last executing test programs:

9m53.511111974s ago: executing program 0 (id=235):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100))
getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newtaction={0x9, 0x30, 0x300, 0x0, 0x0, {0x0, 0x0, 0x6a00}}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x44000)
ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc0287c02, &(0x7f0000000240)={0x80000000, 0x0, 0x0})
rt_tgsigqueueinfo(0x0, 0x0, 0x13, &(0x7f0000000200)={0x34, 0x0, 0x80000000})
r1 = syz_open_dev$MSR(&(0x7f0000000000), 0xfffffffffffffffe, 0x0)
read$msr(r1, &(0x7f0000001b40)=""/102375, 0x4732)
r2 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x8, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000300)={0x41, 0x2, 0x0, "444900d730faa901000000000000000000f789981008d7b15b5700e46b8be100", 0x50424752})
r3 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000180)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000018, 0x0, 0x0, 0x0, 0x1a, 0xc, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x9]}})
io_setup(0x3d, &(0x7f0000000140))
r5 = timerfd_create(0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TFD_IOC_SET_TICKS(r5, 0x40085400, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x24, 0x5f, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0x5, 0x2}, {0x1, 0xe}}}, 0x24}}, 0x0)
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@setlink={0x44, 0x13, 0x4, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x18104, 0x282}, [@IFLA_GSO_MAX_SIZE={0x8, 0x29, 0xc891}, @IFLA_EXT_MASK={0x8, 0x1d, 0x1}, @IFLA_IFNAME={0x14, 0x3, 'caif0\x00'}]}, 0x44}}, 0x20004045)

9m51.167807053s ago: executing program 0 (id=240):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
setrlimit(0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
llistxattr(&(0x7f00000000c0)='./file0/../file0/file0\x00', 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_buf(r2, 0x6, 0x29, 0x0, &(0x7f0000695ffc))
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$evdev(&(0x7f0000000080), 0x6, 0x40000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x27fe)
mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_open_dev$usbfs(0x0, 0x76, 0x101b01)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x400000001, &(0x7f0000000300)={<r5=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0xfffffffe, @empty}, r5}}, 0x48)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000040)={0x13, 0x10, 0xfa00, {&(0x7f0000000780), r5, 0x2}}, 0x18)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={0x0})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)

9m49.495342772s ago: executing program 0 (id=243):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x100, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='mm_page_alloc\x00', r0, 0x0, 0x7}, 0x18)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = epoll_create1(0x0)
epoll_create1(0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r2, &(0x7f0000000040)={0x1})
r3 = openat$fb0(0xffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
ioctl$FBIOGET_CON2FBMAP(r3, 0x460f, &(0x7f00000000c0)={0xe, 0x2})
pread64(r2, &(0x7f0000000300)=""/192, 0xc0, 0x3f)

9m48.096239902s ago: executing program 0 (id=249):
r0 = syz_io_uring_setup(0xdaf, &(0x7f0000000180)={0x0, 0x2, 0x13291, 0x0, 0x3b3}, &(0x7f0000000100), &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
ioctl$int_in(r0, 0x5452, &(0x7f00000000c0)=0x8)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mount$afs(0x0, 0x0, &(0x7f0000000400), 0x800, &(0x7f0000000440)=ANY=[@ANYBLOB="736d61636b2c00000000000000000014000000"])
r5 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r5, 0xc01864b0, &(0x7f0000000000)={0x0, 0x0, 0xd, 0x0, 0x1000001})

9m45.857876839s ago: executing program 0 (id=251):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x480, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x7}, {0x0, [0x0, 0x5f, 0x2e, 0x2e, 0x30]}}, &(0x7f0000000180)=""/248, 0x1f, 0xf8, 0x1}, 0x28)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f00000005c0)=[{0x6}]})
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="8000000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000024000280140001800800010000000000080002007f0000010c000280050001000000000008000740000000000800034000"], 0x80}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x0, 0x2, 0x40020002, 0x0, 0xa17433da3c5d69ad, 0x2, 0x7f}, 0x9c)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x19, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800"/14, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000b7080000000000007b8af8ff00000000b7080000010000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r4}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000004080000000000000003000000000000000000000002000000000000000000000000000002000000000000000000000004"], 0x0, 0x56}, 0x28)
mknodat(0xffffffffffffffff, 0x0, 0xc000, 0x0)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)=ANY=[@ANYBLOB="140100002200010021000000000000000201"], 0x114}], 0x1}, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r6 = socket$netlink(0x10, 0x3, 0x0)
writev(r6, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

9m44.145718166s ago: executing program 0 (id=255):
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000040))
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="50000000020605000000000000000000000000000c00078008000640001000000500010006000000050005000200000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x50}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="40000000090601020000000000000000000000000900020073797a31000000000500010007000000180007800c00018008000140fffffffe0500030008"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$netlink(0x10, 0x3, 0x15)
sendmsg$netlink(r3, &(0x7f0000003500)={0x0, 0x0, &(0x7f00000034c0)=[{&(0x7f00000004c0)=ANY=[@ANYBLOB="e0000000130001000000000000000000f3c1837c3e366b798e3a850b657658215cbbbe26ac11b044d3e84eceaf37ff81b7bcefe98ef957720913fc8e5edcfec4f94edfbb6e1609f174d456c1c9e2e74a"], 0xe0}], 0x1}, 0x0)
sendmsg$NFNL_MSG_CTHELPER_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)={0x20, 0x1, 0x9, 0x5, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x1c}}]}, 0x20}, 0x1, 0x0, 0x0, 0x40001}, 0x498c0)
sendmsg$NFT_MSG_GETGEN(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x24000080}, 0x24000011)

9m28.967669043s ago: executing program 32 (id=255):
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000040))
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="50000000020605000000000000000000000000000c00078008000640001000000500010006000000050005000200000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x50}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="40000000090601020000000000000000000000000900020073797a31000000000500010007000000180007800c00018008000140fffffffe0500030008"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$netlink(0x10, 0x3, 0x15)
sendmsg$netlink(r3, &(0x7f0000003500)={0x0, 0x0, &(0x7f00000034c0)=[{&(0x7f00000004c0)=ANY=[@ANYBLOB="e0000000130001000000000000000000f3c1837c3e366b798e3a850b657658215cbbbe26ac11b044d3e84eceaf37ff81b7bcefe98ef957720913fc8e5edcfec4f94edfbb6e1609f174d456c1c9e2e74a"], 0xe0}], 0x1}, 0x0)
sendmsg$NFNL_MSG_CTHELPER_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)={0x20, 0x1, 0x9, 0x5, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x1c}}]}, 0x20}, 0x1, 0x0, 0x0, 0x40001}, 0x498c0)
sendmsg$NFT_MSG_GETGEN(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x24000080}, 0x24000011)

5m59.956091656s ago: executing program 3 (id=778):
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
syz_open_procfs(0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x2, '\x00', 0x0, r0}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000040), 0xa, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000140))
r3 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0xa2465)
ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0xc0884123, &(0x7f0000000000)=0x85)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, 0x0}, 0x20)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
syz_open_dev$loop(&(0x7f0000000080), 0x100047ffffa, 0x122c43)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xa, 0x4, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r6, <r7=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000380)=r5}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r7, &(0x7f00000001c0), 0x0}, 0x20)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000300)={{0xffffffffffffffff, 0x3, 0x0, 0x2}})
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r8, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x0, 0x0, 0x40000000, 0x0, 0x3}, 0x8})
write$sndseq(0xffffffffffffffff, &(0x7f0000000080)=[{0x1e, 0x0, 0x8, 0xfd, @time={0x7ffffffd, 0x4}, {}, {}, @result={0x100}}], 0x1c)

5m57.994131163s ago: executing program 3 (id=782):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x2, @empty, 0x2}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r2, 0x0, 0x5001)
socket$kcm(0x10, 0x2, 0x0)
mincore(&(0x7f0000184000/0x2000)=nil, 0x2000, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/dev_mcast\x00')
lseek(r3, 0x10000000005, 0x0)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c)
sendto$inet6(r4, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c)
shutdown(r4, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r4, 0x84, 0x1a, &(0x7f0000000040)={0x0, 0x15, "59040000a6be620bfa4a95f27cad0a0000000000c0"}, &(0x7f0000000300)=0x1d)
sendto$inet6(r0, &(0x7f0000000c80)='|', 0x1, 0xbcff, 0x0, 0x0)

5m57.742216977s ago: executing program 3 (id=783):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb010018000000000000007c0000007c00000002000000000000000000000e0000000000000000000000000600000d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c00000000000000000000000900000000000000000000000900000000000000000000000a0200000000009b75d70eee392609225fa7f91d430e5f1105e0b4a46099fb30c7d2e2d7074c5c50251ef0986118f7b386b986143834e37d8578c13c4b3216df9bba07b6cffaa98b645bc27d277c57e4284db027bc3f2d76eabbc33da95af5ae9844cae59a13b4e12957f89f202a3f12b7c925a4994b41a2b5ba9f6224a47a48c4f227f90a426767cfc5554bb3943e79cd55e9bd96b9830de22ecb478657423e8578e4e585385a2e67a957c5696ba395a1cbb3557567c5b724feb8"], 0x0, 0x96}, 0x20)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x5, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x1, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0x9d}]}, &(0x7f0000000040)='GPL\x00'}, 0x80)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x1}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x10}, 0x94)
r2 = syz_open_procfs(0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0xfffffead, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r3, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x40810)
syz_init_net_socket$llc(0x1a, 0x7, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$random(0xffffffffffffff9c, 0x0, 0x48200, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000580), 0xa, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_emit_vhci(0x0, 0x9)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40046f41, &(0x7f0000000440)=0x1f)
syz_emit_vhci(0x0, 0x7)
mount$9p_fd(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRESHEX=r2, @ANYBLOB])
syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IEEE802154_ASSOCIATE_REQ(0xffffffffffffffff, 0x0, 0x44841)

5m56.389960345s ago: executing program 3 (id=788):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = fanotify_init(0x200, 0x40000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
fanotify_mark(r1, 0x101, 0x48001051, r2, 0x0)
syz_io_uring_setup(0x5a79, &(0x7f00000000c0)={0x0, 0x1faa, 0x20, 0x1, 0x77, 0x0, r2}, &(0x7f0000000040), &(0x7f0000000140))
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000180)=ANY=[@ANYBLOB="3f57000000000000070000000000000004000000060000000800000000000000e400000000000000000000000000008000000000000000ec000000000000000000000000000000000400000000000000000000000000000000f0ffffffffffff0600000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000a7000000000000000500000000000000000000000000000000000000000000000001000000000000000000000000000081000000000000000200000000000000d7e30000000000000000000000000000000000000000000000000000000000000000000000000000f900000000000000ff070000000000000000008000000000000000000000000000000000000000000800000000000010000010000000000070000000000000006e00000000000000000001000000000000000000000000000000000000000000c0273d850000000000000000060000004700000000000000000400000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000020000000000000003000000000000000500000000000000000000000000000000000000000000000200"/480])
sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x10, 0x1409, 0x262543c4cee33fe7, 0x70bd2b, 0x1000}, 0x10}, 0x1, 0x0, 0x0, 0x20044814}, 0x20008000)

5m56.129764635s ago: executing program 3 (id=791):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x480, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x7}, {0x0, [0x0, 0x5f, 0x2e, 0x2e, 0x30]}}, &(0x7f0000000180)=""/248, 0x1f, 0xf8, 0x1}, 0x28)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f00000005c0)=[{0x6}]})
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="8000000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000024000280140001800800010000000000080002007f0000010c00028005000100000000000800074000000000080003400000100e140005"], 0x80}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x0, 0x2, 0x40020002, 0x0, 0xa17433da3c5d69ad, 0x2, 0x7f}, 0x9c)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x19, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800"/14, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000b7080000000000007b8af8ff00000000b7080000010000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r4}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000004080000000000000003000000000000000000000002000000000000000000000000000002000000000000000000000004"], 0x0, 0x56}, 0x28)
mknodat(0xffffffffffffffff, 0x0, 0xc000, 0x0)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)=ANY=[@ANYBLOB="140100002200010021000000000000000201"], 0x114}], 0x1}, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r6 = socket$netlink(0x10, 0x3, 0x0)
writev(r6, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

5m52.861382716s ago: executing program 3 (id=799):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x20000a0, &(0x7f00000002c0)={0x0, 0x89b8, 0x8, 0x0, 0x207}, 0x0, &(0x7f00000000c0))
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="180200004809000000000000070000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000080000008500000006000000950000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0xe, 0x0, &(0x7f00000000c0)="ddd5be65914ca2fd9a767ed10a74", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000080)={{0x0, 0x4}, 'syz1\x00', 0x4b})
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f0000000100)={0x35, {0x9, 0x0, 0x2000000, 0x3, 0x101}})
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x200000a, 0x12, 0xffffffffffffffff, 0x7f196000)
r5 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
keyctl$read(0xb, r5, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x240)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r6, 0xc02c5341, &(0x7f0000000300))
syz_open_dev$evdev(&(0x7f0000000240), 0xec, 0x220300)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
r7 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
openat(r7, &(0x7f0000000400)='./file1\x00', 0x80c0, 0x4)

5m52.796825096s ago: executing program 4 (id=800):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}})
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0xcc, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_a, @device_a, @from_mac}, 0x0, @default, 0x3311, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_TX_RATES={0x70, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x24, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xffff, 0x8, 0x6, 0xc976, 0x8, 0xf000, 0x8001, 0x5]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_60GHZ={0x34, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x40, 0x7, 0x4, 0xda, 0x8, 0x101, 0x384, 0xb]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x100, 0x6, 0x9, 0x9, 0xa, 0x8001, 0x4, 0x3]}}]}, @NL80211_BAND_60GHZ={0x4}, @NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_5GHZ={0x4}]}]}, 0xcc}}, 0x0)

5m52.687177614s ago: executing program 4 (id=801):
bind$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000480)={0x4, 0x6, {<r0=>0x0}, {0xffffffffffffffff}, 0x8, 0x7})
rt_sigqueueinfo(r0, 0x24, &(0x7f00000004c0)={0x3b, 0x4, 0xfff})
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @thr={&(0x7f00000002c0)="bca8162074b684d64e279fef38a905e2c1e4e98f60d681f42b4558993a925316371eddbcadaaccf7eee564d4acc9193cdd97ade32a212c81d9b1c004b3d8e7cbf3d79660aea5dc96c6d588d03f25507e23ad86cc952ee2b2c78c2d55fb097d5a0721cd5fbda1141c9df0546e9332c26c92fe12", &(0x7f0000000340)="ca86122de3cbe66378425b588ab517ef5ba06bffd962875b5807aa714f84923f699e3ff804a422b1ad6e03e03c9b54717297f60eabf842307db52649bfd4ccd14a76776d5ac4aa175520a73b333ffa415501251b1fc9bcfa5c1eafaedbcb974b9a4ce12579373b95ebc9ec00b5c5a50de9a8b667290e740555b12dfc141f955d44807f933b6cb60a1092f6b8cc1be94c5bbbf2cda5283aa1c26c7ffde6474d16f62def08f14b193e25c40e8cbb0163e34732f8fa9ce36c84bc8ef552b2931cf2d24216faacfffbea6e6edb64ecae47343c3a65f1"}}, &(0x7f0000000440))
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}, 0x4}}, 0x10)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r3, 0x29, 0x48, &(0x7f0000000c40)={0x2f}, 0x8)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000580)={'syzkaller1\x00', @broadcast})
write$tun(0xffffffffffffffff, &(0x7f0000002280)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x2, 0x1000, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x2, 0x8016, 0x66, 0x0, 0x8b, 0x6c, 0x0, @private=0xa010100, @broadcast}, "3297e3ba"}}, 0xfdef)
sendmsg$tipc(r4, &(0x7f0000000540)={&(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x10)

5m50.9869373s ago: executing program 4 (id=802):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000040)={0x0, 0xea60}, 0x10)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0xa4e4, @remote, 0x3}, 0x1c)
sendmmsg(r0, &(0x7f0000001000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4010)
syz_open_dev$usbfs(&(0x7f0000000000), 0x101, 0x80)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x80, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_X86_DISABLE_EXITS(r2, 0x4068aea3, &(0x7f0000001300)={0x8f, 0x0, 0xc})
msgctl$IPC_RMID(0x0, 0x0)
msgctl$MSG_STAT_ANY(0x0, 0xd, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r4, 0x4048aec9, &(0x7f0000000140)={0x6, 0x0, @ioapic={0x0, 0x9fc, 0x0, 0x8000, 0x0, [{0x4, 0x8, 0xc7, '\x00', 0x81}, {0x4, 0x4, 0x4, '\x00', 0xc}, {0x2, 0x8, 0xf0, '\x00', 0xd}, {0x2, 0xe, 0x6, '\x00', 0x1f}, {0xf, 0xff, 0x2, '\x00', 0x3}, {0x0, 0x3, 0x7, '\x00', 0x78}, {0xb, 0x6, 0x7, '\x00', 0x4c}, {0x8, 0x6, 0x9, '\x00', 0x2}, {0x2, 0x8, 0x40, '\x00', 0x5}, {0x9, 0x1, 0x1, '\x00', 0x3}, {0x7f, 0x9, 0xff, '\x00', 0x2c}, {0x6, 0x1, 0x6, '\x00', 0x7f}, {0x5, 0x6, 0x7, '\x00', 0x2}, {0x7, 0x10, 0xc, '\x00', 0x9}, {0x2, 0x8, 0x4c, '\x00', 0x7}, {0xe, 0x5, 0x4}, {0x4, 0x2, 0x4f, '\x00', 0xc}, {0x5, 0x4, 0x2, '\x00', 0x40}, {0x2, 0x6, 0x8e, '\x00', 0x81}, {0x81, 0x0, 0x12, '\x00', 0x8}, {0x2, 0x2, 0x99, '\x00', 0x85}, {0x6, 0x8, 0x9b, '\x00', 0x4}, {0x7f, 0x3, 0x7d, '\x00', 0xd3}, {0x0, 0x8, 0x3a, '\x00', 0x5}]}})
msgget(0x1, 0x10)

5m46.268046222s ago: executing program 4 (id=806):
r0 = syz_open_procfs(0x0, &(0x7f0000000300)='mounts\x00')
mount(0x0, &(0x7f0000000200)='.\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x208904, 0x0) (async)
pread64(r0, &(0x7f0000002240)=""/237, 0xed, 0x619) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1e, 0x0, 0x0, 0x8000, 0x44b06, 0xffffffffffffffff, 0x8}, 0x50) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async)
keyctl$join(0x1, 0x0) (async)
read$msr(r0, &(0x7f0000000140)=""/157, 0x9d) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) (async)
r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x1a1002, 0x0)
read$msr(r1, &(0x7f00000003c0)=""/247, 0xf7)
epoll_create(0x400)
chdir(&(0x7f0000000000)='./file0\x00')

5m42.634631832s ago: executing program 4 (id=810):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x480, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x7}, {0x0, [0x0, 0x5f, 0x2e, 0x2e, 0x30]}}, &(0x7f0000000180)=""/248, 0x1f, 0xf8, 0x1}, 0x28)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f00000005c0)=[{0x6}]})
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="8000000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000024000280140001800800010000000000080002007f0000010c00028005000100000000000800074000000000080003400000100e140005"], 0x80}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x0, 0x2, 0x40020002, 0x0, 0xa17433da3c5d69ad, 0x2, 0x7f}, 0x9c)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x19, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800"/14, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000b7080000000000007b8af8ff00000000b7080000010000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r4}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000004080000000000000003000000000000000000000002000000000000000000000000000002000000000000000000000004"], 0x0, 0x56}, 0x28)
mknodat(0xffffffffffffffff, 0x0, 0xc000, 0x0)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)=ANY=[@ANYBLOB="140100002200010021000000000000000201"], 0x114}], 0x1}, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r6 = socket$netlink(0x10, 0x3, 0x0)
writev(r6, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

5m41.465121725s ago: executing program 4 (id=812):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb01000000000000000000f4000000f40000000300000007000000000000100c000000f500000000000010060000000f000000070000930c0000000c000000090000000100000003000000e84b80330300000003000000060000006a0000000e00000005000000500700000c0000006eac00008000000003000000070000000600000005000000020000007e9c0000050000000000000a040000000a00000006000013020000000f000000ffffffff040000000c00000007000000020000000700000007000000070000000a0000000000010006000000010000000200000000000000010000000ff9ffff06000000080000000000000e0500000002000000030000000000000203000000006000"], &(0x7f0000000680)=""/4096, 0x10f, 0x1000, 0x1, 0x12}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x9, 0x10, &(0x7f0000001680)=ANY=[@ANYRESDEC=r0, @ANYBLOB="42c4976630c8f335302d88dfb44d136acc97b71be773f31c8d77a278182dbc9f4dcd33c596a953113b6850c8e90f11e8388f4cd0f71957642e655d42bee42bf7bb07ed3c8889509cfd260e24c759bc4dcb7d737b171d05d013e7a14216a5e04668cd02e05d34213d59d549c19719b16e201173646d5b94d8505bb80ed6c6d7dbce04f23cd220f558885531956be1e7ca87d5e8c2a0ae1ca0bb4302169e66ba698f985408966ff8936a166b8bfb725e008cf775b9061dfeaf796aeae819f2ae56f6e26e363f2538a76986d387bfef9334e4620bd1e6427f66b9c06d288c2e8e537a3280f86210c27bfbcc07f8e8842bb92408d9b1c746f3ce88844d781afa80a3b7f1f79a7b7cfc94b5f3449e4695ee41ce68f3236e22d9a143c64ae41c01a4971b3250c07d36f59abd6a6a5807400fc9da942ea37b5b4316b23842aae43c64c38e0b15b41aeca57b29045e7f3207dcc3e91435111f34e6bec8bc01ada96334b7cc5d9e54c11d015c35396946ea3747d2432d79042b66962fa58350509d07601253375359065d69d1e5ccfc59863ced171ce458e9c00fc214be5c6da92a95613b6faf9accb59d388d7e0ece261c4cb0f963c0d8fba29be858ed7f32d99d8e281a14d999250b3dab1ea34f903a2a3b89c1619981b567a7ea71c0bc87532a346815d5093499cae0e71b57cfce0145c889358dbe5c143bc559304cefb239fbc295e5742386769f60cffd2613ae64ff1cedfd2d71382191e9b1b7e05cb91928d627ea1c1008f839ca274d9f74c3b4e27ff4c451b5a3d22fb608da3aeaca4df984290f4571117a59b8097aacb3698feeba0dda2d5f7c73c02a09d22a7638d117800b1e87817b65da136917eb519cb5fabccd004e837985c7b4398fd3d7b28274a6d795a076f20fad7f78d298f54c395faeef98a2a0074b735ec19837420fba3eb133a91e0920e07310abbf3acd803402e6e32cb8e22ab1eabb6d4b752051e5cbfc9218c766a13630c3d9412d3741caf24efc482c873e07809f16fc7a5b5d6601011658c654d554d65c0072c6f151f23512feefebbecbd448e680a25f59e66c68ff3218cde1c7f3843359c347b77baeac5ac221dde9dc8c939e0f486811fbc856ae73e3e09ba77846c9911b3db4e37809bb0a0b4d27e1ef3ab831e00d0c9c4fe271d36ff6d2ad06e3f13103a742e2b3d2253e4d171e22d8c14c8691fefa2c83896e5dc4cb25faf7f0bcbfbec66e157f6705c2d9867ba5e988b3b5addd3636b8b79e53e8329f43f7bbbd4ff7fa3e30b9c3836fb129ce196d6bf1952b0ada9f3076c4727ea4b754223819d9eb9d95c242c21a741dbe531b401459cf747c3b7a2a97369eaf8a5637ecceec17a385de663c1d13ced545406acc9dc7f37ec57d88ded152614f807fe14465ea71fbc976b4e3a3ee19323c1e3d96649870bfcf339b7c87964d6e9f858a81728074ffb12d8003b918f995d9a5dd698f6c8c47427990183cd475d6fa770ee8c93fbdb297f84b2603e070d57c61510e20313a51d8c4070dad71d1e01481c1abcf22d388b0dc0ee2176ca6612e53e6e8cb3c217ef25a7bde75670ab2719d94c239904aada5ad5e2b9f776c8a3504478be1a2749f1a7f883e558ff0dee98f73deb4af015422a0eb1838ac62a59ed67272adc39789e1c58c293eec92b5223b497226746b41df736a8eea839ea0de202b154c41ec0362d567d9c2ce38fc9f3ab9f6547e71bbc618f174e66536ec3304dbffa0087beb7b3761dbe2f4a86f4c3850174c15998b7411b7e78dc1eb03ef87ca55a32782a93ed831f395d698373c5cffb1a60f58ab8c4f689d636ac30551ca36743cdfcce91f02134bff4b30c0fc7adb0d2c68aeb97e84448366381da15e387e8e87e03c370ef55f4c271a38362952b6276a21a3014329b73c1fac61bd9ee056099250c533e2964976e249857343f5466b1c250068356d0827393888e79b4d29286049d9b2bea075b5da135a4c25dc7c8e5572bdb153fef891fa609a3d06cb7eae97e58f0f61bef0cd890b1b59774bdc5564dfc63fcbc4785e4f7d3aaad345140abfac066a3c0bf7f4fc484769c5d8181bd10bffb2727855cfdf84a7be77442341a9092b4ff2fcd0a9123a4e698b77fb97bcefff7629abf1245f52a6d23d65a6bb08e140a46613422dac004090bb44aa026e7c121f3f001af40d0af4568b589d130b7684d4e7077a00d401194d5c88b60460548351c8853f305fce217601664778d520e77437066215d6c7879d213f7de379f9db05aec3d9033a404c745567e81ac0dbe07235dea63ed36d1a00422962c889074f76616299028fdbdf5e18215fd5d7a86c43e2c68544fbae0e835fa936f3681efb71ab09c778954ae8d7ae77eb9cbf8fc496765a0ba502cb40afbec7774ed16b6d3feb6fa107392f6d4aac5e34a892865db99946a3eec5592fab4868074d9b095aab179a37976b69d27d6d0d63fabd46ab1a31fab6ab5ecf63914eeb22d8f0ab5e4df0dd14095574dfec3ffdeaa95a5379e13bb5d53010f207c90d86d8cc3074231f18d0a12db14ba01eb1e759f6435a8074f5a6daddc245069390444ef2927c314becd97b60650bed4c513887560ddc3ffe892a602125083d6dae527e938e6eab5c86efeeefd7c2cb7725eb95210afba21adee0b66edad37889d154188f2a18876dc29d7c09a996736bcb789e9ea855f16e7974ae994ebf9cdbd9f42f8c3e8661ebc7264aec7d19506dbcdd38bed3a4560a660b55ef93ce811229659e56bd629108bf2e972b516488df9015d0099e969e4fd635e68351bea3b040f3c950cd93ef9326a26edc264e41cbf97190689674bc184c8d4f11aac5b6f859ea9bb86d7bf7fe18298bb00bf90d695dcc9ab9bd80babf0ce0ab9e1471ce57371c534e89219244a6b41324ad4a9cdb0e2191987837df5f2b0fc49e75f9b566f6ca022b02430df3ec4a76b9616a047ed7b485f7fbbecb2347bd828d9bb47479c44dcf43460c5369aa7b4ebf74cbdb7bd3540e8775cf12116fc81d9bf0175286bccfee039e1d1ae11af9d5c378ce2903e16e682306afec6f743c9e500bc2e4cff4817dfef22ba7baf4b8a50d6870369e42206d04ac26fb99f22a3c21b405b671ad39c1b2b7afa904cd3f0e9030df42d679127f5e329ed5c6e6666c6a996c65cb08f2dd5a11ee0dffb26f37755e311dbcd19fc8a1f83ad6d15aace76a8a35d2a0752f65f88692e567221306e55c939c656f45865a4832116e5924cf8e7c4ba8cb30d41a6c242bc0a52eaee7e4ce82bb7ab66cc4e5d4e6da2c8b49a2d97eddf6e443166e2ca1d3e2f7f962a62f08487623735ac4c072ae5e3eeda3f5d489c4fb526afa8c76a25a0bbb015cc6d8027ba0b476aef62997bfee8f1e7fab5eb17c94e802ac213efc98ef2be111f6cee69035046d15c5315e1e910f88f4d697097f62b9472f60faa037fad848f09d045cf80f36077bd88bdb322a31e455daca16a6dde5f0c0b4fc7257828188e11a13e37f7cdb5d425acbad5ac988e583ade863a869142a92a2aa77b90c9764636f15010cd73044a69185b0025d867360088535fb0cf6b1012c07285a269ef8a5996483dba28e7eaded399cdc9c4b72770299b3dda5c6ca0e9b44bcd93ad19cf15020f2052a38e101ddb902c27b96db153139a37133fc6d80bc9279c47a00cef925c928bfa8ef56d47e05a15deb2f84497451f5be40d00d0e13323b69ad7668785300cd962e591f05b44af75d19189bacfbdb49d0d3d8d0cafc7f4b2904944332a359a94e58a30a93449975dbf81a3aa6b06cc79cf72cce7041c8756b117e5afeae38020dfe396ecd275cb86b5b4295cb7e39b8d072d383d7be1e972e9bd4ac32154f95f121b13afe482acb8568f24aa57c0a2a360638aa4b46f8e8c83be481ba4726b68dac4a8392b5a859632881d402b47ad8e5dbcbb1c2a584b158bc513f186e71f66b994f171e05d82e23f318c834c64d693a4c4fc83f60a5e946e1698b80083278f6b31fd94a6ccde292a02137095ce98c57d0332abe5cefa80fc22d05128a906ac12d059c3622b5cd4f95d5adb563b0fefa601d1fbccc059786c50d428a2fd0e49224af1594695b644dd8079b3707cf4c76625e2d3a71d875b70248c68391c95d054b8a4495b0d16625568fdde60c21369f339cb979c0e66c58d2f17ce1d6b8b43dbf6a869331b376d3aaff224fd338fcfe606934fa44c9b6c4275d9e5ba380b45885e9827a0155de85beba535891c6cc2ada245d5b3d44c2bbb04a044074639b603b744e707ca4177ad7c4d9585250a61846f479e48d55e0533c717172061073e81be347894d80b6db89a0a61ae38417d3518a0fcc1b7830b0a47cf9e247aacde515a991230a0dffb2cfc7ed39696cdbe20adeb17bf4e487ef290484a71f5df5648814d9bc440df10596358e0e98bf8b77b7de06c83e4a0ff3ee8d7a4619e78ba088decb0df569e234d238854523e3ae8959eebeb0d825359e1e75f8eb58fad577ae43600bf3749bf14ddd5df8bd353b9001b90a00272995e126248902b034e1df8f8970377e61445887563bf032cb77f40ecd7999c56d1d244a13787550a0ce2a577f6ee8443b26d0ddc3099936ed51883155b37efa4c7fe21a02ecf7b13a1524cee4b8a2f5b21fbad5ebf0b4ac3bff928c09e59039f11029f932c28790545da552b5c1a04045c13c95d23defabbee1e5bc9fba06a8e4af51af35d3bb69797639858b8858f6e7fe99a3ee2176ec72e1d31ec0f4d81bf3d53a975082346020f9872c8d7066234e47b070fe063921f843d13039d67e40f565ad57d64efc7f8e2b25c6cffd0ba16c6e030bb6c241938321d8f0501d2bb2deb0c39e5db98d789cd961a932392a7ebbb7d5bf567f54d4e552a5aad902bdfa9b845d1f53f0e88827f668959eef2db5f4782bb7d3d9edb3ae2e41fcae453d3c16e80966cae16bc1165e9ba42361e2f529baf62be54b7f459d16318984b9e0c0baf22919a3479a6394f29d1275ea63506171d572f7e9f818e8da48c0875d7888620bf2ac52ccc76c6079bffc139c1644b0c5bb281b8295bf8d52be0e87af056af70ae899342ee070601766ce3e19bb5c876a6d0c038d648235a3505de3e6c59cb9a2afe3a72f96da88d21c486d31717c336eadff70a9d4840638407ba671fdbc04a18422e2700d4995e15fb578c323fff6d1ee4efef0318197627dafd69b1984d11d137f059909eb6069378182732838b1917f8b8b9722f9547ee43f5aad2d0e06aae1da44fd9eb2ca4adaba839546caeba11a93ad6289a8149eae479c662e78c5e867b9311af3d43e4fb61fc8bc3ba71e4abb41eb10044e6fa0b78a62d43a082bc7d96c23d0a37a1b14c574ea8fad545cac4007769b04d09e25f4561d76128ce64297fafbfa992cfac76ad231bfdbdaccba9249e843ff92e455878c76ad618362d40fcea091d3368eb7a93e7d6ff44191c8e7aca3ce65cec2e848bc81bd1407dc69856ff8fa3f9f985a72341585dc78bc73789ad45cdcd1d91a5f252dfd6a638d5d67dfc1f73928e2ab8bf53d47b2437e4037565fd11bcc2b7b9efe707e6c08af48802321ba5aaaf8d0e708372e9100826ac001a17c867ccd3487f7765a8f1c0eec28d00dc0f742f2dcab72b0c1d17c56b61ae0e17d1f97f59c7a149102d53b2f99f8f1e1aae217d339657d45a8089ae6c8f41d7b73ae76f51640073df36e1957e2e818fa7988a028d149eac38d53f5c000862feb78a589ccc0bf9e76a78949d8bacb94f85f242bc607ba92464a2c070511fa6bd4e8ad485b3bc41917"], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000001}, 0x94)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
ioctl$sock_SIOCOUTQ(r2, 0x5411, &(0x7f0000001c80))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x0, &(0x7f0000000040)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
r6 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f0000000000)={'ip6_vti0\x00', 0x0})
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000240)={0x1, @raw_data="a425e2f1a54d24f15655595860608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa194c092730319"})
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r8, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x8}})
syz_io_uring_submit(0x0, 0x0, 0x0)

