last executing test programs:

2m24.656259794s ago: executing program 32 (id=1545):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf"], 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000000000000000000002"])
ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x5})
r3 = eventfd2(0x0, 0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3})
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000100)=ANY=[])
ioctl$KVM_CAP_X2APIC_API(r2, 0x4068aea3, &(0x7f0000000180)={0x81, 0x0, 0x1})
write$eventfd(r3, &(0x7f00000000c0)=0x33482a89, 0x8)
syz_usb_connect$cdc_ncm(0x6, 0x7a, &(0x7f0000001040)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x68, 0x2, 0x1, 0x58, 0x40, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x4, 0x3, 0x6}, {0x6, 0x24, 0x1a, 0x101, 0x30}, [@mbim={0xc, 0x24, 0x1b, 0xa938, 0x0, 0x7, 0xd0, 0x6, 0xc}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x1, 0x9, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x1, 0x7, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x8, 0xbe, 0x80}}}}}}}]}}, &(0x7f0000001580)={0xa, &(0x7f00000010c0)={0xa, 0x6, 0x50, 0x9, 0x2, 0xfb, 0x8, 0x6}, 0x62, &(0x7f0000001100)={0x5, 0xf, 0x62, 0x5, [@ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x4, 0x3, 0x7, 0x7, 0x3, 0x6e}, @ssp_cap={0x24, 0x10, 0xa, 0xa, 0x6, 0x8, 0xf1e, 0x7, [0x0, 0x30, 0xff0000, 0xc000, 0xf, 0xff000f]}, @wireless={0xb, 0x10, 0x1, 0x4, 0x71, 0x1d, 0x4, 0x7, 0xa}, @ssp_cap={0x20, 0x10, 0xa, 0x7f, 0x5, 0x3, 0xf00, 0x6, [0xff3f00, 0x3f00, 0xf, 0x0, 0xff000f]}]}, 0x8, [{0x8e, &(0x7f0000001180)=@string={0x8e, 0x3, "ddc0f14ee2f11869064a38291d9bc52ce76adb3783e2b5a7fba09d2ab2769c30364e46a68c23e1d8ba140658c653d46b8ad4d3e0a6b6fc3a4c4fc32bf055bfc5523b8da6e0b3d1a4c22e26edd6e01a9b4d04006fa491107237ba402d59a8edd175334913a884bbe27ef9d9652cae2d2b6cf2380b204d6fdad497433f3cbdcd83176403d0a38c5dbd2d9e838c"}}, {0x53, &(0x7f0000001240)=@string={0x53, 0x3, "612d748d58a737417ec7f87f7ae6f9eccc678701cb22c287d74e9e421745fb89e88053f21de1ec067187d570c3a5810f97683759ec124c97ec750f2e435a571ab6c79dfc484ba4850868601337b8ea4f39"}}, {0x2d, &(0x7f00000012c0)=@string={0x2d, 0x3, "81a235c933301034b6219062f4f17d15aa46691f77737e62c0b2b203d382fbb0bb7d239a68ef45e31879fa"}}, {0x4, &(0x7f0000001300)=@lang_id={0x4, 0x3, 0x40a}}, {0x4, &(0x7f0000001340)=@lang_id={0x4, 0x3, 0x2801}}, {0x85, &(0x7f0000001380)=@string={0x85, 0x3, "5314ced10ffa525ccbc0e63946282bae081faa7ac6f1b57748829ac6ee9797a4506453423c7dcf77ad9f559895f10103766af49ac5ca73464f1d1a623d24574f4ba85a28a08012a342ab06b99568fa5fb4ea3ca2e578bff0c213a0e079a9b426010281c7b6cf4e6f1cdd58cfc07fddf2892120098dc71da5f8ee8a96855e4eda141a0d"}}, {0x4, &(0x7f0000001440)=@lang_id={0x4, 0x3, 0xa387a99b29f03e18}}, {0xdb, &(0x7f0000001480)=@string={0xdb, 0x3, "efc6fe158e29d110ef2c894b7f66b5b23aecf5d6b4419f87155ca708f66c14e5f18daf96fcf6f09b243fdbc14268e4b8ba88f3e816727679c33823908b244f850f133497fbf2100cbcdafb51b5522f02ff987db5a2d0599effca2fc6c9b82a492e5ab6dbe607f67244f89e1979916667489e56b80869195b3242c2e4eab5c85743bb2bcf3466463691f36af69a24af7cda1b184af377ee37776e96947c09d1439e7c594a519e8df708fbe3ed98f6ae7656e34fe567835da00f039d63eae34649a7008ed22d5e0223411d3c56b94836f0e4afa0ecd8cc145cf9"}}]})
r4 = dup(r0)
write$UHID_INPUT(r4, &(0x7f0000000000)={0xfc, {"fce3ad0eed0d07f91b5e091887f70706d038e7ff7fc6e5539b0d3c0a8b089b3f383163030890e0879b0af8c6e70a9b334a959b669a240d0a0af3988f7ef319520100ffe8d178708c523c921b1b503107200773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)

2m18.649185701s ago: executing program 33 (id=1582):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0)
r0 = socket(0x2, 0x3, 0xff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x4e21, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xf38}], 0x1c)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4084004}, 0x10000)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x4}, 0x10)
sendto$inet(r0, &(0x7f0000000280)="12f0dda7f17f60b7c78be42301125e6cb51c467f", 0x14, 0x800, &(0x7f00000001c0)={0x2, 0x4e22, @multicast2}, 0x10)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
shmat(0xffffffffffffffff, &(0x7f0000708000/0x1000)=nil, 0x6000)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x20)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)

2m18.629338961s ago: executing program 34 (id=1579):
r0 = semget$private(0x0, 0x20000000102, 0x0)
semctl$SEM_STAT(r0, 0x2, 0x12, &(0x7f0000000040)=""/177)
semop(0xffffffffffffffff, &(0x7f0000000240), 0x0)
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000680)=[0x7, 0x7f, 0x1, 0x9d])
r1 = semget$private(0x0, 0x0, 0xc1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f00000004c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0xfff6}, 0x40, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc6})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x1, 0x0, 0x0, 0x0)
execve(0x0, 0x0, 0x0)
openat$dsp1(0xffffffffffffff9c, 0x0, 0x400080, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x4)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000380), 0x602280, 0x0)
r5 = syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x842)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000340)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r5}})
r7 = dup(r4)
write$UHID_INPUT(r7, &(0x7f00000009c0)={0xf, {"a2e3ad214fc752f90b5e09094bf70e0dd038e7ff7fc6e5539b1b48078b089b3b0838721a0890e0878f0e1ac6e7049b3d6c959b4c9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31320d07420736cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e2c5070000179c6f30e065cd5b91cd0ae17d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3bb469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918070000003f0000000c558cdc0a3621c56cea8d20fa911afe40db6ebe8cac64289fd3da232f1b5dbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860421c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000e0a37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2f09000000000000007747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847354b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d483d4675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516ab68032f88c042ffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d95f2e8c77d95a3d3a6df40babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9d1a3d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f39a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdfa1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60559516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442748af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000001c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500", 0x1009}}, 0x1006)
syz_emit_ethernet(0x3e, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaa59e0abe22112e7e5addee3ab6de7ecefaaaaaaaaaaaaaaaa2786dd603000bb00082b00fc020000000000000000000001000000fe8000000000000000de0b00000000aa00009a030000089078"], 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r8 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000340)={'hsr0\x00', <r9=>0x0})
bind$packet(r8, &(0x7f0000000000)={0x11, 0x3, r9, 0x1, 0x0, 0x6, @local}, 0x14)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r9, {0xc}, {0xfff3, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4040040}, 0x20040000)

2m17.504702431s ago: executing program 35 (id=1586):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x3)
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, 0x0, 0x0)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10)
sendfile(r2, r1, 0x0, 0x20000023893)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xa6}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_SET_LINK_TOL(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, 0x0, 0x1, 0x70bd26, 0x25dfdbfd, {{}, {}, {0x0, 0x18, {0x10, @bearer=@l2={'eth', 0x3a, 'wlan1\x00'}}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r2, 0x8982, &(0x7f00000000c0)={0x1, 'batadv_slave_0\x00'})
pidfd_send_signal(0xffffffffffffffff, 0x11, 0x0, 0x4)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@float={0xf, 0x0, 0x0, 0x10, 0xc}]}}, &(0x7f0000000100)=""/141, 0x26, 0x8d, 0x1, 0x7}, 0x28)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0)
getsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f00000003c0)={0x0, 'bond0\x00', {0x1}, 0xfff})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x78, 0x9, 0x6, 0x801, 0x0, 0x0, {0x2, 0x0, 0xfffd}, [@IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x38, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @local}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARKMASK={0x8}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x11}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x4}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0xcb58c9f2fa78421b}, 0x40c0080)
sendmsg$IPSET_CMD_PROTOCOL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="2402d11df7baa40f8f000000000000000500000105000100070000000500010007000000"], 0x24}, 0x1, 0x0, 0x0, 0x8080}, 0x4000000)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x2)

2m16.426215917s ago: executing program 36 (id=1588):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$IPSET_CMD_GET_BYNAME(0xffffffffffffffff, 0x0, 0x800)
readlink(0x0, 0x0, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, 0x0)
ioctl$TCFLSH(r3, 0x400455c8, 0x4)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000180))
socket$nl_route(0x10, 0x3, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x18, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000bc000000000000000fe4000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000000000c0000000008500000083000000bf0900000000000055090100000000009500000000000000851000000800000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000090000008500000006000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x9, 0xdb, &(0x7f00000005c0)=""/219, 0x40f00, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x7, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xb, 0xf, 0x7fffffff}, 0x10, 0x0, 0x0, 0x3, &(0x7f00000002c0)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000003c0)=[{0x1, 0x3, 0xb, 0xb}, {0x2, 0x3, 0x9, 0x2}, {0x0, 0x2, 0xf, 0x4}], 0x10, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000009c0)={r4, 0x0, 0x66, 0x26, &(0x7f0000000780)="7dd68d8f634285f015213b854481901e25345bec98f90db98ec1f68fd03b77a6988d3e97865f4e509b69cd167fb8b85f79f9516bb6bd17c000c1f6343b2a7946fb0522206eb8fa4a1a7654f14521ecd4459388abc8ef88756c4a9f965389c3df9feab2786ad6", &(0x7f0000000540)=""/38, 0x5, 0x0, 0xde, 0xb8, &(0x7f0000000800)="fb8ac9481caa2412cc0c96cc2fae9ce025f11b62c1b1869ab48d40804e46f0a343c2bf5b0d93614b54714bc3bc4aa19a434fbf6d4187a2135cd94c0d48cf2e912e37bc6eba73ee211ce1076860b465dd08c066c039e9b677886942759c3ae92c4bd58e03a017e16839c03f1ee5403d1fb815b75f4eb21e9af7ca0227cd11f83ddb73a92efa30a5fe5b2c52d03dc726c82310d747cf52a6921715ed88e967981b9217436c74b6ce6dffd8c457f6200e60491324313111aa11617b24343518a5b83a8940b028842bf3ee42398a51aead8c04bd28f130575fe683b244952c73", &(0x7f0000000900)="637fbf06fa03abe6d49e1a8fc6a4ce5e66f0bf0b4cc38caaffa7f9bd36edec88be70129f57298679c3318eae2850b2275ad5c6d912eb8778dfcad52f9b9ecc4fb4837d30665ba9198983abd411d41d1915a609354f8017abc59cbc99ac6a4b755edc828ef2e0e01504c2198c8ea028d799411aba9525b987ccbc6c501e71372d40dade9493737c11252373729cb8d1f89e0bf8b49a72123e6bf0b2c802fa8da1b89589b1d5adbf9c0fab53bc4a1127e52b9fd51f19385a95", 0x0, 0x0, 0xf5}, 0x50)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000a80)={{0x1, 0x1, 0x18, <r5=>r1, {0x1}}, './cgroup\x00'})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000ac0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000b00)=0x14)
connect$packet(r5, &(0x7f0000000b40)={0x11, 0xf8, r6, 0x1, 0x1, 0x6, @local}, 0x14)
mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0, 0x2172, 0xffffffffffffffff, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000340), r7)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x4, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000974db0fc00000000000000008500000027000000850000007d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, &(0x7f0000000a40), 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r9, 0x0, 0xe, 0x0, &(0x7f0000000580)="e0274239fa311786a26494137b8b", 0x0, 0x400002, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$NLBL_CIPSOV4_C_ADD(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="08010000", @ANYRES16=r8, @ANYBLOB="0100000000000000000001000000080001000000000014000480050003000000000005000300000000000800020001000000d00008"], 0x108}}, 0x0)

2m7.12467648s ago: executing program 37 (id=1591):
r0 = fsopen(&(0x7f0000000100)='gadgetfs\x00', 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, 0x0, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
socket$inet(0x2, 0x801, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20802, 0x0)
ioctl$TCXONC(r4, 0x540a, 0x2)
socket$alg(0x26, 0x5, 0x0)
r5 = socket$phonet(0x23, 0x2, 0x1)
rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r6 = gettid()
r7 = getpid()
rt_tgsigqueueinfo(r7, r6, 0x7, &(0x7f0000000080)={0x0, 0x0, 0x4})
r8 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0xfffffffffffffffe]}, 0x8)
read(r8, &(0x7f0000000740)=""/384, 0x200008c0)
ioctl$SIOCPNDELRESOURCE(r5, 0x89ef, 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, 0x0, 0x0, 0xffffffffffffffff)
close(0xffffffffffffffff)
sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000003c0)="d800000018007b18e00212ba0d8105040a0a1100fe0f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b01602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5", 0xd2}, {&(0x7f00000004c0)="f80ec2e2badd", 0x6}], 0x2, 0x0, 0x0, 0x2663}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x3)
migrate_pages(0x0, 0xfc, &(0x7f0000000200)=0x8000000000000001, &(0x7f0000000240)=0x1)

2m1.618354235s ago: executing program 38 (id=1592):
r0 = syz_open_pts(0xffffffffffffffff, 0x10000)
ioctl$BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0) (async)
r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000000000)={0x7, 0x4d, 0x2}, 0x7) (async)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r3=>r2, {<r4=>r1}}, './file0\x00'})
ioctl$sock_inet_SIOCGIFBRDADDR(r3, 0x8919, &(0x7f0000000080)={'nr0\x00', {0x2, 0x0, @remote}}) (async)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/custom0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) (async)
ioctl$EVIOCGID(r3, 0x80084502, &(0x7f0000000100)=""/41) (async)
ioctl$LOOP_SET_BLOCK_SIZE(r4, 0x4c09, 0x2) (async)
r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) (async)
ioctl$SNDRV_PCM_IOCTL_FORWARD(r4, 0x40084149, &(0x7f0000000180)=0x400) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000001c0)={'vxcan1\x00'})
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), r4)
sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)={0x13c, r7, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x54, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'wlan0\x00'}}, @TIPC_NLA_BEARER_NAME={0x9, 0x1, @l2={'eth', 0x3a, '\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xf4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2f96746c}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}]}, @TIPC_NLA_PUBL={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x41}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfffffffa}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x401}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}]}, @TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x800}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x58f}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xb}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0xe}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x4844}, 0x8010) (async)
fcntl$F_SET_RW_HINT(r3, 0x40c, &(0x7f0000000440))
setns(r1, 0x18000080) (async)
ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000500)={0xa20000, 0x6, 0x2, r4, 0x0, &(0x7f00000004c0)={0x9b0908, 0x3, '\x00', @p_u8=&(0x7f0000000480)=0x2}}) (async)
openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async)
r8 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000580), 0x580, 0x0)
ioctl$TIOCGWINSZ(r8, 0x5413, &(0x7f00000005c0)) (async)
syz_open_dev$usbmon(&(0x7f0000000600), 0x2, 0xc00) (async)
mkdirat(r4, &(0x7f0000000640)='./file0\x00', 0x20) (async)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000006c0)=@generic={&(0x7f0000000680)='./file0\x00', 0x0, 0x10}, 0x18) (async)
ioctl$UI_SET_SWBIT(r4, 0x4004556d, 0x8)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000740), r3)
sendmsg$DEVLINK_CMD_TRAP_SET(r8, &(0x7f0000000a40)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000a00)={&(0x7f0000000780)={0x268, r9, 0x10, 0x70bd2d, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}]}, 0x268}, 0x1, 0x0, 0x0, 0x880}, 0x5) (async)
r10 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000a80), 0x2, 0x0)
write$selinux_create(r10, &(0x7f0000000ac0)=@objname={'system_u:object_r:iptables_initrc_exec_t:s0', 0x20, '/usr/sbin/cups-browsed', 0x20, 0xb, 0x20, './file0\x00'}, 0x60)

2m0.884709436s ago: executing program 39 (id=1594):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000002c0)=0x1)
capset(&(0x7f0000000c00)={0x20080522}, 0x0)
ioctl$TIOCSETD(r3, 0x5423, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x3b8, 0x1d8, 0x12, 0x60d, 0x0, 0x202, 0x2e8, 0x2e8, 0x2e8, 0x2e8, 0x2c0, 0x4, 0x0, {[{{@ipv6={@private1, @remote, [], [], 'tunl0\x00', 'macsec0\x00'}, 0x0, 0x190, 0x1d8, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "000000165a8c2e0617ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f672225d6147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac05a602061c96baebc989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b5", 0x7, 0x2}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x110, 0x0, {}, [@common=@hl={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x16, 0xe, {0x8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x418)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000020301d82356b40000000000000000000800010001"], 0x1c}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='mm_page_alloc\x00', r6}, 0x10)
openat$incfs(0xffffffffffffffff, 0x0, 0x7b16c1, 0x9c37611dc13d0d83)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000040)={0x80, 0x8, 0x7ff, 0x0, 0x0, 0xf421, 0x0})

2m0.859008024s ago: executing program 40 (id=1597):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000000c0)=0x13)
syz_usb_connect(0x0, 0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="0a01000005af9e08d2106528c9a4000000010902120001000000000904"], 0x0)
write(r0, &(0x7f0000000000)='1', 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
socket$alg(0x26, 0x5, 0x0)
socket$inet6(0xa, 0x1, 0xfffffff9)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000300)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x1})
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ff2000/0xe000)=nil, 0xe000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r6, 0xc020aa08, &(0x7f0000000100)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x1})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './mnt\x00'}, 0x6e)
r7 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r7, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r7, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x1a000}}, 0x0)
read(r7, &(0x7f0000000a40)=""/4096, 0xfdef)

1m59.94333914s ago: executing program 41 (id=1598):
ioctl$BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r4, 0xc0405665, &(0x7f0000000280)={0x7, 0x2})
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r5 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f00000000c0)={0x1d, r6, 0x8000000000000003, {}, 0xfd}, 0x18)
sendmsg$nl_route_sched(r5, 0x0, 0x480c5)
close(r5)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x3b, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x1e, 0x9, 0x78, 0x3, 0x7fffffff, 0xd, 0x2, 0x2, 0xca9e}}}}]}, 0x58}}, 0x4000010)

1m48.090294326s ago: executing program 42 (id=1603):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, 0x0, 0x4000080)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f3d000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000006c0), 0x3, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xf, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="00ad3504b6000000b70000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
unshare(0x64000600)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = dup(0xffffffffffffffff)
getsockopt$inet_buf(r6, 0x118, 0x4, 0x0, &(0x7f00000003c0))
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r6, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x18, 0x140b, 0x600, 0x70bd2a, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x5}]}, 0x18}, 0x1, 0x0, 0x0, 0x1}, 0x200000c0)
openat$cgroup_procs(r5, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r7 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$PIO_UNIMAP(r7, 0x4b67, &(0x7f00000005c0)={0x2, &(0x7f0000000580)=[{0x5, 0x3}, {0xa1}]})
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4f0, 0x340, 0x25, 0x148, 0x0, 0x60, 0x458, 0x2a8, 0x2a8, 0x458, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x44, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x4}}, @common=@unspec=@statistic={{0x38}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8000, 'syz0\x00', {0x481c}}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x550)

1m44.21507653s ago: executing program 43 (id=1608):
r0 = socket$packet(0x11, 0x2, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRES32=r0, @ANYRESOCT=r0, @ANYRES8=r0, @ANYRESOCT=r0], 0x50)
r1 = socket(0x3, 0xa, 0x8005)
sched_setscheduler(0x0, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xdfc0}, 0x0)
r2 = creat(&(0x7f0000000340)='./file0\x00', 0x0)
close(r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x10200c2, &(0x7f0000000cc0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}})
connect$unix(r3, &(0x7f0000000440)=@file={0x0, './file0\x00'}, 0x6e)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20802, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSBRKP(r4, 0x5425, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/partitions\x00', 0x0, 0x0)
ioctl$TCSETSF(r4, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x100, 0x0, 0x0, "7a58beca3900000000000000000000000200"})
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
shutdown(r5, 0x1)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x1f, &(0x7f000001f5c0)={0x0, @in6={{0xa, 0x4e23, 0x80000000, @empty, 0xc08}}, 0x6b, 0x800}, 0x90)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
syz_io_uring_setup(0x2b06, &(0x7f0000000040), &(0x7f0000ffd000), &(0x7f0000ffe000))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000032680)=""/102400, 0x19000)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x8, 0x3, 0x4c0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f0, 0xffffffff, 0xffffffff, 0x3f0, 0xffffffff, 0xb, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1c8, 0x230, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@set2={{0x28}, {{0x0, 0x40}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

1m40.57656635s ago: executing program 44 (id=1615):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
ioctl$TCSETA(r7, 0x5406, 0x0)
clock_nanosleep(0x0, 0x1, &(0x7f0000000280)={0x77359400}, 0x0)
write$UHID_INPUT(r7, 0x0, 0x0)
io_uring_setup(0x5f4f, &(0x7f00000003c0)={0x0, 0x804, 0x2, 0x1000000, 0xfffbfffe, 0x0, r7})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r7, 0x0, 0x1c, 0x0, &(0x7f0000000000)="dc396f0757cf3a8300af3c48d096fbe23092304501ab92a9f029620c", 0x0, 0x3, 0x0, 0xb6, 0x58, &(0x7f0000000400)="69cc74f887124819bca975ceddd4e909c58cc1bb771ca628bf9a11953b76f2a4eaef3ac7881cfeca13a4c3ed45b7373c2c110630b52634ea43df07b269ae8dfcd6515a337f90922bd5f3d026482265d9a4b9ba08da3b710d0a0b554891330d774fa06aecf1aab62d8bc58b72c30b4f034c115614310273b178954af1fd4095e777ff7b7a3987d76010fb67d27bbca2e25017c4757ed3660ce28a577ab432d26bc994cd9561edcc362e55fc61db9f7821581620a169d8", &(0x7f00000000c0)="1ad122a71df0debdb5507ac3c6ef050064a20f173a194d827b5a3beacbb65f067b2ed01518edf62cdd6ff359f7f80bac719c2756e24a1730792c7bfadaa224fbb79d37791e3737074c1cc7056ec870a44988a0b2a578d2ad", 0x2, 0x0, 0x9}, 0x50)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000580)={0x2c, r5, 0x1, 0x40, 0x0, {0x3, 0x0, 0x3f00}, [@TIPC_NLA_BEARER={0x18, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'vlan0\x00'}}]}]}, 0x2c}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r8 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x3000000, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000080)=0x2)
socket$igmp6(0xa, 0x3, 0x2)

1m40.555353312s ago: executing program 45 (id=1614):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
ioctl$TCSETA(r7, 0x5406, 0x0)
clock_nanosleep(0x0, 0x1, &(0x7f0000000280)={0x77359400}, 0x0)
write$UHID_INPUT(r7, 0x0, 0x0)
io_uring_setup(0x5f4f, &(0x7f00000003c0)={0x0, 0x804, 0x2, 0x1000000, 0xfffbfffe, 0x0, r7})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r7, 0x0, 0x1c, 0x0, &(0x7f0000000000)="dc396f0757cf3a8300af3c48d096fbe23092304501ab92a9f029620c", 0x0, 0x3, 0x0, 0xb0, 0x58, &(0x7f0000000400)="69cc74f887124819bca975ceddd4e909c58cc1bb771ca628bf9a11953b76f2a4eaef3ac7881cfeca13a4c3ed45b7373c2c110630b52634ea43df07b269ae8dfcd6515a337f90922bd5f3d026482265d9a4b9ba08da3b710d0a0b554891330d774fa06aecf1aab62d8bc58b72c30b4f034c115614310273b178954af1fd4095e777ff7b7a3987d76010fb67d27bbca2e25017c4757ed3660ce28a577ab432d26bc994cd9561edcc362e55fc61db9f7821", &(0x7f00000000c0)="1ad122a71df0debdb5507ac3c6ef050064a20f173a194d827b5a3beacbb65f067b2ed01518edf62cdd6ff359f7f80bac719c2756e24a1730792c7bfadaa224fbb79d37791e3737074c1cc7056ec870a44988a0b2a578d2ad", 0x2, 0x0, 0x9}, 0x50)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000580)={0x2c, r5, 0x1, 0x40, 0x0, {0x3, 0x0, 0x3f00}, [@TIPC_NLA_BEARER={0x18, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'vlan0\x00'}}]}]}, 0x2c}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r8 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x3000000, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000080)=0x2)
socket$igmp6(0xa, 0x3, 0x2)

1m37.646675966s ago: executing program 7 (id=1644):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
ioctl$TCSETA(r7, 0x5406, 0x0)
clock_nanosleep(0x0, 0x1, &(0x7f0000000280)={0x77359400}, 0x0)
write$UHID_INPUT(r7, 0x0, 0x0)
io_uring_setup(0x5f4f, &(0x7f00000003c0)={0x0, 0x804, 0x2, 0x1000000, 0xfffbfffe, 0x0, r7})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r7, 0x0, 0x1c, 0x0, &(0x7f0000000000)="dc396f0757cf3a8300af3c48d096fbe23092304501ab92a9f029620c", 0x0, 0x3, 0x0, 0xb9, 0x58, &(0x7f0000000400)="69cc74f887124819bca975ceddd4e909c58cc1bb771ca628bf9a11953b76f2a4eaef3ac7881cfeca13a4c3ed45b7373c2c110630b52634ea43df07b269ae8dfcd6515a337f90922bd5f3d026482265d9a4b9ba08da3b710d0a0b554891330d774fa06aecf1aab62d8bc58b72c30b4f034c115614310273b178954af1fd4095e777ff7b7a3987d76010fb67d27bbca2e25017c4757ed3660ce28a577ab432d26bc994cd9561edcc362e55fc61db9f7821581620a169d8df2696", &(0x7f00000000c0)="1ad122a71df0debdb5507ac3c6ef050064a20f173a194d827b5a3beacbb65f067b2ed01518edf62cdd6ff359f7f80bac719c2756e24a1730792c7bfadaa224fbb79d37791e3737074c1cc7056ec870a44988a0b2a578d2ad", 0x2, 0x0, 0x9}, 0x50)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000580)={0x2c, r5, 0x1, 0x40, 0x0, {0x3, 0x0, 0x3f00}, [@TIPC_NLA_BEARER={0x18, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'vlan0\x00'}}]}]}, 0x2c}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r8 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x3000000, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000080)=0x2)
socket$igmp6(0xa, 0x3, 0x2)

1m28.265643191s ago: executing program 46 (id=1635):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
ioctl$TCSETA(r5, 0x5406, 0x0)
clock_nanosleep(0x0, 0x1, &(0x7f0000000280)={0x77359400}, 0x0)
write$UHID_INPUT(r5, 0x0, 0x0)
io_uring_setup(0x5f4f, &(0x7f00000003c0)={0x0, 0x804, 0x2, 0x1000000, 0xfffbfffe, 0x0, r5})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x0, 0x1c, 0x0, &(0x7f0000000000)="dc396f0757cf3a8300af3c48d096fbe23092304501ab92a9f029620c", 0x0, 0x3, 0x0, 0xb0, 0x58, &(0x7f0000000400)="69cc74f887124819bca975ceddd4e909c58cc1bb771ca628bf9a11953b76f2a4eaef3ac7881cfeca13a4c3ed45b7373c2c110630b52634ea43df07b269ae8dfcd6515a337f90922bd5f3d026482265d9a4b9ba08da3b710d0a0b554891330d774fa06aecf1aab62d8bc58b72c30b4f034c115614310273b178954af1fd4095e777ff7b7a3987d76010fb67d27bbca2e25017c4757ed3660ce28a577ab432d26bc994cd9561edcc362e55fc61db9f7821", &(0x7f00000000c0)="1ad122a71df0debdb5507ac3c6ef050064a20f173a194d827b5a3beacbb65f067b2ed01518edf62cdd6ff359f7f80bac719c2756e24a1730792c7bfadaa224fbb79d37791e3737074c1cc7056ec870a44988a0b2a578d2ad", 0x2, 0x0, 0x9}, 0x50)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r6 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x3000000, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000080)=0x2)
socket$igmp6(0xa, 0x3, 0x2)

1m26.357910169s ago: executing program 47 (id=1631):
socket$nl_xfrm(0x10, 0x3, 0x6)
openat(0xffffffffffffff9c, 0x0, 0x40, 0x2b)
openat(0xffffffffffffff9c, 0x0, 0x143041, 0x0)
chdir(&(0x7f0000000480)='./cgroup\x00')
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
r0 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000540)={'bond0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x3b, 0x2, [{0x301}, {0xfffffffd, 0x80000}]}})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_STATX={0x15, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f00000000c0)='./file0\x00', 0x200})
io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000)
r5 = socket$netlink(0x10, 0x3, 0x15)
writev(r5, &(0x7f0000000100)=[{&(0x7f0000000380)="5800000014000300000000000000679abeff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff5a", 0x59}], 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0/../file0'}}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000080)={0x49de, 0x0, 0x0, 0xc003, 0x0, "ec28a144f13d7607"})
setxattr$incfs_id(&(0x7f0000000180)='./file0/../file0/file0\x00', &(0x7f00000001c0), &(0x7f0000000200)={'0000000000000000000000000000000', 0x31}, 0x20, 0x3)
mount$overlay(0x0, 0x0, &(0x7f0000000b80), 0x4008, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]})
syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')

1m25.453398384s ago: executing program 2 (id=1656):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
ioctl$TCSETA(r7, 0x5406, 0x0)
clock_nanosleep(0x0, 0x1, &(0x7f0000000280)={0x77359400}, 0x0)
write$UHID_INPUT(r7, 0x0, 0x0)
io_uring_setup(0x5f4f, &(0x7f00000003c0)={0x0, 0x804, 0x2, 0x1000000, 0xfffbfffe, 0x0, r7})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r7, 0x0, 0x1c, 0x0, &(0x7f0000000000)="dc396f0757cf3a8300af3c48d096fbe23092304501ab92a9f029620c", 0x0, 0x3, 0x0, 0xb9, 0x58, &(0x7f0000000400)="69cc74f887124819bca975ceddd4e909c58cc1bb771ca628bf9a11953b76f2a4eaef3ac7881cfeca13a4c3ed45b7373c2c110630b52634ea43df07b269ae8dfcd6515a337f90922bd5f3d026482265d9a4b9ba08da3b710d0a0b554891330d774fa06aecf1aab62d8bc58b72c30b4f034c115614310273b178954af1fd4095e777ff7b7a3987d76010fb67d27bbca2e25017c4757ed3660ce28a577ab432d26bc994cd9561edcc362e55fc61db9f7821581620a169d8df2696", &(0x7f00000000c0)="1ad122a71df0debdb5507ac3c6ef050064a20f173a194d827b5a3beacbb65f067b2ed01518edf62cdd6ff359f7f80bac719c2756e24a1730792c7bfadaa224fbb79d37791e3737074c1cc7056ec870a44988a0b2a578d2ad", 0x2, 0x0, 0x9}, 0x50)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000580)={0x2c, r5, 0x1, 0x40, 0x0, {0x3, 0x0, 0x3f00}, [@TIPC_NLA_BEARER={0x18, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'vlan0\x00'}}]}]}, 0x2c}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r8 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x3000000, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000080)=0x2)
socket$igmp6(0xa, 0x3, 0x2)

1m23.757461406s ago: executing program 48 (id=1638):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
ioctl$TCSETA(r5, 0x5406, 0x0)
clock_nanosleep(0x0, 0x1, &(0x7f0000000280)={0x77359400}, 0x0)
write$UHID_INPUT(r5, 0x0, 0x0)
io_uring_setup(0x5f4f, &(0x7f00000003c0)={0x0, 0x804, 0x2, 0x1000000, 0xfffbfffe, 0x0, r5})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x0, 0x1c, 0x0, &(0x7f0000000000)="dc396f0757cf3a8300af3c48d096fbe23092304501ab92a9f029620c", 0x0, 0x3, 0x0, 0xb0, 0x58, &(0x7f0000000400)="69cc74f887124819bca975ceddd4e909c58cc1bb771ca628bf9a11953b76f2a4eaef3ac7881cfeca13a4c3ed45b7373c2c110630b52634ea43df07b269ae8dfcd6515a337f90922bd5f3d026482265d9a4b9ba08da3b710d0a0b554891330d774fa06aecf1aab62d8bc58b72c30b4f034c115614310273b178954af1fd4095e777ff7b7a3987d76010fb67d27bbca2e25017c4757ed3660ce28a577ab432d26bc994cd9561edcc362e55fc61db9f7821", &(0x7f00000000c0)="1ad122a71df0debdb5507ac3c6ef050064a20f173a194d827b5a3beacbb65f067b2ed01518edf62cdd6ff359f7f80bac719c2756e24a1730792c7bfadaa224fbb79d37791e3737074c1cc7056ec870a44988a0b2a578d2ad", 0x2, 0x0, 0x9}, 0x50)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r6 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x3000000, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000080)=0x2)
socket$igmp6(0xa, 0x3, 0x2)

1m22.262751497s ago: executing program 49 (id=1644):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
ioctl$TCSETA(r7, 0x5406, 0x0)
clock_nanosleep(0x0, 0x1, &(0x7f0000000280)={0x77359400}, 0x0)
write$UHID_INPUT(r7, 0x0, 0x0)
io_uring_setup(0x5f4f, &(0x7f00000003c0)={0x0, 0x804, 0x2, 0x1000000, 0xfffbfffe, 0x0, r7})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r7, 0x0, 0x1c, 0x0, &(0x7f0000000000)="dc396f0757cf3a8300af3c48d096fbe23092304501ab92a9f029620c", 0x0, 0x3, 0x0, 0xb9, 0x58, &(0x7f0000000400)="69cc74f887124819bca975ceddd4e909c58cc1bb771ca628bf9a11953b76f2a4eaef3ac7881cfeca13a4c3ed45b7373c2c110630b52634ea43df07b269ae8dfcd6515a337f90922bd5f3d026482265d9a4b9ba08da3b710d0a0b554891330d774fa06aecf1aab62d8bc58b72c30b4f034c115614310273b178954af1fd4095e777ff7b7a3987d76010fb67d27bbca2e25017c4757ed3660ce28a577ab432d26bc994cd9561edcc362e55fc61db9f7821581620a169d8df2696", &(0x7f00000000c0)="1ad122a71df0debdb5507ac3c6ef050064a20f173a194d827b5a3beacbb65f067b2ed01518edf62cdd6ff359f7f80bac719c2756e24a1730792c7bfadaa224fbb79d37791e3737074c1cc7056ec870a44988a0b2a578d2ad", 0x2, 0x0, 0x9}, 0x50)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000580)={0x2c, r5, 0x1, 0x40, 0x0, {0x3, 0x0, 0x3f00}, [@TIPC_NLA_BEARER={0x18, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'vlan0\x00'}}]}]}, 0x2c}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r8 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x3000000, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000080)=0x2)
socket$igmp6(0xa, 0x3, 0x2)

