 0xfff, 0x3ff, 0x6, 0x80000001, 0x2, 0x40, 0x6, 0x2, 0x3, 0x401, 0x8, 0x1, 0x10, 0x1, 0x4, 0x8, 0x9, 0x6b30, 0x1000, 0x40, 0xe, 0x800], [0xac9c, 0x3, 0x4, 0x7, 0x2, 0x10000, 0x9, 0x5, 0x10000, 0x0, 0x9, 0x3, 0x6, 0xf4bb, 0x8001, 0x99, 0xce4a, 0xca, 0x6, 0x5, 0x4, 0x3d7, 0x8, 0x9, 0x9, 0xfe, 0x8, 0x4, 0xd, 0xb7, 0x4, 0x8, 0x6, 0x7, 0x0, 0x2, 0x10001, 0xff, 0x8, 0x800, 0xfffffff9, 0x1, 0x0, 0x7c, 0x7, 0x952, 0x9, 0xf33, 0x6, 0x4, 0x0, 0x7, 0xb4, 0x3, 0x0, 0x2, 0x3, 0x400, 0x200, 0x2, 0x2, 0x7, 0xa60], [0x6cd6, 0x2, 0x7, 0x3, 0x9, 0xc, 0xea, 0x80000001, 0xe2a2, 0x3, 0x0, 0x4, 0x42f, 0x5, 0x1, 0xb2c, 0x2, 0x8, 0x3, 0x80000001, 0x8, 0x7fffffff, 0x80000001, 0xfffffff6, 0x3, 0x7, 0x0, 0x6, 0x1, 0x0, 0x8, 0x9, 0x7fffffff, 0x3, 0x2, 0x8, 0x0, 0x6, 0x10000, 0x7fff, 0x5, 0x4, 0x5, 0x80, 0x1, 0x8, 0xa, 0xc000000, 0xffff, 0x6, 0x8, 0x175c, 0xb, 0x3, 0x8, 0xed01, 0x100, 0x3, 0x10000, 0x8, 0x7, 0x7ff, 0x5], [0x6, 0x2, 0x40, 0x4, 0x5, 0x80000001, 0x6, 0xfffffff6, 0x9, 0x2, 0x2, 0x200, 0xffffffff, 0xfffffff6, 0x8, 0x889f, 0x5, 0xfffffff8, 0x81, 0xff, 0x5, 0x0, 0x6, 0xfffffff9, 0xff, 0x7, 0xfffffffb, 0x1000, 0xf0, 0x8, 0x8, 0xfffffff3, 0x5, 0x6, 0x4, 0x3, 0xe7, 0xb121, 0xc, 0x80000000, 0x5, 0x1, 0x3, 0x2, 0x1ff, 0x7, 0x4, 0x4, 0x7ff, 0x7, 0x9, 0x21be, 0x4, 0x101, 0x9, 0x2, 0xfff, 0x7, 0x9, 0x9, 0x7, 0x5, 0x9, 0x8a]}, 0x45c)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
io_uring_setup(0x4f04, &(0x7f00000002c0)={0x0, 0x48c7, 0x400, 0x0, 0xffffffff})
r3 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0)
fcntl$F_GET_RW_HINT(r3, 0x40b, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000260608000104004e4507000003000000240600000ee60000bf050000000000000f630000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ff2d350100000000009500000000000000050000000000000095000000000000001f1bd182bd43cb58074e0816289328452c0880fe4b3af9c97925711095cc7d3ebcd8418ffdc4a1da470a14e4391c3fb6915cbff2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2b}, 0x94)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000003c0)={r1, &(0x7f0000000340)="b64424", &(0x7f0000000240)=@udp6=r4, 0x1}, 0x20)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, r6, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)

1m11.905798842s ago: executing program 3 (id=917):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000b80)=ANY=[@ANYBLOB], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r3=>r1, {0xf49c}}, './file0\x00'})
io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f00000001c0)={&(0x7f0000001000)={[{&(0x7f0000000240)="a484948d67c2f1e0609deed903002289d8e159adc542595010dec9e07f76ec38953a68c8d7eba51210a449b3f6354da95166e312693db42e9149db4378f9c19844b63f540e7b5de7d1374f196becac886564dbef9899d4a1b493a824e58a0432010b219345a98c817c", 0x69, 0x1}]}, 0x1, 0x1}, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x8}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000240)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x94)
capset(&(0x7f00000004c0)={0x20080522}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2, 0x0, 0x80000})
r6 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SG_IO(r6, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffc, 0x6, 0x1, @buffer={0x300, 0x0, 0x0}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x8356, 0x30, 0x3, 0x0})
socket$inet6(0xa, 0x2, 0x3a)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/fib_trie\x00')
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r8 = socket$kcm(0x15, 0x5, 0x0)
sendmsg$inet(r8, &(0x7f0000000080)={&(0x7f0000000000)={0xa, 0x0, @multicast2}, 0x10, 0x0}, 0x4000040)
read$FUSE(r7, &(0x7f0000006180)={0x2020}, 0x2020)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004082, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r9 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r9, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90d, 0xd, '\x00', @p_u8=&(0x7f0000000040)}})

1m10.803712794s ago: executing program 3 (id=918):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f0000000080000000", @ANYRES32=r2], 0x24}}, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000440)={r4, 0x0, 0x0, 0x0, 0x0, [<r5=>0x0]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, r6})
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002200)='/proc/vmallocinfo\x00', 0x0, 0x0)
lseek(r7, 0xe, 0x1)

1m10.697719428s ago: executing program 4 (id=919):
bind$inet(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x27d6, &(0x7f0000000740)={0x0, 0x1c28, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r5, 0x0, 0x0)
wait4(r5, 0x0, 0x20000000, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000017333000000000000000000000a28"], 0x7c}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0xd4}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x20)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r7 = creat(&(0x7f0000000440)='./file0\x00', 0x11e)
open_by_handle_at(r7, &(0x7f0000000480)=ANY=[@ANYBLOB="61000000fb00030000000000fb5e010fe8371f2efe0868327a31a705ec9785475c6438dc7cce5b26363da3bcb1b3569f0a0a97ccb0fa51ca05a3f95b74efbae2e13dc6ef2f680f5f6cbd26dad537c3f33a9ee015f17e57990f2d8e367b57fbb8b1b12366f5a8ad24"], 0x830200)

1m10.095887029s ago: executing program 2 (id=920):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x4e22, @private=0xa010101}, 0x10, 0x0, 0x0, 0x0, 0x20}, 0x4000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000010000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1b, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000004}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x1e8629867d7bdaee, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')
preadv(r5, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0)

1m9.166741258s ago: executing program 2 (id=921):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @broadcast}, @in6={0xa, 0x4e24, 0x2, @private0, 0x7}], 0x2c)
sendmsg$inet_sctp(r0, &(0x7f0000000140)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f00000002c0)=[{0x0}], 0x1, 0x0, 0x0, 0xc04c000}, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000540)={'pcm3724\x00', [0x109, 0x80008000, 0x86c, 0xc, 0x80000000, 0x0, 0x1, 0xf, 0x1000, 0x1, 0x1, 0x5, 0x4, 0x746, 0x100, 0x6, 0xffffffa7, 0x2000001, 0x0, 0x65c, 0x3ff, 0x10004, 0x800, 0xe2e0, 0x9, 0x6, 0x4, 0x3, 0x7, 0x5, 0x5, 0x1]})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44045}, 0x10)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
r2 = dup(0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, r2)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0xf59}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
r4 = io_uring_setup(0x1abf, &(0x7f0000000000)={0x0, 0xa4ec, 0x400, 0x1, 0x102a8})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r4, 0x13, &(0x7f0000000080)=[0xfff, 0x6], 0x2)
r5 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r5, 0x0, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, {0x0, 0xf}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_IP_TTL={0x5, 0x52, 0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x90}, 0x20084084)

1m9.155539264s ago: executing program 0 (id=922):
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, r0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0xffffd000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x7, &(0x7f0000000140)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, 0x0)
gettid()
r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
r5 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCSARP(r4, 0x8955, &(0x7f0000002340)={{0x2, 0x0, @rand_addr=0x64010101}, {}, 0x0, {0x2, 0x0, @empty}, 'lo\x00'})
ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f00000002c0)={{0x2, 0x0, @broadcast}, {0x0, @dev}, 0x8, {0x2, 0x0, @empty}, 'lo\x00'})
r6 = socket$netlink(0x10, 0x3, 0x0)
writev(r6, &(0x7f00000003c0), 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101040, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x7)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000bd1000/0x18000)=nil, &(0x7f0000000500)=[@text64={0x40, &(0x7f00000000c0)="2ef2dd050080000048b844410000000000000f23d00f21f8460f01c80f23f836362e6726af440f20c0350e000000440f22c0b805000000b9009800000f01d90f01c965470f01c4410f79d226450f01cb660f013b", 0x54}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CAP_DISABLE_QUIRKS(r8, 0x4068aea3, &(0x7f0000000240)={0x74, 0x0, 0x79})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
read$FUSE(r3, &(0x7f0000000280)={0x2020}, 0x2020)

1m7.779910194s ago: executing program 4 (id=923):
openat$vimc2(0xffffff9c, 0x0, 0x2, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001cc0)=ANY=[@ANYBLOB="2c0200001700010000000000000000007f0000010000000000000000000000000000000000000000fe8000000000000000000000000000bbac1414bb000000000000000000000000fc00000000000000000000000000000000000000000000000000006400000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000ffffffff00000000000000000000000000000000000000000a00800000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="000000000000000000000000000000000000000000001d000000000000000000000000f90000000000000000000000000000000000000000000000000000000000e200000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000f9ff0000000000000000000004010500ffffffff000000000000000000000000000004d53c0000000a00000000000000000000000000000000000001053500000200ac00030000000100000009000000e0000001000000000000000000000000e1ff03d43c0000000a00000000000000000000000000ffffe00000020435000002020600000000000100000000000000fe80000000000000000000000000003c000004d56c0000000a000000ac1414bb000000000000000000000000053500997ffb000301f90009000000030000000002000020010000000000000000000000000001000004d4320000000a000000ac1414190000000000000000000000000635000900020200090000000101000008"], 0x22c}}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="a00000001a00010000000000000000001c140000000000000000000084001300"], 0xa0}}, 0x0)
r2 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r2, 0xc0845657, &(0x7f0000000100)={0x0, @bt={0xf, 0x3f, 0x1, 0x3, 0x6, 0x2, 0x7, 0x0, 0x2, 0x663, 0x3, 0xe5, 0xb, 0x100000, 0x3, 0x9, {0x1d6, 0x5}, 0x4, 0xbf}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$VIDIOC_LOG_STATUS(r2, 0x5646, 0x0)

1m7.74316438s ago: executing program 2 (id=924):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r0, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x1}}, 0x40)
r3 = syz_create_resource$binfmt(0x0)
r4 = openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff)
close(r4)
execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0)

1m7.677838971s ago: executing program 0 (id=925):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @broadcast}, @in6={0xa, 0x4e24, 0x2, @private0, 0x7}], 0x2c)
sendmsg$inet_sctp(r0, &(0x7f0000000140)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000000)='N', 0x1}], 0x1, 0x0, 0x0, 0xc04c000}, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, 0x0, 0x8080, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000540)={'pcm3724\x00', [0x109, 0x80008000, 0x86c, 0xc, 0x80000000, 0x0, 0x1, 0xf, 0x1000, 0x1, 0x1, 0x5, 0x4, 0x746, 0x100, 0x6, 0xffffffa7, 0x2000001, 0x0, 0x65c, 0x3ff, 0x10004, 0x800, 0xe2e0, 0x9, 0x6, 0x4, 0x3, 0x7, 0x5, 0x5, 0x1]})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44045}, 0x10)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
r2 = dup(0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, r2)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0xf59}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
r4 = io_uring_setup(0x1abf, &(0x7f0000000000)={0x0, 0xa4ec, 0x400, 0x1, 0x102a8})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r4, 0x13, &(0x7f0000000080)=[0xfff, 0x6], 0x2)
r5 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r5, 0x0, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, {0x0, 0xf}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_IP_TTL={0x5, 0x52, 0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x90}, 0x20084084)

1m6.763971512s ago: executing program 4 (id=926):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000340), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000140)={0x16, 0x1, 0x0, "18e889d15b38429faa8ff62438eaed752e68f3a6d09382b392b049e33958b16c"})
socket$kcm(0x21, 0x2, 0x2)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="021800000b0000000000000000000000030005000000000002000000e0000001000000000000000003001200000000000200000000000000000000000000000003000600000000"], 0x58}}, 0x24000894)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000340)='./file0/file0\x00', &(0x7f00000008c0), 0x51000, &(0x7f0000000b00)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x1c00}}], [{@obj_user={'obj_user', 0x3d, '{\x87&\\,[}\''}}, {@smackfshat={'smackfshat', 0x3d, 'raw\x00'}}]}})
r4 = getuid()
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0)={0x0, 0x0, <r5=>0x0}, &(0x7f0000000600)=0xc)
sendmsg$unix(r3, &(0x7f00000006c0)={&(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000400)="b4261e82c2322a672fd98fe998a4e3d99111d71adccee1f79e84394e8e792ec3ec9789a27acc0bcb132798308dd73e6a31656ebeabaa06dfe6aa56f8406c415864ba0eac528c4682c3de0cc61d98f2d183268a72980b889e07", 0x59}, {&(0x7f0000000480)="9e0a426d99857947d6cfb5cc7dd0215a95b8cf46d2b688e0d07043d77704c78f8594bc6ed61f234d9207a02a6cc682279fc15953ee6e1d2eed74ce83dc6ba5ed4b5d87cad3d52a2a3e5ded0eee81a4682555226065fd254da9ae98397766ebb9ff533c901e27f09bd4c03713c5", 0x6d}, {&(0x7f0000000500)="a1fdc7d2a35c2988ecd88e2a84c500852b5862b7f16650ab88927b675d7eec19a018362ffdedf80e866c0d397350627b5d47814110c92e5e83df0f4ffc2be8e48cad4814a578bbf67b5cd6ef100ac3e9dac156034d62", 0x56}], 0x3, &(0x7f0000000640)=[@cred={{0x18, 0x1, 0x2, {r1}}}, @cred={{0x18, 0x1, 0x2, {r1}}}, @cred={{0x18, 0x1, 0x2, {r1, r4, r5}}}, @rights={{0x10, 0x1, 0x1, [r0]}}], 0x58, 0x4008011}, 0x10000000)
kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x7ffdd000, 0x8000}], 0x320000)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
syz_open_dev$radio(&(0x7f0000000100), 0x2, 0x2)
epoll_create(0x5)

1m6.754622654s ago: executing program 3 (id=927):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xfeb5)
sched_setscheduler(0x0, 0x1, 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x3)
r1 = getpid()
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/tty/drivers\x00', 0x0, 0x0)
lseek(r2, 0x1002080000001, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x4)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]})
r6 = memfd_create(&(0x7f00000005c0)='-B\xd5NI\xc5j\x9a\b\x00\x00\x00\b\x84\xa2{\x00\v\x18\x004\x03\x96\x00\x00\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xc83\x12\xd7\xdb\x93\xcc]x\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x81\x01\xe5\x98\r\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa9\xf0I{\xf0:\xd7\x802\xf3\r|\x86\x82\xf1\xb2\x06\xb0\x06\xbe\xb1\x0f\xa2\xa6\xedA\xb7\x0f\xda\x9d<\xd6l\xbcF\xcb\xec\x83#?\xf4\x81\x16+\x14\xd0\xb8\x88`W\xa9\xef\'\xe1\xd9[\xac^', 0x1)
r7 = dup(r6)
r8 = socket(0x3, 0xa, 0x0)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r9=>0x0}, &(0x7f0000cab000)=0xc)
setfsuid(r9)
utimensat(r7, 0x0, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
r10 = socket$inet(0x2, 0x6, 0x5)
socket$inet6(0xa, 0x3, 0x5)
socket$nl_xfrm(0x10, 0x3, 0x6)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRESHEX=r4, @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000040de2235ce4cbd00"/34, @ANYRESHEX=r10, @ANYRES32=r0], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, r11, 0x4}, 0x38)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)

1m6.753338839s ago: executing program 1 (id=928):
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x11, 0xffffffffffffffff, 0xffffd000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7fff, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x7, 0x14f142)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, 0x0)
gettid()
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f00000002c0)={{0x2, 0x0, @broadcast}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x31}}, 0x0, {0x2, 0x4e20, @loopback}, 'pimreg0\x00'})
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff08000400", 0x32}], 0x1)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101040, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x7)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000bd1000/0x18000)=nil, &(0x7f0000000500)=[@text64={0x40, &(0x7f00000000c0)="2ef2dd050080000048b844410000000000000f23d00f21f8460f01c80f23f836362e6726af440f20c0350e000000440f22c0b805000000b9009800000f01d90f01c965470f01c4410f79d226450f01cb660f013b", 0x54}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CAP_DISABLE_QUIRKS(r6, 0x4068aea3, &(0x7f0000000240)={0x74, 0x0, 0x79})
read$FUSE(r2, &(0x7f0000000880)={0x2020, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_STATFS(r2, &(0x7f0000000440)={0x60, 0xfffffffffffffffe, r8, {{0x9, 0x800, 0x1, 0xb, 0x7a, 0x3, 0x5, 0x9}}}, 0x60)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
read$FUSE(r2, 0x0, 0x0)

1m6.241079575s ago: executing program 2 (id=929):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000200000000002c00000000008500000023010000000000000020702500000000002020b0edb9e06517a1fe28e6207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000000600"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0xe, 0x5b, &(0x7f0000000340)="c1dfb080cd21d308098e00000000", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r1 = getpgrp(0x0)
r2 = syz_pidfd_open(r1, 0x0)
process_madvise(r2, &(0x7f0000000200)=[{&(0x7f0000000000)="5c45903f", 0x4}, {&(0x7f0000000100)="9b08", 0x2}], 0x2, 0xa, 0x0)
keyctl$join(0x1, &(0x7f0000000080)={'syz', 0x0})

1m5.827759221s ago: executing program 2 (id=930):
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x44}, @hci_rp_read_local_commands={{0x2d}, {0x6, "8f23e93dbf411511a1d7b45070ff1def0737a9ab0f480b1b371bbe5806bd4d543c193412e9d770a6b18c79ff0253b4b40e390a967b85c8c3586c23c6b762e2dc"}}}}, 0x47)
mmap$KVM_VCPU(&(0x7f0000b8b000/0x3000)=nil, 0x930, 0x300000b, 0x12, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
r0 = openat$sequencer(0xffffff9c, 0x0, 0x88302, 0x0)
openat$audio(0xffffffffffffff9c, 0x0, 0x20301, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r0, 0x4004510d, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
mkdir(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r6 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
write$sndseq(r6, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x7}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0x2}, {}, {}, @connect={{0x6, 0x1}, {0x6, 0xf}}}, {0x13, 0x0, 0x0, 0x0, @time={0x4, 0x7}, {}, {0x0, 0x80}, @raw8={"f81c703db135dc80a185eb39"}}, {0x0, 0x0, 0x0, 0x0, @time={0x6}, {}, {0x0, 0xfd}, @time}], 0x70)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0xb4, 0x11, 0x148, 0x0, 0x10, 0x18c, 0x2a8, 0x2a8, 0x18c, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xffffff00, 0x0, 'virt_wifi0\x00', 'erspan0\x00', {}, {0xff}, 0x6, 0x1}, 0x10, 0x94, 0xb4, 0x1c, {}, [@inet=@rpfilter={{0x24}}]}, @unspec=@TRACE={0x20}}, {{@ip={@multicast1, @rand_addr=0x64010102, 0x0, 0xffffffff, 'syzkaller0\x00', 'veth1_to_batadv\x00', {0xff}, {}, 0x0, 0x0, 0x40}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0xc, 0x2ab, 0x4, 0x9, '\x00', 'syz1\x00', {0xfffffffc}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x27c)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001afcff00bca300000000000024030000c0feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000200000000002604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3b"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0), 0x10}, 0x94)
socket$inet(0x2, 0x2, 0x0)

1m5.822873122s ago: executing program 0 (id=931):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x4e22, @private=0xa010101}, 0x10, 0x0, 0x0, 0x0, 0x20}, 0x4000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000010000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1b, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000004}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x1e8629867d7bdaee, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')
preadv(r5, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0)