5m37.354743221s ago: executing program 33 (id=799):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x20000a0, &(0x7f00000002c0)={0x0, 0x89b8, 0x8, 0x0, 0x207}, 0x0, &(0x7f00000000c0))
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="180200004809000000000000070000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000080000008500000006000000950000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0xe, 0x0, &(0x7f00000000c0)="ddd5be65914ca2fd9a767ed10a74", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000080)={{0x0, 0x4}, 'syz1\x00', 0x4b})
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f0000000100)={0x35, {0x9, 0x0, 0x2000000, 0x3, 0x101}})
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x200000a, 0x12, 0xffffffffffffffff, 0x7f196000)
r5 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
keyctl$read(0xb, r5, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x240)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r6, 0xc02c5341, &(0x7f0000000300))
syz_open_dev$evdev(&(0x7f0000000240), 0xec, 0x220300)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
r7 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
openat(r7, &(0x7f0000000400)='./file1\x00', 0x80c0, 0x4)

5m25.444110117s ago: executing program 34 (id=812):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb01000000000000000000f4000000f40000000300000007000000000000100c000000f500000000000010060000000f000000070000930c0000000c000000090000000100000003000000e84b80330300000003000000060000006a0000000e00000005000000500700000c0000006eac00008000000003000000070000000600000005000000020000007e9c0000050000000000000a040000000a00000006000013020000000f000000ffffffff040000000c00000007000000020000000700000007000000070000000a0000000000010006000000010000000200000000000000010000000ff9ffff06000000080000000000000e0500000002000000030000000000000203000000006000"], &(0x7f0000000680)=""/4096, 0x10f, 0x1000, 0x1, 0x12}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x9, 0x10, &(0x7f0000001680)=ANY=[@ANYRESDEC=r0, @ANYBLOB="42c4976630c8f335302d88dfb44d136acc97b71be773f31c8d77a278182dbc9f4dcd33c596a953113b6850c8e90f11e8388f4cd0f71957642e655d42bee42bf7bb07ed3c8889509cfd260e24c759bc4dcb7d737b171d05d013e7a14216a5e04668cd02e05d34213d59d549c19719b16e201173646d5b94d8505bb80ed6c6d7dbce04f23cd220f558885531956be1e7ca87d5e8c2a0ae1ca0bb4302169e66ba698f985408966ff8936a166b8bfb725e008cf775b9061dfeaf796aeae819f2ae56f6e26e363f2538a76986d387bfef9334e4620bd1e6427f66b9c06d288c2e8e537a3280f86210c27bfbcc07f8e8842bb92408d9b1c746f3ce88844d781afa80a3b7f1f79a7b7cfc94b5f3449e4695ee41ce68f3236e22d9a143c64ae41c01a4971b3250c07d36f59abd6a6a5807400fc9da942ea37b5b4316b23842aae43c64c38e0b15b41aeca57b29045e7f3207dcc3e91435111f34e6bec8bc01ada96334b7cc5d9e54c11d015c35396946ea3747d2432d79042b66962fa58350509d07601253375359065d69d1e5ccfc59863ced171ce458e9c00fc214be5c6da92a95613b6faf9accb59d388d7e0ece261c4cb0f963c0d8fba29be858ed7f32d99d8e281a14d999250b3dab1ea34f903a2a3b89c1619981b567a7ea71c0bc87532a346815d5093499cae0e71b57cfce0145c889358dbe5c143bc559304cefb239fbc295e5742386769f60cffd2613ae64ff1cedfd2d71382191e9b1b7e05cb91928d627ea1c1008f839ca274d9f74c3b4e27ff4c451b5a3d22fb608da3aeaca4df984290f4571117a59b8097aacb3698feeba0dda2d5f7c73c02a09d22a7638d117800b1e87817b65da136917eb519cb5fabccd004e837985c7b4398fd3d7b28274a6d795a076f20fad7f78d298f54c395faeef98a2a0074b735ec19837420fba3eb133a91e0920e07310abbf3acd803402e6e32cb8e22ab1eabb6d4b752051e5cbfc9218c766a13630c3d9412d3741caf24efc482c873e07809f16fc7a5b5d6601011658c654d554d65c0072c6f151f23512feefebbecbd448e680a25f59e66c68ff3218cde1c7f3843359c347b77baeac5ac221dde9dc8c939e0f486811fbc856ae73e3e09ba77846c9911b3db4e37809bb0a0b4d27e1ef3ab831e00d0c9c4fe271d36ff6d2ad06e3f13103a742e2b3d2253e4d171e22d8c14c8691fefa2c83896e5dc4cb25faf7f0bcbfbec66e157f6705c2d9867ba5e988b3b5addd3636b8b79e53e8329f43f7bbbd4ff7fa3e30b9c3836fb129ce196d6bf1952b0ada9f3076c4727ea4b754223819d9eb9d95c242c21a741dbe531b401459cf747c3b7a2a97369eaf8a5637ecceec17a385de663c1d13ced545406acc9dc7f37ec57d88ded152614f807fe14465ea71fbc976b4e3a3ee19323c1e3d96649870bfcf339b7c87964d6e9f858a81728074ffb12d8003b918f995d9a5dd698f6c8c47427990183cd475d6fa770ee8c93fbdb297f84b2603e070d57c61510e20313a51d8c4070dad71d1e01481c1abcf22d388b0dc0ee2176ca6612e53e6e8cb3c217ef25a7bde75670ab2719d94c239904aada5ad5e2b9f776c8a3504478be1a2749f1a7f883e558ff0dee98f73deb4af015422a0eb1838ac62a59ed67272adc39789e1c58c293eec92b5223b497226746b41df736a8eea839ea0de202b154c41ec0362d567d9c2ce38fc9f3ab9f6547e71bbc618f174e66536ec3304dbffa0087beb7b3761dbe2f4a86f4c3850174c15998b7411b7e78dc1eb03ef87ca55a32782a93ed831f395d698373c5cffb1a60f58ab8c4f689d636ac30551ca36743cdfcce91f02134bff4b30c0fc7adb0d2c68aeb97e84448366381da15e387e8e87e03c370ef55f4c271a38362952b6276a21a3014329b73c1fac61bd9ee056099250c533e2964976e249857343f5466b1c250068356d0827393888e79b4d29286049d9b2bea075b5da135a4c25dc7c8e5572bdb153fef891fa609a3d06cb7eae97e58f0f61bef0cd890b1b59774bdc5564dfc63fcbc4785e4f7d3aaad345140abfac066a3c0bf7f4fc484769c5d8181bd10bffb2727855cfdf84a7be77442341a9092b4ff2fcd0a9123a4e698b77fb97bcefff7629abf1245f52a6d23d65a6bb08e140a46613422dac004090bb44aa026e7c121f3f001af40d0af4568b589d130b7684d4e7077a00d401194d5c88b60460548351c8853f305fce217601664778d520e77437066215d6c7879d213f7de379f9db05aec3d9033a404c745567e81ac0dbe07235dea63ed36d1a00422962c889074f76616299028fdbdf5e18215fd5d7a86c43e2c68544fbae0e835fa936f3681efb71ab09c778954ae8d7ae77eb9cbf8fc496765a0ba502cb40afbec7774ed16b6d3feb6fa107392f6d4aac5e34a892865db99946a3eec5592fab4868074d9b095aab179a37976b69d27d6d0d63fabd46ab1a31fab6ab5ecf63914eeb22d8f0ab5e4df0dd14095574dfec3ffdeaa95a5379e13bb5d53010f207c90d86d8cc3074231f18d0a12db14ba01eb1e759f6435a8074f5a6daddc245069390444ef2927c314becd97b60650bed4c513887560ddc3ffe892a602125083d6dae527e938e6eab5c86efeeefd7c2cb7725eb95210afba21adee0b66edad37889d154188f2a18876dc29d7c09a996736bcb789e9ea855f16e7974ae994ebf9cdbd9f42f8c3e8661ebc7264aec7d19506dbcdd38bed3a4560a660b55ef93ce811229659e56bd629108bf2e972b516488df9015d0099e969e4fd635e68351bea3b040f3c950cd93ef9326a26edc264e41cbf97190689674bc184c8d4f11aac5b6f859ea9bb86d7bf7fe18298bb00bf90d695dcc9ab9bd80babf0ce0ab9e1471ce57371c534e89219244a6b41324ad4a9cdb0e2191987837df5f2b0fc49e75f9b566f6ca022b02430df3ec4a76b9616a047ed7b485f7fbbecb2347bd828d9bb47479c44dcf43460c5369aa7b4ebf74cbdb7bd3540e8775cf12116fc81d9bf0175286bccfee039e1d1ae11af9d5c378ce2903e16e682306afec6f743c9e500bc2e4cff4817dfef22ba7baf4b8a50d6870369e42206d04ac26fb99f22a3c21b405b671ad39c1b2b7afa904cd3f0e9030df42d679127f5e329ed5c6e6666c6a996c65cb08f2dd5a11ee0dffb26f37755e311dbcd19fc8a1f83ad6d15aace76a8a35d2a0752f65f88692e567221306e55c939c656f45865a4832116e5924cf8e7c4ba8cb30d41a6c242bc0a52eaee7e4ce82bb7ab66cc4e5d4e6da2c8b49a2d97eddf6e443166e2ca1d3e2f7f962a62f08487623735ac4c072ae5e3eeda3f5d489c4fb526afa8c76a25a0bbb015cc6d8027ba0b476aef62997bfee8f1e7fab5eb17c94e802ac213efc98ef2be111f6cee69035046d15c5315e1e910f88f4d697097f62b9472f60faa037fad848f09d045cf80f36077bd88bdb322a31e455daca16a6dde5f0c0b4fc7257828188e11a13e37f7cdb5d425acbad5ac988e583ade863a869142a92a2aa77b90c9764636f15010cd73044a69185b0025d867360088535fb0cf6b1012c07285a269ef8a5996483dba28e7eaded399cdc9c4b72770299b3dda5c6ca0e9b44bcd93ad19cf15020f2052a38e101ddb902c27b96db153139a37133fc6d80bc9279c47a00cef925c928bfa8ef56d47e05a15deb2f84497451f5be40d00d0e13323b69ad7668785300cd962e591f05b44af75d19189bacfbdb49d0d3d8d0cafc7f4b2904944332a359a94e58a30a93449975dbf81a3aa6b06cc79cf72cce7041c8756b117e5afeae38020dfe396ecd275cb86b5b4295cb7e39b8d072d383d7be1e972e9bd4ac32154f95f121b13afe482acb8568f24aa57c0a2a360638aa4b46f8e8c83be481ba4726b68dac4a8392b5a859632881d402b47ad8e5dbcbb1c2a584b158bc513f186e71f66b994f171e05d82e23f318c834c64d693a4c4fc83f60a5e946e1698b80083278f6b31fd94a6ccde292a02137095ce98c57d0332abe5cefa80fc22d05128a906ac12d059c3622b5cd4f95d5adb563b0fefa601d1fbccc059786c50d428a2fd0e49224af1594695b644dd8079b3707cf4c76625e2d3a71d875b70248c68391c95d054b8a4495b0d16625568fdde60c21369f339cb979c0e66c58d2f17ce1d6b8b43dbf6a869331b376d3aaff224fd338fcfe606934fa44c9b6c4275d9e5ba380b45885e9827a0155de85beba535891c6cc2ada245d5b3d44c2bbb04a044074639b603b744e707ca4177ad7c4d9585250a61846f479e48d55e0533c717172061073e81be347894d80b6db89a0a61ae38417d3518a0fcc1b7830b0a47cf9e247aacde515a991230a0dffb2cfc7ed39696cdbe20adeb17bf4e487ef290484a71f5df5648814d9bc440df10596358e0e98bf8b77b7de06c83e4a0ff3ee8d7a4619e78ba088decb0df569e234d238854523e3ae8959eebeb0d825359e1e75f8eb58fad577ae43600bf3749bf14ddd5df8bd353b9001b90a00272995e126248902b034e1df8f8970377e61445887563bf032cb77f40ecd7999c56d1d244a13787550a0ce2a577f6ee8443b26d0ddc3099936ed51883155b37efa4c7fe21a02ecf7b13a1524cee4b8a2f5b21fbad5ebf0b4ac3bff928c09e59039f11029f932c28790545da552b5c1a04045c13c95d23defabbee1e5bc9fba06a8e4af51af35d3bb69797639858b8858f6e7fe99a3ee2176ec72e1d31ec0f4d81bf3d53a975082346020f9872c8d7066234e47b070fe063921f843d13039d67e40f565ad57d64efc7f8e2b25c6cffd0ba16c6e030bb6c241938321d8f0501d2bb2deb0c39e5db98d789cd961a932392a7ebbb7d5bf567f54d4e552a5aad902bdfa9b845d1f53f0e88827f668959eef2db5f4782bb7d3d9edb3ae2e41fcae453d3c16e80966cae16bc1165e9ba42361e2f529baf62be54b7f459d16318984b9e0c0baf22919a3479a6394f29d1275ea63506171d572f7e9f818e8da48c0875d7888620bf2ac52ccc76c6079bffc139c1644b0c5bb281b8295bf8d52be0e87af056af70ae899342ee070601766ce3e19bb5c876a6d0c038d648235a3505de3e6c59cb9a2afe3a72f96da88d21c486d31717c336eadff70a9d4840638407ba671fdbc04a18422e2700d4995e15fb578c323fff6d1ee4efef0318197627dafd69b1984d11d137f059909eb6069378182732838b1917f8b8b9722f9547ee43f5aad2d0e06aae1da44fd9eb2ca4adaba839546caeba11a93ad6289a8149eae479c662e78c5e867b9311af3d43e4fb61fc8bc3ba71e4abb41eb10044e6fa0b78a62d43a082bc7d96c23d0a37a1b14c574ea8fad545cac4007769b04d09e25f4561d76128ce64297fafbfa992cfac76ad231bfdbdaccba9249e843ff92e455878c76ad618362d40fcea091d3368eb7a93e7d6ff44191c8e7aca3ce65cec2e848bc81bd1407dc69856ff8fa3f9f985a72341585dc78bc73789ad45cdcd1d91a5f252dfd6a638d5d67dfc1f73928e2ab8bf53d47b2437e4037565fd11bcc2b7b9efe707e6c08af48802321ba5aaaf8d0e708372e9100826ac001a17c867ccd3487f7765a8f1c0eec28d00dc0f742f2dcab72b0c1d17c56b61ae0e17d1f97f59c7a149102d53b2f99f8f1e1aae217d339657d45a8089ae6c8f41d7b73ae76f51640073df36e1957e2e818fa7988a028d149eac38d53f5c000862feb78a589ccc0bf9e76a78949d8bacb94f85f242bc607ba92464a2c070511fa6bd4e8ad485b3bc41917"], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000001}, 0x94)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
ioctl$sock_SIOCOUTQ(r2, 0x5411, &(0x7f0000001c80))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x0, &(0x7f0000000040)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
r6 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f0000000000)={'ip6_vti0\x00', 0x0})
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000240)={0x1, @raw_data="a425e2f1a54d24f15655595860608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa194c092730319"})
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r8, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x8}})
syz_io_uring_submit(0x0, 0x0, 0x0)

1m37.332429577s ago: executing program 5 (id=1453):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="050000000300000000000000", @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0)
read(r1, &(0x7f0000001480)=""/4096, 0x1000)
sendmmsg$inet6(r0, &(0x7f0000000dc0)=[{{&(0x7f0000000240)={0xa, 0x4e21, 0x19300000, @private0, 0x3}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000440)="14", 0x1}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x4e22, 0xdd0, @loopback, 0x4}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000080)="45d9", 0x2}], 0x1}}], 0x2, 0x931766f6319e8551)
syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, r2, {0xee00, 0xee01}}, './file0\x00'})
r4 = creat(&(0x7f00000001c0)='./file0\x00', 0x102)
sendto$inet6(r4, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x40488d0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = syz_open_dev$video4linux(&(0x7f0000000000), 0xfffb, 0x60082)
ioctl$VIDIOC_QUERY_EXT_CTRL(r7, 0xc0e85667, &(0x7f0000000300)={0xa0000000, 0x1, "6ff6ad4d49bf769c2fe25720ed5009622e709195057af5b6837b0b5f886643fa", 0x1, 0x2, 0x10000001, 0x8, 0x1, 0x87, 0x7fffffff, 0x0, [0xfffffffa, 0x10000, 0x1, 0x8]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800007640b5b400000000000000100084198c00000000f49400000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x4}, 0x94)
openat$nullb(0xffffffffffffff9c, 0x0, 0x84042, 0x0)
r8 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000080)={0x84, @multicast2, 0x15, 0x3, 'none\x00', 0x1, 0x4, 0x43}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @empty, 0x4e20, 0x3, 'fo\x00', 0x8, 0x323b, 0x55}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0x0, 0x12d5c, 0x12d5c}}, 0x44)
ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f0000001ac0)={r8, 0x4, {0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x14, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0x3]}})

1m35.89672332s ago: executing program 5 (id=1455):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r2}, 0x10)
r3 = syz_init_net_socket$ax25(0x3, 0x3, 0xca)
listen(r3, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback, 0x1}, 0x1c)
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0xc4)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x600000)
ioctl$SIOCAX25CTLCON(r5, 0x89e8, &(0x7f0000000040)={@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, 0x5, 0x5, 0x2, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]})
connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet(0x2, 0x3, 0x4)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
write$P9_RSTATu(r0, &(0x7f0000000800)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x232)

1m34.778062263s ago: executing program 5 (id=1459):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_audit(0x10, 0x3, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="3c02000019000100000000000008000000000000000000000000ffff00000000be14144416000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084010500ff010000000000000000000000000001000004d2330000000a000000000000000000000000000000000000000135000001003b00830000000500000007000000fe8000000000000000000000000000aa000004d63c0000000a000000ff01000000000000000000000000000102350000020007007f0000000000000004000000e0000001000000000000000000000000000004d56c00000002000000000000000000000000000000000000000000000004030300040000000200000003000000fc000000000000000000000000000000000004d33c00000002000000200100000000000000000000000000020000000000000200faffffff0104000081000000fe880000000000000000000000000001000004d32b"], 0x23c}}, 0x4000)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x15)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300))
keyctl$restrict_keyring(0xf, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="4400000010000304016100"/20, @ANYRES32=0x0, @ANYBLOB="d3ddd1de00000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n'], 0x44}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000040)={<r4=>0x0}, &(0x7f0000000080)=0xc)
sched_setaffinity(r4, 0x8, &(0x7f00000002c0))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x2, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
set_mempolicy(0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
prctl$PR_SET_IO_FLUSHER(0x4a, 0x2)

1m33.376160838s ago: executing program 5 (id=1461):
r0 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$dri(0x0, 0x40100001, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r2 = dup2(r1, r1)
write$cgroup_subtree(r2, &(0x7f0000000040)={[{0x2d, 'blkio'}, {0x2b, 'rlimit'}, {0x2d, 'net_prio'}, {0x2d, 'cpuacct'}]}, 0x22)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)
msgget$private(0x0, 0xcb)
ioctl$CEC_TRANSMIT(r0, 0xc0386105, &(0x7f0000000000)={0x9, 0xd6, 0x7fffffff, 0x9, 0xace8, 0x344f, "85ec21e1382c329131320f813d6d7ab7", 0x0, 0x7, 0x2, 0x5, 0x80, 0x2, 0x4})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, 0x0, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r7 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x844}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)

1m32.199323505s ago: executing program 5 (id=1463):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x480, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x7}, {0x0, [0x0, 0x5f, 0x2e, 0x2e, 0x30]}}, &(0x7f0000000180)=""/248, 0x1f, 0xf8, 0x1}, 0x28)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f00000005c0)=[{0x6}]})
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="8000000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000024000280140001800800010000000000080002007f0000010c00028005000100000000000800074000000000080003400000100e140005"], 0x80}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x0, 0x2, 0x40020002, 0x0, 0xa17433da3c5d69ad, 0x2, 0x7f}, 0x9c)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x19, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800"/14, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000b7080000000000007b8af8ff00000000b7080000010000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a500"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r4}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000004080000000000000003000000000000000000000002000000000000000000000000000002000000000000000000000004"], 0x0, 0x56}, 0x28)
mknodat(0xffffffffffffffff, 0x0, 0xc000, 0x0)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)=ANY=[@ANYBLOB="140100002200010021000000000000000201"], 0x114}], 0x1}, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r6 = socket$netlink(0x10, 0x3, 0x0)
writev(r6, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

1m31.017217444s ago: executing program 5 (id=1469):
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, r0, &(0x7f0000000000)='keyring\x00', &(0x7f00000000c0)={'syz', 0x0}, r0)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000300)={0x1, &(0x7f0000000240)=[{0x200, 0x7b, 0x5, 0x80000000}]})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
write$bt_hci(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="0000020008"], 0xe)
r2 = syz_open_dev$loop(&(0x7f0000000140), 0x2, 0xa382)
r3 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x1)
pwritev(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='\t', 0x1}], 0x1, 0xaa23, 0x20000)
r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x205, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r4, 0x0)
syz_clone3(&(0x7f0000000480)={0x80000000, 0x0, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x100000a, 0x5d032, 0xffffffffffffffff, 0x0)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x800008, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r6}})
ioctl$UI_SET_RELBIT(r6, 0x40045566, 0x7)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000180000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r7, 0x27, 0x14, 0x0, &(0x7f0000000000)="f8ad1dcc02cb29dcc80032008100", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f00009ea000/0x4000)=nil, 0x800000})
sendfile(r2, r2, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f00000001c0)={0x0, {}, 0x0, {}, 0x7fff, 0x4, 0x7, 0x10, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x7ff, 0x1]})

1m15.879661711s ago: executing program 35 (id=1469):
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, r0, &(0x7f0000000000)='keyring\x00', &(0x7f00000000c0)={'syz', 0x0}, r0)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000300)={0x1, &(0x7f0000000240)=[{0x200, 0x7b, 0x5, 0x80000000}]})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
write$bt_hci(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="0000020008"], 0xe)
r2 = syz_open_dev$loop(&(0x7f0000000140), 0x2, 0xa382)
r3 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x1)
pwritev(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='\t', 0x1}], 0x1, 0xaa23, 0x20000)
r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x205, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r4, 0x0)
syz_clone3(&(0x7f0000000480)={0x80000000, 0x0, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x100000a, 0x5d032, 0xffffffffffffffff, 0x0)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x800008, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r6}})
ioctl$UI_SET_RELBIT(r6, 0x40045566, 0x7)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000180000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r7, 0x27, 0x14, 0x0, &(0x7f0000000000)="f8ad1dcc02cb29dcc80032008100", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f00009ea000/0x4000)=nil, 0x800000})
sendfile(r2, r2, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f00000001c0)={0x0, {}, 0x0, {}, 0x7fff, 0x4, 0x7, 0x10, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x7ff, 0x1]})

21.682828851s ago: executing program 1 (id=1656):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
preadv(r2, &(0x7f0000000280)=[{&(0x7f0000000bc0)=""/95, 0x5f}], 0x1, 0x3, 0xfffffffc)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
syz_clone3(&(0x7f0000000380)={0x40800000, 0x0, 0x0, 0x0, {0x1b}, 0x0, 0x0, 0x0, 0x0}, 0x58)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x48) (async)
close(0x3) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) (async)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') (async)
preadv(r2, &(0x7f0000000280)=[{&(0x7f0000000bc0)=""/95, 0x5f}], 0x1, 0x3, 0xfffffffc) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) (async)
syz_clone3(&(0x7f0000000380)={0x40800000, 0x0, 0x0, 0x0, {0x1b}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async)

15.858753174s ago: executing program 2 (id=1670):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\x00\x00\x00\x00\xd4\xa2\x88\x00\xd1l,'}, 0x30)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r3)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r4, &(0x7f00000000c0)=""/4096, 0x1000)