1m19.051973705s ago: executing program 50 (id=1654):
r0 = socket(0x2, 0x3, 0xff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$l2tp(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x29, 0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x4e21, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xf38}], 0x1c)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4084004}, 0x10000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x4}, 0x10)
write(r3, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe020002000000000800040001000000", 0x24)
sendto$inet(r0, &(0x7f0000000280)="12f0dda7f17f60b7c78be42301125e6cb51c467f", 0x14, 0x800, &(0x7f00000001c0)={0x2, 0x4e22, @multicast2}, 0x10)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x1000)=nil, 0x1000, &(0x7f0000000080)='\x00\x00\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x4)

1m12.225364135s ago: executing program 51 (id=1655):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@ipv6_getanyicast={0x14, 0x3e, 0x20, 0x70bd27, 0x25dfdbff, {}, [""]}, 0x14}}, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
pipe2$watch_queue(&(0x7f0000000280)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0x48, 0x0, 0x1, 0x0, 0x0, 0x40000d0}, 0x20000004)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$VT_SETMODE(r3, 0x5602, &(0x7f0000000080)={0x96, 0x5, 0x6, 0x6, 0x40})
prlimit64(0x0, 0x4, 0x0, &(0x7f0000000040))
ftruncate(0xffffffffffffffff, 0x8800000)
recvmmsg(0xffffffffffffffff, &(0x7f00000034c0), 0x0, 0x700, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x578410eb)
r4 = socket$kcm(0x29, 0x5, 0x0)
splice(r4, 0x0, 0xffffffffffffffff, 0x0, 0xf3e, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
socket$can_j1939(0x1d, 0x2, 0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000001a40)=""/102392, 0x18ff8)

1m9.940197887s ago: executing program 52 (id=1656):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
ioctl$TCSETA(r7, 0x5406, 0x0)
clock_nanosleep(0x0, 0x1, &(0x7f0000000280)={0x77359400}, 0x0)
write$UHID_INPUT(r7, 0x0, 0x0)
io_uring_setup(0x5f4f, &(0x7f00000003c0)={0x0, 0x804, 0x2, 0x1000000, 0xfffbfffe, 0x0, r7})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r7, 0x0, 0x1c, 0x0, &(0x7f0000000000)="dc396f0757cf3a8300af3c48d096fbe23092304501ab92a9f029620c", 0x0, 0x3, 0x0, 0xb9, 0x58, &(0x7f0000000400)="69cc74f887124819bca975ceddd4e909c58cc1bb771ca628bf9a11953b76f2a4eaef3ac7881cfeca13a4c3ed45b7373c2c110630b52634ea43df07b269ae8dfcd6515a337f90922bd5f3d026482265d9a4b9ba08da3b710d0a0b554891330d774fa06aecf1aab62d8bc58b72c30b4f034c115614310273b178954af1fd4095e777ff7b7a3987d76010fb67d27bbca2e25017c4757ed3660ce28a577ab432d26bc994cd9561edcc362e55fc61db9f7821581620a169d8df2696", &(0x7f00000000c0)="1ad122a71df0debdb5507ac3c6ef050064a20f173a194d827b5a3beacbb65f067b2ed01518edf62cdd6ff359f7f80bac719c2756e24a1730792c7bfadaa224fbb79d37791e3737074c1cc7056ec870a44988a0b2a578d2ad", 0x2, 0x0, 0x9}, 0x50)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000580)={0x2c, r5, 0x1, 0x40, 0x0, {0x3, 0x0, 0x3f00}, [@TIPC_NLA_BEARER={0x18, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'vlan0\x00'}}]}]}, 0x2c}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r8 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x3000000, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000080)=0x2)
socket$igmp6(0xa, 0x3, 0x2)

1m2.207431895s ago: executing program 53 (id=1668):
r0 = socket(0x2, 0x3, 0xff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$l2tp(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x29, 0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x4e21, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xf38}], 0x1c)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4084004}, 0x10000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x4}, 0x10)
write(r3, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe020002000000000800040001000000", 0x24)
sendto$inet(r0, &(0x7f0000000280)="12f0dda7f17f60b7c78be42301125e6cb51c467f", 0x14, 0x800, &(0x7f00000001c0)={0x2, 0x4e22, @multicast2}, 0x10)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x1000)=nil, 0x1000, &(0x7f0000000080)='\x00\x00\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x4)

1m1.194206806s ago: executing program 54 (id=1669):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_route(0x10, 0x3, 0x0)
syz_usbip_server_init(0x2)
fsopen(0x0, 0x1)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
ioctl$VIDIOC_S_OUTPUT(r2, 0xc004562f, &(0x7f0000000740)=0x6)
accept4(0xffffffffffffffff, 0x0, &(0x7f0000000180), 0x800)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r3, 0x404c4701, &(0x7f0000000040)={0x4f, 0x0, 0x6, 0xd, 0x14, "3eccd13b83ced9e37e290010000000040100"})
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r5, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
preadv(r6, &(0x7f0000000380)=[{&(0x7f0000000580)=""/128, 0x80}], 0x1, 0x5b, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r6, 0x4008af30, &(0x7f00000000c0)={0x2})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
cachestat(r5, &(0x7f0000000040), &(0x7f0000000080), 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="38010000160033060000000000000080e0000002000000000000000000000000ff020000000000000100000000000000000a00"/64, @ANYRES32=r0, @ANYRES32=0x0, @ANYBLOB="ac1414bb000000000000000000000000000004d2320000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000050000000000000003000000000000000000000000000000050000000000000004000000000000000000000002000000020000000a000418000000000000000048000200656362286369706865725f6e756c6c2900"/229], 0x138}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)

59.957849707s ago: executing program 7 (id=1696):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40800080}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000100000aa8000000050a010300000000000000000200000a0c0002400000000000000003880004801400030073797a6b616c6c65723100000000000008000140000000ec0800014000000000140003006d6163766c616ea100000000000000001400030070696d7265673100000000000000000008000140000000041400030065727370616e300000000000000000001400030067656e657665300000000000000000000800024000000001140000001100010004000000000000000300000a"], 0xd0}, 0x1, 0x0, 0x0, 0xc000}, 0x4000001)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000780)="2e00000010008188040f80f85fcb76f5f586b9483f0000005e0c0000000000000e000a001400000002800000121f", 0x2e}], 0x1}, 0x0)

59.876261266s ago: executing program 7 (id=1697):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x3c, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000)={0x2, {0xc, 0xa00, 0x0, 0x101, 0x100}})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'veth0_to_hsr\x00'})
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00', <r3=>0x0})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000800), r4)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010026bd7000fcdbdf2507000000140002000000000000001c000000000000000000a894fb419b71217963ac0abaa38ee3fbed8410164a6b0da889676ff18099e7bef026b40cee"], 0x28}, 0x1, 0x1000000, 0x0, 0x20000801}, 0x4000000)
r6 = io_uring_setup(0x4126, &(0x7f00000007c0)={0x0, 0x0, 0x800, 0x0, 0x1000000})
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
io_uring_register$IORING_REGISTER_RING_FDS(r6, 0x13, &(0x7f0000001bc0), 0x2)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xfffffffffffffec6, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd2c, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xf}, {0x2, 0xffff}, {0x7, 0xffe0}}, [@TCA_STAB={0x0, 0x8, 0x0, 0x1, [{{0x0, 0x1, {0x7, 0xc, 0xfffe, 0x8, 0x1, 0x5, 0x200}}, {0x0, 0x2, [0xb8f9, 0x6, 0x4]}}, {{0x0, 0x1, {0x4, 0x7, 0x1, 0xc7, 0x3, 0x5, 0xffff}}, {0x0, 0x2, [0x0, 0x7, 0x3, 0x9819, 0x3, 0x2]}}, {{0x0, 0x1, {0x0, 0x0, 0xfc00, 0x0, 0x4, 0x7fff, 0x191b}}, {0x0, 0x2, [0x0, 0x5, 0x9, 0xfff, 0x1, 0x1, 0x2, 0xb29, 0x2]}}, {{0x0, 0x1, {0x6, 0x6, 0x0, 0x9, 0x0, 0x9, 0x10000}}}, {{0x0, 0x1, {0x4, 0x62, 0x3ff, 0x5, 0x0, 0x7, 0xea}}, {0x0, 0x2, [0x2, 0x8, 0x9]}}, {{0x0, 0x1, {0x37, 0x5f, 0x5, 0x6, 0x1, 0x1, 0x3}}, {0x0, 0x2, [0x7add, 0x1, 0x1, 0x58c, 0x0, 0x800]}}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x2400c8c0}, 0x4000004)
socket$kcm(0x29, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0xaa000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
r9 = socket(0x10, 0x80002, 0x0)
write$P9_RLERRORu(r8, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007ffff", @ANYRES16=r9, @ANYRESDEC], 0x52)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x80, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r9}, 0x2c, {[{@version_9p2000}]}})

59.052886999s ago: executing program 7 (id=1698):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
ioctl$TCSETA(r5, 0x5406, 0x0)
clock_nanosleep(0x0, 0x1, &(0x7f0000000280)={0x77359400}, 0x0)
write$UHID_INPUT(r5, 0x0, 0x0)
io_uring_setup(0x5f4f, &(0x7f00000003c0)={0x0, 0x804, 0x2, 0x1000000, 0xfffbfffe, 0x0, r5})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x0, 0x1c, 0x0, &(0x7f0000000000)="dc396f0757cf3a8300af3c48d096fbe23092304501ab92a9f029620c", 0x0, 0x3, 0x0, 0xba, 0x58, &(0x7f0000000400)="69cc74f887124819bca975ceddd4e909c58cc1bb771ca628bf9a11953b76f2a4eaef3ac7881cfeca13a4c3ed45b7373c2c110630b52634ea43df07b269ae8dfcd6515a337f90922bd5f3d026482265d9a4b9ba08da3b710d0a0b554891330d774fa06aecf1aab62d8bc58b72c30b4f034c115614310273b178954af1fd4095e777ff7b7a3987d76010fb67d27bbca2e25017c4757ed3660ce28a577ab432d26bc994cd9561edcc362e55fc61db9f7821581620a169d8df26965b", &(0x7f00000000c0)="1ad122a71df0debdb5507ac3c6ef050064a20f173a194d827b5a3beacbb65f067b2ed01518edf62cdd6ff359f7f80bac719c2756e24a1730792c7bfadaa224fbb79d37791e3737074c1cc7056ec870a44988a0b2a578d2ad", 0x2, 0x0, 0x9}, 0x50)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r6 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x3000000, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000080)=0x2)
socket$igmp6(0xa, 0x3, 0x2)

55.189641673s ago: executing program 55 (id=1675):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
ioctl$TCSETA(r7, 0x5406, 0x0)
clock_nanosleep(0x0, 0x1, &(0x7f0000000280)={0x77359400}, 0x0)
write$UHID_INPUT(r7, 0x0, 0x0)
io_uring_setup(0x5f4f, &(0x7f00000003c0)={0x0, 0x804, 0x2, 0x1000000, 0xfffbfffe, 0x0, r7})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r7, 0x0, 0x1c, 0x0, &(0x7f0000000000)="dc396f0757cf3a8300af3c48d096fbe23092304501ab92a9f029620c", 0x0, 0x3, 0x0, 0xb9, 0x58, &(0x7f0000000400)="69cc74f887124819bca975ceddd4e909c58cc1bb771ca628bf9a11953b76f2a4eaef3ac7881cfeca13a4c3ed45b7373c2c110630b52634ea43df07b269ae8dfcd6515a337f90922bd5f3d026482265d9a4b9ba08da3b710d0a0b554891330d774fa06aecf1aab62d8bc58b72c30b4f034c115614310273b178954af1fd4095e777ff7b7a3987d76010fb67d27bbca2e25017c4757ed3660ce28a577ab432d26bc994cd9561edcc362e55fc61db9f7821581620a169d8df2696", &(0x7f00000000c0)="1ad122a71df0debdb5507ac3c6ef050064a20f173a194d827b5a3beacbb65f067b2ed01518edf62cdd6ff359f7f80bac719c2756e24a1730792c7bfadaa224fbb79d37791e3737074c1cc7056ec870a44988a0b2a578d2ad", 0x2, 0x0, 0x9}, 0x50)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000580)={0x2c, r5, 0x1, 0x40, 0x0, {0x3, 0x0, 0x3f00}, [@TIPC_NLA_BEARER={0x18, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'vlan0\x00'}}]}]}, 0x2c}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r8 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x3000000, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000080)=0x2)
socket$igmp6(0xa, 0x3, 0x2)

54.154735298s ago: executing program 6 (id=1705):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f0000000180)={&(0x7f0000000500)={{@local, 0xd}, {@local, 0x2}, 0x400, "56ddcf66cdf7ebf8cfaf13dd1ef4d499d1060198e8e2ba1287994de0ab990a75752f08e7779f660b65f698f30468cf8096f4c88c009d2eaab0063f1aede541b9cef7ff5840ac5533ae4e629890990d79fd77b14fdb56fe58eede4dcb16c9295381859e216877895066dd0db7ec0993df8498765fb57ee59def2ea741e7dbef342b8bbdf22d2edc61916a5941fdd0b16c26af31db1c7e2ba87c462a8da87a659918740b0fd59d450950cd003b9a86e0d1fb9cccea4ad98f09509a25434ab284d55e4d2e86f79b5bff23e75d5a63fc9e3fae084e10fa7ed23096269fb8ea445400c62fa33fb5faf48b3dbf2d01994b62fa2eadf8a7c67755fda1bb5e9bb1b7130306b87e49bda26ba85c783b9d9c6db9c781fd32a0c3758022fe054628f3ecc13ee2ed933a4379f66b455a3182abac8159c000d81919a5e1a2c1b688f34fb45bfdc5a48f44dfe79a23d4307cbfcdbe4460bd64eda9f40b80aef10ce348aa48ae4c2624296a8fb6635ec2282f013da6b5d4203eed7ed9d1aa622f9d1c456741dae5a722e47f7ec6d2d4bedc68cc65022e0540f558dcfb01f8c42853057a650a86a0e68753c697fe6ef07f62a87c11de9ccd24237bfe61fb988c4f8966afcdcd0e71930aa2db964354711031111821bd2c76b3bd11bdab6c9686d0d61bcf159a795c843119cdd69005b3bfea5274889754c57a8f0d8361ca22c96538e972457c803bfb38476e99dec0a45888450a10788f604f9d3cc5e64eb23e7d5377ebb8e66b1abd8120e18d83866327eaeb1933ee537844ae12e5d155520a84a1d6fee8082f00a85a42d826c0575b7cb0dc477b453311ac81837e3ad084ebf9165d0fba07ff9a3e8ccbbaa0e0044f5e04ea023d7ee2805327bd124c4ac8ebf81008da9b481c2a032825641e40dc1059c89020ad36c170da70aee51dac7183dbfdf756b1a6bbfdfc3f4e99885134a7128bec96137384841898d62f1d95565dcfcd2ebe453b321e52c345e475ea4cff695c4153b960ac9209096a57597be143a0b773f8f311f2570171b03eeb87cd27f0291719a0c607a00cb50c354c013981f9e978fbefed316d3a859ee221a7d37296667383f8264d7cd7c722914728e8103f7ecb90bc944eeeae7d243460414dd625daaddae8572619230b911a605fb31d89c7a2d65d87ef19a8e8eec7dfc6e090cab2a3704a4a025daea101094f7cbdf816da4b8dfe8e493ac92bca4020a579e06434b4f97d74cf8198712d8e2f21030255a52ddeeffebdc46de662018c42b50e452992b4871da1dc2adb423f0affe29ec6e1bce0d50833871569b48eccb8d045b358bcc414f6077862eae843a4090026b4f6d496dfc1c0aaa9420266e580f41986fecf6c64fb10525d40421fb6204d7c9d85a2a895944554b4ee89e81e2c509f200884d9fb2216324d5a4dac3fe44bf67bf6a47d232767ed"}, 0x418, 0x7})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
close_range(0xffffffffffffffff, r0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0x541b, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
connect$inet(r2, &(0x7f00000006c0)={0x2, 0x0, @empty}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000180)=0x2, 0x4)
sendmmsg$inet(r2, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="a9", 0x1}], 0x1}}], 0x1, 0x4008440)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$vbi(&(0x7f00000028c0), 0x2, 0x2)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x640, 0x1, 0x2805, 0xd59f83, 0x19f2, 0x42, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0x2, 0xba3, 0x9, 0x0, {0x8, 0xffffffff}, 0xd0, 0x9}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
openat$ppp(0xffffffffffffff9c, &(0x7f0000001140), 0x2800, 0x0)
clock_gettime(0x0, &(0x7f0000000040)={<r5=>0x0, <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000080)={'veth1_to_batadv\x00', &(0x7f0000000040)=@ethtool_ringparam={0x11, 0x10001, 0x3, 0x8005, 0x4, 0x3ff, 0x6, 0x7, 0x4a}})
r8 = socket$inet6(0xa, 0x805, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001100)=ANY=[@ANYBLOB="1c000000030689871017010200000000030000000a00000105000100"], 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000851)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x2}}]}, &(0x7f00000002c0)=0x10)
getsockopt$bt_hci(r8, 0x84, 0x0, &(0x7f0000000080)=""/4076, &(0x7f0000000040)=0xfec)
ppoll(&(0x7f0000000000)=[{r4, 0xd9}, {r4, 0x4000}], 0x2, &(0x7f0000000080)={r5, r6+10000000}, &(0x7f00000000c0)={[0x8]}, 0x8)

53.224542247s ago: executing program 6 (id=1706):
socket$nl_rdma(0x10, 0x3, 0x14)
mknod(&(0x7f0000000240)='./bus\x00', 0x100, 0x8000013)
syz_emit_ethernet(0x7e, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60fb6809001b2f00fc020000000000000000000000000000ff020000000000000000000000000001242088a88dff000000060000"], 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x4804, 0x182)
select(0x40, &(0x7f0000000140)={0x9, 0x6, 0xfffffffffffffffa, 0x1, 0x5, 0x1, 0x9, 0x1}, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000d1", @ANYRES16, @ANYBLOB="04"], 0x14}}, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
creat(&(0x7f0000000080)='./bus\x00', 0x0)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000001580)={'vcan0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000080)="18", 0x10, 0x0, &(0x7f00000000c0)={0x11, 0xe, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
bind$l2tp6(0xffffffffffffffff, 0x0, 0x0)
connect$l2tp6(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r4, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
write$UHID_INPUT(r4, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2000037)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x1fd, 0x3, 0x0, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000005000000"])
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})

52.352977045s ago: executing program 6 (id=1707):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
setsockopt$inet_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000280)=@gcm_128={{0x304}, "fed89041ef8224dc", "be0babb6740388c83ec6538a29db0a68", "9f46da28", "8784f3d46e20b26d"}, 0x28)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000240), &(0x7f0000000380)=r1}, 0x20)
fchmod(r1, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000040)={0x8, 0x8}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x81800)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00')
pread64(r2, &(0x7f0000000080)=""/237, 0xed, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x40200)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000003c0)={0x1000, 0x5, 0x1, 'queue0\x00', 0x3})

51.679142737s ago: executing program 56 (id=1687):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x8}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
r4 = syz_open_procfs$userns(r0, &(0x7f0000000340))
mount_setattr(r3, &(0x7f0000000300)='./file0\x00', 0x900, &(0x7f0000000380)={0x0, 0x40, 0x320000, {r4}}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f00000023c0)={<r5=>0x0, @local, @multicast1}, &(0x7f0000002400)=0xc)
sendto$packet(r3, &(0x7f0000002380)="4a08a680fe90dd40", 0x8, 0x40000, &(0x7f0000002440)={0x11, 0x4, r5, 0x1, 0x1, 0x6, @local}, 0x14)
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
socket(0x10, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r8 = dup(r7)
write$UHID_INPUT(r8, &(0x7f0000001300)={0xc, {"a2e3ad214fc752f91b4847f70e06d038e7ff7fc6e5539b3f6d078b089b3b083848090890e0878f0e1ac6e7049b3367959b669a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31300d095da736cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465f41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f097e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f028dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff8f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db56c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadbbf5c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000", 0x1000}}, 0x1006)
read$msr(r6, &(0x7f0000032680)=""/102392, 0x18ff8)
timer_settime(0x0, 0x0, 0x0, 0x0)
syz_init_net_socket$llc(0x1a, 0x801, 0x0)

43.667686105s ago: executing program 57 (id=1698):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
ioctl$TCSETA(r5, 0x5406, 0x0)
clock_nanosleep(0x0, 0x1, &(0x7f0000000280)={0x77359400}, 0x0)
write$UHID_INPUT(r5, 0x0, 0x0)
io_uring_setup(0x5f4f, &(0x7f00000003c0)={0x0, 0x804, 0x2, 0x1000000, 0xfffbfffe, 0x0, r5})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x0, 0x1c, 0x0, &(0x7f0000000000)="dc396f0757cf3a8300af3c48d096fbe23092304501ab92a9f029620c", 0x0, 0x3, 0x0, 0xba, 0x58, &(0x7f0000000400)="69cc74f887124819bca975ceddd4e909c58cc1bb771ca628bf9a11953b76f2a4eaef3ac7881cfeca13a4c3ed45b7373c2c110630b52634ea43df07b269ae8dfcd6515a337f90922bd5f3d026482265d9a4b9ba08da3b710d0a0b554891330d774fa06aecf1aab62d8bc58b72c30b4f034c115614310273b178954af1fd4095e777ff7b7a3987d76010fb67d27bbca2e25017c4757ed3660ce28a577ab432d26bc994cd9561edcc362e55fc61db9f7821581620a169d8df26965b", &(0x7f00000000c0)="1ad122a71df0debdb5507ac3c6ef050064a20f173a194d827b5a3beacbb65f067b2ed01518edf62cdd6ff359f7f80bac719c2756e24a1730792c7bfadaa224fbb79d37791e3737074c1cc7056ec870a44988a0b2a578d2ad", 0x2, 0x0, 0x9}, 0x50)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r6 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x3000000, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000080)=0x2)
socket$igmp6(0xa, 0x3, 0x2)

42.841819872s ago: executing program 2 (id=1714):
openat$qat_adf_ctl(0xffffff9c, &(0x7f0000002000), 0x200, 0x0)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000140)='zonefs\x00', 0x0, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r1, 0xfffffffd, 0x0, 0x30, 0x0, @in={0x2, 0x4e23, @loopback}, @ib={0x1b, 0x0, 0x9, {"7d0300"}, 0x0, 0x0, 0x2}}}, 0x118)
write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000180)={0x7, 0x8, 0xfa00, {r1, 0xffffffef}}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
fspick(0xffffffffffffffff, &(0x7f0000000980)='./file0\x00', 0x0)
r3 = epoll_create(0x10001)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000538acc089c0e00001e5b0102030109021b00010000000009040000014b34ef000905", @ANYRES16], 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000009c0)=ANY=[@ANYRESDEC=r2, @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',\x00'])
write$vga_arbiter(r2, &(0x7f0000000100)=ANY=[@ANYBLOB], 0xb)
connect$unix(r2, &(0x7f0000000a40)=@file={0x1, './file0\x00'}, 0x6e)
shutdown(r2, 0x0)

42.80141931s ago: executing program 58 (id=1701):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
ioctl$TCSETA(r5, 0x5406, 0x0)
clock_nanosleep(0x0, 0x1, &(0x7f0000000280)={0x77359400}, 0x0)
write$UHID_INPUT(r5, 0x0, 0x0)
io_uring_setup(0x5f4f, &(0x7f00000003c0)={0x0, 0x804, 0x2, 0x1000000, 0xfffbfffe, 0x0, r5})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x0, 0x1c, 0x0, &(0x7f0000000000)="dc396f0757cf3a8300af3c48d096fbe23092304501ab92a9f029620c", 0x0, 0x3, 0x0, 0xba, 0x58, &(0x7f0000000400)="69cc74f887124819bca975ceddd4e909c58cc1bb771ca628bf9a11953b76f2a4eaef3ac7881cfeca13a4c3ed45b7373c2c110630b52634ea43df07b269ae8dfcd6515a337f90922bd5f3d026482265d9a4b9ba08da3b710d0a0b554891330d774fa06aecf1aab62d8bc58b72c30b4f034c115614310273b178954af1fd4095e777ff7b7a3987d76010fb67d27bbca2e25017c4757ed3660ce28a577ab432d26bc994cd9561edcc362e55fc61db9f7821581620a169d8df26965b", &(0x7f00000000c0)="1ad122a71df0debdb5507ac3c6ef050064a20f173a194d827b5a3beacbb65f067b2ed01518edf62cdd6ff359f7f80bac719c2756e24a1730792c7bfadaa224fbb79d37791e3737074c1cc7056ec870a44988a0b2a578d2ad", 0x2, 0x0, 0x9}, 0x50)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r6 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x3000000, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000080)=0x2)
socket$igmp6(0xa, 0x3, 0x2)

42.297218697s ago: executing program 2 (id=1716):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f0000000180)={&(0x7f0000000500)={{@local, 0xd}, {@local, 0x2}, 0x400, "56ddcf66cdf7ebf8cfaf13dd1ef4d499d1060198e8e2ba1287994de0ab990a75752f08e7779f660b65f698f30468cf8096f4c88c009d2eaab0063f1aede541b9cef7ff5840ac5533ae4e629890990d79fd77b14fdb56fe58eede4dcb16c9295381859e216877895066dd0db7ec0993df8498765fb57ee59def2ea741e7dbef342b8bbdf22d2edc61916a5941fdd0b16c26af31db1c7e2ba87c462a8da87a659918740b0fd59d450950cd003b9a86e0d1fb9cccea4ad98f09509a25434ab284d55e4d2e86f79b5bff23e75d5a63fc9e3fae084e10fa7ed23096269fb8ea445400c62fa33fb5faf48b3dbf2d01994b62fa2eadf8a7c67755fda1bb5e9bb1b7130306b87e49bda26ba85c783b9d9c6db9c781fd32a0c3758022fe054628f3ecc13ee2ed933a4379f66b455a3182abac8159c000d81919a5e1a2c1b688f34fb45bfdc5a48f44dfe79a23d4307cbfcdbe4460bd64eda9f40b80aef10ce348aa48ae4c2624296a8fb6635ec2282f013da6b5d4203eed7ed9d1aa622f9d1c456741dae5a722e47f7ec6d2d4bedc68cc65022e0540f558dcfb01f8c42853057a650a86a0e68753c697fe6ef07f62a87c11de9ccd24237bfe61fb988c4f8966afcdcd0e71930aa2db964354711031111821bd2c76b3bd11bdab6c9686d0d61bcf159a795c843119cdd69005b3bfea5274889754c57a8f0d8361ca22c96538e972457c803bfb38476e99dec0a45888450a10788f604f9d3cc5e64eb23e7d5377ebb8e66b1abd8120e18d83866327eaeb1933ee537844ae12e5d155520a84a1d6fee8082f00a85a42d826c0575b7cb0dc477b453311ac81837e3ad084ebf9165d0fba07ff9a3e8ccbbaa0e0044f5e04ea023d7ee2805327bd124c4ac8ebf81008da9b481c2a032825641e40dc1059c89020ad36c170da70aee51dac7183dbfdf756b1a6bbfdfc3f4e99885134a7128bec96137384841898d62f1d95565dcfcd2ebe453b321e52c345e475ea4cff695c4153b960ac9209096a57597be143a0b773f8f311f2570171b03eeb87cd27f0291719a0c607a00cb50c354c013981f9e978fbefed316d3a859ee221a7d37296667383f8264d7cd7c722914728e8103f7ecb90bc944eeeae7d243460414dd625daaddae8572619230b911a605fb31d89c7a2d65d87ef19a8e8eec7dfc6e090cab2a3704a4a025daea101094f7cbdf816da4b8dfe8e493ac92bca4020a579e06434b4f97d74cf8198712d8e2f21030255a52ddeeffebdc46de662018c42b50e452992b4871da1dc2adb423f0affe29ec6e1bce0d50833871569b48eccb8d045b358bcc414f6077862eae843a4090026b4f6d496dfc1c0aaa9420266e580f41986fecf6c64fb10525d40421fb6204d7c9d85a2a895944554b4ee89e81e2c509f200884d9fb2216324d5a4dac3fe44bf67bf6a47d232767ed"}, 0x418, 0x7})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
close_range(0xffffffffffffffff, r0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0x541b, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
connect$inet(r2, &(0x7f00000006c0)={0x2, 0x0, @empty}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000180)=0x2, 0x4)
sendmmsg$inet(r2, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="a9", 0x1}], 0x1}}], 0x1, 0x4008440)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$vbi(&(0x7f00000028c0), 0x2, 0x2)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x640, 0x1, 0x2805, 0xd59f83, 0x19f2, 0x42, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0x2, 0xba3, 0x9, 0x0, {0x8, 0xffffffff}, 0xd0, 0x9}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
openat$ppp(0xffffffffffffff9c, &(0x7f0000001140), 0x2800, 0x0)
clock_gettime(0x0, &(0x7f0000000040)={<r5=>0x0, <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000080)={'veth1_to_batadv\x00', &(0x7f0000000040)=@ethtool_ringparam={0x11, 0x10001, 0x3, 0x8005, 0x4, 0x3ff, 0x6, 0x7, 0x4a}})
r8 = socket$inet6(0xa, 0x805, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001100)=ANY=[@ANYBLOB="1c000000030689871017010200000000030000000a00000105000100"], 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000851)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x2}}]}, &(0x7f00000002c0)=0x10)
getsockopt$bt_hci(r8, 0x84, 0x0, &(0x7f0000000080)=""/4076, &(0x7f0000000040)=0xfec)
ppoll(&(0x7f0000000000)=[{r4, 0xd9}, {r4, 0x4000}], 0x2, &(0x7f0000000080)={r5, r6+10000000}, &(0x7f00000000c0)={[0x8]}, 0x8)

41.38877539s ago: executing program 2 (id=1718):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
r2 = syz_open_dev$vivid(&(0x7f00000000c0), 0x1, 0x2)
ioctl$VIDIOC_ENUM_FRAMESIZES(r2, 0xc02c564a, &(0x7f0000000100)={0x3ff, 0x33363248, 0x3, @stepwise={0x6, 0x3, 0xe, 0x100, 0x80000000, 0x10}})
listen(r1, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000040)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x20, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0xc2, 0x0, 0x0, 0x0, {[@mptcp=@syn={0x1e, 0xc}]}}}}}}}}, 0x0)

41.322093615s ago: executing program 2 (id=1719):
socket$packet(0x11, 0x2, 0x300)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.log\x00', 0x2000, 0x7)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00', r3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
sendmsg$nl_generic(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001080)={0x14, 0x38, 0x301, 0x270bd26, 0x25dfdbfa, {0x4}}, 0x14}}, 0x40800)

40.363969356s ago: executing program 2 (id=1720):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x60000, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$kcm(0x10, 0x2, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x20, r4, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x2805}, 0x400d5)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$KDGKBDIACR(r5, 0x4b4a, 0x0)
shmat(0x0, &(0x7f0000fec000/0x11000)=nil, 0x3000)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r7, 0x1, 0x70bd27, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x10)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r9}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x69, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffeba)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)

38.551593438s ago: executing program 59 (id=1703):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1a12224, 0x200)
setsockopt$inet6_tcp_int(r1, 0x6, 0x5, &(0x7f00000004c0)=0x2, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, &(0x7f00000001c0)="4321427ea75d52aa33a3dc36d3fb9c96b339f665927a3b1f0178426f321effc4ff1e5d1e78bc289d11672ecc")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000300)=0x2)
ioctl$PPPIOCSACTIVE(r5, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0})
readv(r5, &(0x7f00000002c0)=[{&(0x7f0000000340)=""/185, 0xb9}], 0x1)
pwrite64(r5, &(0x7f0000000100)="0265", 0x2, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
syz_open_procfs(0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x38, r7, 0x1, 0x80000, 0x1, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x1}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e23}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

37.27689952s ago: executing program 60 (id=1707):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
setsockopt$inet_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000280)=@gcm_128={{0x304}, "fed89041ef8224dc", "be0babb6740388c83ec6538a29db0a68", "9f46da28", "8784f3d46e20b26d"}, 0x28)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000240), &(0x7f0000000380)=r1}, 0x20)
fchmod(r1, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000040)={0x8, 0x8}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x81800)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00')
pread64(r2, &(0x7f0000000080)=""/237, 0xed, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x40200)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000003c0)={0x1000, 0x5, 0x1, 'queue0\x00', 0x3})

36.482938169s ago: executing program 4 (id=1727):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000140)={0xa, 0x0, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7c}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=[@dstopts={{0x18, 0x29, 0x32, {0xc}}}], 0x18}, 0x24004800)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000010a000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326625000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x8, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000480)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0xff, 0x7fff0010}]})
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r4, 0x80082102, &(0x7f0000000080))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001880)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

