last executing test programs:

25m50.707437125s ago: executing program 32 (id=450):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffed7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
rt_sigsuspend(0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r5, 0x0, 0xfffffffffffffff9}, 0x18)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x4}, 0x1c)
sendmmsg$inet6(r6, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)

25m40.483581658s ago: executing program 33 (id=521):
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @empty}, 0x10)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000080)={@empty, @multicast2, 0x3, "34d5fdb244787aae1037b3cc0dfd25debc5e463e671f467a7381248bf19b3846", 0xe7, 0x9, 0x8, 0x8}, 0x3c)

25m38.993158379s ago: executing program 34 (id=533):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000140)={0x1, 0xa, 0x3, "2e85f85a3b9156e89e82960ad936188f4429f4bf777d1b56926c75b050d4c3f0", 0x39555659})
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
keyctl$clear(0x7, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010e7010000000000000000000000000a20000000000a03000000000000000000070000000c00044000000000000000021c000000090a010400000000000000000700000008000a400000"], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmmsg$alg(r4, &(0x7f00000000c0), 0x492492492492627, 0x0)
setgroups(0x0, 0x0)
r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
ioctl$int_in(r5, 0x5421, &(0x7f0000000000)=0x5)
connect$bt_rfcomm(r5, &(0x7f0000000080)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0xb}, 0xa)

25m37.058365987s ago: executing program 35 (id=544):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b000000080000000100010009000000"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001d40)={&(0x7f0000000040)=@proc={0x10, 0x0, 0x25dfdbfd, 0x40}, 0xc, &(0x7f0000001b80)=[{&(0x7f00000003c0)=ANY=[@ANYRESHEX=r5], 0x14}, {0x0}, {0x0}], 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="1c000500000000000300000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32], 0x50, 0x24040094}, 0x80)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000840)=ANY=[@ANYRESDEC, @ANYBLOB="02000400", @ANYBLOB="020002", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="02000600", @ANYRES64, @ANYRES8, @ANYBLOB="02000300", @ANYRES64, @ANYBLOB="020002", @ANYRES8=r5, @ANYRES32=0x0, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="080006", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000400", @ANYRES32, @ANYBLOB="10000400000000002000000000000000"], 0x94, 0x1)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0800034000000004640000000e0a01020000000000000000010000000900020073797a32000000000900010073797a300000000038000380"], 0xf0}, 0x1, 0x0, 0x0, 0x80}, 0x0)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000780)={{0x1, 0x1, 0x18, r6, {r7, 0xffffffffffffffff}}, './file0\x00'})
mount$9p_rdma(&(0x7f00000001c0), &(0x7f0000000280)='./file0\x00', &(0x7f0000000300), 0x80, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e24,timeout=0x0000000000000004,dfltui', @ANYRESHEX=0x0, @ANYBLOB=',rq=0x0000000000000001,uid=', @ANYRESDEC=0x0, @ANYBLOB="2c666f81", @ANYRESDEC=r7, @ANYBLOB="2c726f6f74636f6e746578743d726f6f742c6d6561737572652c7375626a5f757365723d002c6673757569643d00306361303166352d640038312d393832622d003419662d30313033326437362c00"])

25m34.994977494s ago: executing program 36 (id=553):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
sendmsg$IEEE802154_ASSOCIATE_REQ(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB="34000800fdf55c3e9c020a4d7965f055c66db4e5"], 0x34}, 0x1, 0x0, 0x0, 0x8004}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

25m1.478632954s ago: executing program 7 (id=708):
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, 0x0, 0x0)

25m1.280951201s ago: executing program 7 (id=710):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffed7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
rt_sigsuspend(0x0, 0x0)

25m0.275609818s ago: executing program 7 (id=714):
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x4}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)

25m0.016423705s ago: executing program 7 (id=717):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

24m59.773571908s ago: executing program 7 (id=719):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x6, 0x8, 0x8, 0x40, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
r1 = socket$inet6(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendto$inet6(r1, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

24m59.081053116s ago: executing program 8 (id=723):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0), 0x12)

24m59.07982448s ago: executing program 7 (id=724):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffed7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
rt_sigsuspend(0x0, 0x0)

24m58.972436801s ago: executing program 8 (id=725):
r0 = openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r2, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0)
write$nci(r0, &(0x7f0000000240)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x6, @b={0x2, 0x3, 0x1, 0x2, {0x3, "ef8e49"}, 0x2}}, 0xc)

24m58.789927318s ago: executing program 37 (id=724):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffed7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
rt_sigsuspend(0x0, 0x0)

24m58.768275616s ago: executing program 8 (id=727):
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006840)={0x2020, 0x0, <r1=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="9ab1446569aa24b774753c9e994c09c24df9d42fa5a228e469b44cecf6f9f5ce5f77c93b1895aaac9cf34b37415f11fe22d6fa0162aa743b242e8fe0a8659e32fb543d7969d6513136a9f332a8074f8ee1e445277ddd5859eb5ac3321eb710be880a441031da9b31f791d54fb3c97cd8ee92b00cbf962be8eb5fd0b7cab207645f59cf87a8c41e2739dd8386b6bb84b627cbf5e09bac876ad4b215f0e510a853c5e8b9f7822b26771d72972290a1f9a6f0a46942be0d0eb7aa5145ff368863b14e9845926088f9f92d554e572926290dc6e6b574aea8c500fbe5697f881c0cec48282c6d07619248da0c3b9aa6f7c778525d1760051e4ba8ef31d3c8d3e1d4214ffa5261ce1fdbc12eba889968137f5c06fea233000296cf18df494b4e7b1bee7dc2f3751c37415d46f6d7ffb3d0f788f2100ee41266e6fba75b61af22e1d7b286507ff100cc34ed28d5a2c8be3231446874bbbde6f3c367ca802d64192ffcce1ea41b2cbc57f7500fc4f8f12fe02690c1c9785bbc35542b59d05600783cf4f4633b374101d8ed395303392b238d198f9f68c8ae928cbf3b558deec6d38ebaa526e749ac4e47dd5b838ec34f2820a1134252ae60159d4e030cf5e5d6f8de799a31e12ae57cfe5a1a3ded525c6e71271271d35a0056265362387a361f21ea0f4b6d46f6a83a8512687e43b31e11b1396d6e9e49cf42b693732e226b55d21a1203022f6be9f8ecccb68de3bf4ce99689514bd752f4e60bd2f8e376d7fae5b5fc8db0f53db8c52746671e361b9319419c1b3f3168b4797ebd2d118ee42dda4bc59dd0251236195c8cdafc0546354eeb28f4c7e71e8245a6ccaddfb858f61039c0ccf5acd924680aab38dd061fc7b123f24ac7f3d3c0cee43b61045bb1efea25af86088a0591f166e2f11ea4089860893b17ca5e3d99ec75131268e2e4e290c2bf15e4dde23284e4bdf6e549c096ce221d9c8a6c0fc78aa6a1c8b547c0e10738de2a1e8663e03ab0ce4594e244989f75b6672de1eee97ba7e6467a0da51c0e75d5866c405b03c4744d8d3fbb01eddba5a0361662269154c2f0e61a9433982eb904ff562896cbfa692eb1e6c644fcf6cbc103a76b712af706a47608d3e2f5d54d47d8e9906ab37ddf04004d32ce00200fc3c274666aeb618b27424d87b6a4b0262de4436b9e6f150bc798394c298b25a2c318fbe786185464057c0bcfcd1917230d78ee1a49eca12068fa676852c1099096c6cb98dfda27fedac41826516e42cc116f0cbb68f0f810418258dc5a65c0e1ada296176e17f8d762894c80542a79383cc1674a4f3d6520633ce80baba214c20628899f9ac826484c887713aed9c5caf13b40a598cb1e81f7b18dae39efc22dc99ff497e11f158edc2716ebe3bcd593691aa26523efc168e1394ab439c9a9270575ef34eeee9084b0a31b2d81d47c964ac61e600f75d9321d7474dde45bb8d0cc46510488ab68486d3ba6cc9c3ddb6f66f2e5d251ee285121e1645a2f5167fc5fb8ac4491c0d9d0423c7a8452efea2f5a30096a0fa47173f3a68500a5c755ea939c838d3be126a87ff6baa5a1fba638a5c64767d17f04201b935fcb1cb6afa175594f410f2ff773194c703e623876051e46bb0850a5016e65f8fa34b96bafdfe851a0756fe26fb63d52113c0935b0867f7dc8a94d887484b15e8f92b6a316a22c04a985cc94e432cd43f44001bcdbd48efcd463c402d3d181298e96db60fdb714b82e146567af5ae3fc0c3f9d241471b4d129f928d286f780facb1e84434610ab3379dfff0f64d57b4a1c2e96c98b693de952d26773d24e7a95eddbc450f79932d5332d27991c7bfbd3bc35bfeb9496fbebccb5e4c35c368e021dea643cb292d794d3d3bbcc960f989bef09763dc73d83cbf907485635265e81f87b712d958a66719230fc6466615a0e3bb998d48159e9e9c51959354a545966bcffa298c7673b4d32b991c886a997236642c0f104f6795feab9f48d0ffc74667f3f3e82473ac892ad25f4b13029b0b27fb1d86991ddc42bbc3fe584ed364e769f3bc72ed8749e7a654ec1a2ec7a01bd2d5caccdc6241a1b1ef2726db54d2c34ab47020b4c729b5994b43deb00ad959950e0051d2c0f27217397055e78f1dd3bd867a45e06c2134ae8981021aae881cc7b2049fe7c82d2127ec81d6430c8116355c8d0ab8b9291c688ed9b8dbb1ed6f1a99bb58a1be8d5737acbf9461b142c8982f52481195d35ef82aed4fa52385ea4ed00a739d01cad7af9f7c27d357748e24f28d22065ccb37300e8f5d8dae5ca79af7a50edc3e05184d1a2a6d59784d5ceeb1f1550a44ea03bee4dc5c27eb78f0032593c7d082e59211f83a8b91aa78bfb7e959328ee63af26a37b79ce5e5139eeebd12e28b2a26ad2fcbdca652524d036b324782d54247a48b9f8200b2d6d2c091c41366d677e3be6e136cec6c3080d608849135c6e3c7d695d2e226ae1ce999d730d7f79116ab85762e55a3e5a66a690ce0a4bb4fd1560c796e2797414b544ef78e29d55e4853fdbf3362085a65c46105f32c360a0a9867b984a5d0297fe0b06a45684ac801a8e66294cef6e5f3c48648884fbb2422fa00488df33a9a0ff1039c81f1939f2cd2f5fe8aa805af2d2332ac37244ed4a7b50265af8062752b0c16511e5f25e8aa2b60645675bc826557bb75474ca4787f6b584b2f83bc25192579104aa0baae79f396df0d31121f90db9acea9695ee0fe0c22df4db503ec8b2437b05f5d35a65722fa82eebd2aff4bcd3316a5cffc4b31913fd02f82130c77f320bf04bf8fa873d0e3f62122d6a5f87d3e908bedafed4a3cb6d9f73ff546f5a2b74a2493b1753e89b682352bb3166563518dcb190c7b3d9fd667c57978a670b192641a674dc92c2401d067b6767aa632ce32a401175c98200a52ab5d80dffa719746d0bff8a84bac4a56e0ab8124fc332b64ea662d01e1b73231a6638f01cf4d699448da228c16951149c8d3dab9a7e3be9a16c7d1ffb061818f8f9cb2b42739fae4a0d70c0701c8dceee785d36ef6413162de1917df01c693ef3e1f517e7fc46245209fee52f5c6a2f50ab3f56d67d1cd987282b24071d8ebb1bc5cd635957b2a7ad92d0650abd5bbc24b75885b6119592a3d715392718e52f9124c4ac95be3582abba4ac3a4049ee49fa8ceb9b59d4e1e2a069c9d482879fd8d27d5ac22ef870542453be22c2ec4ebf1472c19fbfb56aa0a3671297b020e3fe49d201a82a04420e90bda43691dacf92347bcbcae3742cc4abad4c8010c0afa15278795d4d76c482461ae78f30569e1dcf87b9b150d07a2bd81676ec6022422d490759ae1e861a6c4cd1f733bd772d60975a59356c385a4a390429f3d2131e7f616015261df6db3cc3ec261a53be10c4f197e71878984fee00e6d1069f79825194b7af434fb6bb86db18e11977f82928be35054543060cea94ebb4015d061f20f8454e056e7b6e4f9a1621ef2377d77659c20bf358c817519f1801be15ae3b5b42adfab367777a6789635a0dcdd1f2b97edecea0210768af67601d1b95a8850dddb6b1f4b0c2f52c835b0833d81966ad19e49ceb9dc9c729cd8334bc3ee5bb8c74186f5cc3e765b9fdd91d79baaab3d2ab64c15d655d1af7de9cf8d5d7c1baef24577843ce142331743b45b06104b6d0d4392e61ca8c07507ff5f831bbf720854db4debf64182aaebf899ba57626a48748fc2dcf016013d575595d24d383eef2da0ff0c9f6fe9c64b186cd4617e3f37635d7dacb58ec297f3ddb48ce4a5e00cc127267e18a1fdf209e098f2cb2e9c0630d15ec9b867b2b95ecf82ad2c0ba39df9c4d36d492bc9a55c4b767da966e4fd7f4d2fef5e91d0575177c05d240b50757031c76333d43bcc828ab2f0376e29d12d1261ce104a8ea488091326bc451c120c8c04d3e64835c893f55b312e248ad8fc1c32429d68e6b67bf45ab8a1cc3db22f9f01a2266b8349046d3d3e081eaa7f7020c73c0762d11a33b517b8f081da3c61ef63e1d40cd87d69c7ac7491fb61bb57c1fe2d218aff6d39b3e1fc847f0ed894e2f0b4d6a4ad03ba42e28bb1dfab645081f548e64ceb8ce15d2214bd66a14fe594aa447c3537eb493299fef0f9326236ea5dae44e23b34801fe06ee16c79545feaf2528421d6e7f9a256a7914d86bd053dc33c8c2043ba73714f5ff5f0507097a56c40b2190e77877d43be849ee2ac129e582930ced06d359eebb49eda4edb13819f91cecc449c9613d9659906179f8fefa34fecb7d21cdaf09a1ce8d094421da80796c97c02fc56171aaba53fd8a7f55de059044717df164f3571028f16995d51fc8829534cdf58dd134def1e43a34e4f5f372fa8e19d3b85881e99ecd45faa4fccfdb47e094ab06955f3960fac71294dd965f24a97cff36b9966cf1a4c3e96c3e14a3951dcc8a3e9371f7e1ae9df77ddb1a99172174adbee8ea57a0c9872a6d677c2875da88a6a7234bebf68a3cc0532a9809a4de4b4d419bff67b0ba825a7ae6e999087155378357ae67e2dd98697f1d10ffa4497dde6582571670456db995228b97d0ecb2fb30c2ba6c16038c40059815c56b35666cc1c5090f6c38e0f4c12abf79919951b85a2734d32dd12b239912d541f9163387a4aa0be0b7a12d9c6b56dbcf1e9aadcfd72e2664a84d6c5147c72bffe7c3560ccd8c447b748dcd26cc9ca2a85cded742a8dccdfd8e78c96e78d405a19faab9e57183b37583f94b3d416b2920c6b746427ed75c08dc3be02720c1edc4743229153c48f1239b222b9fe2e21c0ae28122bc44f9dc78a59f3485ac8057eb21f0857bcfea2d9ebbbcc197e7880d81515bb1cb7192d97c4258c09926d137e245977db40812b253f99a504bb68137d8d73ca4e7c808d50f1dcc600e6a6db90238ff44e075932fe668c066e6988a6a8b4a8485120c8e4d6511268a75d8f9b0f06689aac8cd621e90c62af1e59aa9efe928e9ea098661b408a2825c4f9aac1efd9d54d163a651054b9ab32719d2be3b176f6795ddad0f1310b9237181689f2f9dd34a41d4d4cd2d7569bf56e6a80bc24d90df3bdde0f9649e699f4ef70c4f3faf9553a231215416bba26c29f17861e0f265e9641b2307ed43d6fde23a378669f4ade874e54c20a5e902205dcaa79a3e8584a3f78a86e703451115a1717df882507c607297afac0a056a0f3509a57502fd2ffff6035d04b91f72f5e1a69ddafaf80f7b2f7a13f38c683988436585e6bc7fc2da328449675c234ec0acf5294ce06c72442beba15e65d6a3e1b5dc3c8f115e1005798383f79b0194f6b7d4b1b32371acbf22340af6e5ee3ea840f7ed451226daef3041fc194e051af2fb450022b394c774273b9575c974c324ecd7268435176ee28c54bb54c8e829232ca636f3bdef60ed460b5ff425936626dd16a3f436f08a863582a79f393378f60f6c8ecdd13d83073bfda2e9f8d0c74a841021cbb8c148e70bfc585627449cdd9fb3045db3ea08a96108b52ee8a4f5048a5d910355789f4bb85c1362955e267e719581c38a2648eaa0b516db6277d2ee3c6e1e1090df3f53a31b747d99887e337dadddab16a297d9e56797007a3d18ce333311c70bb1bf45bdae517ffc589419af643773bb30a1fbff7ecd4a8ae7456a608fe73547c2eda4f070d57dc70b65d867526c946a435ea581497da18646ce569eaf6ccf3474cd6e7aa3d6d4732836ff4167c9153757ce58a34864be6d479f7b4ea1d6480b9ac16c5bff346a74e74133234744df867e16b3d2f1f7db4b21b89019b520917ef863e60f52999d6946b9e09cb60054f49d8a255f02e4b62fff6e6adb9a167ea70a177d00b26f56e29b63138a2ebc30b956161a4ab25d5da1c207c3f762714f651341ae771e17d84fa1c86685f2fcb0a128c2e1208d1930e7ff0d8d55299154112af574b881be8b69cc1721d548ad4dc02632e184c47f9b394bf4a834e60fbead8c8bfbf5087f8454513b0b086ac97bbbb9aa342af9def758fe88f1e4570e65f93fd4a9868665d08fac0cf6ebde786995c433504ca01cdf83311aaae20cc76f819a4344a8ee4e26c1094cb00d2c8a67c733fffcd89e97534cacb08a64d75e8594fa31f0dcfcafb0d1bc184c7067fec6a48ddefd580d4d9a4128d8f70f6fc6562da683904766e982ecd0286064db6844131bb7962a0a497f7b97fefad88a0b128bdf8cca774b1c32cb4af259bfebccda036e7e4ea8962838dbb5c04ffab0a2f1481848a27f06171645daf5246a2e563f3ed60097a9d7023d6ba5c8a58d39f733b12baf0863d82c427460f51cf9e3f77281a42221725b7bb75c2116ab31f704661f090d3eeddd2aa6efc619946b4933c398b635fd04ba3758294965c568997e1ef44b0562804e6c64558f6cfa87662a988c321a856ead51c848528a4954f9ff1948d517d67bc11db66801648848bfb7ee12296428bc3ffec863e9c77ff31ee386197679adab2a0e93bbe0c66ffe9c4b09b636f6216faa373aa8271678cc57ad46898222df7e2d8b14a5b70130596c0430997c4c04d9b5187fd9bb26b71fd19aacc8e08a3239f0eebca7b2873062a19f327a4a282012ebf9898a5ab6310b8623c864d4dada3ded00ad201ce8f3973f90396f5edc1ba466e16247fe6b0ee98acfd53792cc0fea33647b841596655b8d9efbc14b50fe0b588e4c41e2cbd0a700529e7ca91122d3d1b26e52bf44a0c9fe37cdbc352357f13b2adc68e78a00f6dc88a8e6ea54bd0b2c8276f9e1bfebc8655a1f47b72c25ffa97f4463630cc21428ca3bb381a6d3171d28bb946f746f820247bf3f7bb69caaeb5c47026ca9997e586e657a9e1569312bb443299ef4cfeacc9aaf4fc3aaa4a77a21579234d2aab6fd0234398ae07ca7c57ac6d6a51e025744b1430abce27f7f9b0d0e45c051e34d20db95cadcc0e4e327dbd979166b33e39a3951d0b8dd62c0d1542b69583cfc07b127243cac4b052cb29ccb3592972698fa4cd84633d222d78b8741d5f903f8636d95cddfe2ef13829df9ce32705edfda51ded2f0ef38f60a33a2e00373107eef56a01acb5e05d849279b5987343c8bbc73ea660ceaf7c9b90c0a8e1412ff3f517cef8fe604d7a26e085170a76e1bf43f5d1bb77ee771fe841d59fe2cc2874d25bf991b4af6bf9ffe1bfbf3a5587006b60bab5bdfd5a3192e82d474ecab0ab656967856c84cba9469c5823c1d1bf104d2a21c071bb08b2a137883dd9c8f545d6958db8efa45263ae303de76e70f2f6a10e1858e6654004f2a099dc31950ee730c465e0a1822935e309d41650fba489aa3050eedbf3f058d24d1f04fc340966e42d72052d84a66789ccf75000c3fc83b8842badd6b22ddaaaf53ed34e25c1b638e3630d66a7903405052902cf8e7395d54679e2f4a2bf7c8c89b0dc38969376ea164fe97b37b1172e6e8f05a929aa373108e891a64e38e18b432a115a44d754811e03c4f4ae7c525a6b9b92aab0d16967ee1a64eeeb2207c094f6aa96f126d058eff22435a4ae76c31f888ee13b327d2cab4ab5a56abf4cae88c583dd67129271708aa17f4f10886ead0e12734314bd4a49e64349beba4abdf94a1fb23a72cf7e16b5af2f1706d9646a5ff7dbf5c7b1cb2c3781346167b15d4625841d9f3d14392db1d39101d37175c42c522229db0708544058d75cebf3e399cd443d1b943c6f3017a898bd49836a8d92519deb810712aed76602682ef0df2be270734eeda7f289a76f4684baf75702a1ac3da005e62b83f794b934cf882db5d50e5ed4aca868e300d690c0b10daf0a47486e9f49d1b08eac6cf5090ddd2443b1459b2df86ab3447b2b5c6afe8aadb410de6a84b640e326eb882832d1a9cb12e0b8f13aef579f404af8631cdd5a30a031dad19cdf247575dd223229330f19fe4d88c51242217397acf66b86c743de283d5df7212fce59af17eb702eccab192f56f054a33709d41841e4a39638e02b4210559593f9b5c44fd22d9da637ef1a3a0a41c40469990dc4beec30a05b67931c0560d9a59fa875f3e26fd1eb32655aa30c7a1cd3d541716fdaacdda206328f3cbc8f16fc2be26690f18963a16febbaf2cb6c199330579ca067c60b54cbdd211c1350e066448fb50ae28ed58788ac98f0ded3414c8735ab90639916e26ab29102cc2609035e56d9b9d2dbc98118835bcf0e437c77052efe2293d9f19b7197aa1b94b10997b0b1efdef251de8945a97fec885f032c3bee2447335230b866d7aef515b04664d0c59e18233f9a229969e3e17d69716413ca3bc55f5959e340627ea803f7b26f4a74295b295344a3685287093998a1ce75b1ed5d730c9aec812617b4c200a0250c9ef8ef7d2fcfc59ef97422eca746bc6451a5b77307d14c1cfa0ea2c8eb7cf7819644577a6456efec0af058a0e3c8ec371019009462bfe174a11368b57fbe3090208a57b2236b97edc32cda5c6fc988cbaaf91c4020a06a7ad45519eaa761e045fc84d3219b287206282347a031ef1e7b7dbc67de738fa8f9fe71c44201fd1d548f8aebe93bf502d64d4b5f470a419e3fcd87f0616b9813048311ed20ac2efd7f18dcd6889542208b50c28c8c0700f73fa33a964e38d699819cab2098c6ff081266721cdced87ff41948c84037485f30d38a99eeeb3ff4c3049742a29eb09bb35c358e732546267c165a62fee9e25abdafdb8a48785bd432d160797e7a41d580f59d7d8e59b3e6b954d39f86db33b8f7cabde43e8e04cac1fcf9aa6fdbe4326e0d9c782d9a630055b36f85c2b8efebf18f42ef14ee5eb1d33ca322db69704f8bb90bf30eb05908b8d8ed169580923f53a6539cc3b55baa47718053d2ff103c23d90f9cb49ddc7d759950f605bafabcb7953c042c0523b84da994529a87ad68fc6f0709fd7af5fc20e53a17d3f5fd4d25fc5ff6598c6ddfc34668a08ee5e066d81a65e7979c50c08febf76dc5a3a405f551bb8449d94ea0dfdad6dd6dd6d6e4486f4ae1d2523c05f46198d8af4da12873ebdf7d6b5f2d0f1b2d29759ab0d78e34ae6f17b7ab83518cf8b18836ea5630ee934e5ecc123f0d3fe6b803ae1f735d65dcadcaaf6660e02ecad0290f6ead0594733a10b2b1654a44244424fa8b3180b551ac401828203e61603b017106e2256f01b9f26db33897167d9defb54ddfe49334150574493895370bad46cc658667aa9a8ed333c86f112b2a542936af92e2f933254b6fb0b1a599eec3bf2e476ae6714e2486dd31b29e4d26838d84bd7a62c62beab3ba71642278ecaf2e50d70670d9fdff105019791d36321bc57fdfd8f65f2ea1cb188035ecabf6140e777b7e6d2177ac29e9a1a2f87dd54d96184bb1a855bd9efdadfc606f13621f40e07cd8be9c2435c8c90b4ccba5eb7ddcf8cf1f76617c9a9e011abf4a63ffe31df63ecacb8b1d2d653e613cb399ce079392f9ca2e226c60b6e8103447c24c1f80d42e1ee747997602ae3ccff8f9f98ce9b56f6f3e3c0ba507df8b2169539cfc946c42da72644feb9b3b582ce332f8b2eda02192958194903d17b3e9b4bd60d08cd9a7989d946ece6d8dc01d6b66a7851bb11e4b075d38081d3ce7bf1875fec9daf47a589abdb72763c9747b83a28389238b0279c8e41db6521130420851acac463664a97be2190aff921923475f2c1f8a87d1169229e5f10dd0a92221e61358b156020f2c9ca2cb6580743a8d5e3c59e6fd97a7a246211450c7c62f1891cedb434102f8794d81c1caf2c1b4ae18b7c4b9c88de5c51da33e3343cef76da0d00341c2e60c4562c162e41a7efa8290cc9061f3d6a592d5f104c5018f31bcaf912bdd37370fbf8fedf0aa9026c1142299197d67ab026756927b5864ea42c45a82c23c275697d31a1b7900670c9a3c967d12974543c11f20c367a336bea9b9ebe480f9c806528138dff35c5f56b1199b75748e9c5cf50e6a32397dc3eeb04c3636c0848a5e13df8a9758bacea231f34cba13b466360b0dec69f74f8bf9a2dcf3dd94fa3a7d27e8caae00240559d75875ef9c619416593ca0072e7f38caae5a530c62dbe00e38c12cb8b924d63fca4d5c3a4c8f50e8f4f86fc1fe2b163219c46c21eb783e587e18e07ab7e1927a646c4f154c5000cb65ce9528457c3c66f43d9ab7d61580df0ecfb31cb38e4cbcdc3dafcca57311abec6b74048c8b74505ba678a4db07ed7243c70a821aee66a487bf91fd273418f8ef657d1eeb9ea6f095d47641e9f9fa30599e8b9c6b4453a1a5e8afd86fcafb46dd095fa4a98a2b26470e2c799b08c6000f5c3c4e28961463724377f37813f3922484fda986eb7c93ae8365baf648acbb344ca7e044d7ba93e7ba35c31085f3f99c5fdb2f9f2845f00b8590395e8ff730b86f5dd7f52297b8ecd5d5a6bb452bcd12b98d6adb27e7ef0e84b9567c66093ca3edab7e64ac4f56360501d81823ea2b1595f934c5f61c8558304c16154109a983a2af8725c7af91b5bc57e555768aa8115236a6ccc921d472b608eb6b82c4ba3747d79027d7856fae5369aa325df6a76138a5b41a94377eeeb251087e0b8510d8890e3f7a0cffaeddb9d2c29bc89f952489f82ee2e2b485cd297e6d30683701623cf73ee9ee606baeae9c3afba287eff57731b9cfaf034b1f56c8b31a32a1078c4fcab298c3f925a8e7cacceb9edf7ba2e54d31033a25462021e4a3c0bf5af341b462ee4417024da7c12c7f385de3af129aef1338a9c1fd68323d07ff47ec8bcca66b44300624d02c9202a2d093c3c85fd922b57b3bd14162c8ca5690734b7e4e4b8980b73a8e9908a9fa3dd508b30e3b1e1fd4ec388affa27c4bc26ca2820e0a902d51ff94984e8894fa5fca7b8704b7600ca6d6b1b1527ea999fcdf8fe3b290ec0036cad222f92cf8a5a54d0fa91de6e74ef61f60a233c9f15fdc86226c3f688de15ed8f0c3f1bc3afcad87cee47a19384afc6a804f197339ebce4aca211dbe0504a000755d18f20c4ecacd4123acdff7653cbb26456499495662508c8186afb883f5481c6bdf88cf137e263bde9d62f054573e0d1454cc119c95d4d9011332bd77682f79debcf5c21f0be7e9a83a58cec34e7cfb17a8122e030669228e4d3d9e274a678c5b77e6180aacc2fa8eb9952c5b04de6b2c7bee591badab96a3c3248c275b5b8faf5394eacc427a840570033be5006c33ce2d2c6e54f08681c3f74ad2fe54bca6dc62a9d84f6c58509c1e5dd5cfcc7a358493d428de48dfc1bc3f74154801c97e6aae38445045320b4cf66c1e56eb6ea2c1218de65f120b463c5cfb9255b3a25eb6e848cbd977f0605d71c561c2a754f5761c31f84101ee8178782cc8cf70b41a2204c5cb2f3134d572327fe4bbc1792249dfcf0ae7ba5d81fb5ae4a7978d044085f3b7f2e398c05733e2bf456cae898f8b5a81e9c79179bb5ca716713fce643dabe21eaee4386e646e25ad3adc5a4ad40f9bd6743f5f742efb1a674ffdbd2ced56c646ae590eb8f10283b47f57e6f96ad76adebecb24df74020b096fdee3c8d780d563a915f73c8b0246b861cd3a8580d5cf75798e8cf1c5875724661a39277e7165fe48ed8d5e6a20d68239f626fe8ea434a4e6e03ea434ec68c4b92a0fc2af15a135d6cbaeeca39a0c1896dab33daac", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x10b}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x2, 0x0)
lseek(r2, 0x0, 0x2)
read$FUSE(r2, &(0x7f0000002140)={0x2020}, 0x2020)

24m57.820555633s ago: executing program 8 (id=729):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

24m56.381096956s ago: executing program 8 (id=734):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x18)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0)

24m54.818122774s ago: executing program 5 (id=742):
io_setup(0x202, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r0)
ioctl$KDSETMODE(r0, 0x4b3a, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="480000000206030000000000000000000500000005000100060000000d000300686173683a6e6574000000000900020073797a310000000005000500020000000500040000000000a3822ee7ae6320e9"], 0x48}}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x38, 0xb, 0x6, 0x801, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x38}}, 0x4800)

24m54.710325405s ago: executing program 5 (id=743):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0)
syz_open_dev$mouse(&(0x7f00000001c0), 0x3, 0x4300)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0xa6)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000840)={0x100, 0x0, &(0x7f0000000680)=[@reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x58, 0x0, &(0x7f0000000280)={@flat=@weak_binder={0x77622a85, 0x1000, 0x1}, @flat=@handle={0x73682a85, 0x1101}, @ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/234, 0xea, 0x1, 0x3f}}, 0x0}}, @acquire_done={0x40106309, 0x3}, @enter_looper, @acquire={0x40046305, 0x3}, @free_buffer={0x40086303, r4}, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000540)={@fda={0x66646185, 0x0, 0x2, 0x40}, @ptr={0x70742a85, 0x1, &(0x7f0000000340)=""/158, 0x9e, 0x1, 0x2d}, @flat=@weak_handle={0x77682a85, 0x100, 0x1}}, &(0x7f0000000400)={0x0, 0x20, 0x48}}}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f00000005c0)={@fd, @fda={0x66646185, 0x8, 0x1, 0x40}, @flat=@weak_binder={0x77622a85, 0x1001}}, &(0x7f0000000640)={0x0, 0x18, 0x38}}}], 0x5c, 0x0, &(0x7f00000007c0)="3091713b7eeaef2207bd75b469cc682ed69e37a3cc1e8e72da8eab94f12bbeda7089c5eaa4d8a80fc470802be5b505249b8c6573c4afde1c91371d9749d9edf097b31b069ff86fd2c10234f1555f482df9958124844f8c245cc99f47"})
fcntl$dupfd(0xffffffffffffffff, 0x2, 0xffffffffffffffff)
mremap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="44000000100003040161", @ANYRES32=0x0, @ANYBLOB, @ANYRES32, @ANYBLOB='\b\x00\n'], 0x44}}, 0x0)

24m54.24635727s ago: executing program 8 (id=744):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setreuid(0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, &(0x7f0000000000)={0x0, 0x0, 0x1, 0x0, 0x3})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

24m54.034985969s ago: executing program 38 (id=744):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setreuid(0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, &(0x7f0000000000)={0x0, 0x0, 0x1, 0x0, 0x3})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

24m53.750693687s ago: executing program 5 (id=749):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x840}, 0x1)

24m52.806522223s ago: executing program 5 (id=754):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(0x0, &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

24m52.496889722s ago: executing program 5 (id=755):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000340)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33cb95d66a1781f31bf07fd2ae874", "62266bd8", "d1b29b99d21d88a2"}, 0x28)
write$binfmt_script(r0, &(0x7f0000000780)={'#! ', './file0'}, 0xb)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]})
msgget$private(0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