11.380230182s ago: executing program 1 (id=1678):
unshare(0x2a020480)
r0 = memfd_create(&(0x7f0000000000)='\t^\x1ax1\xc7\xbe\xa1\xc6F\xfa\x9cq\xb1w&\xdfP\xba\xdf\xf9F\xc1\xd4x\xaa\x92~srQ\xeaS\x88\xad\xd1Js\\\xb2\xc5\xed\xe8\x7f\xdc(\x01\xcey\xc7\x15?\n\xad\xe7R\x9e\xe1K\xfd\xc95f@O}\\\xdd\xca!;\xf38\'D9\xcb\xda\xa1\xc1p\xd4)\x18x\x17\xab7\x06\x9f\xe3X\v\xf2\xcc\x05\xb4( m\xde\x0f\xf3\xf8\x1b\vW\x00\x90\x01\xfe\x1e<\xabL-3\xe6\x81V\x8d3\x1b$\x0e\x00\x00\x00\x00\x00\x00\x94&\xac\x88\x95\xff\xda\x14d\xcbx\bx\x95\xab\xcb@\x8d\xa0\xe4I\xff\x87\x90\xd9\x89O\x98\x90\x86\xff\xcc\xc1\xf5\r\xea\x19c\xba\xa9\"d$\x01h\x0f&/B\xa5\x18%\xc7\x00\x17\x00\x00sH\xc7ex#\xb0\xe4\x1b\xce\x0f\xear,-\n\xe6gB#\x8ch=:F$\xe6\x87\xf0AF\xd5\x84c\xd5\xd5(\xb3\xac\x9b\x80\x81y\xf1\a\x0f \xbb\xfa\xd3\x88\xad=5J\x13>u\x8c\x00\x00\x00\x00\xff\xff\xff\xff\xb8~\xaa-\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\xdf\xcf\b\x9f\xb6\xf2\x84\xbag\xe5.\xe4\x1f\xb3\xf4\xc6\xad\x06\x1btb\"\x87\x0f\xd7\xf9\x10~\xdc7\xe7\xdc\x11\xd8?\x040\xc5%%\x1c\x8d\xe0\xb99\x10\x11\x84\xbb\xa9\x9em\x1d\xfd\xd4\xcf\x8cH\xa6\x980\xadg\x9b\x8b$\x0e\x04\xd8\xaa\x17\xac\xf4\xda\xd0z\x87H\x03Du\x91\x839\xec\xd7\xde\xf2P\xf6dj-b\x84\x18\xe9\fy`\xca\x86Za7\xe4P\x95B\xeefTdk\x83\xcc\xa4\xa5\b\x1e\x998\x042\xb2\xdd\x8a\xea\xefQ\xf3-Z\a\xd3\xbb\xd5\x80\xb7\v\xa9\xae*\xca\xd90\xc8\xf4_\xe9N7*K:\xe1\xa4\xf7G\a\xd4Q\f7\xdeK,&\xf8\xe7\xffj\xd1\xae\xa1\x04\xf9\xd5\xc5\\\xcc:\xb1\xa70\x84\xf72 \xd1\xcb}Ky\xa5\x9bx&\xad\xf0U\x1aK\x8bN\xcd\xf50\xa3\xc7\xee\x7f\x1a#\xc9\xb3^\xdd/\x13\xb6\xe9%\xed\x04\xf4o}\x17U\x16C\xb2\xea7C\xb6fH$\xd6\xeb\x03\xd2\xa9\xa0\x9a\x93\xed-S\xe5p\xa28*\x98C\xa9\xf5\xf1*\xaa3\xb9\x88\xb3E\x03\x06\xf7\xa7', 0xa)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002d00010000000000fcdbdf250401f2800800180005ac0f"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000180)=@filter={'filter\x00', 0xe, 0x0, 0x90, [0x6000000, 0x2000000000c0, 0x2000000000f0, 0x200000000120], 0x100000, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000006000000feffffff0000000000000000000000000000d9e4aa2f0000000000000000000000000000000000000000000000000000feffffff0020000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff00000000"]}, 0x108)
fchmod(r2, 0x7)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8, 0x10, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TEE={0x21, 0x61, 0x0, @fd=r2, 0x0, 0x0, 0x4, 0x4, 0x1, {0x0, 0x0, r0}})
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
fsmount(r4, 0x1, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x7fff, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r5, 0xc10c5541, &(0x7f0000000080))

8.590731567s ago: executing program 6 (id=1683):
socket$nl_route(0x10, 0x3, 0x0)
membarrier(0x0, 0x0)
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
sendmsg$tipc(r0, &(0x7f0000000400)={&(0x7f00000008c0), 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, 0x0, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x4)
sendmsg$nl_generic(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000d379)={&(0x7f0000000440)=ANY=[@ANYBLOB="180000001400010300000000000000001e000000c1"], 0x18}}, 0x0)

8.564115504s ago: executing program 7 (id=1684):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'ip_vti0\x00', &(0x7f0000000340)={'gre0\x00', 0x0, 0x8, 0x20, 0x0, 0x400, {{0xe, 0x4, 0x0, 0x0, 0x38, 0x80, 0x0, 0x0, 0xe, 0x0, @local, @loopback, {[@ssrr={0x89, 0x23, 0xc2, [@loopback, @remote, @rand_addr=0x64010102, @broadcast, @rand_addr=0x64010102, @multicast2, @private=0xa010100, @loopback]}]}}}}})
mkdirat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000040)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x2, 0x3)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f0000000040)=[{0x7, 0xff, 0x0, 0x2}, {0x9}]}, 0x10)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10)
sendmmsg$inet(r4, &(0x7f0000000ec0)=[{{&(0x7f0000000280)={0x2, 0x4e25, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendto$inet(r4, &(0x7f0000000c80)="e8", 0x6200, 0x588, 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000540)='[\x10\xdbX\xae[5\xa9\x90\xffc\x1f\x1a\xa9\xfd\xfa\xad\xd1md\xe7\xe2\x7f\x9b\xd5R\x10\xf3\xb6\xffT\xbf\xd1\xc8\x85HX\xae%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1e\xe2;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\x9fc\xda\xa9\x83r\xd8\x98\x00\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\x85\xc2\xd6\xe0\xf9#\x80\xd2}\xf5\xe4\x9f5\x9b\x01\xf9\x00\x00\x00h)]Z\xf54\xd8\xfe\xfc\xc0\x1b\xc7[\xd7\xad\xe9\x8a\x17\xb2I\xc2\x04\x1b)\x17\xee\x94\xdb\xf8#L \xa4\xaeA@\xe0\\\xfd7\xdf\xd6?\x9d\x98\x14\x91|\x8eS\x1e]', 0x1)
write$binfmt_script(r5, &(0x7f00000001c0)={'#! ', './file0'}, 0xb)
pwrite64(r5, &(0x7f0000000040)="ab", 0x1, 0x2)
socket$xdp(0x2c, 0x3, 0x0)
execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
sched_setscheduler(0x0, 0x4, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x64, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0x44000001)

8.558234634s ago: executing program 2 (id=1685):
socket$kcm(0xa, 0x1, 0x0)
r0 = fsopen(&(0x7f0000000300)='tracefs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000440), &(0x7f0000000480)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xf4\xe1\xb1\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\x00\x8e\xb6Bz\r\xcc\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\n\x00\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ai\xa2$u\xe8%1\xb0r\xba\x7f}\x84\'\x0e\xcd\x84\xe7\x0f\xe2VJ\xef\xa3\xf1\xd9<\xb9\xfdp`dPC\xfb\x05/I\x83\x80j6\x8d@\xe5\x9f\xb9\x99\xfe\xce)C?=\xd0\xef\xd8\x05\x8b\xba\xaf!<\xc2\xfc2*\x8e\xeb', 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x428c39a6f3326709}, 0x20, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=ANY=[@ANYBLOB="180200000000000000000000cfffffff850000001700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="850000008a000000840000000000000095000000000000008560fc2b2062f611fc2f864ef177d634e46e8dcfe61b4fb9f600344d592fee49e176fe6ad28fbcb1f9259bfc63e9030971917e30b6f42e8f9dd6ab0ce07312a135cd363aa7e5bcef8fd0e8c7d2082584156c52ebfd69e8e13b7a8b477abc86468e11b6242133ce882f05e16b91c37b3437347f6058b4489c759783b9d4dfb55d0085a26e41201a6d8c8ced33e10048e756a40538b32bf653fa3c831a4e60599ed7a0f999d18de9984522a7cdb6fc30015633a0132c9578b7da5bd7280a5f7e28fd858ba712020b23ef8a2785b6c146c48b48ca7e232d0489661396e9303b38aa5d26d06e2e676795fd2733f95da570bab301000000ffffffff2a2792a630d8fcdc"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x41100}, 0x94)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_DEL(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYRESHEX, @ANYRES16=r1, @ANYBLOB="270e000000000000000004070202"], 0x14}, 0x1, 0x40030000000000, 0x0, 0x8040}, 0x44010)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'macvtap0\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'bond0\x00', <r6=>0x0})
getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x4, &(0x7f0000000380)=""/102, 0x66)
socket$inet6(0xa, 0x3, 0x9)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000110001010000000000067d51d7010084a0000000000000000000", @ANYRES32=r6, @ANYRES8=r1], 0x28}}, 0x24004854)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[], 0x150}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_usb_connect(0x3, 0x2d, &(0x7f0000001040)=ANY=[@ANYBLOB="1201000229639010861a2d754d2d0102030109021b0001000000000904010001e90cbd00090503"], 0x0)
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x6c}}, 0x40000)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_netdev_private(r8, 0x8946, &(0x7f0000000140)="a6cc04e2d8f1c38afbf14b29b86e3a")
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000680)=ANY=[], 0x44}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

8.484270458s ago: executing program 1 (id=1686):
mount(0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x20000023896)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
mq_unlink(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f0000000000)=0x13)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_getoverrun(0x0)
ioctl$TCSETA(r2, 0x5406, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f00000006c0)=0x16)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, 0x0, 0x0)
write(r3, &(0x7f0000000040)="18000000010003", 0x7)

7.119652582s ago: executing program 6 (id=1688):
unshare(0x8040480)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x87)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000100)={{{@in=@dev, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@private}, 0x0, @in=@dev}}, &(0x7f0000000200)=0xe8)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x38}, @in=@broadcast, 0xfffd, 0x200, 0x4e20, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, r2}, {0xfffffffffffffffc, 0x4, 0x1, 0x3, 0x0, 0x9}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x1, 0x1, 0x0, 0x1, 0x2}, {{@in=@empty, 0x1, 0x32}, 0xa, @in6=@private0, 0x3502, 0x1, 0x0, 0x0, 0x6, 0xfffffffd}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c)
pread64(r0, &(0x7f0000000040)=""/152, 0x98, 0x1ff)

6.910835234s ago: executing program 7 (id=1690):
madvise(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x17)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$key(0xffffffffffffffff, 0x0, 0x800)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[], 0x44}, 0x1, 0x10000000}, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x800, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x85}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="188000000000000000000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x5e}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f0000002240)=[{{&(0x7f0000000300)=@in6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)=""/118, 0x76}, {&(0x7f0000000040)=""/58, 0x3a}, {&(0x7f0000002000)=""/6, 0x6}, {&(0x7f0000000400)=""/21, 0x15}, {&(0x7f0000000440)=""/56, 0x38}, {&(0x7f0000000580)=""/225, 0xe1}, {&(0x7f0000000680)=""/201, 0xc9}, {&(0x7f0000000480)=""/80, 0x50}], 0x8, &(0x7f0000000800)=""/206, 0xce}, 0x1a}, {{0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000000500)=""/39, 0x27}, {&(0x7f0000000900)=""/60, 0x3c}, {&(0x7f0000000940)=""/96, 0x60}, {&(0x7f00000009c0)=""/39, 0x27}, {&(0x7f0000000a00)=""/213, 0xd5}, {&(0x7f0000000b00)=""/206, 0xce}, {&(0x7f0000000c00)=""/171, 0xab}, {&(0x7f0000000cc0)=""/94, 0x5e}, {&(0x7f0000000d40)=""/172, 0xac}, {&(0x7f0000000e00)=""/138, 0x8a}], 0xa, &(0x7f0000000f80)=""/4096, 0x1000}, 0x1}, {{&(0x7f0000001f80)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f0000002140)}, 0x81}], 0x3, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0)
fcntl$setpipe(r4, 0x407, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = creat(&(0x7f00000000c0)='./file0\x00', 0xd4)
dup2(r6, r6)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0), 0x106, 0x2}}, 0x20)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0xf252844025d06a53, 0x0)
ioctl$DRM_IOCTL_GEM_OPEN(r5, 0xc010640b, &(0x7f0000000100)={0x0, <r8=>0x0})
ioctl$DRM_IOCTL_GEM_CLOSE(r7, 0x40086409, &(0x7f0000000140)={r8})
r9 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
close(r9)
socket$nl_netfilter(0x10, 0x3, 0xc)

6.759888546s ago: executing program 6 (id=1691):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x40000)
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {0x0, 0xffe0}, {0x10, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_IPV4_DST={0x8, 0x1d, @dev={0xac, 0x14, 0x14, 0x3b}}, @TCA_FLOWER_KEY_ENC_IPV4_DST_MASK={0x8, 0x1e, 0xff}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x4)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b80)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r4 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000001080)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r5, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4)
recvmmsg(r5, &(0x7f0000003ec0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003f80)=""/255, 0xff}, 0x7ff}], 0x1, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x4, 0x3, &(0x7f0000000000)=@framed={{0xc3, 0xa, 0xa, 0xfe00, 0x0, 0x71, 0x10, 0x1a}}, &(0x7f0000000480)='syzkaller\x00'}, 0x90)
setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8)
setsockopt$inet6_int(r5, 0x29, 0x4, &(0x7f0000000000)=0x7f, 0x4)
sendto$inet6(r5, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000280), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r6, 0x0)
ioctl$FS_IOC_SETFLAGS(r6, 0xc0189436, &(0x7f0000000140))
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r6, 0xc0a85352, &(0x7f0000000100)={{0x5}, 'port0\x00', 0x1, 0x30, 0x5, 0x7, 0x0, 0x1, 0x7, 0x0, 0x12426440fd9b82b9, 0x7})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r7=>r4, {<r8=>r3}}, './file0\x00'})
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, r7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x5, 0xb68, 0x1300, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r6, 0x4068aea3, &(0x7f00000003c0)={0xbe, 0x0, 0x1})
getsockname$l2tp(r8, &(0x7f0000000080)={0x2, 0x0, @remote}, &(0x7f00000000c0)=0x10)

6.738365492s ago: executing program 8 (id=1692):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = syz_open_dev$vivid(&(0x7f0000000080), 0x0, 0x2)
ioctl$VIDIOC_DQBUF(r3, 0xc0585611, &(0x7f0000000100)=@overlay={0x2, 0x8, 0x4, 0x40, 0x4, {}, {0x3, 0x8, 0x8, 0x2, 0xff, 0xe2, "e71d6c45"}, 0xfffffff8, 0x3, {}, 0x6})
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r1, 0x4068aea3, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4d549b, 0x0, [0xffffffffffffffff, 0x7, 0x1000000, 0x0, 0x5, 0x3, 0xfffffffffffffffc, 0x800000]})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f00000ab000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000040)="36d0e866b9b000004066b80000008066ba000000000f300f23c8640f00dc66350c00a0000f23f89d0f326635000400000f302e8dcc0f23742e3b5753baf804f3e00066efbafc0c66b83ac80000666fda6509", 0x52}], 0x1, 0x1a, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5.766124346s ago: executing program 7 (id=1693):
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
mmap(&(0x7f0000cb3000/0x4000)=nil, 0x4000, 0x3, 0x32, 0xffffffffffffffff, 0xffffc000)
read$FUSE(0xffffffffffffffff, &(0x7f0000000680)={0x2020, 0x0, <r1=>0x0, 0x0, 0x0, <r2=>0x0}, 0x2020)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000000040))
write$FUSE_LK(r0, &(0x7f0000000100)={0x28, 0xffffffffffffffda, r1, {{0x1, 0x9, 0x0, r2}}}, 0x28)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000001280)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020702500000000002020207b1af8ff00"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0xffef)
symlink(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000000)='./file1\x00')
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
syz_open_dev$vbi(0x0, 0x2, 0x2)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket$netlink(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8f}, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)

5.690139815s ago: executing program 8 (id=1694):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x4000084)
mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x8)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r0, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @mcast2, 0x9}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000002cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="24000000000000002900000032000000fc000000000000000000000000000000de"], 0x28}}], 0x1, 0x4001c00)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000020000000000000f0400000000005f"], 0x0, 0x28}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000700)={r4, 0x0, 0xfffffffffffffffe}, 0x10)
r5 = openat$cgroup_subtree(r2, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000480)={[{0x2b, 'rdma'}]}, 0x6)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000500)=0xffffefdfbffffff8, 0xef9)
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r8, 0x7a5, &(0x7f00000000c0)={{@hyper, 0x7fff}, 0x0, 0x2, 0x2})
sendmsg$NL80211_CMD_SET_CQM(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x30, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0xffffffff]}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0)

5.618710493s ago: executing program 6 (id=1695):
r0 = landlock_create_ruleset(&(0x7f0000000240)={0x0, 0x2, 0x3}, 0x18, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000000000086e05fe0000000000000109022400010000b0000904000008030000000921000000012a46000905810300"], 0x0)
sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000500)={0x3c, r3, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x22000092}, 0x10)
sendmsg$nl_route(r1, 0x0, 0x0)
landlock_restrict_self(r0, 0x3)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x3, 0x0, 0x240000, 0x0, 0x51, 0x0, 0x4}, 0x9c)
landlock_restrict_self(r0, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(0xffffffffffffff9c, 0x0, r5, 0x0, 0x256)
pipe(&(0x7f0000000000))

4.908357362s ago: executing program 7 (id=1696):
syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000013b80)=ANY=[@ANYBLOB="280000001b14010000000000000000000800030001fc0000080001000000000008003f"], 0x28}, 0x1, 0x0, 0x0, 0xc0}, 0x0) (fail_nth: 5)

4.490106575s ago: executing program 2 (id=1697):
r0 = socket$tipc(0x1e, 0x2, 0x0)
connect$tipc(r0, &(0x7f0000003100)=@id, 0x10)
sendmmsg$inet(r0, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f00000002c0)="91199893b794f675ec88239fef317c764ee3a8ecbdc2a8c32d46f77944d1de9f924d05d3566b8eb8f5750393c669559d05543efa2927ef0d2b10e3d4f8541f34e1c7c8ca2d1e811f67f3dc50fdd469af72a49e684e28a364f5da124dff2b55a5536aa670b82da70bf0f19cd420371848ddc41d65649fde307c1971599f2fec84845e32bb2b6ebda099de12e8b64842024389524a1c5a97608000d1030d99e2a6e23a0bc8", 0xa4}, {&(0x7f0000000380)="11a68683394e1541cc444dff7adf30f079408cb066a6f8f4d33c4f11850de78c586d1a2ccff92e8e83fb82e447d9b88de42182e9e8c97415f41ef8a504215a2b2fdb1404c9659fdb988d0f527c3675cf2b", 0x51}, {&(0x7f0000000400)="875ad17d55c11f1ea6ec6cd17661afc73209e32142961e4660591bf3ca40d05a507ac0b0e71f7ed4c63f52a003cc8102f20dc6e33b5dc6de64ac815cf87867507cc072f0cb762aa5deb8731a699d3c7c69f85266ba51eb244f20129de491adaeb0c2d2eb13c1f215ddff92b05148f0ad513018b14798e45e55ecb916d4dd89f2df7e33c470998f325bf453f929d8", 0x8e}, {&(0x7f00000004c0)="1273dd9951adeaefffe3c4957c86dbff8693adf2202b620b3aec000cf330bb7249", 0x21}, {&(0x7f0000000500)="4167c4fd9ea8b423c01e798bbd631e888a04e31e6865a2d55b31833b82989759c0f3241bb5ebe979636a5f22244112d95d11a07cb172724ec37ef9faaf227d64f5190c9d82dfe194b2cf6d77e917e513170fa1e8e4c82dd9898b4ad23e677261595ec62844104d7ca15aa7eec90685ad92f2cd5b745910e47d703315a0d1d3a6d143575da2604e54bb1ddb295e590a1392770befa52aaf1651d375682bcf94e5da4ea37e1cde1d2a80890d896cfe4d08801bc50d9bc08480de2b2710b694ff7fb5bda12cd8a8cb8dc18bf0c265b71aef50ec0ee22e1968a4f3487d8487026bc2b721692064dcfdd1b6b6aec3e8da3d0ab7d3cc51e2db33c169e6354ea425fbfc1bc39057e64d3aff3749d60edcf0a50fe0e973b5ee3a7cd45ad967564fdbc9832869346037dabe420448b5089ab553c2c87e94befac8d3a0c2a56ca2ab778c2f34f571217c837580e8a524db35baea8024482bb32306182faaf39bb1c4e992c4440889e274952ed3d17d5e87224fec8048e6b7344270e046ab2fdda270ad4e5f651fd6eede5d42d9599265520d45d6f500fd733372a62ab4f496b56839b0d6418961a3b6016c26409daba4f2beeceeb38cc6ba75f57e8ee45d8a6c2ecc031c9469d937b9d7db91ded158ebd7f7d512d445f4104130a429ce7fce52d3fec37df953fc6e6adaa781b820b4bb6d4ffd2c10a16f9583890118793bae09157d3ac5625ad8e66a367488e2722bb82161661711d91a5540a92e3de7506861875575d40465cda28989cbc46fb3d80c2bc7e96afbde1cbd2e89103c55bde669c77b774ea570b26e93a1be5e50269ea5f3355869ac5a9701ac0e7d8f69b0a3186e118c6e2ce8e946c95bd729d94d237e5915e2711cc82826f147176a8a0555b9e11fb9a8ad736d016d202cea43b10a5102e48387ab70069b876051ac0557528c14748aa9cc0e0d9bf512533bdc83610d9f801ec4ed512a4a877e2f45b0cbe87ee25a314d481153eefe8643fb2f3e0478353552b0ae863635ab12e7bf0e4f046e8ba9cb7ce3189d52b2a27ff9e4eb5bf8b12d09d610705eec149589bdd38c951de63de4e3065e45eeb261a72c980349387514cb42467e1fe5812abaf4670e993c6fb561e5cccf7a472ee874bbfe73412bc63f706424f174afd1a3f16fb8b8305d932d33ab211d473d210b87e2f20b6ba951a2b98206793c04516fd57fc7365cec4a1831548470ebefe7f9487cc7b287b2f45eb69b4e165b9f3404d8ac84b2b57ace34de669a85fd885ecb055a6fd2ba5d5396737c702c082bfb35f3ccace91eacfc7a71b2bca1e228170ad6d194aa7c2dc2cf5f0bce153ac1befb2b82e6cf1f12d28812e309f5da0dbe1cad03172d296fa13247b1952ec988316f668aa65e1ca7e9e383b115ce5c25130955c118a0b4567bd180c07ce18bd0c459cc33ed7ba1c43262034a60711315ed81bbc95b7e3088dbd22b976fcd18bae330f08c89236f770478305fac20b5d9bd5cbc98c5c0f9713345c7362bc0e0bc78d212433bcdc6142989bc6ab82160df897825aa906d739dac905a434c90b2cbc72223011ea11480278b681cdcdf5fa63ac5f8b8f1f3ef7d4eb02f422e9fc52b98163630cd2f130f076a33bb011bb8e42800c9475f5cbee042b79fda44b6432b126f085a17553b82d9cae519ec239a9cccb99444f24b8f11e255e31e0d53a28e36949a3f8238c2ea3f4e3d8cf3b85b031c962504d00a4e7928b5fa2fab311bcc54d68738086ce70a8e5bdaf425033036a85e59aa3bb1b01f8b6c6a2e221c69e48565b55a196b2dc9cb067b4ccf8a7c81e31795a8b74e8940455126f19c8bbb9b941cc66c9443fd13e20c2074a9c3bc1740262c1fcb8e9ca5ac5729dfe6e25561eba41ccae8ca2e851affc1ab4ec912925ef7ccf72e97c577413260ccda170d75741336f837258a59da907460a2917f652c6e4ebc0467da8a95f2ceae9afcc4e0d1f4b95fc68b2f5e32af96fb12a8e7f3140dd235a30e5ad94e78cf58ad75ca8a871a70820090ba510e7563c0f78cf364369a51fa6683ff8d24924ceb922927eb0ba1395b7a4f37d92913a9688ef8428a887f1161f10aeab749f5ea8ca24e579008f542a9b785841dae071b94b5a8ba79985930f60ac2c93aa002d84b212e2e2b6c9c2a0694595dad99fd1f27d0044481ef5b364a059599ef982a114a61094b3b7d0f9a7b78d7615cc8573430e676987ab7421fde9abeb29e4529beb6a2724bed86a7b1d27ee73585892f083fad4307696a4166356b9c20a9579bbf3e8cda9ad7ec2b2bb973d05cf8d9457dc03eee2cfbf630dd917768ae652c0627e32ebb4c62951dfbd8e074dfdf02c5517ace50d5813c8d8d7f1fc0fc63a4fae5c2bcf26560c627500e03692384630be287790d545403adc500ef732d66e269b8b051aa57bb865a9b709c7a0426188daf29caf1d062b104592b4f6acc86895956d8085424dba0bfafdf900419f2227db1eca75b338091d23da2067566c6d54de1604bf8d4cce8a0b4484c4645a305861bc46ebccafbe500e01d51236b40027d1b2c7a72937b15899bb982c880d83ed6b70502bd0d68d2a2146a85c6518a11c386df610243ec513e7a284a81c841f9201ee3b9d3a8f44cdf52ec842e07c1f2f35e2a5b17278dce1f9b7fa09866ecb0d2e78fc8095b7dee81d3e308fd10a1490036194bfa89c118bd9c72d4747b90724d7bd0a7ead28c89c23cc6667c1a8b362ca5385d24b2c1265957764a4e46176365a5348bcf85c457921e7fa6c9e165b6c4d8bd9e8782c96839a5fd2679cd08f656ca5b41d00f8429d517a0d776049918e73b4a258fd2a1576b6420b67fc9ff3520556881ef4838e973f552edebde686af1d55e6172e5bb9b01543d32c0c7753b380dd9ed3f5c0b663a9b1bcb4bd36a365172aeee96a8d69c1e5c5b6c88fc9453ace6aa24bdfc1cfa27ea8cc36c80cace296259545a4e155d154ccbf00ae4ff912c583c871b7cdb46813584ea14bb6943d16b3f12e8fe149076e5e646e1dca0bf121a2e2fa09816e9056aa1143988ff17c21c49981445d98d88fd4bba6a59d9f97d301d90e3754103389b36308713c1ba31031e42f2d759343a95bbae9c01a3bb3e6b537b658d1c028c8ec3126bf79db223a3320e25a671ef834c924f02c1bbab338517accb8378f945cb1d65d4dff90f1e3af8168e33a5a124aef715b656075f6a62099afa110f2fe5eb83e0b3e36df91be2125be6500e5f3a81f8bc116f42734c784f6bb6c7e968610243b06026a9def4e85f8344fae36602aa3795cf71ecf7e57a3da0bef859daf649abc6390e86edaa84eefe48999ddba9067b90dd5ea2477f150ab588dadfe79ab7524157d1b94c738ca3345ce8657bfac981cb30b7c0f05f96dafcdce3e41471943609b121de1eda3e95a1c31bada084beec699512c7d5cec71e06a57c177ca1f383120bf46a9c805c9220d3d0c6807d60e6b7f9c80de1d815bdf1ebe62338862719eab55ef4971a69c76aa2f25c3c9d0c2e5c7857a86f9ab26c3c6aa395f2c366548f60a40abbe14dd011358d9b3695b8a091e16552478aeee1e2e91abd67deeb15732f428c3304a2bf2e4cbb3768875b35d126ca46d29e506ee1e0aba7a17eba27c19d7626064c0a17d7ee7f2f220e5e28bd7d691dffa84f2a2f92c924b87da382ae9a688ad4322fa0cc72604fc43e17002b8f3844a7431205de46818310d0fcf4676f45c9941dde767c9a4376e13cd7e91308cc0df25a4c79e390674fa0161695cc9e9bee12620d8571a4b3800370cd01bf0546758a048563539edf15d58b108159ea5fe0f038281c7855bbd92cc86de38df60b8597f4bce4ae9cae1647b5024bfb73630cdf4d1827a5f0ff779a1e6c6efbc6561d06b249986703b9dc61a63e2068e4786e6a8be34a808143301ef00f21bee8399d88ecffddb4867790d4d1cbe827a5a220834ba831d3ba424ff8fc9a99b175d2feca9f581e24bb69bdc4f64a6ea0c9c37d6976d15e9388519a2bed100a2a8358215a8b63b6e25a677875ee2bc3fd9c77783b39a166b863376b496775b83804a2c7f5363cca9ade819034afc2f7b40ffc316089556dec2e55e1bd92c9b905d6b1b9160d6c492d4384acd7e380874939b1ab02dbbacfbedd74cd524b4eab643e8b92d38d9fae446afd8d774d1c933bce8c341f0ff283acec3bbbbfdb06a15eb88ca6600542dda45334a374e31bae", 0xba7}], 0x5}}], 0x1, 0x0)
connect$tipc(r0, &(0x7f0000001dc0)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x2}}, 0x10)

4.389335812s ago: executing program 8 (id=1698):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x4, [@const={0x0, 0x0, 0x0, 0x2}, @fwd={0x2}, @func_proto={0x2, 0x0, 0x0, 0x12, 0x2}, @var={0x2, 0x0, 0x0, 0xe, 0x3}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x50}, 0x28)
r0 = socket(0x2b, 0x1, 0x1)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000340))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_DREG={0x8}, @NFTA_BYTEORDER_SREG={0x8, 0x1, 0x1, 0x0, 0x12}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4}, 0x50)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000004c0))
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_setup(0x10d, &(0x7f00000006c0)={0x0, 0x5885, 0x0, 0x2}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x0, 0x5, r3, 0x0, 0x0, 0x0, 0x800, 0x1})
r6 = mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8, 0x1010, 0xffffffffffffffff, 0x10000000)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r6, &(0x7f00000002c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x21, 0x0, @fd_index=0xa, 0x5, 0x0, 0x80000001, 0x0, 0x1, {0x0, r7}})
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="d80000001c0081044e81f782db44b9040a1d080220000000401296a1180003000700000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c11503c6bbace8017cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
sendmmsg$sock(r0, &(0x7f0000001280)=[{{&(0x7f0000000240)=@in6={0xa, 0x0, 0x0, @dev, 0x5}, 0x80, 0x0}}], 0x1, 0x20000001)
r9 = syz_io_uring_setup(0x19d1, &(0x7f00000003c0)={0x0, 0x0, 0x10100, 0x8000000, 0x8000000}, &(0x7f0000000080)=<r10=>0x0, &(0x7f0000000140)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r9, 0xa3d, 0x0, 0x0, 0x0, 0xff39)
connect$netlink(r0, &(0x7f0000000000)=@unspec, 0xc)