1m5.697302681s ago: executing program 3 (id=932):
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f0000000600)={{0x0, 0x9, 0xffff, 0x5, 0x3, 0x4, 0x65, 0xfffffff2, 0x401, 0x5, 0x7, 0x30000000000, 0x3, 0x4, 0x4ba29274}, 0x40, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)}, 0x40000)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_emit_vhci(0x0, 0x6)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="bf16000000000000b70700000100e0ff5070000028000000770000000000000095000200000000007ae9413df8ff0af5aa35339f4b382c4cad9db6fa7a9b857b72abaca100af1ba23d699b89e890c10500000000000000000000000000ac0e064c27bdfbd301150500000000000000bfdc995279d64072aacbb0595b95060000009ad3bf16a461e48e955a772d4062093f4cb1c3d9532abad2085401f098eb039ae4f4103699b9e079227e98cc07c09c1a72cb6d47cef1595e84d21951010f0274b1445a2ad6a7ad73827cccc21842599e0ae7b91f0b878b9267aa0b28d69a74ffdea613e892f0f9ff94e690b6ad68e4cb6dd65fd7bf3124702c6b1c2aea53ee0cb83ff1807459c7cba77cedca0bff6d8370c33e2bd9cebd29c152ff9dc8c2772fe552fecfcd1778b0838100000031d521207e5223d86508416780983c2f380bc01cefe9773a9a5cd5b24aa24a561e72393c0ce2bf44825b05c138779fe74f884c2472ab45c2af60289cb199963312dd1929096c6f49d116f1612a7b97f77169fa5e8a66a372ef8e3ee7167f7d2a26fc6c3cfa4dc5860277223d6eb3460e3b10a0dc9495635a9fca19d7beb5e700498b43bdadc916c01264d22d7969530633f94b257fbc5da7a96820e31444c0b0f62619c9e351996185e4015510875b774666ba5c0ba9845ad25b578d"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x15}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102387, 0xfffffff1)
getpid()
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42000)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c0000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="ad840400000000002c00128009080100626f6e64000000001c00028008001c000900000008000300050000000500060000000000"], 0x4c}}, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, 0x0, 0x0)
accept4(r4, 0x0, 0x0, 0x0)
socket(0x10, 0x80003, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000008c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b53c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
readv(r6, &(0x7f0000002400)=[{&(0x7f0000000140)=""/225, 0xe1}], 0x1)
ioctl$VHOST_SET_VRING_NUM(r6, 0x4008af10, &(0x7f0000000180)={0x2, 0x4})
r7 = socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
setsockopt$sock_attach_bpf(r7, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4)

1m5.579862434s ago: executing program 1 (id=933):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000340)={0xa, 0x101}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$inet6_int(r3, 0x29, 0x42, 0x0, &(0x7f0000000040))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000240)=<r4=>0x0)
fcntl$setown(r2, 0x8, r4)
read$msr(r2, &(0x7f000001b000)=""/102400, 0x19000)
gettid()
ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000140)={0x4000000, 0x4000002, 0x2})
close(0xffffffffffffffff)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000280)=ANY=[@ANYRES32=r4, @ANYRES32=0x0, @ANYRESHEX=r4, @ANYRESDEC=r3, @ANYRESOCT, @ANYRESHEX=r3], 0x254}, 0x1, 0x0, 0x0, 0x20004804}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, &(0x7f0000000080))
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'})
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='ntfs3\x00', 0x2208004, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wg2\x00'})
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@rose={'rose', 0x0}, 0x10)
ioctl$sock_netdev_private(r7, 0x8914, &(0x7f0000000000))
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)

1m4.05974048s ago: executing program 0 (id=934):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r1 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
timerfd_create(0x9, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x10)
syz_open_procfs(0xffffffffffffffff, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000240)=0x10000)
tkill(r1, 0xb)
socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_HANDLE(0xffffffffffffffff, 0x113, 0x3, 0x0, &(0x7f00000000c0))
r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
r4 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r4, &(0x7f0000000040), 0x10)
listen(r4, 0x0)
r5 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r5, &(0x7f0000000080), 0x10)
r6 = accept4$unix(r4, 0x0, 0x0, 0x0)
recvfrom$unix(r6, &(0x7f00000005c0)=""/279, 0x117, 0x40000022, 0x0, 0x0)
syz_io_uring_setup(0x3783, &(0x7f00000000c0)={0x0, 0xe001, 0x1000, 0x2, 0x2c4, 0x0, r3}, &(0x7f0000000040), &(0x7f0000000140))
io_uring_setup(0x194e, &(0x7f0000000a80)={0x0, 0xd3d9, 0x80, 0x3, 0x2b0})

6.426052123s ago: executing program 32 (id=926):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000340), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000140)={0x16, 0x1, 0x0, "18e889d15b38429faa8ff62438eaed752e68f3a6d09382b392b049e33958b16c"})
socket$kcm(0x21, 0x2, 0x2)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="021800000b0000000000000000000000030005000000000002000000e0000001000000000000000003001200000000000200000000000000000000000000000003000600000000"], 0x58}}, 0x24000894)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000340)='./file0/file0\x00', &(0x7f00000008c0), 0x51000, &(0x7f0000000b00)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x1c00}}], [{@obj_user={'obj_user', 0x3d, '{\x87&\\,[}\''}}, {@smackfshat={'smackfshat', 0x3d, 'raw\x00'}}]}})
r4 = getuid()
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0)={0x0, 0x0, <r5=>0x0}, &(0x7f0000000600)=0xc)
sendmsg$unix(r3, &(0x7f00000006c0)={&(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000400)="b4261e82c2322a672fd98fe998a4e3d99111d71adccee1f79e84394e8e792ec3ec9789a27acc0bcb132798308dd73e6a31656ebeabaa06dfe6aa56f8406c415864ba0eac528c4682c3de0cc61d98f2d183268a72980b889e07", 0x59}, {&(0x7f0000000480)="9e0a426d99857947d6cfb5cc7dd0215a95b8cf46d2b688e0d07043d77704c78f8594bc6ed61f234d9207a02a6cc682279fc15953ee6e1d2eed74ce83dc6ba5ed4b5d87cad3d52a2a3e5ded0eee81a4682555226065fd254da9ae98397766ebb9ff533c901e27f09bd4c03713c5", 0x6d}, {&(0x7f0000000500)="a1fdc7d2a35c2988ecd88e2a84c500852b5862b7f16650ab88927b675d7eec19a018362ffdedf80e866c0d397350627b5d47814110c92e5e83df0f4ffc2be8e48cad4814a578bbf67b5cd6ef100ac3e9dac156034d62", 0x56}], 0x3, &(0x7f0000000640)=[@cred={{0x18, 0x1, 0x2, {r1}}}, @cred={{0x18, 0x1, 0x2, {r1}}}, @cred={{0x18, 0x1, 0x2, {r1, r4, r5}}}, @rights={{0x10, 0x1, 0x1, [r0]}}], 0x58, 0x4008011}, 0x10000000)
kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x7ffdd000, 0x8000}], 0x320000)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
syz_open_dev$radio(&(0x7f0000000100), 0x2, 0x2)
epoll_create(0x5)

708.131661ms ago: executing program 33 (id=934):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r1 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
timerfd_create(0x9, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x10)
syz_open_procfs(0xffffffffffffffff, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000240)=0x10000)
tkill(r1, 0xb)
socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_HANDLE(0xffffffffffffffff, 0x113, 0x3, 0x0, &(0x7f00000000c0))
r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
r4 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r4, &(0x7f0000000040), 0x10)
listen(r4, 0x0)
r5 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r5, &(0x7f0000000080), 0x10)
r6 = accept4$unix(r4, 0x0, 0x0, 0x0)
recvfrom$unix(r6, &(0x7f00000005c0)=""/279, 0x117, 0x40000022, 0x0, 0x0)
syz_io_uring_setup(0x3783, &(0x7f00000000c0)={0x0, 0xe001, 0x1000, 0x2, 0x2c4, 0x0, r3}, &(0x7f0000000040), &(0x7f0000000140))
io_uring_setup(0x194e, &(0x7f0000000a80)={0x0, 0xd3d9, 0x80, 0x3, 0x2b0})

580.349907ms ago: executing program 34 (id=933):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000340)={0xa, 0x101}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$inet6_int(r3, 0x29, 0x42, 0x0, &(0x7f0000000040))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000240)=<r4=>0x0)
fcntl$setown(r2, 0x8, r4)
read$msr(r2, &(0x7f000001b000)=""/102400, 0x19000)
gettid()
ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000140)={0x4000000, 0x4000002, 0x2})
close(0xffffffffffffffff)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000280)=ANY=[@ANYRES32=r4, @ANYRES32=0x0, @ANYRESHEX=r4, @ANYRESDEC=r3, @ANYRESOCT, @ANYRESHEX=r3], 0x254}, 0x1, 0x0, 0x0, 0x20004804}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, &(0x7f0000000080))
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'})
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='ntfs3\x00', 0x2208004, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wg2\x00'})
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@rose={'rose', 0x0}, 0x10)
ioctl$sock_netdev_private(r7, 0x8914, &(0x7f0000000000))
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)

322.811282ms ago: executing program 35 (id=930):
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x44}, @hci_rp_read_local_commands={{0x2d}, {0x6, "8f23e93dbf411511a1d7b45070ff1def0737a9ab0f480b1b371bbe5806bd4d543c193412e9d770a6b18c79ff0253b4b40e390a967b85c8c3586c23c6b762e2dc"}}}}, 0x47)
mmap$KVM_VCPU(&(0x7f0000b8b000/0x3000)=nil, 0x930, 0x300000b, 0x12, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
r0 = openat$sequencer(0xffffff9c, 0x0, 0x88302, 0x0)
openat$audio(0xffffffffffffff9c, 0x0, 0x20301, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r0, 0x4004510d, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
mkdir(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r6 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
write$sndseq(r6, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x7}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0x2}, {}, {}, @connect={{0x6, 0x1}, {0x6, 0xf}}}, {0x13, 0x0, 0x0, 0x0, @time={0x4, 0x7}, {}, {0x0, 0x80}, @raw8={"f81c703db135dc80a185eb39"}}, {0x0, 0x0, 0x0, 0x0, @time={0x6}, {}, {0x0, 0xfd}, @time}], 0x70)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0xb4, 0x11, 0x148, 0x0, 0x10, 0x18c, 0x2a8, 0x2a8, 0x18c, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xffffff00, 0x0, 'virt_wifi0\x00', 'erspan0\x00', {}, {0xff}, 0x6, 0x1}, 0x10, 0x94, 0xb4, 0x1c, {}, [@inet=@rpfilter={{0x24}}]}, @unspec=@TRACE={0x20}}, {{@ip={@multicast1, @rand_addr=0x64010102, 0x0, 0xffffffff, 'syzkaller0\x00', 'veth1_to_batadv\x00', {0xff}, {}, 0x0, 0x0, 0x40}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0xc, 0x2ab, 0x4, 0x9, '\x00', 'syz1\x00', {0xfffffffc}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x27c)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001afcff00bca300000000000024030000c0feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000200000000002604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3b"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0), 0x10}, 0x94)
socket$inet(0x2, 0x2, 0x0)

0s ago: executing program 36 (id=932):
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f0000000600)={{0x0, 0x9, 0xffff, 0x5, 0x3, 0x4, 0x65, 0xfffffff2, 0x401, 0x5, 0x7, 0x30000000000, 0x3, 0x4, 0x4ba29274}, 0x40, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)}, 0x40000)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_emit_vhci(0x0, 0x6)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="bf16000000000000b70700000100e0ff5070000028000000770000000000000095000200000000007ae9413df8ff0af5aa35339f4b382c4cad9db6fa7a9b857b72abaca100af1ba23d699b89e890c10500000000000000000000000000ac0e064c27bdfbd301150500000000000000bfdc995279d64072aacbb0595b95060000009ad3bf16a461e48e955a772d4062093f4cb1c3d9532abad2085401f098eb039ae4f4103699b9e079227e98cc07c09c1a72cb6d47cef1595e84d21951010f0274b1445a2ad6a7ad73827cccc21842599e0ae7b91f0b878b9267aa0b28d69a74ffdea613e892f0f9ff94e690b6ad68e4cb6dd65fd7bf3124702c6b1c2aea53ee0cb83ff1807459c7cba77cedca0bff6d8370c33e2bd9cebd29c152ff9dc8c2772fe552fecfcd1778b0838100000031d521207e5223d86508416780983c2f380bc01cefe9773a9a5cd5b24aa24a561e72393c0ce2bf44825b05c138779fe74f884c2472ab45c2af60289cb199963312dd1929096c6f49d116f1612a7b97f77169fa5e8a66a372ef8e3ee7167f7d2a26fc6c3cfa4dc5860277223d6eb3460e3b10a0dc9495635a9fca19d7beb5e700498b43bdadc916c01264d22d7969530633f94b257fbc5da7a96820e31444c0b0f62619c9e351996185e4015510875b774666ba5c0ba9845ad25b578d"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x15}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102387, 0xfffffff1)
getpid()
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42000)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c0000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="ad840400000000002c00128009080100626f6e64000000001c00028008001c000900000008000300050000000500060000000000"], 0x4c}}, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, 0x0, 0x0)
accept4(r4, 0x0, 0x0, 0x0)
socket(0x10, 0x80003, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000008c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b53c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
readv(r6, &(0x7f0000002400)=[{&(0x7f0000000140)=""/225, 0xe1}], 0x1)
ioctl$VHOST_SET_VRING_NUM(r6, 0x4008af10, &(0x7f0000000180)={0x2, 0x4})
r7 = socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
setsockopt$sock_attach_bpf(r7, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4)

kernel console output (not intermixed with test programs):