24m51.849660276s ago: executing program 5 (id=758):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0)
syz_open_dev$mouse(&(0x7f00000001c0), 0x3, 0x4300)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0xa6)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000840)={0x100, 0x0, &(0x7f0000000680)=[@reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x58, 0x0, &(0x7f0000000280)={@flat=@weak_binder={0x77622a85, 0x1000, 0x1}, @flat=@handle={0x73682a85, 0x1101}, @ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/234, 0xea, 0x1, 0x3f}}, 0x0}}, @acquire_done={0x40106309, 0x3}, @enter_looper, @acquire={0x40046305, 0x3}, @free_buffer={0x40086303, r4}, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000540)={@fda={0x66646185, 0x0, 0x2, 0x40}, @ptr={0x70742a85, 0x1, &(0x7f0000000340)=""/158, 0x9e, 0x1, 0x2d}, @flat=@weak_handle={0x77682a85, 0x100, 0x1}}, &(0x7f0000000400)={0x0, 0x20, 0x48}}}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f00000005c0)={@fd, @fda={0x66646185, 0x8, 0x1, 0x40}, @flat=@weak_binder={0x77622a85, 0x1001}}, &(0x7f0000000640)={0x0, 0x18, 0x38}}}], 0x5c, 0x0, &(0x7f00000007c0)="3091713b7eeaef2207bd75b469cc682ed69e37a3cc1e8e72da8eab94f12bbeda7089c5eaa4d8a80fc470802be5b505249b8c6573c4afde1c91371d9749d9edf097b31b069ff86fd2c10234f1555f482df9958124844f8c245cc99f47"})
fcntl$dupfd(0xffffffffffffffff, 0x2, 0xffffffffffffffff)
mremap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="44000000100003040161", @ANYRES32=0x0, @ANYBLOB, @ANYRES32, @ANYBLOB='\b\x00\n'], 0x44}}, 0x0)

24m51.546239867s ago: executing program 39 (id=758):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0)
syz_open_dev$mouse(&(0x7f00000001c0), 0x3, 0x4300)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0xa6)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000840)={0x100, 0x0, &(0x7f0000000680)=[@reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x58, 0x0, &(0x7f0000000280)={@flat=@weak_binder={0x77622a85, 0x1000, 0x1}, @flat=@handle={0x73682a85, 0x1101}, @ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/234, 0xea, 0x1, 0x3f}}, 0x0}}, @acquire_done={0x40106309, 0x3}, @enter_looper, @acquire={0x40046305, 0x3}, @free_buffer={0x40086303, r4}, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000540)={@fda={0x66646185, 0x0, 0x2, 0x40}, @ptr={0x70742a85, 0x1, &(0x7f0000000340)=""/158, 0x9e, 0x1, 0x2d}, @flat=@weak_handle={0x77682a85, 0x100, 0x1}}, &(0x7f0000000400)={0x0, 0x20, 0x48}}}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f00000005c0)={@fd, @fda={0x66646185, 0x8, 0x1, 0x40}, @flat=@weak_binder={0x77622a85, 0x1001}}, &(0x7f0000000640)={0x0, 0x18, 0x38}}}], 0x5c, 0x0, &(0x7f00000007c0)="3091713b7eeaef2207bd75b469cc682ed69e37a3cc1e8e72da8eab94f12bbeda7089c5eaa4d8a80fc470802be5b505249b8c6573c4afde1c91371d9749d9edf097b31b069ff86fd2c10234f1555f482df9958124844f8c245cc99f47"})
fcntl$dupfd(0xffffffffffffffff, 0x2, 0xffffffffffffffff)
mremap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="44000000100003040161", @ANYRES32=0x0, @ANYBLOB, @ANYRES32, @ANYBLOB='\b\x00\n'], 0x44}}, 0x0)

24m8.04989655s ago: executing program 0 (id=889):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsopen(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xffffffffffffffff)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r4 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
pwrite64(r4, &(0x7f0000000080)='3', 0x1, 0x0)

24m6.977080469s ago: executing program 0 (id=891):
mkdir(0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006840)={0x2020, 0x0, <r1=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="9ab1446569aa24b774753c9e994c09c24df9d42fa5a228e469b44cecf6f9f5ce5f77c93b1895aaac9cf34b37415f11fe22d6fa0162aa743b242e8fe0a8659e32fb543d7969d6513136a9f332a8074f8ee1e445277ddd5859eb5ac3321eb710be880a441031da9b31f791d54fb3c97cd8ee92b00cbf962be8eb5fd0b7cab207645f59cf87a8c41e2739dd8386b6bb84b627cbf5e09bac876ad4b215f0e510a853c5e8b9f7822b26771d72972290a1f9a6f0a46942be0d0eb7aa5145ff368863b14e9845926088f9f92d554e572926290dc6e6b574aea8c500fbe5697f881c0cec48282c6d07619248da0c3b9aa6f7c778525d1760051e4ba8ef31d3c8d3e1d4214ffa5261ce1fdbc12eba889968137f5c06fea233000296cf18df494b4e7b1bee7dc2f3751c37415d46f6d7ffb3d0f788f2100ee41266e6fba75b61af22e1d7b286507ff100cc34ed28d5a2c8be3231446874bbbde6f3c367ca802d64192ffcce1ea41b2cbc57f7500fc4f8f12fe02690c1c9785bbc35542b59d05600783cf4f4633b374101d8ed395303392b238d198f9f68c8ae928cbf3b558deec6d38ebaa526e749ac4e47dd5b838ec34f2820a1134252ae60159d4e030cf5e5d6f8de799a31e12ae57cfe5a1a3ded525c6e71271271d35a0056265362387a361f21ea0f4b6d46f6a83a8512687e43b31e11b1396d6e9e49cf42b693732e226b55d21a1203022f6be9f8ecccb68de3bf4ce99689514bd752f4e60bd2f8e376d7fae5b5fc8db0f53db8c52746671e361b9319419c1b3f3168b4797ebd2d118ee42dda4bc59dd0251236195c8cdafc0546354eeb28f4c7e71e8245a6ccaddfb858f61039c0ccf5acd924680aab38dd061fc7b123f24ac7f3d3c0cee43b61045bb1efea25af86088a0591f166e2f11ea4089860893b17ca5e3d99ec75131268e2e4e290c2bf15e4dde23284e4bdf6e549c096ce221d9c8a6c0fc78aa6a1c8b547c0e10738de2a1e8663e03ab0ce4594e244989f75b6672de1eee97ba7e6467a0da51c0e75d5866c405b03c4744d8d3fbb01eddba5a0361662269154c2f0e61a9433982eb904ff562896cbfa692eb1e6c644fcf6cbc103a76b712af706a47608d3e2f5d54d47d8e9906ab37ddf04004d32ce00200fc3c274666aeb618b27424d87b6a4b0262de4436b9e6f150bc798394c298b25a2c318fbe786185464057c0bcfcd1917230d78ee1a49eca12068fa676852c1099096c6cb98dfda27fedac41826516e42cc116f0cbb68f0f810418258dc5a65c0e1ada296176e17f8d762894c80542a79383cc1674a4f3d6520633ce80baba214c20628899f9ac826484c887713aed9c5caf13b40a598cb1e81f7b18dae39efc22dc99ff497e11f158edc2716ebe3bcd593691aa26523efc168e1394ab439c9a9270575ef34eeee9084b0a31b2d81d47c964ac61e600f75d9321d7474dde45bb8d0cc46510488ab68486d3ba6cc9c3ddb6f66f2e5d251ee285121e1645a2f5167fc5fb8ac4491c0d9d0423c7a8452efea2f5a30096a0fa47173f3a68500a5c755ea939c838d3be126a87ff6baa5a1fba638a5c64767d17f04201b935fcb1cb6afa175594f410f2ff773194c703e623876051e46bb0850a5016e65f8fa34b96bafdfe851a0756fe26fb63d52113c0935b0867f7dc8a94d887484b15e8f92b6a316a22c04a985cc94e432cd43f44001bcdbd48efcd463c402d3d181298e96db60fdb714b82e146567af5ae3fc0c3f9d241471b4d129f928d286f780facb1e84434610ab3379dfff0f64d57b4a1c2e96c98b693de952d26773d24e7a95eddbc450f79932d5332d27991c7bfbd3bc35bfeb9496fbebccb5e4c35c368e021dea643cb292d794d3d3bbcc960f989bef09763dc73d83cbf907485635265e81f87b712d958a66719230fc6466615a0e3bb998d48159e9e9c51959354a545966bcffa298c7673b4d32b991c886a997236642c0f104f6795feab9f48d0ffc74667f3f3e82473ac892ad25f4b13029b0b27fb1d86991ddc42bbc3fe584ed364e769f3bc72ed8749e7a654ec1a2ec7a01bd2d5caccdc6241a1b1ef2726db54d2c34ab47020b4c729b5994b43deb00ad959950e0051d2c0f27217397055e78f1dd3bd867a45e06c2134ae8981021aae881cc7b2049fe7c82d2127ec81d6430c8116355c8d0ab8b9291c688ed9b8dbb1ed6f1a99bb58a1be8d5737acbf9461b142c8982f52481195d35ef82aed4fa52385ea4ed00a739d01cad7af9f7c27d357748e24f28d22065ccb37300e8f5d8dae5ca79af7a50edc3e05184d1a2a6d59784d5ceeb1f1550a44ea03bee4dc5c27eb78f0032593c7d082e59211f83a8b91aa78bfb7e959328ee63af26a37b79ce5e5139eeebd12e28b2a26ad2fcbdca652524d036b324782d54247a48b9f8200b2d6d2c091c41366d677e3be6e136cec6c3080d608849135c6e3c7d695d2e226ae1ce999d730d7f79116ab85762e55a3e5a66a690ce0a4bb4fd1560c796e2797414b544ef78e29d55e4853fdbf3362085a65c46105f32c360a0a9867b984a5d0297fe0b06a45684ac801a8e66294cef6e5f3c48648884fbb2422fa00488df33a9a0ff1039c81f1939f2cd2f5fe8aa805af2d2332ac37244ed4a7b50265af8062752b0c16511e5f25e8aa2b60645675bc826557bb75474ca4787f6b584b2f83bc25192579104aa0baae79f396df0d31121f90db9acea9695ee0fe0c22df4db503ec8b2437b05f5d35a65722fa82eebd2aff4bcd3316a5cffc4b31913fd02f82130c77f320bf04bf8fa873d0e3f62122d6a5f87d3e908bedafed4a3cb6d9f73ff546f5a2b74a2493b1753e89b682352bb3166563518dcb190c7b3d9fd667c57978a670b192641a674dc92c2401d067b6767aa632ce32a401175c98200a52ab5d80dffa719746d0bff8a84bac4a56e0ab8124fc332b64ea662d01e1b73231a6638f01cf4d699448da228c16951149c8d3dab9a7e3be9a16c7d1ffb061818f8f9cb2b42739fae4a0d70c0701c8dceee785d36ef6413162de1917df01c693ef3e1f517e7fc46245209fee52f5c6a2f50ab3f56d67d1cd987282b24071d8ebb1bc5cd635957b2a7ad92d0650abd5bbc24b75885b6119592a3d715392718e52f9124c4ac95be3582abba4ac3a4049ee49fa8ceb9b59d4e1e2a069c9d482879fd8d27d5ac22ef870542453be22c2ec4ebf1472c19fbfb56aa0a3671297b020e3fe49d201a82a04420e90bda43691dacf92347bcbcae3742cc4abad4c8010c0afa15278795d4d76c482461ae78f30569e1dcf87b9b150d07a2bd81676ec6022422d490759ae1e861a6c4cd1f733bd772d60975a59356c385a4a390429f3d2131e7f616015261df6db3cc3ec261a53be10c4f197e71878984fee00e6d1069f79825194b7af434fb6bb86db18e11977f82928be35054543060cea94ebb4015d061f20f8454e056e7b6e4f9a1621ef2377d77659c20bf358c817519f1801be15ae3b5b42adfab367777a6789635a0dcdd1f2b97edecea0210768af67601d1b95a8850dddb6b1f4b0c2f52c835b0833d81966ad19e49ceb9dc9c729cd8334bc3ee5bb8c74186f5cc3e765b9fdd91d79baaab3d2ab64c15d655d1af7de9cf8d5d7c1baef24577843ce142331743b45b06104b6d0d4392e61ca8c07507ff5f831bbf720854db4debf64182aaebf899ba57626a48748fc2dcf016013d575595d24d383eef2da0ff0c9f6fe9c64b186cd4617e3f37635d7dacb58ec297f3ddb48ce4a5e00cc127267e18a1fdf209e098f2cb2e9c0630d15ec9b867b2b95ecf82ad2c0ba39df9c4d36d492bc9a55c4b767da966e4fd7f4d2fef5e91d0575177c05d240b50757031c76333d43bcc828ab2f0376e29d12d1261ce104a8ea488091326bc451c120c8c04d3e64835c893f55b312e248ad8fc1c32429d68e6b67bf45ab8a1cc3db22f9f01a2266b8349046d3d3e081eaa7f7020c73c0762d11a33b517b8f081da3c61ef63e1d40cd87d69c7ac7491fb61bb57c1fe2d218aff6d39b3e1fc847f0ed894e2f0b4d6a4ad03ba42e28bb1dfab645081f548e64ceb8ce15d2214bd66a14fe594aa447c3537eb493299fef0f9326236ea5dae44e23b34801fe06ee16c79545feaf2528421d6e7f9a256a7914d86bd053dc33c8c2043ba73714f5ff5f0507097a56c40b2190e77877d43be849ee2ac129e582930ced06d359eebb49eda4edb13819f91cecc449c9613d9659906179f8fefa34fecb7d21cdaf09a1ce8d094421da80796c97c02fc56171aaba53fd8a7f55de059044717df164f3571028f16995d51fc8829534cdf58dd134def1e43a34e4f5f372fa8e19d3b85881e99ecd45faa4fccfdb47e094ab06955f3960fac71294dd965f24a97cff36b9966cf1a4c3e96c3e14a3951dcc8a3e9371f7e1ae9df77ddb1a99172174adbee8ea57a0c9872a6d677c2875da88a6a7234bebf68a3cc0532a9809a4de4b4d419bff67b0ba825a7ae6e999087155378357ae67e2dd98697f1d10ffa4497dde6582571670456db995228b97d0ecb2fb30c2ba6c16038c40059815c56b35666cc1c5090f6c38e0f4c12abf79919951b85a2734d32dd12b239912d541f9163387a4aa0be0b7a12d9c6b56dbcf1e9aadcfd72e2664a84d6c5147c72bffe7c3560ccd8c447b748dcd26cc9ca2a85cded742a8dccdfd8e78c96e78d405a19faab9e57183b37583f94b3d416b2920c6b746427ed75c08dc3be02720c1edc4743229153c48f1239b222b9fe2e21c0ae28122bc44f9dc78a59f3485ac8057eb21f0857bcfea2d9ebbbcc197e7880d81515bb1cb7192d97c4258c09926d137e245977db40812b253f99a504bb68137d8d73ca4e7c808d50f1dcc600e6a6db90238ff44e075932fe668c066e6988a6a8b4a8485120c8e4d6511268a75d8f9b0f06689aac8cd621e90c62af1e59aa9efe928e9ea098661b408a2825c4f9aac1efd9d54d163a651054b9ab32719d2be3b176f6795ddad0f1310b9237181689f2f9dd34a41d4d4cd2d7569bf56e6a80bc24d90df3bdde0f9649e699f4ef70c4f3faf9553a231215416bba26c29f17861e0f265e9641b2307ed43d6fde23a378669f4ade874e54c20a5e902205dcaa79a3e8584a3f78a86e703451115a1717df882507c607297afac0a056a0f3509a57502fd2ffff6035d04b91f72f5e1a69ddafaf80f7b2f7a13f38c683988436585e6bc7fc2da328449675c234ec0acf5294ce06c72442beba15e65d6a3e1b5dc3c8f115e1005798383f79b0194f6b7d4b1b32371acbf22340af6e5ee3ea840f7ed451226daef3041fc194e051af2fb450022b394c774273b9575c974c324ecd7268435176ee28c54bb54c8e829232ca636f3bdef60ed460b5ff425936626dd16a3f436f08a863582a79f393378f60f6c8ecdd13d83073bfda2e9f8d0c74a841021cbb8c148e70bfc585627449cdd9fb3045db3ea08a96108b52ee8a4f5048a5d910355789f4bb85c1362955e267e719581c38a2648eaa0b516db6277d2ee3c6e1e1090df3f53a31b747d99887e337dadddab16a297d9e56797007a3d18ce333311c70bb1bf45bdae517ffc589419af643773bb30a1fbff7ecd4a8ae7456a608fe73547c2eda4f070d57dc70b65d867526c946a435ea581497da18646ce569eaf6ccf3474cd6e7aa3d6d4732836ff4167c9153757ce58a34864be6d479f7b4ea1d6480b9ac16c5bff346a74e74133234744df867e16b3d2f1f7db4b21b89019b520917ef863e60f52999d6946b9e09cb60054f49d8a255f02e4b62fff6e6adb9a167ea70a177d00b26f56e29b63138a2ebc30b956161a4ab25d5da1c207c3f762714f651341ae771e17d84fa1c86685f2fcb0a128c2e1208d1930e7ff0d8d55299154112af574b881be8b69cc1721d548ad4dc02632e184c47f9b394bf4a834e60fbead8c8bfbf5087f8454513b0b086ac97bbbb9aa342af9def758fe88f1e4570e65f93fd4a9868665d08fac0cf6ebde786995c433504ca01cdf83311aaae20cc76f819a4344a8ee4e26c1094cb00d2c8a67c733fffcd89e97534cacb08a64d75e8594fa31f0dcfcafb0d1bc184c7067fec6a48ddefd580d4d9a4128d8f70f6fc6562da683904766e982ecd0286064db6844131bb7962a0a497f7b97fefad88a0b128bdf8cca774b1c32cb4af259bfebccda036e7e4ea8962838dbb5c04ffab0a2f1481848a27f06171645daf5246a2e563f3ed60097a9d7023d6ba5c8a58d39f733b12baf0863d82c427460f51cf9e3f77281a42221725b7bb75c2116ab31f704661f090d3eeddd2aa6efc619946b4933c398b635fd04ba3758294965c568997e1ef44b0562804e6c64558f6cfa87662a988c321a856ead51c848528a4954f9ff1948d517d67bc11db66801648848bfb7ee12296428bc3ffec863e9c77ff31ee386197679adab2a0e93bbe0c66ffe9c4b09b636f6216faa373aa8271678cc57ad46898222df7e2d8b14a5b70130596c0430997c4c04d9b5187fd9bb26b71fd19aacc8e08a3239f0eebca7b2873062a19f327a4a282012ebf9898a5ab6310b8623c864d4dada3ded00ad201ce8f3973f90396f5edc1ba466e16247fe6b0ee98acfd53792cc0fea33647b841596655b8d9efbc14b50fe0b588e4c41e2cbd0a700529e7ca91122d3d1b26e52bf44a0c9fe37cdbc352357f13b2adc68e78a00f6dc88a8e6ea54bd0b2c8276f9e1bfebc8655a1f47b72c25ffa97f4463630cc21428ca3bb381a6d3171d28bb946f746f820247bf3f7bb69caaeb5c47026ca9997e586e657a9e1569312bb443299ef4cfeacc9aaf4fc3aaa4a77a21579234d2aab6fd0234398ae07ca7c57ac6d6a51e025744b1430abce27f7f9b0d0e45c051e34d20db95cadcc0e4e327dbd979166b33e39a3951d0b8dd62c0d1542b69583cfc07b127243cac4b052cb29ccb3592972698fa4cd84633d222d78b8741d5f903f8636d95cddfe2ef13829df9ce32705edfda51ded2f0ef38f60a33a2e00373107eef56a01acb5e05d849279b5987343c8bbc73ea660ceaf7c9b90c0a8e1412ff3f517cef8fe604d7a26e085170a76e1bf43f5d1bb77ee771fe841d59fe2cc2874d25bf991b4af6bf9ffe1bfbf3a5587006b60bab5bdfd5a3192e82d474ecab0ab656967856c84cba9469c5823c1d1bf104d2a21c071bb08b2a137883dd9c8f545d6958db8efa45263ae303de76e70f2f6a10e1858e6654004f2a099dc31950ee730c465e0a1822935e309d41650fba489aa3050eedbf3f058d24d1f04fc340966e42d72052d84a66789ccf75000c3fc83b8842badd6b22ddaaaf53ed34e25c1b638e3630d66a7903405052902cf8e7395d54679e2f4a2bf7c8c89b0dc38969376ea164fe97b37b1172e6e8f05a929aa373108e891a64e38e18b432a115a44d754811e03c4f4ae7c525a6b9b92aab0d16967ee1a64eeeb2207c094f6aa96f126d058eff22435a4ae76c31f888ee13b327d2cab4ab5a56abf4cae88c583dd67129271708aa17f4f10886ead0e12734314bd4a49e64349beba4abdf94a1fb23a72cf7e16b5af2f1706d9646a5ff7dbf5c7b1cb2c3781346167b15d4625841d9f3d14392db1d39101d37175c42c522229db0708544058d75cebf3e399cd443d1b943c6f3017a898bd49836a8d92519deb810712aed76602682ef0df2be270734eeda7f289a76f4684baf75702a1ac3da005e62b83f794b934cf882db5d50e5ed4aca868e300d690c0b10daf0a47486e9f49d1b08eac6cf5090ddd2443b1459b2df86ab3447b2b5c6afe8aadb410de6a84b640e326eb882832d1a9cb12e0b8f13aef579f404af8631cdd5a30a031dad19cdf247575dd223229330f19fe4d88c51242217397acf66b86c743de283d5df7212fce59af17eb702eccab192f56f054a33709d41841e4a39638e02b4210559593f9b5c44fd22d9da637ef1a3a0a41c40469990dc4beec30a05b67931c0560d9a59fa875f3e26fd1eb32655aa30c7a1cd3d541716fdaacdda206328f3cbc8f16fc2be26690f18963a16febbaf2cb6c199330579ca067c60b54cbdd211c1350e066448fb50ae28ed58788ac98f0ded3414c8735ab90639916e26ab29102cc2609035e56d9b9d2dbc98118835bcf0e437c77052efe2293d9f19b7197aa1b94b10997b0b1efdef251de8945a97fec885f032c3bee2447335230b866d7aef515b04664d0c59e18233f9a229969e3e17d69716413ca3bc55f5959e340627ea803f7b26f4a74295b295344a3685287093998a1ce75b1ed5d730c9aec812617b4c200a0250c9ef8ef7d2fcfc59ef97422eca746bc6451a5b77307d14c1cfa0ea2c8eb7cf7819644577a6456efec0af058a0e3c8ec371019009462bfe174a11368b57fbe3090208a57b2236b97edc32cda5c6fc988cbaaf91c4020a06a7ad45519eaa761e045fc84d3219b287206282347a031ef1e7b7dbc67de738fa8f9fe71c44201fd1d548f8aebe93bf502d64d4b5f470a419e3fcd87f0616b9813048311ed20ac2efd7f18dcd6889542208b50c28c8c0700f73fa33a964e38d699819cab2098c6ff081266721cdced87ff41948c84037485f30d38a99eeeb3ff4c3049742a29eb09bb35c358e732546267c165a62fee9e25abdafdb8a48785bd432d160797e7a41d580f59d7d8e59b3e6b954d39f86db33b8f7cabde43e8e04cac1fcf9aa6fdbe4326e0d9c782d9a630055b36f85c2b8efebf18f42ef14ee5eb1d33ca322db69704f8bb90bf30eb05908b8d8ed169580923f53a6539cc3b55baa47718053d2ff103c23d90f9cb49ddc7d759950f605bafabcb7953c042c0523b84da994529a87ad68fc6f0709fd7af5fc20e53a17d3f5fd4d25fc5ff6598c6ddfc34668a08ee5e066d81a65e7979c50c08febf76dc5a3a405f551bb8449d94ea0dfdad6dd6dd6d6e4486f4ae1d2523c05f46198d8af4da12873ebdf7d6b5f2d0f1b2d29759ab0d78e34ae6f17b7ab83518cf8b18836ea5630ee934e5ecc123f0d3fe6b803ae1f735d65dcadcaaf6660e02ecad0290f6ead0594733a10b2b1654a44244424fa8b3180b551ac401828203e61603b017106e2256f01b9f26db33897167d9defb54ddfe49334150574493895370bad46cc658667aa9a8ed333c86f112b2a542936af92e2f933254b6fb0b1a599eec3bf2e476ae6714e2486dd31b29e4d26838d84bd7a62c62beab3ba71642278ecaf2e50d70670d9fdff105019791d36321bc57fdfd8f65f2ea1cb188035ecabf6140e777b7e6d2177ac29e9a1a2f87dd54d96184bb1a855bd9efdadfc606f13621f40e07cd8be9c2435c8c90b4ccba5eb7ddcf8cf1f76617c9a9e011abf4a63ffe31df63ecacb8b1d2d653e613cb399ce079392f9ca2e226c60b6e8103447c24c1f80d42e1ee747997602ae3ccff8f9f98ce9b56f6f3e3c0ba507df8b2169539cfc946c42da72644feb9b3b582ce332f8b2eda02192958194903d17b3e9b4bd60d08cd9a7989d946ece6d8dc01d6b66a7851bb11e4b075d38081d3ce7bf1875fec9daf47a589abdb72763c9747b83a28389238b0279c8e41db6521130420851acac463664a97be2190aff921923475f2c1f8a87d1169229e5f10dd0a92221e61358b156020f2c9ca2cb6580743a8d5e3c59e6fd97a7a246211450c7c62f1891cedb434102f8794d81c1caf2c1b4ae18b7c4b9c88de5c51da33e3343cef76da0d00341c2e60c4562c162e41a7efa8290cc9061f3d6a592d5f104c5018f31bcaf912bdd37370fbf8fedf0aa9026c1142299197d67ab026756927b5864ea42c45a82c23c275697d31a1b7900670c9a3c967d12974543c11f20c367a336bea9b9ebe480f9c806528138dff35c5f56b1199b75748e9c5cf50e6a32397dc3eeb04c3636c0848a5e13df8a9758bacea231f34cba13b466360b0dec69f74f8bf9a2dcf3dd94fa3a7d27e8caae00240559d75875ef9c619416593ca0072e7f38caae5a530c62dbe00e38c12cb8b924d63fca4d5c3a4c8f50e8f4f86fc1fe2b163219c46c21eb783e587e18e07ab7e1927a646c4f154c5000cb65ce9528457c3c66f43d9ab7d61580df0ecfb31cb38e4cbcdc3dafcca57311abec6b74048c8b74505ba678a4db07ed7243c70a821aee66a487bf91fd273418f8ef657d1eeb9ea6f095d47641e9f9fa30599e8b9c6b4453a1a5e8afd86fcafb46dd095fa4a98a2b26470e2c799b08c6000f5c3c4e28961463724377f37813f3922484fda986eb7c93ae8365baf648acbb344ca7e044d7ba93e7ba35c31085f3f99c5fdb2f9f2845f00b8590395e8ff730b86f5dd7f52297b8ecd5d5a6bb452bcd12b98d6adb27e7ef0e84b9567c66093ca3edab7e64ac4f56360501d81823ea2b1595f934c5f61c8558304c16154109a983a2af8725c7af91b5bc57e555768aa8115236a6ccc921d472b608eb6b82c4ba3747d79027d7856fae5369aa325df6a76138a5b41a94377eeeb251087e0b8510d8890e3f7a0cffaeddb9d2c29bc89f952489f82ee2e2b485cd297e6d30683701623cf73ee9ee606baeae9c3afba287eff57731b9cfaf034b1f56c8b31a32a1078c4fcab298c3f925a8e7cacceb9edf7ba2e54d31033a25462021e4a3c0bf5af341b462ee4417024da7c12c7f385de3af129aef1338a9c1fd68323d07ff47ec8bcca66b44300624d02c9202a2d093c3c85fd922b57b3bd14162c8ca5690734b7e4e4b8980b73a8e9908a9fa3dd508b30e3b1e1fd4ec388affa27c4bc26ca2820e0a902d51ff94984e8894fa5fca7b8704b7600ca6d6b1b1527ea999fcdf8fe3b290ec0036cad222f92cf8a5a54d0fa91de6e74ef61f60a233c9f15fdc86226c3f688de15ed8f0c3f1bc3afcad87cee47a19384afc6a804f197339ebce4aca211dbe0504a000755d18f20c4ecacd4123acdff7653cbb26456499495662508c8186afb883f5481c6bdf88cf137e263bde9d62f054573e0d1454cc119c95d4d9011332bd77682f79debcf5c21f0be7e9a83a58cec34e7cfb17a8122e030669228e4d3d9e274a678c5b77e6180aacc2fa8eb9952c5b04de6b2c7bee591badab96a3c3248c275b5b8faf5394eacc427a840570033be5006c33ce2d2c6e54f08681c3f74ad2fe54bca6dc62a9d84f6c58509c1e5dd5cfcc7a358493d428de48dfc1bc3f74154801c97e6aae38445045320b4cf66c1e56eb6ea2c1218de65f120b463c5cfb9255b3a25eb6e848cbd977f0605d71c561c2a754f5761c31f84101ee8178782cc8cf70b41a2204c5cb2f3134d572327fe4bbc1792249dfcf0ae7ba5d81fb5ae4a7978d044085f3b7f2e398c05733e2bf456cae898f8b5a81e9c79179bb5ca716713fce643dabe21eaee4386e646e25ad3adc5a4ad40f9bd6743f5f742efb1a674ffdbd2ced56c646ae590eb8f10283b47f57e6f96ad76adebecb24df74020b096fdee3c8d780d563a915f73c8b0246b861cd3a8580d5cf75798e8cf1c5875724661a39277e7165fe48ed8d5e6a20d68239f626fe8ea434a4e6e03ea434ec68c4b92a0fc2af15a135d6cbaeeca39a0c1896dab33daac", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x10b}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x2, 0x0)
lseek(r2, 0x0, 0x2)

24m6.839160832s ago: executing program 0 (id=892):
io_setup(0x202, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETMODE(r0, 0x4b3a, 0x1)

24m6.777689505s ago: executing program 0 (id=894):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r6, 0x2000)
ioctl$KVM_PRE_FAULT_MEMORY(r4, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})

24m3.336797046s ago: executing program 0 (id=902):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00"/13], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x2)
close_range(r2, 0xffffffffffffffff, 0x0)

24m3.168702992s ago: executing program 0 (id=905):
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000206010200000000000000000500000005000100060000000d000300686173683a6e6574000000000900020073797a31000000000c00078008000640000000400500050002000000050004"], 0x54}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00\n'], 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0)

23m46.762703075s ago: executing program 40 (id=905):
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000206010200000000000000000500000005000100060000000d000300686173683a6e6574000000000900020073797a31000000000c00078008000640000000400500050002000000050004"], 0x54}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00\n'], 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0)

20m10.581492475s ago: executing program 6 (id=1549):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000001c0)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x28, 0x0, 0x0, 0x6ebf}, {0x6}]}, 0x10)
sendmmsg$unix(r0, &(0x7f00000000c0), 0x3f, 0x0)
r2 = msgget$private(0x0, 0x0)
msgctl$IPC_SET(r2, 0x1, &(0x7f0000258f88)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xfffffffffffffffe})
msgsnd(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="0300"], 0x0, 0x0)
msgctl$IPC_SET(r2, 0x1, &(0x7f0000000000)={{0x1, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0x800200000000000, 0x7, 0x2, 0xc1, 0xffffffffffffffff, 0x0, 0x0, 0xfffd})
syz_genetlink_get_family_id$l2tp(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000000)={0x3, 'netpci0\x00', {0x3}, 0x2})

20m9.398825861s ago: executing program 6 (id=1556):
io_setup(0x2278, &(0x7f0000000180)=<r0=>0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={0xffffffffffffffff, 0x0, &(0x7f00000005c0)=""/155}, 0x20)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, 0x0, 0x0)
io_submit(r0, 0x1, &(0x7f0000000140)=[&(0x7f00000001c0)={0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x0, 0x0, 0x2}])
syz_clone(0x203c63c0, 0x0, 0x0, 0x0, 0x0, 0x0)

20m6.903075187s ago: executing program 6 (id=1565):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
setresuid(0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61122400000000006113340000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000560300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c785fb77dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25f40c87bf25b750bbaa"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r5, 0x84, 0x13, &(0x7f0000000180)=0x4, 0x4)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r6, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10)

20m5.535619244s ago: executing program 6 (id=1570):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="120100002eab5a40401c3405cc6d010203010902120001000000000904"], 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x45110, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/udp\x00')
read$FUSE(r1, &(0x7f0000004180)={0x2020, 0x0, 0x0, 0x0, <r2=>0x0}, 0x2020)
mount$tmpfs(0x0, &(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000300)={[{@gid={'gid', 0x3d, r2}}]})
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
read$FUSE(r3, &(0x7f0000002140)={0x2020}, 0x2100)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r4, 0xc0106407, &(0x7f0000000140)={0x1, 0x1, 0xffffffff})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x34, &(0x7f00000001c0)={0x40, 0x16, 0x4, "90b7a71b"}, 0x0, 0x0, 0x0, 0x0, 0x0})