36.012330451s ago: executing program 4 (id=1728):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f0000000180)={&(0x7f0000000500)={{@local, 0xd}, {@local, 0x2}, 0x400, "56ddcf66cdf7ebf8cfaf13dd1ef4d499d1060198e8e2ba1287994de0ab990a75752f08e7779f660b65f698f30468cf8096f4c88c009d2eaab0063f1aede541b9cef7ff5840ac5533ae4e629890990d79fd77b14fdb56fe58eede4dcb16c9295381859e216877895066dd0db7ec0993df8498765fb57ee59def2ea741e7dbef342b8bbdf22d2edc61916a5941fdd0b16c26af31db1c7e2ba87c462a8da87a659918740b0fd59d450950cd003b9a86e0d1fb9cccea4ad98f09509a25434ab284d55e4d2e86f79b5bff23e75d5a63fc9e3fae084e10fa7ed23096269fb8ea445400c62fa33fb5faf48b3dbf2d01994b62fa2eadf8a7c67755fda1bb5e9bb1b7130306b87e49bda26ba85c783b9d9c6db9c781fd32a0c3758022fe054628f3ecc13ee2ed933a4379f66b455a3182abac8159c000d81919a5e1a2c1b688f34fb45bfdc5a48f44dfe79a23d4307cbfcdbe4460bd64eda9f40b80aef10ce348aa48ae4c2624296a8fb6635ec2282f013da6b5d4203eed7ed9d1aa622f9d1c456741dae5a722e47f7ec6d2d4bedc68cc65022e0540f558dcfb01f8c42853057a650a86a0e68753c697fe6ef07f62a87c11de9ccd24237bfe61fb988c4f8966afcdcd0e71930aa2db964354711031111821bd2c76b3bd11bdab6c9686d0d61bcf159a795c843119cdd69005b3bfea5274889754c57a8f0d8361ca22c96538e972457c803bfb38476e99dec0a45888450a10788f604f9d3cc5e64eb23e7d5377ebb8e66b1abd8120e18d83866327eaeb1933ee537844ae12e5d155520a84a1d6fee8082f00a85a42d826c0575b7cb0dc477b453311ac81837e3ad084ebf9165d0fba07ff9a3e8ccbbaa0e0044f5e04ea023d7ee2805327bd124c4ac8ebf81008da9b481c2a032825641e40dc1059c89020ad36c170da70aee51dac7183dbfdf756b1a6bbfdfc3f4e99885134a7128bec96137384841898d62f1d95565dcfcd2ebe453b321e52c345e475ea4cff695c4153b960ac9209096a57597be143a0b773f8f311f2570171b03eeb87cd27f0291719a0c607a00cb50c354c013981f9e978fbefed316d3a859ee221a7d37296667383f8264d7cd7c722914728e8103f7ecb90bc944eeeae7d243460414dd625daaddae8572619230b911a605fb31d89c7a2d65d87ef19a8e8eec7dfc6e090cab2a3704a4a025daea101094f7cbdf816da4b8dfe8e493ac92bca4020a579e06434b4f97d74cf8198712d8e2f21030255a52ddeeffebdc46de662018c42b50e452992b4871da1dc2adb423f0affe29ec6e1bce0d50833871569b48eccb8d045b358bcc414f6077862eae843a4090026b4f6d496dfc1c0aaa9420266e580f41986fecf6c64fb10525d40421fb6204d7c9d85a2a895944554b4ee89e81e2c509f200884d9fb2216324d5a4dac3fe44bf67bf6a47d232767ed"}, 0x418, 0x7})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
close_range(0xffffffffffffffff, r0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0x541b, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
connect$inet(r2, &(0x7f00000006c0)={0x2, 0x0, @empty}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000180)=0x2, 0x4)
sendmmsg$inet(r2, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="a9", 0x1}], 0x1}}], 0x1, 0x4008440)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$vbi(&(0x7f00000028c0), 0x2, 0x2)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x640, 0x1, 0x2805, 0xd59f83, 0x19f2, 0x42, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0x2, 0xba3, 0x9, 0x0, {0x8, 0xffffffff}, 0xd0, 0x9}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
openat$ppp(0xffffffffffffff9c, &(0x7f0000001140), 0x2800, 0x0)
clock_gettime(0x0, &(0x7f0000000040)={<r5=>0x0, <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000080)={'veth1_to_batadv\x00', &(0x7f0000000040)=@ethtool_ringparam={0x11, 0x10001, 0x3, 0x8005, 0x4, 0x3ff, 0x6, 0x7, 0x4a}})
r8 = socket$inet6(0xa, 0x805, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001100)=ANY=[@ANYBLOB="1c000000030689871017010200000000030000000a00000105000100"], 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000851)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x2}}]}, &(0x7f00000002c0)=0x10)
getsockopt$bt_hci(r8, 0x84, 0x0, &(0x7f0000000080)=""/4076, &(0x7f0000000040)=0xfec)
ppoll(&(0x7f0000000000)=[{r4, 0xd9}, {r4, 0x4000}], 0x2, &(0x7f0000000080)={r5, r6+10000000}, &(0x7f00000000c0)={[0x8]}, 0x8)

35.120300801s ago: executing program 4 (id=1731):
mount$9p_xen(0x0, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000000), 0x1, &(0x7f00000002c0))
syz_usb_connect(0x3, 0x2d, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000061c2f20c81403006c050102030109021b00010000000009040000018ea44300090585da09"], 0x0)
syz_open_dev$mouse(&(0x7f0000000180), 0x0, 0x2)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x84000)

33.796769074s ago: executing program 4 (id=1734):
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x72, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000002c0)=0xb, 0x8)
socket$kcm(0x10, 0x2, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x63, @loopback, 0x7}, 0x1c)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/fib_triestat\x00')
preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000040)=""/46, 0x2e}], 0x1, 0x0, 0x4)

33.242527065s ago: executing program 4 (id=1735):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x3c, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000)={0x2, {0xc, 0xa00, 0x0, 0x101, 0x100}})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'veth0_to_hsr\x00'})
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup(0x4126, &(0x7f00000007c0)={0x0, 0x0, 0x800, 0x0, 0x1000000})
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x29, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0xaa000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
write$P9_RLERRORu(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007ffff", @ANYRES16=r3, @ANYRESDEC], 0x52)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x80, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_9p2000}]}})

33.149840073s ago: executing program 4 (id=1736):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x3)
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10)
sendfile(r2, r1, 0x0, 0x20000023893)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xa6}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
recvmsg(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r2, 0x8982, &(0x7f00000000c0)={0x1, 'batadv_slave_0\x00'})
pidfd_send_signal(0xffffffffffffffff, 0x11, 0x0, 0x4)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)}], 0x1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={0x0}}, 0x0)
getsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0xcb58c9f2fa78421b}, 0x40c0080)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x2)

32.531342127s ago: executing program 61 (id=1713):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
ioctl$TCSETA(r5, 0x5406, 0x0)
clock_nanosleep(0x0, 0x1, &(0x7f0000000280)={0x77359400}, 0x0)
write$UHID_INPUT(r5, 0x0, 0x0)
io_uring_setup(0x5f4f, &(0x7f00000003c0)={0x0, 0x804, 0x2, 0x1000000, 0xfffbfffe, 0x0, r5})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x0, 0x1c, 0x0, &(0x7f0000000000)="dc396f0757cf3a8300af3c48d096fbe23092304501ab92a9f029620c", 0x0, 0x3, 0x0, 0xbb, 0x0, &(0x7f0000000400)="69cc74f887124819bca975ceddd4e909c58cc1bb771ca628bf9a11953b76f2a4eaef3ac7881cfeca13a4c3ed45b7373c2c110630b52634ea43df07b269ae8dfcd6515a337f90922bd5f3d026482265d9a4b9ba08da3b710d0a0b554891330d774fa06aecf1aab62d8bc58b72c30b4f034c115614310273b178954af1fd4095e777ff7b7a3987d76010fb67d27bbca2e25017c4757ed3660ce28a577ab432d26bc994cd9561edcc362e55fc61db9f7821581620a169d8df26965b49", 0x0, 0x2, 0x0, 0x9}, 0x50)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r6 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x3000000, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000080)=0x2)
socket$igmp6(0xa, 0x3, 0x2)

29.258006653s ago: executing program 1 (id=1749):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000078000000090a010400000000000000000100fffd08000a40000000000900020073797a31000000000900010073797a300000000008000540000000253c0011800a0001006c696d69740000002c0002800c00024000000000000000030800044000000001"], 0xc0}, 0x1, 0x0, 0x0, 0x40c0}, 0xc4) (fail_nth: 8)

29.167301758s ago: executing program 1 (id=1750):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000040)={{&(0x7f000040a000/0x800000)=nil, 0x800000}})

29.060218886s ago: executing program 1 (id=1751):
r0 = syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="1201100300000008ac051f020000f200000109022400010000ea0409040000020300000009210100f8012203000905810300000006005372486fa60047d6921b194253b7fc3873e4145dae4f875966c4527115771e765f42eacaff"], 0x0)
ioctl$COMEDI_POLL(0xffffffffffffffff, 0x640f)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x0, &(0x7f0000000240)=0x4)
r1 = syz_open_procfs(0x0, &(0x7f0000000140)='ns\x00')
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
getdents(r1, &(0x7f0000000ec0)=""/4096, 0x1000)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000640)={0x40, 0x5, 0x9, {0x9, 0x9, "d85611d785df26"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
ioctl$VIDIOC_G_SELECTION(r1, 0xc040565e, &(0x7f00000000c0)={0x3, 0x0, 0x0, {0xffff, 0x3, 0xb0c, 0x94}})
socket$nl_xfrm(0x10, 0x3, 0x6)
epoll_create1(0x0)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, 0x0, 0x4000091)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0xd8)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0)
ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, &(0x7f0000004000)={0x0, 0x0})
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f00000001c0)={{&(0x7f0000c31000/0x4000)=nil, 0x4000}, 0x1})
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000200)={0xaa, 0x50})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000})
r4 = syz_usb_connect(0x2, 0xffffffffffffff02, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xc0, 0xcf, 0xb4, 0x40, 0x1bbb, 0x203, 0x35, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9}}]}}, 0x0)
syz_usb_control_io$uac1(r4, 0x0, &(0x7f0000000040)={0x44, &(0x7f00000000c0)=ANY=[@ANYRES16=r4, @ANYRES32=<r5=>r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r7, 0x40046207, 0x0)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000008c0)=ANY=[@ANYBLOB="84010000210001000000000000000000fc020000000000000000000000000000fe80000000000000000000000000003500000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES16=r5, @ANYBLOB="000000000000000034011100ac14140c000000000000000000000000fc000000000000000000000000000001fc020000000000000000000000000000fe8000000000000000000000000000aa6c01a8000200000002000a00ac1414aa000000000000000000000000fe8000000000000000000000000000aa00000000000000000000000000000000ff020000000000000000000000000001ff020000003500000a000800ac1414bb000000000000000000000000fc02000000000000000000000000000064010102000000000000000000000000fe800000000000000000000000000032"], 0x184}}, 0x0)

28.951067358s ago: executing program 0 (id=1753):
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r0, 0x851, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10)
sendmmsg(r1, &(0x7f0000000180), 0x4000190, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0x88}}, 0x0)

28.860744088s ago: executing program 0 (id=1754):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$caif_seqpacket(0x25, 0x5, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8800)
r2 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00009c2000/0x400000)=nil)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000004c0)=ANY=[])
inotify_init1(0x800)
ioctl$sock_qrtr_TIOCINQ(r2, 0x40044900, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140)=<r3=>0x0)
sched_getattr(r3, &(0x7f0000000200)={0x38}, 0x38, 0x0)

28.245456859s ago: executing program 0 (id=1756):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000040)={r0, 0x1da, 0xfffffffffffffff8, 0x9})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_GET_TIMERSLACK(0x1e)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000240)={[0x74, 0x20005, 0x6f8d8e6f, 0x4000000000, 0x6, 0x1000000002, 0x1041, 0x4, 0xfffffffffffffffa, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x9, 0x800005, 0x6a], 0xd000, 0x1000d6})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

27.287024518s ago: executing program 0 (id=1758):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5b5d, 0x8000}, [@IFLA_LINK, @IFLA_OPERSTATE={0x0, 0x10, 0xae}]}, 0x52}, 0x1, 0x0, 0x0, 0x1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1, 0x9, &(0x7f0000000080)=@framed={{0x18, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd, @generic={0x66}, @initr0]}, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, 0x0, 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x14, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x9}}, 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f00000002c0), 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0x38, 0x0, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @empty}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x20000800)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
ioctl$SIOCX25GCAUSEDIAG(0xffffffffffffffff, 0x89e6, &(0x7f0000000340)={0xf8, 0x1})
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b0000000800", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

27.184720254s ago: executing program 0 (id=1759):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendfile(0xffffffffffffffff, r1, &(0x7f00000002c0)=0xb, 0x8)
socket$kcm(0x10, 0x2, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x63, @loopback, 0x7}, 0x1c)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/fib_triestat\x00')
preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000040)=""/46, 0x2e}], 0x1, 0x0, 0x4)

26.109766362s ago: executing program 0 (id=1761):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x800000000000000, &(0x7f0000006680))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$packet(0x11, 0xa, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mknod(&(0x7f0000000080)='./file0\x00', 0x8000, 0x66)
open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0)
open(&(0x7f0000000140)='./file0\x00', 0x4182, 0x3f00)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x3, 0x8, 0x2, 0xb}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x400d, 0x0, 0x9, 0x466}, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000040)={0x2a, 0x0, 0x4001}, 0xc)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000000)={@initdev={0xac, 0x1e, 0x1, 0x0}, @loopback}, 0xffffffffffffffe1)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405668, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r3, &(0x7f0000001b80)=[{&(0x7f0000000440)=""/87, 0x57}], 0x1, 0x0, 0x400)
ptrace$setopts(0x6, 0x0, 0x6, 0x8)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r4, 0xc018643a, &(0x7f0000000040)={0x4000000, 0x5, 0x3})

26.03232105s ago: executing program 1 (id=1762):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000840)=@security={'security\x00', 0x4, 0x4, 0x448, 0xffffffff, 0x2a8, 0x1d0, 0x1d0, 0xffffffff, 0xffffffff, 0x378, 0x378, 0x378, 0xffffffff, 0x7fffffe, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @remote}, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, [0x0, 0xff000000, 0xffffffff, 0xffffffff], [0xff000000, 0xff000000, 0xffffff00, 0xff], 'dvmrp0\x00', 'vlan0\x00', {0xff}, {}, 0x2f, 0xb, 0x3, 0x18}, 0x0, 0xa8, 0x1d0}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x2, 0x2, 'system_u:object_r:lib_t:s0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}, {{@ipv6={@private1, @local, [], [0x0, 0xffffff00], 'geneve1\x00', 'macvlan0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4a8) (async, rerun: 64)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf252500000005002900000000000a0001007751616e31000000"], 0x28}, 0x1, 0x0, 0x0, 0x54}, 0x4000) (async)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@ipmr_delroute={0x1c, 0x19, 0x1, 0x0, 0x0, {0x80, 0x20, 0x90, 0xfd, 0x1, 0x11, 0x0, 0x5}}, 0x1c}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)

25.828708113s ago: executing program 1 (id=1763):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x3c, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000)={0x2, {0xc, 0xa00, 0x0, 0x101, 0x100}})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'veth0_to_hsr\x00'})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup(0x4126, &(0x7f00000007c0)={0x0, 0x0, 0x800, 0x0, 0x1000000})
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x29, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0xaa000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
write$P9_RLERRORu(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007ffff", @ANYRES16=r3, @ANYRESDEC], 0x52)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x80, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_9p2000}]}})

25.424374044s ago: executing program 1 (id=1764):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) (async)
write$bt_hci(r0, &(0x7f0000000580)=ANY=[@ANYBLOB="1300000002"], 0x8)
r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000380)=0xdf) (async)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbb00000000000086dd610000b6773115c2b81e4227f06364bd0000083afffe8000000000000000000000400000aa000000000000008e805d00"], 0x0) (async)
r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1}) (async, rerun: 64)
r3 = dup(r2) (rerun: 64)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, r3, 0x0) (async)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0585609, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3})
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94) (async)
r5 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NLBL_CALIPSO_C_LIST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r5, 0x0, 0x70bd27, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x4) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0x50, 0x0, &(0x7f0000000000)="ff", 0x0, 0x36, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50)

25.157808906s ago: executing program 62 (id=1720):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x60000, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$kcm(0x10, 0x2, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x20, r4, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x2805}, 0x400d5)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$KDGKBDIACR(r5, 0x4b4a, 0x0)
shmat(0x0, &(0x7f0000fec000/0x11000)=nil, 0x3000)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r7, 0x1, 0x70bd27, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x10)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r9}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x69, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffeba)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)

23.408424443s ago: executing program 7 (id=1766):
r0 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
accept4$llc(r0, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10, 0x800)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0\x00', 0x800, 0xc3)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0x935, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000003000000010000000010000010c80000", @ANYRES32, @ANYRESOCT=r0, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0300000002000005020000000600000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x50)
creat(&(0x7f0000000000)='./file0\x00', 0x4)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x4440)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r4, 0xc008551b, &(0x7f0000000100)=ANY=[@ANYRES32=r2, @ANYRESOCT=r3])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
rseq(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0)
io_uring_setup(0x721d, &(0x7f0000000140)={0x0, 0x0, 0x3000, 0x3, 0xfffffffd})
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
gettid()

22.491971769s ago: executing program 7 (id=1772):
bpf$PROG_LOAD(0x5, 0x0, 0x5960116b96c0f769)
io_uring_setup(0x7, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x5, 0x8080000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000840)=0x7)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000080)=0x11)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRESOCT=r2], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='kvm_userspace_exit\x00', r5, 0x0, 0xfffffffffffffffd}, 0x18)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000600)=ANY=[@ANYRES8=r6, @ANYRES64, @ANYRESDEC, @ANYRESOCT=0x0], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2037}, 0x94)
fsopen(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r7, 0x8, &(0x7f0000000040)=0x8000002)
recvmmsg(r8, &(0x7f00000000c0), 0x0, 0x40000040, 0x0)

19.336613554s ago: executing program 3 (id=1774):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f0000000180)={&(0x7f0000000500)={{@local, 0xd}, {@local, 0x2}, 0x400, "56ddcf66cdf7ebf8cfaf13dd1ef4d499d1060198e8e2ba1287994de0ab990a75752f08e7779f660b65f698f30468cf8096f4c88c009d2eaab0063f1aede541b9cef7ff5840ac5533ae4e629890990d79fd77b14fdb56fe58eede4dcb16c9295381859e216877895066dd0db7ec0993df8498765fb57ee59def2ea741e7dbef342b8bbdf22d2edc61916a5941fdd0b16c26af31db1c7e2ba87c462a8da87a659918740b0fd59d450950cd003b9a86e0d1fb9cccea4ad98f09509a25434ab284d55e4d2e86f79b5bff23e75d5a63fc9e3fae084e10fa7ed23096269fb8ea445400c62fa33fb5faf48b3dbf2d01994b62fa2eadf8a7c67755fda1bb5e9bb1b7130306b87e49bda26ba85c783b9d9c6db9c781fd32a0c3758022fe054628f3ecc13ee2ed933a4379f66b455a3182abac8159c000d81919a5e1a2c1b688f34fb45bfdc5a48f44dfe79a23d4307cbfcdbe4460bd64eda9f40b80aef10ce348aa48ae4c2624296a8fb6635ec2282f013da6b5d4203eed7ed9d1aa622f9d1c456741dae5a722e47f7ec6d2d4bedc68cc65022e0540f558dcfb01f8c42853057a650a86a0e68753c697fe6ef07f62a87c11de9ccd24237bfe61fb988c4f8966afcdcd0e71930aa2db964354711031111821bd2c76b3bd11bdab6c9686d0d61bcf159a795c843119cdd69005b3bfea5274889754c57a8f0d8361ca22c96538e972457c803bfb38476e99dec0a45888450a10788f604f9d3cc5e64eb23e7d5377ebb8e66b1abd8120e18d83866327eaeb1933ee537844ae12e5d155520a84a1d6fee8082f00a85a42d826c0575b7cb0dc477b453311ac81837e3ad084ebf9165d0fba07ff9a3e8ccbbaa0e0044f5e04ea023d7ee2805327bd124c4ac8ebf81008da9b481c2a032825641e40dc1059c89020ad36c170da70aee51dac7183dbfdf756b1a6bbfdfc3f4e99885134a7128bec96137384841898d62f1d95565dcfcd2ebe453b321e52c345e475ea4cff695c4153b960ac9209096a57597be143a0b773f8f311f2570171b03eeb87cd27f0291719a0c607a00cb50c354c013981f9e978fbefed316d3a859ee221a7d37296667383f8264d7cd7c722914728e8103f7ecb90bc944eeeae7d243460414dd625daaddae8572619230b911a605fb31d89c7a2d65d87ef19a8e8eec7dfc6e090cab2a3704a4a025daea101094f7cbdf816da4b8dfe8e493ac92bca4020a579e06434b4f97d74cf8198712d8e2f21030255a52ddeeffebdc46de662018c42b50e452992b4871da1dc2adb423f0affe29ec6e1bce0d50833871569b48eccb8d045b358bcc414f6077862eae843a4090026b4f6d496dfc1c0aaa9420266e580f41986fecf6c64fb10525d40421fb6204d7c9d85a2a895944554b4ee89e81e2c509f200884d9fb2216324d5a4dac3fe44bf67bf6a47d232767ed"}, 0x418, 0x7})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
close_range(0xffffffffffffffff, r0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0x541b, &(0x7f0000000040)={<r2=>0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0x3c, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
connect$inet(r3, &(0x7f00000006c0)={0x2, 0x0, @empty}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000180)=0x2, 0x4)
sendmmsg$inet(r3, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="a9", 0x1}], 0x1}}], 0x1, 0x4008440)
close_range(r2, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$vbi(&(0x7f00000028c0), 0x2, 0x2)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x640, 0x1, 0x2805, 0xd59f83, 0x19f2, 0x42, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0x2, 0xba3, 0x9, 0x0, {0x8, 0xffffffff}, 0xd0, 0x9}})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
openat$ppp(0xffffffffffffff9c, &(0x7f0000001140), 0x2800, 0x0)
clock_gettime(0x0, &(0x7f0000000040)={<r6=>0x0, <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000080)={'veth1_to_batadv\x00', &(0x7f0000000040)=@ethtool_ringparam={0x11, 0x10001, 0x3, 0x8005, 0x4, 0x3ff, 0x6, 0x7, 0x4a}})
r9 = socket$inet6(0xa, 0x805, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001100)=ANY=[@ANYBLOB="1c000000030689871017010200000000030000000a00000105000100"], 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000851)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x2}}]}, &(0x7f00000002c0)=0x10)
getsockopt$bt_hci(r9, 0x84, 0x0, &(0x7f0000000080)=""/4076, &(0x7f0000000040)=0xfec)
ppoll(&(0x7f0000000000)=[{r5, 0xd9}, {r5, 0x4000}], 0x2, &(0x7f0000000080)={r6, r7+10000000}, &(0x7f00000000c0)={[0x8]}, 0x8)

18.51605302s ago: executing program 3 (id=1775):
r0 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000000)="0900bf65653f47f4020000008bd458d1e7cbdaf300000f34e7e4165f081ae36850f6d15c3e681411f7a496c0da04003c242f5bedaf6bec340dee49474362b24cb800edc500", 0x0, 0x48)
mount$overlay(0x0, 0x0, &(0x7f0000000000), 0xb2000, 0x0)
mremap(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000f00)=ANY=[@ANYBLOB="8500000008000000350000000000000085000000050000009500000000000000fed023000000c71adb30be7d75fa1f32f08a23ce3220b0cc9505d72768b8242dd90d17e4c52505756ca2b009546a0900000000000000d3df2bd87184446d165ae3939bbca322a415a98c8801000000000000800859362ed862b3c47fa8ce7c69adfd2f16af3a00000000000000000000009a317aa34f0c50f99eedac26048ab915e1be5aa845be00de14683ee4e859d65564a9c79d20e5a011e966388cd0bb39f45d6c508b8a0f7f2d48be0e2a8137c6741775428abf2ddfd2a473f5b271701e22f8cb42198906e1107fa780c435083cac323838727a606495803509f84729f3e8a2fbfb995f99b82df3b363a9cf6ba87fdfbf5a3dd0dde49b4193520e5e946687634c04000000000000bfbcd911eba0dee5e5ce6434f86fe82ee02f0e8e3173a97d85e232e584ace13387693614f3a7ef88709f4d552c7b3a7903e14dc418e58f3e98933b2c93fae25ec2dd190231e2531e1ffeff33676a4383a918cba3ad8318ea29f164563a42cdb596f255a251add2d2ae2fac0a0e7428e4bf07fc884be5721bdffe58c6a4b57014ce976ce8b9cddfa50175c53253d7659f0e88913d4fa7f37feb40337fada4363c0698510730725e23bdad60ceaeecfeeccc397565f204b82d6d4458d77a1b4abeadf350c21027d314237a9d448b82827ff3f29cc9b46c8fcfbb30d1fc18707c252b596cdbf4e77836adc1f59f9d1280333d135fdcdcee8eb817388666e02ff1b148b6bc3c283e71c0ad9c683c6bb6fea2d2d54af3ad488f0cc2e54a70c19ceac518adbe917652c34019d7478c716ab23d4a863b4dcd08d89f6cec674e9fd379d71e06357d207984e885ace8a0dbaffef403aff01d5f2f0e644b61cd8bd72a59f2d7cf67815aeb8761412d68c40dbed08b7eeda96b3856a519a71b83c19b2e8f88d92b66abec165663819a87e7cd8c082cb011051789c283eecfe08f0799f6c7023353b6d3af7177d6b56549616bfede82c598301c98b0420b1784b53238b39c0db1da864e593d45fd297e4d34e749bc737e0bcf36fd955a40124c00d40c3f21d26e6e276152412b4ef3f52dc416bb2d7463a93ee6c0b20c5749a44677a3c3a7aa9a47c7cd7bb52fbb2c8d63166f4ad1038f33258736b2224a66726f1fd4dce0eb6043a55fbdd341baba95cc5838a860068e0f3e73d992403455b03b25bd5414628d7325a6b25986666b336851d9c623c405bf608d4bd9347c83cb693aebab072be479705b0c6c9bb9728d131f8320b966898de1a16407692b57b6f7333eac0d2ed0a7a4457d9c70089fcf9aa553929a65777f3bbf6d0bdc6a11371a138c6d4b0fefc655716e4486f5c7a88e80b2fb0efb579333bef98ded75abfb982b1fb92f003a6aefb8bf25eacb848d8ed1c1162d000000000000000000000000e87dffd60f123527781805434d210bb72ac2c097c45b27dde4980bc85b43614d266a9d403c320f80646c7df8bdd1cf380000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/148, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff79}, 0x16)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r2, 0x0, 0x83, 0x0, &(0x7f0000000e40)="04d31fcd275bfc58188e699fa7c9aa904991771e83b702f3717cf38ed0e92e83ae490758991fa1174a75fa8c45db732026d3de611ffbd09b683e2f08812d695dd9b87f08711c02bb5d2cbac05022bee8aee5339fb6eba21e534e43b9960f470bf9c075368c6a7ee0b6ef641feb6967490ae07547819adcf47330679551ae2bd7009b31", 0x0, 0x947, 0x0, 0x1b, 0x4b, &(0x7f0000000000), &(0x7f0000000e00)="2fda8e7aa8d9cecae13bcbb35230d1cf1f1b23e33fcbd1aa1bea454b04650cecef80daa9a0a349a8e46d661af6e7ee8cdb5e97e738fe54"}, 0x50)
readv(r1, &(0x7f0000000400)=[{&(0x7f0000000140)=""/234, 0xea}], 0x1)
ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000100)={&(0x7f0000ff8000/0x4000)=nil, 0x4000})

18.009004907s ago: executing program 63 (id=1736):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x3)
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10)
sendfile(r2, r1, 0x0, 0x20000023893)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xa6}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
recvmsg(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r2, 0x8982, &(0x7f00000000c0)={0x1, 'batadv_slave_0\x00'})
pidfd_send_signal(0xffffffffffffffff, 0x11, 0x0, 0x4)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)}], 0x1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={0x0}}, 0x0)
getsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0xcb58c9f2fa78421b}, 0x40c0080)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x2)

17.644599348s ago: executing program 3 (id=1777):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace(0x10, 0x1)
socket$kcm(0xa, 0x2, 0x3a)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001880)={'bond_slave_0\x00'})
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, 0x0, 0x4a0f0000}, 0xc000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x300, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x157f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}]}, 0x34}}, 0x0)

16.637536851s ago: executing program 3 (id=1778):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000040)={r0, 0x1da, 0xfffffffffffffff8, 0x9})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_GET_TIMERSLACK(0x1e)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000240)={[0x74, 0x20005, 0x6f8d8e6f, 0x4000000000, 0x6, 0x1000000002, 0x1041, 0x4, 0xfffffffffffffffa, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x9, 0x800005, 0x6a], 0xd000, 0x1000d6})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

15.704160068s ago: executing program 3 (id=1779):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r1 = syz_io_uring_setup(0x2f90, &(0x7f0000000180)={0x0, 0xab7d, 0x3010, 0x2, 0x200004}, &(0x7f0000000100), &(0x7f0000000140)) (async)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f00080000000000000000850000000e000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r2}, 0x10)
poll(&(0x7f0000000200)=[{r1, 0x1080}], 0x1, 0x2) (async)
r3 = io_uring_setup(0x2ed8, &(0x7f0000000280)={0x0, 0x6842, 0x800, 0x2, 0x12})
io_uring_register$IORING_REGISTER_IOWQ_AFF(r3, 0x11, &(0x7f0000000d40), 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x2}, 0x18) (async)
r4 = gettid()
prlimit64(r4, 0x0, &(0x7f0000000300)={0x7fffffffffffffff, 0x1}, &(0x7f0000000340))
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='btrfs\x00', 0x418, 0x0)

15.632702361s ago: executing program 3 (id=1780):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000008000000006de9200095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
mkdir(0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(0x0, 0x284a40, 0x1df2a23c5997fa5f)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x2000)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x1, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x2000001}}, {0x0, 0x13}}}, 0xa0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x180)
chdir(&(0x7f0000000140)='./file0/file0\x00')
setpgid(r3, r3)
open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r4, 0x5607, 0x3)

11.50764661s ago: executing program 8 (id=1787):
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f00000040c0)=[{{&(0x7f0000000b40)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x3b}}, 0x1c, 0x0}}, {{&(0x7f0000001040)={0xa, 0x4e1f, 0xb, @private0, 0x1000}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="2400000000000000290000003200000000000000000000000000000000000001", @ANYRES32=0x0, @ANYBLOB="000000001400000000000000290000000b00000000000019000000001400000000000000290000003ef200000000000000000000300000000000000029000000040000001602000000000000c20467684fa3c20400000002c204000000040502000600001400000000000000290000003e0000004f0b000000000000"], 0xa0}}], 0x2, 0x20000000)

11.422978192s ago: executing program 8 (id=1788):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
ptrace(0x10, 0x1)
r1 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0xa, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c874}, 0x20000000)
socket(0x2a, 0x2, 0x2)
close_range(r0, 0xffffffffffffffff, 0x0)