4.015179337s ago: executing program 2 (id=1699):
socket$inet_sctp(0x2, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040), 0x10)
listen(0xffffffffffffffff, 0x0)
r0 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r0, &(0x7f0000000080), 0x10)
sendmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f00000001c0)="a2", 0x1f}], 0x10}, 0x8010)
close(r0)
close(0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff2}, {0xffff, 0xffff}, {0x6, 0x2}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x0)
sendfile(r2, 0xffffffffffffffff, 0x0, 0xdc)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000100)={'syztnl2\x00', &(0x7f00000001c0)={'ip6gre0\x00', <r6=>0x0, 0x29, 0x2, 0x2, 0x7, 0x3e, @dev={0xfe, 0x80, '\x00', 0x11}, @dev={0xfe, 0x80, '\x00', 0x31}, 0x20, 0x8000, 0x7, 0x7fff}})
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="b8000000", @ANYRES16=r5, @ANYBLOB="000827bd7000fedbdf250c0000005400018008000100", @ANYRES32=0x0, @ANYBLOB="1400020076657468315f746f5f68737200000000080003000200000008000300010000001400020076657468305f766c616e000000000000e0218425", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="50000180140002006261746164765f736c6176655f31000008000100", @ANYRES32=0x0, @ANYBLOB="08000300020000001400020069705f7674693000000000000000000014000200626f6e643000"/48], 0xb8}, 0x1, 0x0, 0x0, 0x20040000}, 0x40004)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$ax25(0xffffffffffffffff, &(0x7f0000000140)={{0x3, @default}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @bcast]}, 0x48)

3.655984035s ago: executing program 1 (id=1700):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x84, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x58, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}]}}}, {0xffffffffffffff11, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xc}]}}}, {0x14, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0xac}, 0x1, 0x0, 0x0, 0x88bffd7102520d33}, 0x0)

3.184315506s ago: executing program 7 (id=1701):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$cgroup_type(r1, &(0x7f0000000040), 0x9)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r2, &(0x7f0000000340)=ANY=[], 0xff2e)
ioctl$TCXONC(r2, 0x540a, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x2)
syz_io_uring_setup(0x9eb, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100))

3.159199736s ago: executing program 2 (id=1702):
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$video(&(0x7f0000000000), 0x75, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
socket$nl_crypto(0x10, 0x3, 0x15)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$vim2m(0x0, 0x3, 0x2)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x109942, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x9}, 0x0, &(0x7f00000002c0)={0x3fb, 0x3, 0x400000000001, 0x9, 0x0, 0xf, 0x80000002, 0x2}, 0x0, 0x0)

3.018846014s ago: executing program 1 (id=1703):
socket$nl_route(0x10, 0x3, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
socket(0x40000000015, 0x5, 0x0)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaef2, 0x1000, 0x2, 0xbfcffffc}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0x2, 0x0, 0x4)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_FSYNC={0x3, 0x42, 0x0, @fd=r1, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r5, 0x0, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f00000000c0)=0xe)
ioctl$TIOCSSOFTCAR(r9, 0x541a, &(0x7f0000000500)=0x5)
write$tun(r8, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
pipe2$9p(&(0x7f0000000080), 0x84800)
syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x0, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0)

2.985114746s ago: executing program 8 (id=1704):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4)
bpf$PROG_LOAD(0x5, &(0x7f0000001640)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x5)
r2 = openat$6lowpan_enable(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$6lowpan_enable(r2, &(0x7f0000000180)='1', 0x1)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write(r3, &(0x7f0000000000)="5a000300010003", 0x7)

2.788117509s ago: executing program 2 (id=1705):
openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x10000}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
gettid() (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000140), 0x3, 0x800) (async)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) (async)
pipe2$9p(0x0, 0x0)
r5 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r5, &(0x7f0000000000)={0x18}, 0x18) (async)
write$FUSE_DIRENTPLUS(r5, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_OPEN(r5, &(0x7f0000000180)={0x20, 0x0, 0x0, {0x0, 0x6}}, 0x20) (async)
write$FUSE_GETXATTR(r5, &(0x7f00000004c0)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000600)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@cache_mmap}]}})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) (async)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r4, 0xc1004111, &(0x7f00000004c0)={0x2, [0x0, 0x5, 0x10], [{0x2, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x40, 0x100, 0x0, 0x1}, {0x8000005, 0x80000001, 0x0, 0x0, 0x0, 0x1}, {0x5, 0x80000000, 0x1, 0x0, 0x1, 0x1}, {0x6, 0x10000, 0x1, 0x1}, {0x2, 0x5, 0x1, 0x0, 0x1}, {0x6, 0x9, 0x1, 0x0, 0x1}, {0x7ff, 0x62, 0x0, 0x0, 0x1, 0x1}, {0x7, 0xf, 0x0, 0x0, 0x0, 0x1}, {0x7, 0x3, 0x0, 0x1, 0x1, 0x1}, {0x3, 0x9, 0x1, 0x0, 0x1, 0x1}, {0x3, 0x7, 0x1, 0x1, 0x1}]})
r6 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r6, 0x0, &(0x7f00000000c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0}) (async)
syz_usb_control_io$hid(r6, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000640)=ANY=[], 0x0, 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="200100ea004f"], 0x0})

2.646582867s ago: executing program 8 (id=1706):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000000)=0x7)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
socket(0x200000100000011, 0x3, 0x3)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sysvipc/shm\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000002480)={0x2020}, 0x2020)
syz_open_dev$tty1(0xc, 0x4, 0x1)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(0xffffffffffffffff, &(0x7f00000001c0)={0x1f, @none, 0x1}, 0xa)
shutdown(r5, 0x1)
prlimit64(0x0, 0xb, &(0x7f0000000040)={0x2c5, 0x2}, 0x0)

1.594965394s ago: executing program 6 (id=1707):
read(0xffffffffffffffff, &(0x7f0000000000)=""/112, 0x70)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000140)={0x3, 0x1, 0x46}) (fail_nth: 2)

1.489239571s ago: executing program 7 (id=1708):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
syz_open_dev$sndpcmp(0x0, 0x1, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0x511e36599023629, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0)
r1 = syz_io_uring_setup(0x24fa, &(0x7f00000002c0)={0x0, 0x0, 0x10100}, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000680)=<r3=>0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB='2'], 0x118)
socket$nl_xfrm(0x10, 0x3, 0x6)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READ_FIXED)
r5 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[], 0x34}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r8)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000400)={'wlan0\x00'})
sendmsg$NL80211_CMD_GET_SCAN(r8, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x14, r9, 0xf21, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x4800)
setsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000500)={r7, @multicast1, @empty}, 0xc)
io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
r10 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r10, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$tty1(0xc, 0x4, 0x1)

573.943785ms ago: executing program 1 (id=1709):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000280)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000480)="e3e9c189c063d39b89b5a36273a1ec9640fae33cf066a050a0fe6dedd78b997ab809d7b982466bd2174c2afe5bfbf674cc72aa182a73b2fa995adf9ae33562d21c1ffa24b5efcb1ed56bda13ca00000000000000000000000000000000a196d8b51ec71b1ab1e5617234b765b03f21e02e3b14338bc6258d1c816def36b911b554c6f139adfd009a851dfb17cec65eb0a0eb7bad49ab77838d88d02b7b0cfd3620a62cc8885e9f53d4aa2c2c9a23134ad9d8ba0bb55d04369c67502e6ee64d5ea6302b66", 0xc4}], 0x1, &(0x7f0000000240)=[@assoc={0x18, 0x117, 0x4, 0xffffffff}], 0x18, 0x20000004}], 0x1, 0x2044090)
recvmmsg(r1, &(0x7f0000009500)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001a40)=""/4096}], 0x56}, 0x80001}], 0x1, 0x2100, 0x0)
sendto$unix(r1, &(0x7f00000000c0)="091a8cc09894741896", 0x9, 0x41, 0x0, 0x0)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r2, 0x400448c9, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050000000180100002fee702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b70300000000000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
mkdir(&(0x7f00000001c0)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
r4 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r4, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
socket$packet(0x11, 0xa, 0x300)
keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000200)=[{0x0}], 0x1, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa05aaaaaaaabb88a8000081"], 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r5 = socket$kcm(0x29, 0x5, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000006c0)={{0x1, 0x1, 0x18, r4, {<r6=>0xee00, 0xffffffffffffffff}}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'})
newfstatat(0xffffffffffffff9c, &(0x7f0000002080)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r7=>0x0}, 0x400)
setresuid(0x0, r6, r7)
write$cgroup_pressure(r5, &(0x7f0000000140)={'full'}, 0xfffffdef)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x64)

379.868825ms ago: executing program 8 (id=1710):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) (async)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) (async)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) (async)
write$FUSE_GETXATTR(r2, &(0x7f0000000480)={0x18, 0x0, 0x0, {0x7f}}, 0x18)
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@private2}}, {{@in6=@mcast1}, 0x0, @in=@dev}}, &(0x7f0000000040)=0xe8) (async)
syz_emit_ethernet(0x3b6, &(0x7f0000000800)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x380, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af2502"}, {0x22, 0x1, "000000050000000026000400"}, {0x19, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610700477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x18, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x5, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f019"}, {0x21, 0x7, "b8a3e100908f61640000000200fe80ffff00000000000000ff0bc0fe00000000008879e66485201a0015c883747357a027450004000000"}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c"}, {0x1, 0x5, "d5170000dce9674a36da018dff16e7ff6f50ca0ee2ebcac4da3574ab0b8f14c4b7a94fe18e8860"}]}}}}}}, 0x0) (async)
r3 = timerfd_create(0x0, 0x0)
r4 = epoll_create1(0x0) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038014000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a300000000014000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x24040089}, 0x20008000) (async)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000200)) (async)
timerfd_settime(r3, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0) (async)
clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}) (async)
chdir(&(0x7f00000000c0)='./file0\x00') (async)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@msize={'msize', 0x3d, 0x140000000000000}}, {@nodevmap}, {@access_client}, {@posixacl}]}}) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000020000000000000000000003000000000300000003000000fcffffff00eb0000000039044681c80d1d1d6c00000105000000080000000000000000"], 0x0, 0x4e}, 0x28)
truncate(&(0x7f0000000080)='./file0\x00', 0x0)

0s ago: executing program 6 (id=1711):
r0 = socket$inet6(0xa, 0x3, 0x8)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000000)=0x1000, 0x4)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x78, 0x0, 0x100000000, {0x7, 0xe54, 0x0, {0x400000000, 0x0, 0x0, 0x8, 0x200000000, 0x0, 0x2, 0x9, 0x5, 0x8000, 0x400000, 0x0, 0x0, 0x1ff, 0x2}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000440), 0x800, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000480)={0x48, 0x1, 0x0, 0x0, 0x0, 0x6})
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000540)=0x2, 0x4)
sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001e00)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x0, 0x0)
unshare(0x22020600)
r2 = syz_init_net_socket$llc(0x1a, 0x3, 0x0)
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000340)={0x0, r2}, 0x8)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x7}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0xe, 0x0, &(0x7f00000002c0)="428280f46aa1d3f08a90b1e2e0dc", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
r5 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f3, 0x755, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io(r5, &(0x7f0000000000)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="201207080000070100f4000000"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x400)
ioctl$HIDIOCGRDESC(r6, 0x90044802, &(0x7f0000000840))
bind(r3, &(0x7f00000007c0)=@tipc=@id={0x1e, 0x3, 0x3, {0x4e21}}, 0x80)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWCHAIN={0x30, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x4}]}], {0x14}}, 0x58}}, 0x0)
pipe2(&(0x7f0000000000)={0x0, <r8=>0x0}, 0x0)
close_range(r8, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r8, 0x80184153, &(0x7f0000000200)={0x0, &(0x7f00000001c0)=[&(0x7f0000000880)="62da4ed7dd56a03539d3e573cb3bdafdbbf00871ce33c0e16c29549c718f733ba86b49258b294a35263a166240fee7bcf169feebd50d17cab4cccf8593729fff52a9e5a28c0c0f536351dd213f4cf403f01c122ffc6a5dee0b2b674dd6a5d352da00b3c6ffd5e89f4cb58a637dfe67df23dc5da5defaf54f7a1169c6e94305c89d8ec867e86f0020afca83c58f63a5702ee9a70f56ecd062c576a5e043bf532cf9d5f71628f7b202ed58d72d0c2ec7e8d70bfb4fadbfdb2e569c9146a79b6977b80203bac663af6f4d1663f18d05ee08fa41434235d5a814ba1f41f1fcd78b9c6f43a87a39ad526701308bb367c6595a1595c05efc5ca67b546ac52280d8357ac2210bc3f3f3d76c953168fc230104a9fa3db1f8683382896c17e56928a5dddb82e5c284206d7cd5dd8521001d6654d91e5675b4600a36383065d0a81293cba5243f78711d5bb835e5b813f475715eaa6523fd04f1af63d992ad8b9e20fc05c6fe909144ca6be7bc6415f012153bc4b1311c38cbf68b637cbc8189916efc50455bf506b57af8682b24f18fcf24bc31e9a450f005a8e24cee95c810fc4ebdd25ec4d9fddece520c0da58af822d020f0882d6535e355cf42c9f46077d1cd46ef23cb1063961353e6b990757f1315d95dab40f851a6aadd0361f14d60fb7307699fe99aa309c968f1586b9694019e2a1d46928c616710c09be0da739967af51625f4c932fbb9dcf314e5d95d871a34e5f2ef2c512b0f045e4458135ca025abcb9efa737ff2e814d7c5efb2478e867a5f87464ea3a72d9c27f6a34d0254ee779fcfd8926a58cf79e9f37814dc46cb43beed616536e85835acbba2df336a0ab13b3c184b3fbda5a92e59dad782056dafafac0b7070160788b4d53e5b9b161a289776c1d7a42c3f441c18ab7d2e4ca8f55b841ae5ae1dbc292c31cf7f4762342c4bb849289f37c12b835b03f72ea4f4843c0c37bd609f9492b4117380cd7cec7a473cb89e12c35b83e6e8e7f7fc3f4d03426130028b5429008a360cbfa3c69571ba2fb39085f3a15aafdb22b7513f05e1877978890aafaf59acab6ce1176d8c0f157161c8aa3895ec2c28939b2a1a5967639396a48e3dd7b78fe88ebefdb7f0d0cc51830f680d814a0b5325be427580748c5b431eb7934032962377d3d1574bff34167b70c6574202c2a809bbf848d1541d311934985a2e89e1af3a246704544eab6b1f8221662785ac661ec96ef59a1b0bcaefe36ac630ddc1b52b492e249fcb7d67ca6798b22cdf4612ad806bacfc8f76296c3922ea2ce2b79f2f0887af75d5bfbdc8127cbff367bc7a8d40be8ec94a06e20a7908de42c7692c85dca110a4c4e0abe530c1bd46430e7a62c291fec0a8c56a4e8c1ac23c01bba2b10091031f1207a820906de303bf834c8515bc960258904464b290e081d6298937b3b7162ae30773b71856f784c02a77040c63447f8b17a857c516df958a08cb7e9b1846eec8699054acedff73162328ffd6a03f1596ab70610829d2ab51701a680bce09a5f71e8ae4ed5f5429df582cece123eb39fdd39d4f318747534bc0d05f4342734de77a020a4c205227219ed77887bb81394a318a9770ad206a75ca04896b79849165b9f64e5fd642db18a3b17762d7a49eef42c3a66e0ec65e44d5e95fbfe55a248c4f5ebbc681e26416d63fb40b5f42f334c321130f0ac4f590235f59b0bab94ff4861f3d4a36ae87611133f407e21ec04460fc1c5556d935fb183cc5fdd8bc17582f9731e2a85a16482a672fdf4d3a086a96228dceae1a0c2fe152cbdc87e0b25e10d97d03ea621c05212d705658bbaa56ef4f2127b7eb8a48d1ae07c1895fbec6b7c0366a9872637c72f0c36aca654a3139a992e00106fffd4c2fe893ad45b0cfb65f10e70bdb3d4b3ca2c1b93ad3eb3d608713ff9cfeadd67ab51df44eafea5f6f3555e96a2d338f74546b895d9beaa18b10b68879f819b70a1d86764fbc5205abb489ff7e2e7a75c8ffc2dbe0f9f92dc0fd14f5f32685713c2b8548ba2393c305be347cc540d910fcef9547f8c6ae31cd58835420b06c45b610641b0fa3919e9fd2a34475224a92063228b8b654d44bcf76029800778c59264c8d122c71da4dac2b53b50773b87c0dc5cd31aad53b8d819bc054ccd54ccde7496fa78eb30fb8286e450a8e9181c89a6ea38a5b512ac9402b5275e23d297531a70a2176fd709b02c47ff2d4fe3e98b3346099c04a087420f64c412cc4742f2f23f1647de97751d95a3a00c304b68349c1459529bfae41042b11b1d78da156d4645688df55b6f2a127af7af711ced84d7ec18138ce2af1f7b70a7cc90fb74c5ae2ff83c04c644441dfbd9477fd0e3ceff9f436a555530d760cccb3d2298ffa8030fb80d596e107b8b5ea644a1cf5dd9e190cb923f411776044ffcbb4188c99e14c32e7cb36ae2843c7a4a3b657d20b2d3ea81fac48fdd31927534074efa814a68fad923d57ba8e421dd5d8eaeb80300a9daf54b6cb612d015299528b65c88e655d75b28bcf517adc4d62424720ec12fd9b44befa71e7c2d94b7d4fcf7431a527f42f6e33ab55b0e87d65892469ae4aa925aeec403741e1871f19c6cc1ae956d589324945e7a2280b52d8e49b330c9e864f034e9e86541d746728e82adf24a7e615addd75ec0dbf1a812f0c13e392c28454caaf3489bc9631d24f5766715a907645404ad0f794e2c23e1192ef2c7c2a3d2e5dc9e91a7dadfde4bfbeab77ea5a6cc88d917c5625196c96e3c88f0f74bc9d51ea2664b0c4519ecca57752f7f37092ac1d5b591e4370bcb63e69e8f7a7f0fe5cc58073a5e82938fa502eabc00edc28a3a4e7dc0e4e9997a326d16eef556104695b8e9c36757b7b5703c90f705cbc5b9fe669785a8e76db45cf5ea35476b56e0aa56e7939f11ec36f918302b376a23351b654628c0087a58c8fe2720a1637e740acd5b317e72526eb1575f0a0c2c4873647db6e1a84ee1cead4214a7486f71c92badd2e717533b3cbb7a5b9d7f0f3e7e5e69201ae4e7c8bb961b789ac97cf069990093ea0b54dda7cf701494d58d4799e7641acb514cf6ab1c52445951a1dd4e6df1094d97bb5d90e7f3e67634b9b5e3e82cba3506c46f827e572b361fb342ba26db7412a9739348e48cb5620664920f3dac98c2bb375893e379c9911d030ff642d561984104b27b732f7699033f2e3edd095dce7ea29f8f69ec81bb9fcfed62cea5a4d2f0bc4965456f8fafee9d591fffa21257d4e3e2155bb5de5f54dfad558491a5d89c1fecbdb0183773ffe67f190e260a5275244e6781347dad4be93e0db71529d506f29aef8ccf4c21a1eccb784e2da2d6d962932fcc4005180d0dd62368b0e96cf378640b63d5f970302fc549255469c7ffc5171161e0ed6a5fafe8f3ca4d103f97127b7f909213bbb51bfb335f7d3a494519dcb4ff61b7ae78801fa287ab688eea6abde8478913f3efbef97173024f847018718b1e31a617401d1ea618d2141f77de0be21100041e809e149c98fd3a35ed9b1ba638a6caef8f2fa9deb931f4348c1e547d895ae1df3b246864fbf0e4dae66d279495a1223e5ca611131b7c9a04a85d80ea8a54a40060459c763ce66a06238785b8a2ce6087fbb87278c265ee1f9dedcfad6dd1e45d975e096e2a39228a10a7ea4fa44fa7b1f30ecc4c72166068d409b4f3696bf17d9a0e74795b34d50ebfa06ccd5da3be4177b232613137f00a2e9017046c5c370be3d3c6d489ff369254612cc1014e0a40db87106fa00ce809d9ecfb1129910b24d583e503581176d147126a447db7b3b51f338f0501baaeb9bb98888e0c5f6cc4dbc1f3841f3e8d10ddcb386a2b5c305c636188251f45ea66d8ac552d057acf26267e9c7c0f38ecf9073f9aa1fe8a9acd9b7107ad9c2ce8458acb42ea164c3aa07cd6c89142d3fd468082c971cfceb432801973d655053e7c9644fd0f877b1857f7128afa40d6b1a1c918e0fe42b68ac4b3a200c251b0f81479b6cf6a44573066eb8dc7b0255a27a957f581b32736630161a7544c448cd2648ec2235e7f1ae9aaf1214daa55cfe4df0b74981de0ea27904d8870421eff07c6ca0806b23cec52acded1d13104448ec4ed11a673b94abc8cea91284a652fd8d2b1401fddd938c109275ba11e96aa5f5e2d27537c46a73f570e13909c1982e67dc4e102f614cad855a1ebacde33a491871b4fc854cf117779d1b1e55b3409aa818841d69c4024cc618b28aaad7a890de92befbeb60df2e52fd50f7166ca2077840b83be2a3412464fe997a4662bd6752e5e6780424ccefbb3209b79503daa62e7b03e6a11fae3c1a3f17a8ae7d8a489ae9408cf1c412e92587416b8a3cc55f52880d4fbf2fe46d50a62c83e99c08be6e6af945c08110e46c095956c80e11a8fb3c8ab720a0d09169e26c90b4f3c2867b9d1b657b8ffa258465102356926efd48d3d8b5f237284ea87d5e9feac2988062b4e50c1a8809d734e64514a9397f2632cb2bdbf13449ea754eaf4ff538488b9e87a9c8fc32d81eab418f4a71435f7133367e21bbce83725da65838decd1ef90a51d30af5f99d20b5008d44cde1524aebf18335434b1071d5b4c97866f5b6a9bffe3b502d7ea4b65a7e89c984aba6292e7d52701e7481917bab2ba13ca7740f1bf9675c83ce2e8c76583799ca620d98f30c6e6f68ca2b893d6751420998ecbba3fb3e8a9966e2a3f240479a0aa2dc30b625ae935d4971054b9d61092c7dbb84efd681a75f97c9914707c6a76dac5a8d070b1f27f73554cafc2965e27ae54df601036921d42d9c13c96b89a9f61547aa4fdfdcfc5de3417f95058dcfc753fd8919da51e8aa1d9fc489e29d6ab4f5d219c7fe11dba0500b1035fdb2c0270eebe9cba213470e64aa79f08fb3f4044df57ec48ab9efa0fdd162cdbd6669efce41ad61ea800fffba70fc77262d6c5abecd9b65bae23e3ec4bec7fea22d9055022a4e89cd1bfa70d7e6e9307ed75e2eb9e343d4d3f0292dc10ac558c0289ba2ef519c0c00f29a4488f887126ce42572c4d5ebdb5a1986bdc06ba3d69502f57d04ab161ab808e3bc59d1a3264885b7054a2394c43818984e9ba3a8ccb4dae271a333aac375219a043c77c402ac848775ce7533c59812745aa0cc2e9fd0721d0a1b13ad62fd83134cb425000cf5e10ae6559b7c7104ea1a417259a652d1143817805de293906ccec060dc7706e66107fc9ca35001172a11089e8af07ab66676f6bdb43074c133e26cc14477199f547ade48a7e726466943f7eef6046c6d2068e7d6c4710beff0257fab1365c7edd0bcfc4ecb8a713aa0723727f91979d5b6082ef34f20404ab6fcc6489bf3ae43c6d6d9c4386d09b5990d3ecab26c27efcedc86774581cb8e9cfc5c05efa616d80a99df025084d28a22ae58c7fb462d7a95b2f291cdd04dbe650f705ae120b453d9c0e6cf4f97179dfd4c3edccbb767ffc0fcaccbf3e3830f984616f341fe17467e5f9e17dc622825e5301e95dde37f3e4db13ef9dd912d3cf49632792d3286d76a4c7f17a416b9d16cebdd784d52775e47ea93d3014f77af9f737124264bf69a7b2edae3b114084223ba183176180467ff9d75b811932692be79a8d22fc208415dd423414acb4b93e93b27b18c30a08f71df601c3ea8ea9f783d6183f2cf7ff607168e3f811440d8dc5e08b12ab87b45ada810e9c7d564d3234a9fd6fc830c07407b0e010d071e6226675cd158c1f16103edd5c5bdf40f2cfca771d934b2ebebd3d31a8be60a1c756e3dea3d68ad537d41fa6810afc27f528a2258d9c", &(0x7f00000000c0)="ad6f071b02d239b3feca3c43f22dfc2d1f43ed3010dd95433887e2415b60c363f5defa6900fc8b77328c61711b89abe4fd2214eefb3d8631ac029b9071ce0406363b08604e5a8fb36b3b256ae2d03d789dcd7511a3dcedec2b52935bf1b73ab0d154d34c767d5778047ee1f14cce300c18cecc20e9e848929dc27f6800588c498ff656beafbe73b3907191a7500cfa28a5e67ef46feadc8deb735ff5cc18936818a6824fb98afbdc4b9b9afcb2a4590942e1e96dc1214b4ad979ccee538219eec4daa34b", &(0x7f0000000280)="c8ee42bd91ac76749628e3738c24181d8525483289148726155dbd2267dace44a7870e48677eda1200c54cba9defce1ea0c9addd90da3308b342a3e3923ab210d1fc4b15a51e33e58224305e3b0d06d6e422cb2ec5032c12389b8ddf30b6e178eed40b738e671edfbf50be466fc11cb47447f84cbf6c7df72c8e9b123af64866295b928f1b44d3a6ae626564243e53"]})
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

kernel console output (not intermixed with test programs):