20m1.578860747s ago: executing program 6 (id=1583):
r0 = landlock_create_ruleset(&(0x7f0000000200)={0x41, 0x1}, 0x18, 0x0)
r1 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x3, 0x3}, 0x18, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r0, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000040)={0x969c, 0x3}, 0x18, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r0, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x2, 0x3}, 0x18, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
sendmmsg$inet_sctp(r4, &(0x7f0000004900)=[{&(0x7f00000000c0)=@in={0x2, 0x4e22, @local}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000100)="f4", 0x1}], 0x1, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000008400000007000000ac1414bb00000000180000000000000084000000070000000a0101020000000018000000000000008400000007000000ac"], 0x48}], 0x1, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
landlock_restrict_self(r0, 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000040)={0x4, 0x207, 0x1f7a, 0x9}, 0x10)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, &(0x7f0000000100)={0x0, 0x1000, 0x9999}, 0x8)
sendmmsg$inet6(r5, &(0x7f0000001fc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}, {{&(0x7f0000000100)={0xa, 0x4e22, 0x2, @local, 0x7fffffff}, 0x1c, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="a8fc6ce2da44d1b4065e102fc8827c1f6a56b47f04193fed9c80b61a631d7f950f1395d18f25f5ec4bd526b59eae28d75d3400206191f80d68fa50164e025a5fc0da2895b5738d50a9ab22354225a2c8d1c9432b8c7017ed77fb898743677d1159aa09c0ae371ac2a39a90206d984bbe01966d3b8fa0beded80730ec03254e41575d5d1f56bcfcfad72dacf14fd716e5b4e1816e8ef5d7"], 0x110}}], 0x2, 0x0)

19m58.126558433s ago: executing program 6 (id=1591):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setresuid(0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61122400000000006113340000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000560300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c785fb77dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25f40c87bf25b750bbaa"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r5, 0x84, 0x13, &(0x7f0000000180)=0x4, 0x4)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r6, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10)

19m56.932713795s ago: executing program 41 (id=1591):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setresuid(0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61122400000000006113340000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000560300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c785fb77dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25f40c87bf25b750bbaa"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r5, 0x84, 0x13, &(0x7f0000000180)=0x4, 0x4)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r6, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10)

12.783189682s ago: executing program 9 (id=5382):
r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="40010400000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000180)=ANY=[@ANYBLOB="00141a00000028e1042406"], 0x0, 0x0, 0x0, 0x0})
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
syz_usb_connect$cdc_ecm(0x1, 0x169, &(0x7f00000004c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x157, 0x1, 0x1, 0x8, 0x10, 0xc1, [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x2, 0x6, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x0, "c633c5fe"}, {0x5, 0x24, 0x0, 0x3c}, {0xd, 0x24, 0xf, 0x1, 0x17, 0x6, 0x4, 0x1}, [@obex={0x5, 0x24, 0x15, 0x4}, @acm={0x4, 0x24, 0x2, 0x4}, @country_functional={0xc, 0x24, 0x7, 0x8, 0x5, [0x1, 0x7, 0x2]}, @mbim_extended={0x8, 0x24, 0x1c, 0x0, 0x4, 0x8}, @mdlm={0x15, 0x24, 0x12, 0xf}, @mdlm_detail={0xdd, 0x24, 0x13, 0x4, "d364f7cbff6aa443b345acbbd01a9847ade3558aeebc8209bc276a9793670144b2c9fcbb08c4fd0c77f69fb201dfdef1847abebdf737b9fdad1e68d38b035219c8b20c9a0ba30424b836a264138c365178ef94a7c4508641ee93427ea29b33afd8c145c0eca69955ad41b8c53548a0e925ee10748cb47d4c8e99407f808babf145b94564e27493f3b4101b68de9b1c1c11068f02590472d86902425e2a38b1a37624a1de21ea4dd94c94b96ac92bbdbf8a18c2bd060e8b1addb43992049cf2dd92c5616b2ee720e5cf818887264ba49d890aaaf82303e1c2fa"}]}, {[{{0x9, 0x5, 0x81, 0x3, 0xe8d615c96d86cfd0, 0x9d, 0x29, 0xff}}], {{0x9, 0x5, 0x82, 0x2, 0x20, 0x6, 0x8, 0x40}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xf8, 0x8, 0xfe}}}}}]}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x300, 0x7, 0x76, 0x1, 0x20}, 0x11, &(0x7f0000000140)={0x5, 0xf, 0x11, 0x1, [@ssp_cap={0xc, 0x10, 0xa, 0x0, 0x0, 0x7, 0x0, 0x1}]}, 0x2, [{0x83, &(0x7f0000000280)=@string={0x83, 0x3, "dedb7ad3f9d7a99dab3f7173819590265caf5c442309d2fc02117c4e0362e7644bda65ca3265c210ee8855f74df0ad06310651d83b0433f6faca3a6d6a8ac31bd8972269c0a2a957d1e03f50cdf701fbb77abd3ac448f4e781ce37129eab885b81e501a85cee61c4aeb78acdb963b6b4bbca72091822a6233e81f07dc7d945b0a6"}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x429}}]})
syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
syz_open_dev$sndpcmc(0x0, 0x0, 0xa340658bc40d4f52)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
socket$inet_udp(0x2, 0x2, 0x0)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x40605346, &(0x7f00000000c0)={0x0, 0x0, {0x0, 0x1, 0x0, 0x0, 0x3}, 0x3})
r7 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r7, 0xc0045516, &(0x7f0000000000)=0xffb)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r7, &(0x7f0000000200)={0x1000000d})
ioctl$FS_IOC_SETFLAGS(r1, 0x40186f40, &(0x7f0000000440)=0x1f)

11.945191073s ago: executing program 3 (id=5385):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000012c0)=ANY=[@ANYBLOB="10000000040000000400000002"], 0x48)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001100)='fdinfo/4\x00')
pread64(r0, &(0x7f0000000340)=""/28, 0x1c, 0x4)
memfd_create(&(0x7f0000000500)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\a\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F', 0x0)
r1 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="280000000306010100000000000000000200000905000100070000000900020073797a31000000006164883fcb00b3a72b5319f65884d7366ace8337ec550a7e404585fdc2c2b92d5de9f1d12415e62d0479d318037011c7e481d163cd10cf72da150a79c0b15bbe903846a5ebffbfca664345ffa20716529c55fe3629d8204a56781793cee0ffb3db4d55c367db487d1c1c6b4662ec50faa262039f54787602b2a0217a28da524d7b9a47f307fe3bfe73aede30af07f4cf6a77753e179053f2f814f637cb882f4171674e49db18f77ddc26a5ad8814c43c6e70d7e94baa102a014e793f918cb8bac02f0e60ef9f8552"], 0x28}, 0x1, 0x0, 0x0, 0x8055}, 0x2000040)
pipe2(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x4800)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
socket$kcm(0x10, 0x2, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_open_dev$vim2m(&(0x7f0000000240), 0x6, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r7, 0x40045612, &(0x7f0000000100)=0x1)
ppoll(&(0x7f00000000c0)=[{r2, 0x1007}], 0x1, 0x0, 0x0, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES8=r1, @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
epoll_create1(0x80000)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0)

9.964630693s ago: executing program 3 (id=5388):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r1, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r2, @ANYRES16=r1, @ANYRESHEX=r1], 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) (async)
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb08004500001c000000000001907864010300ac14472a456577f414aa0d00"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r5, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xef0}) (async)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4138ae84, &(0x7f0000000080)=@x86={0x6, 0xa, 0x7, 0x0, 0x3, 0x8d, 0xce, 0x1c, 0x89, 0xa0, 0x7, 0x8, 0x0, 0x8000, 0xb, 0x2, 0x8, 0x2, 0x1, '\x00', 0x9, 0x3fb}) (async)
close_range(r3, 0xffffffffffffffff, 0x0) (async)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'}) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
r8 = syz_usb_connect(0x0, 0x24, &(0x7f0000004200)={{0x12, 0x1, 0x0, 0xe2, 0x79, 0x3b, 0x10, 0x5d1, 0x2001, 0x900, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x4d, 0x2f, 0x9c}}]}}]}}, 0x0)
syz_usb_control_io(r8, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r8, 0x0, 0x0) (async)
syz_usb_control_io$hid(r8, 0x0, &(0x7f0000000a00)={0x2c, &(0x7f0000000840)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r8, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000240)={0x0, 0x16, 0x4, "0314c3c2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) (async)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r9, 0x400454da, &(0x7f0000000140)={'bond0\x00'}) (async)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000100)={'nicvf0\x00', 0x1432}) (async)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r1, 0x0, &(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8}) (async)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r10, 0xffffffffffffffff, 0x0)

9.710145216s ago: executing program 3 (id=5393):
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000780)={0x0, 0xf0, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x33, 0x1, 0x70bd2b, 0x25dbdbfe, {0x4}, [@typed={0x8, 0x4, 0x0, 0x0, @u32=0x2}, @typed={0x8, 0x5, 0x0, 0x0, @uid}]}, 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x4000000)
sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x20000850)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x9)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r5, 0x8982, &(0x7f0000000080)={0x6, 'veth1\x00', {0x6}, 0x6})
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, r4, 0x1, 0x9, 0x800000, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xa}]}]}, 0x30}}, 0x34020840)

9.596319989s ago: executing program 9 (id=5394):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xffffffffffffffff)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
kcmp(r2, r2, 0x2, r4, r3)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
add_key(&(0x7f00000003c0)='dns_resolver\x00', &(0x7f0000000400)={'syz', 0x3, 0x9}, &(0x7f0000000080)="00000102", 0xfffff, r5)
r6 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000680)=@base={0xa, 0x16, 0xb4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000280)=@framed={{0x18, 0x8}, [@map_fd={0x18, 0x0, 0x1, 0x0, r6}, @generic={0x77}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)

9.312079488s ago: executing program 3 (id=5397):
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, r0)
add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f00000002c0)="0000000000000002ff6900000000000100000018009b3900000200861f4104bfeacdd5a9007d16dcdc2850b5", 0x2c, r1)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010002000000102505a8a44000010203010902"], 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)

7.04290081s ago: executing program 4 (id=5402):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r1 = socket$kcm(0x29, 0x2, 0x0)
timerfd_create(0x4, 0x80800)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000001200)={<r2=>0xffffffffffffffff})
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x1)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
socket$inet6(0xa, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
socket(0x10, 0x803, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)
sendmmsg$unix(r2, &(0x7f0000007a80)=[{{&(0x7f0000000b40)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x5}}, {{&(0x7f00000010c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20000800}}], 0x2, 0x48000)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r4, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000000c0)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2000000000000322, 0xa, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r5=>0x0, 0x12, &(0x7f0000000180)=[{}, {}], 0x10, 0x10, &(0x7f00000001c0), &(0x7f00000003c0), 0x8, 0x1b, 0x8, 0x8, &(0x7f0000000240)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x6, 0x16, &(0x7f0000001180)=ANY=[@ANYBLOB="61158c00000000006113500000000000bfa00000000000001503000008004e002d35010000000000950041000000000069163a0000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf670000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519ae5386ad9a4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3b43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524a3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8b01000100000000e722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d545ffffffff00000000a1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817066874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf857689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684ee54c0a263c806aabac2f66cb052f847c62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961ef4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fc0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bb000000000000000000000000000000884efcecca45ea4ab2ec097668456a6ff12854997f5aed737d5205ace5c0b64f87ef10784d0479cb44ca077e0c4ce6ff880e2ce3de63853a9740e9233683bfc8636bee293aeeb680b399a296e6f44c07b5fc5d9d359af007f23004a7acb6df23664ea209620b4fe0f4df81c33bd8ca2335cb4b50881937379b45a301175c3e8eb32970564ec8e25c46ee3bae079faedaad94276cfa251be8256c4c37fc84a25c3a2feb39e94a5266a10716d4a3cef499fa176018054e9149a1c9d20a809ce300"/2302], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @xdp=0x24c4e7f55405e409, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0xffff0000}, 0x8, 0x10, 0x0, 0x0, r5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)

7.042090697s ago: executing program 9 (id=5403):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b80)=@newtaction={0xa8, 0x30, 0x1, 0x0, 0x0, {}, [{0x94, 0x1, [@m_tunnel_key={0x60, 0x1, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa8}}, 0x8000)
bind$alg(r1, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
connect$unix(r4, &(0x7f0000000100)=@abs={0x27, 0x0, 0x4e22}, 0x6e)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x5, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo\x00')
getdents(r6, &(0x7f0000000040)=""/227, 0xe3)
sendmsg$nl_xfrm(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0xfffc, 0x0, 0x0, 0x0, 0xa, 0xe0, 0x80}, 0x2}, [@migrate={0x9c, 0x11, [{@in=@local, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@private2, @in6=@local, 0x33, 0x0, 0x0, 0x2, 0x2, 0x2}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x8}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x800}, 0x42000)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
sched_setattr(0xffffffffffffffff, &(0x7f0000000000)={0x38, 0x0, 0x13, 0x3, 0xa, 0xc43, 0x28181089, 0x155, 0x4, 0x79}, 0x0)
r7 = accept4$alg(r1, 0x0, 0x0, 0x0)
sendmmsg$alg(r7, &(0x7f0000000740), 0x0, 0x2004001)
io_setup(0xff, &(0x7f0000000380)=<r8=>0x0)
io_submit(r8, 0x1, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r7, &(0x7f00000003c0)="a4eccf5be53d166f490fa71caa35b4e1d988d0c4a949601102b1cf0cacc6e0152f5c46319157d65040779ff3c5ff404e0860aa986475362a521502fd91f1ddfd8b6b5b83a00de6dc4958317f8131db308032328de0f76e3db6b41f96fd1c2f04e9ac5e990db845ae7e0be122bba788bb5dfbba5908a2704948be06045e1944d83b7d2ff0b2c9c3f8e6c42f7005337d5aefda8168980378ed683097e48fa48d669a263a62eea29e06d7096ca84e95f01db9a029704d9bf1a6783a60533e23f6935aa6d9fe4b9481969f51c35a5f44daf8440c482cba423ee6f4e7964578710ff24f899ad678be395ff6c697ffc9c286e1502f33c7fdb647402afb5379fb38486ed88966a3026f7ccf74133af3bb6613133d2478952e153ed2048fa7928301769591aa4c48f2e859d11930bc7c41a538764e7cefa835ce33a2668f637d6f846cc48602d7872623", 0x146}])
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)="3900000013000318680907070000000f0000ff3f3f000000170a001700000000040037000d00110001332564aa58b9a64411f6bbf44dc48f57", 0x39}], 0x1)

7.021804036s ago: executing program 2 (id=5404):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x5, 0x5, &(0x7f0000000580)=ANY=[@ANYRES8=r0], 0x0, 0x5b4230ff, 0x0, 0x0, 0x41100, 0x2a, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xf739, @void, @value}, 0x94)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x22048854, &(0x7f0000000200)={0x2, 0x4e23, @empty}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x12, &(0x7f0000000600)=0xfffffffd, 0x4)
shutdown(r1, 0x1)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r2)
sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000800)=ANY=[@ANYBLOB="84010000", @ANYRES16=r3, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088058010c8054000b800800090000000000080009000000000008000a000000000008000a000000000008000a000000000008000900000000000800097c86b722735035dc0067f6b133"], 0x184}}, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000004c0)=ANY=[@ANYBLOB="581b0800", @ANYRES16, @ANYBLOB="04002dbd7000f2dbdf254f0000000c00839ced540000680000004c007a8008000400000000181c000200134ecc4d908540c3c8630b918a29360800040004005111335ced5fd94e0800040009000000080004000300000048007a801400010003d869f47d8c428eaa74b31794b4b314b5000400000000000c0003004180081ee4f88f1a080004000c0000000c0003007858754e3c504054080004000800000004007a8020007a800800040005000000140002002929590c"], 0xd8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg(r4, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

6.923172458s ago: executing program 4 (id=5405):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000440)={&(0x7f0000800000/0x800000)=nil, &(0x7f000051f000/0x4000)=nil, 0x800000, 0x1, 0xfe})
r0 = inotify_init()
ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x541b, 0xffffffffffffffff)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
syz_usb_connect(0x2, 0x0, 0x0, 0x0)
socket$kcm(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@ipv4_newroute={0x38, 0x18, 0x200, 0x70bd26, 0x25dfdbff, {0x2, 0x80, 0x80, 0x3, 0x2079d7745464d3cc, 0x1, 0x0, 0x1, 0xf00}, [@RTA_MULTIPATH={0xc, 0x9, {0x5, 0x52, 0xcd}}, @RTA_NH_ID={0x8, 0x1e, 0x5}, @RTA_PREFSRC={0x8, 0x7, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x38}}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f000060c000/0x4000)=nil, 0x4000, 0x16)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000, 0x34, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0x1, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
bind$qrtr(0xffffffffffffffff, &(0x7f00000000c0)={0x2a, 0x1}, 0xc)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f00003eb000/0x3000)=nil, 0x3000, 0xb635773f07ebbeec, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0xfffffffffffffeed)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000300)={{0x0, 0x0, 0x2, 0x0, 0x4}})
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, &(0x7f0000000180)={0x0, 0x9}, 0x0)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f00000003c0)={0x2, 0x3, 0x0, 'queue1\x00'})

6.770562263s ago: executing program 2 (id=5406):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(&(0x7f0000000300), &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x100})
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000000340)="1400000016001963d25a80648c56915a19aa2bfe", 0x14}], 0x1}, 0x0)

6.05447454s ago: executing program 3 (id=5409):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a8f4dd086d0492082a6d0000000109021b0001000000000904"], 0x0)
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000580)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000280)={0x44, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000003c0)={0x20, 0xd, 0x1, "cf"}, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x40, 0x7, 0x2, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000600)={@local, @random="86082b9827c1", @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "7fa727", 0x0, 0x2c, 0x0, @private2={0xfc, 0x2, '\x00', 0x4}, @local}}}}, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c0000001800ffffffff7bfbfcdbdf250a148000ff01fd07"], 0x1c}}, 0x0)
sendmmsg$alg(r2, &(0x7f00000000c0), 0x492492492492627, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000008c0), 0x0, 0x0)
r4 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil)
shmat(r4, &(0x7f0000ff6000/0x4000)=nil, 0x400c)
shmctl$SHM_UNLOCK(r4, 0xc)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x67f86000)

6.053854736s ago: executing program 1 (id=5410):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3, 0x13, r2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000480)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x20}, 0x5000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_tables_matches\x00')
preadv(r7, &(0x7f0000000200)=[{&(0x7f0000000380)=""/106, 0xbe}], 0x1, 0x40fb, 0x9)

5.988807379s ago: executing program 9 (id=5411):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000600000000000000fdffff"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140))
syz_io_uring_setup(0x234, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x25, &(0x7f0000000280)={0x0, @in6={{0xa, 0x4e20, 0x5, @remote, 0x10001}}, 0x0, 0x1, 0xffffffff, 0x7, 0x0, 0xfffffffe, 0x12}, 0x9c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1900000004000000080000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB="00000000001f35da3d000000e6000000efff0043f78248f542b569bb"], 0x48)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10)
rt_sigprocmask(0x2, &(0x7f0000000100)={[0xa]}, 0x0, 0x8)
rt_sigtimedwait(&(0x7f0000000240)={[0xffffffffffffffff]}, 0x0, 0x0, 0x8)
getrlimit(0x5, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0, 0xfe54}], 0x1, 0x0, 0x0, 0x0)

5.872564542s ago: executing program 2 (id=5412):
syz_open_dev$swradio(0x0, 0x1, 0x2)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r1, &(0x7f0000000180)=ANY=[], 0xfffffeb7)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=@newtaction={0x1f8, 0x30, 0x1, 0x0, 0x0, {}, [{0x1e4, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x19c, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x40}}}]}, {0x156, 0x6, "401257cfdc40530354f0186138384abc3d7562bc852aa13fe26bfc45d37acac5ad8397421ec9cafc68bcd541a8c0ff0ea118a8b94ad634b8a319176a7515f99dd8ef7b62edc4db0946720729484424c4ca9ed4be27a4cf7f4c3e4371f2a50d8950db8daf7987f7225b9625f4be2adf078cafa9a919228011f359bcb61085ced85e7f54ae0775044d2e60b4670d32120df679f9329fbc2ba293165f3d5e0a9adf975780d6790e69547c9f0d7b44606ae21a3773b45f788ba4ab943c1fa5743a2584b6ce0c96e1e180f83460e303c93ea63288332aa5702f82e773dbed50aa6be7176f4dcb40b30eba4543d8e0ada77f248d2e670333f2b8af45bffdb2c130559e591d5f8f22a3157d17d6ebe4461a5c7de007af412662a6aa151e84d814ce611d40686e35b583084523f03572d665b85ccfa384af8dde0770d0750fe719e1abf379e165ed1bb2653167b6b9b9fb2c7cc211d5"}, {0xc}, {0xc}}}]}]}, 0x1f8}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1/file0\x00', 0x100)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[])
openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x351142, 0x1cd)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r6 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000540)=@delqdisc={0x24, 0x25, 0x300, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x6, 0xfff2}, {0x480bd72125a0c189, 0x5}, {0xffe0, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x4808}, 0x880)

4.230116677s ago: executing program 1 (id=5413):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r3 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x24042815}, 0x8004)
accept4$rose(r3, 0x0, 0x0, 0x80800)
getdents64(0xffffffffffffffff, 0xfffffffffffffffe, 0x29)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(&(0x7f0000000300), &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x100})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x232800, 0x0)
r6 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000000340)="1400000016001963d25a80648c56915a19aa2bfe", 0x14}], 0x1}, 0x0)

4.181036749s ago: executing program 2 (id=5414):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xffffffffffffffff)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
kcmp(r2, r2, 0x2, r4, r3)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
add_key(&(0x7f00000003c0)='dns_resolver\x00', &(0x7f0000000400)={'syz', 0x3, 0x9}, &(0x7f0000000080)="00000102", 0xfffff, r5)
r6 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000680)=@base={0xa, 0x16, 0xb4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000280)=@framed={{0x18, 0x8}, [@map_fd={0x18, 0x0, 0x1, 0x0, r6}, @generic={0x77}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)

3.762475213s ago: executing program 4 (id=5415):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$kcm(0x29, 0x2, 0x0)
timerfd_create(0x4, 0x80800)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000001200)={<r2=>0xffffffffffffffff})
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x1)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
socket$inet6(0xa, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
socket(0x10, 0x803, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)
sendmmsg$unix(r2, &(0x7f0000007a80)=[{{&(0x7f0000000b40)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x5}}, {{&(0x7f00000010c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20000800}}], 0x2, 0x48000)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r4, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000000c0)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2000000000000322, 0xa, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r5=>0x0, 0x12, &(0x7f0000000180)=[{}, {}], 0x10, 0x10, &(0x7f00000001c0), &(0x7f00000003c0), 0x8, 0x1b, 0x8, 0x8, &(0x7f0000000240)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x6, 0x16, &(0x7f0000001180)=ANY=[@ANYBLOB="61158c00000000006113500000000000bfa00000000000001503000008004e002d35010000000000950041000000000069163a0000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf670000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519ae5386ad9a4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3b43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524a3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8b01000100000000e722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d545ffffffff00000000a1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817066874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf857689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684ee54c0a263c806aabac2f66cb052f847c62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961ef4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fc0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bb000000000000000000000000000000884efcecca45ea4ab2ec097668456a6ff12854997f5aed737d5205ace5c0b64f87ef10784d0479cb44ca077e0c4ce6ff880e2ce3de63853a9740e9233683bfc8636bee293aeeb680b399a296e6f44c07b5fc5d9d359af007f23004a7acb6df23664ea209620b4fe0f4df81c33bd8ca2335cb4b50881937379b45a301175c3e8eb32970564ec8e25c46ee3bae079faedaad94276cfa251be8256c4c37fc84a25c3a2feb39e94a5266a10716d4a3cef499fa176018054e9149a1c9d20a809ce300"/2302], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @xdp=0x24c4e7f55405e409, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0xffff0000}, 0x8, 0x10, 0x0, 0x0, r5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)

3.383156584s ago: executing program 1 (id=5416):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=@getchain={0x2c, 0x66, 0x401, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x6}, {0x7, 0x1}, {0xffe0}}, [{0x6, 0xb, 0xd25}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x4004010)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
splice(r2, 0x0, r1, 0x0, 0x6, 0x0)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$RTC_AIE_ON(0xffffffffffffffff, 0x7001)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, 0x0, 0x20000014)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/asound/timers\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000002000/0x2000)=nil)
read$hiddev(r4, &(0x7f0000000000)=""/4118, 0x1016)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r5, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, 0x0, 0x0)
sendmmsg$inet(r5, 0x0, 0x0, 0xc0)

3.382369517s ago: executing program 2 (id=5417):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000400000000000000", @ANYRES32, @ANYBLOB="04005fdfc666fe818adf74d8c3b7297ea86037cf", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="03000000010000000200"/28], 0x50)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'gre0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newlink={0x60, 0x10, 0x421, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r3, 0x0, 0x10000}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0x86d74}, @IFLA_GRE_FLOWINFO={0x8, 0xc, 0x7}, @IFLA_GRE_ERSPAN_DIR={0x5}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_FWMARK={0x8, 0x14, 0x6}]}}}]}, 0x60}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/tcp6\x00')
preadv2(r4, &(0x7f0000000400)=[{&(0x7f0000000040)=""/245, 0xf5}], 0x1, 0x8, 0x9f55, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x1c, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
r6 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=@bloom_filter={0x1e, 0x7617, 0xee0, 0x8, 0x2, r1, 0xfffff69b, '\x00', r3, r4, 0x2, 0x0, 0x0, 0x1, @void, @value, @void, @value}, 0x50)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$VT_RESIZEX(r8, 0x560a, &(0x7f0000000000)={0x5, 0x0, 0x7fff, 0x0, 0x4, 0xfffc})
connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r9 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r9, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x2000}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x3}]}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x60}}, 0x0)
getsockname$packet(r9, 0x0, &(0x7f0000000900))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r6, &(0x7f0000000340), &(0x7f0000000040)=@tcp6=r7}, 0x20)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000100), 0x4)
close_range(r0, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000140)={<r11=>0xffffffffffffffff})
fcntl$setpipe(r11, 0x407, 0x0)
r12 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r12)
ptrace$getregs(0xc, r12, 0x280, &(0x7f0000001400)=""/173)
write$P9_RGETLOCK(r11, &(0x7f0000000080)={0x1f, 0x37, 0x2, {0x1, 0xb, 0x9, r12, 0x1, '^'}}, 0x1f)

2.977435857s ago: executing program 2 (id=5418):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000140)=[0x9, 0x80, 0x2, 0x8, 0x40, 0x40, 0x43, 0x1])
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x185)
r2 = inotify_init()
inotify_add_watch(r2, &(0x7f00000000c0)='.\x00', 0x5000009)
fallocate(r1, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0)

2.938186101s ago: executing program 4 (id=5419):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_GET_FROZEN_INFO(r0, 0xc00c620f, &(0x7f00000002c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000280)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
ioprio_set$pid(0x1, 0x0, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r5, &(0x7f0000000040)=0x1f00, 0x12)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
preadv(r6, &(0x7f0000000180)=[{0x0, 0xed}], 0x1, 0x6, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x3, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @remote, 0x1}], 0x1c)
lsm_list_modules(&(0x7f0000002600), &(0x7f0000000000), 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000080))

2.919368583s ago: executing program 9 (id=5420):
r0 = socket$netlink(0x10, 0x3, 0x9)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, 0x0, 0x0)
r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_DECODER_CMD(r1, 0xc0485660, &(0x7f00000048c0)={0x2, 0x1, @stop_pts=0xc})
r2 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={&(0x7f0000000100)=@in={0x2, 0x4e21, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f00000006c0)='@', 0x1}], 0x1, &(0x7f0000000040)=[{0x20, 0x84, 0x8, "eeb4fe8ba15e3999ef"}], 0x20}, 0x41)

2.872929262s ago: executing program 1 (id=5421):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
keyctl$session_to_parent(0x12)
mkdir(0x0, 0x169)
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000280)={0x0, &(0x7f0000000040)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f0000000540)={0x0, 0x0, r7, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000400)={r8, 0x0, 0x401, 0xef, 0x0, [<r9=>0x0], [0x0, 0xfffffffd, 0xf], [0x1000, 0x0, 0x3ffffff], [0x2, 0xb0, 0x4000000000000002, 0x3]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000100)={r9, 0x0, <r10=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r10})
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)

1.410812889s ago: executing program 1 (id=5422):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000012c0)=ANY=[@ANYBLOB="10000000040000000400000002"], 0x48)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001100)='fdinfo/4\x00')
pread64(r0, &(0x7f0000000340)=""/28, 0x1c, 0x4)
memfd_create(&(0x7f0000000500)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\a\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F', 0x0)
r1 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="280000000306010100000000000000000200000905000100070000000900020073797a31000000006164883fcb00b3a72b5319f65884d7366ace8337ec550a7e404585fdc2c2b92d5de9f1d12415e62d0479d318037011c7e481d163cd10cf72da150a79c0b15bbe903846a5ebffbfca664345ffa20716529c55fe3629d8204a56781793cee0ffb3db4d55c367db487d1c1c6b4662ec50faa262039f54787602b2a0217a28da524d7b9a47f307fe3bfe73aede30af07f4cf6a77753e179053f2f814f637cb882f4171674e49db18f77ddc26a5ad8814c43c6e70d7e94baa102a014e793f918cb8bac02f0e60ef9f8552"], 0x28}, 0x1, 0x0, 0x0, 0x8055}, 0x2000040)
pipe2(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x4800)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
socket$kcm(0x10, 0x2, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000240), 0x6, 0x2)
ioctl$vim2m_VIDIOC_STREAMOFF(r6, 0x40045612, &(0x7f0000000100)=0x1)
close_range(r2, 0xffffffffffffffff, 0x0)

1.389670536s ago: executing program 4 (id=5423):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3, 0x13, r2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000480)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x20}, 0x5000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_tables_matches\x00')
preadv(r7, &(0x7f0000000200)=[{&(0x7f0000000380)=""/106, 0xbe}], 0x1, 0x40fb, 0x9)