11.376170402s ago: executing program 8 (id=1789):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r1=>0x0})
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$UHID_DESTROY(r2, &(0x7f0000000080), 0x4)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1})
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0xcd1d, 0x10100}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f0000000380)={&(0x7f0000001000)}, 0x1)
r7 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000003c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x20, 0x0, @fd=r7, 0x0, &(0x7f00000001c0)=[{0x0}], 0x1})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001000)=ANY=[@ANYBLOB="1b000000000000001c000000"], 0x48)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x3})
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
dup3(r9, r8, 0x0)
r10 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
read$FUSE(r10, &(0x7f0000000480)={0x2020}, 0x2020)
io_uring_enter(r4, 0x26c3, 0xdfffeffb, 0x4c, 0x0, 0x0)
r11 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140), 0x202, 0x0) (fail_nth: 3)
getsockopt$inet6_mreq(r11, 0x29, 0x15, &(0x7f0000000180)={@loopback}, &(0x7f00000001c0)=0x14)
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x4, r1, 0x0, &(0x7f00000003c0)="60399df9c0e8a445b1100ad3adcfae8e433f61a0002d000b09652417b47f2ccf83a775db030a717df1deb3180dc274f3bbc5376a1413122312ab7d4a5f1f0c1e171c27e6bb351e2a704f7bc2cccb05a1091502df3780fafd7300ae472b66217394e7bfec0e204288f43468b2b523abc4f33e25bb3e419997d80896d8a6bcbf1d8d200c2bb68b1977e4ac5b1acab0253a792371710cb35e07111244198d692c914a895ac2ad34345d8a77d100887a612a8edc2844916e07b9ea402efafa78d237b9f255411fb8a849077da59ede80c782f6b32ac7ef487945fc35d53a5f34bad601a39d951da81dbda2add58f4caf9f30bbbaedee9a0a995ad6f73d661ca03f7b650d09c8c78e58e9cb67d62f7e9c71f4fb38c3ce666050101a7f79e1bf180710dd8170f3a9d19ad0144df45c08273b2dbc7649997f8ced714d3f92831d856e42a5b6e2bc3b418cdfb5ed46298644b106a7c7b94c4cc1b8e1398a0be8a78696be40b63996cea465ea68d5fdd0bf7f412c507a40d4484a32bf7aac06b65a739bcdf9b1aa15454786a0d6994bf400530a372080880adbf00f99358e4ed98cce3c606fece937378f096f72ff720ac2772690796d1e10ed4d1a9c8471129a0a1da3587c0cdb185eed7b203cf1295e76177eb3d60db8aa8d2039e6ac2a324d87326b7d9da0a01ae3c4b295292f838bad9f2c326051c31c8dd605437ea8a9f888c9ddc822f8a3e85b8ab1041185e46e24f4ed9c8ba61659710d52d049096a2fca60061a848c14db59f5b43a6f59c9ec7ba6b25b78eb85b35f382aa7a5234489d99c181efb74a090d1a97020debcd4d38e7bdb7e5e544487d25bd235845236c1f4d9cc113f45c07935f1066af1445db8b85614dafea25639c4ceb06e508decb150ec4ec5d4c55544debac7239d2dc41379ce675693301cbe28586a994c54e4aa140c7222544866433ffa1b7fe8b1501ba5916f467572cb20b8328d7c6f21469e71e4ebbb78385a2d3130d60ed0ec24c7bdb6e29696a1c81a5af8855429d2c9d01b36340bd4e3386e35a7981d920845fcfead6ce4a00f11adcd41ccc3a86e4811f4d93076bbbb147150c23490bb4fa93173eaf36ba44a3c345762439c454080dee7f62ba68fe0e8361119565a4deea749b092e3fdceae540424d33bb06f44942921367db3ff1681a25c7cf6cc557bb2903978cdd3d8e8633b9b6b0446171b23f174cdf6418b681d0c162b459e9c5a82b55e66cec749031326d9860120e96a251dd1bf67f15b6f95000b5f9ec4bb44e9f4d88b190b3b1d5fd5d0cc2c15632fb1e299e8100d0d75ed5800b5381f86937d6aefc5121ae90d94b304f8db550af399f8a13b4fb0fdae099ac51d1df5516df2051db3103b35b90ca37863ef50bbd6a37e3b5983db4841b60e61e0995ced74c7c923266e548c5ced145f4440cdace1e2d1cb3a0ddcd18947493cd6b13fc31a790a881b6aa9e4dacb01bf6b5eb801cde9b34e1642707780639b22d3837f8e6f9ef7f666a901b3478a75564a000384803c2e7b1b0f819d6ec938c8d76865dff3cf41c84d68dd05c3320e7962c07475fe733b5a1640efcb7cd1bec54d7016ccfc8a47e5616982e7a2c28e1a68fb8ea7078a4c16658152545ede6c1c8dc0717ab257a1c3841be0dde023f539350644e700cec390f1aa147fdcad317e40ec0ad238033f5d75666f6152fdc0b4d2eabc72bd557144bbd7525fa987c9a40b62cd9967ab524fb6164e5254e8ce68758c6d823e1f42f26b78e5018bfdeb5d3f878d7d80ea1c4ca2af160c6500df66cc7ae6b0d11fdbd69648c29df2a02d0f7bc4297efdfc87623a81824f9daaff7bc952206009b8ebef74d6e3e23e07fc32957a2ea52594a76931acd911409bbd94a827ac52573fba2d2a727de4ecb6c01dee68920bca7d3adbe800b091ae1b977a959a10d32804c41bf8c32498193583d0adf37bc31e2fe7264d82e53a08b1282009eab6564cdb723d1007f862cfd9d3a870c2497d4e503adef9624f01a962033f583e30b60edb78d840381bf65e8380722f025cbf9a91073c5ec483fde217499c82870426f529770c54b6f2d87e5e13ebf9708717f573b3d71283205572d0604fa62b4c37be857d12b6a871bde755f32d073948b26c33f8ce0b77b3036061cdb78955eabd2e6284055dafbc8cf9be00949fec017a2e3c0ea0e8b032d031a5a525ead0ce1c18f59ec2b2ea7e3158376f1d99bea48e520fd69e00af0c9ceee17f6022e5350549a4cf00ed0df51bc84efd9e2d0415201a2163e09b7ffedad20116055ebb1474ed9b4875e9c4d23ad8f7576d2bd45d2b4d338ddf85a2a7fe641af4ee2f66f449add27efd69bef9669ea3d4fba3897825f444d1d8e712bb40ed452f1ea87447caba7dcc56ee7affbdcbe12bdaa8bd1e238650a3c5411e3ddf296cfce332a3785a33d5eb1e7d4d8fffcea0dc960d995301b03d0ed976d79e959a0d787ce787178fa14189185965d77f34dfecee1018a5ff8f6049012e978552e1dd8e29344c2148802fc4e97820f78fb191e00ea4942723c16ec0fa6bcd100e89b972d27f5b5fbfcf9f81c9773a0fdc57fb4ab088b76936c86a4554d9003dd21926a0e4a90641e3ae95014116e5b09799d93fbfe7af62b5f065f172b003195b1ba8b5c91913b5e73ff5f8f9295e1cf17aff1092ca873a117075fd83f66c146fe4d87320c04c3467e4382201b56884e606604d89695d0b1add543bb0aa42d03a015c377c2350dbd064af72fb4b65f6a7f6ae621e873b801147f559b4569f0caed9625bc075b99147284a6b9c8965b75614ac3daad6ae67978a1afb39a0628897b0f6c1e580c3efa0dc237b1fe06e3a6d6e6eb5e93f310566dfdb20827ba86781e1371e452d40ceb4da08398939498de3d6614fbe2b900cbbd9886c22adfb1dd9a7fa2e6295a8ba1d4c397a15b15ea58f6d9ca56b43077354328277944d989082acb84bf1dbd5ef28bb457dfcfc4bbe24280d54a81ef2b8ad16a6630db9cae811f96790c815d26c9118756a4e216d9012191b3d54b61a8de3244e96e0aa5b2f4e961f25fb6298a452070f38af6e759d6ca754f50cdf65da8777bad622b1c10473c786c1706f9e6354bfad5529bd9f5d9889fefa65813870f5f2c78f0e7b4a3fc9a80db3c1da9caf6ead906a427928d9e4a530d08794d3e4de7ab52af03f30631b71089b6c10cbf71469091764f79ac9263b84f2646ef8e8e3e4adfb62319bae27b29e8d5e5d87fbbfe3ab310ffd7b6632620c12c7024b6455047ecd7aa87628b650d3448262a4ea3f91c4a6e9703dfbec7a83903bfce8a96b5a5b12f0ed4ff4409ce5188df35b961496bb9bd1f92417c46199a65b0981d47f890447ab93829e9f01b63688f4403a39ddda90dc2db05a99a2d975345d3df52dffd96fd61b327c19cc8beebcb015d95d83a5180e1bba388649e1cfaeb2cccf6cbd4c6311afab48b79348399f132148881c78fced0861599e4c0646a91fd25453bab020052dd6fb79403ec81379371fb0ebeac1b96c973bbac9b99f7d4814ad1fe3aa1361af8d98bebd195191d3c93bc9179db7df59c316697cbf9204ca1ce5d569a5b9c1a7c7d4ca82720115b54ac84d9256a947c82843a5d615bc1499de9943b53d6088ae09293f95becd888094938c9f701b57df5fcd3c638d7e1a30c93b755a8dfe464cf8d5abe33c6910feeb88868ed57bf25f27bc63af52cf57bff9c275f0b63e177961a5f9fc80ded39cd836af87c28e81f4206574005174621800fc14c149fc3dd74b8a0194d13c0add175a42667aef2035c1c2e9b571f732c323690be0fb3965a6ac3ce43e94d2ab83a2f58ab23a48605c6ecf70c4e8f05792cccf5e2f8086b5b7f1735205ddcf5b7b8c636dc825fe4172bde914947d937e2e071a44fe81ca6c159ce6d2d9efb40216ec66b52e1b5981d64cfa4012b22631f6ae50b283eec068a15e37deef3d2f01a32d70a483bece766105605dc97dd7834d2540ba152264249107f1ecb289d696b0484c46d31f80d9b187eecf706546615b65730d42ca605a87437a3f44fffa8ee528dea57e72f1f5e1151f1030d5a0d809e7ce6d338a38ac8e0e4f6f023cb02ddebab9a52122c53c92e09408060f47e11f002d3b2e553c36f81dd7b64844d3d70603408dd968336c7bd2370585240c38f38783b59e796bdc6f2a025fcfceffeb8d5a38ffc77ccc3389be709d7de5f0db2d57217e8ffae6dbe2fa0dd127fa70e598cd05ac39bf5cb366118b152c7b122c9870ba634638fc1a74eed6b5a0833a449307649ee9168fe6264d2230b3a99d66cee5592402922c092c1e048d894c5239523f366d2b80dbc9cafbfc83e535e64ed3f8812b55a3c3fb4d5c7ea19c929150ba6dd62ca4d6dcd1bcccc1bba552061faa5e682ff0e7812f674946abe8c2f6192b962e8aabf9aaba1e9eacf6fed704c4aacbfd474b383499bcb5e0a28332ea5523d13461c4dcd200d4d1b42585be51490b77fe6ee382aa7346bb1f29c7d397c875b28ccdab49ac1c96c5593b43c65f04a042789b1ad7af7f65507e1b41ee340b237c0d128b196cca042c8eb2b19e26bee44fd028b6059346942fb86d1d5bb88cb36307a8411d7bdafc486f0d229b5d89e694e1c7f635fc34fff0121fe66886f044f3b221de365832dc37d78c2797b5fe68fd13449a227b3692623161c585542109c46f0c5f4af38977fc8ec97579a3e405219d66edb13692ba3d4e0261b49161db3765495053e535b83671131f2f10bf58d5b1d5ad6f42f16da29e9baa59541c0c1114974b4a69577c618a585e0ef3edc77b49b2786b624b18557d9c342dd8a7f11b7081061aaf969f1d13aa1f5bb5387b648c498428016308c6bd66af5b55029257bed28e635b5bfb358b908e0d35f22de8c0cf970ca4345f10049e3a3e55442c7fe8f70d0ccc90958461aff0e2c73df2f2e9419cc3c5fad9539b90ef61cb05799df5f24a7b4125262838be7c643cd88ce09f35fe7d5473f8d4feb852f673638d2621bb2f2aa2780737f59843f3a07977c7a8519a4912c85cdf96a65a26824258a0fddac0665605f503ffaf46b56082792b42ff074526d68485ceb5c3e65f3bb20aced62549659ca446537a7e74e129d2969bac824c6e59248fec11965974a4c7bc749bec3d56683f90d2514448c022026636162a7854957680ee13a5b148462cfee9743354342d4715d962d21a7cab9f7346c524c916fcf21dbeaf3cb1ac6fa65290312061fabd30ca8263b8b57b0061fa87aeb90f92c2a541e17452842760895c736bc941c6c2d30c0702753e0200102ac7332f42a689467626e4e1db37ea0f2754ad1d6ec49acc8d79204e40abd67d770cd874f5ef88e145510091132cb28b19ad4a7eaa9aea385110427fb1fa13a606c23c92deaa07c88652368678fec3f585d9336a061417f4ea91474580e5679228c9b3e054adea35ad701c0bff4213e680d3831d8220231ef493f151216f45d093d1c50c227e648db7653ae20464251c85b779e2db7e4a91fb1b14a84b58dca2db010ebe6873e9cb71f197d7996ac9e6727395611d01cc920549648d49964d68ca64d62569e6ef6a95173b16637c57e304bd971909ffcf336330dddf4d70044458273ea062526860cf652cbc0cd287127591d2f922670e242f9a3f834672efdcd20eebd72b8ddf1850a93c304ee6f41c80abcd4eded845a65a20463f9613b34f9b70d8d61ed2cc618af4287ca4433d2e3b499a3cd050eabd6cd6e00ec6065a9a4be8445722defafb3df04b80d5f627938efdd0495f6f3f8b2935", 0x1000, 0x100})

10.749827151s ago: executing program 64 (id=1761):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x800000000000000, &(0x7f0000006680))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$packet(0x11, 0xa, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mknod(&(0x7f0000000080)='./file0\x00', 0x8000, 0x66)
open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0)
open(&(0x7f0000000140)='./file0\x00', 0x4182, 0x3f00)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x3, 0x8, 0x2, 0xb}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x400d, 0x0, 0x9, 0x466}, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000040)={0x2a, 0x0, 0x4001}, 0xc)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000000)={@initdev={0xac, 0x1e, 0x1, 0x0}, @loopback}, 0xffffffffffffffe1)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405668, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r3, &(0x7f0000001b80)=[{&(0x7f0000000440)=""/87, 0x57}], 0x1, 0x0, 0x400)
ptrace$setopts(0x6, 0x0, 0x6, 0x8)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r4, 0xc018643a, &(0x7f0000000040)={0x4000000, 0x5, 0x3})

10.452792766s ago: executing program 8 (id=1791):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
accept4(r0, 0x0, 0x0, 0x800)
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)

10.395384002s ago: executing program 8 (id=1792):
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b00)={0x84, &(0x7f0000000780)={0x40, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, &(0x7f0000000580)={0x24, 0x0, 0x0, &(0x7f0000000500)={0x0, 0x22, 0x1, {[@global=@item_012={0x0, 0x1, 0x8}]}}, 0x0}, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_dev$dri(0x0, 0x9, 0xe4100)
socket$inet6(0xa, 0x2, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x52, &(0x7f0000000100)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0xdf, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x40, 0x1, 0x1, 0x9c, 0x10, 0x3, [{{0x9, 0x4, 0x0, 0x3, 0x3, 0x2, 0x6, 0x0, 0x5, {{0x5}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x9, 0x1, 0x4, 0x7}, [@call_mgmt={0x5, 0x24, 0x1, 0x2, 0x7}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x400, 0xfd, 0x9, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x83, 0x1, 0x4}}}}}]}}]}}, &(0x7f0000000a40)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x110, 0x6, 0xd, 0x6, 0x10, 0x5}, 0x8, &(0x7f00000001c0)={0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}, 0x5, [{0x17, &(0x7f0000000240)=@string={0x17, 0x3, "0391adbd1121772b58b671698bfe03c66995eb3af9"}}, {0xbf, &(0x7f00000003c0)=@string={0xbf, 0x3, "318957ccefd8c6325e08efeabfc6e9db5f6b37116531f365fc633d16cbda6ae8abacac9128e9c6309ca6628a50047c1d4b03ae15efbad39107b52729ec23e1c8d0530756476e6c191809fd3a17c5d73d9dc04305b9de2ced75f8bbbdff2e855da658b8219bf1491154b8d2a54ee7b26913e325d8dc68383fc8f850b5dcc96b45735a2f8be3a882c25077ecb3e2a351d6128aa124d8c159a81883e75f0436befc897cf94f2ff72941a17d60068c077c32f4dd2440d0a90ef7152127eccd"}}, {0x102, &(0x7f00000005c0)=@string={0x102, 0x3, "911000a237b9b68aebad1e719fce68b12870982f2f6c7fb7692126e971029dcf78570caa23dc25104d2f1a145b5330814a7f735996db9d4354ed2df0c8560fdb49d593af2e04209cbab04ba02e2bc4ea080a1c2e0f4cfdac0a5cc3fa6ecfc5b61b7d75344799500147b51d092202004e74644b85bdc014799b91d10efa91eddacb7fae153f04bbf7309cfc49d317919f8dfd8d30890516c730f7899e99eb76d91dc8832dfff19a483e15001bf4bf84b4724919674cd08966e50296db5ea3eef43e8b1dca15612fd0e780bf72721b1248e5eefd26b77a131439b274ed9d89bbc317a5ec8cc5d59133e84be0692208a33838996e10e1ba741df36ec653c6eb00c6"}}, {0xc1, &(0x7f0000000940)=@string={0xc1, 0x3, "d0c5a4b1430fe0821f716c4e0b1000de20f1562d38083149419ed9d90fdd3af572ca39b9ff48fae85504f81fdf0a7f28c83a3155d733f2e3f49a8ac5219fd8163f9d50afe47a846fd15286f101bebed6409ea41c3976caa1984ba03b3035de87f7a64de141df188bd90fcbe9df168f88d06245c367dcce5c904d267214f3a5e0dbc052c236adb2483953485e43567eb2dba899a63229e484e39d481bf65aed66f7bb631eb61bb65088744ae2112e2eb52065eefd8655e0db85dc6b30600472"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x40f}}]})
syz_usb_ep_write(r0, 0x81, 0xffffff75, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feadec2ea95f65bba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e4800448aab0000000000000d75f34bb50d8d7084")

10.376569215s ago: executing program 65 (id=1764):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) (async)
write$bt_hci(r0, &(0x7f0000000580)=ANY=[@ANYBLOB="1300000002"], 0x8)
r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000380)=0xdf) (async)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbb00000000000086dd610000b6773115c2b81e4227f06364bd0000083afffe8000000000000000000000400000aa000000000000008e805d00"], 0x0) (async)
r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1}) (async, rerun: 64)
r3 = dup(r2) (rerun: 64)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, r3, 0x0) (async)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0585609, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3})
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94) (async)
r5 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NLBL_CALIPSO_C_LIST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r5, 0x0, 0x70bd27, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x4) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0x50, 0x0, &(0x7f0000000000)="ff", 0x0, 0x36, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50)

8.523578957s ago: executing program 5 (id=1794):
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x4000800)
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0x40103e05, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x1, 0x84)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000240)=0x3)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f00000000c0))
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x14, 0x0, 0x1, 0xfffffffc, 0x25dfdbf8}, 0x14}}, 0x2000c050)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x5, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, 0x2}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x8924, 0x20001116)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000000100004114000200626f6e64300000000000000000000000090001"], 0x40}}, 0x0) (fail_nth: 3)

8.424254366s ago: executing program 8 (id=1795):
openat$kvm(0xffffffffffffff9c, 0x0, 0x2200, 0x0)
r0 = socket(0x2, 0x3, 0xff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$l2tp(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
socket$kcm(0x29, 0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x4e21, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xf38}], 0x1c)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4084004}, 0x10000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x4}, 0x10)
write(r3, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe020002000000000800040001000000", 0x24)
sendto$inet(r0, &(0x7f0000000280)="12f0dda7f17f60b7c78be42301125e6cb51c467f", 0x14, 0x800, &(0x7f00000001c0)={0x2, 0x4e22, @multicast2}, 0x10)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x1000)=nil, 0x1000, &(0x7f0000000080)='\x00\x00\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x4)

8.268700778s ago: executing program 5 (id=1796):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={0x0, r1}, 0x18)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
keyctl$read(0xb, r4, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r5, &(0x7f0000000740)={0x1f, @none}, 0x8)
fcntl$dupfd(r2, 0x0, r3)
accept4(r5, 0x0, 0x0, 0x80800)
openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x0, 0x0)
recvfrom$netrom(0xffffffffffffffff, &(0x7f0000000000)=""/255, 0xff, 0x40000003, 0x0, 0x0)
madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

8.150835332s ago: executing program 5 (id=1797):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x5, &(0x7f0000006680))
fanotify_init(0x4, 0x2)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, 0x0, 0x0)
kexec_load(0x0, 0x1, &(0x7f0000000180)=[{0x0, 0x140, 0x40000000, 0x41000000}], 0x0) (fail_nth: 3)

8.01940623s ago: executing program 6 (id=1793):
bind$packet(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000280)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
getpid()
preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f00000009c0)=""/239, 0xef}], 0x1, 0x2, 0x0)
ioctl$BTRFS_IOC_ADD_DEV(0xffffffffffffffff, 0xff08, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f00000000c0), 0x492492492492627, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0xc3ff, &(0x7f0000000180)={&(0x7f0000000140)=@dellink={0x20, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, 0x1480, 0x2104}}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)

7.204118513s ago: executing program 66 (id=1772):
bpf$PROG_LOAD(0x5, 0x0, 0x5960116b96c0f769)
io_uring_setup(0x7, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x5, 0x8080000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000840)=0x7)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000080)=0x11)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRESOCT=r2], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='kvm_userspace_exit\x00', r5, 0x0, 0xfffffffffffffffd}, 0x18)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000600)=ANY=[@ANYRES8=r6, @ANYRES64, @ANYRESDEC, @ANYRESOCT=0x0], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2037}, 0x94)
fsopen(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r7, 0x8, &(0x7f0000000040)=0x8000002)
recvmmsg(r8, &(0x7f00000000c0), 0x0, 0x40000040, 0x0)

7.160711023s ago: executing program 5 (id=1799):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f00000040c0)=[{{&(0x7f0000000b40)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x3b}}, 0x1c, 0x0}}, {{&(0x7f0000001040)={0xa, 0x4e1f, 0xb, @private0, 0x1000}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="2400000000000000290000003200000000000000000000000000000000000001", @ANYRES32=0x0, @ANYBLOB="000000001400000000000000290000000b00000000000019000000001400000000000000290000003ef200000000000000000000300000000000000029000000040000001602000000000000c20467684fa3c20400000002c204000000040502000600001400000000000000290000003e0000004f0b000000000000"], 0xa0}}], 0x2, 0x20000000)

7.041405178s ago: executing program 5 (id=1800):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x10)
close(r0)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r2 = fanotify_init(0xf00, 0x0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r2, 0x455, 0x40000008, r3, 0x0)
fanotify_mark(r2, 0x41, 0x8000038, r3, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00')
pread64(r4, &(0x7f0000000080)=""/237, 0xed, 0x0)
r5 = getpid()
r6 = syz_pidfd_open(r5, 0x0)
read$FUSE(r0, &(0x7f0000000400)={0x2020, 0x0, <r7=>0x0}, 0x2020)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000140)=<r8=>0x0)
write$FUSE_LK(r0, &(0x7f0000000180)={0x28, 0x0, r7, {{0x8001, 0x470, 0x2, r8}}}, 0x28)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x200000, 0x0)
r10 = syz_open_dev$mouse(&(0x7f0000000200), 0xe87f, 0x2)
recvmsg$can_j1939(r10, &(0x7f00000037c0)={&(0x7f0000000280)=@l2tp6, 0x80, &(0x7f00000039c0)=[{&(0x7f0000002440)=""/250, 0xfa}, {&(0x7f0000000300)=""/41, 0x29}, {&(0x7f0000000340)=""/29, 0x1d}, {&(0x7f0000002540)=""/4096, 0x1000}, {&(0x7f0000003540)=""/139, 0x8b}, {&(0x7f0000003600)=""/43, 0x2b}, {&(0x7f0000003a40)=""/254, 0xfe}, {&(0x7f0000003900)=""/183, 0xb7}], 0x8, &(0x7f0000003800)=""/233, 0xe9}, 0x10001)
io_uring_enter(r4, 0x3716, 0x69c7, 0x13, &(0x7f00000001c0)={[0x825]}, 0x8)
splice(r1, &(0x7f0000000080)=0x10001, r9, &(0x7f0000000100)=0xa5, 0x2, 0x3)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r6}})
creat(&(0x7f0000000040)='./file0\x00', 0x10) (async)
close(r0) (async)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async)
fanotify_init(0xf00, 0x0) (async)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) (async)
fanotify_mark(r2, 0x455, 0x40000008, r3, 0x0) (async)
fanotify_mark(r2, 0x41, 0x8000038, r3, 0x0) (async)
syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00') (async)
pread64(r4, &(0x7f0000000080)=""/237, 0xed, 0x0) (async)
getpid() (async)
syz_pidfd_open(r5, 0x0) (async)
read$FUSE(r0, &(0x7f0000000400)={0x2020}, 0x2020) (async)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000140)) (async)
write$FUSE_LK(r0, &(0x7f0000000180)={0x28, 0x0, r7, {{0x8001, 0x470, 0x2, r8}}}, 0x28) (async)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x200000, 0x0) (async)
syz_open_dev$mouse(&(0x7f0000000200), 0xe87f, 0x2) (async)
recvmsg$can_j1939(r10, &(0x7f00000037c0)={&(0x7f0000000280)=@l2tp6, 0x80, &(0x7f00000039c0)=[{&(0x7f0000002440)=""/250, 0xfa}, {&(0x7f0000000300)=""/41, 0x29}, {&(0x7f0000000340)=""/29, 0x1d}, {&(0x7f0000002540)=""/4096, 0x1000}, {&(0x7f0000003540)=""/139, 0x8b}, {&(0x7f0000003600)=""/43, 0x2b}, {&(0x7f0000003a40)=""/254, 0xfe}, {&(0x7f0000003900)=""/183, 0xb7}], 0x8, &(0x7f0000003800)=""/233, 0xe9}, 0x10001) (async)
io_uring_enter(r4, 0x3716, 0x69c7, 0x13, &(0x7f00000001c0)={[0x825]}, 0x8) (async)
splice(r1, &(0x7f0000000080)=0x10001, r9, &(0x7f0000000100)=0xa5, 0x2, 0x3) (async)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r6}}) (async)

6.859679061s ago: executing program 5 (id=1801):
r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x7c4, 0x0, 0x0, 0x12, 0x8, "29be52e60212d5e896a2991fd094e8b320eb47aaa3466730c45f7de12c934cde356380907238653b4595d608a2abb368de4b77b1350ddc191edbabfc6830cf44", "915dc2052b6a3c739849941aafd5a6d3cb75360db1449038a01931113bdd3b43ce2a549de39ef4adf80b5966f15c3b8a170936ae045cd76a42490638bfe56ea8", "1919b9499d7cade7f511060958159a7ff8f9a66741149694ebc840e2f28b70d3", [0x7, 0x8]})
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000140)={<r1=>0x0, 0x4e, "3d086bbc36abaca4e9b072b8879bd3971afb6275d38cef1e57ef6a96e2a5bb7553a58b04961fd9ba73a969d7e0ac83621ae85ab3e8e3849cb2823504f8c4d023cc5c6d65b9a70f5ad2f404bf731a"}, &(0x7f00000001c0)=0x56)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000200)={r1}, &(0x7f0000000240)=0x8)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r2, 0x4068aea3, &(0x7f00000002c0)={0xed, 0x0, 0x1})
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000340)={r1, 0x7, 0x20, 0x6, 0x1}, &(0x7f0000000380)=0x18)
r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
write$FUSE_BMAP(r3, &(0x7f0000000400)={0x18, 0x0, 0x0, {0x9e}}, 0x18)
r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
fstatfs(r4, &(0x7f0000000440)=""/174)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r2, 0x0, 0x57, 0xe3, &(0x7f0000000500)="a5d6aab35828755ac01c565f40e0720baa207cd2ce8f0f8d623f237a1237ab4f7052180eaa415f368f8868a7e0d05e20d3bc816adfef69c210c2c0e6910b191c1e7d0d6f15318b8dd76628d31176fd7fc3f90ce89b4bc6", &(0x7f0000000580)=""/227, 0xc, 0x0, 0x3f, 0x64, &(0x7f0000000680)="20d7971e0f3785dba0a29b7dd149bfe5561731fc2099861d3d32b4219a344bd4d55acb4ccfbf48be1fce51b79704f58d2cfc20a3a070742d40d86ef116fa98", &(0x7f00000006c0)="d0e25e6d42358399719b039fe8ecc730801ba4a86b27a7f8bbf41474219a2d0f739fdd10cac30419e6c61f79780952a8ae41cf2cf85e0ba1260efa95420838bc31344795600bd0871a186555794d2151a4d59067179497e7615e2bc8f156d9842dc0f38d", 0x0, 0x0, 0xfffffffa}, 0x50)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f00000007c0), 0x20000, 0x0)
bind$unix(r5, &(0x7f0000000800)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000b40)=[{{&(0x7f0000000880)={0xa, 0x4e23, 0x3ff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}, 0x1c, &(0x7f0000000b00)=[{&(0x7f00000008c0)="7b76c26e99ddb3568617f8ad88b4e985cb598ad4e47475a762eb2eb3faffc6be932d0c51fd5bfa50d71d6da508cd1f209fca71a32cf8ba030f65594cdcc603dd1e6d8006d50d614963a8cc478a21e6e5c873418931f5fb6f84f1c001b65dadcc653f2d11564574f15d4f59d61752d5fe88a43f572e5c7c4d16f3f73b9093ffc8fddeb6eaecd6e66e0b50bd9ba220fd1d7fbb6d5cb97d", 0x96}, {&(0x7f0000000980)="370f6ec36a9147c111c8360e85a62994f9e7caee955bf8fc000f890a7622d884d59b800ae8f851ec7894fb48483a019603eb4cda77546aad919298a6a6f99e1cf813848e8d52843e6dcbf66b1ff55a52446594ef7b323790dd11b2c30365809461b2fd608e861796a201ba2675d6320e4fb23bae1df68d76ed826d8e16af81e595a55becab2ffbbc76a8fa26fd831fe8c122be3b63a7a68ff14ee00d7ec6da3f41df7d68c9b3b12bb8e78f213967d0349af330b2049915531ced44ffe1f6fc94293b6f2a06932ad51d5fbc587116d207a300f78791fd4f68e31076d13b9b", 0xde}, {&(0x7f0000000a80)="6ff35d349008b2aa3e73a30232d61862c2b7834eb2ce1ab476bbe07903e38eaff12e0fcf61d68c70d267f4b42ecb34c1957db1f9ed2ab95d14681ffa4dd6a9af9e9036153d53b4f11484aba4a4324b23b3ab4acded1238b398", 0x59}], 0x3}}], 0x1, 0x4008800)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r2, 0x84, 0x65, &(0x7f0000000b80)=[@in6={0xa, 0x4e20, 0x4, @mcast2, 0xe}, @in6={0xa, 0x4e24, 0x1, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x5}, @in6={0xa, 0x4e22, 0x2, @empty, 0xc}, @in6={0xa, 0x4e20, 0x4, @local, 0x1}, @in6={0xa, 0x4e21, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x11}}}, @in6={0xa, 0x4e22, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, @in6={0xa, 0x4e24, 0x5, @dev={0xfe, 0x80, '\x00', 0x33}, 0x7}, @in={0x2, 0x4e23, @broadcast}, @in={0x2, 0x4e22, @loopback}, @in6={0xa, 0x4e20, 0x7ff, @mcast1, 0x4}], 0x100)
socket$netlink(0x10, 0x3, 0x0)
getsockname(r4, &(0x7f0000000c80)=@in={0x2, 0x0, @loopback}, &(0x7f0000000d00)=0x80)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, &(0x7f0000000d40)={{0x1, 0x1, 0x18, <r6=>r5, {<r7=>r4}}, './file0\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001f80)={0x19, 0x22, &(0x7f0000000d80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@alu={0x7, 0x0, 0xd, 0xa, 0x1, 0x8, 0x8}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000001}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000ec0)='syzkaller\x00', 0x3, 0x1000, &(0x7f0000000f00)=""/4096, 0x41000, 0x60, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f0000001f00)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000001f40)={0x1, 0xa, 0x6, 0xfffffcc5}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffff800}, 0x94)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x104, &(0x7f0000002040)=0xd17, 0x0, 0x4)
mount(&(0x7f0000002080)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='coda\x00', 0x804808, 0x0)
ioctl$TIOCGPGRP(r6, 0x540f, &(0x7f0000002140)=<r8=>0x0)
sched_setscheduler(r8, 0x2, &(0x7f0000002180)=0x1ff)
ioctl$AUTOFS_IOC_EXPIRE(r6, 0x810c9365, &(0x7f00000021c0)={{0x4, 0x4}, 0x100, './file0\x00'})
r9 = syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000002300)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0xff, 0x738, 0x1709, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x6, 0x10, 0x1, [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x3, 0x1, 0x2, 0xe5, {0x9, 0x21, 0x5, 0x8, 0x1, {0x22, 0x26}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0xe3, 0x9, 0x4}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0xb, 0x6, 0x2}}]}}}]}}]}}, &(0x7f00000029c0)={0xa, &(0x7f0000002340)={0xa, 0x6, 0x200, 0x4, 0x4, 0x3, 0x40, 0x2}, 0x17e, &(0x7f0000002380)={0x5, 0xf, 0x17e, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x1a, 0x2, 0x0, 0x2}, @generic={0x8d, 0x10, 0x4, "bdc79c040db76040a2e6eabfa2d3494c553b7ccb87786bbec1544a5ab272bfc14ec9aa4da0eb79f8c363b16d89c2fc1e86ca3c41ce37cfc2540b83eb6b7c40c89e138f0b935933ed67542349730e4baaae1f81e4b7336bc20163547f1846313cc0ca3adb81c3755ed83dd13e04c16a89d5df68fb30b99d445a848b99a06de55e3997fd12a7008b4109f2"}, @generic={0xce, 0x10, 0xb, "cf016e0584b224d20e2a67b6f728b8540ac3f6018fdf12eedc04ec58b41b1e11e3154c97ba8e10f15488eee08d271acf303a0dfca2b1a58deae8930bb7bf3d2025918f635de6bd2094f099f0a530d5e3c126ee50303718914ed2a3834c0cce2bf940455716cf444f2e6f0d8f2662553e16828c0bebf7f7ad16c8b1fe724fa96c4f2a8ec18b9f9e2f47a67886326c1e2c2b8f083daf7e2a16df31fd19de90746f22cf9a810a0d3cc0ff36bf49db87288bab107df08b86e12b12c65fd6a2a986ee7ecc46b3d88b8a35ba214a"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0x1, 0x34, 0x2}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xb, 0x9, 0xae, 0x2}, @ptm_cap={0x3}]}, 0x8, [{0x4e, &(0x7f0000002500)=@string={0x4e, 0x3, "5ce04fca284dfb3a64f4f77595e2c046741daf70a27955df6db8e0050171c59e94291280821cf2850ed8ce2aea4b65dd61fd1aee260477336bb8ae4fbd2be702975784db1655d9dfc4bb98c1"}}, {0x4, &(0x7f0000002580)=@lang_id={0x4, 0x3, 0x40a}}, {0x7d, &(0x7f00000025c0)=@string={0x7d, 0x3, "44ffbb2616ed64d2b3add3727cb3d67411d1e358983f0b032ddf345c56c118837d0c059a0bbbce703c56878e6abc31d3262e2b84446c50ff451b62a531103e6b42fbf7e08d2240aa883f0c23d879a994f60f113745832773a6b73d4fbf6f2c9e982e5d7f06778631978ff33208e6d9bdfc7c71bed87c3935658fc2"}}, {0xfc, &(0x7f0000002640)=@string={0xfc, 0x3, "f3b94bf9471d1b420d9530fc3cee0e4a64c3efd78646ffe679ca09cc6c6d093c945497576def35bf32b7d00840e2e7d7286730592c8ae88b6efb84755ebab98d9c6751bca4eec9d6dd91127ae4b97734fc3b1ac2c5ccf278021318c52ad532059b80a9842c8227750a9e3f34ded0029ea04bd6865ed26ea577757ff1c68e5913bb2943b5e4b1144ddc7da8f7393d74cbbd1a35534314f67b8ced82dd0e80785687199ebccceca4f6ca404d04c6ecba1eff419ea0f633fc60fe461f18ad7cbaec68ebb77dfd27c7b85ccd7014a3ea88270daf922967ed1d49a300c6568eafe365a08ca426dae943f6761c130668de80facc3dc77604f78da9f34f"}}, {0x4, &(0x7f0000002740)=@lang_id={0x4, 0x3, 0x200a}}, {0xfd, &(0x7f0000002780)=@string={0xfd, 0x3, "5ba2bcf25acaa9d4b19172402a002f794a2f0666f7ca3620db0db9df99d045ef029ee51ca29000b98899b321e2c71f895179b8a401c6ae7f1a2cc45588a2266547879b15007b44594ad2edfb044fd3b150511cbf1d38a2fe3f34239a4fb95881972399b6b1ed764d996712463c28e4a2ef0bcc33fb8edf73601a52a4eab6b44625ae1f058da82a5edbd116598260b664a8aadb26a92f9dc31d14e8ae174412faa20c241af8ed528c17062100fb727a9fad949a178e42301daf01e0dae02376750958a482b98ce649b7703157d14242cb7c3896e9264f70f161f1b319926b0c6ab83f5552effc50d339d242865776726ffcbf19f4462455516f5d2a"}}, {0xc7, &(0x7f0000002880)=@string={0xc7, 0x3, "426182c0c5fde54ad652243f6b19bc861296a00e0cf1a0e50b7ae3a2b0ab6cfb2759d85247107f0a4244b486627390e0572647220c8f49473e084708e0c07af67c0857f03fd59856a1b122129d13851f97231f04d54b660a073108f3dfeebd9acdf96d6c5fccb3689f3a2e426efe12a92f08dd237f307bf743ba06714eda90bf3c10de418c66b35fe8b343022acc51e70e72af97ab74882da0bd968aa3f5e9b272089773b2033a4218a7d68c1dab535ed5bf6efe9c1c0b0617b6ec39269c7c1cffcc2fbb0f"}}, {0x2a, &(0x7f0000002980)=@string={0x2a, 0x3, "fc7f047e7b2bfafdd3dbc74af92e0bd71045ca4412fb86f7af2d4ce3c6a3f8672a9f667ed6aca060"}}]})
syz_usb_control_io$hid(r9, &(0x7f0000002b40)={0x24, &(0x7f0000002a40)={0x0, 0xc, 0x31, {0x31, 0xc, "6310bf87715a175b1749f645167838947e20c444056284cedf2bd404740310be68c768be11faae646bc9bd5afe248e"}}, &(0x7f0000002a80)={0x0, 0x3, 0x23, @string={0x23, 0x3, "4661d0f497ec03ff340631108a1883ac5c4da6e6c803acfd416c8100e49a32255c"}}, &(0x7f0000002ac0)={0x0, 0x22, 0x6, {[@local=@item_012={0x0, 0x2, 0x5}, @main=@item_4={0x3, 0x0, 0x8, "1edf1e37"}]}}, &(0x7f0000002b00)={0x0, 0x21, 0x9, {0x9, 0x21, 0x3, 0xe, 0x1, {0x22, 0xaf5}}}}, &(0x7f0000002d40)={0x2c, &(0x7f0000002b80)={0x40, 0xe, 0x63, "10b5c88342531432791478988bcdf2b62e960ec59726b8e27773aa918ff3c99b02c4255691eaa639814cca70dbd603d5f6f95825af8a92589f7fc833754e811f0c0a9963b69e01a0e27f4f23ee352f721fabf3e154f3248de7a9269e4ca5c85f2ea18b"}, &(0x7f0000002c00)={0x0, 0xa, 0x1, 0xc5}, &(0x7f0000002c40)={0x0, 0x8, 0x1, 0x93}, &(0x7f0000002c80)={0x20, 0x1, 0x53, "3169963303ba470b8811c2c3d6fff253f0a5215cf836f86d6dbb1fd1dd1738adaa8dbdd3b625b16d16d0f03ba6a88e17d8b072ec627dfd35cac5b664e39ae5983ae47f33127aef63766f30c54b05d13cd9fdcc"}, &(0x7f0000002d00)={0x20, 0x3, 0x1}})
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000002ec0)={'syztnl2\x00', &(0x7f0000002dc0)={'tunl0\x00', <r11=>0x0, 0x80, 0x11, 0x6, 0x6, {{0x2c, 0x4, 0x3, 0x9, 0xb0, 0x68, 0x0, 0x0, 0x4, 0x0, @broadcast, @multicast2, {[@timestamp_prespec={0x44, 0x14, 0x6e, 0x3, 0x4, [{@multicast1, 0xaa45}, {@remote, 0xfffffffb}]}, @timestamp_addr={0x44, 0xc, 0xae, 0x1, 0x0, [{@broadcast, 0x9}]}, @lsrr={0x83, 0x17, 0xca, [@private=0xa010102, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @local, @private=0xa010102]}, @ra={0x94, 0x4}, @ra={0x94, 0x4}, @lsrr={0x83, 0x17, 0xbc, [@multicast1, @loopback, @broadcast, @empty, @private=0xa010100]}, @timestamp_addr={0x44, 0x24, 0x57, 0x1, 0x7, [{@private=0xa010100, 0x33a0e11c}, {@multicast2, 0x1}, {@private=0xa010100, 0x25dd}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x1}]}, @ra={0x94, 0x4, 0x1}, @rr={0x7, 0x1b, 0xdc, [@broadcast, @multicast2, @multicast2, @empty, @broadcast, @private=0xa010102]}]}}}}})
sendmsg$nl_route(r10, &(0x7f0000002f80)={&(0x7f0000002d80)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000002f40)={&(0x7f0000002f00)=@ipv6_newaddrlabel={0x30, 0x48, 0x400, 0x70bd28, 0x25dfdbfc, {0xa, 0x0, 0x8, 0x0, r11, 0xf9}, [@IFAL_ADDRESS={0x14, 0x1, @mcast2}]}, 0x30}, 0x1, 0x0, 0x0, 0x8090}, 0x20004054)