onnect, device number 3
[  240.151321][ T7043] fuse: Invalid rootmode
[  241.522141][   T30] audit: type=1800 audit(1755793007.339:17): pid=7043 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.249" name="/" dev="9p" ino=2 res=0 errno=0
[  246.592277][ T7091] s
z1: rxe_newlink: already configured on lo
[  247.463131][   T10] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  248.468405][   T10] usb 5-1: config 0 has an invalid interface number: 207 but max is 0
[  248.627465][   T10] usb 5-1: config 0 has no interface number 0
[  248.655973][   T10] usb 5-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  248.714190][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.762714][   T10] usb 5-1: Product: syz
[  248.766943][   T10] usb 5-1: Manufacturer: syz
[  248.771669][   T10] usb 5-1: SerialNumber: syz
[  249.559170][   T10] usb 5-1: config 0 descriptor??
[  249.570153][   T10] usb 5-1: can't set config #0, error -71
[  249.678667][   T10] usb 5-1: USB disconnect, device number 6
[  255.776551][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  255.788152][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  256.082308][ T7150] program syz.1.275 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  256.932514][   T10] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  257.137461][   T10] usb 4-1: config 0 has an invalid interface number: 207 but max is 0
[  257.172797][   T10] usb 4-1: config 0 has no interface number 0
[  257.185960][   T10] usb 4-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  257.212542][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.231860][   T10] usb 4-1: Product: syz
[  257.237120][   T10] usb 4-1: Manufacturer: syz
[  257.246485][   T10] usb 4-1: SerialNumber: syz
[  257.284429][   T10] usb 4-1: config 0 descriptor??
[  257.300826][   T10] qmi_wwan 4-1:0.207: bogus CDC Union: master=0, slave=1
[  257.542460][ T7153] overlayfs: missing 'lowerdir'
[  259.477113][   T10] qmi_wwan 4-1:0.207: probe with driver qmi_wwan failed with error -22
[  259.578556][   T10] usb 4-1: USB disconnect, device number 4
[  260.859591][ T5854] Bluetooth: hci3: unexpected event for opcode 0x0a33
[  262.541125][   T24] libceph: connect (1)[c::]:6789 error -101
[  262.551016][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  262.619992][ T7184] ceph: No mds server is up or the cluster is laggy
[  262.627531][ T7190] fuse: Bad value for 'user_id'
[  262.659080][ T7190] fuse: Bad value for 'user_id'
[  263.935939][ T7201] vivid-001: kernel_thread() failed
[  264.893095][ T5854] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  264.901618][ T5854] Bluetooth: hci3: Injecting HCI hardware error event
[  264.911311][ T5854] Bluetooth: hci3: hardware error 0x00
[  267.953027][ T5853] Bluetooth: hci0: unexpected event for opcode 0x1002
[  269.444525][ T7227] tipc: Started in network mode
[  269.449531][ T7227] tipc: Node identity 8ef3efbc9082, cluster identity 4711
[  269.458104][ T7227] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  269.485030][ T7227] syzkaller0: entered promiscuous mode
[  269.490727][ T7227] syzkaller0: entered allmulticast mode
[  269.637359][ T7227] tipc: Resetting bearer <eth:syzkaller0>
[  269.713165][ T7226] tipc: Resetting bearer <eth:syzkaller0>
[  269.767522][ T7235] 9pnet_fd: Insufficient options for proto=fd
[  269.839626][ T7236] fuse: Bad value for 'fd'
[  269.921461][ T7226] tipc: Disabling bearer <eth:syzkaller0>
[  270.049734][ T5854] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  276.470475][   T10] libceph: connect (1)[c::]:6789 error -101
[  276.484365][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  276.873074][   T10] libceph: connect (1)[c::]:6789 error -101
[  276.879574][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  279.025574][   T10] libceph: connect (1)[c::]:6789 error -101
[  279.031611][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  279.530998][ T7290] ceph: No mds server is up or the cluster is laggy
[  280.140511][   T10] libceph: connect (1)[c::]:6789 error -101
[  280.146715][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  280.174629][ T2149] libceph: connect (1)[c::]:6789 error -101
[  280.182665][ T2149] libceph: mon0 (1)[c::]:6789 connect error
[  281.634740][ T7334] comedi comedi0: comedi_config --init_data is deprecated
[  283.761442][ T7352] IPv6: sit1: Disabled Multicast RS
[  283.774674][ T7352] sit1: entered allmulticast mode
[  286.942360][ T7374] program syz.3.328 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.395176][ T7379] fuse: Bad value for 'fd'
[  287.490860][   T30] audit: type=1800 audit(1755793053.309:18): pid=7379 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.333" name="/" dev="9p" ino=2 res=0 errno=0
[  288.698969][ T7387] comedi comedi0: comedi_config --init_data is deprecated
[  290.139974][ T7395] fuse: Unknown parameter 'user_id00000000000000000000'
[  291.299142][   T30] audit: type=1800 audit(1755793057.109:19): pid=7395 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.338" name="/" dev="9p" ino=2 res=0 errno=0
[  292.599558][ T7418] comedi comedi0: comedi_config --init_data is deprecated
[  294.906784][ T7430] program syz.0.347 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  302.527250][ T7478] fuse: Bad value for 'fd'
[  302.556152][   T30] audit: type=1800 audit(1755793068.369:20): pid=7478 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.360" name="/" dev="9p" ino=2 res=0 errno=0
[  317.447700][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  317.454273][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  320.334655][ T7595] comedi comedi0: comedi_config --init_data is deprecated
[  329.170657][ T7661] program syz.3.402 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  331.961985][ T5853] Bluetooth: hci2: unexpected event for opcode 0x0a33
[  334.219074][ T7694] comedi comedi0: comedi_config --init_data is deprecated
[  336.039596][ T5854] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  336.048442][ T5854] Bluetooth: hci2: Injecting HCI hardware error event
[  336.057184][ T5854] Bluetooth: hci2: hardware error 0x00
[  336.118117][ T5920] libceph: connect (1)[c::]:6789 error -101
[  336.124365][ T5920] libceph: mon0 (1)[c::]:6789 connect error
[  336.149570][ T5920] libceph: connect (1)[c::]:6789 error -101
[  336.160592][ T5920] libceph: mon0 (1)[c::]:6789 connect error
[  336.480582][ T7716] ceph: No mds server is up or the cluster is laggy
[  336.565747][ T5920] libceph: connect (1)[c::]:6789 error -101
[  336.577386][ T5920] libceph: mon0 (1)[c::]:6789 connect error
[  336.584198][   T24] libceph: connect (1)[c::]:6789 error -101
[  336.595419][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  336.601575][ T7710] ceph: No mds server is up or the cluster is laggy
[  338.092612][ T5854] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  341.639284][ T7763] tipc: Started in network mode
[  341.646278][ T7763] tipc: Node identity 3a79099de5e9, cluster identity 4711
[  341.655109][ T7763] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  341.684516][ T7763] syzkaller0: entered promiscuous mode
[  341.721683][ T7763] syzkaller0: entered allmulticast mode
[  341.861402][ T7763] tipc: Resetting bearer <eth:syzkaller0>
[  341.877770][ T7762] tipc: Resetting bearer <eth:syzkaller0>
[  341.920621][ T7762] tipc: Disabling bearer <eth:syzkaller0>
[  341.930014][ T5854] Bluetooth: hci4: unexpected event for opcode 0x1002
[  344.142395][ T2149] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  344.145519][ T7788] comedi comedi0: comedi_config --init_data is deprecated
[  344.377721][ T2149] usb 2-1: config 0 has an invalid interface number: 207 but max is 0
[  344.543587][ T2149] usb 2-1: config 0 has no interface number 0
[  344.620005][ T2149] usb 2-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  344.629644][ T2149] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.638240][ T2149] usb 2-1: Product: syz
[  344.642950][ T2149] usb 2-1: Manufacturer: syz
[  344.647724][ T2149] usb 2-1: SerialNumber: syz
[  344.897368][ T2149] usb 2-1: config 0 descriptor??
[  344.977354][ T2149] qmi_wwan 2-1:0.207: bogus CDC Union: master=0, slave=1
[  346.195801][ T2149] qmi_wwan 2-1:0.207: probe with driver qmi_wwan failed with error -22
[  346.368414][ T2149] usb 2-1: USB disconnect, device number 3
[  346.929351][ T7795] program syz.3.442 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  347.745583][ T7802] fuse: Bad value for 'fd'
[  348.746057][ T7816] vim2m vim2m.0: vidioc_s_fmt queue busy
[  348.777915][ T7820] netlink: 4 bytes leftover after parsing attributes in process `syz.1.450'.
[  348.805110][ T7820] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  348.853073][ T7820] batman_adv: batadv0: Removing interface: batadv_slave_1
[  349.293866][ T7818] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  349.304333][ T7818] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  349.316860][ T7818] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  349.402623][ T7818] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  349.462813][ T7818] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  349.535292][ T7832] program syz.2.452 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  351.044800][ T5854] Bluetooth: hci0: command 0x0406 tx timeout
[  351.395162][ T5854] Bluetooth: hci4: command 0x0405 tx timeout
[  351.600477][ T7847] comedi comedi0: comedi_config --init_data is deprecated
[  351.672212][ T5899] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  352.618597][ T5899] usb 1-1: config 0 has an invalid interface number: 207 but max is 0
[  353.234421][ T5854] Bluetooth: hci0: command 0x0406 tx timeout
[  353.268686][ T5899] usb 1-1: config 0 has no interface number 0
[  353.293314][ T5899] usb 1-1: string descriptor 0 read error: -71
[  353.301440][ T5899] usb 1-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  353.313131][ T5899] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  353.336143][ T5899] usb 1-1: config 0 descriptor??
[  353.353415][ T5899] usb 1-1: can't set config #0, error -71
[  353.362342][ T5899] usb 1-1: USB disconnect, device number 3
[  353.453592][ T5854] Bluetooth: hci4: command 0x0405 tx timeout
[  354.145606][ T7872] Cannot find set identified by id 0 to match
[  354.458180][ T7877] rdma_rxe: rxe_newlink: failed to add lo
[  355.532882][ T5854] Bluetooth: hci4: command 0x0405 tx timeout
[  355.797541][ T7888] rdma_rxe: rxe_newlink: failed to add lo
[  358.407811][ T7909] comedi comedi0: comedi_config --init_data is deprecated
[  358.434435][ T2149] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  359.514913][ T2149] usb 4-1: config 0 has an invalid interface number: 207 but max is 0
[  359.523657][ T2149] usb 4-1: config 0 has no interface number 0
[  359.619955][ T2149] usb 4-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  359.629983][ T2149] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.639301][ T2149] usb 4-1: Product: syz
[  359.643970][ T2149] usb 4-1: Manufacturer: syz
[  359.650334][ T2149] usb 4-1: SerialNumber: syz
[  359.838134][ T2149] usb 4-1: config 0 descriptor??
[  360.046343][ T2149] qmi_wwan 4-1:0.207: bogus CDC Union: master=0, slave=1
[  361.553023][ T2149] qmi_wwan 4-1:0.207: probe with driver qmi_wwan failed with error -22
[  361.570835][ T2149] usb 4-1: USB disconnect, device number 5
[  361.675121][ T7938] rdma_rxe: rxe_newlink: failed to add lo
[  362.388567][ T7934] program syz.0.479 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  362.984214][ T2149] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  363.172116][ T2149] usb 2-1: device descriptor read/64, error -71
[  363.322184][   T24] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  363.432214][ T2149] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  363.504057][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  363.534234][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  363.556885][   T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  363.582950][ T2149] usb 2-1: device descriptor read/64, error -71
[  363.593772][   T24] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  363.612514][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.624665][   T24] usb 1-1: config 0 descriptor??
[  363.722675][ T2149] usb usb2-port1: attempt power cycle
[  364.017422][ T7960] netlink: 24 bytes leftover after parsing attributes in process `syz.4.487'.
[  364.047408][   T24] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  364.058292][   T24] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  364.069697][   T24] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  364.080254][ T2149] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  364.089425][   T24] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  364.109485][   T24] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  364.120001][   T24] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  364.128166][   T24] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  364.148567][ T2149] usb 2-1: device descriptor read/8, error -71
[  364.416727][   T24] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  364.476555][ T7964] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  364.503810][ T7964] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  364.527139][ T2149] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  364.628544][ T2149] usb 2-1: device descriptor read/8, error -71
[  365.001176][ T2149] usb usb2-port1: unable to enumerate USB device
[  365.033278][ T2149] usb 1-1: USB disconnect, device number 4
[  365.189438][ T7974] Cannot find add_set index 0 as target
[  367.783326][ T7989] program syz.1.494 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  367.834690][ T2149] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[  368.532534][ T2149] usb 3-1: config 0 has an invalid interface number: 207 but max is 0
[  368.541245][ T2149] usb 3-1: config 0 has no interface number 0
[  369.164547][ T2149] usb 3-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  369.292841][ T2149] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.301156][ T2149] usb 3-1: Product: syz
[  369.305594][ T2149] usb 3-1: Manufacturer: syz
[  369.310225][ T2149] usb 3-1: SerialNumber: syz
[  369.317740][ T2149] usb 3-1: config 0 descriptor??
[  369.338289][ T2149] usb 3-1: can't set config #0, error -71
[  369.491889][ T2149] usb 3-1: USB disconnect, device number 2
[  369.842238][ T8013] rdma_rxe: rxe_newlink: failed to add lo
[  371.165943][ T8024] netlink: 8 bytes leftover after parsing attributes in process `syz.0.502'.
[  371.253773][ T8024] pim6reg: entered allmulticast mode
[  371.260735][ T8025] pim6reg: left allmulticast mode
[  373.816778][ T8048] xt_bpf: check failed: parse error
[  373.841170][ T8048] overlayfs: failed to resolve './file1/file0': -2
[  374.352325][ T2149] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  374.478647][ T8057] program syz.4.509 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  374.811235][ T2149] usb 1-1: config 0 has an invalid interface number: 207 but max is 0
[  374.820112][ T2149] usb 1-1: config 0 has no interface number 0
[  374.946902][ T2149] usb 1-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  374.956543][ T2149] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.966396][ T2149] usb 1-1: Product: syz
[  374.972867][ T2149] usb 1-1: Manufacturer: syz
[  374.979362][ T2149] usb 1-1: SerialNumber: syz
[  375.167557][ T2149] usb 1-1: config 0 descriptor??
[  375.419792][ T2149] qmi_wwan 1-1:0.207: bogus CDC Union: master=0, slave=1
[  375.577869][ T8060] netlink: 'syz.3.512': attribute type 1 has an invalid length.
[  377.122692][ T2149] qmi_wwan 1-1:0.207: probe with driver qmi_wwan failed with error -22
[  377.152214][ T2149] usb 1-1: USB disconnect, device number 5
[  377.705253][ T5854] Bluetooth: hci4: unexpected event for opcode 0x0a33
[  379.270761][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  379.292283][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  380.373873][ T8107] 9pnet_fd: Insufficient options for proto=fd
[  381.163902][    T9] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  381.815005][ T5854] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  381.948637][ T8121] program syz.2.526 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  381.962841][ T5854] Bluetooth: hci4: Injecting HCI hardware error event
[  382.125161][ T5854] Bluetooth: hci4: hardware error 0x00
[  382.290697][    T9] usb 4-1: config 0 has an invalid interface number: 207 but max is 0
[  383.246597][    T9] usb 4-1: config 0 has no interface number 0
[  383.287172][    T9] usb 4-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  383.449290][ T8126] program syz.1.529 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  383.951849][ T5899] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  383.987526][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.469819][ T5854] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  384.517180][    T9] usb 4-1: Product: syz
[  384.554308][    T9] usb 4-1: Manufacturer: syz
[  384.574684][    T9] usb 4-1: SerialNumber: syz
[  384.739537][    T9] usb 4-1: config 0 descriptor??
[  384.763914][    T9] usb 4-1: can't set config #0, error -71
[  384.781947][    T9] usb 4-1: USB disconnect, device number 6
[  387.894031][ T8170] fuse: Bad value for 'fd'
[  388.123701][ T2149] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  388.131396][   T43] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  388.652738][ T2149] usb 2-1: config 0 has an invalid interface number: 207 but max is 0
[  388.661679][ T2149] usb 2-1: config 0 has no interface number 0
[  388.816786][   T43] usb 4-1: config 0 has an invalid interface number: 207 but max is 0
[  388.825737][   T43] usb 4-1: config 0 has no interface number 0
[  388.958266][ T2149] usb 2-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  388.985461][ T2149] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.027483][   T43] usb 4-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  389.206604][ T2149] usb 2-1: Product: syz
[  389.211135][ T2149] usb 2-1: Manufacturer: syz
[  389.253891][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.301522][ T2149] usb 2-1: SerialNumber: syz
[  390.034126][   T43] usb 4-1: Product: syz
[  390.038362][   T43] usb 4-1: Manufacturer: syz
[  390.052458][   T43] usb 4-1: SerialNumber: syz
[  390.063456][ T2149] usb 2-1: config 0 descriptor??
[  390.070715][   T43] usb 4-1: config 0 descriptor??
[  390.276183][ T8163] overlayfs: missing 'lowerdir'
[  390.691163][ T2149] qmi_wwan 2-1:0.207: bogus CDC Union: master=0, slave=1
[  390.710661][   T43] usb 4-1: can't set config #0, error -71
[  390.724318][   T43] usb 4-1: USB disconnect, device number 7
[  390.750518][ T8180] rdma_rxe: rxe_newlink: failed to add lo
[  391.122880][ T8190] fuse: Bad value for 'fd'
[  391.441972][ T8194] =======================================================
[  391.441972][ T8194] WARNING: The mand mount option has been deprecated and
[  391.441972][ T8194]          and is ignored by this kernel. Remove the mand
[  391.441972][ T8194]          option from the mount to silence this warning.
[  391.441972][ T8194] =======================================================
[  391.533383][ T2149] qmi_wwan 2-1:0.207: probe with driver qmi_wwan failed with error -22
[  391.637956][ T2149] usb 2-1: USB disconnect, device number 8
[  395.409045][ T5854] Bluetooth: hci0: unexpected event for opcode 0x1002
[  396.400352][ T8225] fuse: Bad value for 'fd'
[  397.661905][   T24] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  398.012575][ T8241] s
z1: rxe_newlink: already configured on lo
[  398.118718][   T24] usb 3-1: config 0 has an invalid interface number: 207 but max is 0
[  398.127794][   T24] usb 3-1: config 0 has no interface number 0
[  398.161540][   T24] usb 3-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  398.192491][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.269651][   T24] usb 3-1: Product: syz
[  398.277327][   T24] usb 3-1: Manufacturer: syz
[  398.283420][   T24] usb 3-1: SerialNumber: syz
[  398.300831][   T24] usb 3-1: config 0 descriptor??
[  398.791539][   T24] qmi_wwan 3-1:0.207: bogus CDC Union: master=0, slave=1
[  399.000186][ T5920] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  399.187286][ T5920] usb 5-1: config 0 has an invalid interface number: 207 but max is 0
[  399.217369][ T5920] usb 5-1: config 0 has no interface number 0
[  399.246767][ T5920] usb 5-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  399.271615][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.295774][ T5920] usb 5-1: Product: syz
[  399.307962][ T5920] usb 5-1: Manufacturer: syz
[  399.320125][ T5920] usb 5-1: SerialNumber: syz
[  399.349488][ T5920] usb 5-1: config 0 descriptor??
[  399.370639][ T5920] qmi_wwan 5-1:0.207: bogus CDC Union: master=0, slave=1
[  399.965895][   T92] libceph: connect (1)[c::]:6789 error -101
[  399.974071][   T92] libceph: mon0 (1)[c::]:6789 connect error
[  400.065139][   T24] qmi_wwan 3-1:0.207: probe with driver qmi_wwan failed with error -22
[  400.103478][   T24] usb 3-1: USB disconnect, device number 3
[  400.161390][ T8255] ceph: No mds server is up or the cluster is laggy
[  400.448304][ T8264] netlink: 12 bytes leftover after parsing attributes in process `syz.2.565'.
[  403.759253][ T5920] qmi_wwan 5-1:0.207: probe with driver qmi_wwan failed with error -22
[  403.783765][ T5920] usb 5-1: USB disconnect, device number 8
[  405.657606][ T8288] program syz.0.570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  406.746879][ T8299] netlink: 'syz.4.573': attribute type 4 has an invalid length.
[  408.366098][ T8309] netlink: 4 bytes leftover after parsing attributes in process `syz.1.574'.
[  409.445068][   T92] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  409.576365][ T8321] netlink: 12 bytes leftover after parsing attributes in process `syz.2.579'.
[  409.635287][   T92] usb 5-1: config 0 has an invalid interface number: 207 but max is 0
[  413.264973][   T92] usb 5-1: config 0 has no interface number 0
[  413.279737][   T92] usb 5-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  413.291542][   T92] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.300708][   T92] usb 5-1: Product: syz
[  413.306888][   T92] usb 5-1: Manufacturer: syz
[  413.311528][   T92] usb 5-1: SerialNumber: syz
[  413.320566][   T92] usb 5-1: config 0 descriptor??