1.324613678s ago: executing program 3 (id=5424):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x10f242)
socket(0xa, 0x3, 0x3a)
close(0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000004140)="a1af56567af19ce4706948d30f35abf6494690656d554e6190797369db23a302f328aa47a2e54509379ba2e477e6e0461d2e45920d509fa49de04732cd2f4a4e34d73eb464d09605a698ad2219a2175ebcc560f740fe531ba46ded4232d273d1865282844f5a3b54d7f154c21a8a82228e27b2c1af662a92e53d81cae3ea68707ce43f89c3321797039a0a39e24b83035dbfb1ac9668b5f87c4ae50250e92c8b113ed58f60015d9c1990253e6646c02901b08a2ec0acceb7ac1e28f59b1e22663432bd5435083b604934bda5f4897467677ac5609bb6e1d1f938a1a8238d2df6db69fcffa48a08ef9231830ceb045a999a9ba43b4d605ce7bb4736ee8bdaac3399576ad3d434c12f1ae8fc5e06dbbfac985d7105c3b7f431854465b6f732e1397e4647e88e86b0a3b01c1ef689a4bd3963deb3b06190576c690ab257b9845b4d412f248184e124b5228f4236d020d4b80ff0772d9515685918c41cad06498a6833d591c191916067759bfeceec176d582621bf23b8d827e2c8977822d64ca19c168fa8a4ea90a60ed60854342e7c42ce11f414dcff1fff715d10ed263d305e5c563ee13a1527795b012e01b8442026032a761cf5104f00dc28a761596d8393e3750be1a8788fa7152a3cd8e051a963120417af9bd3e659bbaac6406a70ba347641aeffac9436fc2352bf7822dabd7a4911a5b947f9c07f805e67ec8c7d787ff358b426494b87aaac46c2d4061ccf3d19201d8d099dddf2b257cacbba656cb7626b0d3fa11881e99799b92f0a07813eac359a64a61a03d6527a24a4fee8e6cbd74932adba5ad3a865788e874b796cc8555522b19f76676646f21f31fad8c360982ce2b23fd4aec43bff16e0f3f1e1e804daf28f236081d0686108fde25f7e6a7bef08b793beca5b21b5f4893543ef1e3a216378cb76a54fa879ad9624a60a0b3306c8548e1a22b735213969421dc9ef70338bb780ad55adfb6b4f4ca3d8ce7c697ce3f0a6210a27cc900ea2218c52ac06bbcbb91adff643f1a3b93db67d7902f23eb89ab2f892970551127b39e7bb9f37c62adb8abed20c8c84531d143c6be2b8b05766e248a94aae400b36a3399ba174ffe14ffd354f508ce30ea991f57018a3534e0eac9cb49d0e6085f93b367d817ee83b24c11f9d38044a9739f4fd41b6a8129fda808bb930beba6223dfe154b23d7c39ac4fb6656169275c31e15d37d3d96b0aaa13637f1c28178f5fc4ebbe1af6acc985c783a30dffde8d7eb0c8863e3481caf2606a4b6930c234736404d4eeefdda697193f57d332540a423831db671d7d3e8e15ef3d6a26b83a5053bdc2f0b378c6b39ad0b8b9c7bd5c4bf81018ce15d0b344772f6c6f469e40c9848cbcb1b3ccb721b4b1f895a6e034380d882bd30a20f1c2b8ae138e6728306e16f6093774d21b798cd73a16bc577be751deb434ef019dd454fa3ce3cc3b2634ea4957548bf226d0b24bce757382c639dae891e55dcb24ffc9dc2c08acfafabd4565dbcad34e1a8e781c56e9144f0e85a5cf6c79a5d1a8b3479cdc178215f05081eebdc03607798c66fd043824756e896c2b69fe5e843e0eb26c86a37a8944e93a7f3b2a863136d56579d0377f9424cf00dd6da7b19066f990ce05e1b93479f125cbcc5c91aea56ef04950164079f5e22ebfd77d54676b2de392ab20298876bce1ae9941ae109d7088edb29d02539aec8f276b862bb28fa6a68bb1a0bda1b0ec6e5891e93777d9b126d6add7eb36a7f75c435618d368c04156f8a116d0c843ad04842d7b7c84cd87e75fb81ec16ef184fd3119c16c950b84bca9a12a86f0e333d9fe34622f5a51e9772dc8b94c491e16db0c537e211b01c9f13f9e7a7b2f4d8053baded5d6018561b547562efbeab2946f3ef872d0256196c75fd7f520da7aea0f63a278052925c6c88307bed0336c5632ca98086e7712af309f99a6adb3ec4417eaa9aefe3fd43c4402bc13868832d6dfaa97de7ed43fe3711917de97058d60067d5eeb90ecb428182d07092c516e6eef6781756e308926faa9796dd1a29dd4c3827115fa8e14bbe449f4144785b9581a198273adb8bab0d4080adbb592b25fd74d426233f537562a4a98b07f4b2060b4f496c66a0169391b713fdd991fa90cfc313245f57900d980adcbd46ada0a7bdfdfec4bf8ba12e37724c9dfd7fbbe4541bf21cc393249a555746268e7e33bdb43f2cd4932e39fc818e49d0e588d12a3a297be074ad83db57be9d4455ab0685b087e8ee9f5c7c33e10c9d6be572b58c88b79756c45eb9eed6d0275944d9cc1cbc8c498917aa2fd79c00567d4f9f768579f891e23fa9548c5fbff150d2873ecc72da8d0077a223f9d18700b690d8046783bba756a2c9863b7ffc7022b2da68a332f72f704bc38a0fcc4f445891f1ca1ef5dad28b87ce8bdef23ffe29ee23f2c0a002c80cf99399dc7276aec6f9d8b6ff3d7554409a4e38d2029a43f8a70da62b33c44f5f4f299eec825302c52e5f83d462b81512775107059826c8880578f01d8cb53af86ad61a7e36c2ccdf55ce197ec2a78219a5b952a9bd12ac2cc3271e84e6dad464c7ec9d9f0310614200a98cfa933d5db05c00c95c59fc5bb8844ff856ee7f9b091700b1a93ae1c00a40d9e5e6ce036f90a6dc34faa9dc8e8972c49b055f9a43ae10251705a960f2cfc8430cf9bcafc26c8eccc8b75a788beb41d180d4364f3083f3ffb5e39049979903c76f440810b7ea608ff84f5e56f9e0653bf15b6b6332d458f8d2e2b17d7bd2305a8909996d2ebfc2ee2ff697fccb215bd8c73d4b9f5b597308f98ed8fbda58f52cf8443f5a9db7f0f6e75e1c9e47d73f8d0624e9e6f33c2dee3c6ff394082d78ffd3a68309b3085e1a7c106f62c3959a353672cadadf6c058fe366b03fcd95a23f564c55a3ce9a914c11c8b2d6040147a1539b106adecce531646fea4db06775fe5d1bf9cb0107941b620043ac9b7936b2af9849eca9c46062945b137dfa355a7ee0c81a0193fa60a70e59b407af06a7f181a3e4ccc81f2c580a6c6cf67a8bf93eb8ff2151b7074144bf7c5cff97814e0c00c138d984559ac8b95a45a4497174130bbb0db22fa53187db1d923d9ded441a4d2fcbe0ff5736ecc3d94bfbb2df632ac88a02f2c9f73312e7a9c2d8d6c0bbfc774595e2e63669f2b5bbf6ee6a1ab0c25e313d819b02c785494eda4cace033e96b1ecc5b155a14e0c8d51d54d8bf33e499d0913d9605a419bc6c73c6bb07d1a306adb27dfedbe81a386fb3bb659764442c4d9d66673a916ee5a6ae59abc994fff64f2db0c83e2b18944f619cfdea0ea0911064ab690b2e03670a3e3667651c1980d0491a40312307e4534671c9c8ca8712506eff211577783c81dc05ffae4a9c6d7554f9fec07b25451c70e6f4d4b160544b66d66dd88ef1c77f09133db317c39fca05b68ef3eee3c28cbe31982adb0693fe9699d06654150346915ccdb17c69ea3aa8bb36b5f321060f6237dec73a011b233b81a6337bd77da5da753593fe30282456a0da2c4a18911ab5a8af13c8f623e5684f74f322ba103482d9abec31a684707671759ac8bb2592d66350745f77f18bd6a6cba542644f1fdf0dca14a08f4ffd1365969ee896cb39e845f71590eb4c73cc624cdcfbdea2352ad5173e5e919fcb98f6d960341047d181075ec8b1e92f40ecd5a1bf157925329748cc7af0239a7803a0c947479e070b026baf6738c29c9a8351685abd43775726ec0bfeff4d51fd3fcb04b108de286c5f61a82ef496e20133ef8b4ae243e81b20822ea6285c70bf1a33cb9f4ceeec053f60992c0023bd5acb0d4a9a55ef377f2837784ada634070a85b0a42fabf288130d6b74ca23473fbce932bedb44cd51dae78efd058dde5d7eb4aadfe3dd8346420567e745ced5189db6df22edbc66580a236f6ab148a3efd69bdea3dac7cffb47df44dbef7fcb436902bb30d65d65d5320c3b76ac17f43d27b2deda8692ba03ac2ae60e4ed2a9232c71a98b9869259a410b901f38cd6712f69f2dc3f92b7c5909f3595e99c9fc77d4d33f9a0e57d5f121e2de782b22cf7fb9bf22fc6afde5e42876ff8005f8a042bb5a9b67d60f40a7ad1cd73810a4f704f14823d4074e5a32b028c8360432b8aff539705961fee84d6c60b2b4d2efad60fb20c1da653869349b81e6c3d56c96ce56a833ee9a2b3e92a4b96c5a545910406751b4e7da24a328de0e20042d1ecc3bf7fd97071bb2740f497307501d90fa9c8e5cd63a703096955f4934d9140ad295cae59232cf005574d875e098637ecb757305a51d102ae5323b23a61c1a1b888c5974a243e42bfc391114ba5ba28e2375cf1d6d1a63e6bd5cf9aff9af16bdc927f642151597fe6d18ab008426f25054ee8e39136e2c217ad1f4cbfccdaf9a0cbd97edef5fef9b2ec486a4b21d79021103deec2ceb26c0b0035856ea2370aa3a8de925797722aeeee2d504184988f9f8727915c389f043c3de2b0d8e3046c46b33cb1615f291f272ade0029cad1f1d2e723e62cf739b667b005de14c3ed265e3bc2d553bb232f88b92a8284996c50e141608623ca7677a9cefb85fb0e0e77e23b9767dd65fbc119a15969ecd10f8033d9f37a748a895fd39390563f5f7998bb10eda8610855eaeb2499d8234975edb16c438069e8701bec0a86ae108a19b9f54782648af4b7b04a1d7b6b3a853c24f2393120918d1eed7b40f467c88857ee9cddf5f01db495f3138984387adfe3cf51a47dca021f9f31b44af1d1ae7c9f4c768f2a46d5c012a937985f56436ae15528ae3597590c927be9676a4ca80a19d44457b06991c02488c96e31094cd963b64e8623fc7000009ddb29b0dbb13671c321d24e322a05cf215dd04eabc2cc6fdaed762d3f9da0f1e0e4b7ba13a6036771c9403457dfddecb71579de33c597860a2e49d7b5052a6b018ddb409a7a84f8f6651d070a4c913b7a721490c8f97c085de8315019952deae16434a3e5fd5d242b1b333d8a801aaa67e4aa599b818c8e747ecac2e9c6176bec7e34ecb84450903f5aa6c6c6bf539b240506562d73c5dfbacdfbcc9db3089701f2c7fe6d6b8d6728f8a1b90a911338463e6fd824ecda51578865b3c363b4b79f6c698e27760c1090f8ae52d6fd3f0f9488f1c25feab4b48c03ddcf74a8b6d2b0fc6b5a89b8051c99edee357fcb875f523f7a88a5f25222fc0ba159873b47fe906e88f920943e453048cdea455dd98fe77f55d9c92e205b87120ac5ef791cd7d6ce7d2cfe689db61096c6e4fc359c9aa4dd3d1205358da38882073ef7268239f7c74b0f3cd60ca239b2fcdc3f5c774559ffbb2b821f1314987d8cbe5342db9567a864d569abf7e14f48d4e2b178be4d020c4244ddb0cf4ef7124f295a81b9c10227ea886e6f6ea2dca031a026a4f946f49598b76141a0b18170bb3cfa9136c49c69d71732aa223db1e65553aa03bec9b0a35c31eb4e6b0dab02ec2c2d851a731be9cec6078456631c68761e14dbc9afa2c3f631a160ebf9d1fd3c2ecccf6d4aebaf0fafe2e9f47ea9d386425a7950671cde77c6951ef43a1ed32f0ed6fcda74ca9333d2513e4a40cfca01a17bfbc13b0229e2b16400880d96e4c687fc54ed0b34326126f845bd7cd2063c51abbf8bb61f6f1dc3606959f2dececc6e3e08d808841c4779ca0f5f51e7e03260d0b75b1b0355f8544c1639b2f0bfd6f95c4f6d151073a086ecc890d6366acbcee869020cf347e700a8361bd8d5c53e6480526aaf31c9c655eae11831184746a709387e60d68c062e5e05e578d11687f6a5411ffac4cfd62331f63a9726ae77c5799bcca05d6983c985cd23d025e3367ef8c7ee903de557322f38629628ee3076ac483f8257c6335a478412cad1d73b6fd43c37a62dd7a0ae7601f12b4478c3f2ee105a915ff2052d23a8b9af3ca59013f553006259d4cce52212862d22c08c29affa3520b33a6b68cf2b9f91d9258dc5052bf360977ba81a37701118f635379d852b6481843604c111bcfa4970afd5a0fa52824cb27ac9a77b7575e3e0cd043c29c5682a47fe94fd6c2c225b6d9939b99c18b5fb898c5f28e87a5b6a0bbeaa2c4725cf5494765d79a50d2417e84130bb37f540e8db7064e57935ec3c6f9baa2a9a1ced0f8c6eebcb9b688490b31f864dcd9b726628218b42f45aa82f2bcdf2c7532c9669ea7ffb6842451ac314a35cdb0855312448c24efd6583a582e15ad5e7f7b714f0ac703a24e2ee8769a868079af8660931ba325ea1c9b636ef7b13766204dd733c3bc69f11e026c382ac0fa5ce8413fb9f84408e4648a5e66b8592093a17a42cb105b616b8239d2031200eecb9beca6d411a71f072fd159eac0a4f4392a0cedb96248dad497b2379f3162254045ce276503093e5e7ab062b942cf6f2302a5ab9af1b3a315ec67faf84b70fdbdb39044a22cd7bd0f62ba66ce2257f3aa0f56d53c8157c4db3297087e25ec24696813430f386f5ad55bf6289f62e1492dc6ac3bb5047e933d54ec338cafb3bfae8336215611bc3e8a5cafaca7c70f580570518a675cc2075c7593e1d98ef02b74f06b041b6ed9b06e820d32b413de06235441a52346c3fd2e723816c7b481fbf564a525646ba62c615060b2f9fb0ff0f00c376c6dfcdb060aca7af2f07f6030a2ca324c8380c11f9c1182acdea2123c52f5a40b44909180a14037c760c4ecc10f20206445aa65cf835f09633491f608598f1fe5cb5175ddc48070fe0608335af27ded864f97dd52c235b7c4ece6bda153224b773c64235c1099054a55849cd1af7832abd1383e82f63715c9cc24543397bd56e34fd5d28e49021bb483617a3444fdcf8cdeb33bd8675334a897e17966fcbc1e5c5c5399bb6bf02a9bbfaa5f3c58d2efd007dcb1190af4ab4b71987ff7824bd9b9c6d6fb0b144c1fd462805aabf2c7fbb043ff22b496e41a4a81957892efe74d614d62d4b04bbf544fb03826e9baa2a84f32da4d1154c1d0fbdcc17f24a49633761d2b5962e618d8a9be2bf373cdc9c45ecff0148f355075fde5ad5e8da5d59498eb2b7f77a4c0622edd29d7dfedd748b750d0b48057fa7b8ff575714a408a926f6e0cad081eb24780fdbb116fb8dfefb2006f765ff95fe4def6b83fa97b3f54204a0c00cf71c4a1efeface1198a94610570816d08c19af76b03afa42f722abbfebb2c99a905300918dbcd131fce84632bf4f7f5dabd1b5b05742755b45e50eb89ee278e0f6f1a8ad3d9f907b9accbe4845f6591f8361b52e4dd8f19823efd7e89c2ba80c70671eea397e1953daa12907ce59d940a6dcfb3eef7ba7405bb489c38319ac4fee62dec986f4f0975dc1b9f576ebdbca90c42e7f3b1928154af66de5e54b16d8b6541f55daa90812ea7dab78a87d969e4bf95c47f70ce84f9e41e542bbb91f77105c8314e8bd5d8d37e11d9af07c5dcedfab1f21642bb30fb332f7c6bfe13cde2f28f104344777066afe5b0f6db14390f587e64417b0dab027cef4c5daedc75812a7452d45e57e8e274ad8cd8a10b2b9ce0f371809101e9340f2fa0a59501020e48f862572fef70b350938e00a921fb1c080e933eaad2d56daeed692e7d69d4b95a2d1a620da88247314bd73a20cc7a504427df77ba969b5adbf74321e982c2a1913b66a8687960c8fb71a850c1003c76fe1c3bbbc8eb142dfa01f5df52b72bde0c8884374f72eeb8038ad57beb6c732c511bd5847ae8d4b69e195f87b03379279936dda69e11cfda279f37e53a05cb787f118d66f62a87037981937d6083e47e31de6a2700cb7976c0dfcf972bdd458e561f13b3e30368c8bacb722611db7627ad4e00a34f69a5eb9edc7eae464b2422a4c38bed04c49b15fce25ccd22347720273127236d6e8178cb414d1b4dc36cabd19f713782bde48db7094577042083cf5d42224eaa69e0d70b57e6f1764a825909c48858cda13ab13ee203fd0d57291acf508f91f9bc428d4c9ea06a9df3c9ce183e0c101a4d52fd87866c2146219beb15e616ce239cb025ef3dfdb3a2568a833c88a66a580ca9d3f2b770647d5baa42a707351688dc0be3b15d2cead64792e9f9688ef95ea5274c08ee13c4a3797ce346dceeaf7d81a18181839ebeed412baf43ec1abb35b7930ed7a528f9a0bbccd1ea6eb525488c6731150afe791bf58e524de4cc62e174d134bf5d170132efdb2cbb42b882219de563cbe6280ce4cd8482699442b236d1bd54517c3ad25fb3d68a649920357d85f343f0b46ce4a78b1836b6ecb198f1f1686597206c09ad4534717402eefc0d5a90639f91b84d3de00e7d815059640ada64140687c3e404432c74e91907cdcf3e07e997eed9de114767829833920a9fa5bebf7d99fc4f461375f3426b136b680230c7aa135f0d2d72be7bdf8667a8cf0dd0bf5490e393b5a465d37b9ee0d659c8c0f96681b71a867978b3503a45dfe95e49b9d11b8ca953ab01ec1714ca9ca1e1ed5998e02934901dcac10a2553a94618db7d79c4a48741afe3bceaa994833595808f8080f6eafadd31caee252a7d115db962320be9503147d39adbd11b1cd4cf2cd4bf94d9036ea61b2d4791c6326af653847d2b6dd83f5df51eb9473ae0c305abe5f3896175d82a2b569bf100166004886dc58432cd678c0a4a152013b2646a68284567b898e6f3d38a9187b6d10075234b2e11b7c929b308bbcb82f4a8ceafc503f18536092f2965d13875060c926b5404ccf3bcfb1389688fb4bf57ff79201d8a00cbb54a12b3be4693b4a295284c90e7d0f08b632eb0411bbd01d51112afe5db173a8159dd38fe6e9804f6ae779479ffdc697ec572b0934704dfcc3e9b2bec95587285299d1d79192b2324e4eaf4de74df050170562c08e0a821f47745f63ecbbb767846ddcc331f459013ec90de697346f1e57345a51fd9d2233cb3591c406bc25ff5c098c331cd026aca7ac1fb1c35c3d3597c7deb89620a364044b30c77d5071bea5b196a0c380ad40370985713838b1c830130a5fc15c5501748a2c8369e77c3fd4ec2f5de572ee183f526359f28865d68eb87c21f8fcd4a09d76ee6d9ef31561d9c97ae3672500e342a798b04177f2c5896bd06b4c96a58aa839185ae44b838d763872bbf1e7b665848f1e186b5ab6cd4628f4725324981b0aff0b9af2f78883dc8433d2dc26c1766e0ec77c4eb63da1f859c09ace8889fd2c5ec7f7e11eeb547900dd9332b7b96ea6be35aea692e54c1cc3d1211bc843f8e8ce71abb88873e132fe214a7e7670fcac38516b6935b9e0a2eeb43a0aebd25676db551d8cff4fe0b6cecbd59701317022511a2d612864c09496c99af48e1cd066c5bae55b415ec08e99947ac94885ddf875d8f8af199aba32c0bfc27f6e19e57380618e7940481077edf6270ea3befce28a55c2a68a961142e959690ba294afd57c5530a5fbd5f60d791a3f06720947c74cec26a571a9f2e5cf98cccefba8beff72f2570f8a0e1a130c0e85d4fbb6a6f0b881af274c9eb063ef09176d43f8f18bdb35a0acb1c6305ba5563d1b6baff53b1251305de413052667c4cf9f94460bf348fb27ab5719ae44faf02dae55d8eab643040834b04aab15a197568e8ebd296638b01e5ea34e39ed47ffb58a47027d4b7d978028b7812a141df233065e93c20dc736af1cdcedcf7e766eab238b3b4d3df022f50b43973c47d1c80055e4fdf569e50fd382e840b76a6db6c06b1f0603a2234b9175c5e15a22855b57cd5257d9b5a456712f281f83e1c6c87f58be8166f8b2e85e9f54d24fe3b420d77a22745dfc7ebc89e21acf1c6649324f4c5bf53e188ce3216dbdec21a06fa9e61d830814697727305fb48c705c4d6c4bdfb874e43a8fb1423e2d2d6bdfe22a0d2b211d3beb86937c639c934cfe9a4b6c2853ff353829028854e8d7d75f29f01c4d7c297fe0236345ecce914b3be4907788a39c093c9f9e2c930a15563cc453d08123deadf853c83db0e3986d993e44e441a874411b7905708462e1ba42ea22521d7c57089a77b14b6dbe57f0ce69c7c4f1c0d53385655a8ed6294f113d33ad8867ac05e80403e6a8103d1574fab80f43a4a3af93a67678346d7b3b977a1381afb93990b1cc3aa73cc463f72bd898f647f3f5a3b342fb5e37140ddc499edda92ee624039ef3f802c9055e20b7d6e4f5a109cb4ca1bf84d37d1e78d45a10f45602b61216ea8969eba3a0075256faf8e577de835bf0b37311d16310645effca6751cf502a035d7ac7d1ca2c23547a739116efb586dfe2762ca4bf5ce5fc48913efb41a4a93fdb240f0895cdf306ddd13337d38a58402561dd663bbc675e1a378d4f770ba5e308c6ada84faf18ab2b387b0ac139a57dc534e278a1afecafcaed3746701cee14edce6c85cc39c91ed5be8a178d2fcd97567e8ab661d573278062bfc3c83acbfcdeec7f08d3c1197ccf830c883eaaa01e2cc44e91cdc1c47c03797528a9dd63cde259b4b211b57af121b125fefb26c110da83bbc150e2663a22273cc855cb3c52d02fd92db59a7c876d1a18e66cd64708aa478f3f10e726210dbbe2fb1afedb2034a7d59ad774e73f97d7b4b121cc25b90dd4fb5179816174dc4650b2da366d11a519f4310972944625c839b01040c712c635d967269c6c07189b5b1b496403e35e9ef01ecf7e795c357ae08b4736d2c1bcbe556cc671ffa37677b740baebaeb1b74c922d1ac83cb3ab86735d07ebffe072ca08ebd56d0ae89d5535a63bee75810468b1560534ecdb4a16495f9a7f42164df055942e94011848c5dac783a69fbdcac9c477850320af0c10da48775434088c7d090202f927463123639dbc1d48a871e4f20f75563f6dba586db6d12e2e7f36e7da4915037fcddb4413336b423f6b888bcf297fb8d33493e9fc2e992afeb1b83aaeaf46f4aba9bb0aa2708272ce5b0c90ef9f6c366c20e90d0f87aeba828196acdc4306131c515319776dfab27de1e3a501cfc560bd3a1dd29e54b87de9a01d0351184ed5cc3323cef72fd423dfbb0ac90eeec5474432ec1e4c64d68605c378320c0e97a3d89a409b7d969d6e116c2ba861f57418d8eaac5bff85c416ec5224d92df53d8f272c7e02e832bd21ef4d6b4a9bd307f8c1756c3e6c155bb2ce5807311d60b2fb31357c89119af443af2d3a4d08fb6221aaeee97bfdae51ebf6c51f98300033ec513ad6996041441d474ccf3a2548a11b94527ebc2e24d7519b1ded645da3af62060a4ae19eddc3bf331c4c762d9672de22558c655ba05338d985da134230fef2d0639743bdb4695517dd9e3733827050617b3cc792d12b3280e0000b22ad5130b27f9a5e25b965028874db5b5efdf881043e1279187294bbc35865af7662b23b9adf614a9af41fe4d0c9cfe62106a2bb6d294d3ca554062b2c7a0299f82fd5eb6841fedf096753b1a63a6b4dcce3837ee36062055c9f52b3272f411709db86d59db530fd1ed9cc2138817c290a2777d1d54cf4b7b2f8737444b58334a1c26f63ffda10b749b5796fa61ce6f74fecef2c4766a05d0468c1d7056beb8fa9cf7d51d5115690bcb889f09dbe01b1c55ac860a00cc159f6683d33fdca16d815fab5bbf00", 0x2000, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
r4 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000000e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r5}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000180)="8dfb", 0x2}], 0x1, 0x0, 0x0, 0x803e}, 0x3)

114.403418ms ago: executing program 9 (id=5425):
r0 = socket$nl_route(0x10, 0x3, 0x0)
keyctl$get_persistent(0x10, 0xffffffffffffffff, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
fcntl$dupfd(r2, 0x0, r1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x9, @any, 0x2, 0x2}, 0xe)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_SETPLANE(r3, 0xc03064b7, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x3, 0xddffffff})
kexec_load(0x7fffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r5, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000007c0)={0x1, @pix={0x3, 0xf3b, 0x34324241, 0x2, 0x7, 0x10000, 0xb, 0xf, 0x0, 0xc3da533fd69e53e7, 0x0, 0x5}})
shutdown(r5, 0x1)
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f00000012c0)=@add_del={0x2, &(0x7f0000000240)='batadv_slave_0\x00'})