6.084794299s ago: executing program 6 (id=1802):
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x42, &(0x7f00000005c0)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}, @void, {@mpls_mc={0x8848, {[{0x51}, {0x3ff, 0x0, 0x1}, {0xe9, 0x0, 0x1}, {0x0, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0xffffb}, {0x4}], @ipv4=@generic={{0x6, 0x4, 0x1, 0x0, 0x18, 0x65, 0x0, 0x55, 0x6c, 0x0, @private=0xa010100, @remote, {[@lsrr={0x83, 0x3, 0xcc}]}}}}}}}, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "fca33f", 0x8, 0x73, 0x0, @local, @local, {[@fragment={0x2f, 0x0, 0x7, 0x1, 0x0, 0x9, 0x66}]}}}}}, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10)
socket$kcm(0x29, 0x2, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
semget$private(0x0, 0x2, 0x302)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0x48}}, 0x0)
sendmmsg$alg(r2, &(0x7f00000000c0), 0x492492492492627, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000007a80)=[{{&(0x7f0000000b40)=@abs={0x1, 0x0, 0x4e20}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x8004}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800}}], 0x5, 0x48000)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000380), 0x98)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000380)='f2fs\x00', 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000800)=@newsa={0x148, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@local, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {}, {}, {}, 0x0, 0x1003502, 0xa}, [@offload={0xc}, @algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}}}]}, 0x148}}, 0x0)

5.656921272s ago: executing program 6 (id=1803):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
socket(0x29, 0x6, 0xfffffff8)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
r2 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8}]}, 0x3c}}, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x1e0, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4})
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021940000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000680003806400dec6080003400000000258000b80200001800a00010071756f7461000000100002800c0001400000000000000000340001800a0001006c696d69740000002400028008000440000000010c00024000000000000000000c0001400000000000000003"], 0x118}}, 0x0) (fail_nth: 3)

2.58475375s ago: executing program 9 (id=1805):
msync(&(0x7f0000003000/0x1000)=nil, 0xffffffffdfffcfff, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000380), 0x602280, 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x88b02, 0x0)
write$P9_RSTATu(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="300200bf000000000000000000000000000000000000000000000000000000000000000000000000000000001b00046e6f6465767b65766f6f7e0539c600053ad130ed3a8b920000003800704a86cec602007dfa673effeb09b5351f5bde054000000000187b8200b500002b595fcb14034354b9fd9ef196a51cd5157adc8103b494e11400cfc26dd7c500f04cd85f2a70f5e9930e3c5db45a5500f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a400b4b0b4f174a666a8529a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1cbe43f4fd1a4cc280e8e289da649a37002c016f6465762f6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a453369498b86e30c4ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e1c2d87fff00"/542, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x230)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000080)={@mcast2, 0x300, 0x0, 0x3, 0x9, 0x0, 0x6}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000080)={@rand_addr=' \x01\x00', 0x300, 0x0, 0x3, 0x9, 0x3, 0x6}, 0x20)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000080), 0x9, 0x842)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[])

2.584170946s ago: executing program 9 (id=1806):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000040)={0x969c, 0x3}, 0x18, 0x0)
landlock_restrict_self(r2, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000040)={0x10, 0x1, 0x3}, 0x18, 0x3)
landlock_restrict_self(r3, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r5, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10)
connect$inet(r5, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10)
sendmmsg$inet(r5, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000d1", @ANYRES32=0x0, @ANYBLOB="2a1004000000000008001b0000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20048050}, 0x4000)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r4, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x11, r4, 0xffffc000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffff77, 0x0, 0x0}, &(0x7f0000000000)=0x40)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f0000000100)=@x86={0x7, 0x4, 0x3f, 0x0, 0x17, 0x1, 0xe, 0xfe, 0x4, 0x8, 0x7, 0x8, 0x0, 0x5, 0x10000, 0x2, 0x4, 0x0, 0x1, '\x00', 0x0, 0x8})
r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000340)={<r10=>0xffffffffffffffff}, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r9, &(0x7f0000000500)={0x14, 0x88, 0xfa00, {r10, 0x30, 0x0, @ib={0x1b, 0xfffe, 0x5, {"abea0868f5d0b37dd78c7e53dabed334"}, 0x7, 0xe, 0x193}}}, 0x90)
sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a74000004060a010400000000000000000a0000050900010073797a310000000048000480440001800a000100696e6e657200000034000280080004400000001710000580090001006d65746100000000080003ada3f425696cdde1e32eb6009a9d4000000005080002400000008408000140000000000900020073797a3200000000140000001100010000000000000000000100000a"], 0x9c}, 0x1, 0x0, 0x0, 0x80040}, 0x24000000)

2.405396012s ago: executing program 9 (id=1807):
openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0c01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
openat$dir(0xffffffffffffff9c, 0x0, 0x140, 0x82)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x90e7d000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
r4 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
read$midi(r4, 0x0, 0x14)
socket$inet6_tcp(0xa, 0x1, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IOCTL_VMCI_CTX_REMOVE_NOTIFICATION(r5, 0x7b0, 0x0)

1.500171622s ago: executing program 9 (id=1808):
unshare(0x26020280)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd(0x2c0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x4, 0x1000, 0x2, r2, 0xa})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000240)={0x7, 0x10000, 0x1, r2, 0x1})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x2, 0x10000, 0x0, r2, 0x4})
r3 = socket$kcm(0x29, 0x5, 0x0)
setsockopt$sock_timeval(r3, 0x1, 0x3d, &(0x7f0000000080), 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a0b04000000000000070002dfa5b11937028db945d90457f9f01f0000002400048020000180070001006374000014000280080001400000001708000240000000080900010073797a30000000000900020073797a3200000000140000001143340d566d2ec32fb44a3add04057bf6fe2064939f0dbf25e727f5891834f8d72344a8f8ece0a3c137dbbdb0e9b9f1db170374a6d76cfa5cea95d90ced85845cf97514ff4d1e5ddda2c472fb65977ad9693fd08d93b76a2c92cb2a13dc607980c8b49d2b035ddc513c8bf0d0997d270fff238de5b1bdd7578f03efcb58914b2f65ed90aa89dd96e36c0fdda4cf03c157cf70a38d6e80697d9ecf3ba4614ffacde583afc8b3b4f7b3f55e96586fdf0ca39370bd4213f101010000e92e68e08b16da2b98aa643fa7d2fd34a094bfd95c"], 0x78}}, 0x0)
r5 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r5, 0xc004743e, 0x110c230000)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0600000004000000b03700e05c"], 0x48)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4f6b04, 0x0)
set_mempolicy(0x4005, &(0x7f0000000040)=0x1001, 0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(0xffffffffffffffff, 0x80045104, 0x0)
syz_clone(0x6120480, 0x0, 0xa6fc3956163455dc, 0x0, 0x0, 0x0)

1.374236884s ago: executing program 9 (id=1809):
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000140)='zonefs\x00', 0x0, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r1, 0xfffffffd, 0x0, 0x30, 0x0, @in={0x2, 0x4e23, @loopback}, @ib={0x1b, 0x0, 0x9, {"7d0300"}, 0x0, 0x0, 0x2}}}, 0x118)
write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000180)={0x7, 0x8, 0xfa00, {r1, 0xffffffef}}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
fspick(0xffffffffffffffff, &(0x7f0000000980)='./file0\x00', 0x0)
r3 = epoll_create(0x10001)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000538acc089c0e00001e5b0102030109021b00010000000009040000014b34ef000905", @ANYRES16], 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000009c0)=ANY=[@ANYRESDEC=r2, @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',\x00'])
write$vga_arbiter(r2, &(0x7f0000000100)=ANY=[@ANYBLOB], 0xb)
connect$unix(r2, &(0x7f0000000a40)=@file={0x1, './file0\x00'}, 0x6e)
shutdown(r2, 0x0)

6.364148ms ago: executing program 67 (id=1780):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000008000000006de9200095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
mkdir(0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(0x0, 0x284a40, 0x1df2a23c5997fa5f)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x2000)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x1, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x2000001}}, {0x0, 0x13}}}, 0xa0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x180)
chdir(&(0x7f0000000140)='./file0/file0\x00')
setpgid(r3, r3)
open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r4, 0x5607, 0x3)

0s ago: executing program 9 (id=1811):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000000)={0x1, 0x0, [{0x1, 0x4, 0x0, 0x0, @msi={0x8, 0x1, 0x7fff, 0x80}}]})
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a000000fa000a03000000000000000000010000090900010073797a300000000050000000090a010400000000000000000100100008000a40000000000900010073797a3000000000080005400000001e0c00098008000140000060000900020073797a32000000000800034000000023140000001000010037560000000000000000000a4267252c9564c9dd3a3fade3323800359a5cc1b7dec1ea0217972a9471169469ca901da744d8cd9342411530"], 0x98}}, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000ffed000005"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r5}, 0x18)
faccessat2(0xffffffffffffffff, 0x0, 0x9c, 0x200)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x7f)
bind$alg(r3, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r6 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$alg(r6, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
syz_genetlink_get_family_id$l2tp(0x0, r6)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r7, 0x4b67, &(0x7f0000000040)={0x3ffffffffffffe96, &(0x7f0000000000)=[{0x2000, 0x5}]})
sendmsg$key(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0x30}}, 0x0)

kernel console output (not intermixed with test programs):