[  413.329139][   T92] qmi_wwan 5-1:0.207: bogus CDC Union: master=0, slave=1
[  413.471663][ T8309] team0: Port device team_slave_0 removed
[  413.584826][   T92] qmi_wwan 5-1:0.207: probe with driver qmi_wwan failed with error -22
[  413.661171][   T92] usb 5-1: USB disconnect, device number 9
[  415.112226][   T92] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  415.275170][   T92] usb 5-1: config 0 has an invalid interface number: 239 but max is 0
[  415.287359][   T92] usb 5-1: config 0 has no interface number 0
[  415.312356][   T92] usb 5-1: config 0 interface 239 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  415.332961][   T92] usb 5-1: config 0 interface 239 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  415.351874][   T92] usb 5-1: config 0 interface 239 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  415.382696][   T92] usb 5-1: New USB device found, idVendor=2201, idProduct=012c, bcdDevice=60.d9
[  415.677712][ T8353] FAULT_INJECTION: forcing a failure.
[  415.677712][ T8353] name failslab, interval 1, probability 0, space 0, times 1
[  415.690950][ T8353] CPU: 0 UID: 0 PID: 8353 Comm: syz.3.587 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  415.690975][ T8353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  415.690993][ T8353] Call Trace:
[  415.691004][ T8353]  <TASK>
[  415.691013][ T8353]  dump_stack_lvl+0x189/0x250
[  415.691040][ T8353]  ? irqentry_exit+0x74/0x90
[  415.691063][ T8353]  ? __pfx_dump_stack_lvl+0x10/0x10
[  415.691104][ T8353]  should_fail_ex+0x414/0x560
[  415.691129][ T8353]  should_failslab+0xa8/0x100
[  415.691152][ T8353]  __kmalloc_noprof+0xcb/0x4f0
[  415.691169][ T8353]  ? kfree+0x4d/0x440
[  415.691194][ T8353]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  415.691237][ T8353]  tomoyo_realpath_from_path+0xe3/0x5d0
[  415.691264][ T8353]  ? tomoyo_domain+0xda/0x130
[  415.691294][ T8353]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  415.691315][ T8353]  tomoyo_path_number_perm+0x1e8/0x5a0
[  415.691338][ T8353]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  415.691356][ T8353]  ? rcu_is_watching+0x15/0xb0
[  415.691377][ T8353]  ? trace_sched_exit_tp+0x38/0x120
[  415.691405][ T8353]  ? __schedule+0x16c8/0x4c90
[  415.691434][ T8353]  ? __lock_acquire+0xab9/0xd20
[  415.691473][ T8353]  ? __fget_files+0x2a/0x420
[  415.691496][ T8353]  ? __fget_files+0x2a/0x420
[  415.691516][ T8353]  ? __fget_files+0x3a0/0x420
[  415.691535][ T8353]  ? __fget_files+0x2a/0x420
[  415.691560][ T8353]  security_file_ioctl+0xcb/0x2d0
[  415.691584][ T8353]  __se_sys_ioctl+0x47/0x170
[  415.691614][ T8353]  do_syscall_64+0xfa/0x3b0
[  415.691637][ T8353]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.691654][ T8353]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  415.691672][ T8353]  ? clear_bhb_loop+0x60/0xb0
[  415.691695][ T8353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.691713][ T8353] RIP: 0033:0x7f180dd8ebe9
[  415.691735][ T8353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  415.691751][ T8353] RSP: 002b:00007f180ebbb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  415.691777][ T8353] RAX: ffffffffffffffda RBX: 00007f180dfb6180 RCX: 00007f180dd8ebe9
[  415.691791][ T8353] RDX: 0000200000000240 RSI: 000000004068aea3 RDI: 000000000000000c
[  415.691803][ T8353] RBP: 00007f180ebbb090 R08: 0000000000000000 R09: 0000000000000000
[  415.691815][ T8353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  415.691826][ T8353] R13: 00007f180dfb6218 R14: 00007f180dfb6180 R15: 00007ffe538379a8
[  415.691857][ T8353]  </TASK>
[  415.691874][ T8353] ERROR: Out of memory at tomoyo_realpath_from_path.
[  416.018298][   T92] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.045662][ T8344] ceph: No mds server is up or the cluster is laggy
[  416.047883][   T92] usb 5-1: Product: syz
[  416.137108][   T92] usb 5-1: Manufacturer: syz
[  416.141813][   T92] usb 5-1: SerialNumber: syz
[  416.161981][   T10] libceph: connect (1)[c::]:6789 error -101
[  416.168873][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  416.214059][   T92] usb 5-1: config 0 descriptor??
[  416.220389][ T8332] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  416.432391][ T5899] libceph: connect (1)[c::]:6789 error -101
[  416.438516][ T5899] libceph: mon0 (1)[c::]:6789 connect error
[  417.202840][   T92] usb 5-1: probing VID:PID(2201:012C)   
[  417.211691][   T92] usb 5-1: vub300 testing BULK OUT EndPoint(0) 02
[  417.218393][   T92] usb 5-1: vub300 testing BULK IN EndPoint(1) 82
[  417.224936][   T92] usb 5-1: Could not find two sets of bulk-in/out endpoint pairs
[  417.245369][   T92] vub300 5-1:0.239: probe with driver vub300 failed with error -22
[  417.259180][   T92] usb 5-1: USB disconnect, device number 10
[  418.334913][    T9] libceph: connect (1)[c::]:6789 error -101
[  418.392684][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  418.617183][ T8372] netlink: 'syz.4.590': attribute type 10 has an invalid length.
[  420.773462][ T5854] Bluetooth: hci0: command 0x0406 tx timeout
[  420.840347][ T5899] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  420.925673][ T8372] team0: Port device wlan1 added
[  421.017883][ T5899] usb 4-1: config 0 has an invalid interface number: 207 but max is 0
[  421.026905][ T5899] usb 4-1: config 0 has no interface number 0
[  421.102815][ T5899] usb 4-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  421.112392][ T8386] syz.0.593 uses obsolete (PF_INET,SOCK_PACKET)
[  421.182291][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  421.217162][ T5899] usb 4-1: Product: syz
[  421.221488][ T5899] usb 4-1: Manufacturer: syz
[  421.228659][ T8386] FAULT_INJECTION: forcing a failure.
[  421.228659][ T8386] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  421.236955][ T5899] usb 4-1: SerialNumber: syz
[  421.311366][ T8386] CPU: 1 UID: 0 PID: 8386 Comm: syz.0.593 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  421.311394][ T8386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  421.311405][ T8386] Call Trace:
[  421.311413][ T8386]  <TASK>
[  421.311422][ T8386]  dump_stack_lvl+0x189/0x250
[  421.311448][ T8386]  ? __pfx____ratelimit+0x10/0x10
[  421.311469][ T8386]  ? __pfx_dump_stack_lvl+0x10/0x10
[  421.311491][ T8386]  ? __pfx__printk+0x10/0x10
[  421.311515][ T8386]  ? __might_fault+0xb0/0x130
[  421.311546][ T8386]  should_fail_ex+0x414/0x560
[  421.311579][ T8386]  _copy_from_iter+0x1db/0x16f0
[  421.311603][ T8386]  ? __lock_acquire+0xab9/0xd20
[  421.311631][ T8386]  ? __pfx__copy_from_iter+0x10/0x10
[  421.311671][ T8386]  tun_get_user+0x20f/0x3ce0
[  421.311699][ T8386]  ? __lock_acquire+0xab9/0xd20
[  421.311735][ T8386]  ? __might_fault+0xb0/0x130
[  421.311756][ T8386]  ? __pfx_tun_get_user+0x10/0x10
[  421.311788][ T8386]  ? __lock_acquire+0xab9/0xd20
[  421.311812][ T8386]  ? ref_tracker_alloc+0x318/0x460
[  421.311831][ T8386]  ? __lock_acquire+0xab9/0xd20
[  421.311850][ T8386]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  421.311878][ T8386]  ? tun_get+0x1c/0x2f0
[  421.311907][ T8386]  ? tun_get+0x1c/0x2f0
[  421.311929][ T8386]  ? tun_get+0x1c/0x2f0
[  421.311957][ T8386]  tun_chr_write_iter+0x113/0x200
[  421.311984][ T8386]  vfs_write+0x54b/0xa90
[  421.312010][ T8386]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  421.312031][ T8386]  ? __pfx_vfs_write+0x10/0x10
[  421.312060][ T8386]  ? __fget_files+0x2a/0x420
[  421.312090][ T8386]  ksys_write+0x145/0x250
[  421.312111][ T8386]  ? __pfx_ksys_write+0x10/0x10
[  421.312124][ T8386]  ? rcu_is_watching+0x15/0xb0
[  421.312150][ T8386]  ? do_syscall_64+0xbe/0x3b0
[  421.312175][ T8386]  do_syscall_64+0xfa/0x3b0
[  421.312194][ T8386]  ? lockdep_hardirqs_on+0x9c/0x150
[  421.312213][ T8386]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.312232][ T8386]  ? clear_bhb_loop+0x60/0xb0
[  421.312254][ T8386]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.312273][ T8386] RIP: 0033:0x7f9a9a58ebe9
[  421.312289][ T8386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  421.312305][ T8386] RSP: 002b:00007f9a9b446038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  421.312323][ T8386] RAX: ffffffffffffffda RBX: 00007f9a9a7b5fa0 RCX: 00007f9a9a58ebe9
[  421.312337][ T8386] RDX: 000000000000fd6c RSI: 0000200000000280 RDI: 0000000000000004
[  421.312349][ T8386] RBP: 00007f9a9b446090 R08: 0000000000000000 R09: 0000000000000000
[  421.312361][ T8386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  421.312371][ T8386] R13: 00007f9a9a7b6038 R14: 00007f9a9a7b5fa0 R15: 00007ffe8bd56c78
[  421.312403][ T8386]  </TASK>
[  421.912933][ T5899] usb 4-1: config 0 descriptor??
[  422.055995][ T5899] usb 4-1: can't set config #0, error -71
[  422.065681][ T5899] usb 4-1: USB disconnect, device number 8
[  423.620723][ T8407] FAULT_INJECTION: forcing a failure.
[  423.620723][ T8407] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  423.636546][ T8407] CPU: 0 UID: 0 PID: 8407 Comm: syz.0.599 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  423.636562][ T8407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  423.636569][ T8407] Call Trace:
[  423.636574][ T8407]  <TASK>
[  423.636579][ T8407]  dump_stack_lvl+0x189/0x250
[  423.636596][ T8407]  ? __pfx____ratelimit+0x10/0x10
[  423.636607][ T8407]  ? __pfx_dump_stack_lvl+0x10/0x10
[  423.636618][ T8407]  ? __pfx__printk+0x10/0x10
[  423.636631][ T8407]  ? __might_fault+0xb0/0x130
[  423.636647][ T8407]  should_fail_ex+0x414/0x560
[  423.636661][ T8407]  _copy_from_user+0x2d/0xb0
[  423.636676][ T8407]  ___sys_sendmsg+0x158/0x2a0
[  423.636695][ T8407]  ? __pfx____sys_sendmsg+0x10/0x10
[  423.636728][ T8407]  ? __fget_files+0x2a/0x420
[  423.636740][ T8407]  ? __fget_files+0x3a0/0x420
[  423.636756][ T8407]  __x64_sys_sendmsg+0x19b/0x260
[  423.636773][ T8407]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  423.636793][ T8407]  ? __pfx_ksys_write+0x10/0x10
[  423.636801][ T8407]  ? rcu_is_watching+0x15/0xb0
[  423.636815][ T8407]  ? do_syscall_64+0xbe/0x3b0
[  423.636829][ T8407]  do_syscall_64+0xfa/0x3b0
[  423.636839][ T8407]  ? lockdep_hardirqs_on+0x9c/0x150
[  423.636850][ T8407]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.636860][ T8407]  ? clear_bhb_loop+0x60/0xb0
[  423.636872][ T8407]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.636882][ T8407] RIP: 0033:0x7f9a9a58ebe9
[  423.636892][ T8407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  423.636900][ T8407] RSP: 002b:00007f9a9b446038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  423.636911][ T8407] RAX: ffffffffffffffda RBX: 00007f9a9a7b5fa0 RCX: 00007f9a9a58ebe9
[  423.636919][ T8407] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  423.636925][ T8407] RBP: 00007f9a9b446090 R08: 0000000000000000 R09: 0000000000000000
[  423.636931][ T8407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  423.636937][ T8407] R13: 00007f9a9a7b6038 R14: 00007f9a9a7b5fa0 R15: 00007ffe8bd56c78
[  423.636952][ T8407]  </TASK>
[  424.352672][ T5899] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  424.514301][ T5899] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  424.603949][ T5899] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  424.625469][ T5899] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  424.639854][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.648119][ T5899] usb 4-1: Product: syz
[  424.652614][ T5899] usb 4-1: Manufacturer: syz
[  424.657294][ T5899] usb 4-1: SerialNumber: syz
[  424.964065][ T8409] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  425.013461][ T8409] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  425.230248][ T5899] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  425.456750][ T8409] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  425.509444][ T5899] usb 4-1: USB disconnect, device number 9
[  425.569209][ T8409] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  425.653068][ T8422] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  426.225704][   T92] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  426.424761][ T5899] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  426.810529][ T2149] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[  426.847051][ T8444] FAULT_INJECTION: forcing a failure.
[  426.847051][ T8444] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  426.847309][ T8444] CPU: 0 UID: 0 PID: 8444 Comm: syz.0.609 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  426.847333][ T8444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  426.847344][ T8444] Call Trace:
[  426.847352][ T8444]  <TASK>
[  426.847360][ T8444]  dump_stack_lvl+0x189/0x250
[  426.847386][ T8444]  ? __pfx____ratelimit+0x10/0x10
[  426.847406][ T8444]  ? __pfx_dump_stack_lvl+0x10/0x10
[  426.847428][ T8444]  ? __pfx__printk+0x10/0x10
[  426.847452][ T8444]  ? __might_fault+0xb0/0x130
[  426.847482][ T8444]  should_fail_ex+0x414/0x560
[  426.847507][ T8444]  _copy_from_user+0x2d/0xb0
[  426.847533][ T8444]  ___sys_sendmsg+0x158/0x2a0
[  426.847565][ T8444]  ? __pfx____sys_sendmsg+0x10/0x10
[  426.847631][ T8444]  ? __fget_files+0x2a/0x420
[  426.847651][ T8444]  ? __fget_files+0x3a0/0x420
[  426.847678][ T8444]  __x64_sys_sendmsg+0x19b/0x260
[  426.847706][ T8444]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  426.847741][ T8444]  ? __pfx_ksys_write+0x10/0x10
[  426.847757][ T8444]  ? rcu_is_watching+0x15/0xb0
[  426.847782][ T8444]  ? do_syscall_64+0xbe/0x3b0
[  426.847808][ T8444]  do_syscall_64+0xfa/0x3b0
[  426.847829][ T8444]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.847847][ T8444]  ? asm_sysvec_call_function_single+0x1a/0x20
[  426.847866][ T8444]  ? clear_bhb_loop+0x60/0xb0
[  426.847889][ T8444]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.847907][ T8444] RIP: 0033:0x7f9a9a58ebe9
[  426.847930][ T8444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  426.847946][ T8444] RSP: 002b:00007f9a9b425038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  426.847966][ T8444] RAX: ffffffffffffffda RBX: 00007f9a9a7b6090 RCX: 00007f9a9a58ebe9
[  426.847980][ T8444] RDX: 0000000020050800 RSI: 00002000000000c0 RDI: 0000000000000005
[  426.847993][ T8444] RBP: 00007f9a9b425090 R08: 0000000000000000 R09: 0000000000000000
[  426.848005][ T8444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  426.848016][ T8444] R13: 00007f9a9a7b6128 R14: 00007f9a9a7b6090 R15: 00007ffe8bd56c78
[  426.848046][ T8444]  </TASK>
[  427.071120][ T2149] usb 3-1: config 0 has an invalid interface number: 207 but max is 0
[  427.071220][ T2149] usb 3-1: config 0 has no interface number 0
[  427.098037][ T2149] usb 3-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  427.098068][ T2149] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  427.098180][ T2149] usb 3-1: Product: syz
[  427.098196][ T2149] usb 3-1: Manufacturer: syz
[  427.098211][ T2149] usb 3-1: SerialNumber: syz
[  427.125559][   T92] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  427.125612][   T92] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  427.149243][ T5899] usb 4-1: Using ep0 maxpacket: 8
[  427.162832][   T92] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  427.162919][   T92] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  427.162940][   T92] usb 5-1: Manufacturer: syz
[  427.201060][   T92] usb 5-1: config 0 descriptor??
[  427.390905][ T2149] usb 3-1: config 0 descriptor??
[  427.467594][ T2149] qmi_wwan 3-1:0.207: bogus CDC Union: master=0, slave=1
[  428.110066][ T5899] usb 4-1: device descriptor read/all, error -71
[  428.243673][   T92] rc_core: IR keymap rc-hauppauge not found
[  428.243694][   T92] Registered IR keymap rc-empty
[  428.249597][   T92] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  428.260994][   T92] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input5
[  428.279849][    C0] igorplugusb 5-1:0.0: Error: urb status = -32
[  429.224335][ T2149] qmi_wwan 3-1:0.207: probe with driver qmi_wwan failed with error -22
[  429.674013][ T2149] usb 3-1: USB disconnect, device number 4
[  429.677056][ T8447] Bluetooth: MGMT ver 1.23
[  430.155944][ T8469] comedi comedi0: comedi_config --init_data is deprecated
[  430.660664][    T9] usb 5-1: USB disconnect, device number 11
[  432.389690][ T8493] FAULT_INJECTION: forcing a failure.
[  432.389690][ T8493] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  432.416477][ T8493] CPU: 0 UID: 0 PID: 8493 Comm: syz.0.619 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  432.416507][ T8493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  432.416519][ T8493] Call Trace:
[  432.416527][ T8493]  <TASK>
[  432.416536][ T8493]  dump_stack_lvl+0x189/0x250
[  432.416563][ T8493]  ? __pfx____ratelimit+0x10/0x10
[  432.416584][ T8493]  ? __pfx_dump_stack_lvl+0x10/0x10
[  432.416605][ T8493]  ? __pfx__printk+0x10/0x10
[  432.416629][ T8493]  ? __might_fault+0xb0/0x130
[  432.416659][ T8493]  should_fail_ex+0x414/0x560
[  432.416684][ T8493]  _copy_from_user+0x2d/0xb0
[  432.416710][ T8493]  ___sys_recvmsg+0x12e/0x510
[  432.416735][ T8493]  ? __pfx____sys_recvmsg+0x10/0x10
[  432.416779][ T8493]  ? __fget_files+0x3a0/0x420
[  432.416812][ T8493]  __x64_sys_recvmsg+0x198/0x260
[  432.416834][ T8493]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  432.416863][ T8493]  ? __pfx_ksys_write+0x10/0x10
[  432.416878][ T8493]  ? rcu_is_watching+0x15/0xb0
[  432.416905][ T8493]  ? do_syscall_64+0xbe/0x3b0
[  432.416930][ T8493]  do_syscall_64+0xfa/0x3b0
[  432.416950][ T8493]  ? lockdep_hardirqs_on+0x9c/0x150
[  432.416970][ T8493]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.416989][ T8493]  ? clear_bhb_loop+0x60/0xb0
[  432.417013][ T8493]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.417032][ T8493] RIP: 0033:0x7f9a9a58ebe9
[  432.417049][ T8493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  432.417071][ T8493] RSP: 002b:00007f9a9b446038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  432.417092][ T8493] RAX: ffffffffffffffda RBX: 00007f9a9a7b5fa0 RCX: 00007f9a9a58ebe9
[  432.417106][ T8493] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  432.417118][ T8493] RBP: 00007f9a9b446090 R08: 0000000000000000 R09: 0000000000000000
[  432.417130][ T8493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  432.417141][ T8493] R13: 00007f9a9a7b6038 R14: 00007f9a9a7b5fa0 R15: 00007ffe8bd56c78
[  432.417172][ T8493]  </TASK>
[  432.624549][    C0] vkms_vblank_simulate: vblank timer overrun
[  432.792123][    T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  432.953839][    T9] usb 3-1: Using ep0 maxpacket: 8
[  433.062792][    T9] usb 3-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=44.b2
[  433.078103][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  433.530768][ T8504] program syz.1.622 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  433.908705][    T9] usb 3-1: Product: syz
[  434.112909][ T8506] program syz.3.621 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  434.491924][    T9] usb 3-1: Manufacturer: syz
[  434.854582][    T9] usb 3-1: SerialNumber: syz
[  434.874445][ T5899] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  435.317956][    T9] usb 3-1: config 0 descriptor??
[  435.364477][    T9] usb 3-1: can't set config #0, error -71
[  435.371850][    T9] usb 3-1: USB disconnect, device number 5
[  435.455485][ T5899] usb 1-1: config 0 has an invalid interface number: 207 but max is 0
[  435.521821][ T5899] usb 1-1: config 0 has no interface number 0
[  436.342069][ T5899] usb 1-1: string descriptor 0 read error: -71
[  436.352852][ T5899] usb 1-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  436.965291][ T5899] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.976374][ T5899] usb 1-1: config 0 descriptor??
[  436.990252][ T5899] usb 1-1: can't set config #0, error -71
[  437.027404][ T5899] usb 1-1: USB disconnect, device number 6
[  437.331272][ T8533] netlink: 'syz.2.629': attribute type 16 has an invalid length.
[  437.339325][ T8533] netlink: 'syz.2.629': attribute type 17 has an invalid length.
[  437.433806][ T8533] netlink: 8 bytes leftover after parsing attributes in process `syz.2.629'.
[  438.165771][ T8534] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  438.292783][ T8539] netlink: 40 bytes leftover after parsing attributes in process `syz.1.628'.
[  438.679197][ T8534] syzkaller0: entered promiscuous mode
[  438.733112][ T8534] syzkaller0: entered allmulticast mode
[  438.773338][ T8550] loop8: detected capacity change from 0 to 7
[  438.799545][ T8550] Dev loop8: unable to read RDB block 7
[  438.817206][ T8550]  loop8: AHDI p1 p2 p3
[  438.821734][ T8550] loop8: partition table partially beyond EOD, truncated
[  438.846060][ T8550] loop8: p1 start 1601398130 is beyond EOD, truncated
[  438.859017][ T8550] loop8: p2 start 1702059890 is beyond EOD, truncated
[  439.743142][   T24] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  440.336334][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  440.345625][   T24] usb 1-1: config 0 has an invalid interface number: 207 but max is 0
[  440.346183][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  440.354530][   T24] usb 1-1: config 0 has no interface number 0
[  440.390962][   T24] usb 1-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  440.583130][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  440.693431][   T24] usb 1-1: Product: syz
[  440.697831][   T24] usb 1-1: Manufacturer: syz
[  440.703925][   T24] usb 1-1: SerialNumber: syz
[  440.731600][   T24] usb 1-1: config 0 descriptor??
[  440.753752][   T24] qmi_wwan 1-1:0.207: bogus CDC Union: master=0, slave=1
[  442.220408][   T24] qmi_wwan 1-1:0.207: probe with driver qmi_wwan failed with error -22
[  442.235789][   T24] usb 1-1: USB disconnect, device number 7
[  442.447269][ T5854] Bluetooth: hci0: unexpected event for opcode 0x1002
[  442.766514][ T8587] dlm: no locking on control device
[  443.455967][ T8586] dvmrp17: entered allmulticast mode
[  445.040083][ T8610] netlink: 36 bytes leftover after parsing attributes in process `syz.4.649'.
[  445.078706][ T8610] netlink: 12 bytes leftover after parsing attributes in process `syz.4.649'.
[  445.096496][ T8610] netlink: 8 bytes leftover after parsing attributes in process `syz.4.649'.
[  445.283627][ T8618] trusted_key: syz.1.651 sent an empty control message without MSG_MORE.
[  445.992639][   T43] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  446.056060][ T8636] fuse: Bad value for 'fd'