10.479642ms ago: executing program 1 (id=5426):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x10f242)
socket(0xa, 0x3, 0x3a)
close(0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000004140)="a1af56567af19ce4706948d30f35abf6494690656d554e6190797369db23a302f328aa47a2e54509379ba2e477e6e0461d2e45920d509fa49de04732cd2f4a4e34d73eb464d09605a698ad2219a2175ebcc560f740fe531ba46ded4232d273d1865282844f5a3b54d7f154c21a8a82228e27b2c1af662a92e53d81cae3ea68707ce43f89c3321797039a0a39e24b83035dbfb1ac9668b5f87c4ae50250e92c8b113ed58f60015d9c1990253e6646c02901b08a2ec0acceb7ac1e28f59b1e22663432bd5435083b604934bda5f4897467677ac5609bb6e1d1f938a1a8238d2df6db69fcffa48a08ef9231830ceb045a999a9ba43b4d605ce7bb4736ee8bdaac3399576ad3d434c12f1ae8fc5e06dbbfac985d7105c3b7f431854465b6f732e1397e4647e88e86b0a3b01c1ef689a4bd3963deb3b06190576c690ab257b9845b4d412f248184e124b5228f4236d020d4b80ff0772d9515685918c41cad06498a6833d591c191916067759bfeceec176d582621bf23b8d827e2c8977822d64ca19c168fa8a4ea90a60ed60854342e7c42ce11f414dcff1fff715d10ed263d305e5c563ee13a1527795b012e01b8442026032a761cf5104f00dc28a761596d8393e3750be1a8788fa7152a3cd8e051a963120417af9bd3e659bbaac6406a70ba347641aeffac9436fc2352bf7822dabd7a4911a5b947f9c07f805e67ec8c7d787ff358b426494b87aaac46c2d4061ccf3d19201d8d099dddf2b257cacbba656cb7626b0d3fa11881e99799b92f0a07813eac359a64a61a03d6527a24a4fee8e6cbd74932adba5ad3a865788e874b796cc8555522b19f76676646f21f31fad8c360982ce2b23fd4aec43bff16e0f3f1e1e804daf28f236081d0686108fde25f7e6a7bef08b793beca5b21b5f4893543ef1e3a216378cb76a54fa879ad9624a60a0b3306c8548e1a22b735213969421dc9ef70338bb780ad55adfb6b4f4ca3d8ce7c697ce3f0a6210a27cc900ea2218c52ac06bbcbb91adff643f1a3b93db67d7902f23eb89ab2f892970551127b39e7bb9f37c62adb8abed20c8c84531d143c6be2b8b05766e248a94aae400b36a3399ba174ffe14ffd354f508ce30ea991f57018a3534e0eac9cb49d0e6085f93b367d817ee83b24c11f9d38044a9739f4fd41b6a8129fda808bb930beba6223dfe154b23d7c39ac4fb6656169275c31e15d37d3d96b0aaa13637f1c28178f5fc4ebbe1af6acc985c783a30dffde8d7eb0c8863e3481caf2606a4b6930c234736404d4eeefdda697193f57d332540a423831db671d7d3e8e15ef3d6a26b83a5053bdc2f0b378c6b39ad0b8b9c7bd5c4bf81018ce15d0b344772f6c6f469e40c9848cbcb1b3ccb721b4b1f895a6e034380d882bd30a20f1c2b8ae138e6728306e16f6093774d21b798cd73a16bc577be751deb434ef019dd454fa3ce3cc3b2634ea4957548bf226d0b24bce757382c639dae891e55dcb24ffc9dc2c08acfafabd4565dbcad34e1a8e781c56e9144f0e85a5cf6c79a5d1a8b3479cdc178215f05081eebdc03607798c66fd043824756e896c2b69fe5e843e0eb26c86a37a8944e93a7f3b2a863136d56579d0377f9424cf00dd6da7b19066f990ce05e1b93479f125cbcc5c91aea56ef04950164079f5e22ebfd77d54676b2de392ab20298876bce1ae9941ae109d7088edb29d02539aec8f276b862bb28fa6a68bb1a0bda1b0ec6e5891e93777d9b126d6add7eb36a7f75c435618d368c04156f8a116d0c843ad04842d7b7c84cd87e75fb81ec16ef184fd3119c16c950b84bca9a12a86f0e333d9fe34622f5a51e9772dc8b94c491e16db0c537e211b01c9f13f9e7a7b2f4d8053baded5d6018561b547562efbeab2946f3ef872d0256196c75fd7f520da7aea0f63a278052925c6c88307bed0336c5632ca98086e7712af309f99a6adb3ec4417eaa9aefe3fd43c4402bc13868832d6dfaa97de7ed43fe3711917de97058d60067d5eeb90ecb428182d07092c516e6eef6781756e308926faa9796dd1a29dd4c3827115fa8e14bbe449f4144785b9581a198273adb8bab0d4080adbb592b25fd74d426233f537562a4a98b07f4b2060b4f496c66a0169391b713fdd991fa90cfc313245f57900d980adcbd46ada0a7bdfdfec4bf8ba12e37724c9dfd7fbbe4541bf21cc393249a555746268e7e33bdb43f2cd4932e39fc818e49d0e588d12a3a297be074ad83db57be9d4455ab0685b087e8ee9f5c7c33e10c9d6be572b58c88b79756c45eb9eed6d0275944d9cc1cbc8c498917aa2fd79c00567d4f9f768579f891e23fa9548c5fbff150d2873ecc72da8d0077a223f9d18700b690d8046783bba756a2c9863b7ffc7022b2da68a332f72f704bc38a0fcc4f445891f1ca1ef5dad28b87ce8bdef23ffe29ee23f2c0a002c80cf99399dc7276aec6f9d8b6ff3d7554409a4e38d2029a43f8a70da62b33c44f5f4f299eec825302c52e5f83d462b81512775107059826c8880578f01d8cb53af86ad61a7e36c2ccdf55ce197ec2a78219a5b952a9bd12ac2cc3271e84e6dad464c7ec9d9f0310614200a98cfa933d5db05c00c95c59fc5bb8844ff856ee7f9b091700b1a93ae1c00a40d9e5e6ce036f90a6dc34faa9dc8e8972c49b055f9a43ae10251705a960f2cfc8430cf9bcafc26c8eccc8b75a788beb41d180d4364f3083f3ffb5e39049979903c76f440810b7ea608ff84f5e56f9e0653bf15b6b6332d458f8d2e2b17d7bd2305a8909996d2ebfc2ee2ff697fccb215bd8c73d4b9f5b597308f98ed8fbda58f52cf8443f5a9db7f0f6e75e1c9e47d73f8d0624e9e6f33c2dee3c6ff394082d78ffd3a68309b3085e1a7c106f62c3959a353672cadadf6c058fe366b03fcd95a23f564c55a3ce9a914c11c8b2d6040147a1539b106adecce531646fea4db06775fe5d1bf9cb0107941b620043ac9b7936b2af9849eca9c46062945b137dfa355a7ee0c81a0193fa60a70e59b407af06a7f181a3e4ccc81f2c580a6c6cf67a8bf93eb8ff2151b7074144bf7c5cff97814e0c00c138d984559ac8b95a45a4497174130bbb0db22fa53187db1d923d9ded441a4d2fcbe0ff5736ecc3d94bfbb2df632ac88a02f2c9f73312e7a9c2d8d6c0bbfc774595e2e63669f2b5bbf6ee6a1ab0c25e313d819b02c785494eda4cace033e96b1ecc5b155a14e0c8d51d54d8bf33e499d0913d9605a419bc6c73c6bb07d1a306adb27dfedbe81a386fb3bb659764442c4d9d66673a916ee5a6ae59abc994fff64f2db0c83e2b18944f619cfdea0ea0911064ab690b2e03670a3e3667651c1980d0491a40312307e4534671c9c8ca8712506eff211577783c81dc05ffae4a9c6d7554f9fec07b25451c70e6f4d4b160544b66d66dd88ef1c77f09133db317c39fca05b68ef3eee3c28cbe31982adb0693fe9699d06654150346915ccdb17c69ea3aa8bb36b5f321060f6237dec73a011b233b81a6337bd77da5da753593fe30282456a0da2c4a18911ab5a8af13c8f623e5684f74f322ba103482d9abec31a684707671759ac8bb2592d66350745f77f18bd6a6cba542644f1fdf0dca14a08f4ffd1365969ee896cb39e845f71590eb4c73cc624cdcfbdea2352ad5173e5e919fcb98f6d960341047d181075ec8b1e92f40ecd5a1bf157925329748cc7af0239a7803a0c947479e070b026baf6738c29c9a8351685abd43775726ec0bfeff4d51fd3fcb04b108de286c5f61a82ef496e20133ef8b4ae243e81b20822ea6285c70bf1a33cb9f4ceeec053f60992c0023bd5acb0d4a9a55ef377f2837784ada634070a85b0a42fabf288130d6b74ca23473fbce932bedb44cd51dae78efd058dde5d7eb4aadfe3dd8346420567e745ced5189db6df22edbc66580a236f6ab148a3efd69bdea3dac7cffb47df44dbef7fcb436902bb30d65d65d5320c3b76ac17f43d27b2deda8692ba03ac2ae60e4ed2a9232c71a98b9869259a410b901f38cd6712f69f2dc3f92b7c5909f3595e99c9fc77d4d33f9a0e57d5f121e2de782b22cf7fb9bf22fc6afde5e42876ff8005f8a042bb5a9b67d60f40a7ad1cd73810a4f704f14823d4074e5a32b028c8360432b8aff539705961fee84d6c60b2b4d2efad60fb20c1da653869349b81e6c3d56c96ce56a833ee9a2b3e92a4b96c5a545910406751b4e7da24a328de0e20042d1ecc3bf7fd97071bb2740f497307501d90fa9c8e5cd63a703096955f4934d9140ad295cae59232cf005574d875e098637ecb757305a51d102ae5323b23a61c1a1b888c5974a243e42bfc391114ba5ba28e2375cf1d6d1a63e6bd5cf9aff9af16bdc927f642151597fe6d18ab008426f25054ee8e39136e2c217ad1f4cbfccdaf9a0cbd97edef5fef9b2ec486a4b21d79021103deec2ceb26c0b0035856ea2370aa3a8de925797722aeeee2d504184988f9f8727915c389f043c3de2b0d8e3046c46b33cb1615f291f272ade0029cad1f1d2e723e62cf739b667b005de14c3ed265e3bc2d553bb232f88b92a8284996c50e141608623ca7677a9cefb85fb0e0e77e23b9767dd65fbc119a15969ecd10f8033d9f37a748a895fd39390563f5f7998bb10eda8610855eaeb2499d8234975edb16c438069e8701bec0a86ae108a19b9f54782648af4b7b04a1d7b6b3a853c24f2393120918d1eed7b40f467c88857ee9cddf5f01db495f3138984387adfe3cf51a47dca021f9f31b44af1d1ae7c9f4c768f2a46d5c012a937985f56436ae15528ae3597590c927be9676a4ca80a19d44457b06991c02488c96e31094cd963b64e8623fc7000009ddb29b0dbb13671c321d24e322a05cf215dd04eabc2cc6fdaed762d3f9da0f1e0e4b7ba13a6036771c9403457dfddecb71579de33c597860a2e49d7b5052a6b018ddb409a7a84f8f6651d070a4c913b7a721490c8f97c085de8315019952deae16434a3e5fd5d242b1b333d8a801aaa67e4aa599b818c8e747ecac2e9c6176bec7e34ecb84450903f5aa6c6c6bf539b240506562d73c5dfbacdfbcc9db3089701f2c7fe6d6b8d6728f8a1b90a911338463e6fd824ecda51578865b3c363b4b79f6c698e27760c1090f8ae52d6fd3f0f9488f1c25feab4b48c03ddcf74a8b6d2b0fc6b5a89b8051c99edee357fcb875f523f7a88a5f25222fc0ba159873b47fe906e88f920943e453048cdea455dd98fe77f55d9c92e205b87120ac5ef791cd7d6ce7d2cfe689db61096c6e4fc359c9aa4dd3d1205358da38882073ef7268239f7c74b0f3cd60ca239b2fcdc3f5c774559ffbb2b821f1314987d8cbe5342db9567a864d569abf7e14f48d4e2b178be4d020c4244ddb0cf4ef7124f295a81b9c10227ea886e6f6ea2dca031a026a4f946f49598b76141a0b18170bb3cfa9136c49c69d71732aa223db1e65553aa03bec9b0a35c31eb4e6b0dab02ec2c2d851a731be9cec6078456631c68761e14dbc9afa2c3f631a160ebf9d1fd3c2ecccf6d4aebaf0fafe2e9f47ea9d386425a7950671cde77c6951ef43a1ed32f0ed6fcda74ca9333d2513e4a40cfca01a17bfbc13b0229e2b16400880d96e4c687fc54ed0b34326126f845bd7cd2063c51abbf8bb61f6f1dc3606959f2dececc6e3e08d808841c4779ca0f5f51e7e03260d0b75b1b0355f8544c1639b2f0bfd6f95c4f6d151073a086ecc890d6366acbcee869020cf347e700a8361bd8d5c53e6480526aaf31c9c655eae11831184746a709387e60d68c062e5e05e578d11687f6a5411ffac4cfd62331f63a9726ae77c5799bcca05d6983c985cd23d025e3367ef8c7ee903de557322f38629628ee3076ac483f8257c6335a478412cad1d73b6fd43c37a62dd7a0ae7601f12b4478c3f2ee105a915ff2052d23a8b9af3ca59013f553006259d4cce52212862d22c08c29affa3520b33a6b68cf2b9f91d9258dc5052bf360977ba81a37701118f635379d852b6481843604c111bcfa4970afd5a0fa52824cb27ac9a77b7575e3e0cd043c29c5682a47fe94fd6c2c225b6d9939b99c18b5fb898c5f28e87a5b6a0bbeaa2c4725cf5494765d79a50d2417e84130bb37f540e8db7064e57935ec3c6f9baa2a9a1ced0f8c6eebcb9b688490b31f864dcd9b726628218b42f45aa82f2bcdf2c7532c9669ea7ffb6842451ac314a35cdb0855312448c24efd6583a582e15ad5e7f7b714f0ac703a24e2ee8769a868079af8660931ba325ea1c9b636ef7b13766204dd733c3bc69f11e026c382ac0fa5ce8413fb9f84408e4648a5e66b8592093a17a42cb105b616b8239d2031200eecb9beca6d411a71f072fd159eac0a4f4392a0cedb96248dad497b2379f3162254045ce276503093e5e7ab062b942cf6f2302a5ab9af1b3a315ec67faf84b70fdbdb39044a22cd7bd0f62ba66ce2257f3aa0f56d53c8157c4db3297087e25ec24696813430f386f5ad55bf6289f62e1492dc6ac3bb5047e933d54ec338cafb3bfae8336215611bc3e8a5cafaca7c70f580570518a675cc2075c7593e1d98ef02b74f06b041b6ed9b06e820d32b413de06235441a52346c3fd2e723816c7b481fbf564a525646ba62c615060b2f9fb0ff0f00c376c6dfcdb060aca7af2f07f6030a2ca324c8380c11f9c1182acdea2123c52f5a40b44909180a14037c760c4ecc10f20206445aa65cf835f09633491f608598f1fe5cb5175ddc48070fe0608335af27ded864f97dd52c235b7c4ece6bda153224b773c64235c1099054a55849cd1af7832abd1383e82f63715c9cc24543397bd56e34fd5d28e49021bb483617a3444fdcf8cdeb33bd8675334a897e17966fcbc1e5c5c5399bb6bf02a9bbfaa5f3c58d2efd007dcb1190af4ab4b71987ff7824bd9b9c6d6fb0b144c1fd462805aabf2c7fbb043ff22b496e41a4a81957892efe74d614d62d4b04bbf544fb03826e9baa2a84f32da4d1154c1d0fbdcc17f24a49633761d2b5962e618d8a9be2bf373cdc9c45ecff0148f355075fde5ad5e8da5d59498eb2b7f77a4c0622edd29d7dfedd748b750d0b48057fa7b8ff575714a408a926f6e0cad081eb24780fdbb116fb8dfefb2006f765ff95fe4def6b83fa97b3f54204a0c00cf71c4a1efeface1198a94610570816d08c19af76b03afa42f722abbfebb2c99a905300918dbcd131fce84632bf4f7f5dabd1b5b05742755b45e50eb89ee278e0f6f1a8ad3d9f907b9accbe4845f6591f8361b52e4dd8f19823efd7e89c2ba80c70671eea397e1953daa12907ce59d940a6dcfb3eef7ba7405bb489c38319ac4fee62dec986f4f0975dc1b9f576ebdbca90c42e7f3b1928154af66de5e54b16d8b6541f55daa90812ea7dab78a87d969e4bf95c47f70ce84f9e41e542bbb91f77105c8314e8bd5d8d37e11d9af07c5dcedfab1f21642bb30fb332f7c6bfe13cde2f28f104344777066afe5b0f6db14390f587e64417b0dab027cef4c5daedc75812a7452d45e57e8e274ad8cd8a10b2b9ce0f371809101e9340f2fa0a59501020e48f862572fef70b350938e00a921fb1c080e933eaad2d56daeed692e7d69d4b95a2d1a620da88247314bd73a20cc7a504427df77ba969b5adbf74321e982c2a1913b66a8687960c8fb71a850c1003c76fe1c3bbbc8eb142dfa01f5df52b72bde0c8884374f72eeb8038ad57beb6c732c511bd5847ae8d4b69e195f87b03379279936dda69e11cfda279f37e53a05cb787f118d66f62a87037981937d6083e47e31de6a2700cb7976c0dfcf972bdd458e561f13b3e30368c8bacb722611db7627ad4e00a34f69a5eb9edc7eae464b2422a4c38bed04c49b15fce25ccd22347720273127236d6e8178cb414d1b4dc36cabd19f713782bde48db7094577042083cf5d42224eaa69e0d70b57e6f1764a825909c48858cda13ab13ee203fd0d57291acf508f91f9bc428d4c9ea06a9df3c9ce183e0c101a4d52fd87866c2146219beb15e616ce239cb025ef3dfdb3a2568a833c88a66a580ca9d3f2b770647d5baa42a707351688dc0be3b15d2cead64792e9f9688ef95ea5274c08ee13c4a3797ce346dceeaf7d81a18181839ebeed412baf43ec1abb35b7930ed7a528f9a0bbccd1ea6eb525488c6731150afe791bf58e524de4cc62e174d134bf5d170132efdb2cbb42b882219de563cbe6280ce4cd8482699442b236d1bd54517c3ad25fb3d68a649920357d85f343f0b46ce4a78b1836b6ecb198f1f1686597206c09ad4534717402eefc0d5a90639f91b84d3de00e7d815059640ada64140687c3e404432c74e91907cdcf3e07e997eed9de114767829833920a9fa5bebf7d99fc4f461375f3426b136b680230c7aa135f0d2d72be7bdf8667a8cf0dd0bf5490e393b5a465d37b9ee0d659c8c0f96681b71a867978b3503a45dfe95e49b9d11b8ca953ab01ec1714ca9ca1e1ed5998e02934901dcac10a2553a94618db7d79c4a48741afe3bceaa994833595808f8080f6eafadd31caee252a7d115db962320be9503147d39adbd11b1cd4cf2cd4bf94d9036ea61b2d4791c6326af653847d2b6dd83f5df51eb9473ae0c305abe5f3896175d82a2b569bf100166004886dc58432cd678c0a4a152013b2646a68284567b898e6f3d38a9187b6d10075234b2e11b7c929b308bbcb82f4a8ceafc503f18536092f2965d13875060c926b5404ccf3bcfb1389688fb4bf57ff79201d8a00cbb54a12b3be4693b4a295284c90e7d0f08b632eb0411bbd01d51112afe5db173a8159dd38fe6e9804f6ae779479ffdc697ec572b0934704dfcc3e9b2bec95587285299d1d79192b2324e4eaf4de74df050170562c08e0a821f47745f63ecbbb767846ddcc331f459013ec90de697346f1e57345a51fd9d2233cb3591c406bc25ff5c098c331cd026aca7ac1fb1c35c3d3597c7deb89620a364044b30c77d5071bea5b196a0c380ad40370985713838b1c830130a5fc15c5501748a2c8369e77c3fd4ec2f5de572ee183f526359f28865d68eb87c21f8fcd4a09d76ee6d9ef31561d9c97ae3672500e342a798b04177f2c5896bd06b4c96a58aa839185ae44b838d763872bbf1e7b665848f1e186b5ab6cd4628f4725324981b0aff0b9af2f78883dc8433d2dc26c1766e0ec77c4eb63da1f859c09ace8889fd2c5ec7f7e11eeb547900dd9332b7b96ea6be35aea692e54c1cc3d1211bc843f8e8ce71abb88873e132fe214a7e7670fcac38516b6935b9e0a2eeb43a0aebd25676db551d8cff4fe0b6cecbd59701317022511a2d612864c09496c99af48e1cd066c5bae55b415ec08e99947ac94885ddf875d8f8af199aba32c0bfc27f6e19e57380618e7940481077edf6270ea3befce28a55c2a68a961142e959690ba294afd57c5530a5fbd5f60d791a3f06720947c74cec26a571a9f2e5cf98cccefba8beff72f2570f8a0e1a130c0e85d4fbb6a6f0b881af274c9eb063ef09176d43f8f18bdb35a0acb1c6305ba5563d1b6baff53b1251305de413052667c4cf9f94460bf348fb27ab5719ae44faf02dae55d8eab643040834b04aab15a197568e8ebd296638b01e5ea34e39ed47ffb58a47027d4b7d978028b7812a141df233065e93c20dc736af1cdcedcf7e766eab238b3b4d3df022f50b43973c47d1c80055e4fdf569e50fd382e840b76a6db6c06b1f0603a2234b9175c5e15a22855b57cd5257d9b5a456712f281f83e1c6c87f58be8166f8b2e85e9f54d24fe3b420d77a22745dfc7ebc89e21acf1c6649324f4c5bf53e188ce3216dbdec21a06fa9e61d830814697727305fb48c705c4d6c4bdfb874e43a8fb1423e2d2d6bdfe22a0d2b211d3beb86937c639c934cfe9a4b6c2853ff353829028854e8d7d75f29f01c4d7c297fe0236345ecce914b3be4907788a39c093c9f9e2c930a15563cc453d08123deadf853c83db0e3986d993e44e441a874411b7905708462e1ba42ea22521d7c57089a77b14b6dbe57f0ce69c7c4f1c0d53385655a8ed6294f113d33ad8867ac05e80403e6a8103d1574fab80f43a4a3af93a67678346d7b3b977a1381afb93990b1cc3aa73cc463f72bd898f647f3f5a3b342fb5e37140ddc499edda92ee624039ef3f802c9055e20b7d6e4f5a109cb4ca1bf84d37d1e78d45a10f45602b61216ea8969eba3a0075256faf8e577de835bf0b37311d16310645effca6751cf502a035d7ac7d1ca2c23547a739116efb586dfe2762ca4bf5ce5fc48913efb41a4a93fdb240f0895cdf306ddd13337d38a58402561dd663bbc675e1a378d4f770ba5e308c6ada84faf18ab2b387b0ac139a57dc534e278a1afecafcaed3746701cee14edce6c85cc39c91ed5be8a178d2fcd97567e8ab661d573278062bfc3c83acbfcdeec7f08d3c1197ccf830c883eaaa01e2cc44e91cdc1c47c03797528a9dd63cde259b4b211b57af121b125fefb26c110da83bbc150e2663a22273cc855cb3c52d02fd92db59a7c876d1a18e66cd64708aa478f3f10e726210dbbe2fb1afedb2034a7d59ad774e73f97d7b4b121cc25b90dd4fb5179816174dc4650b2da366d11a519f4310972944625c839b01040c712c635d967269c6c07189b5b1b496403e35e9ef01ecf7e795c357ae08b4736d2c1bcbe556cc671ffa37677b740baebaeb1b74c922d1ac83cb3ab86735d07ebffe072ca08ebd56d0ae89d5535a63bee75810468b1560534ecdb4a16495f9a7f42164df055942e94011848c5dac783a69fbdcac9c477850320af0c10da48775434088c7d090202f927463123639dbc1d48a871e4f20f75563f6dba586db6d12e2e7f36e7da4915037fcddb4413336b423f6b888bcf297fb8d33493e9fc2e992afeb1b83aaeaf46f4aba9bb0aa2708272ce5b0c90ef9f6c366c20e90d0f87aeba828196acdc4306131c515319776dfab27de1e3a501cfc560bd3a1dd29e54b87de9a01d0351184ed5cc3323cef72fd423dfbb0ac90eeec5474432ec1e4c64d68605c378320c0e97a3d89a409b7d969d6e116c2ba861f57418d8eaac5bff85c416ec5224d92df53d8f272c7e02e832bd21ef4d6b4a9bd307f8c1756c3e6c155bb2ce5807311d60b2fb31357c89119af443af2d3a4d08fb6221aaeee97bfdae51ebf6c51f98300033ec513ad6996041441d474ccf3a2548a11b94527ebc2e24d7519b1ded645da3af62060a4ae19eddc3bf331c4c762d9672de22558c655ba05338d985da134230fef2d0639743bdb4695517dd9e3733827050617b3cc792d12b3280e0000b22ad5130b27f9a5e25b965028874db5b5efdf881043e1279187294bbc35865af7662b23b9adf614a9af41fe4d0c9cfe62106a2bb6d294d3ca554062b2c7a0299f82fd5eb6841fedf096753b1a63a6b4dcce3837ee36062055c9f52b3272f411709db86d59db530fd1ed9cc2138817c290a2777d1d54cf4b7b2f8737444b58334a1c26f63ffda10b749b5796fa61ce6f74fecef2c4766a05d0468c1d7056beb8fa9cf7d51d5115690bcb889f09dbe01b1c55ac860a00cc159f6683d33fdca16d815fab5bbf00", 0x2000, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)={0x30, 0x1, 0x4, 0x301, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFULA_CFG_CMD={0x5, 0x1, 0x2}, @NFULA_CFG_MODE={0xa, 0x2, {0x0, 0x1}}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008014}, 0x20000480)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000000e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000180)="8dfb", 0x2}], 0x1, 0x0, 0x0, 0x803e}, 0x3)

0s ago: executing program 4 (id=5427):
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
socket(0x200000100000011, 0x3, 0x3)
read$FUSE(0xffffffffffffffff, &(0x7f0000000800)={0x2020}, 0x2020)
syz_open_dev$tty1(0xc, 0x4, 0x1)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000006c0)='source\xe5\xbd\xe3\xd1{}+\x1a2V\x1fH<\xb5\xa2\xdfj\x03\x9e\x15\xad\xd8m\xc7pU\xbf\xd8Wy\x89-\xc8\xb1\xa9\xe6\xeb\xfd\xeai\xe5\xd6D\x1c\xd8\x99\xc4\xc7\xb1.+M\xe2\xee\xee\xe8\xc99\x12\xf8p\xd7\xcf\x8f\xf3a~B\\K\xd4\xe3\xa2\x9aufR\x99t\xf9R\x1d\t\xbb\xd5\x85\xbb\x90\x85\xe6\xefh\rVL?\xc4#V\xd7j\xc8\x8c\xb1\x1ae\xc2\xd0\xc5\x8d\xd4\xa7\x0e\x93\xce\x00V!B\xd1R\xb7\x9d\xe7\xcc9\x93\x95\x8e\xec\x00\xfb\xad{@Lk\x12m\xbam\xc7\x9d\xf7\x98T{ E\xb7h\x84\x1ft\xba\x12\xa2\x99\xf0[m\x0e\xa7\x12\xb8I\x1e\xec\xe5%\xfc\xf2\xe6\xf2=P\xba9\x84hp\xc0B\xc1\xe7\xfa\xcb9\xc1\x9e\x14\xca\xe5\xba\x8d\x1et\xe0[\xdagu$,\x89}\xb3\xfd\x1b.\xf6\x9f\x83S\x8as\xc2\x8a\xb9\xf1\x03\x87\x06\n\xa3l\xb0\xe8\xd37\x06Ua\t\x98\x10\xc8\x01\f\tY\xa3Oc\x11\x96\x97\x88c\xfd\x94xQ\xf5nm<\xa3\xbbD\xc7\x03@\xa5\xdaI\x1a\xc3\x9b\x96$\xcbn\x9c\x87n\xea\a\x9d^\xf4\x00\xa2n^<\xd8\xb8\n\xfd`\xfe\xff\xfcp\xab\xe4h`CK\xd9\xe6h\xf8y\xe7h\xf2\xfd\x9a\'w', &(0x7f0000000300)='c::fo\xa83\xc1!\xbc\"R\xc66\xb0\xf8\x12\xce^\xb0\xe3L_\xa6\x18;\xe4\xb5<\x9b\xedt\x8du\x8c\xd3\x03\xa4z\x9f3\x80k\x12U\xf4\xc4k\x99t\xce\xb6\xe2T(&a\x9e1\xab\x9bg\xd6\x1f\xacx\xb2\x95\x16[\xbdx\xac\xe1 \xdf-\x81\x87\xd3\x8b\xa7CLz\x04\x7f\x91\r\xb9\xcc.\xab\xe7\f\xbf\xca\x91\xfc\t\xd1\x1fO\x87\xd4]\xf6\x12Z\xf8K\x96\xa7\xd9\xce\x94\xe7nv#0\"5\xb3\'^\x90q\xdd\x0e\xb03\xf1\x98S\xf2U/P\x05\xb8\x9a\x01+5\xf8\x1e\xfc\xea3\xa6\xeaY$U\xc5;H\'\x98~\xed\x0f\x0e\xcb\n\xddI\xb2\xbc\x831\xfc*\xe3q(\x15\xa2R\xd5\x16\x92f\x97\xa2\x01\x8c^Y*', 0x0) (fail_nth: 1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r4, &(0x7f00000001c0)={0x1f, @none, 0x1}, 0xa)
r5 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
setsockopt(r5, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
accept4$inet(r5, &(0x7f0000000100), 0x0, 0x80800)
prlimit64(0x0, 0xb, &(0x7f0000000040)={0x2c5, 0x2}, &(0x7f00000000c0))
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, 0x0, 0x0)

kernel console output (not intermixed with test programs):