hanging to 7
[  564.771994][ T5959] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  564.774189][ T5959] usb 7-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  564.774214][ T5959] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  564.774231][ T5959] usb 7-1: Product: syz
[  564.774244][ T5959] usb 7-1: Manufacturer: syz
[  564.774257][ T5959] usb 7-1: SerialNumber: syz
[  564.775170][ T5959] usb 7-1: config 0 descriptor??
[  564.830789][ T5959] streamzap 7-1:0.0: streamzap_probe: endpoint Max Packet Size is 0!?!
[  564.988120][   T24] usb 7-1: USB disconnect, device number 2
[  565.094223][T13007] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  565.094281][T13007] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  565.094328][T13007] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  565.094396][T13007] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  565.270260][T13006] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  565.270275][T13006] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  565.270304][T13006] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  565.270313][T13006] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  565.300907][   T50] Bluetooth: hci25: command tx timeout
[  565.862088][T13013] FAULT_INJECTION: forcing a failure.
[  565.862088][T13013] name failslab, interval 1, probability 0, space 0, times 0
[  565.862118][T13013] CPU: 0 UID: 0 PID: 13013 Comm: syz.6.1688 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  565.862139][T13013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  565.862149][T13013] Call Trace:
[  565.862154][T13013]  <TASK>
[  565.862160][T13013]  dump_stack_lvl+0x16c/0x1f0
[  565.862181][T13013]  should_fail_ex+0x512/0x640
[  565.862211][T13013]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  565.862228][T13013]  should_failslab+0xc2/0x120
[  565.862244][T13013]  __kmalloc_noprof+0xd2/0x510
[  565.862271][T13013]  tomoyo_realpath_from_path+0xc2/0x6e0
[  565.862288][T13013]  ? tomoyo_profile+0x47/0x60
[  565.862306][T13013]  tomoyo_path_number_perm+0x245/0x580
[  565.862328][T13013]  ? tomoyo_path_number_perm+0x237/0x580
[  565.862351][T13013]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  565.862378][T13013]  ? preempt_count_add+0x76/0x150
[  565.862402][T13013]  ? rcu_is_watching+0x12/0xc0
[  565.862422][T13013]  ? __fget_files+0x204/0x3c0
[  565.862436][T13013]  ? hook_file_ioctl_common+0x145/0x410
[  565.862455][T13013]  ? lock_release+0x201/0x2f0
[  565.862469][T13013]  ? __fget_files+0x20e/0x3c0
[  565.862484][T13013]  security_file_ioctl+0x9b/0x240
[  565.862500][T13013]  __x64_sys_ioctl+0xb7/0x210
[  565.862522][T13013]  do_syscall_64+0xcd/0x4c0
[  565.862539][T13013]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  565.862556][T13013] RIP: 0033:0x7f28fc78e9a9
[  565.862568][T13013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  565.862583][T13013] RSP: 002b:00007f28fa5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  565.862600][T13013] RAX: ffffffffffffffda RBX: 00007f28fc9b5fa0 RCX: 00007f28fc78e9a9
[  565.862611][T13013] RDX: 0000200000000280 RSI: 00000000c0e85667 RDI: 0000000000000003
[  565.862621][T13013] RBP: 00007f28fa5f6090 R08: 0000000000000000 R09: 0000000000000000
[  565.862631][T13013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  565.862640][T13013] R13: 0000000000000000 R14: 00007f28fc9b5fa0 R15: 00007fffe8c0ef68
[  565.862657][T13013]  </TASK>
[  565.862679][T13013] ERROR: Out of memory at tomoyo_realpath_from_path.
[  566.421306][   T50] Bluetooth: hci24: command tx timeout
[  566.470876][T12267] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  566.620861][T12267] usb 7-1: Using ep0 maxpacket: 8
[  566.624293][T12267] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[  566.624309][T12267] usb 7-1: config 179 has no interface number 0
[  566.624326][T12267] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  566.624341][T12267] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  566.624356][T12267] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  566.624370][T12267] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  566.624385][T12267] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  566.624405][T12267] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  566.624417][T12267] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  566.627438][T13017] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22
[  567.381607][   T50] Bluetooth: hci25: command tx timeout
[  568.501210][   T50] Bluetooth: hci24: command tx timeout
[  568.946905][   T24] usb 7-1: USB disconnect, device number 3
[  568.946905][    C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  568.946939][    C0] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  569.471579][T12104] Bluetooth: hci25: command tx timeout
[  569.916211][   T50] Bluetooth: hci26: unexpected cc 0x0c03 length: 249 > 1
[  569.916408][   T50] Bluetooth: hci26: unexpected cc 0x1003 length: 249 > 9
[  569.916579][   T50] Bluetooth: hci26: unexpected cc 0x1001 length: 249 > 9
[  569.917017][   T50] Bluetooth: hci26: unexpected cc 0x0c23 length: 249 > 4
[  569.917304][   T50] Bluetooth: hci26: unexpected cc 0x0c38 length: 249 > 2
[  569.920084][T13024] loop6: detected capacity change from 0 to 524287999
[  569.923515][    C0] blk_print_req_error: 27 callbacks suppressed
[  569.923530][    C0] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 2 prio class 0
[  569.923553][    C0] buffer_io_error: 26 callbacks suppressed
[  569.923562][    C0] Buffer I/O error on dev loop6, logical block 0, lost async page write
[  569.923596][    C0] Buffer I/O error on dev loop6, logical block 1, lost async page write
[  569.938358][T13021] lo speed is unknown, defaulting to 1000
[  570.073541][T13021] chnl_net:caif_netlink_parms(): no params data found
[  570.356126][T13021] bridge0: port 1(bridge_slave_0) entered blocking state
[  570.356154][T13021] bridge0: port 1(bridge_slave_0) entered disabled state
[  570.356246][T13021] bridge_slave_0: entered allmulticast mode
[  570.356742][T13021] bridge_slave_0: entered promiscuous mode
[  570.358206][T13021] bridge0: port 2(bridge_slave_1) entered blocking state
[  570.358243][T13021] bridge0: port 2(bridge_slave_1) entered disabled state
[  570.358329][T13021] bridge_slave_1: entered allmulticast mode
[  570.358833][T13021] bridge_slave_1: entered promiscuous mode
[  570.380454][T13021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  570.383368][T13021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  570.448410][T13021] team0: Port device team_slave_0 added
[  570.449630][T13021] team0: Port device team_slave_1 added
[  570.479263][T13021] batman_adv: batadv0: Adding interface: batadv_slave_0
[  570.479278][T13021] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  570.479331][T13021] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  570.482726][T13021] batman_adv: batadv0: Adding interface: batadv_slave_1
[  570.482736][T13021] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  570.482792][T13021] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  570.532930][T13021] hsr_slave_0: entered promiscuous mode
[  570.540978][T13021] hsr_slave_1: entered promiscuous mode
[  570.541454][T13021] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  570.541468][T13021] Cannot create hsr debugfs directory
[  570.674757][T13021] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.724757][T13021] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.789627][T13021] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.842971][T13021] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.891103][ T5848] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  570.908561][T12104] Bluetooth: hci27: unexpected cc 0x0c03 length: 249 > 1
[  570.909238][T12104] Bluetooth: hci27: unexpected cc 0x1003 length: 249 > 9
[  570.910423][T12104] Bluetooth: hci27: unexpected cc 0x1001 length: 249 > 9
[  570.917056][T12104] Bluetooth: hci27: unexpected cc 0x0c23 length: 249 > 4
[  570.917421][T12104] Bluetooth: hci27: unexpected cc 0x0c38 length: 249 > 2
[  570.934440][T13021] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  570.936400][T13021] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  570.939226][T13021] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  570.942503][T13021] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  570.947129][T13040] lo speed is unknown, defaulting to 1000
[  570.978923][T13021] bridge0: port 2(bridge_slave_1) entered blocking state
[  570.978959][T13021] bridge0: port 2(bridge_slave_1) entered forwarding state
[  570.979067][T13021] bridge0: port 1(bridge_slave_0) entered blocking state
[  570.979100][T13021] bridge0: port 1(bridge_slave_0) entered forwarding state
[  571.042040][T13040] chnl_net:caif_netlink_parms(): no params data found
[  571.065735][ T5848] usb 7-1: config 0 has an invalid interface number: 98 but max is 0
[  571.065780][ T5848] usb 7-1: config 0 has no interface number 0
[  571.065802][ T5848] usb 7-1: config 0 interface 98 has no altsetting 0
[  571.067521][ T5848] usb 7-1: New USB device found, idVendor=1110, idProduct=9024, bcdDevice=db.24
[  571.067546][ T5848] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.067564][ T5848] usb 7-1: Product: syz
[  571.067578][ T5848] usb 7-1: Manufacturer: syz
[  571.067591][ T5848] usb 7-1: SerialNumber: syz
[  571.068546][ T5848] usb 7-1: config 0 descriptor??
[  571.079418][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  571.079960][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  571.102437][T13040] bridge0: port 1(bridge_slave_0) entered blocking state
[  571.102619][T13040] bridge0: port 1(bridge_slave_0) entered disabled state
[  571.102813][T13040] bridge_slave_0: entered allmulticast mode
[  571.103376][T13040] bridge_slave_0: entered promiscuous mode
[  571.104568][T13040] bridge0: port 2(bridge_slave_1) entered blocking state
[  571.104747][T13040] bridge0: port 2(bridge_slave_1) entered disabled state
[  571.104847][T13040] bridge_slave_1: entered allmulticast mode
[  571.105461][T13040] bridge_slave_1: entered promiscuous mode
[  571.122773][T13040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  571.124487][T13021] 8021q: adding VLAN 0 to HW filter on device bond0
[  571.125995][T13040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  571.141627][T13040] team0: Port device team_slave_0 added
[  571.143880][T13040] team0: Port device team_slave_1 added
[  571.155810][T13040] batman_adv: batadv0: Adding interface: batadv_slave_0
[  571.155824][T13040] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  571.155939][T13040] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  571.157047][T13040] batman_adv: batadv0: Adding interface: batadv_slave_1
[  571.157058][T13040] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  571.157142][T13040] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  571.181164][T13021] 8021q: adding VLAN 0 to HW filter on device team0
[  571.205190][T12517] bridge0: port 1(bridge_slave_0) entered blocking state
[  571.205232][T12517] bridge0: port 1(bridge_slave_0) entered forwarding state
[  571.206207][T12517] bridge0: port 2(bridge_slave_1) entered blocking state
[  571.206237][T12517] bridge0: port 2(bridge_slave_1) entered forwarding state
[  571.213265][T13040] hsr_slave_0: entered promiscuous mode
[  571.213769][T13040] hsr_slave_1: entered promiscuous mode
[  571.214069][T13040] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  571.214078][T13040] Cannot create hsr debugfs directory
[  571.289108][ T5848] usb 7-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9024) Rev (0XDB24): Eagle II
[  571.303688][T13040] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  571.349654][T13021] 8021q: adding VLAN 0 to HW filter on device batadv0
[  571.365644][T13040] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  571.408523][T13040] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  571.446967][T13040] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  571.513321][T13040] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  571.515262][T13040] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  571.517205][T13040] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  571.519509][T13040] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  571.529867][T13021] veth0_vlan: entered promiscuous mode
[  571.538971][T13021] veth1_vlan: entered promiscuous mode
[  571.565350][T13021] veth0_macvtap: entered promiscuous mode
[  571.567492][T13021] veth1_macvtap: entered promiscuous mode
[  571.577359][T13021] batman_adv: batadv0: Interface activated: batadv_slave_0
[  571.587610][T13021] batman_adv: batadv0: Interface activated: batadv_slave_1
[  571.592416][T13021] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  571.592443][T13021] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  571.592463][T13021] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  571.592483][T13021] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  571.594905][T13040] 8021q: adding VLAN 0 to HW filter on device bond0
[  571.614436][T13040] 8021q: adding VLAN 0 to HW filter on device team0
[  571.630583][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  571.630680][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  571.632300][T13021] ieee80211 phy58: Selected rate control algorithm 'minstrel_ht'
[  571.644928][T12521] bridge0: port 2(bridge_slave_1) entered blocking state
[  571.644969][T12521] bridge0: port 2(bridge_slave_1) entered forwarding state
[  571.658674][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  571.658707][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  571.672529][T13021] ieee80211 phy59: Selected rate control algorithm 'minstrel_ht'
[  571.707981][T12517] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  571.707998][T12517] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  571.778326][T13075] tipc: Started in network mode
[  571.778353][T13075] tipc: Node identity 42159b67846, cluster identity 4711
[  571.778433][T13075] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  571.779381][T13075] syzkaller0: entered promiscuous mode
[  571.779399][T13075] syzkaller0: entered allmulticast mode
[  571.788291][T13075] syzkaller0: mtu less than device minimum
[  571.789268][T13074] tipc: Resetting bearer <eth:syzkaller0>
[  571.792856][T13074] tipc: Disabling bearer <eth:syzkaller0>
[  571.809223][T13040] 8021q: adding VLAN 0 to HW filter on device batadv0
[  571.927708][T13040] veth0_vlan: entered promiscuous mode
[  571.930226][T13040] veth1_vlan: entered promiscuous mode
[  571.940203][T13040] veth0_macvtap: entered promiscuous mode
[  571.943137][ T5848] usb 7-1: reset high-speed USB device number 4 using dummy_hcd
[  571.943671][T12104] Bluetooth: hci26: command tx timeout
[  571.945763][T13040] veth1_macvtap: entered promiscuous mode
[  571.955246][T13040] batman_adv: batadv0: Interface activated: batadv_slave_0
[  571.958676][T13040] batman_adv: batadv0: Interface activated: batadv_slave_1
[  571.960546][T13040] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  571.960566][T13040] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  571.960580][T13040] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  571.960595][T13040] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  571.977411][T13040] ieee80211 phy60: Selected rate control algorithm 'minstrel_ht'
[  571.996744][T12517] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  571.996763][T12517] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  571.998832][T13040] ieee80211 phy61: Selected rate control algorithm 'minstrel_ht'
[  572.025179][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  572.025198][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  572.057508][T13084] netlink: 'syz.7.1696': attribute type 10 has an invalid length.
[  572.057954][T13084] veth0_macvtap: left promiscuous mode
[  572.059673][T13084] batman_adv: batadv0: Adding interface: macvtap0
[  572.059686][T13084] batman_adv: batadv0: The MTU of interface macvtap0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  572.059755][T13084] batman_adv: batadv0: Not using interface macvtap0 (retrying later): interface not active
[  572.293371][   T30] audit: type=1326 audit(1753396108.762:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13085 comm="syz.7.1697" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd0d718e9a9 code=0x0
[  572.378336][T13086] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1697'.
[  572.383406][   T24] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=24 comm=kworker/1:0
[  572.383514][T13086] 9pnet: p9_errstr2errno: server reported unknown error 18446744073709
[  572.556756][ T5848] usb 7-1: failed to restore interface 98 altsetting 4 (error=-71)
[  572.556900][ T5848] usb 7-1: [ueagle-atm] pre-firmware device, uploading firmware
[  572.557005][ T5848] usb 7-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw
[  572.558232][   T10] usb 7-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2
[  572.558315][   T10] usb 7-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw
[  572.558332][   T30] audit: type=1400 audit(1753396109.032:553): avc:  denied  { firmware_load } for  pid=10 comm="kworker/0:1" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  572.558638][ T5848] usb 7-1: USB disconnect, device number 4
[  572.980876][T12104] Bluetooth: hci27: command tx timeout
[  573.612459][T13093] siw: device registration error -23
[  574.032078][T12104] Bluetooth: hci26: command tx timeout
[  574.164027][T12479] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  574.573326][ T5848] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  574.598157][T13107] siw: device registration error -23
[  574.741235][ T5848] usb 7-1: Using ep0 maxpacket: 8
[  574.743811][ T5848] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[  574.743834][ T5848] usb 7-1: config 179 has no interface number 0
[  574.743854][ T5848] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  574.743870][ T5848] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  574.743885][ T5848] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  574.743899][ T5848] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  574.743913][ T5848] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  574.743930][ T5848] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  574.743942][ T5848] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  574.747871][T13103] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22
[  575.060816][T12104] Bluetooth: hci27: command tx timeout
[  576.100874][T12104] Bluetooth: hci26: command tx timeout
[  576.751749][ T5892] usb 7-1: USB disconnect, device number 5
[  576.751798][    C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  576.751833][    C0] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  576.991636][   T50] Bluetooth: hci28: unexpected cc 0x0c03 length: 249 > 1
[  576.997607][   T50] Bluetooth: hci28: unexpected cc 0x1003 length: 249 > 9
[  576.998562][   T50] Bluetooth: hci28: unexpected cc 0x1001 length: 249 > 9
[  577.005742][   T50] Bluetooth: hci28: unexpected cc 0x0c23 length: 249 > 4
[  577.006123][   T50] Bluetooth: hci28: unexpected cc 0x0c38 length: 249 > 2
[  577.056462][T13118] lo speed is unknown, defaulting to 1000
[  577.143883][T12104] Bluetooth: hci27: command tx timeout
[  577.192860][T13118] chnl_net:caif_netlink_parms(): no params data found
[  577.386709][T13118] bridge0: port 1(bridge_slave_0) entered blocking state
[  577.386797][T13118] bridge0: port 1(bridge_slave_0) entered disabled state
[  577.386931][T13118] bridge_slave_0: entered allmulticast mode
[  577.387532][T13118] bridge_slave_0: entered promiscuous mode
[  577.388570][T13118] bridge0: port 2(bridge_slave_1) entered blocking state
[  577.388632][T13118] bridge0: port 2(bridge_slave_1) entered disabled state
[  577.388760][T13118] bridge_slave_1: entered allmulticast mode
[  577.389355][T13118] bridge_slave_1: entered promiscuous mode
[  577.410119][T13118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  577.413179][T13118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  577.422990][T13118] team0: Port device team_slave_0 added
[  577.424233][T13118] team0: Port device team_slave_1 added
[  577.434122][T13118] batman_adv: batadv0: Adding interface: batadv_slave_0
[  577.434151][T13118] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  577.434234][T13118] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  577.435563][T13118] batman_adv: batadv0: Adding interface: batadv_slave_1
[  577.435575][T13118] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  577.435659][T13118] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  577.455927][T13118] hsr_slave_0: entered promiscuous mode
[  577.456431][T13118] hsr_slave_1: entered promiscuous mode
[  577.456768][T13118] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  577.456778][T13118] Cannot create hsr debugfs directory
[  577.502240][T13118] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  577.502263][T13118] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.535381][T13118] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  577.535414][T13118] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.587008][T13118] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  577.587040][T13118] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.624410][T13118] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  577.624436][T13118] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.697268][T13118] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  577.699169][T13118] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  577.701043][T13118] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  577.703912][T13118] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  577.717931][T13118] bridge0: port 2(bridge_slave_1) entered blocking state
[  577.717992][T13118] bridge0: port 2(bridge_slave_1) entered forwarding state
[  577.718059][T13118] bridge0: port 1(bridge_slave_0) entered blocking state
[  577.718086][T13118] bridge0: port 1(bridge_slave_0) entered forwarding state
[  577.761682][ T1050] bridge0: port 1(bridge_slave_0) entered disabled state
[  577.762116][ T1050] bridge0: port 2(bridge_slave_1) entered disabled state
[  577.769954][T13118] 8021q: adding VLAN 0 to HW filter on device bond0
[  577.794327][T13118] 8021q: adding VLAN 0 to HW filter on device team0
[  577.797785][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  577.797829][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  577.802531][ T9058] bridge0: port 2(bridge_slave_1) entered blocking state
[  577.802579][ T9058] bridge0: port 2(bridge_slave_1) entered forwarding state
[  577.928300][T13118] 8021q: adding VLAN 0 to HW filter on device batadv0
[  578.059996][T13118] veth0_vlan: entered promiscuous mode
[  578.064455][T13118] veth1_vlan: entered promiscuous mode
[  578.077088][T13118] veth0_macvtap: entered promiscuous mode
[  578.078880][T13118] veth1_macvtap: entered promiscuous mode
[  578.084398][T13118] batman_adv: batadv0: Interface activated: batadv_slave_0
[  578.087600][T13118] batman_adv: batadv0: Interface activated: batadv_slave_1
[  578.090114][T13118] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  578.090134][T13118] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  578.090150][T13118] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  578.090165][T13118] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  578.107193][T13118] ieee80211 phy62: Selected rate control algorithm 'minstrel_ht'
[  578.125832][ T9058] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  578.125849][ T9058] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  578.127201][T13118] ieee80211 phy63: Selected rate control algorithm 'minstrel_ht'
[  578.147690][ T9058] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  578.147723][ T9058] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  578.180797][T12104] Bluetooth: hci26: command tx timeout
[  579.062088][T12104] Bluetooth: hci28: command tx timeout
[  579.221098][T12104] Bluetooth: hci27: command tx timeout
[  580.427214][   T50] Bluetooth: hci29: unexpected cc 0x0c03 length: 249 > 1
[  580.427423][   T50] Bluetooth: hci29: unexpected cc 0x1003 length: 249 > 9
[  580.427747][   T50] Bluetooth: hci29: unexpected cc 0x1001 length: 249 > 9
[  580.428385][   T50] Bluetooth: hci29: unexpected cc 0x0c23 length: 249 > 4
[  580.428799][   T50] Bluetooth: hci29: unexpected cc 0x0c38 length: 249 > 2
[  580.445061][T13160] lo speed is unknown, defaulting to 1000
[  580.499158][T13160] chnl_net:caif_netlink_parms(): no params data found
[  580.536148][T13160] bridge0: port 1(bridge_slave_0) entered blocking state
[  580.536227][T13160] bridge0: port 1(bridge_slave_0) entered disabled state
[  580.536341][T13160] bridge_slave_0: entered allmulticast mode
[  580.537025][T13160] bridge_slave_0: entered promiscuous mode
[  580.538103][T13160] bridge0: port 2(bridge_slave_1) entered blocking state
[  580.538181][T13160] bridge0: port 2(bridge_slave_1) entered disabled state
[  580.538297][T13160] bridge_slave_1: entered allmulticast mode
[  580.538914][T13160] bridge_slave_1: entered promiscuous mode
[  580.555145][T13160] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  580.557237][T13160] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  580.569052][T13160] team0: Port device team_slave_0 added
[  580.570340][T13160] team0: Port device team_slave_1 added
[  580.580114][T13160] batman_adv: batadv0: Adding interface: batadv_slave_0
[  580.580126][T13160] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  580.580210][T13160] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  580.585319][T13160] batman_adv: batadv0: Adding interface: batadv_slave_1
[  580.585328][T13160] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  580.585404][T13160] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  580.600530][T13160] hsr_slave_0: entered promiscuous mode
[  580.601546][T13160] hsr_slave_1: entered promiscuous mode
[  580.601949][T13160] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  580.601964][T13160] Cannot create hsr debugfs directory
[  580.659580][T13160] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  580.696282][T13160] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  580.758814][T13160] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  580.797168][T13160] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  580.856292][T13160] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  580.858786][T13160] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  580.860239][T13160] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  580.863052][T13160] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  580.897604][T13160] 8021q: adding VLAN 0 to HW filter on device bond0
[  580.904079][T13160] 8021q: adding VLAN 0 to HW filter on device team0
[  580.907094][ T9096] bridge0: port 1(bridge_slave_0) entered blocking state
[  580.907142][ T9096] bridge0: port 1(bridge_slave_0) entered forwarding state
[  580.910569][T13112] bridge0: port 2(bridge_slave_1) entered blocking state
[  580.910616][T13112] bridge0: port 2(bridge_slave_1) entered forwarding state
[  581.013682][T13160] 8021q: adding VLAN 0 to HW filter on device batadv0
[  581.133342][T13160] veth0_vlan: entered promiscuous mode
[  581.138768][T13160] veth1_vlan: entered promiscuous mode
[  581.151242][   T50] Bluetooth: hci28: command tx timeout
[  581.155876][T13160] veth0_macvtap: entered promiscuous mode
[  581.158021][T13160] veth1_macvtap: entered promiscuous mode
[  581.165746][T13160] batman_adv: batadv0: Interface activated: batadv_slave_0
[  581.169033][T13160] batman_adv: batadv0: Interface activated: batadv_slave_1
[  581.172274][T13160] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  581.172302][T13160] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  581.172326][T13160] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  581.172364][T13160] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  581.186549][T13160] ieee80211 phy64: Selected rate control algorithm 'minstrel_ht'
[  581.206808][ T9058] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  581.206827][ T9058] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  581.208102][T13160] ieee80211 phy65: Selected rate control algorithm 'minstrel_ht'
[  581.235032][T13112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  581.235051][T13112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  582.510891][   T50] Bluetooth: hci29: command tx timeout
[  583.230770][   T50] Bluetooth: hci28: command tx timeout
[  583.845786][ T5892] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=5892 comm=kworker/0:5
[  583.846441][T13198] 9pnet: p9_errstr2errno: server reported unknown error 184467440737095
[  584.418698][T13205] siw: device registration error -23
[  584.580987][   T50] Bluetooth: hci29: command tx timeout
[  585.300961][   T50] Bluetooth: hci28: command tx timeout
[  586.661361][   T50] Bluetooth: hci29: command tx timeout
[  588.441726][T12104] Bluetooth: hci30: unexpected cc 0x0c03 length: 249 > 1
[  588.444391][T12104] Bluetooth: hci30: unexpected cc 0x1003 length: 249 > 9
[  588.444566][T12104] Bluetooth: hci30: unexpected cc 0x1001 length: 249 > 9
[  588.445076][T12104] Bluetooth: hci30: unexpected cc 0x0c23 length: 249 > 4
[  588.445373][T12104] Bluetooth: hci30: unexpected cc 0x0c38 length: 249 > 2
[  588.458372][T13208] lo speed is unknown, defaulting to 1000
[  588.522726][T13208] chnl_net:caif_netlink_parms(): no params data found
[  588.549794][T13208] bridge0: port 1(bridge_slave_0) entered blocking state
[  588.549866][T13208] bridge0: port 1(bridge_slave_0) entered disabled state
[  588.549982][T13208] bridge_slave_0: entered allmulticast mode
[  588.556536][T13208] bridge_slave_0: entered promiscuous mode
[  588.557714][T13208] bridge0: port 2(bridge_slave_1) entered blocking state
[  588.557741][T13208] bridge0: port 2(bridge_slave_1) entered disabled state
[  588.557838][T13208] bridge_slave_1: entered allmulticast mode
[  588.558425][T13208] bridge_slave_1: entered promiscuous mode
[  588.569687][T13208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  588.571698][T13208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  588.583943][T13208] team0: Port device team_slave_0 added
[  588.585360][T13208] team0: Port device team_slave_1 added
[  588.594663][T13208] batman_adv: batadv0: Adding interface: batadv_slave_0
[  588.594678][T13208] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  588.594748][T13208] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  588.595514][T13208] batman_adv: batadv0: Adding interface: batadv_slave_1
[  588.595525][T13208] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  588.595592][T13208] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  588.619960][T13208] hsr_slave_0: entered promiscuous mode
[  588.620458][T13208] hsr_slave_1: entered promiscuous mode
[  588.621049][T13208] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  588.621062][T13208] Cannot create hsr debugfs directory
[  588.675077][T13208] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  588.709449][T13208] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  588.745177][T13208] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  588.750717][T12104] Bluetooth: hci29: command tx timeout
[  588.784259][T13208] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  588.849706][T13208] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  588.853328][T13208] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  588.856639][T13208] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  588.858179][T13208] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  588.867663][T13208] bridge0: port 2(bridge_slave_1) entered blocking state
[  588.867700][T13208] bridge0: port 2(bridge_slave_1) entered forwarding state
[  588.867767][T13208] bridge0: port 1(bridge_slave_0) entered blocking state
[  588.867793][T13208] bridge0: port 1(bridge_slave_0) entered forwarding state
[  588.889479][T13208] 8021q: adding VLAN 0 to HW filter on device bond0
[  588.894707][ T2953] bridge0: port 1(bridge_slave_0) entered disabled state
[  588.895075][ T2953] bridge0: port 2(bridge_slave_1) entered disabled state
[  588.898915][T13208] 8021q: adding VLAN 0 to HW filter on device team0
[  588.914173][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  588.914227][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  588.914872][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  588.914899][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  589.007039][T13208] 8021q: adding VLAN 0 to HW filter on device batadv0
[  589.037095][T13208] veth0_vlan: entered promiscuous mode
[  589.040476][T13208] veth1_vlan: entered promiscuous mode
[  589.051440][T13208] veth0_macvtap: entered promiscuous mode
[  589.053689][T13208] veth1_macvtap: entered promiscuous mode
[  589.062274][T13208] batman_adv: batadv0: Interface activated: batadv_slave_0
[  589.066506][T13208] batman_adv: batadv0: Interface activated: batadv_slave_1
[  589.069050][T13208] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  589.069071][T13208] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  589.069086][T13208] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  589.069101][T13208] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  589.085478][T13208] ieee80211 phy66: Selected rate control algorithm 'minstrel_ht'
[  589.103808][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  589.103826][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  589.105908][T13208] ieee80211 phy67: Selected rate control algorithm 'minstrel_ht'
[  589.139313][T12521] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  589.139334][T12521] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  589.178728][T13229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  589.180143][T13229] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  589.326065][   T50] Bluetooth: hci31: unexpected cc 0x0c03 length: 249 > 1
[  589.326242][   T50] Bluetooth: hci31: unexpected cc 0x1003 length: 249 > 9
[  589.326407][   T50] Bluetooth: hci31: unexpected cc 0x1001 length: 249 > 9
[  589.326837][   T50] Bluetooth: hci31: unexpected cc 0x0c23 length: 249 > 4
[  589.327124][   T50] Bluetooth: hci31: unexpected cc 0x0c38 length: 249 > 2
[  589.344096][T13231] lo speed is unknown, defaulting to 1000
[  589.451682][T13231] chnl_net:caif_netlink_parms(): no params data found
[  589.488780][T13231] bridge0: port 1(bridge_slave_0) entered blocking state
[  589.488867][T13231] bridge0: port 1(bridge_slave_0) entered disabled state
[  589.488984][T13231] bridge_slave_0: entered allmulticast mode
[  589.489704][T13231] bridge_slave_0: entered promiscuous mode
[  589.491257][T13231] bridge0: port 2(bridge_slave_1) entered blocking state
[  589.492559][T13231] bridge0: port 2(bridge_slave_1) entered disabled state
[  589.492677][T13231] bridge_slave_1: entered allmulticast mode
[  589.493290][T13231] bridge_slave_1: entered promiscuous mode
[  589.507171][T13231] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  589.508859][T13231] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  589.526770][T13231] team0: Port device team_slave_0 added
[  589.528686][T13231] team0: Port device team_slave_1 added
[  589.539485][T13231] batman_adv: batadv0: Adding interface: batadv_slave_0
[  589.539495][T13231] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  589.539574][T13231] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  589.540344][T13231] batman_adv: batadv0: Adding interface: batadv_slave_1
[  589.540352][T13231] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  589.540429][T13231] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  589.556487][T13231] hsr_slave_0: entered promiscuous mode
[  589.557033][T13231] hsr_slave_1: entered promiscuous mode
[  589.557411][T13231] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  589.557421][T13231] Cannot create hsr debugfs directory
[  589.600566][T13231] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.634502][T13231] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.689549][T13231] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.737126][T13231] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.809357][T13231] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  589.811942][T13231] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  589.813542][T13231] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  589.815014][T13231] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  589.855692][T13231] 8021q: adding VLAN 0 to HW filter on device bond0
[  589.867959][T13231] 8021q: adding VLAN 0 to HW filter on device team0
[  589.872400][T12521] bridge0: port 1(bridge_slave_0) entered blocking state
[  589.872447][T12521] bridge0: port 1(bridge_slave_0) entered forwarding state
[  589.875737][T12517] bridge0: port 2(bridge_slave_1) entered blocking state
[  589.875780][T12517] bridge0: port 2(bridge_slave_1) entered forwarding state
[  589.985929][T13231] 8021q: adding VLAN 0 to HW filter on device batadv0
[  590.111391][T13231] veth0_vlan: entered promiscuous mode
[  590.115157][T13231] veth1_vlan: entered promiscuous mode
[  590.129021][T13231] veth0_macvtap: entered promiscuous mode
[  590.131017][T13231] veth1_macvtap: entered promiscuous mode
[  590.147767][T13231] batman_adv: batadv0: Interface activated: batadv_slave_0
[  590.151406][T13231] batman_adv: batadv0: Interface activated: batadv_slave_1
[  590.153336][T13231] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  590.153364][T13231] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  590.153382][T13231] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  590.153396][T13231] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  590.172688][T13231] ieee80211 phy68: Selected rate control algorithm 'minstrel_ht'
[  590.196281][T13231] ieee80211 phy69: Selected rate control algorithm 'minstrel_ht'
[  590.198442][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  590.198458][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  590.214720][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  590.214738][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  590.362594][T13259] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  590.362676][T13259] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  590.362727][T13259] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  590.362762][T13259] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  590.510324][T13258] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  590.510361][T13258] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  590.510426][T13258] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  590.510437][T13258] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[  590.510743][   T50] Bluetooth: hci30: command tx timeout
[  590.628786][T13263] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1717'.
[  590.699151][T13263] IPVS: persistence engine module ip_vs_pe_   not found
[  591.380975][   T50] Bluetooth: hci31: command tx timeout
[  592.614877][   T50] Bluetooth: hci30: command tx timeout
[  592.951009][ T5892] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  593.100771][ T5892] usb 5-1: Using ep0 maxpacket: 8
[  593.102166][ T5892] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  593.102197][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  593.102221][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  593.113351][ T5892] usb 5-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  593.113379][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  593.113414][ T5892] usb 5-1: Product: syz
[  593.113430][ T5892] usb 5-1: Manufacturer: syz
[  593.113444][ T5892] usb 5-1: SerialNumber: syz
[  593.117915][ T5892] usb 5-1: config 0 descriptor??
[  593.120432][ T5892] streamzap 5-1:0.0: streamzap_probe: endpoint Max Packet Size is 0!?!
[  593.328836][ T5958] usb 5-1: USB disconnect, device number 37
[  593.460860][   T50] Bluetooth: hci31: command tx timeout
[  593.701396][T12104] Bluetooth: hci32: unexpected cc 0x0c03 length: 249 > 1
[  593.701834][T12104] Bluetooth: hci32: unexpected cc 0x1003 length: 249 > 9
[  593.702044][T12104] Bluetooth: hci32: unexpected cc 0x1001 length: 249 > 9
[  593.702524][T12104] Bluetooth: hci32: unexpected cc 0x0c23 length: 249 > 4
[  593.702842][T12104] Bluetooth: hci32: unexpected cc 0x0c38 length: 249 > 2
[  593.730108][T13279] lo speed is unknown, defaulting to 1000
[  593.958289][T13279] chnl_net:caif_netlink_parms(): no params data found
[  594.072635][T13279] bridge0: port 1(bridge_slave_0) entered blocking state
[  594.072730][T13279] bridge0: port 1(bridge_slave_0) entered disabled state
[  594.072869][T13279] bridge_slave_0: entered allmulticast mode
[  594.075358][T13279] bridge_slave_0: entered promiscuous mode
[  594.079137][T13279] bridge0: port 2(bridge_slave_1) entered blocking state
[  594.079225][T13279] bridge0: port 2(bridge_slave_1) entered disabled state
[  594.079373][T13279] bridge_slave_1: entered allmulticast mode
[  594.080157][T13279] bridge_slave_1: entered promiscuous mode
[  594.135938][T13279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  594.146231][T13279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  594.206717][T13279] team0: Port device team_slave_0 added
[  594.213316][T13279] team0: Port device team_slave_1 added
[  594.269040][T13279] batman_adv: batadv0: Adding interface: batadv_slave_0
[  594.269055][T13279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  594.269128][T13279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  594.270071][T13279] batman_adv: batadv0: Adding interface: batadv_slave_1
[  594.270083][T13279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  594.270138][T13279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  594.364789][T13279] hsr_slave_0: entered promiscuous mode
[  594.366978][T13279] hsr_slave_1: entered promiscuous mode
[  594.368603][T13279] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  594.368619][T13279] Cannot create hsr debugfs directory
[  594.579573][T13279] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.617387][T13279] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.659921][T13279] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.661019][T12104] Bluetooth: hci30: command tx timeout
[  594.716409][T13279] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.901749][T13279] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  594.904451][T13279] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  594.906774][T13279] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  594.908840][T13279] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  595.007591][T13279] 8021q: adding VLAN 0 to HW filter on device bond0
[  595.016016][   T50] Bluetooth: hci33: unexpected cc 0x0c03 length: 249 > 1
[  595.016202][   T50] Bluetooth: hci33: unexpected cc 0x1003 length: 249 > 9
[  595.016567][   T50] Bluetooth: hci33: unexpected cc 0x1001 length: 249 > 9
[  595.017050][   T50] Bluetooth: hci33: unexpected cc 0x0c23 length: 249 > 4
[  595.017424][   T50] Bluetooth: hci33: unexpected cc 0x0c38 length: 249 > 2
[  595.024262][T13279] 8021q: adding VLAN 0 to HW filter on device team0
[  595.027534][ T1167] bridge0: port 1(bridge_slave_0) entered blocking state
[  595.027581][ T1167] bridge0: port 1(bridge_slave_0) entered forwarding state
[  595.031179][T12721] bridge0: port 2(bridge_slave_1) entered blocking state
[  595.031210][T12721] bridge0: port 2(bridge_slave_1) entered forwarding state
[  595.082251][T13279] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  595.082272][T13279] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  595.100360][T13300] lo speed is unknown, defaulting to 1000
[  595.274244][T13279] 8021q: adding VLAN 0 to HW filter on device batadv0
[  595.318892][T13300] chnl_net:caif_netlink_parms(): no params data found
[  595.339939][T13279] veth0_vlan: entered promiscuous mode
[  595.399021][T13279] veth1_vlan: entered promiscuous mode
[  595.443462][T13279] veth0_macvtap: entered promiscuous mode
[  595.489553][T13279] veth1_macvtap: entered promiscuous mode
[  595.534225][T13300] bridge0: port 1(bridge_slave_0) entered blocking state
[  595.534376][T13300] bridge0: port 1(bridge_slave_0) entered disabled state
[  595.534576][T13300] bridge_slave_0: entered allmulticast mode
[  595.535496][T13300] bridge_slave_0: entered promiscuous mode
[  595.546728][T13300] bridge0: port 2(bridge_slave_1) entered blocking state
[  595.546827][T13300] bridge0: port 2(bridge_slave_1) entered disabled state
[  595.547102][T13300] bridge_slave_1: entered allmulticast mode
[  595.548092][T13300] bridge_slave_1: entered promiscuous mode
[  595.594576][T13279] batman_adv: batadv0: Interface activated: batadv_slave_0
[  595.597150][T13279] batman_adv: batadv0: Interface activated: batadv_slave_1
[  595.599609][T13279] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  595.599640][T13279] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  595.599682][T13279] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  595.599707][T13279] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  595.608256][T13300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  595.619132][T13300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  595.654089][T13300] team0: Port device team_slave_0 added
[  595.655939][T13300] team0: Port device team_slave_1 added
[  595.699009][T13300] batman_adv: batadv0: Adding interface: batadv_slave_0
[  595.699022][T13300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  595.699128][T13300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  595.700460][T13300] batman_adv: batadv0: Adding interface: batadv_slave_1
[  595.700472][T13300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  595.700575][T13300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  595.754116][T13279] ieee80211 phy70: Selected rate control algorithm 'minstrel_ht'
[  595.781450][   T50] Bluetooth: hci32: command tx timeout
[  595.789883][T13300] hsr_slave_0: entered promiscuous mode
[  595.790742][T13300] hsr_slave_1: entered promiscuous mode
[  595.791203][T13300] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  595.791234][T13300] Cannot create hsr debugfs directory
[  595.846276][T13112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  595.846296][T13112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  595.847722][T13279] ieee80211 phy71: Selected rate control algorithm 'minstrel_ht'
[  595.931272][ T2953] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  595.931291][ T2953] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  595.940805][   T50] Bluetooth: hci31: command tx timeout