[  446.185180][   T43] usb 3-1: config 0 has an invalid interface number: 207 but max is 0
[  446.223609][   T43] usb 3-1: config 0 has no interface number 0
[  446.258519][   T43] usb 3-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  446.308356][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.320035][   T43] usb 3-1: Product: syz
[  446.324428][   T43] usb 3-1: Manufacturer: syz
[  446.352114][   T43] usb 3-1: SerialNumber: syz
[  446.632281][   T43] usb 3-1: config 0 descriptor??
[  446.776989][   T43] qmi_wwan 3-1:0.207: bogus CDC Union: master=0, slave=1
[  448.257702][   T43] qmi_wwan 3-1:0.207: probe with driver qmi_wwan failed with error -22
[  448.479658][   T43] usb 3-1: USB disconnect, device number 6
[  452.619673][ T8689] syz.3.668: attempt to access beyond end of device
[  452.619673][ T8689] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[  452.635327][ T8689] syz.3.668: attempt to access beyond end of device
[  452.635327][ T8689] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0
[  452.648432][ T8689] Mount JFS Failure: -5
[  452.732433][   T43] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  452.894703][   T43] usb 1-1: config 0 has an invalid interface number: 207 but max is 0
[  452.897146][ T8695] netlink: 16 bytes leftover after parsing attributes in process `syz.2.669'.
[  452.921442][   T43] usb 1-1: config 0 has no interface number 0
[  452.969519][   T43] usb 1-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  452.999530][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.024168][   T43] usb 1-1: Product: syz
[  453.028917][   T43] usb 1-1: Manufacturer: syz
[  453.045310][   T43] usb 1-1: SerialNumber: syz
[  453.080641][   T43] usb 1-1: config 0 descriptor??
[  453.119024][   T43] qmi_wwan 1-1:0.207: bogus CDC Union: master=0, slave=1
[  453.427265][ T8705] netlink: 'syz.3.673': attribute type 10 has an invalid length.
[  453.435629][ T8705] netlink: 40 bytes leftover after parsing attributes in process `syz.3.673'.
[  453.448650][ T8705] batman_adv: batadv0: Adding interface: virt_wifi0
[  453.455592][ T8705] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  453.481925][ T8705] batman_adv: batadv0: Not using interface virt_wifi0 (retrying later): interface not active
[  455.246650][   T43] qmi_wwan 1-1:0.207: probe with driver qmi_wwan failed with error -22
[  456.875967][   T43] usb 1-1: USB disconnect, device number 8
[  459.172556][   T43] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  459.203526][ T8741] program syz.3.683 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  459.621317][   T43] usb 3-1: device descriptor read/64, error -71
[  460.345047][   T43] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  460.492215][   T43] usb 3-1: device descriptor read/64, error -71
[  460.603461][   T43] usb usb3-port1: attempt power cycle
[  460.832166][ T5920] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  460.967249][   T43] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  461.135005][   T43] usb 3-1: device descriptor read/8, error -71
[  461.403297][   T43] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  461.418938][ T8648] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  461.458097][ T5920] usb 5-1: unable to read config index 0 descriptor/start: -61
[  461.750545][ T5920] usb 5-1: can't read configurations, error -61
[  461.998617][ T8648] usb 2-1: config 0 has an invalid interface number: 207 but max is 0
[  462.345120][ T8648] usb 2-1: config 0 has no interface number 0
[  462.385285][   T43] usb 3-1: device descriptor read/8, error -71
[  462.392744][ T5920] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  462.407262][ T8648] usb 2-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  462.489254][ T8648] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  462.508262][   T43] usb usb3-port1: unable to enumerate USB device
[  462.518022][ T8648] usb 2-1: Product: syz
[  462.524823][ T8767] netlink: 32 bytes leftover after parsing attributes in process `syz.3.692'.
[  462.534902][ T8648] usb 2-1: Manufacturer: syz
[  462.553948][ T8648] usb 2-1: SerialNumber: syz
[  462.576461][ T8648] usb 2-1: config 0 descriptor??
[  462.588666][ T5920] usb 5-1: unable to read config index 0 descriptor/start: -61
[  462.611677][ T5920] usb 5-1: can't read configurations, error -61
[  462.621738][ T8648] qmi_wwan 2-1:0.207: bogus CDC Union: master=0, slave=1
[  462.631918][ T5920] usb usb5-port1: attempt power cycle
[  462.982469][ T5920] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  463.028820][ T5920] usb 5-1: unable to read config index 0 descriptor/start: -61
[  463.057600][ T5920] usb 5-1: can't read configurations, error -61
[  463.204396][ T5920] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  464.041153][ T8648] qmi_wwan 2-1:0.207: probe with driver qmi_wwan failed with error -22
[  464.116613][ T8648] usb 2-1: USB disconnect, device number 9
[  464.345801][ T5920] usb 5-1: device descriptor read/all, error -71
[  464.364841][ T5920] usb usb5-port1: unable to enumerate USB device
[  467.829366][ T8801] FAULT_INJECTION: forcing a failure.
[  467.829366][ T8801] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  467.914221][ T8803] xt_TPROXY: Can be used only with -p tcp or -p udp
[  467.958992][ T8803] vlan2: entered promiscuous mode
[  467.965276][ T8803] vlan2: entered allmulticast mode
[  467.970452][ T8803] hsr_slave_1: entered allmulticast mode
[  468.559353][ T8801] CPU: 0 UID: 0 PID: 8801 Comm: syz.3.701 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  468.559379][ T8801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  468.559390][ T8801] Call Trace:
[  468.559396][ T8801]  <TASK>
[  468.559402][ T8801]  dump_stack_lvl+0x189/0x250
[  468.559419][ T8801]  ? __pfx____ratelimit+0x10/0x10
[  468.559430][ T8801]  ? __pfx_dump_stack_lvl+0x10/0x10
[  468.559441][ T8801]  ? __pfx__printk+0x10/0x10
[  468.559455][ T8801]  ? __might_fault+0xb0/0x130
[  468.559472][ T8801]  should_fail_ex+0x414/0x560
[  468.559486][ T8801]  _copy_from_user+0x2d/0xb0
[  468.559501][ T8801]  kstrtouint_from_user+0xc4/0x170
[  468.559515][ T8801]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  468.559536][ T8801]  proc_fail_nth_write+0x88/0x240
[  468.559549][ T8801]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  468.559564][ T8801]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  468.559578][ T8801]  vfs_write+0x27e/0xa90
[  468.559593][ T8801]  ? __pfx_vfs_write+0x10/0x10
[  468.559603][ T8801]  ? __fget_files+0x2a/0x420
[  468.559618][ T8801]  ? __fget_files+0x3a0/0x420
[  468.559632][ T8801]  ? __fget_files+0x2a/0x420
[  468.559648][ T8801]  ksys_write+0x145/0x250
[  468.559657][ T8801]  ? __fget_files+0x3a0/0x420
[  468.559668][ T8801]  ? __pfx_ksys_write+0x10/0x10
[  468.559681][ T8801]  ? do_syscall_64+0xbe/0x3b0
[  468.559694][ T8801]  do_syscall_64+0xfa/0x3b0
[  468.559705][ T8801]  ? lockdep_hardirqs_on+0x9c/0x150
[  468.559716][ T8801]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  468.559726][ T8801]  ? clear_bhb_loop+0x60/0xb0
[  468.559738][ T8801]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  468.559748][ T8801] RIP: 0033:0x7f180dd8d69f
[  468.559758][ T8801] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  468.559767][ T8801] RSP: 002b:00007f180ebfd030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  468.559779][ T8801] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f180dd8d69f
[  468.559786][ T8801] RDX: 0000000000000001 RSI: 00007f180ebfd0a0 RDI: 0000000000000003
[  468.559792][ T8801] RBP: 00007f180ebfd090 R08: 0000000000000000 R09: 0000000000000000
[  468.559798][ T8801] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  468.559803][ T8801] R13: 00007f180dfb6038 R14: 00007f180dfb5fa0 R15: 00007ffe538379a8
[  468.559820][ T8801]  </TASK>
[  471.003161][ T8810] FAULT_INJECTION: forcing a failure.
[  471.003161][ T8810] name failslab, interval 1, probability 0, space 0, times 0
[  471.017281][ T8810] CPU: 1 UID: 0 PID: 8810 Comm: syz.2.702 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  471.017308][ T8810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  471.017320][ T8810] Call Trace:
[  471.017327][ T8810]  <TASK>
[  471.017336][ T8810]  dump_stack_lvl+0x189/0x250
[  471.017361][ T8810]  ? __pfx____ratelimit+0x10/0x10
[  471.017381][ T8810]  ? __pfx_dump_stack_lvl+0x10/0x10
[  471.017402][ T8810]  ? __pfx__printk+0x10/0x10
[  471.017431][ T8810]  ? __pfx___might_resched+0x10/0x10
[  471.017456][ T8810]  should_fail_ex+0x414/0x560
[  471.017488][ T8810]  should_failslab+0xa8/0x100
[  471.017510][ T8810]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  471.017530][ T8810]  ? __alloc_skb+0x112/0x2d0
[  471.017559][ T8810]  __alloc_skb+0x112/0x2d0
[  471.017587][ T8810]  netlink_sendmsg+0x5c6/0xb30
[  471.017624][ T8810]  ? __pfx_netlink_sendmsg+0x10/0x10
[  471.017657][ T8810]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  471.017676][ T8810]  ? __pfx_netlink_sendmsg+0x10/0x10
[  471.017712][ T8810]  __sock_sendmsg+0x21c/0x270
[  471.017737][ T8810]  ____sys_sendmsg+0x505/0x830
[  471.017771][ T8810]  ? __pfx_____sys_sendmsg+0x10/0x10
[  471.017808][ T8810]  ? import_iovec+0x74/0xa0
[  471.017838][ T8810]  ___sys_sendmsg+0x21f/0x2a0
[  471.017868][ T8810]  ? __pfx____sys_sendmsg+0x10/0x10
[  471.017932][ T8810]  ? __fget_files+0x2a/0x420
[  471.017952][ T8810]  ? __fget_files+0x3a0/0x420
[  471.017982][ T8810]  __x64_sys_sendmsg+0x19b/0x260
[  471.018014][ T8810]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  471.018052][ T8810]  ? __pfx_ksys_write+0x10/0x10
[  471.018067][ T8810]  ? rcu_is_watching+0x15/0xb0
[  471.018096][ T8810]  ? do_syscall_64+0xbe/0x3b0
[  471.018121][ T8810]  do_syscall_64+0xfa/0x3b0
[  471.018139][ T8810]  ? lockdep_hardirqs_on+0x9c/0x150
[  471.018156][ T8810]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.018173][ T8810]  ? clear_bhb_loop+0x60/0xb0
[  471.018196][ T8810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.018214][ T8810] RIP: 0033:0x7faed278ebe9
[  471.018231][ T8810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  471.018247][ T8810] RSP: 002b:00007faed09f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  471.018267][ T8810] RAX: ffffffffffffffda RBX: 00007faed29b5fa0 RCX: 00007faed278ebe9
[  471.018281][ T8810] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000003
[  471.018293][ T8810] RBP: 00007faed09f6090 R08: 0000000000000000 R09: 0000000000000000
[  471.018304][ T8810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  471.018315][ T8810] R13: 00007faed29b6038 R14: 00007faed29b5fa0 R15: 00007ffc98d449e8
[  471.018347][ T8810]  </TASK>
[  472.347859][   T30] audit: type=1326 audit(1755793238.169:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8825 comm="syz.2.706" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7faed278ebe9 code=0x0
[  472.630159][   T30] audit: type=1400 audit(1755793238.259:22): lsm=SMACK fn=smack_inode_setattr action=denied subject="y" object="_" requested=w pid=8825 comm="syz.2.706" name="149" dev="tmpfs" ino=830
[  472.669935][   T30] audit: type=1800 audit(1755793238.279:23): pid=8828 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.707" name="/" dev="9p" ino=2 res=0 errno=0
[  473.537128][   T92] libceph: connect (1)[c::]:6789 error -101
[  473.553882][   T92] libceph: mon0 (1)[c::]:6789 connect error
[  474.117402][ T8836] ceph: No mds server is up or the cluster is laggy
[  475.038568][   T92] libceph: connect (1)[c::]:6789 error -101
[  475.069652][   T92] libceph: mon0 (1)[c::]:6789 connect error
[  475.211119][ T8859] FAULT_INJECTION: forcing a failure.
[  475.211119][ T8859] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  475.246545][ T8859] CPU: 0 UID: 0 PID: 8859 Comm: syz.2.714 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  475.246564][ T8859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  475.246570][ T8859] Call Trace:
[  475.246576][ T8859]  <TASK>
[  475.246581][ T8859]  dump_stack_lvl+0x189/0x250
[  475.246597][ T8859]  ? __pfx____ratelimit+0x10/0x10
[  475.246609][ T8859]  ? __pfx_dump_stack_lvl+0x10/0x10
[  475.246620][ T8859]  ? __pfx__printk+0x10/0x10
[  475.246639][ T8859]  should_fail_ex+0x414/0x560
[  475.246653][ T8859]  strncpy_from_user+0x36/0x290
[  475.246671][ T8859]  getname_flags+0xf3/0x540
[  475.246687][ T8859]  do_sys_openat2+0xbc/0x1c0
[  475.246702][ T8859]  ? __pfx_do_sys_openat2+0x10/0x10
[  475.246716][ T8859]  ? ksys_write+0x22a/0x250
[  475.246726][ T8859]  ? __pfx_ksys_write+0x10/0x10
[  475.246737][ T8859]  __x64_sys_openat+0x138/0x170
[  475.246753][ T8859]  do_syscall_64+0xfa/0x3b0
[  475.246764][ T8859]  ? lockdep_hardirqs_on+0x9c/0x150
[  475.246775][ T8859]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  475.246784][ T8859]  ? clear_bhb_loop+0x60/0xb0
[  475.246797][ T8859]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  475.246806][ T8859] RIP: 0033:0x7faed278ebe9
[  475.246817][ T8859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  475.246825][ T8859] RSP: 002b:00007faed09b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  475.246837][ T8859] RAX: ffffffffffffffda RBX: 00007faed29b6180 RCX: 00007faed278ebe9
[  475.246844][ T8859] RDX: 0000000000000042 RSI: 0000200000000440 RDI: ffffffffffffff9c
[  475.246851][ T8859] RBP: 00007faed09b4090 R08: 0000000000000000 R09: 0000000000000000
[  475.246857][ T8859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  475.246863][ T8859] R13: 00007faed29b6218 R14: 00007faed29b6180 R15: 00007ffc98d449e8
[  475.246879][ T8859]  </TASK>
[  475.512577][ T8863] netlink: 12 bytes leftover after parsing attributes in process `syz.1.715'.
[  477.003244][   T30] audit: type=1326 audit(1755793242.769:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8853 comm="syz.2.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faed278ebe9 code=0x7fc00000
[  477.132135][ T5854] Bluetooth: hci0: command 0x0406 tx timeout
[  477.933869][ T8873] FAULT_INJECTION: forcing a failure.
[  477.933869][ T8873] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  477.961038][ T8873] CPU: 0 UID: 0 PID: 8873 Comm: syz.0.717 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  477.961066][ T8873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  477.961078][ T8873] Call Trace:
[  477.961086][ T8873]  <TASK>
[  477.961094][ T8873]  dump_stack_lvl+0x189/0x250
[  477.961121][ T8873]  ? __pfx____ratelimit+0x10/0x10
[  477.961141][ T8873]  ? __pfx_dump_stack_lvl+0x10/0x10
[  477.961169][ T8873]  ? __pfx__printk+0x10/0x10
[  477.961206][ T8873]  should_fail_ex+0x414/0x560
[  477.961230][ T8873]  strncpy_from_user+0x36/0x290
[  477.961264][ T8873]  getname_flags+0xf3/0x540
[  477.961292][ T8873]  user_path_at+0x24/0x60
[  477.961319][ T8873]  do_faccessat+0x5d8/0xd90
[  477.961349][ T8873]  ? ksys_write+0x22a/0x250
[  477.961366][ T8873]  ? __pfx_do_faccessat+0x10/0x10
[  477.961392][ T8873]  ? __pfx_ksys_write+0x10/0x10
[  477.961407][ T8873]  ? rcu_is_watching+0x15/0xb0
[  477.961436][ T8873]  __x64_sys_faccessat+0x7c/0x90
[  477.961458][ T8873]  do_syscall_64+0xfa/0x3b0
[  477.961482][ T8873]  ? lockdep_hardirqs_on+0x9c/0x150
[  477.961502][ T8873]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  477.961521][ T8873]  ? clear_bhb_loop+0x60/0xb0
[  477.961544][ T8873]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  477.961562][ T8873] RIP: 0033:0x7f9a9a58ebe9
[  477.961579][ T8873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  477.961595][ T8873] RSP: 002b:00007f9a9b446038 EFLAGS: 00000246 ORIG_RAX: 000000000000010d
[  477.961615][ T8873] RAX: ffffffffffffffda RBX: 00007f9a9a7b5fa0 RCX: 00007f9a9a58ebe9
[  477.961629][ T8873] RDX: 0000000000000002 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  477.961642][ T8873] RBP: 00007f9a9b446090 R08: 0000000000000000 R09: 0000000000000000
[  477.961654][ T8873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  477.961665][ T8873] R13: 00007f9a9a7b6038 R14: 00007f9a9a7b5fa0 R15: 00007ffe8bd56c78
[  477.961696][ T8873]  </TASK>
[  478.456287][ T8886] FAULT_INJECTION: forcing a failure.
[  478.456287][ T8886] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  478.456423][ T8886] CPU: 0 UID: 0 PID: 8886 Comm: syz.4.720 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  478.456448][ T8886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  478.456459][ T8886] Call Trace:
[  478.456467][ T8886]  <TASK>
[  478.456475][ T8886]  dump_stack_lvl+0x189/0x250
[  478.456502][ T8886]  ? __pfx____ratelimit+0x10/0x10
[  478.456523][ T8886]  ? __pfx_dump_stack_lvl+0x10/0x10
[  478.456545][ T8886]  ? __pfx__printk+0x10/0x10
[  478.456573][ T8886]  ? fs_reclaim_acquire+0x7d/0x100
[  478.456606][ T8886]  should_fail_ex+0x414/0x560
[  478.456632][ T8886]  prepare_alloc_pages+0x213/0x610
[  478.456671][ T8886]  __alloc_frozen_pages_noprof+0x123/0x370
[  478.456695][ T8886]  ? look_up_lock_class+0x74/0x170
[  478.456725][ T8886]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  478.456760][ T8886]  ? policy_nodemask+0x27c/0x720
[  478.456778][ T8886]  ? __lock_acquire+0xab9/0xd20
[  478.456810][ T8886]  alloc_pages_mpol+0x232/0x4a0
[  478.456836][ T8886]  vma_alloc_folio_noprof+0xe4/0x200
[  478.456859][ T8886]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  478.456894][ T8886]  folio_prealloc+0x30/0x180
[  478.456917][ T8886]  __handle_mm_fault+0x2c88/0x5620
[  478.456968][ T8886]  ? __pfx___handle_mm_fault+0x10/0x10
[  478.457020][ T8886]  ? find_vma+0xe7/0x160
[  478.457037][ T8886]  ? __pfx_find_vma+0x10/0x10
[  478.457058][ T8886]  handle_mm_fault+0x2d5/0x7f0
[  478.457099][ T8886]  do_user_addr_fault+0x764/0x1390
[  478.457143][ T8886]  exc_page_fault+0x76/0xf0
[  478.457163][ T8886]  asm_exc_page_fault+0x26/0x30
[  478.457181][ T8886] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  478.457207][ T8886] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  478.457222][ T8886] RSP: 0018:ffffc9000bc979d8 EFLAGS: 00050202
[  478.457239][ T8886] RAX: ffffffff84b6e501 RBX: ffff888077e89880 RCX: 0000000000000048
[  478.457253][ T8886] RDX: 0000000000000000 RSI: ffff888077e89880 RDI: 0000200000002b00
[  478.457267][ T8886] RBP: ffffc9000bc97b30 R08: ffff888077e898c7 R09: 1ffff1100efd1318
[  478.457281][ T8886] R10: dffffc0000000000 R11: ffffed100efd1319 R12: 1ffff92001792faf
[  478.457293][ T8886] R13: 0000200000002b00 R14: ffffc9000bc97d88 R15: 0000000000000048
[  478.457318][ T8886]  ? _copy_to_iter+0x1e1/0x16f0
[  478.457349][ T8886]  _copy_to_iter+0x24c/0x16f0
[  478.457380][ T8886]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  478.457408][ T8886]  ? __pfx__copy_to_iter+0x10/0x10
[  478.457430][ T8886]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  478.457458][ T8886]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  478.457490][ T8886]  ? finish_wait+0xcd/0x1f0
[  478.457518][ T8886]  vhost_chr_read_iter+0x4f4/0x6e0
[  478.457556][ T8886]  ? __pfx_vhost_chr_read_iter+0x10/0x10
[  478.457579][ T8886]  ? rcu_read_lock_any_held+0xb3/0x120
[  478.457602][ T8886]  ? __pfx_autoremove_wake_function+0x10/0x10
[  478.457629][ T8886]  ? bpf_lsm_file_permission+0x9/0x20
[  478.457650][ T8886]  ? security_file_permission+0x75/0x290
[  478.457680][ T8886]  vfs_read+0x4d0/0x980
[  478.457718][ T8886]  ? __pfx_vfs_read+0x10/0x10
[  478.457757][ T8886]  ? __fget_files+0x2a/0x420
[  478.457794][ T8886]  ksys_read+0x145/0x250
[  478.457815][ T8886]  ? __pfx_ksys_read+0x10/0x10
[  478.457830][ T8886]  ? rcu_is_watching+0x15/0xb0
[  478.457856][ T8886]  ? do_syscall_64+0xbe/0x3b0
[  478.457882][ T8886]  do_syscall_64+0xfa/0x3b0
[  478.457901][ T8886]  ? lockdep_hardirqs_on+0x9c/0x150
[  478.457920][ T8886]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.457938][ T8886]  ? clear_bhb_loop+0x60/0xb0
[  478.457961][ T8886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.457979][ T8886] RIP: 0033:0x7f3450f8ebe9
[  478.457995][ T8886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  478.458010][ T8886] RSP: 002b:00007f3451e39038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  478.458028][ T8886] RAX: ffffffffffffffda RBX: 00007f34511b6090 RCX: 00007f3450f8ebe9
[  478.458041][ T8886] RDX: 0000000000002020 RSI: 0000200000002b00 RDI: 0000000000000003
[  478.458053][ T8886] RBP: 00007f3451e39090 R08: 0000000000000000 R09: 0000000000000000
[  478.458065][ T8886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  478.458076][ T8886] R13: 00007f34511b6128 R14: 00007f34511b6090 R15: 00007ffc933e4a08
[  478.458107][ T8886]  </TASK>
[  478.673403][    C0] vkms_vblank_simulate: vblank timer overrun
[  478.921824][    C0] vkms_vblank_simulate: vblank timer overrun
[  482.952192][ T5854] Bluetooth: hci0: command 0x0406 tx timeout
[  485.349411][ T8929] netlink: 12 bytes leftover after parsing attributes in process `syz.3.731'.
[  485.938256][ T8763] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  486.242130][ T8763] usb 2-1: Using ep0 maxpacket: 32
[  486.383558][ T8763] usb 2-1: config 0 has an invalid interface number: 78 but max is 0
[  486.486598][ T8763] usb 2-1: config 0 has no interface number 0
[  486.590577][ T8763] usb 2-1: config 0 interface 78 has no altsetting 0
[  486.803950][ T8763] usb 2-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=9b.26
[  486.924133][ T8763] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.064474][ T8763] usb 2-1: Product: syz
[  487.110447][ T8763] usb 2-1: Manufacturer: syz
[  487.180228][ T8763] usb 2-1: SerialNumber: syz
[  487.530324][ T8763] usb 2-1: config 0 descriptor??
[  487.560459][ T8924] lo speed is unknown, defaulting to 1000
[  487.969500][ T8763]  (null): radio-mr800 - initialization failed
[  488.372305][ T8763] radio-mr800 2-1:0.78: probe with driver radio-mr800 failed with error -8
[  488.466601][ T8938] netlink: 8 bytes leftover after parsing attributes in process `syz.2.735'.
[  488.470708][ T8763] usbhid 2-1:0.78: couldn't find an input interrupt endpoint
[  488.933448][ T8763] usb 2-1: USB disconnect, device number 10
[  489.007499][ T8940] FAULT_INJECTION: forcing a failure.
[  489.007499][ T8940] name failslab, interval 1, probability 0, space 0, times 0
[  489.051974][ T8940] CPU: 0 UID: 0 PID: 8940 Comm: syz.2.736 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  489.052006][ T8940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  489.052016][ T8940] Call Trace:
[  489.052022][ T8940]  <TASK>
[  489.052029][ T8940]  dump_stack_lvl+0x189/0x250
[  489.052054][ T8940]  ? __pfx____ratelimit+0x10/0x10