.107: found no endpoint descriptor for endpoint 4
[ 1523.524740][ T5822] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[ 1523.525673][   T24] cx82310_eth 5-1:0.0: probe with driver cx82310_eth failed with error -22
[ 1523.533806][ T5822] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 6
[ 1523.545972][T23621] binder: 23620:23621 ioctl c00c620f 0 returned -14
[ 1523.553092][ T5822] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[ 1523.688872][T23599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1523.704762][T23599] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1523.729708][ T5822] usb 4-1: USB disconnect, device number 64
[ 1524.168047][ T5822] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[ 1524.180008][ T5929] usb 2-1: new low-speed USB device number 69 using dummy_hcd
[ 1524.202477][ T5822] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[ 1524.215478][ T5822] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[ 1524.235258][ T5822] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[ 1524.246793][ T5822] keyspan 4-1:0.107: device disconnected
[ 1524.347406][ T5929] usb 2-1: device descriptor read/64, error -71
[ 1524.420676][   T24] cxacru 5-1:0.0: usbatm_usb_probe: bind failed: -19!
[ 1524.530661][T23629] ubi: mtd0 is already attached to ubi31
[ 1524.627652][ T5929] usb 2-1: new low-speed USB device number 70 using dummy_hcd
[ 1524.728492][   T30] audit: type=1400 audit(2000001107.179:4651): avc:  denied  { read } for  pid=23605 comm="syz.4.4947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1524.937402][ T5929] usb 2-1: device descriptor read/64, error -71
[ 1525.005331][T23637] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1525.047638][ T5929] usb usb2-port1: attempt power cycle
[ 1525.417676][ T5929] usb 2-1: new low-speed USB device number 71 using dummy_hcd
[ 1525.665900][T23629] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1525.678760][T23629] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1525.693602][T23629] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1525.698101][ T5929] usb 2-1: device descriptor read/8, error -71
[ 1525.708578][T23629] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1525.715837][T23629] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1526.794685][ T5822] usb 5-1: USB disconnect, device number 73
[ 1526.802117][T22940] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1526.823304][ T5929] usb 2-1: new low-speed USB device number 72 using dummy_hcd
[ 1526.948328][T23655] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1527.110618][T23659] FAULT_INJECTION: forcing a failure.
[ 1527.110618][T23659] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1527.124958][T23659] CPU: 1 UID: 0 PID: 23659 Comm: syz.9.4960 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1527.124983][T23659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1527.124995][T23659] Call Trace:
[ 1527.125002][T23659]  <TASK>
[ 1527.125009][T23659]  dump_stack_lvl+0x16c/0x1f0
[ 1527.125042][T23659]  should_fail_ex+0x512/0x640
[ 1527.125070][T23659]  _copy_from_user+0x2e/0xd0
[ 1527.125097][T23659]  memdup_user_nul+0x6c/0x120
[ 1527.125124][T23659]  sel_commit_bools_write+0x13e/0x420
[ 1527.125146][T23659]  ? __pfx_sel_commit_bools_write+0x10/0x10
[ 1527.125174][T23659]  ? __pfx_sel_commit_bools_write+0x10/0x10
[ 1527.125195][T23659]  vfs_write+0x2a0/0x1150
[ 1527.125229][T23659]  ? __pfx_vfs_write+0x10/0x10
[ 1527.125250][T23659]  ? find_held_lock+0x2b/0x80
[ 1527.125273][T23659]  ? __fget_files+0x204/0x3c0
[ 1527.125301][T23659]  ? __fget_files+0x20e/0x3c0
[ 1527.125324][T23659]  ? __fget_files+0x120/0x3c0
[ 1527.125355][T23659]  __x64_sys_pwrite64+0x1eb/0x250
[ 1527.125383][T23659]  ? __pfx___x64_sys_pwrite64+0x10/0x10
[ 1527.125416][T23659]  do_syscall_64+0xcd/0x4c0
[ 1527.125446][T23659]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1527.125465][T23659] RIP: 0033:0x7ff25dd8e929
[ 1527.125480][T23659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1527.125497][T23659] RSP: 002b:00007ff25bbb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[ 1527.125515][T23659] RAX: ffffffffffffffda RBX: 00007ff25dfb6160 RCX: 00007ff25dd8e929
[ 1527.125527][T23659] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000005
[ 1527.125538][T23659] RBP: 00007ff25bbb4090 R08: 0000000000000000 R09: 0000000000000000
[ 1527.125549][T23659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1527.125560][T23659] R13: 0000000000000000 R14: 00007ff25dfb6160 R15: 00007ffc7f5231c8
[ 1527.125585][T23659]  </TASK>
[ 1527.314291][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1527.317452][T23660] fuse: Invalid rootmode
[ 1527.713925][ T5929] usb 2-1: device not accepting address 72, error -71
[ 1527.727594][ T5929] usb usb2-port1: unable to enumerate USB device
[ 1527.739248][T22940] Bluetooth: hci3: command 0x0406 tx timeout
[ 1527.745339][T22971] Bluetooth: hci1: command 0x0405 tx timeout
[ 1527.751407][T23076] Bluetooth: hci0: command 0x0405 tx timeout
[ 1527.757431][T23076] Bluetooth: hci2: command 0x0405 tx timeout
[ 1527.792498][T23655] overlayfs: invalid origin (00000079007a6b616c6c6572310000000000000180c2000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[ 1529.312680][   T30] audit: type=1400 audit(2000001111.809:4652): avc:  denied  { read write } for  pid=23682 comm="syz.1.4969" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[ 1529.354944][   T30] audit: type=1400 audit(2000001111.809:4653): avc:  denied  { open } for  pid=23682 comm="syz.1.4969" path="/205/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[ 1530.724627][ T5929] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[ 1530.937856][ T5929] usb 4-1: Using ep0 maxpacket: 8
[ 1530.948762][ T5929] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1530.957949][ T5929] usb 4-1: config 179 has no interface number 0
[ 1530.964535][ T5929] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1531.107209][ T5929] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1531.164073][T23706] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1531.235763][ T5929] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1531.278355][   T30] audit: type=1400 audit(2000001113.679:4654): avc:  denied  { read } for  pid=23701 comm="syz.2.4975" name="file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[ 1531.382858][ T5929] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1531.521437][ T5929] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1531.556086][   T30] audit: type=1400 audit(2000001113.709:4655): avc:  denied  { open } for  pid=23701 comm="syz.2.4975" path="/185/file0/file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[ 1531.685489][ T5929] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1531.757409][ T5929] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1531.778007][   T30] audit: type=1400 audit(2000001113.909:4656): avc:  denied  { read } for  pid=23701 comm="syz.2.4975" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1531.783803][T23712] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1531.813641][T23689] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1531.818310][T23712] overlayfs: invalid origin (00000079007a6b616c6c6572310000000000000180c2000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[ 1531.846888][   T30] audit: type=1400 audit(2000001113.929:4657): avc:  denied  { open } for  pid=23701 comm="syz.2.4975" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1531.877246][   T30] audit: type=1400 audit(2000001113.969:4658): avc:  denied  { mount } for  pid=23701 comm="syz.2.4975" name="/" dev="autofs" ino=91104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[ 1531.906196][   T30] audit: type=1400 audit(2000001114.109:4659): avc:  denied  { ioctl } for  pid=23701 comm="syz.2.4975" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9378 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1531.907860][T23713] cgroup: Unknown subsys name '¬§@﬽æì¦4*oäÂÒ£hÓîºoþüíUÜ'
[ 1531.947813][T22339] usb 3-1: new full-speed USB device number 83 using dummy_hcd
[ 1532.066060][T23717] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1532.158216][T22339] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1532.466942][T22339] usb 3-1: not running at top speed; connect to a high speed hub
[ 1532.494815][T22339] usb 3-1: config 1 has an invalid descriptor of length 108, skipping remainder of the config
[ 1532.516839][T22339] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1532.598040][T22339] usb 3-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1532.964524][T22339] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1532.979224][T22339] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1532.988813][T22339] usb 3-1: Product: syz
[ 1532.993166][T22339] usb 3-1: Manufacturer: syz
[ 1533.003637][T22339] usb 3-1: SerialNumber: syz
[ 1533.152467][T23730] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4983'.
[ 1533.178642][ T5822] usb 4-1: USB disconnect, device number 65
[ 1533.178725][    C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1533.193414][    C1] dummy_hcd dummy_hcd.3: timer fired with no URBs pending?
[ 1533.229044][T22339] usb 3-1: 0:2 : does not exist
[ 1533.249842][ T7454] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[ 1533.269439][T22339] usb 3-1: USB disconnect, device number 83
[ 1533.468639][ T7454] usb 5-1: too many configurations: 33, using maximum allowed: 8
[ 1533.561300][T23733] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1533.924311][T22971] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1534.216674][ T7454] usb 5-1: config 0 has an invalid interface number: 101 but max is 0
[ 1534.225177][ T7454] usb 5-1: config 0 has no interface number 0
[ 1534.231325][ T7454] usb 5-1: too many endpoints for config 0 interface 101 altsetting 115: 51, using maximum allowed: 30
[ 1534.242558][ T7454] usb 5-1: config 0 interface 101 altsetting 115 has 0 endpoint descriptors, different from the interface descriptor's value: 51
[ 1534.255906][ T7454] usb 5-1: config 0 interface 101 has no altsetting 0
[ 1534.263979][ T7454] usb 5-1: config 0 has an invalid interface number: 101 but max is 0
[ 1534.268289][   T30] audit: type=1400 audit(2000001116.759:4660): avc:  denied  { unmount } for  pid=20135 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[ 1534.276267][ T7454] usb 5-1: config 0 has no interface number 0
[ 1534.385071][ T7454] usb 5-1: too many endpoints for config 0 interface 101 altsetting 115: 51, using maximum allowed: 30
[ 1534.415274][ T7454] usb 5-1: config 0 interface 101 altsetting 115 has 0 endpoint descriptors, different from the interface descriptor's value: 51
[ 1534.897467][ T7454] usb 5-1: config 0 interface 101 has no altsetting 0
[ 1534.906031][ T7454] usb 5-1: config 0 has an invalid interface number: 101 but max is 0
[ 1534.914385][ T7454] usb 5-1: config 0 has no interface number 0
[ 1534.920572][ T7454] usb 5-1: too many endpoints for config 0 interface 101 altsetting 115: 51, using maximum allowed: 30
[ 1534.931672][ T7454] usb 5-1: config 0 interface 101 altsetting 115 has 0 endpoint descriptors, different from the interface descriptor's value: 51
[ 1534.949101][ T7454] usb 5-1: config 0 interface 101 has no altsetting 0
[ 1534.960182][ T7454] usb 5-1: config 0 has an invalid interface number: 101 but max is 0
[ 1534.968776][ T7454] usb 5-1: config 0 has no interface number 0
[ 1534.975078][ T7454] usb 5-1: too many endpoints for config 0 interface 101 altsetting 115: 51, using maximum allowed: 30
[ 1534.986664][ T7454] usb 5-1: config 0 interface 101 altsetting 115 has 0 endpoint descriptors, different from the interface descriptor's value: 51
[ 1535.000114][ T7454] usb 5-1: config 0 interface 101 has no altsetting 0
[ 1535.011531][ T7454] usb 5-1: config 0 has an invalid interface number: 101 but max is 0
[ 1535.019979][ T7454] usb 5-1: config 0 has no interface number 0
[ 1535.026474][ T7454] usb 5-1: too many endpoints for config 0 interface 101 altsetting 115: 51, using maximum allowed: 30
[ 1535.123746][ T7454] usb 5-1: config 0 interface 101 altsetting 115 has 0 endpoint descriptors, different from the interface descriptor's value: 51
[ 1535.137475][ T7454] usb 5-1: config 0 interface 101 has no altsetting 0
[ 1535.167753][ T7454] usb 5-1: config 0 has an invalid interface number: 101 but max is 0
[ 1535.175967][ T7454] usb 5-1: config 0 has no interface number 0
[ 1535.184926][ T7454] usb 5-1: too many endpoints for config 0 interface 101 altsetting 115: 51, using maximum allowed: 30
[ 1535.345008][T23746] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1535.704576][ T7454] usb 5-1: config 0 interface 101 altsetting 115 has 0 endpoint descriptors, different from the interface descriptor's value: 51
[ 1535.718128][ T7454] usb 5-1: config 0 interface 101 has no altsetting 0
[ 1535.726281][ T7454] usb 5-1: config 0 has an invalid interface number: 101 but max is 0
[ 1535.787086][T15995] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[ 1535.808597][ T7454] usb 5-1: config 0 has no interface number 0
[ 1535.815104][ T7454] usb 5-1: too many endpoints for config 0 interface 101 altsetting 115: 51, using maximum allowed: 30
[ 1535.828978][ T7454] usb 5-1: config 0 interface 101 altsetting 115 has 0 endpoint descriptors, different from the interface descriptor's value: 51
[ 1535.843415][ T7454] usb 5-1: config 0 interface 101 has no altsetting 0
[ 1535.851758][ T7454] usb 5-1: config 0 has an invalid interface number: 101 but max is 0
[ 1535.860340][ T7454] usb 5-1: config 0 has no interface number 0
[ 1535.866479][ T7454] usb 5-1: too many endpoints for config 0 interface 101 altsetting 115: 51, using maximum allowed: 30
[ 1535.882649][ T7454] usb 5-1: config 0 interface 101 altsetting 115 has 0 endpoint descriptors, different from the interface descriptor's value: 51
[ 1535.898944][ T7454] usb 5-1: config 0 interface 101 has no altsetting 0
[ 1535.967878][T15995] usb 3-1: Using ep0 maxpacket: 8
[ 1536.012918][T15995] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 1536.027714][ T5929] usb 10-1: new high-speed USB device number 81 using dummy_hcd
[ 1536.191046][T15995] usb 3-1: config 179 has no interface number 0
[ 1536.197838][T23754] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4989'.
[ 1536.201513][T15995] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1536.221098][T15995] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1536.232633][T15995] usb 3-1: config 179 interface 65 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1536.244075][T15995] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1536.257774][ T7454] usb 5-1: string descriptor 0 read error: -71
[ 1536.264041][ T7454] usb 5-1: New USB device found, idVendor=0eb1, idProduct=6668, bcdDevice=57.b8
[ 1536.273288][ T7454] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1536.283542][ T7454] usb 5-1: config 0 descriptor??
[ 1536.288605][T15995] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1536.297919][T15995] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1536.306028][ T7454] usb 5-1: can't set config #0, error -71
[ 1536.314574][ T7454] usb 5-1: USB disconnect, device number 74
[ 1536.326376][T23740] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1536.351125][T23759] binder: 23756:23759 ioctl c00c620f 2000000002c0 returned -22
[ 1536.377694][ T5929] usb 10-1: Using ep0 maxpacket: 16
[ 1536.385038][ T5929] usb 10-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1536.395142][ T5929] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1536.414219][ T5929] usb 10-1: config 0 descriptor??
[ 1536.432491][ T5929] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1536.557233][ T7454] usb 3-1: USB disconnect, device number 84
[ 1536.886088][T23769] ubi: mtd0 is already attached to ubi31
[ 1536.915843][ T5929] gspca_sonixj: reg_r err -32
[ 1536.921493][ T5929] sonixj 10-1:0.0: probe with driver sonixj failed with error -32
[ 1537.357463][T23782] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4997'.
[ 1537.533209][T23770] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1537.546804][T23770] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1537.567552][T23770] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1537.577553][T23770] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1537.589314][T23770] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1539.081120][ T5929] usb 10-1: USB disconnect, device number 81
[ 1539.107360][T22971] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1539.186198][T23786] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1539.478176][T23792] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4999'.
[ 1539.639614][T22971] Bluetooth: hci3: command 0x0406 tx timeout
[ 1539.639631][T22940] Bluetooth: hci1: command 0x0405 tx timeout
[ 1539.658368][T22940] Bluetooth: hci2: command 0x0405 tx timeout
[ 1539.674906][T22971] Bluetooth: hci0: command 0x0405 tx timeout
[ 1539.725543][T23793] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1539.761910][T23793] overlayfs: invalid origin (00000079007a6b616c6c6572310000000000000180c2000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[ 1540.142707][T23797] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1541.610184][T23821] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5006'.
[ 1542.193208][T23833] overlayfs: failed to resolve './file1': -2
[ 1542.206240][T23834] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1542.812061][T23839] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1542.842846][T23839] overlayfs: invalid origin (00000079007a6b616c6c6572310000000000000180c2000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[ 1542.911526][T23844] FAULT_INJECTION: forcing a failure.
[ 1542.911526][T23844] name failslab, interval 1, probability 0, space 0, times 0
[ 1542.934820][T23844] CPU: 0 UID: 0 PID: 23844 Comm: syz.3.5015 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1542.934847][T23844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1542.934857][T23844] Call Trace:
[ 1542.934863][T23844]  <TASK>
[ 1542.934876][T23844]  dump_stack_lvl+0x16c/0x1f0
[ 1542.934905][T23844]  should_fail_ex+0x512/0x640
[ 1542.934926][T23844]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1542.934950][T23844]  should_failslab+0xc2/0x120
[ 1542.934973][T23844]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1542.934996][T23844]  ? alloc_empty_file+0x55/0x1e0
[ 1542.935017][T23844]  alloc_empty_file+0x55/0x1e0
[ 1542.935034][T23844]  path_openat+0xda/0x2cb0
[ 1542.935056][T23844]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1542.935083][T23844]  ? __pfx_path_openat+0x10/0x10
[ 1542.935113][T23844]  do_filp_open+0x20b/0x470
[ 1542.935135][T23844]  ? __pfx_do_filp_open+0x10/0x10
[ 1542.935174][T23844]  ? _raw_spin_unlock+0x28/0x50
[ 1542.935197][T23844]  ? alloc_fd+0x471/0x7d0
[ 1542.935226][T23844]  do_sys_openat2+0x11b/0x1d0
[ 1542.935242][T23844]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1542.935260][T23844]  ? __fget_files+0x20e/0x3c0
[ 1542.935286][T23844]  __x64_sys_open+0x153/0x1e0
[ 1542.935303][T23844]  ? __pfx___x64_sys_open+0x10/0x10
[ 1542.935324][T23844]  ? rcu_is_watching+0x12/0xc0
[ 1542.935349][T23844]  do_syscall_64+0xcd/0x4c0
[ 1542.935375][T23844]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1542.935392][T23844] RIP: 0033:0x7ff943d8e929
[ 1542.935407][T23844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1542.935423][T23844] RSP: 002b:00007ff944c54038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 1542.935440][T23844] RAX: ffffffffffffffda RBX: 00007ff943fb6080 RCX: 00007ff943d8e929
[ 1542.935452][T23844] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00002000000001c0
[ 1542.935463][T23844] RBP: 00007ff944c54090 R08: 0000000000000000 R09: 0000000000000000
[ 1542.935473][T23844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1542.935483][T23844] R13: 0000000000000000 R14: 00007ff943fb6080 R15: 00007fff87843bc8
[ 1542.935507][T23844]  </TASK>
[ 1543.359233][T23849] ubi: mtd0 is already attached to ubi31
[ 1544.146879][T23865] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1544.547731][T23849] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1544.608369][T23849] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1544.614773][T23849] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1544.623487][T23849] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1544.629719][T23849] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1544.925011][T23878] ubi: mtd0 is already attached to ubi31
[ 1545.727353][T22971] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1545.750480][T23881] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1545.867347][T23878] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1545.874659][T23878] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1545.969662][T23878] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1545.977637][T23878] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1545.992238][T23878] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1547.929533][T22940] Bluetooth: hci1: command 0x0405 tx timeout
[ 1547.935612][T22940] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1547.961937][T23906] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1548.057769][ T5828] Bluetooth: hci0: command 0x0405 tx timeout
[ 1548.087627][T22940] Bluetooth: hci2: command 0x0405 tx timeout
[ 1548.093766][T22940] Bluetooth: hci3: command 0x0406 tx timeout
[ 1548.492523][T23915] ubi: mtd0 is already attached to ubi31
[ 1549.360481][T23915] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1549.380218][T23915] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1549.530797][T23915] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1549.569757][T23915] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1549.575873][T23915] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1549.726840][T23927] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1550.245655][T23932] tmpfs: Bad value for 'mpol'
[ 1550.322100][T23935] ubi: mtd0 is already attached to ubi31
[ 1550.663055][T23938] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5036'.
[ 1550.965906][T23940] binder: 23939:23940 ioctl c00c620f 2000000002c0 returned -22
[ 1551.237550][   T24] usb 10-1: new high-speed USB device number 82 using dummy_hcd
[ 1551.430215][ T5828] Bluetooth: hci1: command 0x0405 tx timeout
[ 1551.436027][T22971] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1551.446458][T23954] siw: device registration error -23
[ 1551.448745][   T24] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1551.577358][T22971] Bluetooth: hci0: command 0x0405 tx timeout
[ 1551.577393][ T5828] Bluetooth: hci2: command 0x0405 tx timeout
[ 1551.583404][T22971] Bluetooth: hci3: command 0x0406 tx timeout
[ 1551.736213][   T24] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1551.749341][   T24] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1551.935632][   T24] usb 10-1: Product: syz
[ 1551.968734][   T24] usb 10-1: Manufacturer: syz
[ 1551.982890][   T24] usb 10-1: SerialNumber: syz
[ 1552.435144][T23962] FAULT_INJECTION: forcing a failure.
[ 1552.435144][T23962] name failslab, interval 1, probability 0, space 0, times 0
[ 1552.447995][T23962] CPU: 1 UID: 0 PID: 23962 Comm: syz.1.5044 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1552.448023][T23962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1552.448034][T23962] Call Trace:
[ 1552.448040][T23962]  <TASK>
[ 1552.448048][T23962]  dump_stack_lvl+0x16c/0x1f0
[ 1552.448079][T23962]  should_fail_ex+0x512/0x640
[ 1552.448110][T23962]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1552.448137][T23962]  should_failslab+0xc2/0x120
[ 1552.448163][T23962]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1552.448186][T23962]  ? mas_alloc_nodes+0x18b/0x8b0
[ 1552.448214][T23962]  mas_alloc_nodes+0x18b/0x8b0
[ 1552.448243][T23962]  mas_node_count_gfp+0x105/0x130
[ 1552.448269][T23962]  mas_preallocate+0x77b/0xda0
[ 1552.448293][T23962]  ? __pfx_mas_preallocate+0x10/0x10
[ 1552.448320][T23962]  ? anon_vma_name+0x75/0x100
[ 1552.448352][T23962]  __split_vma+0x34a/0x1070
[ 1552.448377][T23962]  ? __pfx___split_vma+0x10/0x10
[ 1552.448397][T23962]  ? kmem_cache_alloc_noprof+0x1cb/0x3b0
[ 1552.448418][T23962]  ? __mpol_dup+0x74/0x380
[ 1552.448433][T23962]  ? __do_sys_set_mempolicy_home_node+0x32d/0x780
[ 1552.448466][T23962]  vma_modify+0x16dc/0x2030
[ 1552.448495][T23962]  ? __pfx_vma_modify+0x10/0x10
[ 1552.448524][T23962]  vma_modify_policy+0x219/0x2d0
[ 1552.448547][T23962]  ? __pfx_vma_modify_policy+0x10/0x10
[ 1552.448581][T23962]  ? find_held_lock+0x2b/0x80
[ 1552.448608][T23962]  mbind_range+0x175/0x570
[ 1552.448628][T23962]  __do_sys_set_mempolicy_home_node+0x458/0x780
[ 1552.448654][T23962]  ? __pfx___do_sys_set_mempolicy_home_node+0x10/0x10
[ 1552.448692][T23962]  do_syscall_64+0xcd/0x4c0
[ 1552.448722][T23962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1552.448740][T23962] RIP: 0033:0x7f2cab18e929
[ 1552.448755][T23962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1552.448791][T23962] RSP: 002b:00007f2ca8ff6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c2
[ 1552.448809][T23962] RAX: ffffffffffffffda RBX: 00007f2cab3b6160 RCX: 00007f2cab18e929
[ 1552.448821][T23962] RDX: 0000000000000000 RSI: 000000000000a000 RDI: 0000200000349000
[ 1552.448832][T23962] RBP: 00007f2ca8ff6090 R08: 0000000000000000 R09: 0000000000000000
[ 1552.448843][T23962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1552.448853][T23962] R13: 0000000000000000 R14: 00007f2cab3b6160 R15: 00007ffc407ede18
[ 1552.448878][T23962]  </TASK>
[ 1553.717957][   T24] cdc_ncm 10-1:1.0: bind() failure
[ 1553.789752][   T24] usbtest 10-1:1.1: probe with driver usbtest failed with error -71
[ 1553.943277][   T24] usb 10-1: USB disconnect, device number 82
[ 1553.957385][ T5929] usb 5-1: new full-speed USB device number 75 using dummy_hcd
[ 1555.717488][ T5929] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1555.726160][ T5929] usb 5-1: no configurations
[ 1555.734649][ T5929] usb 5-1: can't read configurations, error -22
[ 1556.089377][T23982] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1556.708740][T23987] ubi: mtd0 is already attached to ubi31
[ 1557.230776][T23996] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1557.661813][T23989] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1557.670243][T23989] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1557.676888][T23989] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1557.683100][T23989] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1557.689227][T23989] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1557.898600][   T30] audit: type=1400 audit(2000001140.379:4661): avc:  denied  { recv } for  pid=24005 comm="syz.1.5056" saddr=10.128.0.169 src=47294 daddr=10.128.1.75 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[ 1558.040524][T24009] ubi: mtd0 is already attached to ubi31
[ 1558.050266][   T30] audit: type=1400 audit(2000001140.459:4662): avc:  denied  { module_load } for  pid=24001 comm="syz.4.5055" path=2F6D656D66643A20C736BE918D183229219A25A2D238D606070EFCFE128F2613AE254054A3B03E5CECA9F951403641108C6E7C202864656C6574656429 dev="hugetlbfs" ino=91672 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=system permissive=1
[ 1558.074912][T24010] Invalid ELF header magic: != ELF
[ 1559.228015][T24027] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1559.250604][T24015] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1559.271831][T24015] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1559.280492][T24015] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1559.286701][T24015] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1559.295845][T24015] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1560.217337][T22940] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1560.541169][T24037] overlayfs: failed to resolve './file1': -2
[ 1560.827112][T24040] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5064'.
[ 1560.841951][   T30] audit: type=1400 audit(2000001143.319:4663): avc:  denied  { write } for  pid=24039 comm="syz.3.5064" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1560.893950][   T30] audit: type=1400 audit(2000001143.369:4664): avc:  denied  { read } for  pid=24039 comm="syz.3.5064" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1560.946556][T24047] ubi: mtd0 is already attached to ubi31
[ 1561.337468][T22940] Bluetooth: hci0: command 0x0405 tx timeout
[ 1561.343536][T22940] Bluetooth: hci2: command 0x0405 tx timeout
[ 1561.352173][T22940] Bluetooth: hci3: command 0x0406 tx timeout
[ 1561.358315][T22940] Bluetooth: hci1: command 0x0405 tx timeout
[ 1561.673314][T24059] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1562.268805][T24047] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1562.298153][T24047] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1562.330221][T24047] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1562.336530][T24047] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1562.354245][T24047] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1562.715854][T24076] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1562.844075][T24078] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1563.349176][T22940] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1564.316525][T22940] Bluetooth: hci1: command 0x0405 tx timeout
[ 1564.348973][T24096] FAULT_INJECTION: forcing a failure.
[ 1564.348973][T24096] name failslab, interval 1, probability 0, space 0, times 0
[ 1564.377685][T22940] Bluetooth: hci0: command 0x0405 tx timeout
[ 1564.384769][T22940] Bluetooth: hci2: command 0x0405 tx timeout
[ 1564.391842][T22940] Bluetooth: hci3: command 0x0406 tx timeout
[ 1564.828446][T24094] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1564.843725][T24096] CPU: 1 UID: 0 PID: 24096 Comm: syz.4.5083 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1564.843758][T24096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1564.843769][T24096] Call Trace:
[ 1564.843774][T24096]  <TASK>
[ 1564.843781][T24096]  dump_stack_lvl+0x16c/0x1f0
[ 1564.843809][T24096]  should_fail_ex+0x512/0x640
[ 1564.843830][T24096]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1564.843856][T24096]  should_failslab+0xc2/0x120
[ 1564.843881][T24096]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1564.843903][T24096]  ? __alloc_skb+0x2b2/0x380
[ 1564.843930][T24096]  __alloc_skb+0x2b2/0x380
[ 1564.843952][T24096]  ? __pfx___alloc_skb+0x10/0x10
[ 1564.843984][T24096]  alloc_skb_with_frags+0xe0/0x860
[ 1564.844008][T24096]  ? __might_fault+0xe3/0x190
[ 1564.844027][T24096]  ? __might_fault+0x13b/0x190
[ 1564.844052][T24096]  sock_alloc_send_pskb+0x7fb/0x990
[ 1564.844075][T24096]  ? _copy_from_iter+0x15d/0x16f0
[ 1564.844105][T24096]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1564.844131][T24096]  ? _kstrtoull+0x145/0x200
[ 1564.844149][T24096]  ? __pfx__kstrtoull+0x10/0x10
[ 1564.844166][T24096]  ? iov_iter_advance+0x7d/0x6c0
[ 1564.844191][T24096]  tun_get_user+0x502/0x3b80
[ 1564.844224][T24096]  ? __pfx_tun_get_user+0x10/0x10
[ 1564.844247][T24096]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1564.844277][T24096]  ? find_held_lock+0x2b/0x80
[ 1564.844298][T24096]  ? tun_get+0x191/0x370
[ 1564.844326][T24096]  tun_chr_write_iter+0xdc/0x210
[ 1564.844356][T24096]  vfs_write+0x6c4/0x1150
[ 1564.844377][T24096]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1564.844405][T24096]  ? __pfx_vfs_write+0x10/0x10
[ 1564.844424][T24096]  ? find_held_lock+0x2b/0x80
[ 1564.844460][T24096]  ksys_write+0x12a/0x250
[ 1564.844481][T24096]  ? __pfx_ksys_write+0x10/0x10
[ 1564.844508][T24096]  do_syscall_64+0xcd/0x4c0
[ 1564.844534][T24096]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1564.844554][T24096] RIP: 0033:0x7fb7d958e929
[ 1564.844569][T24096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1564.844585][T24096] RSP: 002b:00007fb7da4d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1564.844602][T24096] RAX: ffffffffffffffda RBX: 00007fb7d97b5fa0 RCX: 00007fb7d958e929
[ 1564.844613][T24096] RDX: 0000000000000ffe RSI: 00002000000000c0 RDI: 0000000000000003
[ 1564.844624][T24096] RBP: 00007fb7da4d7090 R08: 0000000000000000 R09: 0000000000000000
[ 1564.844635][T24096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1564.844645][T24096] R13: 0000000000000000 R14: 00007fb7d97b5fa0 R15: 00007fffe88efa38
[ 1564.844669][T24096]  </TASK>
[ 1566.116836][T24115] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1566.457555][ T5828] Bluetooth: hci0: command 0x0405 tx timeout
[ 1566.700550][   T30] audit: type=1400 audit(2000001149.199:4665): avc:  denied  { read } for  pid=24122 comm="syz.3.5092" name="ppp" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1566.701454][T24123] FAULT_INJECTION: forcing a failure.
[ 1566.701454][T24123] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1566.741157][T24123] CPU: 0 UID: 0 PID: 24123 Comm: syz.3.5092 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1566.741186][T24123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1566.741197][T24123] Call Trace:
[ 1566.741203][T24123]  <TASK>
[ 1566.741211][T24123]  dump_stack_lvl+0x16c/0x1f0
[ 1566.741242][T24123]  should_fail_ex+0x512/0x640
[ 1566.741274][T24123]  _copy_to_user+0x32/0xd0
[ 1566.741302][T24123]  simple_read_from_buffer+0xcb/0x170
[ 1566.741329][T24123]  proc_fail_nth_read+0x197/0x270
[ 1566.741352][T24123]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1566.741376][T24123]  ? rw_verify_area+0xcf/0x680
[ 1566.741396][T24123]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1566.741418][T24123]  vfs_read+0x1e1/0xc60
[ 1566.741445][T24123]  ? __pfx___mutex_lock+0x10/0x10
[ 1566.741473][T24123]  ? __pfx_vfs_read+0x10/0x10
[ 1566.741503][T24123]  ? __fget_files+0x20e/0x3c0
[ 1566.741536][T24123]  ksys_read+0x12a/0x250
[ 1566.741558][T24123]  ? __pfx_ksys_read+0x10/0x10
[ 1566.741590][T24123]  do_syscall_64+0xcd/0x4c0
[ 1566.741621][T24123]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1566.741641][T24123] RIP: 0033:0x7ff943d8d33c
[ 1566.741657][T24123] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1566.741674][T24123] RSP: 002b:00007ff944c75030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1566.741692][T24123] RAX: ffffffffffffffda RBX: 00007ff943fb5fa0 RCX: 00007ff943d8d33c
[ 1566.741709][T24123] RDX: 000000000000000f RSI: 00007ff944c750a0 RDI: 0000000000000005
[ 1566.741720][T24123] RBP: 00007ff944c75090 R08: 0000000000000000 R09: 0000000000000000
[ 1566.741730][T24123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1566.741741][T24123] R13: 0000000000000000 R14: 00007ff943fb5fa0 R15: 00007fff87843bc8
[ 1566.741766][T24123]  </TASK>
[ 1566.777375][   T30] audit: type=1400 audit(2000001149.199:4666): avc:  denied  { open } for  pid=24122 comm="syz.3.5092" path="/dev/ppp" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1566.780365][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1566.785088][   T30] audit: type=1400 audit(2000001149.199:4667): avc:  denied  { ioctl } for  pid=24122 comm="syz.3.5092" path="/dev/ppp" dev="devtmpfs" ino=710 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1567.065865][   T30] audit: type=1400 audit(2000001149.539:4668): avc:  denied  { mounton } for  pid=24126 comm="syz.3.5093" path="/proc/385/task" dev="proc" ino=91953 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[ 1567.817309][ T7454] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[ 1568.309252][ T7454] usb 5-1: Using ep0 maxpacket: 16
[ 1568.334621][ T7454] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1568.355973][   T30] audit: type=1400 audit(2000001150.849:4669): avc:  denied  { create } for  pid=24142 comm="syz.2.5098" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 1568.388095][ T7454] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1568.416163][ T7454] usb 5-1: New USB device found, idVendor=06d8, idProduct=f002, bcdDevice= 0.00
[ 1568.497498][ T7454] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1568.509138][ T7454] usb 5-1: config 0 descriptor??
[ 1568.582837][T24153] ubi: mtd0 is already attached to ubi31
[ 1568.828319][ T5828] Bluetooth: hci1: ACL packet for unknown connection handle 201
[ 1568.918707][T24159] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5101'.
[ 1568.942122][T24161] binder: 24160:24161 ioctl c00c620f 2000000002c0 returned -22
[ 1569.730806][T24153] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1569.765221][T24153] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1569.954503][T24153] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1569.969135][T24153] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1569.975769][T24153] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1570.000521][T24131] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1570.038754][T24131] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1570.554141][ T7454] usbhid 5-1:0.0: can't add hid device: -71
[ 1570.560333][ T7454] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1570.601420][ T7454] usb 5-1: USB disconnect, device number 77
[ 1571.036626][T24176] binder: 24175:24176 ioctl c00c620f 2000000002c0 returned -22
[ 1571.169319][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1571.819144][ T5828] Bluetooth: hci1: command 0x0405 tx timeout
[ 1571.978346][ T5828] Bluetooth: hci0: command 0x0405 tx timeout
[ 1571.978382][T22971] Bluetooth: hci2: command 0x0405 tx timeout
[ 1571.978453][T22971] Bluetooth: hci3: command 0x0406 tx timeout
[ 1572.015137][T24183] ubi: mtd0 is already attached to ubi31
[ 1572.242139][T24189] ubi: mtd0 is already attached to ubi31
[ 1572.880324][T24190] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1572.886680][T24190] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1572.898813][T24190] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1572.923838][T24190] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1573.124518][T24190] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1573.208341][T24200] ubi: mtd0 is already attached to ubi31
[ 1573.749250][T24208] FAULT_INJECTION: forcing a failure.
[ 1573.749250][T24208] name failslab, interval 1, probability 0, space 0, times 0
[ 1573.924493][T24210] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1574.208976][T24208] CPU: 1 UID: 0 PID: 24208 Comm: syz.1.5118 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1574.209004][T24208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1574.209014][T24208] Call Trace:
[ 1574.209019][T24208]  <TASK>
[ 1574.209026][T24208]  dump_stack_lvl+0x16c/0x1f0
[ 1574.209047][T24208]  should_fail_ex+0x512/0x640
[ 1574.209063][T24208]  ? __kvmalloc_node_noprof+0x124/0x620
[ 1574.209079][T24208]  should_failslab+0xc2/0x120
[ 1574.209096][T24208]  __kvmalloc_node_noprof+0x137/0x620
[ 1574.209110][T24208]  ? __pfx___mutex_lock+0x10/0x10
[ 1574.209127][T24208]  ? traverse.part.0.constprop.0+0x392/0x640
[ 1574.209141][T24208]  ? __kernel_text_address+0xd/0x40
[ 1574.209156][T24208]  ? traverse.part.0.constprop.0+0x392/0x640
[ 1574.209169][T24208]  traverse.part.0.constprop.0+0x392/0x640
[ 1574.209188][T24208]  seq_read_iter+0x932/0x12c0
[ 1574.209202][T24208]  ? _kstrtoull+0x145/0x200
[ 1574.209217][T24208]  seq_read+0x39e/0x4e0
[ 1574.209231][T24208]  ? __pfx_seq_read+0x10/0x10
[ 1574.209247][T24208]  ? import_ubuf+0x1b6/0x220
[ 1574.209263][T24208]  ? avc_policy_seqno+0x9/0x20
[ 1574.209276][T24208]  ? __pfx_seq_read+0x10/0x10
[ 1574.209289][T24208]  proc_reg_read+0x240/0x330
[ 1574.209308][T24208]  ? __pfx_proc_reg_read+0x10/0x10
[ 1574.209325][T24208]  vfs_readv+0x5be/0x8b0
[ 1574.209344][T24208]  ? __pfx_vfs_readv+0x10/0x10
[ 1574.209357][T24208]  ? find_held_lock+0x2b/0x80
[ 1574.209379][T24208]  ? __fget_files+0x20e/0x3c0
[ 1574.209397][T24208]  ? do_preadv+0x1a6/0x270
[ 1574.209409][T24208]  do_preadv+0x1a6/0x270
[ 1574.209422][T24208]  ? __pfx_do_preadv+0x10/0x10
[ 1574.209439][T24208]  do_syscall_64+0xcd/0x4c0
[ 1574.209457][T24208]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1574.209468][T24208] RIP: 0033:0x7f2cab18e929
[ 1574.209478][T24208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1574.209489][T24208] RSP: 002b:00007f2cabf4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[ 1574.209500][T24208] RAX: ffffffffffffffda RBX: 00007f2cab3b5fa0 RCX: 00007f2cab18e929
[ 1574.209508][T24208] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000006
[ 1574.209514][T24208] RBP: 00007f2cabf4a090 R08: 0000000000000104 R09: 0000000000000000