[  595.995034][T13300] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  596.088804][T13300] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  596.103664][T13321] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  596.124227][T13300] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  596.193867][T13300] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  596.288412][T13300] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  596.292225][T13300] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  596.296022][T13300] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  596.301420][T13300] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  596.357809][T13300] 8021q: adding VLAN 0 to HW filter on device bond0
[  596.365525][T13300] 8021q: adding VLAN 0 to HW filter on device team0
[  596.391467][T13112] bridge0: port 1(bridge_slave_0) entered blocking state
[  596.391519][T13112] bridge0: port 1(bridge_slave_0) entered forwarding state
[  596.392610][T13112] bridge0: port 2(bridge_slave_1) entered blocking state
[  596.392654][T13112] bridge0: port 2(bridge_slave_1) entered forwarding state
[  596.427236][T13300] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  596.427256][T13300] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  596.558003][T13300] 8021q: adding VLAN 0 to HW filter on device batadv0
[  596.604319][T13300] veth0_vlan: entered promiscuous mode
[  596.608371][T13300] veth1_vlan: entered promiscuous mode
[  596.648230][T13300] veth0_macvtap: entered promiscuous mode
[  596.655372][T13300] veth1_macvtap: entered promiscuous mode
[  596.677483][T13300] batman_adv: batadv0: Interface activated: batadv_slave_0
[  596.684469][T13300] batman_adv: batadv0: Interface activated: batadv_slave_1
[  596.692070][T13300] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  596.692103][T13300] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  596.692145][T13300] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  596.692168][T13300] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  596.727542][T13300] ieee80211 phy72: Selected rate control algorithm 'minstrel_ht'
[  596.741357][   T50] Bluetooth: hci30: command tx timeout
[  596.786165][ T9096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  596.786186][ T9096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  596.794694][T13300] ieee80211 phy73: Selected rate control algorithm 'minstrel_ht'
[  596.843978][ T1167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  596.843997][ T1167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  596.903380][T13336] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1730'.
[  597.006189][T13338] 9pnet: Could not find request transport: xen
[  597.045361][T13336] IPVS: persistence engine module ip_vs_pe_   not found
[  597.061274][   T50] Bluetooth: hci33: command tx timeout
[  597.161262][T13345] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  597.161449][T13345] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  597.162595][T13345] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  597.163335][T13345] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  597.177352][T13344] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  597.177389][T13344] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  597.177432][T13344] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  597.177461][T13344] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  597.203194][ T5899] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  597.361008][ T5899] usb 5-1: Using ep0 maxpacket: 32
[  597.362369][ T5899] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  597.364031][ T5899] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  597.364053][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  597.364066][ T5899] usb 5-1: Product: syz
[  597.364074][ T5899] usb 5-1: Manufacturer: syz
[  597.364083][ T5899] usb 5-1: SerialNumber: syz
[  597.364941][ T5899] usb 5-1: config 0 descriptor??
[  597.365503][T13343] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  597.382263][ T5899] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input28
[  597.601856][ T5848] usb 5-1: USB disconnect, device number 38
[  597.601976][    C0] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  597.861086][   T50] Bluetooth: hci32: command tx timeout
[  598.311883][T13349] syzkaller1: entered promiscuous mode
[  598.311903][T13349] syzkaller1: entered allmulticast mode
[  598.324891][   T30] audit: type=1400 audit(1753396134.802:554): avc:  denied  { remount } for  pid=13348 comm="syz.1.1733" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  598.828202][ T5848] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=5848 comm=kworker/0:3
[  598.828292][T13356] 9pnet: p9_errstr2errno: server reported unknown error 184467440737095
[  599.141268][   T50] Bluetooth: hci33: command tx timeout
[  599.638618][T12104] Bluetooth: hci34: unexpected cc 0x0c03 length: 249 > 1
[  599.638808][T12104] Bluetooth: hci34: unexpected cc 0x1003 length: 249 > 9
[  599.638968][T12104] Bluetooth: hci34: unexpected cc 0x1001 length: 249 > 9
[  599.639491][T12104] Bluetooth: hci34: unexpected cc 0x0c23 length: 249 > 4
[  599.639809][T12104] Bluetooth: hci34: unexpected cc 0x0c38 length: 249 > 2
[  599.680429][T13362] lo speed is unknown, defaulting to 1000
[  599.797174][T13362] chnl_net:caif_netlink_parms(): no params data found
[  599.859172][T13362] bridge0: port 1(bridge_slave_0) entered blocking state
[  599.859248][T13362] bridge0: port 1(bridge_slave_0) entered disabled state
[  599.859385][T13362] bridge_slave_0: entered allmulticast mode
[  599.860203][T13362] bridge_slave_0: entered promiscuous mode
[  599.872024][T13362] bridge0: port 2(bridge_slave_1) entered blocking state
[  599.872131][T13362] bridge0: port 2(bridge_slave_1) entered disabled state
[  599.872256][T13362] bridge_slave_1: entered allmulticast mode
[  599.873016][T13362] bridge_slave_1: entered promiscuous mode
[  599.898727][T13362] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  599.903977][T13362] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  599.927084][T13362] team0: Port device team_slave_0 added
[  599.928901][T13362] team0: Port device team_slave_1 added
[  599.941560][T12104] Bluetooth: hci32: command tx timeout
[  599.956841][T13362] batman_adv: batadv0: Adding interface: batadv_slave_0
[  599.956854][T13362] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  599.956953][T13362] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  599.958031][T13362] batman_adv: batadv0: Adding interface: batadv_slave_1
[  599.958043][T13362] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  599.958132][T13362] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  600.005089][T13362] hsr_slave_0: entered promiscuous mode
[  600.005750][T13362] hsr_slave_1: entered promiscuous mode
[  600.006158][T13362] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  600.006172][T13362] Cannot create hsr debugfs directory
[  600.107389][T13362] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  600.107424][T13362] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  600.156483][T13362] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  600.156516][T13362] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  600.335150][T13362] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  600.335185][T13362] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  600.382628][T13362] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  600.382660][T13362] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  600.446761][T13373] FAULT_INJECTION: forcing a failure.
[  600.446761][T13373] name failslab, interval 1, probability 0, space 0, times 0
[  600.446820][T13373] CPU: 1 UID: 0 PID: 13373 Comm: syz.1.1738 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  600.446844][T13373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  600.446855][T13373] Call Trace:
[  600.446861][T13373]  <TASK>
[  600.446868][T13373]  dump_stack_lvl+0x16c/0x1f0
[  600.446889][T13373]  should_fail_ex+0x512/0x640
[  600.446919][T13373]  should_failslab+0xc2/0x120
[  600.446938][T13373]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  600.446962][T13373]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  600.446983][T13373]  ? getname_kernel+0x52/0x370
[  600.447004][T13373]  getname_kernel+0x52/0x370
[  600.447023][T13373]  do_file_open_root+0x19d/0x610
[  600.447040][T13373]  ? __pfx_do_file_open_root+0x10/0x10
[  600.447065][T13373]  ? lock_release+0x201/0x2f0
[  600.447083][T13373]  file_open_root+0x2a7/0x450
[  600.447110][T13373]  ? __pfx_file_open_root+0x10/0x10
[  600.447139][T13373]  do_handle_open+0x9d7/0xb70
[  600.447165][T13373]  ? __pfx_do_handle_open+0x10/0x10
[  600.447190][T13373]  ? ksys_write+0x1ac/0x250
[  600.447217][T13373]  ? do_syscall_64+0xcd/0x4c0
[  600.447234][T13373]  do_syscall_64+0xcd/0x4c0
[  600.447252][T13373]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.447276][T13373] RIP: 0033:0x7f5d7678e9a9
[  600.447290][T13373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  600.447307][T13373] RSP: 002b:00007f5d775cb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[  600.447325][T13373] RAX: ffffffffffffffda RBX: 00007f5d769b6160 RCX: 00007f5d7678e9a9
[  600.447337][T13373] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[  600.447348][T13373] RBP: 00007f5d775cb090 R08: 0000000000000000 R09: 0000000000000000
[  600.447358][T13373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  600.447369][T13373] R13: 0000000000000000 R14: 00007f5d769b6160 R15: 00007fffc2025dc8
[  600.447386][T13373]  </TASK>
[  600.811324][T13362] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  600.814776][T13362] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  600.816932][T13362] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  600.819137][T13362] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  600.900476][T13362] 8021q: adding VLAN 0 to HW filter on device bond0
[  600.914355][T13362] 8021q: adding VLAN 0 to HW filter on device team0
[  600.917397][ T9096] bridge0: port 1(bridge_slave_0) entered blocking state
[  600.917444][ T9096] bridge0: port 1(bridge_slave_0) entered forwarding state
[  600.925660][T12721] bridge0: port 2(bridge_slave_1) entered blocking state
[  600.925724][T12721] bridge0: port 2(bridge_slave_1) entered forwarding state
[  601.221938][T12104] Bluetooth: hci33: command tx timeout
[  601.289821][T13362] 8021q: adding VLAN 0 to HW filter on device batadv0
[  601.363664][T13362] veth0_vlan: entered promiscuous mode
[  601.367953][T13362] veth1_vlan: entered promiscuous mode
[  601.411891][T13362] veth0_macvtap: entered promiscuous mode
[  601.415806][T13362] veth1_macvtap: entered promiscuous mode
[  601.431435][T13362] batman_adv: batadv0: Interface activated: batadv_slave_0
[  601.436170][T13362] batman_adv: batadv0: Interface activated: batadv_slave_1
[  601.439866][T13362] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  601.439895][T13362] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  601.439919][T13362] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  601.439943][T13362] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  601.483600][T13362] ieee80211 phy74: Selected rate control algorithm 'minstrel_ht'
[  601.529775][ T9058] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  601.529795][ T9058] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  601.540146][T13362] ieee80211 phy75: Selected rate control algorithm 'minstrel_ht'
[  601.584153][ T9058] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  601.584171][ T9058] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  601.670313][   T30] audit: type=1400 audit(1753396138.142:555): avc:  denied  { listen } for  pid=13391 comm="syz.3.1737" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  601.701440][T12104] Bluetooth: hci34: command tx timeout
[  602.021383][T12104] Bluetooth: hci32: command tx timeout
[  602.072435][ T5892] usb 4-1: new full-speed USB device number 43 using dummy_hcd
[  602.230930][ T5892] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  602.230957][ T5892] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  602.231995][ T5892] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  602.232035][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  602.232055][ T5892] usb 4-1: SerialNumber: syz
[  602.563935][ T5892] usb 4-1: 0:2 : does not exist
[  602.637794][T13408] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.1747'.
[  602.775463][ T5848] usb 4-1: USB disconnect, device number 43
[  602.810594][T13414] FAULT_INJECTION: forcing a failure.
[  602.810594][T13414] name failslab, interval 1, probability 0, space 0, times 0
[  602.812770][T13414] CPU: 0 UID: 0 PID: 13414 Comm: syz.1.1749 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  602.812796][T13414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  602.812807][T13414] Call Trace:
[  602.812812][T13414]  <TASK>
[  602.812819][T13414]  dump_stack_lvl+0x16c/0x1f0
[  602.812840][T13414]  should_fail_ex+0x512/0x640
[  602.812871][T13414]  ? nla_strdup+0xc6/0x150
[  602.812888][T13414]  should_failslab+0xc2/0x120
[  602.812906][T13414]  __kmalloc_noprof+0xd2/0x510
[  602.812933][T13414]  nla_strdup+0xc6/0x150
[  602.812950][T13414]  nf_tables_newtable+0xdeb/0x1b40
[  602.812977][T13414]  ? __pfx___nla_validate_parse+0x10/0x10
[  602.812998][T13414]  ? __pfx_nf_tables_newtable+0x10/0x10
[  602.813024][T13414]  ? __nla_parse+0x40/0x60
[  602.813044][T13414]  nfnetlink_rcv_batch+0x18ed/0x2330
[  602.813075][T13414]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  602.813099][T13414]  ? rcu_is_watching+0x12/0xc0
[  602.813124][T13414]  ? rcu_is_watching+0x12/0xc0
[  602.813150][T13414]  ? avc_has_perm_noaudit+0x149/0x3b0
[  602.813182][T13414]  ? __nla_parse+0x40/0x60
[  602.813202][T13414]  nfnetlink_rcv+0x3c1/0x430
[  602.813225][T13414]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  602.813251][T13414]  netlink_unicast+0x58d/0x850
[  602.813273][T13414]  ? __pfx_netlink_unicast+0x10/0x10
[  602.813296][T13414]  netlink_sendmsg+0x8d1/0xdd0
[  602.813317][T13414]  ? __pfx_netlink_sendmsg+0x10/0x10
[  602.813341][T13414]  ____sys_sendmsg+0xa98/0xc70
[  602.813362][T13414]  ? copy_msghdr_from_user+0x10a/0x160
[  602.813378][T13414]  ? __pfx_____sys_sendmsg+0x10/0x10
[  602.813398][T13414]  ? __pfx_kstrtouint+0x10/0x10
[  602.813424][T13414]  ? kstrtouint_from_user+0x13c/0x1d0
[  602.813447][T13414]  ___sys_sendmsg+0x134/0x1d0
[  602.813462][T13414]  ? __pfx____sys_sendmsg+0x10/0x10
[  602.813482][T13414]  ? rcu_is_watching+0x12/0xc0
[  602.813512][T13414]  __sys_sendmsg+0x16d/0x220
[  602.813529][T13414]  ? __pfx___sys_sendmsg+0x10/0x10
[  602.813548][T13414]  ? __pfx_handle_softirqs+0x10/0x10
[  602.813578][T13414]  do_syscall_64+0xcd/0x4c0
[  602.813595][T13414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  602.813613][T13414] RIP: 0033:0x7f5d7678e9a9
[  602.813627][T13414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  602.813644][T13414] RSP: 002b:00007f5d7760d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  602.813662][T13414] RAX: ffffffffffffffda RBX: 00007f5d769b5fa0 RCX: 00007f5d7678e9a9
[  602.813674][T13414] RDX: 00000000000000c4 RSI: 00002000000000c0 RDI: 0000000000000003
[  602.813685][T13414] RBP: 00007f5d7760d090 R08: 0000000000000000 R09: 0000000000000000
[  602.813695][T13414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  602.813706][T13414] R13: 0000000000000000 R14: 00007f5d769b5fa0 R15: 00007fffc2025dc8
[  602.813723][T13414]  </TASK>
[  603.001504][T13420] input: syz1 as /devices/virtual/input/input29
[  603.008672][T13420] overlayfs: failed to resolve './file1': -2
[  603.190713][T12267] usb 2-1: new full-speed USB device number 41 using dummy_hcd
[  603.300910][T12104] Bluetooth: hci33: command tx timeout
[  603.366066][T12267] usb 2-1: config index 0 descriptor too short (expected 9, got 0)
[  603.366089][T12267] usb 2-1: can't read configurations, error -22
[  603.501073][T12267] usb 2-1: new full-speed USB device number 42 using dummy_hcd
[  603.611295][ T5958] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  603.660928][T12267] usb 2-1: config index 0 descriptor too short (expected 9, got 0)
[  603.660957][T12267] usb 2-1: can't read configurations, error -22
[  603.661108][T12267] usb usb2-port1: attempt power cycle
[  603.724255][T13424] caif:caif_disconnect_client(): nothing to disconnect
[  603.763672][ T5958] usb 4-1: Using ep0 maxpacket: 8
[  603.765155][ T5958] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  603.765182][ T5958] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  603.765205][ T5958] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  603.766651][ T5958] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  603.766675][ T5958] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  603.766693][ T5958] usb 4-1: Product: syz
[  603.766707][ T5958] usb 4-1: Manufacturer: syz
[  603.766721][ T5958] usb 4-1: SerialNumber: syz
[  603.767812][ T5958] usb 4-1: config 0 descriptor??
[  603.772343][ T5958] streamzap 4-1:0.0: streamzap_probe: endpoint Max Packet Size is 0!?!
[  603.780982][T12104] Bluetooth: hci34: command tx timeout
[  604.011122][T12267] usb 2-1: new full-speed USB device number 43 using dummy_hcd
[  604.023014][ T5885] usb 4-1: USB disconnect, device number 44
[  604.043949][T12267] usb 2-1: config index 0 descriptor too short (expected 9, got 0)
[  604.043979][T12267] usb 2-1: can't read configurations, error -22
[  604.180987][T12267] usb 2-1: new full-speed USB device number 44 using dummy_hcd
[  604.204269][T12267] usb 2-1: config index 0 descriptor too short (expected 9, got 0)
[  604.204304][T12267] usb 2-1: can't read configurations, error -22
[  604.204445][T12267] usb usb2-port1: unable to enumerate USB device
[  604.748931][T13438] netlink: 'syz.0.1758': attribute type 72 has an invalid length.
[  605.399484][   T13] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  605.730683][ T5831] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  605.861905][T12104] Bluetooth: hci34: command tx timeout
[  605.880695][ T5831] usb 4-1: Using ep0 maxpacket: 8
[  605.885827][ T5831] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  605.885852][ T5831] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  605.885866][ T5831] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  605.888934][ T5831] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  605.888960][ T5831] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  605.888978][ T5831] usb 4-1: Product: syz
[  605.888992][ T5831] usb 4-1: Manufacturer: syz
[  605.889006][ T5831] usb 4-1: SerialNumber: syz
[  605.890233][ T5831] usb 4-1: config 0 descriptor??
[  605.914733][ T5831] streamzap 4-1:0.0: streamzap_probe: endpoint Max Packet Size is 0!?!
[  606.021585][T13450] xt_SECMARK: invalid mode: 2
[  606.021658][T13450] xt_SECMARK: invalid mode: 2
[  606.021717][T13450] xt_SECMARK: invalid mode: 2
[  606.021773][T13450] xt_SECMARK: invalid mode: 2
[  606.021831][T13450] xt_SECMARK: invalid mode: 2
[  606.021886][T13450] xt_SECMARK: invalid mode: 2
[  606.021945][T13450] xt_SECMARK: invalid mode: 2
[  606.022001][T13450] xt_SECMARK: invalid mode: 2
[  606.022059][T13450] xt_SECMARK: invalid mode: 2
[  606.022117][T13450] xt_SECMARK: invalid mode: 2
[  606.105244][ T5831] usb 4-1: USB disconnect, device number 45
[  606.474598][ T5885] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=5885 comm=kworker/0:4
[  606.501072][T13457] 9pnet: p9_errstr2errno: server reported unknown error 18446744073709
[  606.884621][T13465] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1765'.
[  606.893668][T13465] input: syz1 as /devices/virtual/input/input30
[  606.893694][T13465] input: failed to attach handler leds to device input30, error: -6
[  607.091147][   T50] Bluetooth: hci35: unexpected cc 0x0c03 length: 249 > 1
[  607.091805][   T50] Bluetooth: hci35: unexpected cc 0x1003 length: 249 > 9
[  607.091978][   T50] Bluetooth: hci35: unexpected cc 0x1001 length: 249 > 9
[  607.092513][   T50] Bluetooth: hci35: unexpected cc 0x0c23 length: 249 > 4
[  607.092880][   T50] Bluetooth: hci35: unexpected cc 0x0c38 length: 249 > 2
[  607.126842][T13468] lo speed is unknown, defaulting to 1000
[  607.240702][T12698] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  607.287643][T13468] chnl_net:caif_netlink_parms(): no params data found
[  607.353938][T13468] bridge0: port 1(bridge_slave_0) entered blocking state
[  607.354181][T13468] bridge0: port 1(bridge_slave_0) entered disabled state
[  607.354312][T13468] bridge_slave_0: entered allmulticast mode
[  607.355358][T13468] bridge_slave_0: entered promiscuous mode
[  607.356807][T13468] bridge0: port 2(bridge_slave_1) entered blocking state
[  607.357016][T13468] bridge0: port 2(bridge_slave_1) entered disabled state
[  607.357230][T13468] bridge_slave_1: entered allmulticast mode
[  607.358190][T13468] bridge_slave_1: entered promiscuous mode
[  607.384805][T13468] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  607.387181][T13468] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  607.394242][T12698] usb 4-1: Using ep0 maxpacket: 8
[  607.395376][T12698] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  607.395405][T12698] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  607.395429][T12698] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  607.396870][T12698] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  607.396893][T12698] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  607.396912][T12698] usb 4-1: Product: syz
[  607.396926][T12698] usb 4-1: Manufacturer: syz
[  607.396940][T12698] usb 4-1: SerialNumber: syz
[  607.397964][T12698] usb 4-1: config 0 descriptor??
[  607.399827][T12698] streamzap 4-1:0.0: streamzap_probe: endpoint Max Packet Size is 0!?!
[  607.430229][T13468] team0: Port device team_slave_0 added
[  607.435611][T13468] team0: Port device team_slave_1 added
[  607.477225][T13468] batman_adv: batadv0: Adding interface: batadv_slave_0
[  607.477240][T13468] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  607.477336][T13468] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  607.479226][T13468] batman_adv: batadv0: Adding interface: batadv_slave_1
[  607.479239][T13468] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  607.479314][T13468] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  607.527359][T13468] hsr_slave_0: entered promiscuous mode
[  607.528345][T13468] hsr_slave_1: entered promiscuous mode
[  607.528961][T13468] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  607.528975][T13468] Cannot create hsr debugfs directory
[  607.606737][ T5885] usb 4-1: USB disconnect, device number 46
[  607.635713][T13468] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.669492][T13468] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.719894][T13468] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.768495][T13468] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.865956][T13468] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  607.868737][T13468] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  607.875361][T13468] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  607.880089][T13468] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  607.903366][T13468] bridge0: port 2(bridge_slave_1) entered blocking state
[  607.903426][T13468] bridge0: port 2(bridge_slave_1) entered forwarding state
[  607.903560][T13468] bridge0: port 1(bridge_slave_0) entered blocking state
[  607.903625][T13468] bridge0: port 1(bridge_slave_0) entered forwarding state
[  607.941396][T12104] Bluetooth: hci34: command tx timeout
[  607.958166][T13468] 8021q: adding VLAN 0 to HW filter on device bond0
[  607.966725][T12521] bridge0: port 1(bridge_slave_0) entered disabled state
[  607.967184][T12521] bridge0: port 2(bridge_slave_1) entered disabled state
[  607.976964][T13468] 8021q: adding VLAN 0 to HW filter on device team0
[  607.981946][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  607.982007][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  607.987205][ T2953] bridge0: port 2(bridge_slave_1) entered blocking state
[  607.987257][ T2953] bridge0: port 2(bridge_slave_1) entered forwarding state
[  608.311640][T13468] 8021q: adding VLAN 0 to HW filter on device batadv0
[  608.433570][T13468] veth0_vlan: entered promiscuous mode
[  608.437571][T13468] veth1_vlan: entered promiscuous mode
[  608.451985][T13468] veth0_macvtap: entered promiscuous mode
[  608.458157][T13468] veth1_macvtap: entered promiscuous mode
[  608.476641][T13468] batman_adv: batadv0: Interface activated: batadv_slave_0
[  608.481935][T13468] batman_adv: batadv0: Interface activated: batadv_slave_1
[  608.484743][T13468] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  608.484764][T13468] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  608.484779][T13468] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  608.484794][T13468] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  608.514489][T13468] ieee80211 phy76: Selected rate control algorithm 'minstrel_ht'
[  608.534149][ T7164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  608.534165][ T7164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  608.537505][T13468] ieee80211 phy77: Selected rate control algorithm 'minstrel_ht'
[  608.564021][ T7164] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  608.564039][ T7164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  608.607821][   T30] audit: type=1400 audit(1753396145.082:556): avc:  denied  { read } for  pid=13497 comm="syz.7.1766" name="file0" dev="tmpfs" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  609.144688][ T5836] Bluetooth: hci35: command tx timeout
[  609.620772][ T5958] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  609.784149][ T5958] usb 4-1: Using ep0 maxpacket: 8
[  609.785516][ T5958] usb 4-1: config 2 has an invalid interface number: 31 but max is 0
[  609.785540][ T5958] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  609.785557][ T5958] usb 4-1: config 2 has no interface number 0
[  609.785578][ T5958] usb 4-1: config 2 interface 31 has no altsetting 0
[  609.787059][ T5958] usb 4-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  609.787083][ T5958] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  609.787102][ T5958] usb 4-1: Product: syz
[  609.787116][ T5958] usb 4-1: Manufacturer: syz
[  609.787129][ T5958] usb 4-1: SerialNumber: syz
[  609.790132][ T5958] ch9200 4-1:2.31: probe with driver ch9200 failed with error -22
[  610.580857][   T50] Bluetooth: hci5: command 0x0406 tx timeout
[  611.220786][T12104] Bluetooth: hci35: command tx timeout
[  612.333645][ T5885] usb 4-1: USB disconnect, device number 47
[  612.407278][T13513] program syz.3.1773 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  613.301011][T12104] Bluetooth: hci35: command tx timeout
[  614.100159][ T5841] Bluetooth: hci36: unexpected cc 0x0c03 length: 249 > 1
[  614.100353][ T5841] Bluetooth: hci36: unexpected cc 0x1003 length: 249 > 9
[  614.100518][ T5841] Bluetooth: hci36: unexpected cc 0x1001 length: 249 > 9
[  614.101225][ T5841] Bluetooth: hci36: unexpected cc 0x0c23 length: 249 > 4
[  614.102262][ T5841] Bluetooth: hci36: unexpected cc 0x0c38 length: 249 > 2
[  614.117022][T13523] lo speed is unknown, defaulting to 1000
[  614.226091][T13523] chnl_net:caif_netlink_parms(): no params data found
[  614.286872][T13523] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.287085][T13523] bridge0: port 1(bridge_slave_0) entered disabled state
[  614.287216][T13523] bridge_slave_0: entered allmulticast mode
[  614.288786][T13523] bridge_slave_0: entered promiscuous mode
[  614.290384][T13523] bridge0: port 2(bridge_slave_1) entered blocking state
[  614.290564][T13523] bridge0: port 2(bridge_slave_1) entered disabled state
[  614.292259][T13523] bridge_slave_1: entered allmulticast mode
[  614.294435][T13523] bridge_slave_1: entered promiscuous mode
[  614.321512][T13523] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  614.323877][T13523] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  614.373275][T13523] team0: Port device team_slave_0 added
[  614.374969][T13523] team0: Port device team_slave_1 added
[  614.389183][T13523] batman_adv: batadv0: Adding interface: batadv_slave_0
[  614.389196][T13523] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  614.389296][T13523] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  614.390284][T13523] batman_adv: batadv0: Adding interface: batadv_slave_1
[  614.390297][T13523] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  614.390384][T13523] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  614.424821][T13523] hsr_slave_0: entered promiscuous mode
[  614.425715][T13523] hsr_slave_1: entered promiscuous mode
[  614.426165][T13523] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  614.426178][T13523] Cannot create hsr debugfs directory
[  614.485556][T13523] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  614.514783][T13523] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  614.517553][T13536] ptrace attach of "./syz-executor exec"[13362] was attempted by "./syz-executor exec"[13536]
[  614.571303][T13536] batadv1: entered promiscuous mode
[  614.572474][T13536] 8021q: adding VLAN 0 to HW filter on device batadv1
[  614.604570][T13523] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  614.645621][T13523] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  614.718065][T13523] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  614.724210][T13523] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  614.726529][T13523] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  614.729170][T13523] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  614.747848][T13523] bridge0: port 2(bridge_slave_1) entered blocking state
[  614.747881][T13523] bridge0: port 2(bridge_slave_1) entered forwarding state
[  614.747984][T13523] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.748011][T13523] bridge0: port 1(bridge_slave_0) entered forwarding state
[  614.790592][T13523] 8021q: adding VLAN 0 to HW filter on device bond0
[  614.801274][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  614.801920][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  614.807441][T13523] 8021q: adding VLAN 0 to HW filter on device team0
[  614.821440][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.821495][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  614.836214][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  614.836266][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  615.110236][T13523] 8021q: adding VLAN 0 to HW filter on device batadv0
[  615.380945][T13524] Bluetooth: hci35: command tx timeout
[  615.421129][T13523] veth0_vlan: entered promiscuous mode
[  615.424539][T13523] veth1_vlan: entered promiscuous mode
[  615.440090][T13523] veth0_macvtap: entered promiscuous mode
[  615.442650][T13523] veth1_macvtap: entered promiscuous mode
[  615.450434][T13523] batman_adv: batadv0: Interface activated: batadv_slave_0
[  615.452786][T13523] batman_adv: batadv0: Interface activated: batadv_slave_1
[  615.454659][T13523] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  615.454689][T13523] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  615.454713][T13523] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  615.454738][T13523] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  615.475849][T13523] ieee80211 phy78: Selected rate control algorithm 'minstrel_ht'
[  615.524106][T13523] ieee80211 phy79: Selected rate control algorithm 'minstrel_ht'
[  615.526473][ T1167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  615.526488][ T1167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  615.848819][ T5836] Bluetooth: hci6: command 0x0406 tx timeout
[  615.848855][ T5836] Bluetooth: hci7: command 0x0406 tx timeout
[  615.906379][ T7164] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  615.906397][ T7164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  615.952833][   T30] audit: type=1326 audit(1753396152.432:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13560 comm="syz.8.1776" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f49efb8e9a9 code=0x0
[  616.181688][   T50] Bluetooth: hci36: command tx timeout
[  617.180812][T12698] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  617.330715][T12698] usb 9-1: Using ep0 maxpacket: 16
[  617.332406][T12698] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  617.332438][T12698] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  617.332463][T12698] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  617.332482][T12698] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  617.332502][T12698] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  617.333518][T12698] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  617.333540][T12698] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  617.333557][T12698] usb 9-1: Manufacturer: syz
[  617.337963][T12698] usb 9-1: config 0 descriptor??
[  617.595310][T12698] rc_core: IR keymap rc-hauppauge not found
[  617.595329][T12698] Registered IR keymap rc-empty
[  617.595395][T12698] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  617.611038][T12698] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  617.636180][T12698] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0
[  617.636990][T12698] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0/input31
[  617.639177][T12698] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  617.661059][T12698] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  617.683102][T12698] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  617.706173][T12698] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  617.721843][T12698] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  617.750855][T12698] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  617.771195][T12698] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  617.791069][T12698] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  617.810955][T12698] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  617.841174][T12698] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  617.861834][T12698] mceusb 9-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  617.861875][T12698] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  617.978655][   T30] audit: type=1326 audit(1753396154.452:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13577 comm="syz.8.1783" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f49efb8e9a9 code=0x0
[  618.260981][   T50] Bluetooth: hci36: command tx timeout
[  619.961156][    T9] usb 9-1: USB disconnect, device number 2
[  620.340879][ T5841] Bluetooth: hci36: command tx timeout
[  620.427491][T13590] loop4: detected capacity change from 0 to 2560
[  620.434659][T13590] Buffer I/O error on dev loop4, logical block 0, lost async page write
[  620.434721][T13590] Buffer I/O error on dev loop4, logical block 1, lost async page write
[  620.434765][T13590] Buffer I/O error on dev loop4, logical block 2, lost async page write
[  620.434808][T13590] Buffer I/O error on dev loop4, logical block 3, lost async page write
[  620.435074][T13590] Buffer I/O error on dev loop4, logical block 4, lost async page write
[  620.435127][T13590] Buffer I/O error on dev loop4, logical block 5, lost async page write
[  620.435171][T13590] Buffer I/O error on dev loop4, logical block 6, lost async page write
[  620.435270][T13590] Buffer I/O error on dev loop4, logical block 7, lost async page write
[  620.435317][T13590] Buffer I/O error on dev loop4, logical block 8, lost async page write
[  620.435362][T13590] Buffer I/O error on dev loop4, logical block 9, lost async page write
[  620.599699][T13594] ptrace attach of "./syz-executor exec"[13523] was attempted by "./syz-executor exec"[13594]
[  620.712986][T13597] FAULT_INJECTION: forcing a failure.
[  620.712986][T13597] name failslab, interval 1, probability 0, space 0, times 0
[  620.713051][T13597] CPU: 0 UID: 0 PID: 13597 Comm: syz.8.1789 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  620.713075][T13597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  620.713087][T13597] Call Trace:
[  620.713093][T13597]  <TASK>
[  620.713100][T13597]  dump_stack_lvl+0x16c/0x1f0
[  620.713121][T13597]  should_fail_ex+0x512/0x640
[  620.713153][T13597]  should_failslab+0xc2/0x120
[  620.713173][T13597]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  620.713200][T13597]  ? alloc_empty_file+0x55/0x1e0
[  620.713223][T13597]  alloc_empty_file+0x55/0x1e0
[  620.713244][T13597]  path_openat+0xda/0x2cb0
[  620.713270][T13597]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  620.713292][T13597]  ? __pfx_path_openat+0x10/0x10
[  620.713321][T13597]  do_filp_open+0x20b/0x470
[  620.713353][T13597]  ? __pfx_do_filp_open+0x10/0x10
[  620.713387][T13597]  ? alloc_fd+0x471/0x7d0
[  620.713416][T13597]  do_sys_openat2+0x11b/0x1d0
[  620.713436][T13597]  ? __pfx_do_sys_openat2+0x10/0x10
[  620.713457][T13597]  ? __fget_files+0x20e/0x3c0
[  620.713475][T13597]  __x64_sys_openat+0x174/0x210
[  620.713496][T13597]  ? __pfx___x64_sys_openat+0x10/0x10
[  620.713516][T13597]  ? ksys_write+0x1ac/0x250
[  620.713545][T13597]  do_syscall_64+0xcd/0x4c0
[  620.713564][T13597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  620.713582][T13597] RIP: 0033:0x7f49efb8e9a9
[  620.713596][T13597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  620.713613][T13597] RSP: 002b:00007f49f092e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  620.713631][T13597] RAX: ffffffffffffffda RBX: 00007f49efdb6080 RCX: 00007f49efb8e9a9
[  620.713644][T13597] RDX: 0000000000000202 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  620.713655][T13597] RBP: 00007f49f092e090 R08: 0000000000000000 R09: 0000000000000000
[  620.713666][T13597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  620.713677][T13597] R13: 0000000000000000 R14: 00007f49efdb6080 R15: 00007ffcc60fe208
[  620.713694][T13597]  </TASK>
[  620.821243][ T5841] Bluetooth: hci9: command 0x0406 tx timeout
[  620.821280][ T5841] Bluetooth: hci8: command 0x0406 tx timeout
[  621.755370][T13524] Bluetooth: hci37: unexpected cc 0x0c03 length: 249 > 1
[  621.756907][T13524] Bluetooth: hci37: unexpected cc 0x1003 length: 249 > 9
[  621.757158][T13524] Bluetooth: hci37: unexpected cc 0x1001 length: 249 > 9
[  621.760345][T13524] Bluetooth: hci37: unexpected cc 0x0c23 length: 249 > 4
[  621.762458][T13524] Bluetooth: hci37: unexpected cc 0x0c38 length: 249 > 2
[  621.802837][T13604] lo speed is unknown, defaulting to 1000
[  621.811775][T13524] Bluetooth: hci38: unexpected cc 0x0c03 length: 249 > 1
[  621.816808][T13524] Bluetooth: hci38: unexpected cc 0x1003 length: 249 > 9
[  621.817831][T13524] Bluetooth: hci38: unexpected cc 0x1001 length: 249 > 9
[  621.825971][T13524] Bluetooth: hci38: unexpected cc 0x0c23 length: 249 > 4
[  621.827734][T13524] Bluetooth: hci38: unexpected cc 0x0c38 length: 249 > 2
[  621.895394][T13606] lo speed is unknown, defaulting to 1000
[  621.930817][T13511] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  622.009694][T13604] chnl_net:caif_netlink_parms(): no params data found
[  622.030450][T13606] chnl_net:caif_netlink_parms(): no params data found
[  622.063203][T13604] bridge0: port 1(bridge_slave_0) entered blocking state
[  622.063571][T13604] bridge0: port 1(bridge_slave_0) entered disabled state
[  622.063769][T13604] bridge_slave_0: entered allmulticast mode
[  622.064847][T13604] bridge_slave_0: entered promiscuous mode
[  622.075201][T13604] bridge0: port 2(bridge_slave_1) entered blocking state
[  622.075381][T13604] bridge0: port 2(bridge_slave_1) entered disabled state
[  622.075497][T13604] bridge_slave_1: entered allmulticast mode
[  622.076039][T13604] bridge_slave_1: entered promiscuous mode
[  622.089154][T13511] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  622.089208][T13511] usb 9-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  622.089227][T13511] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  622.096348][T13511] usb 9-1: config 0 descriptor??
[  622.108161][T13606] bridge0: port 1(bridge_slave_0) entered blocking state
[  622.108361][T13606] bridge0: port 1(bridge_slave_0) entered disabled state
[  622.108516][T13606] bridge_slave_0: entered allmulticast mode
[  622.109251][T13606] bridge_slave_0: entered promiscuous mode
[  622.113164][T13604] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  622.115545][T13604] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  622.128106][T13606] bridge0: port 2(bridge_slave_1) entered blocking state
[  622.128278][T13606] bridge0: port 2(bridge_slave_1) entered disabled state
[  622.128389][T13606] bridge_slave_1: entered allmulticast mode
[  622.129453][T13606] bridge_slave_1: entered promiscuous mode
[  622.131603][T13604] team0: Port device team_slave_0 added
[  622.139889][T13604] team0: Port device team_slave_1 added
[  622.154254][T13606] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  622.161521][T13604] batman_adv: batadv0: Adding interface: batadv_slave_0
[  622.161536][T13604] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  622.161641][T13604] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  622.163589][T13606] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  622.168587][T13604] batman_adv: batadv0: Adding interface: batadv_slave_1
[  622.168599][T13604] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  622.168708][T13604] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  622.177374][T13606] team0: Port device team_slave_0 added
[  622.200133][T13606] team0: Port device team_slave_1 added
[  622.218064][T13604] hsr_slave_0: entered promiscuous mode
[  622.218802][T13604] hsr_slave_1: entered promiscuous mode
[  622.219271][T13604] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  622.219283][T13604] Cannot create hsr debugfs directory
[  622.225761][T13606] batman_adv: batadv0: Adding interface: batadv_slave_0
[  622.225774][T13606] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  622.225871][T13606] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  622.226920][T13606] batman_adv: batadv0: Adding interface: batadv_slave_1
[  622.226930][T13606] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  622.227001][T13606] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  622.265296][T13606] hsr_slave_0: entered promiscuous mode
[  622.265905][T13606] hsr_slave_1: entered promiscuous mode
[  622.266287][T13606] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  622.266299][T13606] Cannot create hsr debugfs directory
[  622.330582][T13604] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.375258][T13604] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.421837][   T50] Bluetooth: hci36: command tx timeout
[  622.426465][T13604] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.474564][T13604] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.503772][T13511] keytouch 0003:0926:3333.0017: fixing up Keytouch IEC report descriptor
[  622.510830][T13511] input: HID 0926:3333 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:0926:3333.0017/input/input32
[  622.550892][T13606] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  622.550922][T13606] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.552191][T13604] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  622.553853][T13604] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  622.555512][T13604] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  622.557271][T13604] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  622.576474][T13604] bridge0: port 2(bridge_slave_1) entered blocking state
[  622.576520][T13604] bridge0: port 2(bridge_slave_1) entered forwarding state
[  622.576622][T13604] bridge0: port 1(bridge_slave_0) entered blocking state
[  622.576662][T13604] bridge0: port 1(bridge_slave_0) entered forwarding state
[  622.589159][T13606] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  622.589187][T13606] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.606072][T13511] keytouch 0003:0926:3333.0017: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.8-1/input0
[  622.650471][T13604] 8021q: adding VLAN 0 to HW filter on device bond0
[  622.655950][ T1050] bridge0: port 1(bridge_slave_0) entered disabled state
[  622.656353][ T1050] bridge0: port 2(bridge_slave_1) entered disabled state
[  622.670359][T13604] 8021q: adding VLAN 0 to HW filter on device team0
[  622.674204][T13606] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  622.674224][T13606] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.678079][ T2953] bridge0: port 1(bridge_slave_0) entered blocking state
[  622.678122][ T2953] bridge0: port 1(bridge_slave_0) entered forwarding state
[  622.684352][ T2953] bridge0: port 2(bridge_slave_1) entered blocking state
[  622.684401][ T2953] bridge0: port 2(bridge_slave_1) entered forwarding state
[  622.714921][T13604] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  622.717409][T13603] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  622.717663][T13603] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  622.736703][T13606] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  622.736736][T13606] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.847511][T13606] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  622.851962][T13606] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  622.853894][T13606] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  622.855510][T13606] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  622.862124][T13604] 8021q: adding VLAN 0 to HW filter on device batadv0
[  622.929632][T13606] 8021q: adding VLAN 0 to HW filter on device bond0
[  622.944430][T13606] 8021q: adding VLAN 0 to HW filter on device team0
[  622.947849][ T2953] bridge0: port 1(bridge_slave_0) entered blocking state
[  622.947901][ T2953] bridge0: port 1(bridge_slave_0) entered forwarding state
[  622.957053][ T2953] bridge0: port 2(bridge_slave_1) entered blocking state
[  622.957104][ T2953] bridge0: port 2(bridge_slave_1) entered forwarding state
[  622.986218][T13606] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  622.986240][T13606] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  623.032361][T12267] usb 9-1: USB disconnect, device number 3
[  623.044973][T13626] fido_id[13626]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/9-1/report_descriptor': No such file or directory
[  623.167816][T13606] 8021q: adding VLAN 0 to HW filter on device batadv0
[  623.169809][T13604] veth0_vlan: entered promiscuous mode
[  623.177114][T13604] veth1_vlan: entered promiscuous mode
[  623.200257][T13604] veth0_macvtap: entered promiscuous mode
[  623.208323][T13604] veth1_macvtap: entered promiscuous mode
[  623.232766][T13604] batman_adv: batadv0: Interface activated: batadv_slave_0
[  623.239357][T13604] batman_adv: batadv0: Interface activated: batadv_slave_1
[  623.243516][T13604] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  623.243544][T13604] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  623.243568][T13604] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  623.243609][T13604] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  623.275260][T13604] ieee80211 phy80: Selected rate control algorithm 'minstrel_ht'