549.930460][   T68] hsr_slave_0: left promiscuous mode
[  549.950649][   T68] hsr_slave_1: left promiscuous mode
[  549.971987][ T5942] usb usb6-port1: unable to enumerate USB device
[  550.020125][   T68] veth1_macvtap: left promiscuous mode
[  550.049602][   T68] veth0_macvtap: left promiscuous mode
[  550.055813][   T68] veth1_vlan: left promiscuous mode
[  550.062092][   T68] veth0_vlan: left promiscuous mode
[  550.095351][ T5814] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  550.124396][ T5814] ath9k_htc: Failed to initialize the device
[  550.148951][   T10] usb 3-1: ath9k_htc: USB layer deinitialized
[  550.399115][T10073] netlink: 104 bytes leftover after parsing attributes in process `syz.1.895'.
[  550.632802][   T10] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  551.036771][   T10] usb 3-1: Using ep0 maxpacket: 32
[  551.047337][   T10] usb 3-1: no configurations
[  551.069228][   T10] usb 3-1: can't read configurations, error -22
[  551.584436][T10086] netlink: 'syz.5.898': attribute type 4 has an invalid length.
[  552.082867][   T10] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  552.660669][   T68] team0 (unregistering): Port device team_slave_1 removed
[  552.715784][   T68] team0 (unregistering): Port device team_slave_0 removed
[  553.701605][   T43] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  553.987572][T10100] tmpfs: Unknown parameter 'usrquota€'
[  554.021313][   T43] usb 6-1: Using ep0 maxpacket: 8
[  554.226052][ T9674] 8021q: adding VLAN 0 to HW filter on device batadv0
[  554.269558][   T43] usb 6-1: config 0 has an invalid interface number: 46 but max is 0
[  554.290725][   T43] usb 6-1: config 0 has no interface number 0
[  554.299667][   T43] usb 6-1: config 0 interface 46 has no altsetting 0
[  554.327344][   T43] usb 6-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=f3.33
[  554.352587][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  554.371806][   T43] usb 6-1: Product: syz
[  554.440475][   T43] usb 6-1: Manufacturer: syz
[  554.454655][   T68] IPVS: stop unused estimator thread 0...
[  554.464320][   T43] usb 6-1: SerialNumber: syz
[  554.482768][ T9746] 8021q: adding VLAN 0 to HW filter on device bond0
[  554.492114][   T43] usb 6-1: config 0 descriptor??
[  554.597780][ T9746] 8021q: adding VLAN 0 to HW filter on device team0
[  554.665490][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  554.672781][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  554.848789][   T43] f81534a_ctrl 6-1:0.46: failed to set register 0x116: -5
[  554.850835][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  554.863134][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  555.759096][   T43] f81534a_ctrl 6-1:0.46: failed to enable ports: -5
[  555.791581][   T43] f81534a_ctrl 6-1:0.46: probe with driver f81534a_ctrl failed with error -5
[  555.811627][   T43] usb 6-1: USB disconnect, device number 17
[  557.022585][ T9674] veth0_vlan: entered promiscuous mode
[  557.179184][ T9674] veth1_vlan: entered promiscuous mode
[  557.404069][ T9746] 8021q: adding VLAN 0 to HW filter on device batadv0
[  557.430290][ T9674] veth0_macvtap: entered promiscuous mode
[  557.470400][ T9674] veth1_macvtap: entered promiscuous mode
[  558.483225][ T9674] batman_adv: batadv0: Interface activated: batadv_slave_0
[  558.546281][ T9674] batman_adv: batadv0: Interface activated: batadv_slave_1
[  558.596812][ T9674] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  558.605613][    T9] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  558.623755][ T9674] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  558.650990][ T9674] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  558.659900][ T9674] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  558.754200][    T9] usb 6-1: config 1 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  558.800951][   T43] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  558.805914][    T9] usb 6-1: config 1 interface 0 has no altsetting 0
[  558.847993][    T9] usb 6-1: New USB device found, idVendor=05ac, idProduct=0241, bcdDevice= 0.40
[  558.889092][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  558.889664][T10161] netlink: 24 bytes leftover after parsing attributes in process `syz.2.912'.
[  558.923412][    T9] usb 6-1: Product: syz
[  558.927709][    T9] usb 6-1: Manufacturer: syz
[  558.937423][ T1329] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  558.957647][    T9] usb 6-1: SerialNumber: syz
[  558.978904][ T1329] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  559.020613][   T43] usb 2-1: config 0 has too many interfaces: 202, using maximum allowed: 32
[  559.061670][   T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  559.106065][ T2965] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  559.114851][   T43] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 202
[  559.145519][ T2965] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  559.167146][   T43] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  559.194742][   T43] usb 2-1: New USB device strings: Mfr=33, Product=2, SerialNumber=3
[  559.235355][   T43] usb 2-1: Product: syz
[  559.239583][   T43] usb 2-1: Manufacturer: syz
[  559.274165][   T43] usb 2-1: SerialNumber: syz
[  559.295475][   T43] usb 2-1: config 0 descriptor??
[  559.313724][   T43] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  559.433631][T10170] netlink: 108 bytes leftover after parsing attributes in process `syz.2.913'.
[  559.545406][T10170] Bluetooth: MGMT ver 1.23
[  559.683779][   T43] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2
[  559.734187][   T43] usb 2-1: USB disconnect, device number 29
[  559.847859][ T9189] udevd[9189]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  559.875382][ T9746] veth0_vlan: entered promiscuous mode
[  559.940003][ T9746] veth1_vlan: entered promiscuous mode
[  560.059731][ T9746] veth0_macvtap: entered promiscuous mode
[  560.110481][ T9746] veth1_macvtap: entered promiscuous mode
[  560.229880][ T9746] batman_adv: batadv0: Interface activated: batadv_slave_0
[  560.240534][T10183] netlink: 28 bytes leftover after parsing attributes in process `syz.2.914'.
[  560.299042][T10183] netlink: 'syz.2.914': attribute type 7 has an invalid length.
[  560.313136][ T9746] batman_adv: batadv0: Interface activated: batadv_slave_1
[  560.346016][T10183] netlink: 'syz.2.914': attribute type 8 has an invalid length.
[  560.363385][ T9746] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  560.387657][ T9746] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  560.392892][T10183] netlink: 4 bytes leftover after parsing attributes in process `syz.2.914'.
[  560.420329][ T9746] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  560.457136][ T9746] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  560.799392][    T9] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input15
[  560.848776][ T5176] bcm5974 6-1:1.0: could not read from device
[  560.927624][ T5176] bcm5974 6-1:1.0: could not read from device
[  560.939818][    T9] usb 6-1: USB disconnect, device number 18
[  560.970641][   T30] audit: type=1326 audit(1751015682.218:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10202 comm="syz.5.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  561.246382][T10210] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[  561.260975][T10210] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  561.881383][  T967] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  561.889274][  T967] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  561.911318][   T30] audit: type=1326 audit(1751015682.218:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10202 comm="syz.5.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  561.948441][  T967] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  562.104829][   T30] audit: type=1326 audit(1751015682.298:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10202 comm="syz.5.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  562.178322][  T967] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  562.274018][   T30] audit: type=1326 audit(1751015682.298:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10202 comm="syz.5.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  562.998934][T10220] netlink: 200 bytes leftover after parsing attributes in process `syz.6.921'.
[  563.108608][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  563.115124][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  563.125415][   T30] audit: type=1326 audit(1751015682.298:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10202 comm="syz.5.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  563.136934][T10222] libceph: resolve '0.0' (ret=-3): failed
[  563.147847][   T30] audit: type=1326 audit(1751015682.318:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10202 comm="syz.5.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  563.186584][   T30] audit: type=1326 audit(1751015682.318:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10202 comm="syz.5.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  563.232066][T10220] ptrace attach of "./syz-executor exec"[9674] was attempted by "ß–é·´�)Qoƒ ¬¶ ÿ\x0dvé”Ò¢Ï9T{¨-9È2\x0ap_3j ¥í…nòÐÞ­O³a“)b¡¿†k´ü¿—Òߟ.µ¸\x0aKæ~òœ›±¿´Øª¾³þKOkF^ªƒ3Üý¶ò�B3»ç)Ðùè«åç¦Æ{\x5cüäõrHBd¿,µÛX¨\x09\x0bì3îc›÷\x22¬&WÜ\x22Ð\x1b·T¾L'Á‡\x09êÁ!_†NÍhÙ¹=ún>ÒaÚõûð� £(G6¨¶èŒ·…A+&ϋЈU©›ß�¡a¾{@{ø\x0bî[ɸýÛYaºócßξA¯™ò¥ÁÈÌ
„‰‡zœàÂGl:d<]ýu~v•�!Â9÷,Ú?Å´‘>\x22ar\x1b�ªl¦KÚ¬ôYêüå*VÌßSŽ”8›…È�6]àk‡½KÌ.�¨=°’ÚÛ`#æòðåž\x07Ÿ„x!œ—‹g·MDôŒÉÿÿRå*áOLK\x0cÛ}oKáb�
¼A>{Ã@aÞM¨dÇnQj›ãÌ–—„�ó
ÂÀ5)üö]Ú;r¦­,L± \x0cÃ=\x0d«ûïW¢’¡ÓAE½ ¤nË`>åÆŸçòs-Ä3…ì`y«feH�‹»¦½^/$¨L1&·¡™N‹P\x0d1�ß‘D<­\x07c§Pd(ß·E¤ÓdžÛt¦¦çaÀE’�!úÒ­ Ã\x09@¤ÝžHG—~è·H<ÜÒD$¥\x0crXŒ´œ`Ç-ͪ/‡IF�¾þ�ÈÑÚEÛàtIáìâˆ;{�¬ÿ„Æ«—ë—*W\x0c÷¢�\x0a¶:ßÒE­–Ì€«V'ˆ\x0cº†È8sÍejkþ¡ÅÓe~É«ÉÿRò ÊãîÜLìÒêôB*´\x0b-¡ræÈ@\x07ËÒV˜MÅ¡ývà¿ù%OymÇ‚WGüÜ•‹�ó|òÈʤ=¨týƒ¦®»U§Þñ?‡£h£ØKÉ0uÓ£Ùœþ½0ÒG Ì'Ãb,‚þè\x22ߊåÿ
õ;2£Õˆ±'G/Þ³7ò´Wd\x5c!ów%°èñxgŸ\x22âÍx•± ì[4!Nl’˜òQ(\x0a@é[Å+ ÌØ�ÝǬ[[zN¨þ úîs¡B&ãµâÿ�™XïƒÅ>%©ö3Š‘�
{¦- —^ÀÇQÇš4e3\x0b�>ÊsFÌ—ÝH]+\x
[  563.235240][   T30] audit: type=1326 audit(1751015682.318:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10202 comm="syz.5.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  563.355942][ T5141] Bluetooth: hci0: command tx timeout
[  563.457570][   T30] audit: type=1326 audit(1751015682.328:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10202 comm="syz.5.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  563.481006][   T30] audit: type=1326 audit(1751015682.328:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10202 comm="syz.5.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  563.633867][T10231] netlink: 8 bytes leftover after parsing attributes in process `syz.2.923'.
[  565.112040][T10251] tmpfs: Unknown parameter 'usrquota€'
[  566.034495][T10264] netlink: 28 bytes leftover after parsing attributes in process `syz.6.932'.
[  566.137469][T10265] netlink: 28 bytes leftover after parsing attributes in process `syz.6.932'.
[  568.601515][   T24] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  568.609231][   T43] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  568.792690][   T24] usb 6-1: unable to get BOS descriptor or descriptor too short
[  569.019347][   T43] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  569.075305][   T24] usb 6-1: config 3 has an invalid interface number: 19 but max is 0
[  569.131559][   T43] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  569.272905][   T24] usb 6-1: config 3 has an invalid interface number: 4 but max is 0
[  569.318821][   T24] usb 6-1: config 3 has 2 interfaces, different from the descriptor's value: 1
[  569.334067][   T43] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  569.351343][   T24] usb 6-1: config 3 has no interface number 0
[  569.357652][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  569.377916][   T24] usb 6-1: config 3 has no interface number 1
[  569.385312][   T43] usb 7-1: SerialNumber: syz
[  569.391427][   T24] usb 6-1: config 3 interface 19 altsetting 9 endpoint 0x6 has invalid maxpacket 1040, setting to 64
[  569.455880][   T24] usb 6-1: config 3 interface 19 altsetting 9 has 2 endpoint descriptors, different from the interface descriptor's value: 4
[  569.501340][   T24] usb 6-1: too many endpoints for config 3 interface 4 altsetting 131: 175, using maximum allowed: 30
[  569.550020][   T24] usb 6-1: config 3 interface 4 altsetting 131 bulk endpoint 0x8E has invalid maxpacket 32
[  569.626719][   T24] usb 6-1: config 3 interface 4 altsetting 131 endpoint 0xC has invalid wMaxPacketSize 0
[  569.671272][   T24] usb 6-1: config 3 interface 4 altsetting 131 bulk endpoint 0xC has invalid maxpacket 0
[  569.691590][   T24] usb 6-1: config 3 interface 4 altsetting 131 has 2 endpoint descriptors, different from the interface descriptor's value: 175
[  569.839426][   T24] usb 6-1: config 3 interface 19 has no altsetting 0
[  569.871470][   T24] usb 6-1: config 3 interface 4 has no altsetting 0
[  569.914092][   T24] usb 6-1: New USB device found, idVendor=067b, idProduct=2303, bcdDevice=13.f5
[  569.940883][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.996395][   T24] usb 6-1: Product: syz
[  570.012556][   T24] usb 6-1: Manufacturer: syz
[  570.017278][   T24] usb 6-1: SerialNumber: syz
[  570.081678][ T5942] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  570.253115][ T5942] usb 3-1: Using ep0 maxpacket: 16
[  570.263889][   T43] usb 7-1: 0:2 : does not exist
[  570.321000][ T5942] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  570.633785][ T5942] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  570.666090][   T43] usb 7-1: USB disconnect, device number 2
[  570.724359][ T5942] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  570.766265][ T5942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  570.824418][ T9218] udevd[9218]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  570.836041][ T5942] usb 3-1: config 0 descriptor??
[  571.366211][ T5942] hid-multitouch 0003:1FD2:6007.0007: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0
[  571.604112][T10313] netlink: 'syz.2.941': attribute type 1 has an invalid length.
[  571.998240][T10313] 8021q: adding VLAN 0 to HW filter on device bond1
[  573.313195][    T9] usb 3-1: USB disconnect, device number 36
[  573.857108][T10349] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  575.173499][   T24] pl2303 6-1:3.19: required endpoints missing
[  575.194536][   T24] pl2303 6-1:3.4: required interrupt-in endpoint missing
[  575.403482][    T9] usb 6-1: USB disconnect, device number 19
[  575.572256][T10374] tmpfs: Unknown parameter 'usrquota€'
[  576.632539][T10379] kvm: kvm [10378]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0x200000000400
[  577.871271][    T9] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  579.281192][    T9] usb 2-1: Using ep0 maxpacket: 8
[  579.369577][    T9] usb 2-1: config 1 has an invalid descriptor of length 230, skipping remainder of the config
[  580.200898][    T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  580.352174][    T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.44
[  580.391263][    T9] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=3
[  580.399355][    T9] usb 2-1: Product: syz
[  580.469386][    T9] usb 2-1: Manufacturer: syz
[  580.488793][    T9] usb 2-1: SerialNumber: syz
[  580.538967][    T9] usb 2-1: can't set config #1, error -71
[  580.787864][T10435] FAULT_INJECTION: forcing a failure.
[  580.787864][T10435] name failslab, interval 1, probability 0, space 0, times 0
[  580.800924][T10435] CPU: 1 UID: 0 PID: 10435 Comm: syz.2.965 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) 
[  580.800952][T10435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  580.800964][T10435] Call Trace:
[  580.800973][T10435]  <TASK>
[  580.800982][T10435]  dump_stack_lvl+0x189/0x250
[  580.801016][T10435]  ? __pfx____ratelimit+0x10/0x10
[  580.801044][T10435]  ? __pfx_dump_stack_lvl+0x10/0x10
[  580.801072][T10435]  ? __pfx__printk+0x10/0x10
[  580.801100][T10435]  ? __pfx___might_resched+0x10/0x10
[  580.801127][T10435]  ? fs_reclaim_acquire+0x7d/0x100
[  580.801160][T10435]  should_fail_ex+0x414/0x560
[  580.801190][T10435]  should_failslab+0xa8/0x100
[  580.801217][T10435]  __kmalloc_noprof+0xcb/0x4f0
[  580.801238][T10435]  ? kfree+0x4d/0x440
[  580.801255][T10435]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  580.801289][T10435]  tomoyo_realpath_from_path+0xe3/0x5d0
[  580.801319][T10435]  ? tomoyo_domain+0xda/0x130
[  580.801353][T10435]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  580.801378][T10435]  tomoyo_path_number_perm+0x1e8/0x5a0
[  580.801405][T10435]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  580.801426][T10435]  ? rcu_is_watching+0x15/0xb0
[  580.801457][T10435]  ? __pfx___schedule+0x10/0x10
[  580.801480][T10435]  ? __schedule+0x16c0/0x4cb0
[  580.801516][T10435]  ? __lock_acquire+0xab9/0xd20
[  580.801567][T10435]  ? __fget_files+0x2a/0x420
[  580.801596][T10435]  ? __fget_files+0x2a/0x420
[  580.801619][T10435]  ? __fget_files+0x3a0/0x420
[  580.801643][T10435]  ? __fget_files+0x2a/0x420
[  580.801672][T10435]  security_file_ioctl+0xcb/0x2d0
[  580.801701][T10435]  __se_sys_ioctl+0x47/0x170
[  580.801725][T10435]  do_syscall_64+0xfa/0x3b0
[  580.801754][T10435]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.801773][T10435]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  580.801792][T10435]  ? clear_bhb_loop+0x60/0xb0
[  580.801817][T10435]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.801845][T10435] RIP: 0033:0x7fda1078e929
[  580.801863][T10435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  580.801880][T10435] RSP: 002b:00007fda0e5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  580.801903][T10435] RAX: ffffffffffffffda RBX: 00007fda109b6160 RCX: 00007fda1078e929
[  580.801917][T10435] RDX: 0000200000000040 RSI: 00000000000089a0 RDI: 0000000000000009
[  580.801930][T10435] RBP: 00007fda0e5f6090 R08: 0000000000000000 R09: 0000000000000000
[  580.801943][T10435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  580.801954][T10435] R13: 0000000000000000 R14: 00007fda109b6160 R15: 00007ffc21faf3c8
[  580.801988][T10435]  </TASK>
[  581.064097][T10435] ERROR: Out of memory at tomoyo_realpath_from_path.
[  581.075678][    T9] usb 2-1: USB disconnect, device number 30
[  581.498669][T10423] netlink: 'syz.5.966': attribute type 10 has an invalid length.
[  582.034644][T10423] batman_adv: batadv0: Adding interface: wlan0
[  582.041181][T10423] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  582.067185][T10423] batman_adv: batadv0: Interface activated: wlan0
[  582.813611][T10477] syz.1.970: attempt to access beyond end of device
[  582.813611][T10477] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  582.995033][T10477] (syz.1.970,10477,0):ocfs2_get_sector:1714 ERROR: status = -5
[  583.500971][T10477] (syz.1.970,10477,1):ocfs2_sb_probe:753 ERROR: status = -5
[  583.508351][T10477] (syz.1.970,10477,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  583.646249][T10477] (syz.1.970,10477,1):ocfs2_fill_super:1177 ERROR: status = -5
[  584.576322][T10497] FAULT_INJECTION: forcing a failure.
[  584.576322][T10497] name failslab, interval 1, probability 0, space 0, times 0
[  584.628958][T10497] CPU: 0 UID: 0 PID: 10497 Comm: syz.5.975 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) 
[  584.628990][T10497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  584.629001][T10497] Call Trace:
[  584.629010][T10497]  <TASK>
[  584.629019][T10497]  dump_stack_lvl+0x189/0x250
[  584.629053][T10497]  ? __pfx____ratelimit+0x10/0x10
[  584.629090][T10497]  ? __pfx_dump_stack_lvl+0x10/0x10
[  584.629118][T10497]  ? __pfx__printk+0x10/0x10
[  584.629146][T10497]  ? __pfx___might_resched+0x10/0x10
[  584.629173][T10497]  ? fs_reclaim_acquire+0x7d/0x100
[  584.629207][T10497]  should_fail_ex+0x414/0x560
[  584.629237][T10497]  should_failslab+0xa8/0x100
[  584.629265][T10497]  __kmalloc_noprof+0xcb/0x4f0
[  584.629286][T10497]  ? __list_lru_init+0xba/0x5c0
[  584.629326][T10497]  __list_lru_init+0xba/0x5c0
[  584.629353][T10497]  ? __raw_spin_lock_init+0x45/0x100
[  584.629383][T10497]  alloc_super+0x7cb/0x970
[  584.629408][T10497]  ? __pfx_super_s_dev_test+0x10/0x10
[  584.629432][T10497]  sget_fc+0x329/0xa40
[  584.629455][T10497]  ? __pfx_super_s_dev_set+0x10/0x10
[  584.629479][T10497]  get_tree_bdev_flags+0x203/0x4d0
[  584.629502][T10497]  ? __pfx_ocfs2_fill_super+0x10/0x10
[  584.629524][T10497]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  584.629544][T10497]  ? cap_capable+0x11f/0x460
[  584.629567][T10497]  ? ocfs2_init_fs_context+0x65/0x260
[  584.629587][T10497]  ? safesetid_security_capable+0xa9/0x1a0
[  584.629619][T10497]  vfs_get_tree+0x8f/0x2b0
[  584.629647][T10497]  do_new_mount+0x24a/0xa40
[  584.629682][T10497]  __se_sys_mount+0x317/0x410
[  584.629716][T10497]  ? __pfx___se_sys_mount+0x10/0x10
[  584.629738][T10497]  ? rcu_is_watching+0x15/0xb0
[  584.629773][T10497]  ? do_syscall_64+0xbe/0x3b0
[  584.629799][T10497]  ? __x64_sys_mount+0x20/0xc0
[  584.629826][T10497]  do_syscall_64+0xfa/0x3b0
[  584.629853][T10497]  ? lockdep_hardirqs_on+0x9c/0x150
[  584.629879][T10497]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.629899][T10497]  ? clear_bhb_loop+0x60/0xb0
[  584.629923][T10497]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.629943][T10497] RIP: 0033:0x7f6caa98e929
[  584.629961][T10497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  584.629979][T10497] RSP: 002b:00007f6cab725038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  584.630003][T10497] RAX: ffffffffffffffda RBX: 00007f6caabb5fa0 RCX: 00007f6caa98e929
[  584.630018][T10497] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000200000000040
[  584.630031][T10497] RBP: 00007f6cab725090 R08: 0000000000000000 R09: 0000000000000000
[  584.630044][T10497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  584.630056][T10497] R13: 0000000000000000 R14: 00007f6caabb5fa0 R15: 00007fffeecad818
[  584.630097][T10497]  </TASK>
[  585.290308][ T5814] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  586.135210][ T5814] usb 7-1: Using ep0 maxpacket: 16
[  586.141505][ T5814] usb 7-1: too many configurations: 212, using maximum allowed: 8
[  586.151217][ T5814] usb 7-1: config 6 has no interfaces?
[  586.158408][ T5814] usb 7-1: config 6 has no interfaces?
[  586.191987][ T5814] usb 7-1: config 6 has no interfaces?
[  586.311248][   T24] usb 6-1: new low-speed USB device number 20 using dummy_hcd
[  586.320923][ T5814] usb 7-1: config 6 has no interfaces?
[  586.374893][ T5814] usb 7-1: config 6 has no interfaces?
[  586.949796][   T24] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  587.059333][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  587.260619][   T24] usb 6-1: config 0 descriptor??
[  587.514296][ T5814] usb 7-1: unable to read config index 5 descriptor/start: -71
[  587.523903][ T5814] usb 7-1: can't read configurations, error -71
[  587.780274][T10535] netlink: 'syz.6.981': attribute type 10 has an invalid length.
[  587.799803][T10535] batman_adv: batadv0: Adding interface: wlan0
[  587.809172][T10535] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  587.837178][T10535] batman_adv: batadv0: Interface activated: wlan0
[  588.742083][   T24] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  588.781209][   T24] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9
[  588.841359][   T24] asix 6-1:0.0: probe with driver asix failed with error -71
[  588.901800][   T24] usb 6-1: USB disconnect, device number 20
[  589.834178][T10550] netlink: 4 bytes leftover after parsing attributes in process `syz.5.986'.
[  590.399030][   T30] kauditd_printk_skb: 26 callbacks suppressed
[  590.399049][   T30] audit: type=1326 audit(1751015711.648:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10554 comm="syz.7.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b18e929 code=0x7fc00000
[  591.079658][   T30] audit: type=1326 audit(1751015712.318:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10554 comm="syz.7.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f230b18e929 code=0x7fc00000
[  591.201025][   T24] usb 6-1: new full-speed USB device number 21 using dummy_hcd
[  591.476491][   T24] usb 6-1: device descriptor read/64, error -71
[  591.813335][   T24] usb 6-1: new full-speed USB device number 22 using dummy_hcd
[  592.083718][   T24] usb 6-1: device descriptor read/64, error -71
[  592.361887][   T24] usb usb6-port1: attempt power cycle
[  592.372965][T10586] netlink: 68 bytes leftover after parsing attributes in process `syz.2.994'.
[  592.382875][T10589] sg_write: process 72 (syz.6.995) changed security contexts after opening file descriptor, this is not allowed.
[  592.709094][T10585] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  592.769130][   T24] usb 6-1: new full-speed USB device number 23 using dummy_hcd
[  592.827177][   T24] usb 6-1: device descriptor read/8, error -71
[  593.028122][T10599] netlink: 108 bytes leftover after parsing attributes in process `syz.6.997'.
[  593.111815][   T24] usb 6-1: new full-speed USB device number 24 using dummy_hcd
[  593.150337][   T24] usb 6-1: device descriptor read/8, error -71
[  593.345361][   T24] usb usb6-port1: unable to enumerate USB device
[  593.430734][T10585] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  593.550936][ T5814] usb 6-1: new full-speed USB device number 25 using dummy_hcd
[  593.824782][ T5814] usb 6-1: device descriptor read/64, error -71
[  594.225756][ T5814] usb 6-1: new full-speed USB device number 26 using dummy_hcd
[  594.339051][T10585] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.946573][T10620] fuse: Unknown parameter ''
[  594.958598][T10621] netlink: 'syz.5.1000': attribute type 10 has an invalid length.
[  594.970170][T10585] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  595.029994][T10621] 8021q: adding VLAN 0 to HW filter on device batadv0
[  595.156445][T10621] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  595.246542][T10626] tmpfs: Unknown parameter 'usrquota€'
[  595.804531][T10585] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  596.803284][T10585] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  597.032384][T10585] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  597.099480][T10585] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  598.692782][T10673] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  598.881914][T10682] netlink: 108 bytes leftover after parsing attributes in process `syz.5.1015'.
[  599.382259][   T30] audit: type=1800 audit(1751015720.618:343): pid=10683 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.1017" name="dmabuf" dev="dmabuf" ino=9 res=0 errno=0
[  599.633387][T10686] netlink: 'syz.7.1016': attribute type 4 has an invalid length.
[  600.547393][T10692] netlink: 144 bytes leftover after parsing attributes in process `syz.5.1019'.
[  600.652106][T10692] warning: `syz.5.1019' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  602.494034][T10724] ubi: mtd0 is already attached to ubi31
[  602.663548][T10727] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1029'.
[  604.385966][ T5814] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  604.571953][ T5814] usb 6-1: Using ep0 maxpacket: 8
[  604.587515][ T5814] usb 6-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f
[  604.632365][ T5814] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.660512][ T5814] usb 6-1: Product: syz
[  604.679638][ T5814] usb 6-1: Manufacturer: syz
[  604.697913][ T5814] usb 6-1: SerialNumber: syz
[  604.742089][ T5814] usb 6-1: config 0 descriptor??
[  604.981981][T10764] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1037'.
[  605.372425][T10751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  605.410124][ T5814] usbtest 6-1:0.0: FX2 device
[  605.441649][T10751] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  605.482985][ T5814] usbtest 6-1:0.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  605.560308][ T5814] usb 6-1: USB disconnect, device number 27
[  611.582177][T10815] x_tables: duplicate underflow at hook 2
[  612.971547][T10830] tmpfs: Bad value for 'mpol'
[  614.640986][   T30] audit: type=1326 audit(1751015735.858:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10861 comm="syz.7.1064" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f230b18e929 code=0x0
[  614.880825][T10873] netlink: 256 bytes leftover after parsing attributes in process `syz.7.1064'.
[  614.895028][T10873] netlink: 'syz.7.1064': attribute type 4 has an invalid length.
[  615.765960][   T24] usb 6-1: new full-speed USB device number 28 using dummy_hcd
[  616.993141][   T24] usb 6-1: config 150 has an invalid interface number: 204 but max is 1
[  617.011033][   T24] usb 6-1: config 150 has no interface number 0
[  617.017389][   T24] usb 6-1: config 150 interface 204 has no altsetting 0
[  617.145975][   T24] usb 6-1: config 150 interface 1 has no altsetting 0
[  617.219007][   T24] usb 6-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  617.235528][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  617.245958][   T24] usb 6-1: Product: syz
[  617.250279][   T24] usb 6-1: Manufacturer: syz
[  617.261206][   T24] usb 6-1: SerialNumber: syz
[  617.421086][ T5942] usb 2-1: new low-speed USB device number 31 using dummy_hcd
[  617.791036][   T24] xr_serial 6-1:150.204: xr_serial converter detected
[  618.134283][ T5942] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  618.163838][ T5942] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  618.183720][ T5942] usb 2-1: config 0 descriptor??
[  618.379817][   T24] xr_serial ttyUSB0: Failed to set reg 0x0d: -71
[  618.425445][   T24] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  618.436773][ T5942] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  618.505964][ T5942] asix 2-1:0.0: probe with driver asix failed with error -32
[  619.322771][   T24] usb 6-1: USB disconnect, device number 28
[  619.342749][   T24] xr_serial 6-1:150.204: device disconnected
[  619.944919][T10927] netlink: 108 bytes leftover after parsing attributes in process `syz.5.1077'.
[  620.294433][   T30] audit: type=1326 audit(1751015741.548:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10926 comm="syz.2.1078" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda1078e929 code=0x0
[  620.456382][T10935] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1078'.
[  620.491647][T10935] netlink: 'syz.2.1078': attribute type 4 has an invalid length.
[  620.919325][ T5942] usb 2-1: USB disconnect, device number 31
[  624.213900][T10987] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1090'.
[  624.602765][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  624.609144][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  625.440923][   T43] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  625.623779][   T43] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[  625.633862][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  625.722295][   T43] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  625.794345][   T43] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  625.825628][   T43] usb 2-1: Manufacturer: syz
[  625.852209][   T43] usb 2-1: config 0 descriptor??
[  626.127157][   T43] rc_core: IR keymap rc-hauppauge not found
[  626.145574][   T43] Registered IR keymap rc-empty
[  626.216435][   T43] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  627.101859][   T43] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input16
[  627.214986][   T43] usb 2-1: USB disconnect, device number 32
[  627.699169][T11045] loop3: detected capacity change from 0 to 1
[  627.732323][T11045] Dev loop3: unable to read RDB block 1
[  627.759649][T11045]  loop3: unable to read partition table
[  627.772734][T11045] loop3: partition table beyond EOD, truncated
[  627.859592][T11045] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[  628.116867][T11048] Dev loop3: unable to read RDB block 1
[  628.277961][T11048]  loop3: unable to read partition table
[  628.477364][T11048] loop3: partition table beyond EOD, truncated
[  628.834167][T11062] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1107'.
[  630.730925][ T5141] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  631.181262][   T43] usb 2-1: new low-speed USB device number 33 using dummy_hcd
[  631.406263][   T43] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  631.764997][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  631.993021][   T43] usb 2-1: config 0 descriptor??
[  632.468772][   T43] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  632.551070][   T43] asix 2-1:0.0: probe with driver asix failed with error -32
[  633.810963][ T5814] usb 3-1: new low-speed USB device number 37 using dummy_hcd
[  633.879959][ T5942] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[  633.887849][   T10] usb 2-1: USB disconnect, device number 33
[  633.983158][ T5814] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  633.996585][ T5814] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  634.044614][ T5942] usb 7-1: unable to get BOS descriptor or descriptor too short
[  634.072328][ T5814] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  634.100539][ T5942] usb 7-1: not running at top speed; connect to a high speed hub
[  634.128208][ T5814] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  634.137266][ T5942] usb 7-1: config 129 has an invalid interface number: 135 but max is 0
[  634.148061][ T5942] usb 7-1: config 129 has an invalid descriptor of length 36, skipping remainder of the config
[  634.159444][ T5814] usb 3-1: config 0 descriptor??
[  634.164993][ T5942] usb 7-1: config 129 has no interface number 0
[  634.174691][ T5942] usb 7-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  634.188353][ T5942] usb 7-1: config 129 interface 135 has no altsetting 0
[  634.202737][ T5942] usb 7-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62
[  634.213611][ T5942] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  634.222937][ T5942] usb 7-1: Product: syz
[  634.227282][ T5942] usb 7-1: Manufacturer: syz
[  634.232492][ T5942] usb 7-1: SerialNumber: syz
[  636.005285][ T5942] usb 7-1: USB disconnect, device number 5
[  636.091925][ T5911] usb 3-1: USB disconnect, device number 37
[  636.428289][T11157] loop6: detected capacity change from 0 to 7
[  636.451308][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.460528][    C0] buffer_io_error: 23 callbacks suppressed
[  636.460539][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  636.512511][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.521965][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  636.534111][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.543414][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  636.553432][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.562671][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  636.576970][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.586226][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  636.599070][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.608362][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  636.617474][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.626720][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  636.634670][T11157] ldm_validate_partition_table(): Disk read failed.
[  636.642277][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.651526][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  636.662748][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.672049][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  636.680225][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.689439][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  636.708971][T11157] Dev loop6: unable to read RDB block 0
[  636.731176][T11157]  loop6: unable to read partition table
[  636.752019][T11157] loop6: partition table beyond EOD, truncated
[  636.784486][T11157] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà–() failed (rc=-5)
[  636.808570][ T5191] ldm_validate_partition_table(): Disk read failed.
[  636.819280][ T5191] Dev loop6: unable to read RDB block 0
[  636.845053][ T5191]  loop6: unable to read partition table
[  636.860243][ T5191] loop6: partition table beyond EOD, truncated
[  638.271184][ T5942] usb 6-1: new low-speed USB device number 29 using dummy_hcd
[  638.462805][ T5942] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  638.545773][ T5942] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.605153][ T5942] usb 6-1: config 0 descriptor??
[  638.858782][ T5942] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  638.923612][ T5942] asix 6-1:0.0: probe with driver asix failed with error -32
[  640.551145][ T5903] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  640.675643][T11234] xt_CT: No such helper "snmp"
[  640.727254][ T5903] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  640.751095][ T5903] usb 3-1: config 0 interface 0 has no altsetting 0
[  640.756559][ T5942] usb 6-1: USB disconnect, device number 29
[  640.782880][ T5903] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  640.805104][ T5903] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  640.892675][ T5903] usb 3-1: Product: syz
[  640.917101][ T5903] usb 3-1: Manufacturer: syz
[  641.039890][ T5903] usb 3-1: SerialNumber: syz
[  641.333498][ T5903] usb 3-1: config 0 descriptor??
[  641.710663][ T5903] usb 3-1: selecting invalid altsetting 0
[  641.932366][T11214] Bluetooth: hci4: command 0x0406 tx timeout
[  641.945870][T11227] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  642.025362][T11227] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  643.216635][T11262] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1152'.
[  643.934238][T11266] use of bytesused == 0 is deprecated and will be removed in the future,
[  643.942906][T11266] use the actual size instead.
[  644.045061][T11273] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  644.220871][ T5903] usb 3-1: USB disconnect, device number 38
[  644.792414][ T5886] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  644.954699][ T5886] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  644.988171][ T5886] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  645.019503][ T5886] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  645.062416][ T5886] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  645.159791][ T5886] usb 7-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38
[  645.240907][ T5886] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.324854][ T5886] usb 7-1: Product: syz
[  645.353030][ T5886] usb 7-1: Manufacturer: syz
[  645.382232][ T5886] usb 7-1: SerialNumber: syz
[  645.498523][ T5886] usb 7-1: config 0 descriptor??
[  646.592245][T11283] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1158'.
[  646.601470][T11283] netlink: 'syz.6.1158': attribute type 7 has an invalid length.
[  646.618923][T11283] netlink: 'syz.6.1158': attribute type 8 has an invalid length.
[  646.745117][T11283] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1158'.
[  646.774706][T11314] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1165'.
[  647.193976][ T5886] usb 7-1: USB disconnect, device number 6
[  647.469910][T11328] omfs: Invalid superblock (0)
[  647.541802][T11328] bridge0: port 3(ip6gretap0) entered blocking state
[  647.562829][T11328] bridge0: port 3(ip6gretap0) entered disabled state
[  647.590663][T11328] ip6gretap0: entered allmulticast mode
[  647.620097][T11328] ip6gretap0: left allmulticast mode
[  647.786367][   T30] audit: type=1326 audit(1751015769.048:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11335 comm="syz.5.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  647.857758][T11336] syz_tun: entered promiscuous mode
[  647.942380][   T30] audit: type=1326 audit(1751015769.048:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11335 comm="syz.5.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  648.015184][T11342] loop2: detected capacity change from 0 to 7
[  648.020160][   T30] audit: type=1326 audit(1751015769.068:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11335 comm="syz.5.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  648.086978][   T30] audit: type=1326 audit(1751015769.068:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11335 comm="syz.5.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6caa98e963 code=0x7ffc0000
[  648.108401][    C0] vkms_vblank_simulate: vblank timer overrun
[  648.143566][T11342] Dev loop2: unable to read RDB block 7
[  648.149210][T11342]  loop2: AHDI p2 p3
[  648.246661][T11342] loop2: partition table partially beyond EOD, truncated
[  649.046176][   T30] audit: type=1326 audit(1751015769.068:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11335 comm="syz.5.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6caa98e963 code=0x7ffc0000
[  649.112782][T11342] loop2: p2 size 150995456 extends beyond EOD, truncated
[  649.190976][   T30] audit: type=1326 audit(1751015769.078:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11335 comm="syz.5.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  649.301127][   T30] audit: type=1326 audit(1751015769.078:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11335 comm="syz.5.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  649.841677][   T30] audit: type=1326 audit(1751015769.078:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11335 comm="syz.5.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  649.864155][   T30] audit: type=1326 audit(1751015769.078:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11335 comm="syz.5.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  649.887865][   T30] audit: type=1326 audit(1751015769.078:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11335 comm="syz.5.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f6caa98e929 code=0x7ffc0000
[  649.922467][T11371] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1177'.
[  651.805610][T11391] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1182'.
[  651.833668][T11391] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1182'.
[  651.843156][T11391] netlink: 'syz.6.1182': attribute type 13 has an invalid length.
[  652.882126][   T30] kauditd_printk_skb: 53 callbacks suppressed
[  652.882146][   T30] audit: type=1326 audit(1751015774.148:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11388 comm="syz.6.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f7db8e929 code=0x7fc00000
[  652.997652][T11398] lo speed is unknown, defaulting to 1000
[  653.951972][T11413] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1188'.
[  655.095349][T11428] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1192'.
[  655.614615][T11433] netlink: 'syz.7.1193': attribute type 1 has an invalid length.
[  655.640640][T11433] netlink: 208 bytes leftover after parsing attributes in process `syz.7.1193'.
[  655.678160][T11433] netlink: 'syz.7.1193': attribute type 1 has an invalid length.
[  655.716599][T11433] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1193'.
[  656.207421][T11443] binder: 11442:11443 unknown command 0
[  656.215421][T11443] binder: 11442:11443 ioctl c0306201 200000000000 returned -22
[  657.071678][T11453] rdma_rxe: rxe_newlink: failed to add lo
[  657.221963][   T30] audit: type=1800 audit(1751015778.478:410): pid=11446 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.1197" name="/" dev="fuse" ino=0 res=0 errno=0
[  658.875805][T11486] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  658.885384][T11486] [U] J"—e:ÀÆ"