[ 1574.209521][T24208] R10: 00000000fffffffc R11: 0000000000000246 R12: 0000000000000001
[ 1574.209527][T24208] R13: 0000000000000000 R14: 00007f2cab3b5fa0 R15: 00007ffc407ede18
[ 1574.209541][T24208]  </TASK>
[ 1574.597328][   T24] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[ 1574.757603][   T24] usb 5-1: Using ep0 maxpacket: 16
[ 1574.770955][   T24] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1574.820897][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1574.867928][T22971] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1574.944480][T22940] Bluetooth: hci3: command 0x0406 tx timeout
[ 1574.950749][T22971] Bluetooth: hci2: command 0x0405 tx timeout
[ 1574.957373][T22940] Bluetooth: hci1: command 0x0405 tx timeout
[ 1574.973023][   T24] usb 5-1: config 0 descriptor??
[ 1575.134037][   T24] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1575.177560][ T5828] Bluetooth: hci0: command 0x0405 tx timeout
[ 1575.406813][T24225] hub 8-0:1.0: USB hub found
[ 1575.411871][T24225] hub 8-0:1.0: 1 port detected
[ 1575.501313][   T24] gspca_sonixj: reg_r err -32
[ 1575.512481][   T24] sonixj 5-1:0.0: probe with driver sonixj failed with error -32
[ 1576.509856][T24242] binder: 24241:24242 ioctl c00c620f 2000000002c0 returned -22
[ 1577.072244][T24247] FAULT_INJECTION: forcing a failure.
[ 1577.072244][T24247] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1577.085633][T24247] CPU: 1 UID: 0 PID: 24247 Comm: syz.2.5123 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1577.085658][T24247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1577.085670][T24247] Call Trace:
[ 1577.085676][T24247]  <TASK>
[ 1577.085683][T24247]  dump_stack_lvl+0x16c/0x1f0
[ 1577.085714][T24247]  should_fail_ex+0x512/0x640
[ 1577.085742][T24247]  _copy_to_user+0x32/0xd0
[ 1577.085770][T24247]  simple_read_from_buffer+0xcb/0x170
[ 1577.085795][T24247]  proc_fail_nth_read+0x197/0x270
[ 1577.085818][T24247]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1577.085842][T24247]  ? rw_verify_area+0xcf/0x680
[ 1577.085861][T24247]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1577.085883][T24247]  vfs_read+0x1e1/0xc60
[ 1577.085905][T24247]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1577.085936][T24247]  ? __pfx___mutex_lock+0x10/0x10
[ 1577.085963][T24247]  ? __pfx_vfs_read+0x10/0x10
[ 1577.085988][T24247]  ? __rcu_read_unlock+0x2b4/0x580
[ 1577.086018][T24247]  ? __fget_files+0x20e/0x3c0
[ 1577.086050][T24247]  ksys_read+0x12a/0x250
[ 1577.086071][T24247]  ? __pfx_ksys_read+0x10/0x10
[ 1577.086100][T24247]  do_syscall_64+0xcd/0x4c0
[ 1577.086129][T24247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1577.086147][T24247] RIP: 0033:0x7f66ba58d33c
[ 1577.086163][T24247] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1577.086180][T24247] RSP: 002b:00007f66bb413030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1577.086198][T24247] RAX: ffffffffffffffda RBX: 00007f66ba7b6160 RCX: 00007f66ba58d33c
[ 1577.086210][T24247] RDX: 000000000000000f RSI: 00007f66bb4130a0 RDI: 0000000000000006
[ 1577.086222][T24247] RBP: 00007f66bb413090 R08: 0000000000000000 R09: 0000000000000000
[ 1577.086232][T24247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1577.086243][T24247] R13: 0000000000000000 R14: 00007f66ba7b6160 R15: 00007ffd52c1a9d8
[ 1577.086268][T24247]  </TASK>
[ 1577.637177][T24250] input: syz0 as /devices/virtual/input/input32
[ 1577.763882][T24255] ubi: mtd0 is already attached to ubi31
[ 1578.922704][T24255] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1578.932082][T24255] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1578.941785][T24255] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1578.948028][T24255] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1578.958520][T24255] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1579.269615][T24277] overlayfs: failed to resolve './file1': -2
[ 1579.835494][ T5888] usb 5-1: USB disconnect, device number 78
[ 1579.977724][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1580.026314][T24285] ubi: mtd0 is already attached to ubi31
[ 1580.702766][T24285] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1580.709628][T24285] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1580.715746][T24285] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1580.722032][T24285] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1580.728289][T24285] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1580.997360][   T10] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[ 1581.005176][T15995] usb 3-1: new full-speed USB device number 85 using dummy_hcd
[ 1581.177471][   T10] usb 5-1: Using ep0 maxpacket: 32
[ 1581.219410][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1581.234476][T15995] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[ 1581.292506][   T10] usb 5-1: config 128 has an invalid interface number: 127 but max is 3
[ 1581.355917][T15995] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[ 1581.390481][   T10] usb 5-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[ 1581.408991][T15995] usb 3-1: New USB device found, idVendor=0925, idProduct=8866, bcdDevice= 0.00
[ 1581.418674][   T10] usb 5-1: config 128 has 1 interface, different from the descriptor's value: 4
[ 1581.429842][T15995] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1581.439385][   T10] usb 5-1: config 128 has no interface number 0
[ 1581.446495][   T10] usb 5-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1581.458931][T15995] usb 3-1: config 0 descriptor??
[ 1581.466337][T24295] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1581.476678][   T10] usb 5-1: config 128 interface 127 has no altsetting 0
[ 1581.491357][   T10] usb 5-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[ 1581.502977][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1581.514948][   T10] usb 5-1: Product: syz
[ 1581.521505][   T10] usb 5-1: Manufacturer: syz
[ 1581.526129][   T10] usb 5-1: SerialNumber: syz
[ 1581.732816][T24295] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1581.751021][T24295] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1581.804092][   T10] usb 5-1: USB disconnect, device number 79
[ 1581.970936][T15995] smartjoyplus 0003:0925:8866.0025: bogus close delimiter
[ 1581.983847][T15995] smartjoyplus 0003:0925:8866.0025: item 0 4 2 10 parsing failed
[ 1581.997430][T15995] smartjoyplus 0003:0925:8866.0025: parse failed
[ 1582.005051][T15995] smartjoyplus 0003:0925:8866.0025: probe with driver smartjoyplus failed with error -22
[ 1582.017468][ T5888] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[ 1582.217518][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1582.256742][T24295] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1582.272166][ T5888] usb 4-1: config index 0 descriptor too short (expected 58063, got 72)
[ 1582.277565][T24295] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1582.291761][ T5888] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1582.302841][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1582.399031][T24320] siw: device registration error -23
[ 1582.777364][ T5828] Bluetooth: hci0: command 0x0405 tx timeout
[ 1582.777728][T22940] Bluetooth: hci2: command 0x0405 tx timeout
[ 1582.783656][ T5828] Bluetooth: hci3: command 0x0406 tx timeout
[ 1582.789744][T22971] Bluetooth: hci1: command 0x0405 tx timeout
[ 1582.823297][ T5888] usb 4-1: Product: syz
[ 1582.831182][T15995] usb 3-1: USB disconnect, device number 85
[ 1582.832382][ T5888] usb 4-1: Manufacturer: syz
[ 1582.850821][ T5888] usb 4-1: SerialNumber: syz
[ 1582.865425][ T5888] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1582.899619][T22339] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1582.944427][T24322] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5147'.
[ 1582.979555][T24322] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5147'.
[ 1583.209490][T24311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1583.248291][T24311] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1583.280741][T24311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1583.308636][T24311] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1583.372046][T24311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1583.407618][T24311] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1583.431323][T24311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1583.442764][T24311] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1583.464828][   T10] usb 4-1: USB disconnect, device number 66
[ 1583.489033][   T30] audit: type=1400 audit(2000001165.949:4670): avc:  denied  { write } for  pid=24310 comm="syz.3.5144" path="socket:[93388]" dev="sockfs" ino=93388 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1583.563296][T24335] binder: 24333:24335 ioctl c00c620f 2000000002c0 returned -22
[ 1584.261066][T22339] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[ 1584.296129][T22339] ath9k_htc: Failed to initialize the device
[ 1584.304478][   T10] usb 4-1: ath9k_htc: USB layer deinitialized
[ 1584.339771][T24340] binder: 24339:24340 ioctl c00c620f 2000000002c0 returned -22
[ 1584.757325][   T10] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[ 1584.855240][ T5901] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[ 1585.067487][ T5901] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1585.117476][ T5901] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1585.127440][ T5901] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[ 1585.136620][ T5901] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1585.514465][ T5901] usb 3-1: config 0 descriptor??
[ 1585.579387][   T30] audit: type=1400 audit(2000001168.079:4671): avc:  denied  { mount } for  pid=24353 comm="syz.9.5156" name="/" dev="rpc_pipefs" ino=93414 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[ 1585.788211][T24345] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1585.796941][T24345] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1585.807486][   T30] audit: type=1400 audit(2000001168.289:4672): avc:  denied  { ioctl } for  pid=24353 comm="syz.9.5156" path="net:[4026534021]" dev="nsfs" ino=4026534021 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1586.082797][   T30] audit: type=1400 audit(2000001168.579:4673): avc:  denied  { read write } for  pid=24353 comm="syz.9.5156" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[ 1586.082847][   T30] audit: type=1400 audit(2000001168.579:4674): avc:  denied  { open } for  pid=24353 comm="syz.9.5156" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[ 1587.526106][T24360] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1587.572669][   T30] audit: type=1400 audit(2000001170.068:4675): avc:  denied  { unmount } for  pid=17236 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[ 1587.808537][ T5901] usbhid 3-1:0.0: can't add hid device: -71
[ 1587.815374][ T5901] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1587.826952][ T5901] usb 3-1: USB disconnect, device number 86
[ 1587.834843][T24369] FAULT_INJECTION: forcing a failure.
[ 1587.834843][T24369] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1587.870241][T24369] CPU: 0 UID: 0 PID: 24369 Comm: syz.9.5159 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1587.870271][T24369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1587.870282][T24369] Call Trace:
[ 1587.870288][T24369]  <TASK>
[ 1587.870296][T24369]  dump_stack_lvl+0x16c/0x1f0
[ 1587.870329][T24369]  should_fail_ex+0x512/0x640
[ 1587.870355][T24369]  _copy_from_user+0x2e/0xd0
[ 1587.870382][T24369]  bpf_test_init.isra.0+0xe2/0x140
[ 1587.870412][T24369]  bpf_prog_test_run_xdp+0x4f0/0x1590
[ 1587.870441][T24369]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 1587.870460][T24369]  ? __might_fault+0xe0/0x190
[ 1587.870487][T24369]  ? fput+0x70/0xf0
[ 1587.870513][T24369]  ? __bpf_prog_get+0x97/0x2a0
[ 1587.870534][T24369]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 1587.870551][T24369]  __sys_bpf+0x1488/0x4d80
[ 1587.870578][T24369]  ? __pfx___sys_bpf+0x10/0x10
[ 1587.870603][T24369]  ? ksys_write+0x190/0x250
[ 1587.870629][T24369]  ? __mutex_unlock_slowpath+0x161/0x6a0
[ 1587.870677][T24369]  ? fput+0x70/0xf0
[ 1587.870702][T24369]  ? ksys_write+0x1ac/0x250
[ 1587.870724][T24369]  ? __pfx_ksys_write+0x10/0x10
[ 1587.870751][T24369]  __x64_sys_bpf+0x78/0xc0
[ 1587.870775][T24369]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1587.870801][T24369]  do_syscall_64+0xcd/0x4c0
[ 1587.870829][T24369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1587.870847][T24369] RIP: 0033:0x7ff25dd8e929
[ 1587.870863][T24369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1587.870881][T24369] RSP: 002b:00007ff25bbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1587.870899][T24369] RAX: ffffffffffffffda RBX: 00007ff25dfb5fa0 RCX: 00007ff25dd8e929
[ 1587.870911][T24369] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 1587.870923][T24369] RBP: 00007ff25bbf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1587.870934][T24369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1587.870945][T24369] R13: 0000000000000000 R14: 00007ff25dfb5fa0 R15: 00007ffc7f5231c8
[ 1587.870970][T24369]  </TASK>
[ 1589.651906][T24400] FAULT_INJECTION: forcing a failure.
[ 1589.651906][T24400] name failslab, interval 1, probability 0, space 0, times 0
[ 1589.664704][T24400] CPU: 0 UID: 0 PID: 24400 Comm: syz.1.5168 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1589.664731][T24400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1589.664742][T24400] Call Trace:
[ 1589.664749][T24400]  <TASK>
[ 1589.664757][T24400]  dump_stack_lvl+0x16c/0x1f0
[ 1589.664789][T24400]  should_fail_ex+0x512/0x640
[ 1589.664814][T24400]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1589.664840][T24400]  should_failslab+0xc2/0x120
[ 1589.664871][T24400]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1589.664896][T24400]  ? alloc_empty_file+0x55/0x1e0
[ 1589.664918][T24400]  alloc_empty_file+0x55/0x1e0
[ 1589.664936][T24400]  path_openat+0xda/0x2cb0
[ 1589.664959][T24400]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1589.664988][T24400]  ? __pfx_path_openat+0x10/0x10
[ 1589.665015][T24400]  ? __lock_acquire+0xb8a/0x1c90
[ 1589.665045][T24400]  do_filp_open+0x20b/0x470
[ 1589.665070][T24400]  ? __pfx_do_filp_open+0x10/0x10
[ 1589.665114][T24400]  ? alloc_fd+0x471/0x7d0
[ 1589.665145][T24400]  do_sys_openat2+0x11b/0x1d0
[ 1589.665162][T24400]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1589.665182][T24400]  ? __fget_files+0x20e/0x3c0
[ 1589.665211][T24400]  __x64_sys_openat+0x174/0x210
[ 1589.665230][T24400]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1589.665248][T24400]  ? ksys_write+0x1ac/0x250
[ 1589.665279][T24400]  do_syscall_64+0xcd/0x4c0
[ 1589.665309][T24400]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1589.665327][T24400] RIP: 0033:0x7f2cab18e929
[ 1589.665342][T24400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1589.665359][T24400] RSP: 002b:00007f2cabf4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1589.665377][T24400] RAX: ffffffffffffffda RBX: 00007f2cab3b5fa0 RCX: 00007f2cab18e929
[ 1589.665389][T24400] RDX: 0000000000020842 RSI: 000020000000c380 RDI: ffffffffffffff9c
[ 1589.665401][T24400] RBP: 00007f2cabf4a090 R08: 0000000000000000 R09: 0000000000000000
[ 1589.665412][T24400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1589.665422][T24400] R13: 0000000000000000 R14: 00007f2cab3b5fa0 R15: 00007ffc407ede18
[ 1589.665447][T24400]  </TASK>
[ 1589.877630][T24395] FAULT_INJECTION: forcing a failure.
[ 1589.877630][T24395] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1589.895233][T24395] CPU: 0 UID: 0 PID: 24395 Comm: syz.2.5166 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1589.895263][T24395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1589.895273][T24395] Call Trace:
[ 1589.895280][T24395]  <TASK>
[ 1589.895288][T24395]  dump_stack_lvl+0x16c/0x1f0
[ 1589.895320][T24395]  should_fail_ex+0x512/0x640
[ 1589.895346][T24395]  core_sys_select+0x949/0xc10
[ 1589.895376][T24395]  ? __pfx_core_sys_select+0x10/0x10
[ 1589.895403][T24395]  ? __pfx___schedule+0x10/0x10
[ 1589.895457][T24395]  do_pselect.constprop.0+0x19f/0x1e0
[ 1589.895484][T24395]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[ 1589.895518][T24395]  __x64_sys_pselect6+0x182/0x240
[ 1589.895543][T24395]  ? __pfx___x64_sys_pselect6+0x10/0x10
[ 1589.895573][T24395]  do_syscall_64+0xcd/0x4c0
[ 1589.895602][T24395]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1589.895621][T24395] RIP: 0033:0x7f66ba58e929
[ 1589.895636][T24395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1589.895654][T24395] RSP: 002b:00007f66bb434038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1589.895673][T24395] RAX: ffffffffffffffda RBX: 00007f66ba7b6080 RCX: 00007f66ba58e929
[ 1589.895685][T24395] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[ 1589.895696][T24395] RBP: 00007f66bb434090 R08: 0000000000000000 R09: 0000000000000000
[ 1589.895708][T24395] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001
[ 1589.895719][T24395] R13: 0000000000000000 R14: 00007f66ba7b6080 R15: 00007ffd52c1a9d8
[ 1589.895744][T24395]  </TASK>
[ 1590.364598][   T30] audit: type=1804 audit(2000001172.858:4676): pid=24405 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.9.5170" name="/newroot/388/file0" dev="tmpfs" ino=2253 res=1 errno=0
[ 1590.466435][   T30] audit: type=1400 audit(2000001172.858:4677): avc:  granted  { setsecparam } for  pid=24406 comm="syz.2.5171" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[ 1590.473847][T24410] binder: 24408:24410 ioctl c00c620f 2000000002c0 returned -22
[ 1591.356152][T24416] ubi: mtd0 is already attached to ubi31
[ 1592.136081][T24416] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1592.177468][T24416] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1592.190515][T24416] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1592.219956][T24416] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1592.617710][T24416] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1592.818409][T24428] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5176'.
[ 1592.846126][T24428] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5176'.
[ 1592.926425][T24434] binder: 24432:24434 ioctl c00c620f 2000000002c0 returned -22
[ 1594.162697][T22971] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1594.227399][T22971] Bluetooth: hci3: command 0x0406 tx timeout
[ 1594.233524][T22971] Bluetooth: hci1: command 0x0405 tx timeout
[ 1594.236810][T24441] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1594.297393][T22971] Bluetooth: hci2: command 0x0405 tx timeout
[ 1594.647382][T22940] Bluetooth: hci0: command 0x0405 tx timeout
[ 1594.781648][T24447] FAULT_INJECTION: forcing a failure.
[ 1594.781648][T24447] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1594.836403][T24447] CPU: 0 UID: 0 PID: 24447 Comm: syz.9.5182 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1594.836432][T24447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1594.836444][T24447] Call Trace:
[ 1594.836451][T24447]  <TASK>
[ 1594.836459][T24447]  dump_stack_lvl+0x16c/0x1f0
[ 1594.836490][T24447]  should_fail_ex+0x512/0x640
[ 1594.836517][T24447]  _copy_from_user+0x2e/0xd0
[ 1594.836543][T24447]  ____sys_sendmsg+0x607/0xc70
[ 1594.836566][T24447]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1594.836604][T24447]  ___sys_sendmsg+0x134/0x1d0
[ 1594.836632][T24447]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1594.836655][T24447]  ? __lock_acquire+0x622/0x1c90
[ 1594.836714][T24447]  __sys_sendmsg+0x16d/0x220
[ 1594.836740][T24447]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1594.836782][T24447]  do_syscall_64+0xcd/0x4c0
[ 1594.836810][T24447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1594.836829][T24447] RIP: 0033:0x7ff25dd8e929
[ 1594.836843][T24447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1594.836860][T24447] RSP: 002b:00007ff25bbf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1594.836878][T24447] RAX: ffffffffffffffda RBX: 00007ff25dfb5fa0 RCX: 00007ff25dd8e929
[ 1594.836891][T24447] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003
[ 1594.836902][T24447] RBP: 00007ff25bbf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1594.836913][T24447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1594.836924][T24447] R13: 0000000000000000 R14: 00007ff25dfb5fa0 R15: 00007ffc7f5231c8
[ 1594.836949][T24447]  </TASK>
[ 1595.120733][   T30] audit: type=1400 audit(2000001177.618:4678): avc:  denied  { create } for  pid=24452 comm="syz.2.5184" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1595.146305][   T30] audit: type=1400 audit(2000001177.648:4679): avc:  denied  { unlink } for  pid=24452 comm="syz.2.5184" name="file0" dev="tmpfs" ino=1289 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1595.197363][ T5822] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[ 1595.347319][ T5822] usb 2-1: Using ep0 maxpacket: 32
[ 1595.392973][ T5822] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[ 1595.413325][ T5822] usb 2-1: config 0 has no interface number 0
[ 1595.421658][ T5822] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1595.437363][ T5888] usb 10-1: new full-speed USB device number 83 using dummy_hcd
[ 1595.438658][ T5822] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1595.454313][ T5822] usb 2-1: Product: syz
[ 1595.459526][ T5822] usb 2-1: Manufacturer: syz
[ 1595.464241][ T5822] usb 2-1: SerialNumber: syz
[ 1595.482467][ T5822] usb 2-1: config 0 descriptor??
[ 1595.489237][ T5822] smsc95xx v2.0.0
[ 1595.597404][ T5888] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1595.617480][ T5888] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1595.633525][ T5888] usb 10-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 1595.643535][ T5888] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1595.652918][ T5888] usb 10-1: Product: syz
[ 1595.657260][ T5888] usb 10-1: Manufacturer: syz
[ 1595.662132][ T5888] usb 10-1: SerialNumber: syz
[ 1595.673117][ T5888] usb 10-1: config 0 descriptor??
[ 1595.903162][ T5822] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1596.078920][ T5822] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1596.262034][ T5822] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 1596.276558][ T5822] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -61
[ 1596.662753][T24473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1596.764708][T24473] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1596.827659][   T10] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[ 1596.849162][T24475] binder: 24474:24475 ioctl c00c620f 2000000002c0 returned -22
[ 1597.205077][T24478] ubi: mtd0 is already attached to ubi31
[ 1597.330064][   T10] usb 3-1: device descriptor read/64, error -71
[ 1598.115197][ T5822] usb 2-1: USB disconnect, device number 73
[ 1598.307539][   T10] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[ 1598.846044][T24488] FAULT_INJECTION: forcing a failure.
[ 1598.846044][T24488] name failslab, interval 1, probability 0, space 0, times 0
[ 1598.858971][T24488] CPU: 1 UID: 0 PID: 24488 Comm: syz.1.5193 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1598.858987][T24488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1598.858994][T24488] Call Trace:
[ 1598.858998][T24488]  <TASK>
[ 1598.859003][T24488]  dump_stack_lvl+0x16c/0x1f0
[ 1598.859023][T24488]  should_fail_ex+0x512/0x640
[ 1598.859038][T24488]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1598.859054][T24488]  should_failslab+0xc2/0x120
[ 1598.859070][T24488]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1598.859084][T24488]  ? netlink_dump+0x9c7/0xce0
[ 1598.859094][T24488]  ? __alloc_skb+0x2b2/0x380
[ 1598.859112][T24488]  __alloc_skb+0x2b2/0x380
[ 1598.859137][T24488]  ? __pfx___alloc_skb+0x10/0x10
[ 1598.859154][T24488]  ? __pfx__copy_to_iter+0x10/0x10
[ 1598.859173][T24488]  netlink_dump+0x678/0xce0
[ 1598.859183][T24488]  ? __pfx___skb_recv_datagram+0x10/0x10
[ 1598.859199][T24488]  ? __pfx_netlink_dump+0x10/0x10
[ 1598.859219][T24488]  netlink_recvmsg+0x7dc/0xa90
[ 1598.859231][T24488]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1598.859248][T24488]  sock_recvmsg+0x1f9/0x250
[ 1598.859261][T24488]  ____sys_recvmsg+0x218/0x6b0
[ 1598.859275][T24488]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1598.859293][T24488]  ? __lock_acquire+0x622/0x1c90
[ 1598.859313][T24488]  ___sys_recvmsg+0x114/0x1a0
[ 1598.859333][T24488]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1598.859351][T24488]  ? find_held_lock+0x2b/0x80
[ 1598.859374][T24488]  do_recvmmsg+0x2fe/0x750
[ 1598.859392][T24488]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1598.859407][T24488]  ? find_held_lock+0x2b/0x80
[ 1598.859419][T24488]  ? __might_fault+0xe3/0x190
[ 1598.859433][T24488]  ? __might_fault+0x13b/0x190
[ 1598.859459][T24488]  ? __pfx_get_timespec64+0x10/0x10
[ 1598.859481][T24488]  ? __fget_files+0x20e/0x3c0
[ 1598.859510][T24488]  __x64_sys_recvmmsg+0x199/0x280
[ 1598.859540][T24488]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1598.859562][T24488]  do_syscall_64+0xcd/0x4c0
[ 1598.859580][T24488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1598.859591][T24488] RIP: 0033:0x7f2cab18e929
[ 1598.859601][T24488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1598.859613][T24488] RSP: 002b:00007f2cabf29038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1598.859623][T24488] RAX: ffffffffffffffda RBX: 00007f2cab3b6080 RCX: 00007f2cab18e929
[ 1598.859630][T24488] RDX: 0400000000000ec0 RSI: 0000200000002ec0 RDI: 0000000000000006
[ 1598.859637][T24488] RBP: 00007f2cabf29090 R08: 00002000000001c0 R09: 0000000000000000
[ 1598.859644][T24488] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[ 1598.859650][T24488] R13: 0000000000000000 R14: 00007f2cab3b6080 R15: 00007ffc407ede18
[ 1598.859664][T24488]  </TASK>
[ 1599.485702][   T24] usb 10-1: USB disconnect, device number 83
[ 1599.672922][   T30] audit: type=1400 audit(2000001182.168:4680): avc:  denied  { read } for  pid=24495 comm="syz.9.5196" path="socket:[94619]" dev="sockfs" ino=94619 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1599.837371][T15995] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[ 1599.848824][T24502] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1599.858559][T24502] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1599.972830][T24505] netlink: 'syz.4.5198': attribute type 9 has an invalid length.
[ 1599.989362][T24505] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1600.585709][T24502] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1600.621151][T24502] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1600.643474][T15995] usb 4-1: config index 0 descriptor too short (expected 65183, got 72)
[ 1600.668037][T15995] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1600.677130][T15995] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1600.684316][T24503] block device autoloading is deprecated and will be removed.
[ 1600.685167][T15995] usb 4-1: Product: syz
[ 1600.715981][T15995] usb 4-1: Manufacturer: syz
[ 1600.727632][T15995] usb 4-1: SerialNumber: syz
[ 1600.742881][T15995] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1600.904461][   T10] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1601.333482][T24494] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1601.342845][T24494] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1601.363530][T24494] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1601.372853][T24494] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1601.383108][T24494] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1601.488143][T24494] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1602.332165][   T10] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[ 1602.353559][   T10] ath9k_htc: Failed to initialize the device
[ 1602.386868][   T10] usb 4-1: ath9k_htc: USB layer deinitialized
[ 1602.434685][T24517] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5194'.
[ 1602.455598][T15995] usb 4-1: USB disconnect, device number 68
[ 1602.918260][   T30] audit: type=1400 audit(2000001185.418:4681): avc:  denied  { bind } for  pid=24528 comm="syz.4.5204" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1603.017450][T15995] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[ 1603.104425][   T30] audit: type=1400 audit(2000001185.598:4682): avc:  denied  { ioctl } for  pid=24520 comm="syz.1.5202" path="socket:[94676]" dev="sockfs" ino=94676 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1603.237253][T15995] usb 4-1: Using ep0 maxpacket: 8
[ 1603.577502][   T30] audit: type=1400 audit(2000001185.598:4683): avc:  denied  { accept } for  pid=24520 comm="syz.1.5202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1603.597404][   T30] audit: type=1400 audit(2000001186.038:4684): avc:  denied  { kexec_image_load } for  pid=24520 comm="syz.1.5202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[ 1603.670732][T15995] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1603.685943][T15995] usb 4-1: too many configurations: 39, using maximum allowed: 8
[ 1603.762522][T15995] usb 4-1: unable to read config index 0 descriptor/start: -71
[ 1603.772350][T15995] usb 4-1: can't read configurations, error -71
[ 1604.068308][   T10] usb 2-1: new full-speed USB device number 74 using dummy_hcd
[ 1604.241087][   T30] audit: type=1400 audit(2000001186.738:4685): avc:  denied  { name_bind } for  pid=24543 comm="syz.4.5209" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[ 1604.264000][T24546] xt_bpf: check failed: parse error
[ 1604.271883][T24546] netlink: 56 bytes leftover after parsing attributes in process `syz.4.5209'.
[ 1604.283344][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1604.293591][   T10] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1604.304398][   T10] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 1604.313519][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1604.321580][   T10] usb 2-1: Product: syz
[ 1604.325720][   T10] usb 2-1: Manufacturer: syz
[ 1604.330508][   T10] usb 2-1: SerialNumber: syz
[ 1604.336543][   T10] usb 2-1: config 0 descriptor??
[ 1604.447381][   T24] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[ 1604.477333][ T5901] usb 10-1: new low-speed USB device number 84 using dummy_hcd
[ 1604.579902][T24553] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1604.594462][T24553] overlayfs: invalid origin (00000079007a6b616c6c6572310000000000000180c2000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[ 1604.597292][   T24] usb 3-1: Using ep0 maxpacket: 32
[ 1604.620132][   T24] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1604.630620][   T24] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1604.641558][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1604.650711][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 2763, setting to 1024
[ 1604.651842][ T5901] usb 10-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1604.663752][   T24] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1604.675026][ T5901] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1604.684078][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1604.698420][ T5901] usb 10-1: config 0 descriptor??
[ 1604.699740][   T24] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1604.714174][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1604.730115][   T24] usb 3-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40
[ 1604.739747][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1604.750047][   T24] usb 3-1: config 0 descriptor??
[ 1604.757345][T24550] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1604.770051][   T24] usblp0: Disabling reads from problematic bidirectional printer
[ 1604.884033][T24557] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5213'.
[ 1604.935580][ T5901] asix 10-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 1604.986229][T24550] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1604.999526][T24550] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1605.015470][T24550] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1605.024751][T24550] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1605.072504][T24550] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5211'.
[ 1605.211153][   T30] audit: type=1400 audit(2000001187.708:4686): avc:  denied  { create } for  pid=24549 comm="syz.2.5211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[ 1605.254430][T24563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1605.270611][T24563] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1605.403222][T24547] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1605.415049][T24547] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1605.415121][   T24] usblp 3-1:0.0: usblp0: USB Unidirectional printer dev 89 if 0 alt 0 proto 3 vid 0x03F0 pid 0x0004
[ 1605.433355][   T30] audit: type=1400 audit(2000001187.928:4687): avc:  denied  { view } for  pid=24564 comm="syz.4.5215" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[ 1605.521993][T24567] ubi: mtd0 is already attached to ubi31
[ 1605.878075][   T24] usb 3-1: USB disconnect, device number 89
[ 1605.906062][   T24] usblp0: removed
[ 1605.954634][T24572] FAULT_INJECTION: forcing a failure.
[ 1605.954634][T24572] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1605.965733][T24571] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1605.970206][T24572] CPU: 0 UID: 0 PID: 24572 Comm: syz.3.5217 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1605.970234][T24572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1605.970244][T24572] Call Trace:
[ 1605.970250][T24572]  <TASK>
[ 1605.970256][T24572]  dump_stack_lvl+0x16c/0x1f0
[ 1605.970285][T24572]  should_fail_ex+0x512/0x640
[ 1605.970309][T24572]  _copy_from_user+0x2e/0xd0
[ 1605.970332][T24572]  binder_ioctl+0x57a/0x72c0
[ 1605.970358][T24572]  ? tomoyo_path_number_perm+0x18d/0x580
[ 1605.970382][T24572]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1605.970402][T24572]  ? __pfx_binder_ioctl+0x10/0x10
[ 1605.970418][T24572]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1605.970441][T24572]  ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540
[ 1605.970464][T24572]  ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540
[ 1605.970487][T24572]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1605.970516][T24572]  ? hook_file_ioctl_common+0x145/0x410
[ 1605.970537][T24572]  ? selinux_file_ioctl+0x180/0x270
[ 1605.970557][T24572]  ? selinux_file_ioctl+0xb4/0x270
[ 1605.970578][T24572]  ? __pfx_binder_ioctl+0x10/0x10
[ 1605.970595][T24572]  __x64_sys_ioctl+0x18b/0x210
[ 1605.970614][T24572]  do_syscall_64+0xcd/0x4c0
[ 1605.970639][T24572]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1605.970655][T24572] RIP: 0033:0x7ff943d8e929
[ 1605.970669][T24572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1605.970685][T24572] RSP: 002b:00007ff944c75038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1605.970701][T24572] RAX: ffffffffffffffda RBX: 00007ff943fb5fa0 RCX: 00007ff943d8e929
[ 1605.970711][T24572] RDX: 0000200000000180 RSI: 00000000c0306201 RDI: 0000000000000003
[ 1605.970721][T24572] RBP: 00007ff944c75090 R08: 0000000000000000 R09: 0000000000000000
[ 1605.970731][T24572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1605.970741][T24572] R13: 0000000000000000 R14: 00007ff943fb5fa0 R15: 00007fff87843bc8
[ 1605.970762][T24572]  </TASK>
[ 1605.970784][T24572] binder: 24569:24572 ioctl c0306201 200000000180 returned -14
[ 1605.981221][T24571] overlayfs: invalid origin (00000079007a6b616c6c6572310000000000000180c2000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[ 1606.099013][ T5901] asix 10-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1606.219100][ T5901] asix 10-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9
[ 1606.251553][ T5901] asix 10-1:0.0: probe with driver asix failed with error -71
[ 1606.266655][ T5901] usb 10-1: USB disconnect, device number 84
[ 1606.884713][T24588] ubi: mtd0 is already attached to ubi31
[ 1607.741029][ T5901] usb 2-1: USB disconnect, device number 74
[ 1608.009111][T24598] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1608.535240][T24588] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1608.574540][T24604] program syz.9.5224 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1608.618200][T24588] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1608.624226][T24588] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1608.638327][   T30] audit: type=1326 audit(2000001191.078:4688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24600 comm="syz.9.5224" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff25dd8e929 code=0x7eff0000
[ 1608.662906][T24588] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1608.699356][T24588] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1608.753216][T24608] fuse: Unknown parameter '0x0000000000000003'
[ 1609.567921][T24617] ubi: mtd0 is already attached to ubi31
[ 1609.794381][T24621] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[ 1609.808253][T24621] Error validating options; rc = [-22]
[ 1610.691025][T24617] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1610.697166][T24617] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1610.703548][T22940] Bluetooth: hci3: command 0x0406 tx timeout
[ 1610.703600][T22971] Bluetooth: hci2: command 0x0405 tx timeout
[ 1610.768834][T24617] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1610.837785][T24627] netlink: 'syz.1.5232': attribute type 9 has an invalid length.
[ 1611.388224][T24617] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1611.394849][T24617] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1611.740496][T22971] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1612.777432][T22971] Bluetooth: hci3: command 0x0406 tx timeout
[ 1612.783495][T22971] Bluetooth: hci1: command 0x0405 tx timeout
[ 1613.203687][T24653] fuse: Unknown parameter '0x0000000000000003'
[ 1613.407277][ T5901] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[ 1613.417551][T23076] Bluetooth: hci2: command 0x0405 tx timeout
[ 1613.423781][T22971] Bluetooth: hci0: command 0x0405 tx timeout
[ 1613.471095][T24664] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[ 1613.484637][T24664] Error validating options; rc = [-22]
[ 1613.952478][   T24] libceph: connect (1)[c::]:6789 error -101
[ 1613.965397][   T24] libceph: mon0 (1)[c::]:6789 connect error
[ 1614.107289][ T5901] usb 2-1: Using ep0 maxpacket: 8
[ 1614.115933][ T5901] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[ 1614.127533][ T5901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1614.135619][ T5901] usb 2-1: Product: syz
[ 1614.148476][ T5901] usb 2-1: Manufacturer: syz
[ 1614.153268][ T5901] usb 2-1: SerialNumber: syz
[ 1614.161089][ T5901] usb 2-1: config 0 descriptor??
[ 1614.169153][ T5901] gspca_main: sonixj-2.14.0 probing 0c45:613a
[ 1614.228480][ T1209] libceph: connect (1)[c::]:6789 error -101
[ 1614.234659][ T1209] libceph: mon0 (1)[c::]:6789 connect error
[ 1614.281234][   T24] usb 4-1: new full-speed USB device number 71 using dummy_hcd
[ 1614.356778][T24676] ubi: mtd0 is already attached to ubi31
[ 1614.457103][   T24] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[ 1614.484565][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1614.495115][   T24] usb 4-1: Product: syz
[ 1614.499615][   T24] usb 4-1: Manufacturer: syz
[ 1614.504695][   T24] usb 4-1: SerialNumber: syz
[ 1614.525964][   T24] usb 4-1: config 0 descriptor??
[ 1614.546352][   T10] usb 10-1: new high-speed USB device number 85 using dummy_hcd
[ 1614.827514][ T5888] libceph: connect (1)[c::]:6789 error -101
[ 1614.845721][ T5888] libceph: mon0 (1)[c::]:6789 connect error
[ 1614.847349][   T10] usb 10-1: Using ep0 maxpacket: 8
[ 1614.868004][   T10] usb 10-1: config 179 has an invalid interface number: 65 but max is 0
[ 1614.886029][   T10] usb 10-1: config 179 has no interface number 0
[ 1614.898212][   T10] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1614.909711][   T10] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1614.921248][   T10] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1614.932694][   T10] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1614.944404][   T10] usb 10-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1614.958120][ T5901] gspca_sonixj: reg_r err -110
[ 1614.962926][ T5901] sonixj 2-1:0.0: probe with driver sonixj failed with error -110