[  489.052073][ T8940]  ? __pfx_dump_stack_lvl+0x10/0x10
[  489.052093][ T8940]  ? __pfx__printk+0x10/0x10
[  489.052121][ T8940]  ? __pfx___might_resched+0x10/0x10
[  489.052145][ T8940]  should_fail_ex+0x414/0x560
[  489.052169][ T8940]  should_failslab+0xa8/0x100
[  489.052192][ T8940]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  489.052211][ T8940]  ? __alloc_skb+0x112/0x2d0
[  489.052238][ T8940]  __alloc_skb+0x112/0x2d0
[  489.052265][ T8940]  netlink_sendmsg+0x5c6/0xb30
[  489.052301][ T8940]  ? __pfx_netlink_sendmsg+0x10/0x10
[  489.052333][ T8940]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  489.052353][ T8940]  ? __pfx_netlink_sendmsg+0x10/0x10
[  489.052380][ T8940]  __sock_sendmsg+0x21c/0x270
[  489.052405][ T8940]  ____sys_sendmsg+0x505/0x830
[  489.052439][ T8940]  ? __pfx_____sys_sendmsg+0x10/0x10
[  489.052481][ T8940]  ? import_iovec+0x74/0xa0
[  489.052508][ T8940]  ___sys_sendmsg+0x21f/0x2a0
[  489.052537][ T8940]  ? __pfx____sys_sendmsg+0x10/0x10
[  489.052599][ T8940]  ? __fget_files+0x2a/0x420
[  489.052618][ T8940]  ? __fget_files+0x3a0/0x420
[  489.052647][ T8940]  __x64_sys_sendmsg+0x19b/0x260
[  489.052676][ T8940]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  489.052708][ T8940]  ? __pfx_ksys_write+0x10/0x10
[  489.052721][ T8940]  ? rcu_is_watching+0x15/0xb0
[  489.052744][ T8940]  ? do_syscall_64+0xbe/0x3b0
[  489.052767][ T8940]  do_syscall_64+0xfa/0x3b0
[  489.052784][ T8940]  ? lockdep_hardirqs_on+0x9c/0x150
[  489.052802][ T8940]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.052821][ T8940]  ? clear_bhb_loop+0x60/0xb0
[  489.052846][ T8940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.052863][ T8940] RIP: 0033:0x7faed278ebe9
[  489.052878][ T8940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  489.052894][ T8940] RSP: 002b:00007faed09f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  489.052915][ T8940] RAX: ffffffffffffffda RBX: 00007faed29b5fa0 RCX: 00007faed278ebe9
[  489.052930][ T8940] RDX: 0000000004000010 RSI: 0000200000000cc0 RDI: 0000000000000003
[  489.052943][ T8940] RBP: 00007faed09f6090 R08: 0000000000000000 R09: 0000000000000000
[  489.052955][ T8940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  489.052966][ T8940] R13: 00007faed29b6038 R14: 00007faed29b5fa0 R15: 00007ffc98d449e8
[  489.052998][ T8940]  </TASK>
[  490.142502][ T8946] netlink: 32 bytes leftover after parsing attributes in process `syz.1.738'.
[  490.451403][ T2149] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  490.802254][ T2149] usb 1-1: Using ep0 maxpacket: 8
[  490.892645][ T8955] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  490.912218][ T2149] usb 1-1: config 64 has an invalid interface number: 19 but max is 0
[  490.950998][ T2149] usb 1-1: config 64 has no interface number 0
[  490.964012][ T2149] usb 1-1: New USB device found, idVendor=2201, idProduct=012c, bcdDevice=3f.e0
[  490.988297][ T2149] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  491.800611][ T2149] usb 1-1: probing VID:PID(2201:012C)   
[  491.829715][ T2149] usb 1-1: Could not find two sets of bulk-in/out endpoint pairs
[  491.938412][ T2149] vub300 1-1:64.19: probe with driver vub300 failed with error -22
[  493.117286][   T92] usb 1-1: USB disconnect, device number 9
[  493.310543][ T8982] FAULT_INJECTION: forcing a failure.
[  493.310543][ T8982] name failslab, interval 1, probability 0, space 0, times 0
[  493.371551][ T8982] CPU: 0 UID: 0 PID: 8982 Comm: syz.3.747 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  493.371574][ T8982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  493.371581][ T8982] Call Trace:
[  493.371586][ T8982]  <TASK>
[  493.371591][ T8982]  dump_stack_lvl+0x189/0x250
[  493.371608][ T8982]  ? __pfx____ratelimit+0x10/0x10
[  493.371619][ T8982]  ? __pfx_dump_stack_lvl+0x10/0x10
[  493.371630][ T8982]  ? __pfx__printk+0x10/0x10
[  493.371644][ T8982]  ? __pfx___might_resched+0x10/0x10
[  493.371656][ T8982]  ? fs_reclaim_acquire+0x7d/0x100
[  493.371671][ T8982]  should_fail_ex+0x414/0x560
[  493.371685][ T8982]  should_failslab+0xa8/0x100
[  493.371697][ T8982]  __kmalloc_noprof+0xcb/0x4f0
[  493.371707][ T8982]  ? tomoyo_encode+0x28b/0x550
[  493.371723][ T8982]  tomoyo_encode+0x28b/0x550
[  493.371739][ T8982]  tomoyo_realpath_from_path+0x58d/0x5d0
[  493.371757][ T8982]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  493.371768][ T8982]  tomoyo_path_number_perm+0x1e8/0x5a0
[  493.371780][ T8982]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  493.371800][ T8982]  ? __lock_acquire+0xab9/0xd20
[  493.371821][ T8982]  ? __fget_files+0x2a/0x420
[  493.371834][ T8982]  ? __fget_files+0x2a/0x420
[  493.371844][ T8982]  ? __fget_files+0x3a0/0x420
[  493.371854][ T8982]  ? __fget_files+0x2a/0x420
[  493.371867][ T8982]  security_file_ioctl+0xcb/0x2d0
[  493.371880][ T8982]  __se_sys_ioctl+0x47/0x170
[  493.371897][ T8982]  do_syscall_64+0xfa/0x3b0
[  493.371907][ T8982]  ? lockdep_hardirqs_on+0x9c/0x150
[  493.371918][ T8982]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.371928][ T8982]  ? clear_bhb_loop+0x60/0xb0
[  493.371940][ T8982]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.371949][ T8982] RIP: 0033:0x7f180dd8ebe9
[  493.371959][ T8982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  493.371967][ T8982] RSP: 002b:00007f180ebfd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  493.371979][ T8982] RAX: ffffffffffffffda RBX: 00007f180dfb5fa0 RCX: 00007f180dd8ebe9
[  493.371986][ T8982] RDX: 0000000000000000 RSI: 00000000c25c4110 RDI: 0000000000000005
[  493.371992][ T8982] RBP: 00007f180ebfd090 R08: 0000000000000000 R09: 0000000000000000
[  493.371998][ T8982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  493.372009][ T8982] R13: 00007f180dfb6038 R14: 00007f180dfb5fa0 R15: 00007ffe538379a8
[  493.372036][ T8982]  </TASK>
[  493.643016][ T8982] ERROR: Out of memory at tomoyo_realpath_from_path.
[  493.752139][   T10] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[  493.959970][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  494.039520][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  494.049660][   T10] usb 3-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00
[  494.059802][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.071118][   T10] usb 3-1: config 0 descriptor??
[  494.076251][ T5899] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  494.848744][ T5899] usb 4-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.10
[  494.878512][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.898509][ T5899] usb 4-1: Product: syz
[  494.908958][ T5899] usb 4-1: Manufacturer: syz
[  494.922184][ T5899] usb 4-1: SerialNumber: syz
[  494.974255][ T5899] usb 4-1: config 0 descriptor??
[  494.996397][ T5899] go7007 4-1:0.0: probe with driver go7007 failed with error -12
[  495.091564][   T10] usbhid 3-1:0.0: can't add hid device: -71
[  495.114798][   T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  495.148481][   T10] usb 3-1: USB disconnect, device number 11
[  495.386869][ T8991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  495.792614][ T8991] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  495.867799][ T8648] usb 4-1: USB disconnect, device number 13
[  496.032442][ T9016] comedi comedi0: comedi_config --init_data is deprecated
[  499.928014][ T9048] xt_hashlimit: max too large, truncated to 1048576
[  501.542642][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  501.549007][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  503.262213][ T8648] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  503.802282][ T8648] usb 5-1: Using ep0 maxpacket: 16
[  503.868443][ T9081] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  504.019853][ T8648] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  504.057538][ T8648] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  504.312076][ T8648] usb 5-1: config 0 has no interface number 0
[  504.352224][ T8648] usb 5-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28
[  504.385861][ T8648] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.436061][ T8648] usb 5-1: Product: syz
[  504.464771][ T8648] usb 5-1: Manufacturer: syz
[  504.504903][ T8648] usb 5-1: SerialNumber: syz
[  504.563310][ T8648] usb 5-1: config 0 descriptor??
[  504.844968][ T8648] usb 5-1: Found UVC 0.00 device syz (046c:14e8)
[  504.917040][ T8648] usb 5-1: No valid video chain found.
[  505.814068][ T9093] infiniband syz1: set down
[  505.818695][ T9093] infiniband syz1: added ipvlan0
[  507.012910][ T9093] RDS/IB: syz1: added
[  507.018875][ T9093] smc: adding ib device syz1 with port count 1
[  507.028302][ T9093] smc:    ib device syz1 port 1 has pnetid 
[  507.251044][ T8648] usb 5-1: USB disconnect, device number 16
[  509.015352][ T9114] program syz.0.781 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  512.584476][ T9140] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  513.946895][ T9148] program syz.1.791 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  513.970097][ T9158] comedi comedi0: comedi_config --init_data is deprecated
[  514.571058][ T9167] comedi comedi0: comedi_config --init_data is deprecated
[  516.034643][   T30] audit: type=1326 audit(1755793281.859:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9180 comm="syz.2.799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faed278ebe9 code=0x7ffc0000
[  516.062512][   T30] audit: type=1326 audit(1755793281.859:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9180 comm="syz.2.799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7faed278ebe9 code=0x7ffc0000
[  516.084228][   T30] audit: type=1326 audit(1755793281.859:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9180 comm="syz.2.799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faed278ebe9 code=0x7ffc0000
[  516.106465][   T30] audit: type=1326 audit(1755793281.859:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9180 comm="syz.2.799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7faed278ebe9 code=0x7ffc0000
[  516.141463][   T30] audit: type=1326 audit(1755793281.859:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9180 comm="syz.2.799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faed278ebe9 code=0x7ffc0000
[  516.171899][   T30] audit: type=1326 audit(1755793281.859:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9180 comm="syz.2.799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7faed278ebe9 code=0x7ffc0000
[  516.243679][   T30] audit: type=1326 audit(1755793281.859:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9180 comm="syz.2.799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faed278ebe9 code=0x7ffc0000
[  516.312158][   T30] audit: type=1326 audit(1755793281.879:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9180 comm="syz.2.799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7faed278ebe9 code=0x7ffc0000
[  516.390225][ T9190] fuse: Unknown parameter '0x0000000000000003'
[  516.412496][   T30] audit: type=1326 audit(1755793281.879:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9180 comm="syz.2.799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faed278ebe9 code=0x7ffc0000
[  516.600837][   T30] audit: type=1326 audit(1755793281.879:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9180 comm="syz.2.799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7faed278ebe9 code=0x7ffc0000
[  516.842137][ T8648] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  517.062189][ T8648] usb 1-1: Using ep0 maxpacket: 16
[  517.198114][ T9203] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  517.265488][ T8648] usb 1-1: unable to get BOS descriptor or descriptor too short
[  517.523795][ T8648] usb 1-1: config 223 has an invalid interface number: 10 but max is 0
[  517.546361][ T8648] usb 1-1: config 223 has no interface number 0
[  517.572436][ T8648] usb 1-1: config 223 interface 10 has no altsetting 0
[  517.606053][ T8648] usb 1-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=b5.19
[  517.636746][ T8648] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  517.772325][ T8648] usb 1-1: Product: syz
[  517.785842][ T8648] usb 1-1: Manufacturer: syz
[  517.792576][ T8648] usb 1-1: SerialNumber: syz
[  517.822227][ T5920] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  517.982950][ T5920] usb 5-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  518.004468][ T5920] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  518.042286][ T5920] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  518.276811][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.866332][ T5920] aiptek 5-1:17.0: interface has no int in endpoints, but must have minimum 1
[  519.082829][ T5920] usb 5-1: USB disconnect, device number 17
[  519.879991][ T8648] usb 1-1: USB disconnect, device number 10
[  520.062605][ T9227] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  520.562138][ T8763] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  520.743083][ T8763] usb 3-1: Using ep0 maxpacket: 8
[  520.779694][ T8763] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  520.814979][ T8763] usb 3-1: config 0 has no interface number 0
[  520.829764][ T8763] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  520.919800][ T8763] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  520.948169][ T8763] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  521.007160][ T8763] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  521.057286][ T8763] usb 3-1: config 0 descriptor??
[  521.103975][ T8763] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  521.813046][ T9249] program syz.4.818 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  522.152692][   T10] usb 3-1: USB disconnect, device number 12
[  524.000366][ T9269] netlink: 12 bytes leftover after parsing attributes in process `syz.3.823'.
[  524.776411][ T9276] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  525.208540][ T9286] program syz.4.826 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  525.260016][    C1] sd 0:0:1:0: [sda] tag#5979 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  525.270748][    C1] sd 0:0:1:0: [sda] tag#5979 CDB: Write(6) 0a 00 00 00 00 00
[  525.311420][ T9287] comedi comedi0: comedi_config --init_data is deprecated
[  527.422111][ T8648] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  528.014953][ T8648] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  528.052173][ T8648] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[  528.111881][ T9307] kvm: kvm [9304]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x800
[  528.184304][ T8648] usb 3-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[  528.193680][ T8648] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  528.212106][ T8648] usb 3-1: Product: syz
[  528.222097][ T8648] usb 3-1: Manufacturer: syz
[  528.226739][ T8648] usb 3-1: SerialNumber: syz
[  528.237498][ T8648] usb 3-1: config 0 descriptor??
[  528.245870][ T9307] kvm: kvm [9304]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x800
[  528.305213][ T9307] kvm: kvm [9304]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x800
[  528.348492][ T9307] kvm: kvm [9304]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x800
[  528.381987][ T9307] kvm: kvm [9304]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0
[  528.471534][ T8648] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  529.152111][ T8648] usb 3-1: USB disconnect, device number 13
[  529.595607][ T9327] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  529.948429][ T8648] libceph: connect (1)[c::]:6789 error -101
[  529.970551][ T8648] libceph: mon0 (1)[c::]:6789 connect error
[  529.987281][ T8648] libceph: connect (1)[c::]:6789 error -101
[  529.998804][ T8648] libceph: mon0 (1)[c::]:6789 connect error
[  530.262675][ T8763] libceph: connect (1)[c::]:6789 error -101
[  530.268783][ T8763] libceph: mon0 (1)[c::]:6789 connect error
[  530.364964][ T9346] netlink: 4268 bytes leftover after parsing attributes in process `syz.2.845'.
[  530.374807][ T9346] netlink: 4268 bytes leftover after parsing attributes in process `syz.2.845'.
[  530.957521][ T8763] libceph: connect (1)[c::]:6789 error -101
[  530.993913][ T8763] libceph: mon0 (1)[c::]:6789 connect error
[  531.143879][ T9331] ceph: No mds server is up or the cluster is laggy
[  531.410835][ T9356] netlink: 8 bytes leftover after parsing attributes in process `syz.2.851'.
[  531.471908][ T9356] netlink: 8 bytes leftover after parsing attributes in process `syz.2.851'.
[  534.983743][ T9380] netlink: 8 bytes leftover after parsing attributes in process `syz.3.858'.
[  534.993654][ T9380] netlink: 8 bytes leftover after parsing attributes in process `syz.3.858'.
[  535.541572][ T9385] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  535.610867][    T9] libceph: connect (1)[c::]:6789 error -101
[  535.653365][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  535.973059][    T9] libceph: connect (1)[c::]:6789 error -101
[  536.161849][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  540.079198][    T9] libceph: connect (1)[c::]:6789 error -101
[  540.115505][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  540.150552][ T9387] ceph: No mds server is up or the cluster is laggy
[  540.154308][    T9] libceph: connect (1)[c::]:6789 error -101
[  540.179608][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  540.532550][   T92] libceph: connect (1)[c::]:6789 error -101
[  540.544252][   T92] libceph: mon0 (1)[c::]:6789 connect error
[  541.020203][ T9404] syz.1.865 (9404) used greatest stack depth: 20072 bytes left
[  541.274599][ T9421] netlink: 'syz.2.870': attribute type 10 has an invalid length.
[  541.297712][ T9421] team0: Device ipvlan1 failed to register rx_handler
[  541.818870][ T9421] syz.2.870 (9421) used greatest stack depth: 20008 bytes left
[  541.839890][ T9418] FAULT_INJECTION: forcing a failure.
[  541.839890][ T9418] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  541.892248][ T9418] CPU: 1 UID: 0 PID: 9418 Comm: syz.0.871 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  541.892276][ T9418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  541.892289][ T9418] Call Trace:
[  541.892298][ T9418]  <TASK>
[  541.892306][ T9418]  dump_stack_lvl+0x189/0x250
[  541.892337][ T9418]  ? __pfx____ratelimit+0x10/0x10
[  541.892357][ T9418]  ? __pfx_dump_stack_lvl+0x10/0x10
[  541.892377][ T9418]  ? __pfx__printk+0x10/0x10
[  541.892400][ T9418]  ? __might_fault+0xb0/0x130
[  541.892429][ T9418]  should_fail_ex+0x414/0x560
[  541.892453][ T9418]  _copy_from_user+0x2d/0xb0
[  541.892486][ T9418]  kstrtouint_from_user+0xc4/0x170
[  541.892511][ T9418]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  541.892551][ T9418]  proc_fail_nth_write+0x88/0x240
[  541.892573][ T9418]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  541.892601][ T9418]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  541.892627][ T9418]  vfs_write+0x27e/0xa90
[  541.892664][ T9418]  ? __pfx_vfs_write+0x10/0x10
[  541.892684][ T9418]  ? __fget_files+0x2a/0x420
[  541.892711][ T9418]  ? __fget_files+0x3a0/0x420
[  541.892730][ T9418]  ? __fget_files+0x2a/0x420
[  541.892761][ T9418]  ksys_write+0x145/0x250
[  541.892783][ T9418]  ? __pfx_ksys_write+0x10/0x10
[  541.892798][ T9418]  ? rcu_is_watching+0x15/0xb0
[  541.892823][ T9418]  ? do_syscall_64+0xbe/0x3b0
[  541.892847][ T9418]  do_syscall_64+0xfa/0x3b0
[  541.892865][ T9418]  ? lockdep_hardirqs_on+0x9c/0x150
[  541.892884][ T9418]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  541.892900][ T9418]  ? clear_bhb_loop+0x60/0xb0
[  541.892921][ T9418]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  541.892938][ T9418] RIP: 0033:0x7f9a9a58d69f
[  541.892954][ T9418] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  541.892970][ T9418] RSP: 002b:00007f9a9b446030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  541.892989][ T9418] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9a9a58d69f
[  541.893002][ T9418] RDX: 0000000000000001 RSI: 00007f9a9b4460a0 RDI: 0000000000000004
[  541.893012][ T9418] RBP: 00007f9a9b446090 R08: 0000000000000000 R09: 0000000000000000
[  541.893021][ T9418] R10: 00000000000000f5 R11: 0000000000000293 R12: 0000000000000001
[  541.893036][ T9418] R13: 00007f9a9a7b6038 R14: 00007f9a9a7b5fa0 R15: 00007ffe8bd56c78
[  541.893065][ T9418]  </TASK>
[  543.192497][ T9438] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  543.570723][ T9449] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  543.580031][ T9449] cramfs: wrong magic
[  543.617589][ T9452] fuse: Bad value for 'fd'
[  545.246098][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  545.246117][   T30] audit: type=1326 audit(1755793311.069:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9470 comm="syz.0.885" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9a9a58ebe9 code=0x0
[  545.371117][ T9475] Failed to get privilege flags for destination (handle=0x2:0x0)
[  548.362240][   T10] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  548.523585][   T10] usb 5-1: Using ep0 maxpacket: 16
[  548.558520][ T9508] FAULT_INJECTION: forcing a failure.
[  548.558520][ T9508] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  548.564849][   T10] usb 5-1: too many configurations: 123, using maximum allowed: 8
[  548.632254][ T9508] CPU: 1 UID: 0 PID: 9508 Comm: syz.3.896 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  548.632284][ T9508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  548.632297][ T9508] Call Trace:
[  548.632305][ T9508]  <TASK>
[  548.632314][ T9508]  dump_stack_lvl+0x189/0x250
[  548.632340][ T9508]  ? __pfx____ratelimit+0x10/0x10
[  548.632362][ T9508]  ? __pfx_dump_stack_lvl+0x10/0x10
[  548.632384][ T9508]  ? __pfx__printk+0x10/0x10
[  548.632411][ T9508]  ? fs_reclaim_acquire+0x7d/0x100
[  548.632444][ T9508]  should_fail_ex+0x414/0x560
[  548.632469][ T9508]  prepare_alloc_pages+0x213/0x610
[  548.632501][ T9508]  __alloc_frozen_pages_noprof+0x123/0x370
[  548.632531][ T9508]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  548.632565][ T9508]  ? policy_nodemask+0x27c/0x720
[  548.632592][ T9508]  alloc_pages_mpol+0x232/0x4a0
[  548.632618][ T9508]  vma_alloc_folio_noprof+0xe4/0x200
[  548.632642][ T9508]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  548.632684][ T9508]  folio_prealloc+0x30/0x180
[  548.632706][ T9508]  do_wp_page+0x1231/0x5800
[  548.632759][ T9508]  ? __pfx_do_wp_page+0x10/0x10