[  623.300486][ T1050] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  623.300505][ T1050] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  623.309839][T13604] ieee80211 phy81: Selected rate control algorithm 'minstrel_ht'
[  623.357549][T12517] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  623.357568][T12517] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  623.376026][T13606] veth0_vlan: entered promiscuous mode
[  623.379539][T13606] veth1_vlan: entered promiscuous mode
[  623.399548][T13606] veth0_macvtap: entered promiscuous mode
[  623.407082][T13606] veth1_macvtap: entered promiscuous mode
[  623.435615][T13606] batman_adv: batadv0: Interface activated: batadv_slave_0
[  623.456105][T13606] batman_adv: batadv0: Interface activated: batadv_slave_1
[  623.459260][T13606] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  623.459290][T13606] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  623.459312][T13606] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  623.459335][T13606] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  623.521850][T13606] ieee80211 phy82: Selected rate control algorithm 'minstrel_ht'
[  623.596325][T13606] ieee80211 phy83: Selected rate control algorithm 'minstrel_ht'
[  623.610859][T12521] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  623.610876][T12521] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  623.783341][   T50] Bluetooth: hci37: command tx timeout
[  623.846444][T12521] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  623.846464][T12521] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  623.873687][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  623.873728][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  623.878623][   T50] Bluetooth: hci38: command tx timeout
[  624.081069][T13670] FAULT_INJECTION: forcing a failure.
[  624.081069][T13670] name failslab, interval 1, probability 0, space 0, times 0
[  624.081163][T13670] CPU: 0 UID: 0 PID: 13670 Comm: syz.5.1797 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  624.081187][T13670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  624.081198][T13670] Call Trace:
[  624.081203][T13670]  <TASK>
[  624.081210][T13670]  dump_stack_lvl+0x16c/0x1f0
[  624.081231][T13670]  should_fail_ex+0x512/0x640
[  624.081263][T13670]  should_failslab+0xc2/0x120
[  624.081282][T13670]  __kmalloc_cache_noprof+0x6a/0x3e0
[  624.081305][T13670]  ? do_kexec_load+0x88/0x8d0
[  624.081326][T13670]  ? do_kimage_alloc_init+0x40/0x350
[  624.081347][T13670]  do_kimage_alloc_init+0x40/0x350
[  624.081366][T13670]  do_kexec_load+0x1fd/0x8d0
[  624.081387][T13670]  ? __pfx_do_kexec_load+0x10/0x10
[  624.081410][T13670]  ? _copy_from_user+0x59/0xd0
[  624.081428][T13670]  __x64_sys_kexec_load+0x1bf/0x230
[  624.081450][T13670]  do_syscall_64+0xcd/0x4c0
[  624.081468][T13670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.081486][T13670] RIP: 0033:0x7f6b32f8e9a9
[  624.081501][T13670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  624.081518][T13670] RSP: 002b:00007f6b30dd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6
[  624.081535][T13670] RAX: ffffffffffffffda RBX: 00007f6b331b6160 RCX: 00007f6b32f8e9a9
[  624.081548][T13670] RDX: 0000200000000180 RSI: 0000000000000001 RDI: 0000000000000000
[  624.081558][T13670] RBP: 00007f6b30dd5090 R08: 0000000000000000 R09: 0000000000000000
[  624.081569][T13670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  624.081580][T13670] R13: 0000000000000000 R14: 00007f6b331b6160 R15: 00007fff762a3888
[  624.081596][T13670]  </TASK>
[  624.455643][T13672] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  624.457003][T13672] batman_adv: batadv0: Removing interface: batadv_slave_0
[  624.469817][T13672] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  624.470499][T13672] batman_adv: batadv0: Removing interface: batadv_slave_1
[  625.009990][   T30] audit: type=1400 audit(1753396161.472:559): avc:  denied  { watch_mount } for  pid=13677 comm="syz.5.1800" path="/5" dev="tmpfs" ino=38 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  625.204372][T13524] Bluetooth: hci39: unexpected cc 0x0c03 length: 249 > 1
[  625.204568][T13524] Bluetooth: hci39: unexpected cc 0x1003 length: 249 > 9
[  625.204753][T13524] Bluetooth: hci39: unexpected cc 0x1001 length: 249 > 9
[  625.205209][T13524] Bluetooth: hci39: unexpected cc 0x0c23 length: 249 > 4
[  625.205532][T13524] Bluetooth: hci39: unexpected cc 0x0c38 length: 249 > 2
[  625.226622][T13684] lo speed is unknown, defaulting to 1000
[  625.606184][T13684] chnl_net:caif_netlink_parms(): no params data found
[  625.639064][T13684] bridge0: port 1(bridge_slave_0) entered blocking state
[  625.639133][T13684] bridge0: port 1(bridge_slave_0) entered disabled state
[  625.639340][T13684] bridge_slave_0: entered allmulticast mode
[  625.639997][T13684] bridge_slave_0: entered promiscuous mode
[  625.642919][T13684] bridge0: port 2(bridge_slave_1) entered blocking state
[  625.643004][T13684] bridge0: port 2(bridge_slave_1) entered disabled state
[  625.643149][T13684] bridge_slave_1: entered allmulticast mode
[  625.643743][T13684] bridge_slave_1: entered promiscuous mode
[  625.654857][T13684] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  625.657311][T13684] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  625.672427][T13684] team0: Port device team_slave_0 added
[  625.674407][T13684] team0: Port device team_slave_1 added
[  625.687699][T13684] batman_adv: batadv0: Adding interface: batadv_slave_0
[  625.687713][T13684] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  625.687806][T13684] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  625.688665][T13684] batman_adv: batadv0: Adding interface: batadv_slave_1
[  625.688673][T13684] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  625.688769][T13684] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  625.708706][T13684] hsr_slave_0: entered promiscuous mode
[  625.710054][T13684] hsr_slave_1: entered promiscuous mode
[  625.711185][T13684] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  625.711206][T13684] Cannot create hsr debugfs directory
[  625.764135][T13684] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  625.815648][T13684] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  625.855611][T13684] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  625.863163][   T50] Bluetooth: hci37: command tx timeout
[  625.937683][T13684] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  625.940900][   T50] Bluetooth: hci38: command tx timeout
[  626.023813][T13695] F2FS-fs (loop6): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  626.023866][T13695] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  626.024145][T13695] F2FS-fs (loop6): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  626.024179][T13695] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock
[  626.296408][T13684] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  626.308471][T13684] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  626.313621][T13684] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  626.315485][T13684] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  626.478806][T13684] 8021q: adding VLAN 0 to HW filter on device bond0
[  626.493944][T13684] 8021q: adding VLAN 0 to HW filter on device team0
[  626.502297][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  626.502351][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  626.511990][T12517] bridge0: port 2(bridge_slave_1) entered blocking state
[  626.512041][T12517] bridge0: port 2(bridge_slave_1) entered forwarding state
[  626.834760][T13684] 8021q: adding VLAN 0 to HW filter on device batadv0
[  627.119978][T13684] veth0_vlan: entered promiscuous mode
[  627.128748][T13684] veth1_vlan: entered promiscuous mode
[  627.141622][T13684] veth0_macvtap: entered promiscuous mode
[  627.146023][T13684] veth1_macvtap: entered promiscuous mode
[  627.152958][T13684] batman_adv: batadv0: Interface activated: batadv_slave_0
[  627.157462][T13684] batman_adv: batadv0: Interface activated: batadv_slave_1
[  627.160163][T13684] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  627.160183][T13684] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  627.160207][T13684] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  627.160230][T13684] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  627.178789][T13684] ieee80211 phy84: Selected rate control algorithm 'minstrel_ht'
[  627.217913][T13684] ieee80211 phy85: Selected rate control algorithm 'minstrel_ht'
[  627.218035][ T9058] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  627.218064][ T9058] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  627.220893][   T50] Bluetooth: hci39: command tx timeout
[  627.246535][ T1167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  627.246556][ T1167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  627.520705][ T5885] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  627.671840][ T5885] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  627.671878][ T5885] usb 10-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  627.671898][ T5885] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  627.672830][ T5885] usb 10-1: config 0 descriptor??
[  627.941773][   T50] Bluetooth: hci37: command tx timeout
[  628.021173][   T50] Bluetooth: hci38: command tx timeout
[  628.081023][ T5885] keytouch 0003:0926:3333.0018: fixing up Keytouch IEC report descriptor
[  628.084387][ T5885] input: HID 0926:3333 as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:0926:3333.0018/input/input33
[  628.148205][ T5885] keytouch 0003:0926:3333.0018: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.9-1/input0
[  628.297711][T13717] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  628.297909][T13717] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  628.635735][T12197] usb 10-1: USB disconnect, device number 2
[  629.301454][   T50] Bluetooth: hci39: command tx timeout
[  629.390303][   T30] audit: type=1400 audit(1753396165.862:560): avc:  denied  { read } for  pid=5187 comm="acpid" name="event9" dev="devtmpfs" ino=3276 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  629.390493][   T30] audit: type=1400 audit(1753396165.862:561): avc:  denied  { open } for  pid=5187 comm="acpid" path="/dev/input/event9" dev="devtmpfs" ino=3276 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  629.390908][   T30] audit: type=1400 audit(1753396165.862:562): avc:  denied  { ioctl } for  pid=5187 comm="acpid" path="/dev/input/event9" dev="devtmpfs" ino=3276 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  629.608233][   T30] audit: type=1400 audit(1753396166.082:563): avc:  denied  { append } for  pid=13727 comm="syz.9.1807" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  630.020663][   T50] Bluetooth: hci37: command tx timeout
[  630.100903][   T50] Bluetooth: hci38: command tx timeout
[  630.529052][   T30] audit: type=1400 audit(1753396167.002:564): avc:  denied  { setopt } for  pid=13732 comm="syz.9.1808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  630.536605][T13733] netlink: 60 bytes leftover after parsing attributes in process `syz.9.1808'.
[  630.893817][T12698] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  631.051999][T12698] usb 10-1: Using ep0 maxpacket: 8
[  631.053485][T12698] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  631.053515][T12698] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  631.053539][T12698] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  631.054996][T12698] usb 10-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  631.055020][T12698] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  631.055038][T12698] usb 10-1: Product: syz
[  631.055053][T12698] usb 10-1: Manufacturer: syz
[  631.055066][T12698] usb 10-1: SerialNumber: syz
[  631.056605][T12698] usb 10-1: config 0 descriptor??
[  631.060529][T12698] streamzap 10-1:0.0: streamzap_probe: endpoint Max Packet Size is 0!?!
[  631.078131][   T50] Bluetooth: hci10: command 0x0406 tx timeout
[  631.381218][T13524] Bluetooth: hci39: command tx timeout
[  631.436601][ T5885] usb 10-1: USB disconnect, device number 3
[  632.158308][   T50] Bluetooth: hci40: unexpected cc 0x0c03 length: 249 > 1
[  632.158616][   T50] Bluetooth: hci40: unexpected cc 0x1003 length: 249 > 9
[  632.158811][   T50] Bluetooth: hci40: unexpected cc 0x1001 length: 249 > 9
[  632.159600][   T50] Bluetooth: hci40: unexpected cc 0x0c23 length: 249 > 4
[  632.159945][   T50] Bluetooth: hci40: unexpected cc 0x0c38 length: 249 > 2
[  632.178019][T13741] lo speed is unknown, defaulting to 1000
[  632.292592][T13741] chnl_net:caif_netlink_parms(): no params data found
[  632.356787][T13741] bridge0: port 1(bridge_slave_0) entered blocking state
[  632.357012][T13741] bridge0: port 1(bridge_slave_0) entered disabled state
[  632.357183][T13741] bridge_slave_0: entered allmulticast mode
[  632.358141][T13741] bridge_slave_0: entered promiscuous mode
[  632.360573][T13741] bridge0: port 2(bridge_slave_1) entered blocking state
[  632.362012][T13741] bridge0: port 2(bridge_slave_1) entered disabled state
[  632.362159][T13741] bridge_slave_1: entered allmulticast mode
[  632.362941][T13741] bridge_slave_1: entered promiscuous mode
[  632.377684][T13741] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  632.379577][T13741] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  632.394228][T13741] team0: Port device team_slave_0 added
[  632.395693][T13741] team0: Port device team_slave_1 added
[  632.409005][T13741] batman_adv: batadv0: Adding interface: batadv_slave_0
[  632.409017][T13741] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  632.409116][T13741] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  632.410010][T13741] batman_adv: batadv0: Adding interface: batadv_slave_1
[  632.410018][T13741] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  632.410102][T13741] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  632.440586][T13741] hsr_slave_0: entered promiscuous mode
[  632.441687][T13741] hsr_slave_1: entered promiscuous mode
[  632.442520][T13741] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  632.442534][T13741] Cannot create hsr debugfs directory
[  632.499923][T13741] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  632.545389][T13741] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  632.585284][T13741] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  632.645944][T13741] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  632.726415][T13741] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  632.729151][T13741] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  632.743996][T13741] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  632.746181][T13741] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  632.824939][T13741] bridge0: port 2(bridge_slave_1) entered blocking state
[  632.824996][T13741] bridge0: port 2(bridge_slave_1) entered forwarding state
[  632.825127][T13741] bridge0: port 1(bridge_slave_0) entered blocking state
[  632.825179][T13741] bridge0: port 1(bridge_slave_0) entered forwarding state
[  632.925719][T13741] 8021q: adding VLAN 0 to HW filter on device bond0
[  632.936837][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  632.945320][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  632.960478][T13741] 8021q: adding VLAN 0 to HW filter on device team0
[  632.968534][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  632.968587][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  632.987274][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  632.987319][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  633.463117][   T31] INFO: task kworker/1:1:43 blocked for more than 143 seconds.
[  633.463138][   T31]       Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0
[  633.463150][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  633.463159][   T31] task:kworker/1:1     state:D stack:22280 pid:43    tgid:43    ppid:2      task_flags:0x4208060 flags:0x00004000
[  633.463231][   T31] Workqueue: events console_callback
[  633.463254][   T31] Call Trace:
[  633.463261][   T31]  <TASK>
[  633.463270][   T31]  __schedule+0x116a/0x5dd0
[  633.463320][   T31]  ? __pfx___schedule+0x10/0x10
[  633.463345][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  633.463371][   T31]  ? find_held_lock+0x2b/0x80
[  633.463394][   T31]  ? schedule+0x2d7/0x3a0
[  633.463420][   T31]  schedule+0xe7/0x3a0
[  633.463460][   T31]  schedule_timeout+0x257/0x290
[  633.463484][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  633.463510][   T31]  ? mark_held_locks+0x49/0x80
[  633.463536][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  633.463563][   T31]  ___down_common+0x2d8/0x460
[  633.463599][   T31]  ? register_lock_class+0x41/0x4c0
[  633.463619][   T31]  ? __pfx____down_common+0x10/0x10
[  633.463642][   T31]  __down+0x20/0x30
[  633.463660][   T31]  down+0x74/0xa0
[  633.463677][   T31]  console_lock+0x5b/0xa0
[  633.463697][   T31]  console_callback+0x62/0x4c0
[  633.463731][   T31]  ? __pfx_console_callback+0x10/0x10
[  633.463749][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  633.463775][   T31]  process_one_work+0x9cf/0x1b70
[  633.463799][   T31]  ? __pfx_console_callback+0x10/0x10
[  633.463817][   T31]  ? __pfx_process_one_work+0x10/0x10
[  633.463837][   T31]  ? assign_work+0x1a0/0x250
[  633.463870][   T31]  worker_thread+0x6c8/0xf10
[  633.463896][   T31]  ? __pfx_worker_thread+0x10/0x10
[  633.463916][   T31]  kthread+0x3c5/0x780
[  633.463934][   T31]  ? __pfx_kthread+0x10/0x10
[  633.463952][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.463974][   T31]  ? __pfx_kthread+0x10/0x10
[  633.464007][   T31]  ret_from_fork+0x5d4/0x6f0
[  633.464031][   T31]  ? __pfx_kthread+0x10/0x10
[  633.464048][   T31]  ret_from_fork_asm+0x1a/0x30
[  633.464081][   T31]  </TASK>
[  633.464093][   T31] INFO: task kworker/u8:3:54 blocked for more than 143 seconds.
[  633.464106][   T31]       Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0
[  633.464117][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  633.464142][   T31] task:kworker/u8:3    state:D stack:23672 pid:54    tgid:54    ppid:2      task_flags:0x4208160 flags:0x00004000
[  633.464196][   T31] Workqueue: events_unbound flush_to_ldisc
[  633.464215][   T31] Call Trace:
[  633.464222][   T31]  <TASK>
[  633.464231][   T31]  __schedule+0x116a/0x5dd0
[  633.464262][   T31]  ? __lock_acquire+0x622/0x1c90
[  633.464295][   T31]  ? __pfx___schedule+0x10/0x10
[  633.464323][   T31]  ? find_held_lock+0x2b/0x80
[  633.464345][   T31]  ? schedule+0x2d7/0x3a0
[  633.464370][   T31]  schedule+0xe7/0x3a0
[  633.464395][   T31]  schedule_preempt_disabled+0x13/0x30
[  633.464436][   T31]  __mutex_lock+0x6c7/0xb90
[  633.464455][   T31]  ? commit_echoes+0x4c/0x210
[  633.464477][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  633.464497][   T31]  ? __lock_acquire+0xb8a/0x1c90
[  633.464516][   T31]  ? commit_echoes+0x4c/0x210
[  633.464535][   T31]  commit_echoes+0x4c/0x210
[  633.464572][   T31]  n_tty_receive_char+0x3d7/0x600
[  633.464597][   T31]  n_tty_receive_buf_standard+0x6aa/0x3140
[  633.464624][   T31]  ? __pfx_down_read+0x10/0x10
[  633.464644][   T31]  ? __pfx___might_resched+0x10/0x10
[  633.464670][   T31]  n_tty_receive_buf_common+0x8eb/0x1980
[  633.464709][   T31]  ? flush_to_ldisc+0x34/0x780
[  633.464731][   T31]  tty_ldisc_receive_buf+0xa7/0x1a0
[  633.464758][   T31]  ? __pfx_n_tty_receive_buf2+0x10/0x10
[  633.464782][   T31]  tty_port_default_receive_buf+0x70/0xb0
[  633.464803][   T31]  flush_to_ldisc+0x268/0x780
[  633.464822][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.464862][   T31]  process_one_work+0x9cf/0x1b70
[  633.464887][   T31]  ? __pfx_process_one_work+0x10/0x10
[  633.464910][   T31]  ? assign_work+0x1a0/0x250
[  633.464929][   T31]  worker_thread+0x6c8/0xf10
[  633.464953][   T31]  ? __kthread_parkme+0x19e/0x250
[  633.464993][   T31]  ? __pfx_worker_thread+0x10/0x10
[  633.465012][   T31]  kthread+0x3c5/0x780
[  633.465029][   T31]  ? __pfx_kthread+0x10/0x10
[  633.465046][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.465068][   T31]  ? __pfx_kthread+0x10/0x10
[  633.465091][   T31]  ret_from_fork+0x5d4/0x6f0
[  633.465131][   T31]  ? __pfx_kthread+0x10/0x10
[  633.465148][   T31]  ret_from_fork_asm+0x1a/0x30
[  633.465173][   T31]  </TASK>
[  633.465291][   T31] INFO: task kworker/1:5:5949 blocked for more than 143 seconds.
[  633.465304][   T31]       Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0
[  633.465315][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  633.465323][   T31] task:kworker/1:5     state:D stack:21592 pid:5949  tgid:5949  ppid:2      task_flags:0x4208060 flags:0x00004000
[  633.465374][   T31] Workqueue: events vc_SAK
[  633.465411][   T31] Call Trace:
[  633.465418][   T31]  <TASK>
[  633.465426][   T31]  __schedule+0x116a/0x5dd0
[  633.465451][   T31]  ? nbcon_cpu_emergency_exit+0x71/0xb0
[  633.465468][   T31]  ? check_noncircular+0x14c/0x170
[  633.465499][   T31]  ? __pfx___schedule+0x10/0x10
[  633.465524][   T31]  ? do_raw_spin_lock+0x12c/0x2b0
[  633.465560][   T31]  ? wq_worker_sleeping+0x1bf/0x220
[  633.465584][   T31]  ? schedule+0x2d7/0x3a0
[  633.465608][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.465630][   T31]  ? lock_release+0x201/0x2f0
[  633.465648][   T31]  schedule+0xe7/0x3a0
[  633.465673][   T31]  schedule_preempt_disabled+0x13/0x30
[  633.465716][   T31]  __mutex_lock+0x6c7/0xb90
[  633.465734][   T31]  ? tty_buffer_flush+0x72/0x310
[  633.465752][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  633.465777][   T31]  ? tty_buffer_flush+0x72/0x310
[  633.465794][   T31]  tty_buffer_flush+0x72/0x310
[  633.465813][   T31]  tty_ldisc_flush+0x64/0xe0
[  633.465853][   T31]  __do_SAK+0x6de/0x880
[  633.465873][   T31]  ? mark_held_locks+0x49/0x80
[  633.465902][   T31]  vc_SAK+0x7f/0x310
[  633.465924][   T31]  process_one_work+0x9cf/0x1b70
[  633.465945][   T31]  ? __pfx_process_one_work+0x10/0x10
[  633.465966][   T31]  ? assign_work+0x1a0/0x250
[  633.465999][   T31]  worker_thread+0x6c8/0xf10
[  633.466020][   T31]  ? __kthread_parkme+0x19e/0x250
[  633.466044][   T31]  ? __pfx_worker_thread+0x10/0x10
[  633.466062][   T31]  kthread+0x3c5/0x780
[  633.466081][   T31]  ? __pfx_kthread+0x10/0x10
[  633.466097][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.466131][   T31]  ? __pfx_kthread+0x10/0x10
[  633.466146][   T31]  ret_from_fork+0x5d4/0x6f0
[  633.466169][   T31]  ? __pfx_kthread+0x10/0x10
[  633.466184][   T31]  ret_from_fork_asm+0x1a/0x30
[  633.466207][   T31]  </TASK>
[  633.466220][   T31] INFO: task syz.2.1545:11841 blocked for more than 143 seconds.
[  633.466232][   T31]       Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0
[  633.466243][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  633.466265][   T31] task:syz.2.1545      state:D stack:27096 pid:11841 tgid:11839 ppid:5828   task_flags:0x400040 flags:0x00004006
[  633.466321][   T31] Call Trace:
[  633.466327][   T31]  <TASK>
[  633.466335][   T31]  __schedule+0x116a/0x5dd0
[  633.466364][   T31]  ? __lock_acquire+0x622/0x1c90
[  633.466383][   T31]  ? __pfx___schedule+0x10/0x10
[  633.466428][   T31]  ? find_held_lock+0x2b/0x80
[  633.466451][   T31]  ? schedule+0x2d7/0x3a0
[  633.466478][   T31]  schedule+0xe7/0x3a0
[  633.466503][   T31]  schedule_timeout+0x257/0x290
[  633.466526][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  633.466570][   T31]  ? mark_held_locks+0x49/0x80
[  633.466597][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  633.466623][   T31]  ___down_common+0x2d8/0x460
[  633.466642][   T31]  ? __pfx____down_common+0x10/0x10
[  633.466665][   T31]  __down+0x20/0x30
[  633.466682][   T31]  down+0x74/0xa0
[  633.466715][   T31]  console_lock+0x5b/0xa0
[  633.466735][   T31]  con_write+0x81/0xb0
[  633.466754][   T31]  n_tty_write+0x412/0x1160
[  633.466781][   T31]  ? __pfx_n_tty_write+0x10/0x10
[  633.466803][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.466825][   T31]  ? __pfx_woken_wake_function+0x10/0x10
[  633.466864][   T31]  ? kfree+0x24f/0x4d0
[  633.466886][   T31]  ? file_tty_write.constprop.0+0x6ef/0x9b0
[  633.466904][   T31]  ? hpsa_ciss_submit+0xee0/0x1620
[  633.466928][   T31]  ? __pfx_n_tty_write+0x10/0x10
[  633.466950][   T31]  file_tty_write.constprop.0+0x501/0x9b0
[  633.466972][   T31]  vfs_write+0x6c4/0x1150
[  633.467015][   T31]  ? __pfx_tty_write+0x10/0x10
[  633.467034][   T31]  ? __pfx_vfs_write+0x10/0x10
[  633.467059][   T31]  ? find_held_lock+0x2b/0x80
[  633.467095][   T31]  ksys_write+0x12a/0x250
[  633.467121][   T31]  ? __pfx_ksys_write+0x10/0x10
[  633.467166][   T31]  do_syscall_64+0xcd/0x4c0
[  633.467186][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.467205][   T31] RIP: 0033:0x7f0e52d8e9a9
[  633.467220][   T31] RSP: 002b:00007f0e53b34038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  633.467238][   T31] RAX: ffffffffffffffda RBX: 00007f0e52fb5fa0 RCX: 00007f0e52d8e9a9
[  633.467251][   T31] RDX: 0000000000001006 RSI: 0000200000000000 RDI: 0000000000000009
[  633.467264][   T31] RBP: 00007f0e52e10d69 R08: 0000000000000000 R09: 0000000000000000
[  633.467275][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  633.467303][   T31] R13: 0000000000000000 R14: 00007f0e52fb5fa0 R15: 00007fffdc255fc8
[  633.467322][   T31]  </TASK>
[  633.467331][   T31] INFO: task syz.4.1579:12023 blocked for more than 143 seconds.
[  633.467344][   T31]       Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0
[  633.467355][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  633.467363][   T31] task:syz.4.1579      state:D stack:29032 pid:12023 tgid:12010 ppid:5825   task_flags:0x400040 flags:0x00004004
[  633.467438][   T31] Call Trace:
[  633.467444][   T31]  <TASK>
[  633.467453][   T31]  __schedule+0x116a/0x5dd0
[  633.467479][   T31]  ? __kernel_text_address+0xd/0x40
[  633.467505][   T31]  ? __pfx___schedule+0x10/0x10
[  633.467530][   T31]  ? __pfx_stack_trace_save+0x10/0x10
[  633.467555][   T31]  ? widen_string+0xdc/0x2d0
[  633.467595][   T31]  ? schedule+0x2d7/0x3a0
[  633.467620][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.467642][   T31]  ? lock_release+0x201/0x2f0
[  633.467660][   T31]  schedule+0xe7/0x3a0
[  633.467685][   T31]  schedule_timeout+0x257/0x290
[  633.467707][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  633.467749][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.467772][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.467796][   T31]  ___down_common+0x2d8/0x460
[  633.467814][   T31]  ? __pfx___mutex_trylock_common+0x10/0x10
[  633.467834][   T31]  ? __pfx____down_common+0x10/0x10
[  633.467855][   T31]  ? __mutex_lock+0x1ca/0xb90
[  633.467891][   T31]  __down+0x20/0x30
[  633.467909][   T31]  down+0x74/0xa0
[  633.467926][   T31]  console_lock+0x5b/0xa0
[  633.467946][   T31]  con_install+0x99/0x600
[  633.467963][   T31]  ? __pfx_con_install+0x10/0x10
[  633.467983][   T31]  ? __pfx_con_install+0x10/0x10
[  633.468001][   T31]  tty_init_dev.part.0+0x9c/0x500
[  633.468037][   T31]  tty_open+0xa50/0xf90
[  633.468059][   T31]  ? __pfx_tty_open+0x10/0x10
[  633.468081][   T31]  ? chrdev_open+0x10b/0x6a0
[  633.468100][   T31]  ? lock_release+0x201/0x2f0
[  633.468117][   T31]  ? __pfx_tty_open+0x10/0x10
[  633.468135][   T31]  chrdev_open+0x234/0x6a0
[  633.468169][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  633.468188][   T31]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  633.468219][   T31]  do_dentry_open+0x744/0x1c10
[  633.468247][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  633.468267][   T31]  vfs_open+0x82/0x3f0
[  633.468287][   T31]  path_openat+0x1de4/0x2cb0
[  633.468335][   T31]  ? __pfx_path_openat+0x10/0x10
[  633.468365][   T31]  do_filp_open+0x20b/0x470
[  633.468392][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  633.468427][   T31]  ? alloc_fd+0x471/0x7d0
[  633.468473][   T31]  do_sys_openat2+0x11b/0x1d0
[  633.468495][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  633.468515][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.468542][   T31]  __x64_sys_openat+0x174/0x210
[  633.468564][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[  633.468606][   T31]  do_syscall_64+0xcd/0x4c0
[  633.468625][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.468642][   T31] RIP: 0033:0x7f6d2bb8d310
[  633.468655][   T31] RSP: 002b:00007f6d2c95fb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  633.468672][   T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f6d2bb8d310
[  633.468683][   T31] RDX: 0000000000000002 RSI: 00007f6d2c95fc10 RDI: 00000000ffffff9c
[  633.468695][   T31] RBP: 00007f6d2c95fc10 R08: 0000000000000000 R09: 00007f6d2c95f987
[  633.468707][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  633.468718][   T31] R13: 0000000000000000 R14: 00007f6d2bdb6160 R15: 00007ffc1b012c98
[  633.468750][   T31]  </TASK>
[  633.468758][   T31] INFO: task syz.3.1582:12026 blocked for more than 143 seconds.
[  633.468769][   T31]       Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0
[  633.468779][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  633.468785][   T31] task:syz.3.1582      state:D stack:27784 pid:12026 tgid:12025 ppid:5829   task_flags:0x400140 flags:0x00004004
[  633.468841][   T31] Call Trace:
[  633.468848][   T31]  <TASK>
[  633.468856][   T31]  __schedule+0x116a/0x5dd0
[  633.468895][   T31]  ? mntput_no_expire+0x14f/0xbb0
[  633.468919][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.468944][   T31]  ? __pfx___schedule+0x10/0x10
[  633.468969][   T31]  ? schedule+0x2d7/0x3a0
[  633.468991][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.469012][   T31]  ? lock_release+0x201/0x2f0
[  633.469043][   T31]  schedule+0xe7/0x3a0
[  633.469069][   T31]  schedule_preempt_disabled+0x13/0x30
[  633.469101][   T31]  __mutex_lock+0x6c7/0xb90
[  633.469119][   T31]  ? ptmx_open+0xff/0x360
[  633.469144][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  633.469177][   T31]  ? __pfx_ida_alloc_range+0x10/0x10
[  633.469206][   T31]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  633.469227][   T31]  ? __pfx_devpts_acquire+0x10/0x10
[  633.469255][   T31]  ? __pfx_ptmx_open+0x10/0x10
[  633.469278][   T31]  ? ptmx_open+0xff/0x360
[  633.469318][   T31]  ptmx_open+0xff/0x360
[  633.469342][   T31]  ? __pfx_ptmx_open+0x10/0x10
[  633.469365][   T31]  chrdev_open+0x234/0x6a0
[  633.469383][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  633.469402][   T31]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  633.469432][   T31]  do_dentry_open+0x744/0x1c10
[  633.469474][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  633.469494][   T31]  vfs_open+0x82/0x3f0
[  633.469514][   T31]  path_openat+0x1de4/0x2cb0
[  633.469544][   T31]  ? __pfx_path_openat+0x10/0x10
[  633.469573][   T31]  do_filp_open+0x20b/0x470
[  633.469617][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  633.469650][   T31]  ? alloc_fd+0x471/0x7d0
[  633.469679][   T31]  do_sys_openat2+0x11b/0x1d0
[  633.469698][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  633.469718][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.469761][   T31]  __x64_sys_openat+0x174/0x210
[  633.469783][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[  633.469808][   T31]  do_syscall_64+0xcd/0x4c0
[  633.469826][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.469844][   T31] RIP: 0033:0x7fb88d98e9a9
[  633.469857][   T31] RSP: 002b:00007fb88b7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  633.469891][   T31] RAX: ffffffffffffffda RBX: 00007fb88dbb5fa0 RCX: 00007fb88d98e9a9
[  633.469904][   T31] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  633.469915][   T31] RBP: 00007fb88da10d69 R08: 0000000000000000 R09: 0000000000000000
[  633.469926][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  633.469938][   T31] R13: 0000000000000000 R14: 00007fb88dbb5fa0 R15: 00007ffd671322b8
[  633.469955][   T31]  </TASK>
[  633.469964][   T31] INFO: task syz.1.1586:12043 blocked for more than 143 seconds.
[  633.469976][   T31]       Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0
[  633.469987][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  633.469994][   T31] task:syz.1.1586      state:D stack:29096 pid:12043 tgid:12041 ppid:5826   task_flags:0x400040 flags:0x00004004
[  633.470068][   T31] Call Trace:
[  633.470080][   T31]  <TASK>
[  633.470089][   T31]  __schedule+0x116a/0x5dd0
[  633.470117][   T31]  ? __pfx_stack_trace_save+0x10/0x10
[  633.470142][   T31]  ? stack_depot_save_flags+0x28/0xa40
[  633.470188][   T31]  ? __pfx___schedule+0x10/0x10
[  633.470213][   T31]  ? kasan_save_stack+0x42/0x60
[  633.470239][   T31]  ? kasan_save_stack+0x33/0x60
[  633.470264][   T31]  ? __kasan_kmalloc+0xaa/0xb0
[  633.470289][   T31]  ? schedule+0x2d7/0x3a0
[  633.470328][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.470351][   T31]  ? lock_release+0x201/0x2f0
[  633.470369][   T31]  schedule+0xe7/0x3a0
[  633.470394][   T31]  schedule_preempt_disabled+0x13/0x30
[  633.470420][   T31]  __mutex_lock+0x6c7/0xb90
[  633.470439][   T31]  ? tty_open+0x53e/0xf90
[  633.470472][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  633.470495][   T31]  ? __pfx_tty_open+0x10/0x10
[  633.470514][   T31]  ? tty_open+0x53e/0xf90
[  633.470532][   T31]  tty_open+0x53e/0xf90
[  633.470552][   T31]  ? __pfx_tty_open+0x10/0x10
[  633.470568][   T31]  ? chrdev_open+0x10b/0x6a0
[  633.470585][   T31]  ? lock_release+0x201/0x2f0
[  633.470809][T13524] Bluetooth: hci39: command tx timeout
[  633.471697][   T31]  ? __pfx_tty_open+0x10/0x10
[  633.471735][   T31]  chrdev_open+0x234/0x6a0
[  633.471754][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  633.471773][   T31]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  633.471803][   T31]  do_dentry_open+0x744/0x1c10
[  633.471829][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  633.471849][   T31]  vfs_open+0x82/0x3f0
[  633.471885][   T31]  path_openat+0x1de4/0x2cb0
[  633.471916][   T31]  ? __pfx_path_openat+0x10/0x10
[  633.471945][   T31]  do_filp_open+0x20b/0x470
[  633.471972][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  633.472021][   T31]  ? alloc_fd+0x471/0x7d0
[  633.472050][   T31]  do_sys_openat2+0x11b/0x1d0
[  633.472070][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  633.472096][   T31]  ? lock_release+0x201/0x2f0
[  633.472114][   T31]  __x64_sys_openat+0x174/0x210
[  633.472138][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[  633.472171][   T31]  ? do_user_addr_fault+0x843/0x1370
[  633.472200][   T31]  do_syscall_64+0xcd/0x4c0
[  633.472218][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.472237][   T31] RIP: 0033:0x7f18fc78e9a9
[  633.472250][   T31] RSP: 002b:00007f18fd5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  633.472268][   T31] RAX: ffffffffffffffda RBX: 00007f18fc9b5fa0 RCX: 00007f18fc78e9a9
[  633.472280][   T31] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  633.472309][   T31] RBP: 00007f18fc810d69 R08: 0000000000000000 R09: 0000000000000000
[  633.472324][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  633.472335][   T31] R13: 0000000000000001 R14: 00007f18fc9b5fa0 R15: 00007fff06bd24b8
[  633.472352][   T31]  </TASK>
[  633.472359][   T31] INFO: task syz.0.1588:12052 blocked for more than 143 seconds.
[  633.472371][   T31]       Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0
[  633.472381][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  633.472389][   T31] task:syz.0.1588      state:D stack:28304 pid:12052 tgid:12049 ppid:5827   task_flags:0x400040 flags:0x00004004
[  633.472460][   T31] Call Trace:
[  633.472466][   T31]  <TASK>
[  633.472474][   T31]  __schedule+0x116a/0x5dd0
[  633.472505][   T31]  ? __pfx___schedule+0x10/0x10
[  633.472533][   T31]  ? schedule+0x2d7/0x3a0
[  633.472556][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.472596][   T31]  ? lock_release+0x201/0x2f0
[  633.472613][   T31]  schedule+0xe7/0x3a0
[  633.472638][   T31]  schedule_preempt_disabled+0x13/0x30
[  633.472664][   T31]  __mutex_lock+0x6c7/0xb90
[  633.472683][   T31]  ? ptmx_open+0xff/0x360
[  633.472706][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  633.472736][   T31]  ? __pfx_ida_alloc_range+0x10/0x10
[  633.472764][   T31]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  633.472784][   T31]  ? __pfx_devpts_acquire+0x10/0x10
[  633.472812][   T31]  ? __pfx_ptmx_open+0x10/0x10
[  633.472836][   T31]  ? ptmx_open+0xff/0x360
[  633.472875][   T31]  ptmx_open+0xff/0x360
[  633.472899][   T31]  ? __pfx_ptmx_open+0x10/0x10
[  633.472922][   T31]  chrdev_open+0x234/0x6a0
[  633.472940][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  633.472957][   T31]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  633.472986][   T31]  do_dentry_open+0x744/0x1c10
[  633.473027][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  633.473046][   T31]  vfs_open+0x82/0x3f0
[  633.473065][   T31]  path_openat+0x1de4/0x2cb0
[  633.473098][   T31]  ? __pfx___schedule+0x10/0x10
[  633.473122][   T31]  ? __pfx_path_openat+0x10/0x10
[  633.473166][   T31]  do_filp_open+0x20b/0x470
[  633.473193][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  633.473219][   T31]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  633.473248][   T31]  ? alloc_fd+0x471/0x7d0
[  633.473277][   T31]  do_sys_openat2+0x11b/0x1d0
[  633.473313][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  633.473334][   T31]  ? __pfx___schedule+0x10/0x10
[  633.473361][   T31]  __x64_sys_openat+0x174/0x210
[  633.473382][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[  633.473407][   T31]  do_syscall_64+0xcd/0x4c0
[  633.473425][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.473459][   T31] RIP: 0033:0x7fb42b98e9a9
[  633.473472][   T31] RSP: 002b:00007fb42c7d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  633.473489][   T31] RAX: ffffffffffffffda RBX: 00007fb42bbb6160 RCX: 00007fb42b98e9a9
[  633.473501][   T31] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  633.473513][   T31] RBP: 00007fb42ba10d69 R08: 0000000000000000 R09: 0000000000000000
[  633.473524][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  633.473535][   T31] R13: 0000000000000000 R14: 00007fb42bbb6160 R15: 00007ffe72203fc8
[  633.473553][   T31]  </TASK>
[  633.473566][   T31] INFO: task syz.5.1591:12096 blocked for more than 143 seconds.
[  633.473593][   T31]       Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0
[  633.473604][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  633.473612][   T31] task:syz.5.1591      state:D stack:28248 pid:12096 tgid:12094 ppid:12061  task_flags:0x400040 flags:0x00004004
[  633.473668][   T31] Call Trace:
[  633.473674][   T31]  <TASK>
[  633.473682][   T31]  __schedule+0x116a/0x5dd0
[  633.473729][   T31]  ? __pfx___schedule+0x10/0x10
[  633.473755][   T31]  ? __mutex_trylock_common+0x7f/0x250
[  633.473775][   T31]  ? schedule+0x2d7/0x3a0
[  633.473799][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.473821][   T31]  ? lock_release+0x201/0x2f0
[  633.473837][   T31]  schedule+0xe7/0x3a0
[  633.473876][   T31]  schedule_preempt_disabled+0x13/0x30
[  633.473903][   T31]  __mutex_lock+0x6c7/0xb90
[  633.473921][   T31]  ? tty_open+0x53e/0xf90
[  633.473940][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  633.473963][   T31]  ? __pfx_tty_open+0x10/0x10
[  633.473981][   T31]  ? tty_open+0x53e/0xf90
[  633.474015][   T31]  tty_open+0x53e/0xf90
[  633.474035][   T31]  ? __pfx_tty_open+0x10/0x10
[  633.474054][   T31]  ? chrdev_open+0x10b/0x6a0
[  633.474072][   T31]  ? lock_release+0x201/0x2f0
[  633.474093][   T31]  ? __pfx_tty_open+0x10/0x10
[  633.474111][   T31]  chrdev_open+0x234/0x6a0
[  633.474128][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  633.474162][   T31]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  633.474191][   T31]  do_dentry_open+0x744/0x1c10
[  633.474218][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  633.474237][   T31]  vfs_open+0x82/0x3f0
[  633.474257][   T31]  path_openat+0x1de4/0x2cb0
[  633.474302][   T31]  ? __pfx_path_openat+0x10/0x10
[  633.474332][   T31]  do_filp_open+0x20b/0x470
[  633.474359][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  633.474393][   T31]  ? alloc_fd+0x471/0x7d0
[  633.474437][   T31]  do_sys_openat2+0x11b/0x1d0
[  633.474457][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  633.474479][   T31]  ? lock_release+0x201/0x2f0
[  633.474496][   T31]  __x64_sys_openat+0x174/0x210
[  633.474517][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[  633.474539][   T31]  ? do_user_addr_fault+0x843/0x1370
[  633.474583][   T31]  do_syscall_64+0xcd/0x4c0
[  633.474602][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.474619][   T31] RIP: 0033:0x7efeb918e9a9
[  633.474632][   T31] RSP: 002b:00007efeba016038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  633.474649][   T31] RAX: ffffffffffffffda RBX: 00007efeb93b6080 RCX: 00007efeb918e9a9
[  633.474662][   T31] RDX: 0000000000020802 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  633.474674][   T31] RBP: 00007efeb9210d69 R08: 0000000000000000 R09: 0000000000000000
[  633.474686][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  633.474698][   T31] R13: 0000000000000001 R14: 00007efeb93b6080 R15: 00007ffe41c527a8
[  633.474730][   T31]  </TASK>
[  633.474927][   T31] INFO: lockdep is turned off.
[  633.474935][   T31] NMI backtrace for cpu 0
[  633.474946][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  633.474967][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  633.474977][   T31] Call Trace:
[  633.474985][   T31]  <TASK>
[  633.474992][   T31]  dump_stack_lvl+0x116/0x1f0
[  633.475009][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  633.475031][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  633.475056][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  633.475084][   T31]  watchdog+0xf70/0x12c0
[  633.475105][   T31]  ? __pfx_watchdog+0x10/0x10
[  633.475123][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  633.475148][   T31]  ? __kthread_parkme+0x19e/0x250
[  633.475173][   T31]  ? __pfx_watchdog+0x10/0x10
[  633.475190][   T31]  kthread+0x3c5/0x780
[  633.475205][   T31]  ? __pfx_kthread+0x10/0x10
[  633.475221][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.475242][   T31]  ? __pfx_kthread+0x10/0x10
[  633.475257][   T31]  ret_from_fork+0x5d4/0x6f0
[  633.475280][   T31]  ? __pfx_kthread+0x10/0x10
[  633.475296][   T31]  ret_from_fork_asm+0x1a/0x30
[  633.475319][   T31]  </TASK>
[  633.475339][   T31] Sending NMI from CPU 0 to CPUs 1:
[  633.475361][    C1] NMI backtrace for cpu 1
[  633.475372][    C1] CPU: 1 UID: 0 PID: 59 Comm: kworker/u8:4 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  633.475390][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  633.475399][    C1] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
[  633.475422][    C1] RIP: 0010:batadv_tt_local_commit_changes_nolock+0xbd2/0xec0
[  633.475445][    C1] Code: ff e8 62 6f 65 f6 48 c7 c2 a0 09 10 8d be 65 03 00 00 48 c7 c7 60 09 10 8d c6 05 87 13 3b 05 01 e8 33 c0 41 f6 e9 da f7 ff ff <e8> 39 6f 65 f6 48 8b 5c 24 50 be 04 00 00 00 48 89 df e8 d7 ca ca
[  633.475458][    C1] RSP: 0018:ffffc9000210f9a8 EFLAGS: 00000246
[  633.475470][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8b566e5f
[  633.475479][    C1] RDX: ffff88801b984880 RSI: 0000000000000000 RDI: 0000000000000007
[  633.475488][    C1] RBP: ffff8880897d9430 R08: 0000000000000007 R09: 0000000000000000
[  633.475497][    C1] R10: 0000000000000000 R11: 0000000000002c00 R12: 0000000000000007
[  633.475505][    C1] R13: ffffc9000210fb60 R14: ffff8880717a8000 R15: ffff888025e40800
[  633.475515][    C1] FS:  0000000000000000(0000) GS:ffff888124820000(0000) knlGS:0000000000000000
[  633.475529][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  633.475539][    C1] CR2: 00007fe5820297d5 CR3: 0000000187b2f000 CR4: 00000000003526f0
[  633.475549][    C1] Call Trace:
[  633.475553][    C1]  <TASK>
[  633.475560][    C1]  ? __mutex_trylock_common+0xe9/0x250
[  633.475573][    C1]  ? __pfx___mutex_trylock_common+0x10/0x10
[  633.475587][    C1]  ? __pfx_batadv_tt_local_commit_changes_nolock+0x10/0x10
[  633.475608][    C1]  ? do_raw_spin_lock+0x12c/0x2b0
[  633.475623][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  633.475640][    C1]  batadv_tt_local_commit_changes+0x25/0x30
[  633.475660][    C1]  batadv_iv_ogm_schedule_buff+0x120a/0x14e0
[  633.475679][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  633.475694][    C1]  ? __pfx_batadv_iv_ogm_schedule_buff+0x10/0x10
[  633.475714][    C1]  ? batadv_send_skb_packet+0x5dd/0x780
[  633.475731][    C1]  batadv_iv_send_outstanding_bat_ogm_packet+0x329/0x920
[  633.475756][    C1]  process_one_work+0x9cf/0x1b70
[  633.475773][    C1]  ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10
[  633.475794][    C1]  ? __pfx_process_one_work+0x10/0x10
[  633.475811][    C1]  ? assign_work+0x1a0/0x250
[  633.475830][    C1]  worker_thread+0x6c8/0xf10
[  633.475847][    C1]  ? __kthread_parkme+0x19e/0x250
[  633.475865][    C1]  ? __pfx_worker_thread+0x10/0x10
[  633.475881][    C1]  kthread+0x3c5/0x780
[  633.475893][    C1]  ? __pfx_kthread+0x10/0x10
[  633.475906][    C1]  ? rcu_is_watching+0x12/0xc0
[  633.475922][    C1]  ? __pfx_kthread+0x10/0x10
[  633.475934][    C1]  ret_from_fork+0x5d4/0x6f0
[  633.475952][    C1]  ? __pfx_kthread+0x10/0x10
[  633.475965][    C1]  ret_from_fork_asm+0x1a/0x30
[  633.475983][    C1]  </TASK>
[  633.476358][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  633.476370][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  633.476390][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  633.476404][   T31] Call Trace:
[  633.476409][   T31]  <TASK>
[  633.476416][   T31]  dump_stack_lvl+0x3d/0x1f0
[  633.476432][   T31]  panic+0x71c/0x800
[  633.476457][   T31]  ? __pfx_panic+0x10/0x10
[  633.476479][   T31]  ? nmi_backtrace_stall_check+0x6e/0x540
[  633.476503][   T31]  ? irq_work_queue+0xce/0x100
[  633.476524][   T31]  ? watchdog+0xdda/0x12c0
[  633.476541][   T31]  ? watchdog+0xdcd/0x12c0
[  633.476557][   T31]  watchdog+0xdeb/0x12c0
[  633.476576][   T31]  ? __pfx_watchdog+0x10/0x10
[  633.476593][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  633.476620][   T31]  ? __kthread_parkme+0x19e/0x250
[  633.476645][   T31]  ? __pfx_watchdog+0x10/0x10
[  633.476664][   T31]  kthread+0x3c5/0x780
[  633.476680][   T31]  ? __pfx_kthread+0x10/0x10
[  633.476697][   T31]  ? rcu_is_watching+0x12/0xc0
[  633.476718][   T31]  ? __pfx_kthread+0x10/0x10
[  633.476734][   T31]  ret_from_fork+0x5d4/0x6f0
[  633.476758][   T31]  ? __pfx_kthread+0x10/0x10
[  633.476774][   T31]  ret_from_fork_asm+0x1a/0x30
[  633.476796][   T31]  </TASK>
[  633.477009][   T31] Kernel Offset: disabled