[  660.172177][T11497] netlink: 231 bytes leftover after parsing attributes in process `syz.2.1207'.
[  661.924900][T11517] tmpfs: Bad value for 'mpol'
[  662.490980][T11214] Bluetooth: hci2: command 0x0406 tx timeout
[  663.920975][ T5903] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  664.101666][ T5903] usb 6-1: Using ep0 maxpacket: 32
[  664.118657][ T5903] usb 6-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  664.136253][ T5903] usb 6-1: config 0 interface 0 has no altsetting 0
[  664.145679][ T5903] usb 6-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[  664.155680][ T5903] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  664.190218][ T5903] usb 6-1: config 0 descriptor??
[  664.392066][T11546] netlink: 104 bytes leftover after parsing attributes in process `syz.6.1219'.
[  664.420115][T11529] qrtr: Invalid version 5
[  664.479366][T11546] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1219'.
[  664.668395][T11529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  664.720132][T11529] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  664.921802][ T5903] usbhid 6-1:0.0: can't add hid device: -71
[  664.942584][ T5903] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  665.035541][ T5903] usb 6-1: USB disconnect, device number 30
[  666.424394][T11558] delete_channel: no stack
[  666.754338][T11576] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  666.772345][T11576] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  666.948673][T11580] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1224'.
[  667.949288][T11596] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  667.958385][T11596] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  668.910236][ T5886] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  669.371116][ T5886] usb 7-1: Using ep0 maxpacket: 32
[  669.390584][ T5886] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  669.415605][ T5886] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  669.444511][T11606] rdma_rxe: rxe_newlink: failed to add lo
[  669.475757][ T5886] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  669.529479][ T5886] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.571908][ T5886] usb 7-1: config 0 descriptor??
[  670.110296][ T5886] kone 0003:1E7D:2CED.0008: item fetching failed at offset 0/5
[  670.212863][ T5886] kone 0003:1E7D:2CED.0008: parse failed
[  670.218660][ T5886] kone 0003:1E7D:2CED.0008: probe with driver kone failed with error -22
[  671.852529][ T5886] usb 7-1: USB disconnect, device number 7
[  674.711539][T11637] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1236'.
[  677.345115][T11681] 8021q: VLANs not supported on sit0
[  677.781996][T11683] netlink: 452 bytes leftover after parsing attributes in process `syz.5.1246'.
[  682.639090][T11754] netlink: 'syz.1.1257': attribute type 4 has an invalid length.
[  685.981668][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  685.988356][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  687.366457][T11801] FAULT_INJECTION: forcing a failure.
[  687.366457][T11801] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  687.380157][T11801] CPU: 1 UID: 0 PID: 11801 Comm: syz.6.1261 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) 
[  687.380185][T11801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  687.380197][T11801] Call Trace:
[  687.380205][T11801]  <TASK>
[  687.380214][T11801]  dump_stack_lvl+0x189/0x250
[  687.380248][T11801]  ? __pfx____ratelimit+0x10/0x10
[  687.380276][T11801]  ? __pfx_dump_stack_lvl+0x10/0x10
[  687.380305][T11801]  ? __pfx__printk+0x10/0x10
[  687.380340][T11801]  should_fail_ex+0x414/0x560
[  687.380370][T11801]  _copy_to_user+0x31/0xb0
[  687.380392][T11801]  simple_read_from_buffer+0xe1/0x170
[  687.380422][T11801]  proc_fail_nth_read+0x1df/0x250
[  687.380454][T11801]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  687.380484][T11801]  ? rw_verify_area+0x258/0x650
[  687.380505][T11801]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  687.380533][T11801]  vfs_read+0x1fd/0x980
[  687.380560][T11801]  ? __pfx___mutex_lock+0x10/0x10
[  687.380589][T11801]  ? __pfx_vfs_read+0x10/0x10
[  687.380614][T11801]  ? __fget_files+0x2a/0x420
[  687.380643][T11801]  ? __fget_files+0x3a0/0x420
[  687.380667][T11801]  ? __fget_files+0x2a/0x420
[  687.380702][T11801]  ksys_read+0x145/0x250
[  687.380731][T11801]  ? __pfx_ksys_read+0x10/0x10
[  687.380767][T11801]  do_syscall_64+0xfa/0x3b0
[  687.380793][T11801]  ? lockdep_hardirqs_on+0x9c/0x150
[  687.380819][T11801]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.380839][T11801]  ? clear_bhb_loop+0x60/0xb0
[  687.380865][T11801]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.380884][T11801] RIP: 0033:0x7f7f7db8d33c
[  687.380911][T11801] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  687.380928][T11801] RSP: 002b:00007f7f7b9f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  687.380950][T11801] RAX: ffffffffffffffda RBX: 00007f7f7ddb6160 RCX: 00007f7f7db8d33c
[  687.380964][T11801] RDX: 000000000000000f RSI: 00007f7f7b9f60a0 RDI: 0000000000000006
[  687.380976][T11801] RBP: 00007f7f7b9f6090 R08: 0000000000000000 R09: 0000000000000000
[  687.380988][T11801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  687.380999][T11801] R13: 0000000000000000 R14: 00007f7f7ddb6160 R15: 00007fffd3159ff8
[  687.381033][T11801]  </TASK>
[  687.603349][    C1] vkms_vblank_simulate: vblank timer overrun
[  692.240044][T11869] block device autoloading is deprecated and will be removed.
[  693.474983][T11886] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1284'.
[  693.484045][T11886] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1284'.
[  693.494000][T11886] netlink: 'syz.6.1284': attribute type 6 has an invalid length.
[  695.043315][ T5942] IPVS: starting estimator thread 0...
[  695.601313][T11937] IPVS: using max 24 ests per chain, 57600 per kthread
[  695.631412][T11931] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  696.706745][T11965] netlink: 108 bytes leftover after parsing attributes in process `syz.5.1294'.
[  697.584259][ T5903] usb 3-1: new full-speed USB device number 39 using dummy_hcd
[  697.734017][   T30] audit: type=1326 audit(1751015818.998:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11970 comm="syz.6.1297" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f7db8e929 code=0x0
[  698.310839][ T5903] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  698.339440][ T5903] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  698.368363][ T5903] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  698.385653][ T5903] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  698.398025][ T5903] usb 3-1: config 0 descriptor??
[  698.420516][ T5903] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  698.515367][ T5903] dvb-usb: bulk message failed: -22 (3/0)
[  698.533284][ T5903] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  698.551481][ T5903] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  698.559691][ T5903] usb 3-1: media controller created
[  698.587173][ T5903] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  698.638472][T11967] dibusb: i2c wr: len=61 is too big!
[  698.638472][T11967] 
[  698.683130][ T5903] dvb-usb: bulk message failed: -22 (6/0)
[  698.704758][ T5903] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  698.769084][ T5903] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input17
[  698.804674][T11989] pimreg: entered allmulticast mode
[  698.847958][ T5903] dvb-usb: schedule remote query interval to 150 msecs.
[  698.890665][ T5903] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  699.045182][ T5903] dvb-usb: bulk message failed: -22 (1/0)
[  699.078230][ T5903] dvb-usb: error while querying for an remote control event.
[  699.273212][ T5903] dvb-usb: bulk message failed: -22 (1/0)
[  699.294009][ T5903] dvb-usb: error while querying for an remote control event.
[  699.461033][ T5903] dvb-usb: bulk message failed: -22 (1/0)
[  699.470462][ T5903] dvb-usb: error while querying for an remote control event.
[  699.573757][T12000] netlink: 4696 bytes leftover after parsing attributes in process `syz.6.1304'.
[  699.636900][T12000] netlink: 4696 bytes leftover after parsing attributes in process `syz.6.1304'.
[  699.665527][ T5903] dvb-usb: bulk message failed: -22 (1/0)
[  699.690948][ T5903] dvb-usb: error while querying for an remote control event.
[  699.715858][T12000] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1304'.
[  699.881418][ T5903] dvb-usb: bulk message failed: -22 (1/0)
[  699.888032][ T5903] dvb-usb: error while querying for an remote control event.
[  699.941916][T12014] netlink: 'syz.1.1306': attribute type 10 has an invalid length.
[  700.111106][ T5903] dvb-usb: bulk message failed: -22 (1/0)
[  700.159119][ T5903] dvb-usb: error while querying for an remote control event.
[  700.401639][ T5903] dvb-usb: bulk message failed: -22 (1/0)
[  700.407466][ T5903] dvb-usb: error while querying for an remote control event.
[  700.473069][ T5903] usb 3-1: USB disconnect, device number 39
[  700.644658][ T5903] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  700.832622][T11243] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  700.855191][T12034] netlink: 'syz.6.1313': attribute type 1 has an invalid length.
[  700.890299][T12034] netlink: 224 bytes leftover after parsing attributes in process `syz.6.1313'.
[  701.572252][ T5903] usb 3-1: new low-speed USB device number 40 using dummy_hcd
[  701.603124][T11243] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  701.620977][T11243] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  701.633666][T11243] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  701.647181][T11243] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  701.656636][T11243] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.672790][T11243] usb 6-1: config 0 descriptor??
[  701.753303][ T5903] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  701.801242][ T5903] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.851965][ T5903] usb 3-1: config 0 descriptor??
[  702.083327][ T5903] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  702.113411][T11243] plantronics 0003:047F:FFFF.0009: collection stack underflow
[  702.136471][ T5903] asix 3-1:0.0: probe with driver asix failed with error -32
[  702.147529][T11243] plantronics 0003:047F:FFFF.0009: item 0 4 0 12 parsing failed
[  702.190389][T11243] plantronics 0003:047F:FFFF.0009: parse failed
[  702.212746][T11243] plantronics 0003:047F:FFFF.0009: probe with driver plantronics failed with error -22
[  704.006648][ T5942] usb 6-1: USB disconnect, device number 31
[  705.115042][T12085] netlink: 'syz.7.1321': attribute type 10 has an invalid length.
[  705.140218][T12085] batman_adv: batadv0: Adding interface: wlan0
[  705.146895][T12085] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  705.175130][T12085] batman_adv: batadv0: Interface activated: wlan0
[  705.723640][ T5814] usb 3-1: USB disconnect, device number 40
[  706.164928][T12101] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1324'.
[  708.213574][T12126] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  710.042806][T12161] vxfs: WRONG superblock magic 00000000 at 1
[  710.050670][T12161] vxfs: WRONG superblock magic 00000000 at 8
[  710.057043][T12161] vxfs: can't find superblock.
[  710.756504][   T30] audit: type=1326 audit(1751015832.018:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12166 comm="syz.5.1338" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6caa98e929 code=0x0
[  710.777585][    C1] vkms_vblank_simulate: vblank timer overrun
[  711.597116][T12176] netlink: 256 bytes leftover after parsing attributes in process `syz.5.1338'.
[  711.641569][T12176] netlink: 'syz.5.1338': attribute type 4 has an invalid length.
[  712.295705][T12168] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  712.798132][T12187] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  714.861226][T12226] virtio-fs: tag </dev/md0> not found
[  716.078670][T12242] FAULT_INJECTION: forcing a failure.
[  716.078670][T12242] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  716.131398][ T5814] usb 6-1: new low-speed USB device number 32 using dummy_hcd
[  716.158341][T12242] CPU: 0 UID: 0 PID: 12242 Comm: syz.6.1353 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) 
[  716.158371][T12242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  716.158381][T12242] Call Trace:
[  716.158390][T12242]  <TASK>
[  716.158399][T12242]  dump_stack_lvl+0x189/0x250
[  716.158430][T12242]  ? __pfx____ratelimit+0x10/0x10
[  716.158458][T12242]  ? __pfx_dump_stack_lvl+0x10/0x10
[  716.158485][T12242]  ? __pfx__printk+0x10/0x10
[  716.158505][T12242]  ? __might_fault+0xb0/0x130
[  716.158541][T12242]  should_fail_ex+0x414/0x560
[  716.158578][T12242]  _copy_from_user+0x2d/0xb0
[  716.158598][T12242]  ___sys_sendmsg+0x158/0x2a0
[  716.158625][T12242]  ? __pfx____sys_sendmsg+0x10/0x10
[  716.158689][T12242]  ? __fget_files+0x2a/0x420
[  716.158713][T12242]  ? __fget_files+0x3a0/0x420
[  716.158744][T12242]  __x64_sys_sendmsg+0x19b/0x260
[  716.158765][T12242]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  716.158792][T12242]  ? __pfx_ksys_write+0x10/0x10
[  716.158807][T12242]  ? rcu_is_watching+0x15/0xb0
[  716.158834][T12242]  ? do_syscall_64+0xbe/0x3b0
[  716.158860][T12242]  do_syscall_64+0xfa/0x3b0
[  716.158881][T12242]  ? lockdep_hardirqs_on+0x9c/0x150
[  716.158903][T12242]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.158918][T12242]  ? clear_bhb_loop+0x60/0xb0
[  716.158937][T12242]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.158952][T12242] RIP: 0033:0x7f7f7db8e929
[  716.158967][T12242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  716.158981][T12242] RSP: 002b:00007f7f7e910038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  716.158999][T12242] RAX: ffffffffffffffda RBX: 00007f7f7ddb6080 RCX: 00007f7f7db8e929
[  716.159011][T12242] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004
[  716.159021][T12242] RBP: 00007f7f7e910090 R08: 0000000000000000 R09: 0000000000000000
[  716.159031][T12242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  716.159040][T12242] R13: 0000000000000001 R14: 00007f7f7ddb6080 R15: 00007fffd3159ff8
[  716.159066][T12242]  </TASK>
[  716.563003][ T5814] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  716.573510][ T5814] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  716.586239][ T5814] usb 6-1: config 0 descriptor??
[  716.831084][T11243] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  717.003823][ T5814] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  717.006334][T11243] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  717.243516][ T5814] asix 6-1:0.0: probe with driver asix failed with error -32
[  717.255022][T11243] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  717.337493][T12258] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  717.870911][T11243] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  717.902637][T11243] usb 7-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00
[  717.922072][T11243] usb 7-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  717.930124][T11243] usb 7-1: Product: syz
[  717.978480][T11243] usb 7-1: config 0 descriptor??
[  718.132955][T12270] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1360'.
[  718.659368][T11243] waltop 0003:172F:0037.000A: unknown main item tag 0x0
[  718.667618][T11243] waltop 0003:172F:0037.000A: unknown main item tag 0x0
[  718.675541][T11243] waltop 0003:172F:0037.000A: unknown main item tag 0x0
[  718.726108][ T5911] usb 6-1: USB disconnect, device number 32
[  718.783852][T12273] ubi: mtd0 is already attached to ubi31
[  718.807259][T11243] waltop 0003:172F:0037.000A: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0
[  718.983349][T11243] usb 7-1: USB disconnect, device number 8
[  719.232865][T12283] fido_id[12283]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  719.458325][   T30] audit: type=1326 audit(1751015840.718:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.6.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f7db8e929 code=0x7ffc0000
[  719.500245][   T30] audit: type=1326 audit(1751015840.748:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.6.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7f7db8e929 code=0x7ffc0000
[  719.528143][   T30] audit: type=1326 audit(1751015840.748:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.6.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f7db8e929 code=0x7ffc0000
[  719.599693][   T30] audit: type=1326 audit(1751015840.748:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.6.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f7db8e929 code=0x7ffc0000
[  719.810941][   T30] audit: type=1326 audit(1751015840.748:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.6.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7f7db90847 code=0x7ffc0000
[  720.684746][   T30] audit: type=1326 audit(1751015840.748:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.6.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f7f7db907bc code=0x7ffc0000
[  720.716563][   T30] audit: type=1326 audit(1751015840.748:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.6.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f7f7db906f4 code=0x7ffc0000
[  720.791061][   T30] audit: type=1326 audit(1751015840.748:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.6.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f7f7db906f4 code=0x7ffc0000
[  720.815743][   T30] audit: type=1326 audit(1751015840.748:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.6.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f7f7db8d58a code=0x7ffc0000
[  720.884496][   T30] audit: type=1326 audit(1751015840.748:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.6.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f7db8e929 code=0x7ffc0000
[  720.890856][T12304] program syz.6.1368 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  720.929948][T12300] nvme_fabrics: missing parameter 'transport=%s'
[  720.937748][T12300] nvme_fabrics: missing parameter 'nqn=%s'
[  721.075431][T12308] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1369'.
[  723.116064][ T5814] usb 3-1: new low-speed USB device number 41 using dummy_hcd
[  723.239992][T12321] netlink: 108 bytes leftover after parsing attributes in process `syz.6.1373'.
[  723.684002][ T5814] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  723.713837][ T5814] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  723.751875][ T5814] usb 3-1: config 0 descriptor??
[  724.011035][ T5834] Bluetooth: hci2: unknown advertising packet type: 0x70
[  724.699201][ T5814] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  724.812403][   T10] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  724.828887][ T5814] asix 3-1:0.0: probe with driver asix failed with error -32
[  725.385641][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  725.421354][   T10] usb 2-1: config 0 has no interfaces?
[  725.584264][   T10] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  725.607189][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  725.629243][   T10] usb 2-1: config 0 descriptor??
[  725.874953][T12325] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  725.889520][T12325] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  725.910915][ T5814] usb 2-1: USB disconnect, device number 34
[  726.071524][ T5886] usb 6-1: new full-speed USB device number 33 using dummy_hcd
[  726.225030][ T5886] usb 6-1: device descriptor read/64, error -71
[  726.396834][T12350] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1382'.
[  726.458966][ T5910] usb 3-1: USB disconnect, device number 41
[  726.630270][ T5886] usb 6-1: new full-speed USB device number 34 using dummy_hcd
[  726.774805][ T5886] usb 6-1: device descriptor read/64, error -71
[  726.896164][ T5886] usb usb6-port1: attempt power cycle
[  727.124714][T12363] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1387'.
[  727.533730][ T5886] usb 6-1: new full-speed USB device number 35 using dummy_hcd
[  727.709391][ T5886] usb 6-1: device descriptor read/8, error -71
[  727.990929][ T5886] usb 6-1: new full-speed USB device number 36 using dummy_hcd
[  728.032845][ T5886] usb 6-1: device descriptor read/8, error -71
[  728.110970][ T5814] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  728.151561][ T5886] usb usb6-port1: unable to enumerate USB device
[  728.251093][ T5814] usb 2-1: device descriptor read/64, error -71
[  728.549324][T12376] vxfs: WRONG superblock magic 00000000 at 1
[  728.557175][T12376] vxfs: WRONG superblock magic 00000000 at 8
[  728.563417][T12376] vxfs: can't find superblock.
[  729.252195][ T5814] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  729.428602][ T5814] usb 2-1: device descriptor read/64, error -71
[  729.729524][ T5814] usb usb2-port1: attempt power cycle
[  729.747503][T12381] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1392'.
[  729.918305][   T10] kernel write not supported for file /input/mouse0 (pid: 10 comm: kworker/0:1)
[  729.978507][T12386] FAULT_INJECTION: forcing a failure.
[  729.978507][T12386] name failslab, interval 1, probability 0, space 0, times 0
[  730.018231][T12386] CPU: 0 UID: 0 PID: 12386 Comm: syz.7.1394 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) 
[  730.018260][T12386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  730.018272][T12386] Call Trace:
[  730.018280][T12386]  <TASK>
[  730.018288][T12386]  dump_stack_lvl+0x189/0x250
[  730.018321][T12386]  ? __pfx____ratelimit+0x10/0x10
[  730.018347][T12386]  ? __pfx_dump_stack_lvl+0x10/0x10
[  730.018374][T12386]  ? __pfx__printk+0x10/0x10
[  730.018400][T12386]  ? __pfx___might_resched+0x10/0x10
[  730.018432][T12386]  should_fail_ex+0x414/0x560
[  730.018460][T12386]  should_failslab+0xa8/0x100
[  730.018487][T12386]  __kmalloc_noprof+0xcb/0x4f0
[  730.018507][T12386]  ? qrtr_tun_write_iter+0xbf/0x180
[  730.018537][T12386]  ? security_file_permission+0x75/0x290
[  730.018566][T12386]  qrtr_tun_write_iter+0xbf/0x180
[  730.018592][T12386]  aio_write+0x535/0x7a0
[  730.018624][T12386]  ? __pfx_aio_write+0x10/0x10
[  730.018663][T12386]  ? __might_fault+0xb0/0x130
[  730.018705][T12386]  io_submit_one+0x78b/0x1310
[  730.018748][T12386]  ? __pfx_io_submit_one+0x10/0x10
[  730.018773][T12386]  ? __might_fault+0xb0/0x130
[  730.018807][T12386]  ? __might_fault+0xb0/0x130
[  730.018832][T12386]  __se_sys_io_submit+0x185/0x2f0
[  730.018857][T12386]  ? __pfx___se_sys_io_submit+0x10/0x10
[  730.018876][T12386]  ? ksys_write+0x22a/0x250
[  730.018910][T12386]  ? do_syscall_64+0xbe/0x3b0
[  730.018940][T12386]  do_syscall_64+0xfa/0x3b0
[  730.018964][T12386]  ? lockdep_hardirqs_on+0x9c/0x150
[  730.018988][T12386]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  730.019007][T12386]  ? clear_bhb_loop+0x60/0xb0
[  730.019030][T12386]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  730.019048][T12386] RIP: 0033:0x7f230b18e929
[  730.019065][T12386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  730.019082][T12386] RSP: 002b:00007f230c008038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  730.019104][T12386] RAX: ffffffffffffffda RBX: 00007f230b3b5fa0 RCX: 00007f230b18e929
[  730.019118][T12386] RDX: 0000200000000180 RSI: 0000000000000001 RDI: 00007f230bfe7000
[  730.019130][T12386] RBP: 00007f230c008090 R08: 0000000000000000 R09: 0000000000000000
[  730.019142][T12386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  730.019152][T12386] R13: 0000000000000000 R14: 00007f230b3b5fa0 R15: 00007ffe6680ae08
[  730.019184][T12386]  </TASK>
[  730.270145][T12383] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  730.303918][T12383] batadv_slave_0: entered promiscuous mode
[  730.380878][ T5814] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  730.419355][ T5814] usb 2-1: device descriptor read/8, error -71
[  730.671070][ T5814] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  730.720194][ T5814] usb 2-1: device descriptor read/8, error -71
[  730.748962][T12398] 9pnet_fd: Insufficient options for proto=fd
[  730.869647][ T5814] usb usb2-port1: unable to enumerate USB device
[  731.212624][T12410] netlink: 108 bytes leftover after parsing attributes in process `syz.6.1400'.
[  733.161080][ T5814] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  733.371086][ T5814] usb 6-1: Using ep0 maxpacket: 32
[  733.423624][ T5814] usb 6-1: config index 0 descriptor too short (expected 36, got 27)
[  733.461628][ T5814] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  733.483720][ T5814] usb 6-1: config 4 has 0 interfaces, different from the descriptor's value: 1
[  733.497030][ T5814] usb 6-1: New USB device found, idVendor=0499, idProduct=102e, bcdDevice=55.58
[  733.518356][ T5814] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  733.538879][ T5814] usb 6-1: Product: syz
[  733.547788][ T5814] usb 6-1: Manufacturer: syz
[  733.559613][ T5814] usb 6-1: SerialNumber: syz
[  733.811053][ T5814] usb 6-1: USB disconnect, device number 37
[  734.236008][T12440] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1408'.
[  735.261729][T12444] 9pnet_fd: Insufficient options for proto=fd
[  738.201966][T12461] netlink: 108 bytes leftover after parsing attributes in process `syz.5.1413'.
[  739.260994][   T10] usb 6-1: new low-speed USB device number 38 using dummy_hcd
[  739.941508][ T5903] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  740.143951][ T5903] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  740.157604][ T5903] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  740.181096][ T5903] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  740.194416][   T10] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  740.218415][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  740.222198][ T5903] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  740.262716][ T5903] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  740.301461][   T10] usb 6-1: config 0 descriptor??
[  740.313037][ T5903] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  740.342612][ T5903] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  740.381574][ T5903] usb 3-1: Product: syz
[  740.397856][ T5903] usb 3-1: Manufacturer: syz
[  740.445754][ T5903] cdc_wdm 3-1:1.0: skipping garbage
[  740.488699][ T5903] cdc_wdm 3-1:1.0: skipping garbage
[  740.518523][ T5903] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  740.538858][ T5903] cdc_wdm 3-1:1.0: Unknown control protocol
[  740.592864][   T10] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  740.675506][   T10] asix 6-1:0.0: probe with driver asix failed with error -32
[  740.739604][T11214] Bluetooth: hci2: command 0x0406 tx timeout
[  740.832301][T12488] overlay: ./bus is not a directory
[  741.111413][ T5903] usb 3-1: USB disconnect, device number 42
[  741.331248][   T10] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  741.493003][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  741.507541][   T10] usb 7-1: Duplicate descriptor for config 0 interface 0 altsetting 0, skipping
[  741.520235][   T10] usb 7-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  741.529948][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  741.539672][   T10] usb 7-1: Product: syz
[  741.543949][   T10] usb 7-1: Manufacturer: syz
[  741.548773][   T10] usb 7-1: SerialNumber: syz
[  741.557669][   T10] usb 7-1: config 0 descriptor??
[  741.776137][   T10] usb 7-1: USB disconnect, device number 9
[  741.941106][ T5814] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  742.049713][ T5886] usb 6-1: USB disconnect, device number 38
[  742.138173][   T30] kauditd_printk_skb: 18 callbacks suppressed
[  742.138268][   T30] audit: type=1326 audit(1751015863.398:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12534 comm="syz.1.1428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55e4b8e929 code=0x7ffc0000
[  742.143161][ T5814] usb 3-1: Using ep0 maxpacket: 16
[  742.157400][   T30] audit: type=1326 audit(1751015863.398:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12534 comm="syz.1.1428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55e4b8e929 code=0x7ffc0000