[  548.632784][ T9508]  ? do_raw_spin_lock+0x121/0x290
[  548.632813][ T9508]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  548.632846][ T9508]  __handle_mm_fault+0x1144/0x5620
[  548.632896][ T9508]  ? __pfx___handle_mm_fault+0x10/0x10
[  548.632947][ T9508]  ? find_vma+0xe7/0x160
[  548.632964][ T9508]  ? __pfx_find_vma+0x10/0x10
[  548.632985][ T9508]  handle_mm_fault+0x2d5/0x7f0
[  548.633024][ T9508]  do_user_addr_fault+0x764/0x1390
[  548.633070][ T9508]  exc_page_fault+0x76/0xf0
[  548.633093][ T9508]  asm_exc_page_fault+0x26/0x30
[  548.633110][ T9508] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  548.633135][ T9508] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  548.633151][ T9508] RSP: 0018:ffffc90005507658 EFLAGS: 00050202
[  548.633167][ T9508] RAX: ffffffff84b6e701 RBX: ffff88802975c000 RCX: 0000000000000e5c
[  548.633182][ T9508] RDX: 0000000000000000 RSI: ffff88802975c000 RDI: 0000200000004700
[  548.633194][ T9508] RBP: ffffc900055077b0 R08: ffff88802975ce5b R09: 1ffff110052eb9cb
[  548.633216][ T9508] R10: dffffc0000000000 R11: ffffed10052eb9cc R12: dffffc0000000000
[  548.633230][ T9508] R13: 0000000000000000 R14: 00007ffffffff000 R15: 0000000000000e5c
[  548.633251][ T9508]  ? _copy_to_iter+0x3e1/0x16f0
[  548.633284][ T9508]  _copy_to_iter+0x484/0x16f0
[  548.633321][ T9508]  ? __pfx__copy_to_iter+0x10/0x10
[  548.633342][ T9508]  ? __skb_try_recv_from_queue+0x2b2/0x730
[  548.633370][ T9508]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  548.633397][ T9508]  __skb_datagram_iter+0xf8/0x990
[  548.633418][ T9508]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  548.633449][ T9508]  skb_copy_datagram_iter+0xc5/0x230
[  548.633474][ T9508]  netlink_recvmsg+0x2ab/0xa30
[  548.633512][ T9508]  ? __pfx_netlink_recvmsg+0x10/0x10
[  548.633548][ T9508]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  548.633567][ T9508]  ? security_socket_recvmsg+0x7e/0x2e0
[  548.633586][ T9508]  ? __pfx_netlink_recvmsg+0x10/0x10
[  548.633612][ T9508]  sock_recvmsg+0x22c/0x270
[  548.633639][ T9508]  ____sys_recvmsg+0x1c9/0x460
[  548.633668][ T9508]  ? __pfx_____sys_recvmsg+0x10/0x10
[  548.633704][ T9508]  ? import_iovec+0x74/0xa0
[  548.633734][ T9508]  ___sys_recvmsg+0x1b5/0x510
[  548.633759][ T9508]  ? __pfx____sys_recvmsg+0x10/0x10
[  548.633806][ T9508]  ? __fget_files+0x3a0/0x420
[  548.633840][ T9508]  __x64_sys_recvmsg+0x198/0x260
[  548.633862][ T9508]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  548.633892][ T9508]  ? __pfx_ksys_write+0x10/0x10
[  548.633907][ T9508]  ? rcu_is_watching+0x15/0xb0
[  548.633933][ T9508]  ? do_syscall_64+0xbe/0x3b0
[  548.633958][ T9508]  do_syscall_64+0xfa/0x3b0
[  548.633978][ T9508]  ? lockdep_hardirqs_on+0x9c/0x150
[  548.633997][ T9508]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.634016][ T9508]  ? clear_bhb_loop+0x60/0xb0
[  548.634040][ T9508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.634059][ T9508] RIP: 0033:0x7f180dd8ebe9
[  548.634076][ T9508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  548.634093][ T9508] RSP: 002b:00007f180ebfd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  548.634112][ T9508] RAX: ffffffffffffffda RBX: 00007f180dfb5fa0 RCX: 00007f180dd8ebe9
[  548.634127][ T9508] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  548.634139][ T9508] RBP: 00007f180ebfd090 R08: 0000000000000000 R09: 0000000000000000
[  548.634151][ T9508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  548.634163][ T9508] R13: 00007f180dfb6038 R14: 00007f180dfb5fa0 R15: 00007ffe538379a8
[  548.634195][ T9508]  </TASK>
[  549.101813][    C1] vkms_vblank_simulate: vblank timer overrun
[  549.123384][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  549.445052][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  549.557194][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  549.579268][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  549.597706][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  549.615984][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  549.637961][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  549.840477][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  549.861127][   T10] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  549.921091][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45
[  549.934001][   T10] usb 5-1: SerialNumber: syz
[  549.998825][   T10] usb 5-1: config 0 descriptor??
[  550.051080][   T10] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input7
[  550.506617][ T9505] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  550.532599][ T9505] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  550.715474][   T30] audit: type=1800 audit(1755793316.429:55): pid=9522 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.900" name="/" dev="9p" ino=2 res=0 errno=0
[  550.982322][ T5192] bcm5974 5-1:0.0: could not read from device
[  551.014223][ T5192] bcm5974 5-1:0.0: could not read from device
[  551.020744][   T10] usb 5-1: USB disconnect, device number 18
[  551.894468][ T9536] dlm: no locking on control device
[  554.862847][ T9560] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  555.319377][   T10] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  556.526415][ T9575] comedi comedi0: comedi_config --init_data is deprecated
[  557.006371][ T5854] Bluetooth: hci0: unexpected event for opcode 0x1002
[  557.481071][ T9587] dlm: no locking on control device
[  560.094760][ T9607] comedi comedi0: comedi_config --init_data is deprecated
[  561.199074][ T9600] overlayfs: failed to decode file handle (len=24, type=251, flags=0, err=-22)
[  561.565366][ T9615] netlink: 260 bytes leftover after parsing attributes in process `syz.4.923'.
[  561.653380][ T9619] vivid-000: =================  START STATUS  =================
[  561.661300][ T9619] vivid-000: Test Pattern: 75% Colorbar
[  561.668060][ T9619] vivid-000: Fill Percentage of Frame: 100
[  561.674518][ T9619] vivid-000: Horizontal Movement: No Movement
[  561.680749][ T9619] vivid-000: Vertical Movement: No Movement
[  561.687451][ T9619] vivid-000: OSD Text Mode: All
[  561.693140][ T9619] vivid-000: Show Border: false
[  561.698150][ T9619] vivid-000: Show Square: false
[  561.703445][ T9619] vivid-000: Sensor Flipped Horizontally: false
[  561.710137][ T9619] vivid-000: Sensor Flipped Vertically: false
[  561.716759][ T9619] vivid-000: Insert SAV Code in Image: false
[  561.722932][ T9619] vivid-000: Insert EAV Code in Image: false
[  561.729095][ T9619] vivid-000: Insert Video Guard Band: false
[  561.735450][ T9619] vivid-000: Reduced Framerate: false
[  561.741074][ T9619] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  561.748944][ T9619] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  561.757086][ T9619] vivid-000: Enable Capture Cropping: true
[  561.763364][ T9619] vivid-000: Enable Capture Composing: true
[  561.769386][ T9619] vivid-000: Enable Capture Scaler: true
[  561.775427][ T9619] vivid-000: Timestamp Source: End of Frame
[  561.781631][ T9619] vivid-000: Colorspace: sRGB
[  561.787243][ T9619] vivid-000: Transfer Function: Default
[  561.793646][ T9619] vivid-000: Y'CbCr Encoding: Default
[  561.799186][ T9619] vivid-000: HSV Encoding: Hue 0-179
[  561.804789][ T9619] vivid-000: Quantization: Default
[  561.810062][ T9619] vivid-000: Apply Alpha To Red Only: false
[  561.817860][ T9619] vivid-000: Standard Aspect Ratio: 4x3
[  561.823853][ T9619] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  561.831751][ T9619] vivid-000: DV Timings: 640x480p59 inactive
[  561.838026][ T9619] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  561.845494][ T9619] vivid-000: Maximum EDID Blocks: 2
[  561.850825][ T9619] vivid-000: Limited RGB Range (16-235): false
[  561.857512][ T9619] vivid-000: Rx RGB Quantization Range: Automatic
[  561.864261][ T9619] vivid-000: Power Present: 0x00000001
[  561.869978][ T9619] tpg source WxH: 320x240 (Y'CbCr)
[  561.875236][ T9619] tpg field: 1
[  561.878718][ T9619] tpg crop: (0,0)/320x240
[  561.883581][ T9619] tpg compose: (0,0)/320x240
[  561.889128][ T9619] tpg colorspace: 8
[  561.893508][ T9619] tpg transfer function: 0/0
[  561.898219][ T9619] tpg Y'CbCr encoding: 0/0
[  561.902743][ T9619] tpg quantization: 0/0
[  561.907016][ T9619] tpg RGB range: 0/2
[  561.910969][ T9619] vivid-000: ==================  END STATUS  ==================
[  563.049055][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  563.058464][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  563.612797][ T9531] Bluetooth: hci0: unexpected event for opcode 0x1002
[  563.926385][ T9651] dlm: no locking on control device
[  565.162410][ T9654] netlink: 40 bytes leftover after parsing attributes in process `syz.3.932'.
[  624.432098][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  624.441881][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  630.182469][ T5854] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  630.193228][ T5854] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  630.202557][ T5854] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  630.211242][ T5854] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  630.219202][ T5854] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  630.388801][ T9531] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  630.399549][ T9531] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  630.407989][ T9531] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  630.426088][ T9531] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  630.434307][ T9531] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  630.529466][ T5854] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  630.541838][ T5854] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  630.626698][ T5854] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  630.679287][ T9690] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  630.701748][ T9690] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  630.718062][ T9691] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  630.720010][ T6532] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  630.729588][ T9691] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  630.743379][ T5853] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  630.751539][ T5853] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  630.761495][ T9691] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  630.771437][ T9691] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  630.790613][ T9690] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  630.799475][ T9690] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  630.836860][ T9531] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  630.853695][ T9531] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  630.917355][ T6532] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  630.944429][ T9681] lo speed is unknown, defaulting to 1000
[  631.066547][ T6532] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  631.144483][ T9683] lo speed is unknown, defaulting to 1000
[  631.198453][ T6532] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  631.440607][ T6532] bridge_slave_1: left allmulticast mode
[  631.446681][ T6532] bridge_slave_1: left promiscuous mode
[  631.461162][ T6532] bridge0: port 2(bridge_slave_1) entered disabled state
[  631.476297][ T6532] bridge_slave_0: left allmulticast mode
[  631.481956][ T6532] bridge_slave_0: left promiscuous mode
[  631.489031][ T6532] bridge0: port 1(bridge_slave_0) entered disabled state
[  631.884859][ T6532] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  631.896025][ T6532] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  631.906666][ T6532] bond0 (unregistering): Released all slaves
[  631.932967][ T9685] lo speed is unknown, defaulting to 1000
[  632.325730][ T9692] lo speed is unknown, defaulting to 1000
[  632.412208][ T9531] Bluetooth: hci1: command tx timeout
[  632.499004][ T9681] chnl_net:caif_netlink_parms(): no params data found
[  632.503614][ T9531] Bluetooth: hci2: command tx timeout
[  632.626239][ T9688] lo speed is unknown, defaulting to 1000
[  632.892554][ T5854] Bluetooth: hci0: command tx timeout
[  632.892566][ T9690] Bluetooth: hci3: command tx timeout
[  632.904152][ T9531] Bluetooth: hci4: command tx timeout
[  632.969836][ T9681] bridge0: port 1(bridge_slave_0) entered blocking state
[  632.986556][ T9681] bridge0: port 1(bridge_slave_0) entered disabled state
[  632.994763][ T9681] bridge_slave_0: entered allmulticast mode
[  633.014762][ T9681] bridge_slave_0: entered promiscuous mode
[  633.140506][ T9681] bridge0: port 2(bridge_slave_1) entered blocking state
[  633.152504][ T9681] bridge0: port 2(bridge_slave_1) entered disabled state
[  633.161933][ T9681] bridge_slave_1: entered allmulticast mode
[  633.175368][ T9681] bridge_slave_1: entered promiscuous mode
[  633.298063][ T9681] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  633.318201][ T9683] chnl_net:caif_netlink_parms(): no params data found
[  633.341146][ T9681] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  633.576480][ T9681] team0: Port device team_slave_0 added
[  633.680152][ T9681] team0: Port device team_slave_1 added
[  633.755618][ T9681] batman_adv: batadv0: Adding interface: batadv_slave_0
[  633.763119][ T9681] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  633.790574][ T9681] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  633.888511][ T9681] batman_adv: batadv0: Adding interface: batadv_slave_1
[  633.896258][ T9681] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  633.928212][ T9681] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  633.941043][ T9683] bridge0: port 1(bridge_slave_0) entered blocking state
[  633.957311][ T9683] bridge0: port 1(bridge_slave_0) entered disabled state
[  633.967951][ T9683] bridge_slave_0: entered allmulticast mode
[  633.994650][ T9683] bridge_slave_0: entered promiscuous mode
[  634.140699][ T9683] bridge0: port 2(bridge_slave_1) entered blocking state
[  634.148256][ T9683] bridge0: port 2(bridge_slave_1) entered disabled state
[  634.155950][ T9683] bridge_slave_1: entered allmulticast mode
[  634.164128][ T9683] bridge_slave_1: entered promiscuous mode
[  634.256043][ T6532] hsr_slave_0: left promiscuous mode
[  634.264898][ T6532] hsr_slave_1: left promiscuous mode
[  634.271077][ T6532] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  634.279148][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_0
[  634.289137][ T6532] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  634.296938][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_1
[  634.319476][ T6532] veth1_macvtap: left promiscuous mode
[  634.325502][ T6532] veth0_macvtap: left promiscuous mode
[  634.331200][ T6532] veth1_vlan: left promiscuous mode
[  634.336701][ T6532] veth0_vlan: left promiscuous mode
[  634.496861][ T5854] Bluetooth: hci1: command tx timeout
[  634.573206][ T5854] Bluetooth: hci2: command tx timeout
[  634.768562][ T6532] team0 (unregistering): Port device team_slave_1 removed
[  634.810265][ T6532] team0 (unregistering): Port device team_slave_0 removed
[  634.973181][ T5854] Bluetooth: hci3: command tx timeout
[  634.982444][ T5854] Bluetooth: hci0: command tx timeout
[  634.987903][ T5854] Bluetooth: hci4: command tx timeout
[  635.191192][ T2973] smc: removing ib device s
z1
[  635.226456][ T9681] hsr_slave_0: entered promiscuous mode
[  635.233479][ T9681] hsr_slave_1: entered promiscuous mode
[  635.303936][ T5920] lo speed is unknown, defaulting to 1000
[  635.320680][ T5920] s
z1: Port: 1 Link DOWN
[  635.371575][ T9683] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  635.406188][ T9683] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  635.424476][ T9685] chnl_net:caif_netlink_parms(): no params data found
[  635.976702][ T9683] team0: Port device team_slave_0 added
[  636.117540][ T9683] team0: Port device team_slave_1 added
[  636.572329][ T5854] Bluetooth: hci1: command tx timeout
[  636.652648][ T5854] Bluetooth: hci2: command tx timeout
[  636.880988][ T9683] batman_adv: batadv0: Adding interface: batadv_slave_0
[  636.889595][ T9683] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  636.938809][ T9683] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  637.061016][ T5854] Bluetooth: hci0: command tx timeout
[  637.061033][ T9531] Bluetooth: hci4: command tx timeout
[  637.066933][ T9690] Bluetooth: hci3: command tx timeout
[  637.096092][ T9683] batman_adv: batadv0: Adding interface: batadv_slave_1
[  637.103845][ T9683] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  637.130269][ T9683] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  637.141737][ T9685] bridge0: port 1(bridge_slave_0) entered blocking state
[  637.149397][ T9685] bridge0: port 1(bridge_slave_0) entered disabled state
[  637.163980][ T9685] bridge_slave_0: entered allmulticast mode
[  637.189067][ T9685] bridge_slave_0: entered promiscuous mode
[  637.209360][ T9692] chnl_net:caif_netlink_parms(): no params data found
[  637.287932][ T9685] bridge0: port 2(bridge_slave_1) entered blocking state
[  637.296165][ T9685] bridge0: port 2(bridge_slave_1) entered disabled state
[  637.303930][ T9685] bridge_slave_1: entered allmulticast mode
[  637.312877][ T9685] bridge_slave_1: entered promiscuous mode
[  637.410498][ T9688] chnl_net:caif_netlink_parms(): no params data found
[  637.474554][ T9685] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  637.488095][ T9685] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  637.569019][ T9683] hsr_slave_0: entered promiscuous mode
[  637.579399][ T9683] hsr_slave_1: entered promiscuous mode
[  637.585609][ T9683] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  637.593867][ T9683] Cannot create hsr debugfs directory
[  637.633322][ T9692] bridge0: port 1(bridge_slave_0) entered blocking state
[  637.640504][ T9692] bridge0: port 1(bridge_slave_0) entered disabled state
[  637.647880][ T9692] bridge_slave_0: entered allmulticast mode
[  637.655647][ T9692] bridge_slave_0: entered promiscuous mode
[  637.695987][ T9685] team0: Port device team_slave_0 added
[  637.740055][ T9692] bridge0: port 2(bridge_slave_1) entered blocking state
[  637.747364][ T9692] bridge0: port 2(bridge_slave_1) entered disabled state
[  637.755328][ T9692] bridge_slave_1: entered allmulticast mode
[  637.763431][ T9692] bridge_slave_1: entered promiscuous mode
[  637.790888][ T9685] team0: Port device team_slave_1 added
[  637.820005][ T9681] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  637.904098][ T9681] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  637.919685][ T9692] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  637.931877][ T9692] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  637.952891][ T9685] batman_adv: batadv0: Adding interface: batadv_slave_0
[  637.959876][ T9685] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  637.986735][ T9685] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  638.001412][ T9685] batman_adv: batadv0: Adding interface: batadv_slave_1
[  638.008645][ T9685] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  638.035393][ T9685] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  638.054453][ T9681] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  638.096231][ T9688] bridge0: port 1(bridge_slave_0) entered blocking state
[  638.103845][ T9688] bridge0: port 1(bridge_slave_0) entered disabled state
[  638.111610][ T9688] bridge_slave_0: entered allmulticast mode
[  638.119057][ T9688] bridge_slave_0: entered promiscuous mode
[  638.156134][ T9681] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  638.184486][ T9688] bridge0: port 2(bridge_slave_1) entered blocking state
[  638.191934][ T9688] bridge0: port 2(bridge_slave_1) entered disabled state
[  638.200328][ T9688] bridge_slave_1: entered allmulticast mode
[  638.207649][ T9688] bridge_slave_1: entered promiscuous mode
[  638.250641][ T9692] team0: Port device team_slave_0 added
[  638.260367][ T9692] team0: Port device team_slave_1 added
[  638.367602][ T9688] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  638.388366][ T9685] hsr_slave_0: entered promiscuous mode
[  638.395090][ T9685] hsr_slave_1: entered promiscuous mode
[  638.401518][ T9685] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  638.409830][ T9685] Cannot create hsr debugfs directory
[  638.431954][ T9692] batman_adv: batadv0: Adding interface: batadv_slave_0
[  638.439131][ T9692] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  638.465609][ T9692] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  638.481118][ T9688] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  638.525265][ T9692] batman_adv: batadv0: Adding interface: batadv_slave_1
[  638.532817][ T9692] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  638.562088][ T9692] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  638.652229][ T5854] Bluetooth: hci1: command tx timeout
[  638.671140][ T9688] team0: Port device team_slave_0 added
[  638.680955][ T9688] team0: Port device team_slave_1 added
[  638.732382][ T5854] Bluetooth: hci2: command tx timeout
[  638.788266][ T9688] batman_adv: batadv0: Adding interface: batadv_slave_0
[  638.796878][ T9688] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  638.824464][ T9688] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  638.857892][ T9692] hsr_slave_0: entered promiscuous mode
[  638.866292][ T9692] hsr_slave_1: entered promiscuous mode
[  638.872833][ T9692] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  638.880422][ T9692] Cannot create hsr debugfs directory
[  638.920039][ T9688] batman_adv: batadv0: Adding interface: batadv_slave_1
[  638.927450][ T9688] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  638.953969][ T9688] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  638.994155][ T6532] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  639.136594][ T5854] Bluetooth: hci0: command tx timeout
[  639.136656][ T9690] Bluetooth: hci3: command tx timeout
[  639.142167][ T5854] Bluetooth: hci4: command tx timeout
[  639.155649][ T6532] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  639.193685][ T9688] hsr_slave_0: entered promiscuous mode
[  639.201639][ T9688] hsr_slave_1: entered promiscuous mode
[  639.208724][ T9688] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  639.220754][ T9688] Cannot create hsr debugfs directory