[ 1614.992564][   T10] usb 10-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1615.001773][   T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1615.012491][T24673] raw-gadget.2 gadget.9: fail, usb_ep_enable returned -22
[ 1615.059546][   T24] airspy 4-1:0.0: Board ID: 00
[ 1615.066968][   T24] airspy 4-1:0.0: Firmware version: 
[ 1615.133044][T24676] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1615.141014][T24676] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1615.147710][T24676] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1615.154214][T24676] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1615.161553][T24676] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1615.187188][T24681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1615.196073][T24681] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1615.295228][T24649] random: crng reseeded on system resumption
[ 1615.310533][   T30] audit: type=1400 audit(2000001197.808:4689): avc:  denied  { ioctl } for  pid=24648 comm="syz.1.5241" path="/dev/snapshot" dev="devtmpfs" ino=92 ioctlcmd=0x3313 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 1615.799648][ T5888] usb 10-1: USB disconnect, device number 85
[ 1615.799772][    C0] xpad 10-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1615.814500][    C0] dummy_hcd dummy_hcd.9: timer fired with no URBs pending?
[ 1616.139876][   T24] airspy 4-1:0.0: usb_control_msg() failed -110 request 11
[ 1616.150761][   T24] airspy 4-1:0.0: Registered as swradio24
[ 1616.156543][   T24] airspy 4-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[ 1616.172771][T24693] xt_bpf: check failed: parse error
[ 1616.415839][   T10] usb 2-1: USB disconnect, device number 75
[ 1616.831995][T22940] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1616.860189][T24667] ceph: No mds server is up or the cluster is laggy
[ 1616.913290][   T24] libceph: connect (1)[c::]:6789 error -101
[ 1616.980803][   T24] libceph: mon0 (1)[c::]:6789 connect error
[ 1617.007321][T24706] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1617.029043][T24706] overlayfs: invalid origin (00000079007a6b616c6c6572310000000000000180c2000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[ 1617.077584][   T24] usb 4-1: USB disconnect, device number 71
[ 1617.182248][T22940] Bluetooth: hci0: command 0x0405 tx timeout
[ 1617.182275][T22971] Bluetooth: hci2: command 0x0405 tx timeout
[ 1617.188443][T23076] Bluetooth: hci3: command 0x0406 tx timeout
[ 1617.200603][ T5828] Bluetooth: hci1: command 0x0405 tx timeout
[ 1617.697752][T24718] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5259'.
[ 1617.722684][T24718] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5259'.
[ 1617.788030][T24720] ubi: mtd0 is already attached to ubi31
[ 1618.851659][T24720] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1618.882952][T24720] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1619.148868][   T30] audit: type=1400 audit(2000001201.378:4690): avc:  denied  { append } for  pid=24731 comm="syz.4.5263" name="sg0" dev="devtmpfs" ino=759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[ 1619.178983][T24720] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1619.185045][T24720] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1619.196889][T24720] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1619.250503][T24732] syzkaller1: entered promiscuous mode
[ 1619.256094][T24732] syzkaller1: entered allmulticast mode
[ 1619.918507][T24744] xt_bpf: check failed: parse error
[ 1619.925689][ T5888] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[ 1620.307387][ T5888] usb 3-1: Using ep0 maxpacket: 8
[ 1620.385908][ T5888] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 1620.410386][ T5888] usb 3-1: config 179 has no interface number 0
[ 1620.523894][ T5888] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1620.686596][T24752] ubi: mtd0 is already attached to ubi31
[ 1620.689134][ T5888] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1620.703941][ T5888] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1620.716557][ T5888] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1620.807362][ T5888] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1620.857565][ T5888] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1620.947366][T22940] Bluetooth: hci1: command 0x0405 tx timeout
[ 1620.967532][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1621.033703][T24736] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1621.592911][T22940] Bluetooth: hci0: command 0x0405 tx timeout
[ 1621.599069][T22940] Bluetooth: hci2: command 0x0405 tx timeout
[ 1621.605129][T23076] Bluetooth: hci3: command 0x0406 tx timeout
[ 1621.672063][T24752] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1621.697112][T24752] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1621.852603][T24752] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1621.865418][   T10] usb 3-1: USB disconnect, device number 90
[ 1621.865465][    C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1621.880374][    C1] dummy_hcd dummy_hcd.2: timer fired with no URBs pending?
[ 1621.889181][T24752] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1622.387664][T24752] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1622.475278][   T30] audit: type=1326 audit(2000001204.968:4691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24765 comm="syz.3.5272" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff943d8e929 code=0x0
[ 1622.733388][T24773] FAULT_INJECTION: forcing a failure.
[ 1622.733388][T24773] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1622.746877][T24773] CPU: 1 UID: 0 PID: 24773 Comm: syz.9.5273 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1622.746904][T24773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1622.746916][T24773] Call Trace:
[ 1622.746922][T24773]  <TASK>
[ 1622.746930][T24773]  dump_stack_lvl+0x16c/0x1f0
[ 1622.746962][T24773]  should_fail_ex+0x512/0x640
[ 1622.746989][T24773]  _copy_from_user+0x2e/0xd0
[ 1622.747015][T24773]  memdup_user+0x6b/0xe0
[ 1622.747039][T24773]  sctp_getsockopt+0x2a0b/0x6b90
[ 1622.747061][T24773]  ? __schedule+0x1181/0x5de0
[ 1622.747089][T24773]  ? __pfx_sctp_getsockopt+0x10/0x10
[ 1622.747114][T24773]  ? avc_has_perm+0x11a/0x1c0
[ 1622.747137][T24773]  ? __pfx___schedule+0x10/0x10
[ 1622.747167][T24773]  ? sock_has_perm+0x259/0x2f0
[ 1622.747193][T24773]  ? rcu_is_watching+0x12/0xc0
[ 1622.747214][T24773]  ? irqentry_exit+0x3b/0x90
[ 1622.747237][T24773]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1622.747265][T24773]  ? __pfx_sock_common_getsockopt+0x10/0x10
[ 1622.747285][T24773]  ? __pfx_sctp_getsockopt+0x10/0x10
[ 1622.747308][T24773]  ? __pfx_sock_common_getsockopt+0x10/0x10
[ 1622.747327][T24773]  do_sock_getsockopt+0x3fc/0x800
[ 1622.747348][T24773]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1622.747365][T24773]  ? __fget_files+0x204/0x3c0
[ 1622.747407][T24773]  __sys_getsockopt+0x12f/0x260
[ 1622.747438][T24773]  __x64_sys_getsockopt+0xbd/0x160
[ 1622.747461][T24773]  ? do_syscall_64+0x91/0x4c0
[ 1622.747486][T24773]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1622.747511][T24773]  do_syscall_64+0xcd/0x4c0
[ 1622.747539][T24773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1622.747558][T24773] RIP: 0033:0x7ff25dd8e929
[ 1622.747574][T24773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1622.747590][T24773] RSP: 002b:00007ff25bbb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1622.747608][T24773] RAX: ffffffffffffffda RBX: 00007ff25dfb6160 RCX: 00007ff25dd8e929
[ 1622.747620][T24773] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000008
[ 1622.747630][T24773] RBP: 00007ff25bbb4090 R08: 0000200000000180 R09: 0000000000000000
[ 1622.747641][T24773] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1622.747651][T24773] R13: 0000000000000000 R14: 00007ff25dfb6160 R15: 00007ffc7f5231c8
[ 1622.747677][T24773]  </TASK>
[ 1622.974912][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1622.982376][T23076] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1622.992937][   T24] IPVS: starting estimator thread 0...
[ 1623.051369][   T10] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[ 1623.158941][T24774] IPVS: using max 73 ests per chain, 175200 per kthread
[ 1623.237509][   T10] usb 5-1: Using ep0 maxpacket: 32
[ 1623.293226][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1623.362528][   T10] usb 5-1: config 128 has an invalid interface number: 127 but max is 3
[ 1623.371301][   T10] usb 5-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[ 1623.537243][   T10] usb 5-1: config 128 has 1 interface, different from the descriptor's value: 4
[ 1623.556822][   T10] usb 5-1: config 128 has no interface number 0
[ 1623.563341][   T10] usb 5-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1623.702204][T24781] netlink: 'syz.3.5276': attribute type 9 has an invalid length.
[ 1623.737383][T23076] Bluetooth: hci3: command 0x0406 tx timeout
[ 1623.743444][T22940] Bluetooth: hci1: command 0x0405 tx timeout
[ 1623.897290][T23076] Bluetooth: hci2: command 0x0405 tx timeout
[ 1624.112442][   T10] usb 5-1: config 128 interface 127 has no altsetting 0
[ 1624.190408][   T10] usb 5-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[ 1624.327280][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1624.382328][   T10] usb 5-1: Product: syz
[ 1624.433272][   T10] usb 5-1: Manufacturer: syz
[ 1624.446110][   T10] usb 5-1: SerialNumber: syz
[ 1624.487028][T23076] Bluetooth: hci0: command 0x0405 tx timeout
[ 1625.793403][   T10] usb 5-1: USB disconnect, device number 80
[ 1625.972489][T24804] netlink: 'syz.3.5283': attribute type 9 has an invalid length.
[ 1625.989364][T24804] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1626.591737][   T30] audit: type=1400 audit(2000001209.078:4692): avc:  denied  { watch } for  pid=24797 comm="syz.2.5282" path="/240" dev="tmpfs" ino=1389 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1626.614378][   T30] audit: type=1400 audit(2000001209.078:4693): avc:  denied  { watch_sb } for  pid=24797 comm="syz.2.5282" path="/240" dev="tmpfs" ino=1389 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 1626.689611][T24808] netlink: 72 bytes leftover after parsing attributes in process `syz.2.5282'.
[ 1627.028158][T24814] fuse: Unknown parameter 'fd0x0000000000000003'
[ 1627.671524][T24821] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1627.698000][T24822] audit: audit_lost=3 audit_rate_limit=0 audit_backlog_limit=64
[ 1627.725419][T24821] overlayfs: invalid origin (00000079007a6b616c6c6572310000000000000180c2000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[ 1627.729384][T24822] audit: out of memory in audit_log_start
[ 1627.785080][T24825] netlink: 'syz.3.5289': attribute type 11 has an invalid length.
[ 1628.239519][   T30] audit: type=1400 audit(2000001210.688:4694): avc:  denied  { append } for  pid=24827 comm="syz.1.5290" name="rtc0" dev="devtmpfs" ino=922 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1628.352417][T24832] 9pnet_fd: Insufficient options for proto=fd
[ 1629.442052][   T30] audit: type=1400 audit(2000001210.698:4695): avc:  denied  { ioctl } for  pid=24827 comm="syz.1.5290" path="socket:[95713]" dev="sockfs" ino=95713 ioctlcmd=0xb100 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1629.467497][   T30] audit: type=1400 audit(2000001210.758:4696): avc:  denied  { accept } for  pid=24828 comm="syz.4.5292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1629.501733][T24841] netlink: 68 bytes leftover after parsing attributes in process `syz.2.5291'.
[ 1629.809562][ T1209] libceph: connect (1)[c::]:6789 error -101
[ 1629.816497][ T1209] libceph: mon0 (1)[c::]:6789 connect error
[ 1629.998538][T24832] netlink: 72 bytes leftover after parsing attributes in process `syz.4.5292'.
[ 1630.010856][T24839] ceph: No mds server is up or the cluster is laggy
[ 1630.067475][T24844] capability: warning: `syz.1.5294' uses 32-bit capabilities (legacy support in use)
[ 1630.179125][   T30] audit: type=1400 audit(2000001212.678:4697): avc:  denied  { bind } for  pid=24843 comm="syz.1.5294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 1630.277581][T24853] fuse: Unknown parameter 'fd0x0000000000000003'
[ 1632.122220][T24868] netlink: 'syz.1.5302': attribute type 8 has an invalid length.
[ 1632.752004][T24886] ubi: mtd0 is already attached to ubi31
[ 1633.639193][T24886] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1633.655216][T24886] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1633.666736][T24886] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1633.686557][T24886] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1633.697541][T24886] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1634.772103][T24911] input: syz1 as /devices/virtual/input/input33
[ 1634.787339][   T10] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[ 1634.978630][T23076] Bluetooth: hci3: ACL packet for unknown connection handle 200
[ 1635.060592][T24919] siw: device registration error -23
[ 1635.177341][T23076] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1635.411999][   T10] usb 5-1: Using ep0 maxpacket: 8
[ 1635.419431][   T10] usb 5-1: config 0 has an invalid interface number: 48 but max is 0
[ 1635.432065][   T10] usb 5-1: config 0 has no interface number 0
[ 1635.438280][   T10] usb 5-1: too many endpoints for config 0 interface 48 altsetting 120: 48, using maximum allowed: 30
[ 1635.449351][   T10] usb 5-1: config 0 interface 48 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 48
[ 1635.462697][   T10] usb 5-1: config 0 interface 48 has no altsetting 0
[ 1635.471399][   T10] usb 5-1: New USB device found, idVendor=0b48, idProduct=1009, bcdDevice=7b.54
[ 1635.490978][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1635.512529][   T10] usb 5-1: Product: syz
[ 1635.516747][   T10] usb 5-1: Manufacturer: syz
[ 1635.547266][   T10] usb 5-1: SerialNumber: syz
[ 1635.554054][   T10] usb 5-1: config 0 descriptor??
[ 1635.657473][T23076] Bluetooth: hci1: command 0x0405 tx timeout
[ 1635.662387][T24928] ubi: mtd0 is already attached to ubi31
[ 1635.737465][T22940] Bluetooth: hci0: command 0x0405 tx timeout
[ 1635.743826][T23076] Bluetooth: hci2: command 0x0405 tx timeout
[ 1635.749872][T22971] Bluetooth: hci3: command 0x0406 tx timeout
[ 1635.840150][   T10] ttusb_dec_send_command: command bulk message failed: error -22
[ 1635.973202][   T10] ttusb-dec 5-1:0.48: probe with driver ttusb-dec failed with error -22
[ 1635.985555][   T10] usb 5-1: USB disconnect, device number 81
[ 1636.370382][T24934] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5322'.
[ 1636.429362][T24928] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1636.437605][T24928] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1636.443789][T24928] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1636.451922][T24928] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1636.469530][T24928] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1636.862580][T24944] ubi: mtd0 is already attached to ubi31
[ 1637.125512][T24939] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5325'.
[ 1637.453665][T24944] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1637.737849][T24944] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1637.752619][T24944] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1637.761087][T24944] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1637.767330][T24944] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1638.345345][T24972] xt_hashlimit: max too large, truncated to 1048576
[ 1638.447778][T24975] FAULT_INJECTION: forcing a failure.
[ 1638.447778][T24975] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1638.467316][T24975] CPU: 1 UID: 0 PID: 24975 Comm: syz.3.5335 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1638.467343][T24975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1638.467353][T24975] Call Trace:
[ 1638.467359][T24975]  <TASK>
[ 1638.467367][T24975]  dump_stack_lvl+0x16c/0x1f0
[ 1638.467396][T24975]  should_fail_ex+0x512/0x640
[ 1638.467421][T24975]  _copy_from_iter+0x29f/0x16f0
[ 1638.467447][T24975]  ? __alloc_skb+0x200/0x380
[ 1638.467471][T24975]  ? __pfx__copy_from_iter+0x10/0x10
[ 1638.467494][T24975]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[ 1638.467515][T24975]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[ 1638.467546][T24975]  netlink_sendmsg+0x829/0xdd0
[ 1638.467576][T24975]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1638.467605][T24975]  ____sys_sendmsg+0xa95/0xc70
[ 1638.467626][T24975]  ? copy_msghdr_from_user+0x10a/0x160
[ 1638.467651][T24975]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1638.467682][T24975]  ___sys_sendmsg+0x134/0x1d0
[ 1638.467709][T24975]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1638.467732][T24975]  ? __lock_acquire+0x622/0x1c90
[ 1638.467788][T24975]  __sys_sendmsg+0x16d/0x220
[ 1638.467814][T24975]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1638.467856][T24975]  do_syscall_64+0xcd/0x4c0
[ 1638.467885][T24975]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1638.467902][T24975] RIP: 0033:0x7ff943d8e929
[ 1638.467917][T24975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1638.467933][T24975] RSP: 002b:00007ff944c75038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1638.467951][T24975] RAX: ffffffffffffffda RBX: 00007ff943fb5fa0 RCX: 00007ff943d8e929
[ 1638.467963][T24975] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000004
[ 1638.467974][T24975] RBP: 00007ff944c75090 R08: 0000000000000000 R09: 0000000000000000
[ 1638.467985][T24975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1638.467994][T24975] R13: 0000000000000000 R14: 00007ff943fb5fa0 R15: 00007fff87843bc8
[ 1638.468018][T24975]  </TASK>
[ 1638.827436][ T5888] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[ 1638.997902][ T5888] usb 3-1: Using ep0 maxpacket: 16
[ 1639.070585][ T5888] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1639.078498][ T5888] usb 3-1: too many configurations: 115, using maximum allowed: 8
[ 1639.100078][   T30] audit: type=1400 audit(2000001221.589:4698): avc:  granted  { setsecparam } for  pid=24983 comm="syz.1.5337" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[ 1639.147607][ T5888] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1639.165470][ T5888] usb 3-1: can't read configurations, error -61
[ 1639.177356][T23076] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1639.335401][ T5888] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[ 1639.647377][ T5888] usb 3-1: Using ep0 maxpacket: 16
[ 1639.657630][ T5888] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1639.665985][ T5888] usb 3-1: too many configurations: 115, using maximum allowed: 8
[ 1639.700265][ T5888] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1639.716966][ T5888] usb 3-1: can't read configurations, error -61
[ 1639.743289][ T5888] usb usb3-port1: attempt power cycle
[ 1639.817493][T23076] Bluetooth: hci0: command 0x0405 tx timeout
[ 1639.817511][T22940] Bluetooth: hci2: command 0x0405 tx timeout
[ 1639.817528][T22971] Bluetooth: hci3: command 0x0406 tx timeout
[ 1639.823685][T22940] Bluetooth: hci1: command 0x0405 tx timeout
[ 1640.107633][ T5888] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[ 1640.141662][ T5888] usb 3-1: Using ep0 maxpacket: 16
[ 1640.216465][ T5888] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1640.382207][ T5888] usb 3-1: too many configurations: 115, using maximum allowed: 8
[ 1640.475074][T25008] ubi: mtd0 is already attached to ubi31
[ 1640.547531][ T5888] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1640.555184][ T5888] usb 3-1: can't read configurations, error -61
[ 1640.739781][ T5888] usb 3-1: new high-speed USB device number 94 using dummy_hcd
[ 1641.047036][ T5888] usb 3-1: Using ep0 maxpacket: 16
[ 1641.061856][ T5888] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1641.078564][ T5888] usb 3-1: too many configurations: 115, using maximum allowed: 8
[ 1641.102694][ T5888] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1641.111544][ T5888] usb 3-1: can't read configurations, error -61
[ 1641.141164][ T5888] usb usb3-port1: unable to enumerate USB device
[ 1641.295672][T25008] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1641.317721][T25008] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1641.324016][T25008] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1641.330259][T25008] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1641.336513][T25008] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1641.347409][T25016] netlink: 'syz.1.5345': attribute type 11 has an invalid length.
[ 1641.977328][T23076] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1642.267741][ T5888] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[ 1642.417322][ T5888] usb 3-1: Using ep0 maxpacket: 16
[ 1642.442576][ T5888] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1642.452718][ T5888] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1642.459567][ T5888] usb 3-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[ 1642.468915][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1642.489506][T25037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5352'.
[ 1642.499022][   T30] audit: type=1400 audit(2000001224.979:4699): avc:  denied  { bind } for  pid=25031 comm="syz.3.5352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1642.510016][ T5888] usb 3-1: config 0 descriptor??
[ 1642.667331][T23076] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1642.833381][T25037] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5352'.
[ 1642.966598][ T5888] cougar 0003:060B:500A.0026: unexpected long global item
[ 1643.337524][T22940] Bluetooth: hci2: command 0x0405 tx timeout
[ 1643.337588][ T5828] Bluetooth: hci3: command 0x0406 tx timeout
[ 1643.350538][T22940] Bluetooth: hci1: command 0x0405 tx timeout
[ 1643.358437][T23076] Bluetooth: hci0: command 0x0405 tx timeout
[ 1643.578008][ T5888] cougar 0003:060B:500A.0026: parse failed
[ 1643.584000][ T5888] cougar 0003:060B:500A.0026: probe with driver cougar failed with error -22
[ 1643.807594][T22971] Bluetooth: hci3: SCO packet for unknown connection handle 201
[ 1644.067359][   T30] audit: type=1400 audit(2000001226.549:4700): avc:  denied  { ioctl } for  pid=25046 comm="syz.1.5355" path="socket:[96180]" dev="sockfs" ino=96180 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1644.655590][T25057] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1644.717504][T25058] ubi: mtd0 is already attached to ubi31
[ 1645.093174][   T24] usb 3-1: USB disconnect, device number 95
[ 1645.146883][T25064] netlink: 'syz.3.5360': attribute type 11 has an invalid length.
[ 1645.531759][T25058] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1645.537930][T25058] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1645.595600][T25058] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1645.615003][T25058] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1645.625370][T25058] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1645.691752][T25074] ubi: mtd0 is already attached to ubi31
[ 1645.887457][ T5888] usb 10-1: new full-speed USB device number 86 using dummy_hcd
[ 1645.917382][   T24] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[ 1646.005819][   T30] audit: type=1400 audit(2000001228.499:4701): avc:  denied  { read } for  pid=25075 comm="syz.4.5365" dev="sockfs" ino=96486 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1646.077323][   T24] usb 3-1: Using ep0 maxpacket: 32
[ 1646.088821][T25079] ubi: mtd0 is already attached to ubi31
[ 1646.220745][   T24] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[ 1646.229025][ T5888] usb 10-1: unable to get BOS descriptor or descriptor too short
[ 1646.239612][   T24] usb 3-1: config 0 has no interface number 0
[ 1646.241766][   T30] audit: type=1400 audit(2000001228.529:4702): avc:  denied  { mounton } for  pid=25075 comm="syz.4.5365" path="/proc/1065/cgroup" dev="proc" ino=96489 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[ 1646.247790][   T24] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1646.268737][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1646.288746][ T5888] usb 10-1: not running at top speed; connect to a high speed hub
[ 1646.393887][ T5888] usb 10-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4
[ 1646.406331][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1646.416020][ T5888] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1646.426510][ T5888] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1646.435870][ T5888] usb 10-1: Product: syz
[ 1646.440250][   T24] usb 3-1: Product: syz
[ 1646.444498][ T5888] usb 10-1: Manufacturer: syz
[ 1646.449316][   T24] usb 3-1: Manufacturer: syz
[ 1646.453918][ T5888] usb 10-1: SerialNumber: syz
[ 1646.459161][   T24] usb 3-1: SerialNumber: syz
[ 1646.467069][   T24] usb 3-1: config 0 descriptor??
[ 1646.473770][   T24] smsc95xx v2.0.0
[ 1646.842156][T25079] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1646.848713][T25079] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1646.854897][T25079] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1646.862177][T25079] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1646.868518][T25079] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1646.898969][   T24] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1646.921433][   T24] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1646.933041][ T5888] usb 10-1: 2:1 : UAC_AS_GENERAL descriptor not found
[ 1646.942024][   T24] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[ 1646.956118][   T24] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71
[ 1646.984446][   T24] usb 3-1: USB disconnect, device number 96
[ 1646.990654][ T5888] usb 10-1: USB disconnect, device number 86
[ 1647.219280][ T5901] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[ 1647.387557][ T5901] usb 4-1: Using ep0 maxpacket: 8
[ 1647.399452][ T5901] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1647.419931][ T5901] usb 4-1: config 179 has no interface number 0
[ 1647.429557][ T5901] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1647.457278][ T5901] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1647.470811][ T5901] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1647.482631][ T5901] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1647.501846][ T5901] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1647.516951][ T5901] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1647.525086][T25090] binder: 25089:25090 ioctl c00c620f 2000000002c0 returned -22
[ 1647.527518][ T5901] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1647.654805][T25085] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1648.491888][T22971] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1648.872900][T22971] Bluetooth: hci3: command 0x0406 tx timeout
[ 1648.872943][T23076] Bluetooth: hci1: command 0x0405 tx timeout
[ 1649.787986][T25107] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1649.802951][T22971] Bluetooth: hci0: command 0x0405 tx timeout
[ 1649.809167][T22971] Bluetooth: hci2: command 0x0405 tx timeout
[ 1649.897680][ T5901] usb 4-1: USB disconnect, device number 72
[ 1649.903658][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1649.903707][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1650.398729][T25116] ubi: mtd0 is already attached to ubi31
[ 1651.140884][T25116] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1651.154015][T25116] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1651.164874][T25116] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1651.180875][T25116] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1651.188566][T25116] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1651.446302][T25133] FAULT_INJECTION: forcing a failure.
[ 1651.446302][T25133] name failslab, interval 1, probability 0, space 0, times 0
[ 1651.487702][T25133] CPU: 1 UID: 0 PID: 25133 Comm: syz.1.5380 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1651.487729][T25133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1651.487739][T25133] Call Trace:
[ 1651.487745][T25133]  <TASK>
[ 1651.487752][T25133]  dump_stack_lvl+0x16c/0x1f0
[ 1651.487781][T25133]  should_fail_ex+0x512/0x640
[ 1651.487803][T25133]  ? __kvmalloc_node_noprof+0x124/0x620
[ 1651.487827][T25133]  should_failslab+0xc2/0x120
[ 1651.487851][T25133]  __kvmalloc_node_noprof+0x137/0x620
[ 1651.487872][T25133]  ? preempt_schedule_thunk+0x16/0x30
[ 1651.487892][T25133]  ? bpf_test_run_xdp_live+0x13b/0x500
[ 1651.487925][T25133]  ? bpf_test_run_xdp_live+0x13b/0x500
[ 1651.487948][T25133]  bpf_test_run_xdp_live+0x13b/0x500
[ 1651.487976][T25133]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[ 1651.488004][T25133]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1651.488036][T25133]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[ 1651.488060][T25133]  ? bpf_dispatcher_change_prog+0x54d/0xa80
[ 1651.488100][T25133]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[ 1651.488118][T25133]  ? bpf_dispatcher_xdp+0x800/0x1000
[ 1651.488134][T25133]  ? bpf_dispatcher_xdp+0x800/0x1000
[ 1651.488149][T25133]  ? bpf_dispatcher_xdp+0x800/0x1000
[ 1651.488168][T25133]  bpf_prog_test_run_xdp+0x824/0x1590
[ 1651.488192][T25133]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 1651.488226][T25133]  ? __might_fault+0xe0/0x190
[ 1651.488253][T25133]  ? fput+0x70/0xf0
[ 1651.488278][T25133]  ? __bpf_prog_get+0x97/0x2a0
[ 1651.488301][T25133]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 1651.488317][T25133]  __sys_bpf+0x1488/0x4d80
[ 1651.488342][T25133]  ? __pfx___sys_bpf+0x10/0x10
[ 1651.488363][T25133]  ? ksys_write+0x190/0x250
[ 1651.488384][T25133]  ? __mutex_unlock_slowpath+0x161/0x6a0
[ 1651.488417][T25133]  ? fput+0x70/0xf0
[ 1651.488437][T25133]  ? ksys_write+0x1ac/0x250
[ 1651.488455][T25133]  ? __pfx_ksys_write+0x10/0x10
[ 1651.488476][T25133]  __x64_sys_bpf+0x78/0xc0
[ 1651.488495][T25133]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1651.488521][T25133]  do_syscall_64+0xcd/0x4c0
[ 1651.488544][T25133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1651.488559][T25133] RIP: 0033:0x7f2cab18e929
[ 1651.488571][T25133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1651.488585][T25133] RSP: 002b:00007f2cabf4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1651.488600][T25133] RAX: ffffffffffffffda RBX: 00007f2cab3b5fa0 RCX: 00007f2cab18e929
[ 1651.488610][T25133] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 1651.488619][T25133] RBP: 00007f2cabf4a090 R08: 0000000000000000 R09: 0000000000000000
[ 1651.488627][T25133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1651.488636][T25133] R13: 0000000000000000 R14: 00007f2cab3b5fa0 R15: 00007ffc407ede18
[ 1651.488656][T25133]  </TASK>
[ 1651.849572][ T5901] usb 10-1: new full-speed USB device number 87 using dummy_hcd
[ 1651.998610][T25143] ubi: mtd0 is already attached to ubi31
[ 1652.173002][T25145] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[ 1652.186629][T25145] Error validating options; rc = [-22]
[ 1652.872982][ T5901] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1652.932583][ T5901] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[ 1653.062493][T25143] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1653.068667][ T5901] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1653.224950][T22971] Bluetooth: hci1: command 0x0405 tx timeout
[ 1653.243101][T23076] Bluetooth: hci3: command 0x0406 tx timeout
[ 1653.253247][T25155] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1653.268079][T22971] Bluetooth: hci0: command 0x0405 tx timeout
[ 1653.274234][T22971] Bluetooth: hci2: command 0x0405 tx timeout
[ 1654.068158][ T5901] usb 10-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 1654.087269][ T5901] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1654.095974][T25143] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1654.124880][ T5901] usb 10-1: Product: syz
[ 1654.125120][T25143] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1654.136050][ T5901] usb 10-1: Manufacturer: syz
[ 1654.136074][T25143] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1654.146979][ T5901] usb 10-1: SerialNumber: syz
[ 1654.152793][T25143] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1654.164717][ T5901] usb 10-1: config 0 descriptor??
[ 1654.168257][T25161] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1654.172176][T25137] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[ 1654.217910][ T5901] usb 10-1: ucan: probing device on interface #0
[ 1654.224272][ T5901] usb 10-1: ucan: invalid EP count (1)
[ 1654.246473][ T5901] usb 10-1: ucan: probe failed; try to update the device firmware
[ 1654.298171][ T5901] usb 10-1: USB disconnect, device number 87
[ 1654.415771][T25175] ubi: mtd0 is already attached to ubi31
[ 1654.683400][T25185] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5395'.
[ 1655.324592][T25176] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1655.333475][T25176] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1655.339886][T25176] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1655.346127][T25176] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1655.352985][T25176] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1655.571406][ T5828] Bluetooth: hci3: ACL packet for unknown connection handle 201
[ 1656.181128][T25204] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1656.324620][   T24] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[ 1656.537300][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1656.559383][T25207] netlink: 'syz.2.5400': attribute type 11 has an invalid length.
[ 1656.617493][   T24] usb 4-1: Using ep0 maxpacket: 16
[ 1656.630554][   T24] usb 4-1: config 0 has no interfaces?
[ 1656.686146][   T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1656.736448][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1656.765673][   T24] usb 4-1: Product: syz
[ 1656.780715][   T24] usb 4-1: Manufacturer: syz
[ 1656.796507][   T24] usb 4-1: SerialNumber: syz
[ 1656.925985][   T24] usb 4-1: config 0 descriptor??
[ 1657.060578][   T30] audit: type=1400 audit(2000001239.559:4703): avc:  denied  { connect } for  pid=25211 comm="syz.9.5403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1657.065078][T25216] netlink: 256 bytes leftover after parsing attributes in process `syz.2.5404'.
[ 1657.092041][T25216] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5404'.
[ 1657.135100][T25219] netlink: 'syz.9.5403': attribute type 17 has an invalid length.
[ 1657.143352][T25219] netlink: 5 bytes leftover after parsing attributes in process `syz.9.5403'.
[ 1657.154958][T25219] macvtap0: entered allmulticast mode
[ 1657.167155][   T24] usb 4-1: USB disconnect, device number 73
[ 1657.167238][T25219] veth0_macvtap: entered allmulticast mode
[ 1657.173809][T25219] A link change request failed with some changes committed already. Interface macvtap0 may have been left with an inconsistent configuration, please check.
[ 1657.182789][T25189] Bluetooth: MGMT ver 1.23
[ 1657.417639][ T5828] Bluetooth: hci0: command 0x0405 tx timeout
[ 1657.423730][ T5828] Bluetooth: hci2: command 0x0405 tx timeout
[ 1657.429850][T22971] Bluetooth: hci3: command 0x0406 tx timeout
[ 1657.435905][T22971] Bluetooth: hci1: command 0x0405 tx timeout
[ 1658.259750][ T5901] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[ 1659.347287][ T5901] usb 4-1: Using ep0 maxpacket: 8
[ 1659.395304][ T5901] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1659.599172][T25242] siw: device registration error -23
[ 1659.848049][ T5901] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[ 1659.858009][ T5901] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1659.867449][ T5901] usb 4-1: config 0 descriptor??
[ 1659.875057][ T5901] gspca_main: vc032x-2.14.0 probing 046d:0892
[ 1660.700607][T25255] netlink: 'syz.1.5416': attribute type 11 has an invalid length.
[ 1661.141396][T25266] binder: 25265:25266 ioctl c00c620f 2000000002c0 returned -22
[ 1662.293647][ T5901] gspca_vc032x: reg_r err -110
[ 1662.298738][ T5901] vc032x 4-1:0.0: probe with driver vc032x failed with error -110
[ 1662.685252][T15995] usb 4-1: USB disconnect, device number 74
[ 1664.820661][ T5828]  non-paged memory
[ 1664.827391][ T5828] list_del corruption, ffff888083761180->next is LIST_POISON1 (dead000000000100)
[ 1664.877391][ T5828] ------------[ cut here ]------------
[ 1664.882932][ T5828] kernel BUG at lib/list_debug.c:56!
[ 1664.933912][ T5828] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[ 1664.940371][ T5828] CPU: 1 UID: 0 PID: 5828 Comm: kworker/u9:5 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[ 1664.952517][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1664.962570][ T5828] Workqueue: hci0 hci_conn_timeout
[ 1664.967688][ T5828] RIP: 0010:__list_del_entry_valid_or_report+0x121/0x200
[ 1664.974715][ T5828] Code: 48 c7 c7 20 7d 15 8c e8 4d 5d b9 fc 90 0f 0b 4c 89 e7 e8 32 09 1e fd 4c 89 e2 48 89 de 48 c7 c7 80 7d 15 8c e8 30 5d b9 fc 90 <0f> 0b 48 89 ef e8 15 09 1e fd 48 89 ea 48 89 de 48 c7 c7 e0 7d 15
[ 1664.994326][ T5828] RSP: 0018:ffffc90003a0fb78 EFLAGS: 00010282
[ 1665.000391][ T5828] RAX: 000000000000004e RBX: ffff888083761180 RCX: ffffffff819b00b9
[ 1665.008356][ T5828] RDX: 0000000000000000 RSI: ffffffff819b7f46 RDI: 0000000000000005
[ 1665.016324][ T5828] RBP: dead000000000122 R08: 0000000000000005 R09: 0000000000000000
[ 1665.024294][ T5828] R10: 0000000080000000 R11: 000000000008b938 R12: dead000000000100
[ 1665.032270][ T5828] R13: dffffc0000000000 R14: ffff888053c5c618 R15: ffff888083761180
[ 1665.040263][ T5828] FS:  0000000000000000(0000) GS:ffff888124853000(0000) knlGS:0000000000000000
[ 1665.049198][ T5828] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1665.055790][ T5828] CR2: 00007fb7da494f98 CR3: 000000007e73a000 CR4: 00000000003526f0
[ 1665.063756][ T5828] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1665.071712][ T5828] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1665.079668][ T5828] Call Trace:
[ 1665.082937][ T5828]  <TASK>
[ 1665.085853][ T5828]  _hci_cmd_sync_cancel_entry.constprop.0+0x80/0x1d0
[ 1665.092536][ T5828]  hci_cancel_connect_sync+0xfa/0x2b0
[ 1665.097899][ T5828]  hci_abort_conn+0x15a/0x340
[ 1665.102578][ T5828]  hci_conn_timeout+0x1a2/0x210
[ 1665.107435][ T5828]  process_one_work+0x9cc/0x1b70
[ 1665.112393][ T5828]  ? __pfx_process_one_work+0x10/0x10
[ 1665.117774][ T5828]  ? assign_work+0x1a0/0x250
[ 1665.122357][ T5828]  worker_thread+0x6c8/0xf10
[ 1665.126950][ T5828]  ? __pfx_worker_thread+0x10/0x10
[ 1665.132045][ T5828]  kthread+0x3c2/0x780
[ 1665.136098][ T5828]  ? __pfx_kthread+0x10/0x10
[ 1665.140674][ T5828]  ? rcu_is_watching+0x12/0xc0
[ 1665.145428][ T5828]  ? __pfx_kthread+0x10/0x10
[ 1665.150001][ T5828]  ret_from_fork+0x5d4/0x6f0
[ 1665.154580][ T5828]  ? __pfx_kthread+0x10/0x10
[ 1665.159151][ T5828]  ret_from_fork_asm+0x1a/0x30
[ 1665.163907][ T5828]  </TASK>
[ 1665.166927][ T5828] Modules linked in:
[ 1665.170860][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1665.177434][ T5828] ---[ end trace 0000000000000000 ]---
[ 1665.357737][ T5828] RIP: 0010:__list_del_entry_valid_or_report+0x121/0x200
[ 1665.388291][ T5828] Code: 48 c7 c7 20 7d 15 8c e8 4d 5d b9 fc 90 0f 0b 4c 89 e7 e8 32 09 1e fd 4c 89 e2 48 89 de 48 c7 c7 80 7d 15 8c e8 30 5d b9 fc 90 <0f> 0b 48 89 ef e8 15 09 1e fd 48 89 ea 48 89 de 48 c7 c7 e0 7d 15
[ 1665.409768][ T5828] RSP: 0018:ffffc90003a0fb78 EFLAGS: 00010282
[ 1665.428971][ T5828] RAX: 000000000000004e RBX: ffff888083761180 RCX: ffffffff819b00b9
[ 1665.448132][ T5828] RDX: 0000000000000000 RSI: ffffffff819b7f46 RDI: 0000000000000005
[ 1665.461292][ T5828] RBP: dead000000000122 R08: 0000000000000005 R09: 0000000000000000
[ 1665.473853][ T5828] R10: 0000000080000000 R11: 000000000008b938 R12: dead000000000100
[ 1665.502266][ T5828] R13: dffffc0000000000 R14: ffff888053c5c618 R15: ffff888083761180
[ 1665.513283][ T5828] FS:  0000000000000000(0000) GS:ffff888124753000(0000) knlGS:0000000000000000
[ 1665.538291][ T5828] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1665.559287][ T5828] CR2: 00007ff944c33d58 CR3: 0000000037787000 CR4: 00000000003526f0
[ 1665.633911][ T5828] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1665.642203][ T5828] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1665.656621][ T5828] Kernel panic - not syncing: Fatal exception
[ 1665.662887][ T5828] Kernel Offset: disabled
[ 1665.667289][ T5828] Rebooting in 86400 seconds..