[  742.567300][   T30] audit: type=1326 audit(1751015863.408:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12534 comm="syz.1.1428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f55e4b8e929 code=0x7ffc0000
[  742.590043][ T5814] usb 3-1: config 0 interface 0 has no altsetting 0
[  742.646420][ T5814] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  742.720315][   T30] audit: type=1326 audit(1751015863.408:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12534 comm="syz.1.1428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55e4b8e929 code=0x7ffc0000
[  742.727036][ T5814] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  742.781389][   T30] audit: type=1326 audit(1751015863.408:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12534 comm="syz.1.1428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55e4b8e929 code=0x7ffc0000
[  742.834616][ T5814] usb 3-1: config 0 descriptor??
[  742.836739][T11214] Bluetooth: hci2: command 0x0406 tx timeout
[  742.960833][T12543] netlink: 108 bytes leftover after parsing attributes in process `syz.6.1430'.
[  743.066402][   T30] audit: type=1326 audit(1751015863.438:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12534 comm="syz.1.1428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f55e4b8e929 code=0x7ffc0000
[  743.303568][   T30] audit: type=1326 audit(1751015863.448:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12534 comm="syz.1.1428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55e4b8e929 code=0x7ffc0000
[  743.307997][ T5814] hid (null): invalid report_size 25705
[  743.506648][   T30] audit: type=1326 audit(1751015863.448:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12534 comm="syz.1.1428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55e4b8e929 code=0x7ffc0000
[  743.514718][ T5814] hid (null): unknown global tag 0x83
[  743.542737][   T30] audit: type=1326 audit(1751015863.448:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12534 comm="syz.1.1428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f55e4b8e929 code=0x7ffc0000
[  743.573298][   T30] audit: type=1326 audit(1751015863.448:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12534 comm="syz.1.1428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55e4b8e929 code=0x7ffc0000
[  743.602249][ T5814] hid (null): unknown global tag 0xc
[  743.607729][ T5814] hid (null): global environment stack underflow
[  744.213492][ T5814] usb 3-1: USB disconnect, device number 43
[  744.393684][T12555] tmpfs: Bad value for 'mpol'
[  744.448073][T12555] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  745.620579][T11214] Bluetooth: hci2: command 0x0406 tx timeout
[  746.201795][T12561] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 12561 comm: syz.6.1435)
[  746.811717][ T5814] usb 7-1: new low-speed USB device number 10 using dummy_hcd
[  747.174472][ T5814] usb 7-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  747.211039][ T5814] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  747.238095][ T5814] usb 7-1: config 0 descriptor??
[  747.380665][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  747.647130][T12590] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1444'.
[  747.676251][ T5814] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  747.687272][ T5814] asix 7-1:0.0: probe with driver asix failed with error -32
[  747.841303][T12594] rdma_rxe: rxe_newlink: failed to add lo
[  751.258495][ T5903] usb 7-1: USB disconnect, device number 10
[  754.417879][ T5814] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  754.455989][T12654] dummy0: entered promiscuous mode
[  754.518343][T12654] macsec3: entered promiscuous mode
[  754.539634][T12654] dummy0: left promiscuous mode
[  754.630874][ T5814] usb 3-1: Using ep0 maxpacket: 16
[  754.638095][ T5814] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 32, changing to 9
[  754.652943][ T5814] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40
[  754.680237][ T5814] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  754.709347][ T5814] usb 3-1: config 0 descriptor??
[  754.727690][ T5814] usb 3-1: Found UVC 0.00 device <unnamed> (10c4:ea90)
[  754.735611][ T5814] usb 3-1: No valid video chain found.
[  755.521658][T12671] rdma_rxe: rxe_newlink: failed to add lo
[  756.347702][T12674] loop2: detected capacity change from 0 to 85
[  756.413437][   T30] kauditd_printk_skb: 52 callbacks suppressed
[  756.413457][   T30] audit: type=1326 audit(1751015877.678:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12676 comm="syz.5.1463" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6caa98e929 code=0x0
[  756.415513][ T5903] usb 3-1: USB disconnect, device number 44
[  756.490239][T12674] loop2: detected capacity change from 85 to 21
[  756.780226][T12679] netlink: 256 bytes leftover after parsing attributes in process `syz.5.1463'.
[  756.891648][T12679] netlink: 'syz.5.1463': attribute type 4 has an invalid length.
[  757.241454][T12684] loop2: detected capacity change from 0 to 85
[  757.363895][T12684] loop2: detected capacity change from 85 to 21
[  757.917034][T12704] rdma_rxe: rxe_newlink: failed to add lo
[  759.452489][T12697] loop2: detected capacity change from 0 to 85
[  759.947570][T12697] loop2: detected capacity change from 85 to 21
[  761.863776][T12730] netlink: 'syz.2.1477': attribute type 1 has an invalid length.
[  761.904924][T12730] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1477'.
[  762.065342][T12734] snd_dummy snd_dummy.0: control 2:16:0:syz0:-3 is already present
[  762.151591][T12736] rdma_rxe: rxe_newlink: failed to add lo
[  763.305773][ T5814] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  763.347580][T12747] rdma_rxe: rxe_newlink: failed to add lo
[  763.704128][ T5814] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11
[  763.877497][ T5814] usb 7-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  763.917874][ T5814] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  763.973467][ T5814] usb 7-1: config 0 descriptor??
[  764.325007][T12761] veth3: entered promiscuous mode
[  764.330088][T12761] veth3: entered allmulticast mode
[  764.423656][ T5814] glorious 0003:258A:0036.000C: unknown main item tag 0x1
[  764.434655][ T5814] glorious 0003:258A:0036.000C: reserved main item tag 0xd
[  764.443501][ T5814] glorious 0003:258A:0036.000C: item fetching failed at offset 4/5
[  764.457114][ T5814] glorious 0003:258A:0036.000C: probe with driver glorious failed with error -22
[  765.089421][ T5814] usb 7-1: USB disconnect, device number 11
[  769.252523][T12773] ALSA: seq fatal error: cannot create timer (-22)
[  772.682887][T12804] netlink: 'syz.7.1499': attribute type 4 has an invalid length.
[  773.124284][T12813] Bluetooth: hci0: invalid len left 7, exp >= 13
[  773.250386][T12815] 9pnet_fd: Insufficient options for proto=fd
[  773.480847][ T5910] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  773.663093][ T5910] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  773.914671][ T5910] usb 3-1: New USB device found, idVendor=0471, idProduct=0308, bcdDevice=e4.df
[  773.931518][ T5910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  773.944633][T11214] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  773.955531][T11214] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  773.965783][T11214] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  773.968165][ T5910] usb 3-1: config 0 descriptor??
[  773.982524][T11214] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  773.991943][T11214] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  774.136983][ T5910] pwc: Philips PCVC680K (Vesta Pro) USB webcam detected.
[  774.163807][T12822] lo speed is unknown, defaulting to 1000
[  774.288040][ T5910] pwc: send_video_command error -71
[  774.318494][ T5910] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  774.353789][ T5910] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71
[  774.421775][ T5910] usb 3-1: USB disconnect, device number 45
[  776.102325][T11214] Bluetooth: hci1: command tx timeout
[  776.499363][T12855] netlink: 'syz.1.1513': attribute type 4 has an invalid length.
[  778.176971][T11214] Bluetooth: hci1: command tx timeout
[  779.645671][T12822] chnl_net:caif_netlink_parms(): no params data found
[  780.256586][T11214] Bluetooth: hci1: command tx timeout
[  782.341084][T11214] Bluetooth: hci1: command tx timeout
[  782.543545][T12822] bridge0: port 1(bridge_slave_0) entered blocking state
[  782.561550][T12822] bridge0: port 1(bridge_slave_0) entered disabled state
[  782.578297][T12904] netlink: 48 bytes leftover after parsing attributes in process `syz.7.1526'.
[  782.581660][T12822] bridge_slave_0: entered allmulticast mode
[  782.595339][T12906] FAULT_INJECTION: forcing a failure.
[  782.595339][T12906] name failslab, interval 1, probability 0, space 0, times 0
[  782.597046][T12822] bridge_slave_0: entered promiscuous mode
[  782.634230][T12822] bridge0: port 2(bridge_slave_1) entered blocking state
[  782.643918][T12906] CPU: 0 UID: 0 PID: 12906 Comm: syz.1.1527 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) 
[  782.643946][T12906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  782.643958][T12906] Call Trace:
[  782.643966][T12906]  <TASK>
[  782.643974][T12906]  dump_stack_lvl+0x189/0x250
[  782.644009][T12906]  ? __pfx____ratelimit+0x10/0x10
[  782.644038][T12906]  ? __pfx_dump_stack_lvl+0x10/0x10
[  782.644066][T12906]  ? __pfx__printk+0x10/0x10
[  782.644089][T12906]  ? __pfx___might_resched+0x10/0x10
[  782.644116][T12906]  ? fs_reclaim_acquire+0x7d/0x100
[  782.644148][T12906]  should_fail_ex+0x414/0x560
[  782.644178][T12906]  should_failslab+0xa8/0x100
[  782.644204][T12906]  __kmalloc_cache_noprof+0x70/0x3d0
[  782.644227][T12906]  ? snd_seq_prioq_new+0x47/0xa0
[  782.644254][T12906]  snd_seq_prioq_new+0x47/0xa0
[  782.644273][T12906]  snd_seq_queue_alloc+0x15a/0x790
[  782.644308][T12906]  ? __pfx_snd_seq_ioctl_create_port+0x10/0x10
[  782.644339][T12906]  snd_seq_ioctl_create_queue+0x7f/0x3c0
[  782.644370][T12906]  snd_seq_oss_open+0x5e0/0xea0
[  782.644406][T12906]  ? __pfx_snd_seq_oss_open+0x10/0x10
[  782.644446][T12906]  ? __lock_acquire+0xab9/0xd20
[  782.644493][T12906]  ? rcu_is_watching+0x15/0xb0
[  782.644522][T12906]  ? trace_contention_end+0x39/0x120
[  782.644562][T12906]  ? __pfx___mutex_lock+0x10/0x10
[  782.644596][T12906]  ? __pfx_snd_seq_oss_event_input+0x10/0x10
[  782.644620][T12906]  ? __pfx_free_devinfo+0x10/0x10
[  782.644653][T12906]  ? do_raw_spin_unlock+0x122/0x240
[  782.644677][T12906]  ? soundcore_open+0x2da/0x490
[  782.644705][T12906]  odev_open+0x67/0xa0
[  782.644729][T12906]  chrdev_open+0x4cc/0x5e0
[  782.644756][T12906]  ? __pfx_chrdev_open+0x10/0x10
[  782.644791][T12906]  ? __pfx_chrdev_open+0x10/0x10
[  782.644814][T12906]  do_dentry_open+0xdf3/0x1970
[  782.644861][T12906]  vfs_open+0x3b/0x340
[  782.644885][T12906]  ? path_openat+0x2ecd/0x3830
[  782.644908][T12906]  path_openat+0x2ee5/0x3830
[  782.644926][T12906]  ? arch_stack_walk+0xfc/0x150
[  782.645000][T12906]  ? __pfx_path_openat+0x10/0x10
[  782.645018][T12906]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.645062][T12906]  do_filp_open+0x1fa/0x410
[  782.645079][T12906]  ? __lock_acquire+0xab9/0xd20
[  782.645106][T12906]  ? __pfx_do_filp_open+0x10/0x10
[  782.645152][T12906]  ? _raw_spin_unlock+0x28/0x50
[  782.645175][T12906]  ? alloc_fd+0x64c/0x6c0
[  782.645214][T12906]  do_sys_openat2+0x121/0x1c0
[  782.645247][T12906]  ? __pfx_do_sys_openat2+0x10/0x10
[  782.645276][T12906]  ? ksys_write+0x22a/0x250
[  782.645302][T12906]  ? __pfx_ksys_write+0x10/0x10
[  782.645320][T12906]  ? rcu_is_watching+0x15/0xb0
[  782.645354][T12906]  __x64_sys_creat+0x8f/0xc0
[  782.645377][T12906]  do_syscall_64+0xfa/0x3b0
[  782.645403][T12906]  ? lockdep_hardirqs_on+0x9c/0x150
[  782.645429][T12906]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.645448][T12906]  ? clear_bhb_loop+0x60/0xb0
[  782.645472][T12906]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.645491][T12906] RIP: 0033:0x7f55e4b8e929
[  782.645509][T12906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  782.645527][T12906] RSP: 002b:00007f55e5a73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  782.645549][T12906] RAX: ffffffffffffffda RBX: 00007f55e4db5fa0 RCX: 00007f55e4b8e929
[  782.645563][T12906] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000001c0
[  782.645575][T12906] RBP: 00007f55e5a73090 R08: 0000000000000000 R09: 0000000000000000
[  782.645588][T12906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  782.645600][T12906] R13: 0000000000000000 R14: 00007f55e4db5fa0 R15: 00007ffde99d2c88
[  782.645648][T12906]  </TASK>
[  782.646126][T12822] bridge0: port 2(bridge_slave_1) entered disabled state
[  783.258293][T12822] bridge_slave_1: entered allmulticast mode
[  783.266948][T12822] bridge_slave_1: entered promiscuous mode
[  783.527307][T12822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  783.571330][ T5903] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  783.607159][T12822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  783.696123][T12822] team0: Port device team_slave_0 added
[  783.745195][T12822] team0: Port device team_slave_1 added
[  783.771472][ T5903] usb 7-1: Using ep0 maxpacket: 16
[  783.799948][ T5903] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 32, changing to 9
[  783.834862][ T5903] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40
[  783.856200][ T5903] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  783.869114][ T5903] usb 7-1: config 0 descriptor??
[  783.904717][ T5903] usb 7-1: Found UVC 0.00 device <unnamed> (10c4:ea90)
[  783.935903][ T5903] usb 7-1: No valid video chain found.
[  783.975851][T12822] batman_adv: batadv0: Adding interface: batadv_slave_0
[  783.984513][T12933] IPVS: ip_vs_edit_dest(): server weight less than zero
[  783.999487][T12822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  784.027652][ T5903] IPVS: starting estimator thread 0...
[  784.039458][T12933] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1536'.
[  784.082152][T12822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  784.121366][T12934] IPVS: using max 26 ests per chain, 62400 per kthread
[  784.140441][T12822] batman_adv: batadv0: Adding interface: batadv_slave_1
[  784.151133][ T5903] usb 7-1: USB disconnect, device number 12
[  784.172557][T12822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  784.212333][T12822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  784.246068][T12936] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1537'.
[  784.310608][T12822] hsr_slave_0: entered promiscuous mode
[  784.327099][T12822] hsr_slave_1: entered promiscuous mode
[  784.348593][T12822] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  784.840164][T12822] Cannot create hsr debugfs directory
[  785.051189][ T5814] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  786.131507][ T5814] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  786.200807][ T5814] usb 3-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c
[  786.222528][ T5814] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  786.235408][ T5814] usb 3-1: config 0 descriptor??
[  786.253909][ T5814] usb 3-1: bad CDC descriptors
[  786.484049][ T5814] usb 3-1: USB disconnect, device number 46
[  786.819947][T12971] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  787.298078][T12822] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  787.348654][T12822] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  787.378531][T12822] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  787.394239][T12822] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  788.584142][T12822] 8021q: adding VLAN 0 to HW filter on device bond0
[  788.661321][T12822] 8021q: adding VLAN 0 to HW filter on device team0
[  788.678573][T10464] bridge0: port 1(bridge_slave_0) entered blocking state
[  788.685832][T10464] bridge0: port 1(bridge_slave_0) entered forwarding state
[  788.729511][T10466] bridge0: port 2(bridge_slave_1) entered blocking state
[  788.736804][T10466] bridge0: port 2(bridge_slave_1) entered forwarding state
[  789.218563][T12995] netlink: 'syz.6.1551': attribute type 4 has an invalid length.
[  790.728718][T13009] netlink: 'syz.6.1554': attribute type 10 has an invalid length.
[  792.437290][T12822] 8021q: adding VLAN 0 to HW filter on device batadv0
[  793.001065][   T10] usb 2-1: new full-speed USB device number 39 using dummy_hcd
[  793.168978][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  793.189620][   T10] usb 2-1: config 0 has no interfaces?
[  793.200045][   T10] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  793.210188][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  793.246096][   T10] usb 2-1: config 0 descriptor??
[  793.476638][   T10] usb 2-1: USB disconnect, device number 39
[  794.183590][T13045] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1564'.
[  794.318124][T13047] netlink: 'syz.6.1563': attribute type 4 has an invalid length.
[  794.993999][T12822] veth0_vlan: entered promiscuous mode
[  795.036269][T12822] veth1_vlan: entered promiscuous mode
[  796.239422][T12822] veth0_macvtap: entered promiscuous mode
[  796.276288][T12822] veth1_macvtap: entered promiscuous mode
[  796.559851][T12822] batman_adv: batadv0: Interface activated: batadv_slave_0
[  796.583809][T12822] batman_adv: batadv0: Interface activated: batadv_slave_1
[  796.673106][T12822] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  796.951217][T13068] ubi: mtd0 is already attached to ubi31
[  797.439075][T12822] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  797.448594][T12822] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  797.510899][T12822] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  798.444334][T13076] ubi: mtd0 is already attached to ubi31
[  798.524182][T13077] --map-set only usable from mangle table
[  799.016295][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  799.195016][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  799.282537][ T2965] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  799.299859][ T2965] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  799.805667][T13086] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1498'.
[  800.269645][T13093] netlink: 'syz.6.1575': attribute type 4 has an invalid length.
[  802.463454][T13116] lo speed is unknown, defaulting to 1000
[  802.521281][   T10] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  802.751454][   T10] usb 7-1: Using ep0 maxpacket: 32
[  802.788231][T13123] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1584'.
[  802.806559][   T10] usb 7-1: config 0 has no interfaces?
[  802.915607][   T10] usb 7-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=71.1e
[  802.989926][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  803.088165][   T10] usb 7-1: Product: syz
[  803.131984][   T10] usb 7-1: Manufacturer: syz
[  803.196613][   T10] usb 7-1: SerialNumber: syz
[  803.456821][   T10] usb 7-1: config 0 descriptor??
[  803.794821][ T5886] usb 7-1: USB disconnect, device number 13
[  804.092414][ T5910] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  804.262949][ T5910] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  804.281630][ T5910] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  804.310833][ T5910] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  804.322357][ T5910] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  804.341489][ T5910] usb 9-1: config 0 descriptor??
[  804.504036][T13138] ubi: mtd0 is already attached to ubi31
[  804.963565][ T5910] kovaplus 0003:1E7D:2D50.000D: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.8-1/input0
[  804.982673][T13149] FAULT_INJECTION: forcing a failure.
[  804.982673][T13149] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  804.999911][T13149] CPU: 0 UID: 0 PID: 13149 Comm: syz.1.1592 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) 
[  804.999939][T13149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  804.999950][T13149] Call Trace:
[  804.999958][T13149]  <TASK>
[  804.999967][T13149]  dump_stack_lvl+0x189/0x250
[  805.000001][T13149]  ? __pfx____ratelimit+0x10/0x10
[  805.000029][T13149]  ? __pfx_dump_stack_lvl+0x10/0x10
[  805.000056][T13149]  ? __pfx__printk+0x10/0x10
[  805.000090][T13149]  should_fail_ex+0x414/0x560
[  805.000119][T13149]  _copy_from_user+0x2d/0xb0
[  805.000139][T13149]  memdup_user+0x5e/0xd0
[  805.000166][T13149]  strndup_user+0x68/0xd0
[  805.000195][T13149]  prctl_set_vma+0x9f/0x400
[  805.000224][T13149]  __se_sys_prctl+0x27e/0x1940
[  805.000249][T13149]  ? __pfx___se_sys_prctl+0x10/0x10
[  805.000269][T13149]  ? rcu_is_watching+0x15/0xb0
[  805.000303][T13149]  ? do_syscall_64+0xbe/0x3b0
[  805.000328][T13149]  ? __x64_sys_prctl+0x20/0xc0
[  805.000353][T13149]  do_syscall_64+0xfa/0x3b0
[  805.000383][T13149]  ? lockdep_hardirqs_on+0x9c/0x150
[  805.000410][T13149]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  805.000429][T13149]  ? clear_bhb_loop+0x60/0xb0
[  805.000452][T13149]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  805.000471][T13149] RIP: 0033:0x7f55e4b8e929
[  805.000489][T13149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  805.000506][T13149] RSP: 002b:00007f55e5a73038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d
[  805.000529][T13149] RAX: ffffffffffffffda RBX: 00007f55e4db5fa0 RCX: 00007f55e4b8e929
[  805.000543][T13149] RDX: 0000200000ffb000 RSI: 0000000000000000 RDI: 0000000053564d41
[  805.000556][T13149] RBP: 00007f55e5a73090 R08: 00002000000013c0 R09: 0000000000000000
[  805.000569][T13149] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000001
[  805.000582][T13149] R13: 0000000000000000 R14: 00007f55e4db5fa0 R15: 00007ffde99d2c88
[  805.000624][T13149]  </TASK>
[  806.506892][ T5910] kovaplus 0003:1E7D:2D50.000D: couldn't init struct kovaplus_device
[  806.515528][ T5910] kovaplus 0003:1E7D:2D50.000D: couldn't install mouse
[  806.525495][ T5910] kovaplus 0003:1E7D:2D50.000D: probe with driver kovaplus failed with error -71
[  806.561076][ T5910] usb 9-1: USB disconnect, device number 2
[  807.972187][T13168] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1595'.
[  808.535572][T13180] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1598'.
[  808.662710][T13181] input input19: cannot allocate more than FF_MAX_EFFECTS effects
[  808.862860][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  809.029384][T13182] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1598'.
[  809.175004][T13182] openvswitch: netlink: Flow key attr not present in new flow.
[  809.225923][T13182] binder: 13177:13182 ioctl c0306201 2000000003c0 returned -14
[  809.349698][T11214] Bluetooth: unknown link type 13
[  809.354990][T11214] Bluetooth: hci4: connection err: -111
[  810.953842][T13218] 8021q: adding VLAN 0 to HW filter on device bond0
[  810.987269][T13218] bond0: (slave rose0): Enslaving as an active interface with an up link
[  810.992011][T13220] overlayfs: invalid origin (00000079007a6b616c6c6572310000000000000180c2000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[  811.271353][ T5886] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  811.441506][ T5886] usb 7-1: Using ep0 maxpacket: 16
[  811.464718][ T5886] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11
[  811.543727][ T5886] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  811.578568][ T5886] usb 7-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  811.632629][ T5886] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  811.651935][ T5886] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  811.673421][ T5886] usb 7-1: SerialNumber: syz
[  811.695805][T13214] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  811.900927][   T10] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  811.936547][ T5886] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -22
[  811.973504][ T5886] usb 7-1: USB disconnect, device number 14
[  812.630819][   T10] usb 2-1: Using ep0 maxpacket: 8
[  812.643675][   T10] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  812.653942][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  812.689628][   T10] pvrusb2: Hardware description: Terratec Grabster AV400
[  812.724520][   T10] pvrusb2: **********
[  812.751857][   T10] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  812.790266][   T10] pvrusb2: Important functionality might not be entirely working.
[  813.406966][   T10] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  813.418430][   T10] pvrusb2: **********
[  813.427557][ T2344] pvrusb2: Invalid write control endpoint
[  813.456866][T13263] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  813.512420][T13263] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  813.665935][T13262] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  813.708952][ T5903] usb 2-1: USB disconnect, device number 40
[  813.775185][ T2344] pvrusb2: Invalid write control endpoint
[  813.822053][ T2344] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  814.055303][ T2344] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  814.063671][ T2344] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  814.073872][ T2344] pvrusb2: Device being rendered inoperable
[  814.083808][ T2344] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  814.091850][ T2344] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  814.095986][ T5910] usb 7-1: new low-speed USB device number 15 using dummy_hcd
[  814.103280][ T2344] pvrusb2: Attached sub-driver cx25840
[  814.136162][ T2344] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  814.228346][T13278] rdma_rxe: rxe_newlink: failed to add lo
[  814.537752][ T5910] usb 7-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  814.760897][ T5910] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  814.838298][ T2344] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  814.957721][ T5910] usb 7-1: config 0 descriptor??
[  815.515587][ T5910] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  815.568973][ T5910] asix 7-1:0.0: probe with driver asix failed with error -32
[  816.821493][T13310] netlink: 48 bytes leftover after parsing attributes in process `syz.8.1626'.
[  816.830930][T13310] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  816.838710][T13310] IPv6: NLM_F_CREATE should be set when creating new route
[  816.852794][    T9] usb 3-1: new full-speed USB device number 47 using dummy_hcd
[  817.000374][   T10] usb 7-1: USB disconnect, device number 15
[  817.034665][    T9] usb 3-1: config 0 has an invalid interface number: 3 but max is 0
[  817.049196][    T9] usb 3-1: config 0 has no interface number 0
[  817.088594][    T9] usb 3-1: config 0 interface 3 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  817.131817][    T9] usb 3-1: config 0 interface 3 altsetting 0 endpoint 0x8 has invalid maxpacket 1024, setting to 64
[  817.176780][    T9] usb 3-1: config 0 interface 3 altsetting 0 endpoint 0x4 has invalid maxpacket 1023, setting to 64
[  817.292499][ T5903] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  817.462834][ T5903] usb 9-1: Using ep0 maxpacket: 32
[  817.498222][ T5903] usb 9-1: unable to get BOS descriptor or descriptor too short
[  817.524647][ T5903] usb 9-1: config 0 has an invalid interface number: 82 but max is 1
[  817.562350][ T5903] usb 9-1: config 0 has an invalid interface number: 159 but max is 1
[  817.581104][ T5903] usb 9-1: config 0 has no interface number 0
[  817.586970][    T9] usb 3-1: config 0 interface 3 altsetting 0 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  817.591130][ T5903] usb 9-1: config 0 has no interface number 1
[  817.608223][ T5903] usb 9-1: config 0 interface 82 has no altsetting 0
[  817.624956][    T9] usb 3-1: New USB device found, idVendor=1199, idProduct=6821, bcdDevice=98.59
[  817.628973][ T5903] usb 9-1: config 0 interface 159 has no altsetting 0
[  817.644836][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  817.653873][ T5903] usb 9-1: New USB device found, idVendor=160c, idProduct=8005, bcdDevice=b2.1d
[  817.668213][    T9] usb 3-1: config 0 descriptor??
[  817.674076][ T5903] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  817.694160][ T5903] usb 9-1: Product: syz
[  817.698385][ T5903] usb 9-1: Manufacturer: syz
[  817.703681][    T9] hub 3-1:0.3: bad descriptor, ignoring hub
[  817.703711][    T9] hub 3-1:0.3: probe with driver hub failed with error -5
[  817.704692][    T9] sierra 3-1:0.3: Sierra USB modem converter detected