[  639.284804][ T6532] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  639.350577][ T6532] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  639.366658][ T9683] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  639.378590][ T9683] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  639.441941][ T9683] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  639.498010][ T9683] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  639.747164][ T6532] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  639.766021][ T9685] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  639.800843][ T9685] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  639.858778][ T6532] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  639.878224][ T9685] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  639.927353][ T9685] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  639.948579][ T9681] 8021q: adding VLAN 0 to HW filter on device bond0
[  639.997154][ T6532] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  640.037612][ T9692] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  640.048078][ T9692] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  640.063490][ T9692] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  640.085906][ T9681] 8021q: adding VLAN 0 to HW filter on device team0
[  640.118033][ T6532] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  640.133193][ T9692] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  640.179413][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  640.186713][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  640.228252][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  640.235426][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  640.388182][ T9688] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  640.430136][ T9688] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  640.466929][ T9688] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  640.506536][ T9688] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  640.536396][ T9683] 8021q: adding VLAN 0 to HW filter on device bond0
[  640.566506][ T6532] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  640.686810][ T6532] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  640.721318][ T9683] 8021q: adding VLAN 0 to HW filter on device team0
[  640.784447][ T6532] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  640.841596][ T3013] bridge0: port 1(bridge_slave_0) entered blocking state
[  640.848913][ T3013] bridge0: port 1(bridge_slave_0) entered forwarding state
[  640.869030][ T9685] 8021q: adding VLAN 0 to HW filter on device bond0
[  640.890292][ T6532] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  640.937318][ T2973] bridge0: port 2(bridge_slave_1) entered blocking state
[  640.944537][ T2973] bridge0: port 2(bridge_slave_1) entered forwarding state
[  640.970411][ T9692] 8021q: adding VLAN 0 to HW filter on device bond0
[  641.030924][ T9685] 8021q: adding VLAN 0 to HW filter on device team0
[  641.060334][ T9681] 8021q: adding VLAN 0 to HW filter on device batadv0
[  641.107180][ T9692] 8021q: adding VLAN 0 to HW filter on device team0
[  641.130397][ T6275] bridge0: port 1(bridge_slave_0) entered blocking state
[  641.137703][ T6275] bridge0: port 1(bridge_slave_0) entered forwarding state
[  641.206738][ T6275] bridge0: port 1(bridge_slave_0) entered blocking state
[  641.214065][ T6275] bridge0: port 1(bridge_slave_0) entered forwarding state
[  641.228993][ T6275] bridge0: port 2(bridge_slave_1) entered blocking state
[  641.236209][ T6275] bridge0: port 2(bridge_slave_1) entered forwarding state
[  641.253335][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  641.260456][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  641.390963][ T6532] bridge_slave_1: left allmulticast mode
[  641.402134][ T6532] bridge_slave_1: left promiscuous mode
[  641.407963][ T6532] bridge0: port 2(bridge_slave_1) entered disabled state
[  641.434624][ T6532] bridge_slave_0: left allmulticast mode
[  641.440328][ T6532] bridge_slave_0: left promiscuous mode
[  641.462289][ T6532] bridge0: port 1(bridge_slave_0) entered disabled state
[  641.474507][ T6532] bridge_slave_1: left allmulticast mode
[  641.480170][ T6532] bridge_slave_1: left promiscuous mode
[  641.489805][ T6532] bridge0: port 2(bridge_slave_1) entered disabled state
[  641.499906][ T6532] bridge_slave_0: left allmulticast mode
[  641.505820][ T6532] bridge_slave_0: left promiscuous mode
[  641.511531][ T6532] bridge0: port 1(bridge_slave_0) entered disabled state
[  641.523909][ T6532] bridge_slave_1: left allmulticast mode
[  641.529591][ T6532] bridge_slave_1: left promiscuous mode
[  641.536397][ T6532] bridge0: port 2(bridge_slave_1) entered disabled state
[  641.546531][ T6532] bridge_slave_0: left allmulticast mode
[  641.552509][ T6532] bridge_slave_0: left promiscuous mode
[  641.558958][ T6532] bridge0: port 1(bridge_slave_0) entered disabled state
[  641.999007][ T6532] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  642.009669][ T6532] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  642.022109][ T6532] bond0 (unregistering): Released all slaves
[  642.187919][ T6532] dvmrp17 (unregistering): left allmulticast mode
[  642.381136][ T6532] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  642.392265][ T6532] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  642.406645][ T6532] bond0 (unregistering): Released all slaves
[  642.419176][ T6532] bond1 (unregistering): Released all slaves
[  642.774765][ T6532] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  642.788805][ T6532] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  642.800601][ T6532] bond0 (unregistering): Released all slaves
[  642.965443][ T9688] 8021q: adding VLAN 0 to HW filter on device bond0
[  643.074444][ T9688] 8021q: adding VLAN 0 to HW filter on device team0
[  643.160947][ T6532] tipc: Left network mode
[  643.226112][ T2973] bridge0: port 1(bridge_slave_0) entered blocking state
[  643.233439][ T2973] bridge0: port 1(bridge_slave_0) entered forwarding state
[  643.248271][ T6532] tipc: Left network mode
[  643.258623][ T9683] 8021q: adding VLAN 0 to HW filter on device batadv0
[  643.274258][ T2973] bridge0: port 2(bridge_slave_1) entered blocking state
[  643.281443][ T2973] bridge0: port 2(bridge_slave_1) entered forwarding state
[  643.429960][ T6532] 
[  643.432335][ T6532] ======================================================
[  643.439365][ T6532] WARNING: possible circular locking dependency detected
[  643.446415][ T6532] 6.16.0-syzkaller #0 Not tainted
[  643.451449][ T6532] ------------------------------------------------------
[  643.458474][ T6532] kworker/u8:13/6532 is trying to acquire lock:
[  643.464813][ T6532] ffff88802366ce00 (team->team_lock_key#5){+.+.}-{4:4}, at: team_del_slave+0x32/0x1c0
[  643.474436][ T6532] 
[  643.474436][ T6532] but task is already holding lock:
[  643.481796][ T6532] ffff88806be88768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6d0
[  643.492170][ T6532] 
[  643.492170][ T6532] which lock already depends on the new lock.
[  643.492170][ T6532] 
[  643.502568][ T6532] 
[  643.502568][ T6532] the existing dependency chain (in reverse order) is:
[  643.511577][ T6532] 
[  643.511577][ T6532] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
[  643.519317][ T6532]        lock_acquire+0x120/0x360
[  643.524518][ T6532]        __mutex_lock+0x182/0xe80
[  643.529548][ T6532]        ieee80211_open+0xed/0x1f0
[  643.534655][ T6532]        __dev_open+0x470/0x880
[  643.539503][ T6532]        netif_open+0xaa/0x170
[  643.544261][ T6532]        dev_open+0x125/0x260
[  643.548934][ T6532]        team_add_slave+0xb36/0x2840
[  643.554214][ T6532]        do_set_master+0x530/0x6d0
[  643.559338][ T6532]        do_setlink+0xcf0/0x41c0
[  643.564287][ T6532]        rtnl_newlink+0x160b/0x1c70
[  643.569513][ T6532]        rtnetlink_rcv_msg+0x7cc/0xb70
[  643.575057][ T6532]        netlink_rcv_skb+0x205/0x470
[  643.580442][ T6532]        netlink_unicast+0x75c/0x8e0
[  643.585728][ T6532]        netlink_sendmsg+0x805/0xb30
[  643.591010][ T6532]        __sock_sendmsg+0x21c/0x270
[  643.596294][ T6532]        ____sys_sendmsg+0x505/0x830
[  643.601589][ T6532]        ___sys_sendmsg+0x21f/0x2a0
[  643.606910][ T6532]        __x64_sys_sendmsg+0x19b/0x260
[  643.612385][ T6532]        do_syscall_64+0xfa/0x3b0
[  643.617495][ T6532]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.624009][ T6532] 
[  643.624009][ T6532] -> #0 (team->team_lock_key#5){+.+.}-{4:4}:
[  643.632188][ T6532]        validate_chain+0xb9b/0x2140
[  643.637470][ T6532]        __lock_acquire+0xab9/0xd20
[  643.642663][ T6532]        lock_acquire+0x120/0x360
[  643.647679][ T6532]        __mutex_lock+0x182/0xe80
[  643.652713][ T6532]        team_del_slave+0x32/0x1c0
[  643.657823][ T6532]        team_device_event+0x285/0xa20
[  643.663275][ T6532]        notifier_call_chain+0x1b3/0x3e0
[  643.668989][ T6532]        unregister_netdevice_many_notify+0x15d8/0x2320
[  643.675932][ T6532]        unregister_netdevice_queue+0x33c/0x380
[  643.682173][ T6532]        _cfg80211_unregister_wdev+0x165/0x590
[  643.688324][ T6532]        ieee80211_remove_interfaces+0x49a/0x6d0
[  643.694648][ T6532]        ieee80211_unregister_hw+0x5d/0x2c0
[  643.700546][ T6532]        mac80211_hwsim_del_radio+0x275/0x460
[  643.706622][ T6532]        hwsim_exit_net+0x584/0x640
[  643.711825][ T6532]        ops_undo_list+0x497/0x990
[  643.717055][ T6532]        cleanup_net+0x4c5/0x800
[  643.721993][ T6532]        process_scheduled_works+0xade/0x17b0
[  643.728142][ T6532]        worker_thread+0x8a0/0xda0
[  643.733254][ T6532]        kthread+0x70e/0x8a0
[  643.737839][ T6532]        ret_from_fork+0x3fc/0x770
[  643.742967][ T6532]        ret_from_fork_asm+0x1a/0x30
[  643.748260][ T6532] 
[  643.748260][ T6532] other info that might help us debug this:
[  643.748260][ T6532] 
[  643.758478][ T6532]  Possible unsafe locking scenario:
[  643.758478][ T6532] 
[  643.765920][ T6532]        CPU0                    CPU1
[  643.771448][ T6532]        ----                    ----
[  643.776803][ T6532]   lock(&rdev->wiphy.mtx);
[  643.781476][ T6532]                                lock(team->team_lock_key#5);
[  643.788938][ T6532]                                lock(&rdev->wiphy.mtx);
[  643.795956][ T6532]   lock(team->team_lock_key#5);
[  643.800991][ T6532] 
[  643.800991][ T6532]  *** DEADLOCK ***
[  643.800991][ T6532] 
[  643.809217][ T6532] 5 locks held by kworker/u8:13/6532:
[  643.814677][ T6532]  #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  643.825740][ T6532]  #1: ffffc9001b3a7bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  643.836360][ T6532]  #2: ffffffff8f4fd310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[  643.845692][ T6532]  #3: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x55/0x2c0
[  643.855538][ T6532]  #4: ffff88806be88768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6d0
[  643.866334][ T6532] 
[  643.866334][ T6532] stack backtrace:
[  643.872318][ T6532] CPU: 0 UID: 0 PID: 6532 Comm: kworker/u8:13 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  643.872339][ T6532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  643.872351][ T6532] Workqueue: netns cleanup_net
[  643.872374][ T6532] Call Trace:
[  643.872381][ T6532]  <TASK>
[  643.872390][ T6532]  dump_stack_lvl+0x189/0x250
[  643.872411][ T6532]  ? __pfx_dump_stack_lvl+0x10/0x10
[  643.872428][ T6532]  ? __pfx__printk+0x10/0x10
[  643.872448][ T6532]  ? print_lock_name+0xde/0x100
[  643.872472][ T6532]  print_circular_bug+0x2ee/0x310
[  643.872493][ T6532]  check_noncircular+0x134/0x160
[  643.872513][ T6532]  validate_chain+0xb9b/0x2140
[  643.872534][ T6532]  ? lockdep_hardirqs_on+0x9c/0x150
[  643.872554][ T6532]  __lock_acquire+0xab9/0xd20
[  643.872571][ T6532]  ? team_del_slave+0x32/0x1c0
[  643.872591][ T6532]  lock_acquire+0x120/0x360
[  643.872604][ T6532]  ? team_del_slave+0x32/0x1c0
[  643.872626][ T6532]  ? __mutex_trylock_common+0x153/0x260
[  643.872647][ T6532]  __mutex_lock+0x182/0xe80
[  643.872664][ T6532]  ? team_del_slave+0x32/0x1c0
[  643.872684][ T6532]  ? rcu_is_watching+0x15/0xb0
[  643.872703][ T6532]  ? team_del_slave+0x32/0x1c0
[  643.872724][ T6532]  ? __pfx___mutex_lock+0x10/0x10
[  643.872741][ T6532]  ? bond_netdev_event+0xd9/0xe80
[  643.872765][ T6532]  ? __pfx___mutex_lock+0x10/0x10
[  643.872782][ T6532]  ? __pfx_bond_netdev_event+0x10/0x10
[  643.872807][ T6532]  team_del_slave+0x32/0x1c0
[  643.872829][ T6532]  team_device_event+0x285/0xa20
[  643.872846][ T6532]  notifier_call_chain+0x1b3/0x3e0
[  643.872866][ T6532]  unregister_netdevice_many_notify+0x15d8/0x2320
[  643.872890][ T6532]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  643.872909][ T6532]  ? __lock_acquire+0xab9/0xd20
[  643.872931][ T6532]  unregister_netdevice_queue+0x33c/0x380
[  643.872949][ T6532]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  643.872969][ T6532]  _cfg80211_unregister_wdev+0x165/0x590
[  643.872992][ T6532]  ieee80211_remove_interfaces+0x49a/0x6d0
[  643.873012][ T6532]  ? __pfx_synchronize_rcu+0x10/0x10
[  643.873031][ T6532]  ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[  643.873049][ T6532]  ? rcu_is_watching+0x15/0xb0
[  643.873068][ T6532]  ieee80211_unregister_hw+0x5d/0x2c0
[  643.873094][ T6532]  mac80211_hwsim_del_radio+0x275/0x460
[  643.873119][ T6532]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  643.873150][ T6532]  hwsim_exit_net+0x584/0x640
[  643.873171][ T6532]  ? __pfx_hwsim_exit_net+0x10/0x10
[  643.873191][ T6532]  ? __ip_vs_dev_cleanup_batch+0x238/0x260
[  643.873215][ T6532]  ops_undo_list+0x497/0x990
[  643.873239][ T6532]  ? __pfx_ops_undo_list+0x10/0x10
[  643.873263][ T6532]  cleanup_net+0x4c5/0x800
[  643.873285][ T6532]  ? __pfx_cleanup_net+0x10/0x10
[  643.873306][ T6532]  ? _raw_spin_unlock_irq+0x23/0x50
[  643.873320][ T6532]  ? process_scheduled_works+0x9ef/0x17b0
[  643.873336][ T6532]  ? process_scheduled_works+0x9ef/0x17b0
[  643.873353][ T6532]  process_scheduled_works+0xade/0x17b0
[  643.873379][ T6532]  ? __pfx_process_scheduled_works+0x10/0x10
[  643.873401][ T6532]  worker_thread+0x8a0/0xda0
[  643.873427][ T6532]  kthread+0x70e/0x8a0
[  643.873447][ T6532]  ? __pfx_worker_thread+0x10/0x10
[  643.873464][ T6532]  ? __pfx_kthread+0x10/0x10
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  643.873484][ T6532]  ? _raw_spin_unlock_irq+0x23/0x50
[  643.873497][ T6532]  ? lockdep_hardirqs_on+0x9c/0x150
[  643.873512][ T6532]  ? __pfx_kthread+0x10/0x10
[  643.873532][ T6532]  ret_from_fork+0x3fc/0x770
[  643.873548][ T6532]  ? __pfx_ret_from_fork+0x10/0x10
[  643.873565][ T6532]  ? __switch_to_asm+0x39/0x70
[  643.873583][ T6532]  ? __switch_to_asm+0x33/0x70
[  643.873602][ T6532]  ? __pfx_kthread+0x10/0x10
[  643.873621][ T6532]  ret_from_fork_asm+0x1a/0x30
[  643.873646][ T6532]  </TASK>
[  644.242285][ T6532] team0: Port device wlan1 removed
[  644.286307][ T9681] veth0_vlan: entered promiscuous mode
[  645.388747][ T6532] hsr_slave_0: left promiscuous mode
[  645.395253][ T6532] hsr_slave_1: left promiscuous mode
[  645.400864][ T6532] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  645.408530][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_0
[  645.419239][ T6532] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  645.427302][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_1
[  645.437974][ T6532] hsr_slave_0: left promiscuous mode
[  645.444912][ T6532] hsr_slave_1: left promiscuous mode
[  645.450800][ T6532] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  645.458832][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_0
[  645.468220][ T6532] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  645.475679][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_1
[  645.483479][ T6532] batman_adv: batadv0: Removing interface: virt_wifi0
[  645.493212][ T6532] hsr_slave_0: left promiscuous mode
[  645.498935][ T6532] hsr_slave_1: left promiscuous mode
[  645.504850][ T6532] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  645.512348][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_0
[  645.526426][ T6532] veth1_macvtap: left promiscuous mode
[  645.531948][ T6532] veth0_macvtap: left promiscuous mode
[  645.541653][ T6532] veth1_vlan: left promiscuous mode
[  645.547149][ T6532] veth0_vlan: left promiscuous mode
[  645.553416][ T6532] veth1_macvtap: left promiscuous mode
[  645.558920][ T6532] veth0_macvtap: left promiscuous mode
[  645.564668][ T6532] veth1_vlan: left promiscuous mode
[  645.570085][ T6532] veth0_vlan: left promiscuous mode
[  645.577464][ T6532] veth1_macvtap: left promiscuous mode
[  645.583257][ T6532] veth0_macvtap: left promiscuous mode
[  645.588829][ T6532] veth1_vlan: left promiscuous mode
[  645.594328][ T6532] veth0_vlan: left promiscuous mode
[  645.790771][ T6532] team0 (unregistering): Port device team_slave_1 removed
[  645.820734][ T6532] team0 (unregistering): Port device team_slave_0 removed
[  646.043715][ T6532] team0 (unregistering): Port device team_slave_1 removed
[  646.069945][ T6532] team0 (unregistering): Port device team_slave_0 removed
[  646.210747][ T6275] smc: removing ib device syz1
[  646.299088][ T6532] team0 (unregistering): Port device team_slave_1 removed
[  648.128997][ T6532] bridge_slave_1: left allmulticast mode
[  648.135002][ T6532] bridge_slave_1: left promiscuous mode
[  648.140655][ T6532] bridge0: port 2(bridge_slave_1) entered disabled state
[  648.148883][ T6532] bridge_slave_0: left allmulticast mode
[  648.154965][ T6532] bridge_slave_0: left promiscuous mode
[  648.160724][ T6532] bridge0: port 1(bridge_slave_0) entered disabled state
[  648.169391][ T6532] bridge_slave_1: left allmulticast mode
[  648.175850][ T6532] bridge_slave_1: left promiscuous mode
[  648.181481][ T6532] bridge0: port 2(bridge_slave_1) entered disabled state
[  648.190479][ T6532] bridge_slave_0: left allmulticast mode
[  648.196965][ T6532] bridge_slave_0: left promiscuous mode
[  648.202806][ T6532] bridge0: port 1(bridge_slave_0) entered disabled state
[  648.211886][ T6532] bridge_slave_1: left allmulticast mode
[  648.217897][ T6532] bridge_slave_1: left promiscuous mode
[  648.223878][ T6532] bridge0: port 2(bridge_slave_1) entered disabled state
[  648.231986][ T6532] bridge_slave_0: left allmulticast mode
[  648.237780][ T6532] bridge_slave_0: left promiscuous mode
[  648.244230][ T6532] bridge0: port 1(bridge_slave_0) entered disabled state
[  648.253819][ T6532] bridge_slave_1: left allmulticast mode
[  648.259464][ T6532] bridge_slave_1: left promiscuous mode
[  648.265726][ T6532] bridge0: port 2(bridge_slave_1) entered disabled state
[  648.274270][ T6532] bridge_slave_0: left allmulticast mode
[  648.279912][ T6532] bridge_slave_0: left promiscuous mode
[  648.285839][ T6532] bridge0: port 1(bridge_slave_0) entered disabled state
[  648.295108][ T6532] bridge_slave_1: left allmulticast mode
[  648.300867][ T6532] bridge_slave_1: left promiscuous mode
[  648.307105][ T6532] bridge0: port 2(bridge_slave_1) entered disabled state
[  648.315537][ T6532] bridge_slave_0: left allmulticast mode
[  648.321183][ T6532] bridge_slave_0: left promiscuous mode
[  648.327022][ T6532] bridge0: port 1(bridge_slave_0) entered disabled state
[  648.466788][ T6532] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  648.477654][ T6532] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  648.487063][ T6532] bond0 (unregistering): Released all slaves
[  648.548204][ T6532] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  648.559390][ T6532] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  648.568954][ T6532] bond0 (unregistering): Released all slaves
[  648.628436][ T6532] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  648.638118][ T6532] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  648.648348][ T6532] bond0 (unregistering): Released all slaves
[  648.704127][ T6532] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  648.713900][ T6532] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  648.724483][ T6532] bond0 (unregistering): Released all slaves
[  648.789498][ T6532] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  648.799344][ T6532] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  648.808824][ T6532] bond0 (unregistering): Released all slaves
[  648.916302][ T6532] hsr_slave_0: left promiscuous mode
[  648.923036][ T6532] hsr_slave_1: left promiscuous mode
[  648.928886][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_0
[  648.937032][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_1
[  648.947526][ T6532] hsr_slave_0: left promiscuous mode
[  648.953817][ T6532] hsr_slave_1: left promiscuous mode
[  648.959622][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_0
[  648.967546][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_1
[  648.977229][ T6532] hsr_slave_0: left promiscuous mode
[  648.983368][ T6532] hsr_slave_1: left promiscuous mode
[  648.990420][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_0
[  648.998417][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_1
[  649.009078][ T6532] hsr_slave_0: left promiscuous mode
[  649.018265][ T6532] hsr_slave_1: left promiscuous mode
[  649.024042][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_0
[  649.031748][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_1
[  649.042314][ T6532] hsr_slave_0: left promiscuous mode
[  649.048014][ T6532] hsr_slave_1: left promiscuous mode
[  649.054205][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_0
[  649.061741][ T6532] batman_adv: batadv0: Removing interface: batadv_slave_1
[  649.076494][ T6532] veth0_vlan: left promiscuous mode
[  649.241880][ T6532] team0 (unregistering): Port device team_slave_1 removed
[  649.269071][ T6532] team0 (unregistering): Port device team_slave_0 removed
[  649.420272][ T6532] team0 (unregistering): Port device team_slave_1 removed
[  649.441220][ T6532] team0 (unregistering): Port device team_slave_0 removed
[  649.563900][ T6532] team0 (unregistering): Port device team_slave_1 removed
[  649.586968][ T6532] team0 (unregistering): Port device team_slave_0 removed
[  649.738778][ T6532] team0 (unregistering): Port device team_slave_1 removed
[  649.764709][ T6532] team0 (unregistering): Port device team_slave_0 removed
[  649.918140][ T6532] team0 (unregistering): Port device team_slave_1 removed
[  649.928966][ T6532] team0 (unregistering): Port device team_slave_0 removed