[  817.738165][ T5903] usb 9-1: SerialNumber: syz
[  817.766583][ T5903] usb 9-1: config 0 descriptor??
[  817.851004][   T10] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  817.939479][    T9] usb 3-1: Sierra USB modem converter now attached to ttyUSB0
[  817.982578][    T9] usb 3-1: Sierra USB modem converter now attached to ttyUSB1
[  818.022219][   T10] usb 7-1: Using ep0 maxpacket: 32
[  818.055079][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  818.085421][ T5903] usb 9-1: USB disconnect, device number 3
[  818.100830][   T10] usb 7-1: config 0 has no interfaces?
[  818.115394][    T9] usb 3-1: USB disconnect, device number 47
[  818.138936][   T10] usb 7-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[  818.190900][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  818.213592][    T9] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  818.247736][   T10] usb 7-1: config 0 descriptor??
[  818.294976][    T9] sierra ttyUSB1: Sierra USB modem converter now disconnected from ttyUSB1
[  818.358697][    T9] sierra 3-1:0.3: device disconnected
[  818.512197][T13318] 9pnet_fd: Insufficient options for proto=fd
[  818.544267][ T5903] usb 7-1: USB disconnect, device number 16
[  818.875100][T13335] 9pnet_fd: Insufficient options for proto=fd
[  819.752635][T13343] input: syz0 as /devices/virtual/input/input20
[  820.681128][ T5910] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  821.026398][ T5910] usb 3-1: Using ep0 maxpacket: 16
[  821.044396][ T5910] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  821.160846][   T10] usb 9-1: new low-speed USB device number 4 using dummy_hcd
[  821.289507][ T5910] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  821.302216][ T5910] usb 3-1: config 0 interface 0 has no altsetting 0
[  821.308900][ T5910] usb 3-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00
[  821.318311][ T5910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  821.330625][ T5910] usb 3-1: config 0 descriptor??
[  821.547924][T13367] netlink: 'syz.1.1639': attribute type 4 has an invalid length.
[  821.979161][   T10] usb 9-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  821.991960][   T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  822.024482][ T5910] apple 0003:05AC:0247.000E: fixing up Magic Keyboard JIS report descriptor
[  822.032263][   T10] usb 9-1: config 0 descriptor??
[  822.039596][ T5910] apple 0003:05AC:0247.000E: unexpected long global item
[  822.042448][T13362] 8021q: adding VLAN 0 to HW filter on device bond1
[  822.051521][ T5910] apple 0003:05AC:0247.000E: parse failed
[  822.059920][ T5910] apple 0003:05AC:0247.000E: probe with driver apple failed with error -22
[  822.106848][T13362] bridge0: port 3(bond1) entered blocking state
[  822.121205][T13362] bridge0: port 3(bond1) entered disabled state
[  822.127766][T13362] bond1: entered allmulticast mode
[  822.160543][T13362] bond1: entered promiscuous mode
[  822.171730][T13362] bridge0: port 3(bond1) entered blocking state
[  822.178610][T13362] bridge0: port 3(bond1) entered forwarding state
[  822.194823][T13375] netlink: 27 bytes leftover after parsing attributes in process `syz.2.1635'.
[  822.289354][   T10] asix 9-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  822.305591][   T10] asix 9-1:0.0: probe with driver asix failed with error -32
[  822.370151][T10464] bridge0: port 3(bond1) entered disabled state
[  822.455789][T13240] usb 3-1: USB disconnect, device number 48
[  823.713732][T13386] 9pnet_fd: Insufficient options for proto=fd
[  824.331338][   T10] usb 9-1: USB disconnect, device number 4
[  824.493236][T13403] lo speed is unknown, defaulting to 1000
[  824.499217][T13403] lo speed is unknown, defaulting to 1000
[  824.531958][T13405] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1650'.
[  824.605976][T13406] netlink: 60 bytes leftover after parsing attributes in process `syz.8.1649'.
[  824.617272][T13403] lo speed is unknown, defaulting to 1000
[  824.705373][T13403] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  824.774943][T13406] unsupported nlmsg_type 40
[  824.799982][T13409] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  824.963057][T13240] lo speed is unknown, defaulting to 1000
[  825.012836][T13403] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  825.229411][T13403] lo speed is unknown, defaulting to 1000
[  825.303455][T13403] lo speed is unknown, defaulting to 1000
[  825.342190][T13403] lo speed is unknown, defaulting to 1000
[  825.374309][T13403] lo speed is unknown, defaulting to 1000
[  825.403843][T13403] lo speed is unknown, defaulting to 1000
[  825.448677][T13403] lo speed is unknown, defaulting to 1000
[  825.649938][T13418] netlink: 'syz.2.1653': attribute type 4 has an invalid length.
[  827.037495][T13426] lo speed is unknown, defaulting to 1000
[  827.152758][T13435] openvswitch: netlink: IP tunnel dst address not specified
[  827.178629][T13435] netlink: 'syz.8.1658': attribute type 3 has an invalid length.
[  828.574034][T13426] lo speed is unknown, defaulting to 1000
[  828.710783][T13458] netlink: 'syz.8.1663': attribute type 10 has an invalid length.
[  828.726415][T13458] batman_adv: batadv0: Adding interface: wlan0
[  828.733086][T13458] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  828.758895][T13458] batman_adv: batadv0: Interface activated: wlan0
[  829.700931][T13462] netlink: 'syz.2.1664': attribute type 4 has an invalid length.
[  835.272553][T13240] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  835.704045][T13240] usb 7-1: Using ep0 maxpacket: 16
[  835.753282][T13240] usb 7-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  835.784234][T13240] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  835.812910][T13240] usb 7-1: Product: syz
[  835.829135][T13240] usb 7-1: Manufacturer: syz
[  835.846854][T13240] usb 7-1: SerialNumber: syz
[  835.877797][T11214] Bluetooth: hci1: connection err: -111
[  835.961089][T13240] usb 7-1: config 0 descriptor??
[  836.003117][T13240] ssu100 7-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  836.177073][T13516] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1676'.
[  837.215057][T13524] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1678'.
[  837.247181][T13240] usb 7-1: Quatech SSU-100 USB to Serial Driver converter now attached to ttyUSB0
[  837.665175][T13532] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow
[  838.581422][ T5910] usb 7-1: USB disconnect, device number 17
[  838.606157][ T5910] ssu100 ttyUSB0: Quatech SSU-100 USB to Serial Driver converter now disconnected from ttyUSB0
[  838.664195][ T5910] ssu100 7-1:0.0: device disconnected
[  840.625497][T13550] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1685'.
[  841.351545][ T5814] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  841.530888][ T5814] usb 3-1: Using ep0 maxpacket: 16
[  841.561947][ T5814] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  841.588342][ T5814] usb 3-1: config 0 has no interface number 0
[  841.620796][ T5814] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  841.668615][ T5814] usb 3-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d
[  841.684124][ T5814] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  841.861501][ T5814] usb 3-1: Product: syz
[  841.866398][ T5814] usb 3-1: Manufacturer: syz
[  841.872103][ T5814] usb 3-1: SerialNumber: syz
[  841.888080][ T5814] usb 3-1: config 0 descriptor??
[  841.923647][ T5814] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  842.085273][ T5814] snd-usb-audio 3-1:0.1: probe with driver snd-usb-audio failed with error -2
[  842.147792][T13583] xt_hashlimit: size too large, truncated to 1048576
[  842.265405][T12026] udevd[12026]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  842.561369][T13240] usb 3-1: USB disconnect, device number 49
[  844.103478][ T5814] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  844.152109][T13604] FAULT_INJECTION: forcing a failure.
[  844.152109][T13604] name failslab, interval 1, probability 0, space 0, times 0
[  844.210905][T13604] CPU: 1 UID: 0 PID: 13604 Comm: syz.7.1696 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) 
[  844.210936][T13604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  844.210948][T13604] Call Trace:
[  844.210967][T13604]  <TASK>
[  844.210975][T13604]  dump_stack_lvl+0x189/0x250
[  844.211009][T13604]  ? __pfx____ratelimit+0x10/0x10
[  844.211036][T13604]  ? __pfx_dump_stack_lvl+0x10/0x10
[  844.211063][T13604]  ? __pfx__printk+0x10/0x10
[  844.211088][T13604]  ? __pfx___might_resched+0x10/0x10
[  844.211114][T13604]  ? fs_reclaim_acquire+0x7d/0x100
[  844.211145][T13604]  should_fail_ex+0x414/0x560
[  844.211173][T13604]  should_failslab+0xa8/0x100
[  844.211199][T13604]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  844.211221][T13604]  ? __alloc_skb+0x112/0x2d0
[  844.211246][T13604]  __alloc_skb+0x112/0x2d0
[  844.211270][T13604]  netlink_ack+0x146/0xa50
[  844.211288][T13604]  ? __up_read+0x280/0x680
[  844.211308][T13604]  ? __pfx___up_read+0x10/0x10
[  844.211337][T13604]  rdma_nl_rcv+0x3c8/0x980
[  844.211371][T13604]  ? __pfx_rdma_nl_rcv+0x10/0x10
[  844.211391][T13604]  ? __lock_acquire+0xab9/0xd20
[  844.211436][T13604]  ? netlink_deliver_tap+0x2e/0x1b0
[  844.211455][T13604]  ? netlink_deliver_tap+0x2e/0x1b0
[  844.211482][T13604]  netlink_unicast+0x758/0x8d0
[  844.211524][T13604]  netlink_sendmsg+0x805/0xb30
[  844.211556][T13604]  ? __pfx_netlink_sendmsg+0x10/0x10
[  844.211588][T13604]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  844.211610][T13604]  ? __pfx_netlink_sendmsg+0x10/0x10
[  844.211631][T13604]  __sock_sendmsg+0x219/0x270
[  844.211662][T13604]  ____sys_sendmsg+0x505/0x830
[  844.211692][T13604]  ? __pfx_____sys_sendmsg+0x10/0x10
[  844.211725][T13604]  ? import_iovec+0x74/0xa0
[  844.211748][T13604]  ___sys_sendmsg+0x21f/0x2a0
[  844.211774][T13604]  ? __pfx____sys_sendmsg+0x10/0x10
[  844.211839][T13604]  ? __fget_files+0x2a/0x420
[  844.211864][T13604]  ? __fget_files+0x3a0/0x420
[  844.211901][T13604]  __x64_sys_sendmsg+0x19b/0x260
[  844.211932][T13604]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  844.211977][T13604]  ? __pfx_ksys_write+0x10/0x10
[  844.211997][T13604]  ? rcu_is_watching+0x15/0xb0
[  844.212031][T13604]  ? do_syscall_64+0xbe/0x3b0
[  844.212063][T13604]  do_syscall_64+0xfa/0x3b0
[  844.212089][T13604]  ? lockdep_hardirqs_on+0x9c/0x150
[  844.212116][T13604]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  844.212136][T13604]  ? clear_bhb_loop+0x60/0xb0
[  844.212161][T13604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  844.212180][T13604] RIP: 0033:0x7f230b18e929
[  844.212198][T13604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  844.212214][T13604] RSP: 002b:00007f230c008038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  844.212237][T13604] RAX: ffffffffffffffda RBX: 00007f230b3b5fa0 RCX: 00007f230b18e929
[  844.212252][T13604] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000004
[  844.212264][T13604] RBP: 00007f230c008090 R08: 0000000000000000 R09: 0000000000000000
[  844.212277][T13604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  844.212289][T13604] R13: 0000000000000000 R14: 00007f230b3b5fa0 R15: 00007ffe6680ae08
[  844.212320][T13604]  </TASK>
[  844.825830][ T5814] usb 7-1: Using ep0 maxpacket: 8
[  845.250229][ T5814] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  845.283964][ T5814] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  845.303531][T13606] netlink: 132 bytes leftover after parsing attributes in process `syz.8.1698'.
[  845.313255][ T5814] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[  845.358936][ T5814] usb 7-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00
[  845.383308][ T5814] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  845.410582][ T5814] usb 7-1: config 0 descriptor??
[  845.454467][ T5814] usbhid 7-1:0.0: can't add hid device: -22
[  845.463975][ T5814] usbhid 7-1:0.0: probe with driver usbhid failed with error -22
[  845.646134][ T5814] usb 7-1: USB disconnect, device number 18
[  846.831923][ T5886] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  847.021830][ T5886] usb 3-1: device descriptor read/64, error -71
[  847.212887][T13639] FAULT_INJECTION: forcing a failure.
[  847.212887][T13639] name failslab, interval 1, probability 0, space 0, times 0
[  847.575959][T13639] CPU: 1 UID: 0 PID: 13639 Comm: syz.6.1707 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) 
[  847.575990][T13639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  847.576003][T13639] Call Trace:
[  847.576011][T13639]  <TASK>
[  847.576020][T13639]  dump_stack_lvl+0x189/0x250
[  847.576054][T13639]  ? __pfx____ratelimit+0x10/0x10
[  847.576082][T13639]  ? __pfx_dump_stack_lvl+0x10/0x10
[  847.576110][T13639]  ? __pfx__printk+0x10/0x10
[  847.576133][T13639]  ? __pfx___might_resched+0x10/0x10
[  847.576161][T13639]  ? fs_reclaim_acquire+0x7d/0x100
[  847.576193][T13639]  should_fail_ex+0x414/0x560
[  847.576235][T13639]  should_failslab+0xa8/0x100
[  847.576262][T13639]  __kmalloc_noprof+0xcb/0x4f0
[  847.576284][T13639]  ? tomoyo_encode+0x28b/0x550
[  847.576317][T13639]  tomoyo_encode+0x28b/0x550
[  847.576356][T13639]  tomoyo_realpath_from_path+0x58d/0x5d0
[  847.576387][T13639]  ? tomoyo_domain+0xda/0x130
[  847.576421][T13639]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  847.576445][T13639]  tomoyo_path_number_perm+0x1e8/0x5a0
[  847.576473][T13639]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  847.576517][T13639]  ? __lock_acquire+0xab9/0xd20
[  847.576566][T13639]  ? __fget_files+0x2a/0x420
[  847.576594][T13639]  ? __fget_files+0x2a/0x420
[  847.576618][T13639]  ? __fget_files+0x3a0/0x420
[  847.576641][T13639]  ? __fget_files+0x2a/0x420
[  847.576670][T13639]  security_file_ioctl+0xcb/0x2d0
[  847.576699][T13639]  __se_sys_ioctl+0x47/0x170
[  847.576723][T13639]  do_syscall_64+0xfa/0x3b0
[  847.576749][T13639]  ? lockdep_hardirqs_on+0x9c/0x150
[  847.576776][T13639]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  847.576795][T13639]  ? clear_bhb_loop+0x60/0xb0
[  847.576819][T13639]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  847.576838][T13639] RIP: 0033:0x7f7f7db8e929
[  847.576876][T13639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  847.576893][T13639] RSP: 002b:00007f7f7e931038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  847.576916][T13639] RAX: ffffffffffffffda RBX: 00007f7f7ddb5fa0 RCX: 00007f7f7db8e929
[  847.576930][T13639] RDX: 0000200000000140 RSI: 000000004008ae9c RDI: 0000000000000008
[  847.576943][T13639] RBP: 00007f7f7e931090 R08: 0000000000000000 R09: 0000000000000000
[  847.576954][T13639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  847.576966][T13639] R13: 0000000000000000 R14: 00007f7f7ddb5fa0 R15: 00007fffd3159ff8
[  847.576999][T13639]  </TASK>
[  847.821529][    C1] vkms_vblank_simulate: vblank timer overrun
[  847.909751][ T5886] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  847.917772][T13643] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  848.006822][T13639] ERROR: Out of memory at tomoyo_realpath_from_path.
[  848.239413][T13653] overlayfs: failed to resolve './file0': -2
[  848.270918][ T5886] usb 3-1: device descriptor read/64, error -71
[  953.380633][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  953.387644][    C1] rcu: 	0-...!: (1 ticks this GP) idle=f744/1/0x4000000000000000 softirq=74939/74939 fqs=0
[  953.398790][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P13631/2:b..l
[  953.406827][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=60557, q=233 ncpus=2)
[  953.414571][    C1] Sending NMI from CPU 1 to CPUs 0:
[  953.414601][    C0] NMI backtrace for cpu 0
[  953.414616][    C0] CPU: 0 UID: 0 PID: 13654 Comm: dhcpcd-run-hook Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) 
[  953.414636][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  953.414646][    C0] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x11/0x90
[  953.414671][    C0] Code: 09 cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 14 25 08 d0 99 92 <65> 8b 0d 68 7e d9 10 81 e1 00 01 ff 00 74 11 81 f9 00 01 00 00 75
[  953.414685][    C0] RSP: 0018:ffffc90000007d38 EFLAGS: 00000046
[  953.414699][    C0] RAX: ffffffff81ae5d3e RBX: 0000000000000001 RCX: ffff888025363c00
[  953.414710][    C0] RDX: ffff888025363c00 RSI: 0000000000000001 RDI: 0000000000000000
[  953.414727][    C0] RBP: ffffc90000007e90 R08: ffff888026935357 R09: 0000000000000000
[  953.414738][    C0] R10: ffff888026935348 R11: ffffed1004d26a6b R12: ffff888026935340
[  953.414749][    C0] R13: dffffc0000000000 R14: 185521e8b54878a8 R15: ffff8880b8627bc0
[  953.414761][    C0] FS:  0000000000000000(0000) GS:ffff888125c83000(0000) knlGS:0000000000000000
[  953.414774][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  953.414785][    C0] CR2: 0000000000000000 CR3: 000000007a28c000 CR4: 00000000003526f0
[  953.414799][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  953.414809][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  953.414819][    C0] Call Trace:
[  953.414827][    C0]  <IRQ>
[  953.414833][    C0]  __hrtimer_run_queues+0x26e/0xc60
[  953.414866][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  953.414885][    C0]  ? read_tsc+0x9/0x20
[  953.414907][    C0]  hrtimer_interrupt+0x45b/0xaa0
[  953.414939][    C0]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  953.414963][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[  953.414986][    C0]  </IRQ>
[  953.414991][    C0]  <TASK>
[  953.414997][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  953.415013][    C0] RIP: 0010:__rcu_read_lock+0x15/0x60
[  953.415030][    C0] Code: 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 65 48 8b 1c 25 08 d0 99 92 48 81 c3 44 04 00 00 <48> 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84
[  953.415043][    C0] RSP: 0018:ffffc90002e973a8 EFLAGS: 00000286
[  953.415057][    C0] RAX: 0000000000000001 RBX: ffff888025364044 RCX: 948e7d1a5dfadc00
[  953.415067][    C0] RDX: dffffc0000000000 RSI: ffffffff81ace55c RDI: ffffc90002e97488
[  953.415079][    C0] RBP: dffffc0000000000 R08: ffffc90002e97550 R09: 0000000000000000
[  953.415089][    C0] R10: ffffc90002e974d8 R11: ffffffff81ace5b0 R12: 1ffff920005d2e91
[  953.415100][    C0] R13: ffffc90002e974c0 R14: ffffc90002e97488 R15: ffffc90002e97520
[  953.415113][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  953.415131][    C0]  ? stack_trace_save+0x9c/0xe0
[  953.415148][    C0]  ? unwind_next_frame+0xa5/0x2390
[  953.415168][    C0]  ? stack_trace_save+0x9c/0xe0
[  953.415181][    C0]  unwind_next_frame+0x9e/0x2390
[  953.415201][    C0]  ? arch_stack_walk+0xe4/0x150
[  953.415225][    C0]  ? __unwind_start+0x5b9/0x760
[  953.415247][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  953.415262][    C0]  arch_stack_walk+0x11c/0x150
[  953.415286][    C0]  ? stack_trace_save+0x9c/0xe0
[  953.415302][    C0]  stack_trace_save+0x9c/0xe0
[  953.415317][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  953.415334][    C0]  ? __lock_acquire+0xab9/0xd20
[  953.415355][    C0]  kasan_save_track+0x3e/0x80
[  953.415395][    C0]  ? unlink_anon_vmas+0x614/0x670
[  953.415414][    C0]  kasan_save_free_info+0x46/0x50
[  953.415435][    C0]  __kasan_slab_free+0x62/0x70
[  953.415452][    C0]  kmem_cache_free+0x18f/0x400
[  953.415472][    C0]  unlink_anon_vmas+0x614/0x670
[  953.415494][    C0]  free_pgtables+0x7bf/0xaf0
[  953.415519][    C0]  ? __pfx_free_pgtables+0x10/0x10
[  953.415541][    C0]  ? __pfx_down_write+0x10/0x10
[  953.415556][    C0]  ? __mas_set_range+0x12f/0x3c0
[  953.415578][    C0]  exit_mmap+0x444/0xb50
[  953.415595][    C0]  ? uprobe_clear_state+0x20f/0x290
[  953.415615][    C0]  ? __pfx_exit_mmap+0x10/0x10
[  953.415631][    C0]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  953.415657][    C0]  ? __pfx_exit_aio+0x10/0x10
[  953.415679][    C0]  ? uprobe_clear_state+0x274/0x290
[  953.415725][    C0]  ? mm_update_next_owner+0xa7/0x870
[  953.415743][    C0]  __mmput+0x118/0x420
[  953.415764][    C0]  exit_mm+0x1da/0x2c0
[  953.415781][    C0]  ? __pfx_exit_mm+0x10/0x10
[  953.415795][    C0]  ? hrtimer_try_to_cancel+0x3d9/0x420
[  953.415816][    C0]  ? rcu_is_watching+0x15/0xb0
[  953.415838][    C0]  do_exit+0x648/0x22e0
[  953.415856][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  953.415873][    C0]  ? __pfx_do_exit+0x10/0x10
[  953.415893][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  953.415911][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  953.415932][    C0]  do_group_exit+0x21c/0x2d0
[  953.415950][    C0]  __x64_sys_exit_group+0x3f/0x40
[  953.415967][    C0]  x64_sys_call+0x21ba/0x21c0
[  953.415982][    C0]  do_syscall_64+0xfa/0x3b0
[  953.416003][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  953.416022][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  953.416037][    C0]  ? clear_bhb_loop+0x60/0xb0
[  953.416053][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  953.416068][    C0] RIP: 0033:0x7f1ed2a716c5
[  953.416081][    C0] Code: Unable to access opcode bytes at 0x7f1ed2a7169b.
[  953.416088][    C0] RSP: 002b:00007ffe1e07c538 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
[  953.416103][    C0] RAX: ffffffffffffffda RBX: 00007ffe1e07c804 RCX: 00007f1ed2a716c5
[  953.416115][    C0] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000
[  953.416125][    C0] RBP: 0000000000000003 R08: 00007ffe1e07c630 R09: 0000000000000002
[  953.416134][    C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  953.416144][    C0] R13: 00007ffe1e07c870 R14: 00007f1ed2c81000 R15: 0000565182d8dd98
[  953.416162][    C0]  </TASK>
[  953.416595][    C1] task:syz.2.1705      state:R  running task     stack:25264 pid:13631 tgid:13628 ppid:8644   task_flags:0x400140 flags:0x00004002
[  953.996121][    C1] Call Trace:
[  953.999432][    C1]  <TASK>
[  954.002394][    C1]  __schedule+0x16a2/0x4cb0
[  954.006974][    C1]  ? preempt_schedule_irq+0xb5/0x150
[  954.012290][    C1]  ? css_rstat_updated+0x1a5/0xca0
[  954.017433][    C1]  ? __pfx___schedule+0x10/0x10
[  954.022331][    C1]  ? preempt_schedule_irq+0xaa/0x150
[  954.027651][    C1]  preempt_schedule_irq+0xb5/0x150
[  954.032796][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  954.038558][    C1]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  954.044398][    C1]  irqentry_exit+0x6f/0x90
[  954.048846][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  954.054856][    C1] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x18/0x90
[  954.061737][    C1] Code: 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 08 d0 99 92 65 8b 15 c8 7d d9 10 <81> e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 57 83 b9 3c 16 00 00
[  954.081371][    C1] RSP: 0018:ffffc9000b1cf470 EFLAGS: 00000202
[  954.087636][    C1] RAX: ffffffff8b5d7ab3 RBX: ffff888025f01080 RCX: ffff888034a00000
[  954.095631][    C1] RDX: 0000000080000000 RSI: 0000000000000002 RDI: 0000000000000002
[  954.103634][    C1] RBP: ffff888025f01080 R08: ffff888034a00000 R09: 0000000000000002
[  954.111629][    C1] R10: 0000000000000003 R11: 0000000000000000 R12: ffffc9000b1cf712
[  954.119620][    C1] R13: dffffc0000000000 R14: ffff88804e0d6ec2 R15: 0000000000000002
[  954.127623][    C1]  ? xas_load+0x93/0x5b0
[  954.131906][    C1]  xas_load+0x93/0x5b0
[  954.136023][    C1]  xas_find+0x157/0x990
[  954.140209][    C1]  ? xas_next_entry+0x381/0x3d0
[  954.145102][    C1]  next_uptodate_folio+0x32/0x5d0
[  954.150160][    C1]  filemap_map_pages+0x21f/0x1740
[  954.155227][    C1]  ? __lock_acquire+0xab9/0xd20
[  954.160104][    C1]  ? filemap_map_pages+0x14b/0x1740
[  954.165342][    C1]  ? __pfx_filemap_map_pages+0x10/0x10
[  954.170847][    C1]  ? __handle_mm_fault+0x296f/0x5620
[  954.176159][    C1]  ? __handle_mm_fault+0x296f/0x5620
[  954.181496][    C1]  __handle_mm_fault+0x3687/0x5620
[  954.186681][    C1]  ? __pfx___handle_mm_fault+0x10/0x10
[  954.192193][    C1]  ? follow_page_pte+0x8d6/0x14b0
[  954.197268][    C1]  handle_mm_fault+0x2d5/0x7f0
[  954.202077][    C1]  __get_user_pages+0x1af4/0x30b0
[  954.207140][    C1]  ? mt_find+0x15c/0x5f0
[  954.211436][    C1]  ? __pfx___get_user_pages+0x10/0x10
[  954.216868][    C1]  populate_vma_page_range+0x26b/0x340
[  954.222359][    C1]  ? __pfx_populate_vma_page_range+0x10/0x10
[  954.228364][    C1]  ? userfaultfd_unmap_complete+0x278/0x2d0
[  954.234292][    C1]  ? down_read+0x1ad/0x2e0
[  954.238735][    C1]  __mm_populate+0x24c/0x380
[  954.243351][    C1]  ? __pfx___mm_populate+0x10/0x10
[  954.248495][    C1]  ? up_write+0x1c4/0x420
[  954.252859][    C1]  vm_mmap_pgoff+0x3f0/0x4c0
[  954.257480][    C1]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  954.262618][    C1]  ? rcu_is_watching+0x15/0xb0
[  954.267413][    C1]  ? ksys_mmap_pgoff+0xf4/0x760
[  954.272294][    C1]  ? __x64_sys_mmap+0x7f/0x140
[  954.277098][    C1]  do_syscall_64+0xfa/0x3b0
[  954.281809][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  954.287043][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.293135][    C1]  ? clear_bhb_loop+0x60/0xb0
[  954.297840][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.303761][    C1] RIP: 0033:0x7fda1078e929
[  954.308201][    C1] RSP: 002b:00007fda11515038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  954.316647][    C1] RAX: ffffffffffffffda RBX: 00007fda109b6080 RCX: 00007fda1078e929
[  954.324644][    C1] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000
[  954.332635][    C1] RBP: 00007fda10810b39 R08: ffffffffffffffff R09: 0000000000000000
[  954.340718][    C1] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
[  954.348716][    C1] R13: 0000000000000000 R14: 00007fda109b6080 R15: 00007ffc21faf3c8
[  954.356730][    C1]  </TASK>
[  954.359781][    C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g60557 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[  954.372652][    C1] rcu: 	Possible timer handling issue on cpu=0 timer-softirq=64981
[  954.380821][    C1] rcu: rcu_preempt kthread starved for 10502 jiffies! g60557 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
[  954.392207][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  954.402197][    C1] rcu: RCU grace-period kthread stack dump:
[  954.408102][    C1] task:rcu_preempt     state:I stack:27128 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  954.420079][    C1] Call Trace:
[  954.423385][    C1]  <TASK>
[  954.426349][    C1]  __schedule+0x16a2/0x4cb0
[  954.430906][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  954.436143][    C1]  ? schedule+0x165/0x360
[  954.440505][    C1]  ? __lock_acquire+0xab9/0xd20
[  954.445391][    C1]  ? __pfx___schedule+0x10/0x10
[  954.450291][    C1]  ? schedule+0x91/0x360
[  954.454570][    C1]  schedule+0x165/0x360
[  954.458756][    C1]  schedule_timeout+0x12b/0x270
[  954.463638][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  954.469036][    C1]  ? __pfx_process_timeout+0x10/0x10
[  954.474374][    C1]  ? prepare_to_swait_event+0x341/0x380
[  954.479960][    C1]  rcu_gp_fqs_loop+0x301/0x1540
[  954.484866][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[  954.489832][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  954.495064][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  954.500379][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  954.506309][    C1]  ? finish_swait+0xcd/0x1f0
[  954.510926][    C1]  rcu_gp_kthread+0x99/0x390
[  954.515549][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  954.520778][    C1]  ? __kthread_parkme+0x7b/0x200
[  954.525750][    C1]  ? __kthread_parkme+0x1a1/0x200
[  954.530813][    C1]  kthread+0x70e/0x8a0
[  954.534908][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  954.540137][    C1]  ? __pfx_kthread+0x10/0x10
[  954.544771][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  954.550013][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  954.555239][    C1]  ? __pfx_kthread+0x10/0x10
[  954.559856][    C1]  ret_from_fork+0x3fc/0x770
[  954.564479][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  954.569627][    C1]  ? __switch_to_asm+0x39/0x70
[  954.574412][    C1]  ? __switch_to_asm+0x33/0x70
[  954.579196][    C1]  ? __pfx_kthread+0x10/0x10
[  954.583811][    C1]  ret_from_fork_asm+0x1a/0x30
[  954.588613][    C1]  </TASK>