last executing test programs:

42m54.1708662s ago: executing program 32 (id=1100):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
getsockopt$llc_int(r1, 0x10c, 0x3, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r5}, 0x18)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000000)={'veth1_vlan\x00', {0x2, 0x4e22, @empty}})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r7)
sendmsg$GTP_CMD_NEWPDP(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x1c, r8, 0x1, 0x0, 0x0, {0x3}, [@GTPA_VERSION={0x8}]}, 0x1c}}, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(r6, 0xc4009420, 0x0)
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)
ioctl$sock_inet_SIOCSIFPFLAGS(r3, 0x8934, &(0x7f0000000040)={'netpci0\x00', 0x7})
r9 = socket$pppl2tp(0x18, 0x1, 0x1)
close(r9)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0xea5, './file0\x00'}})

41m11.310813436s ago: executing program 33 (id=1310):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r1)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x939e02dc105d5baa, 0x2}, {0xe}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)

41m2.607101791s ago: executing program 34 (id=1326):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x28, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}]}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r2, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

39m24.032537397s ago: executing program 35 (id=1433):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
add_key(&(0x7f00000001c0)='ceph\x00', 0x0, &(0x7f0000000840), 0x0, 0xffffffffffffffff)
symlinkat(0x0, 0xffffffffffffff9c, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
unshare(0x64000600)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x340, 0x25, 0x148, 0x0, 0x60, 0x458, 0x2a8, 0x2a8, 0x458, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x44, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}}, 0x0, 0xa8, 0xf0, 0x0, {}, [@common=@unspec=@statistic={{0x38}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8000, 'syz0\x00', {0x481c}}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x528)

34m28.884843108s ago: executing program 36 (id=1821):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000040)=0x888b, 0x4)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000100)={'macvlan1\x00', @random="753bafd4f6ee"})
connect$unix(r0, &(0x7f00000008c0)=@file={0x1, './file0\x00'}, 0x6e)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000f00)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}})
umount2(&(0x7f0000000040)='.\x00', 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000400)="d8000000140081044e81f782db44b9040a1d08020a000000040000a118000200ff11000000000e1208000f0100810401a80016ea1f000840031b000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee40021146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
chown(0x0, 0x0, 0xee01)
ioctl$PTP_SYS_OFFSET(0xffffffffffffffff, 0xc0403d08, 0xffffffffffffffff)
chdir(0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newlink={0x44, 0x10, 0x403, 0xfffffffc, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x6}, @IFLA_BR_MCAST_QUERY_USE_IFADDR={0x5, 0x18, 0x1}]}}}]}, 0x44}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000340)='./cgroup\x00', &(0x7f0000000300)='squashfs\x00', 0x1a0c000, 0x0)

34m25.737818984s ago: executing program 37 (id=1826):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000040)=0x888b, 0x4)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000100)={'macvlan1\x00', @random="753bafd4f6ee"})
connect$unix(r0, &(0x7f00000008c0)=@file={0x1, './file0\x00'}, 0x6e)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000f00)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}})
umount2(&(0x7f0000000040)='.\x00', 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000400)="d8000000140081044e81f782db44b9040a1d08020a000000040000a118000200ff11000000000e1208000f0100810401a80016ea1f000840031b000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee40021146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
chown(0x0, 0x0, 0xee01)
ioctl$PTP_SYS_OFFSET(0xffffffffffffffff, 0xc0403d08, 0xffffffffffffffff)
chdir(0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newlink={0x44, 0x10, 0x403, 0xfffffffc, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x6}, @IFLA_BR_MCAST_QUERY_USE_IFADDR={0x5, 0x18, 0x1}]}}}]}, 0x44}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000340)='./cgroup\x00', &(0x7f0000000300)='squashfs\x00', 0x1a0c000, 0x0)

33m38.93352586s ago: executing program 38 (id=1884):
openat$vcs(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f00000022c0)=ANY=[@ANYBLOB="030000000000009500000000000008006b14f81187f34b0000b5bc2780d37e00007c7cee41a70648d72aeda4b5981a85cf"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r0 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, 0x24, 0x7, @void}, 0x10)
syz_clone3(0x0, 0x0)
r1 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x16, &(0x7f0000000540)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x63917fb493517fda, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg$inet(r1, &(0x7f0000005240), 0x4000095, 0x0)
setsockopt$inet_mreqn(r1, 0x0, 0x24, 0x0, 0x0)
stat(0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x20000000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000040)={0xc})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000880)={0x48})
ioperm(0x0, 0x2, 0x7e)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
shutdown(r1, 0x1)

17m4.363764926s ago: executing program 9 (id=2867):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140)=<r1=>0x0)
move_pages(r1, 0x3, &(0x7f00000001c0)=[&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil], &(0x7f0000000340)=[0x8, 0x8, 0x6, 0xffffffff, 0x7], &(0x7f0000000380)=[0x0, 0x0], 0x2)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000000fc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r3)
r4 = openat$cgroup_freezer_state(r3, &(0x7f0000000080), 0x2, 0x0)
sendfile(r4, r4, 0x0, 0x8000002)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0xa4001, 0x0)

17m3.239685529s ago: executing program 9 (id=2869):
chdir(&(0x7f0000000200)='./file0\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0xb7f, &(0x7f0000000180)={0x0, 0x38ab, 0x80, 0x0, 0x1e6}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000600)=<r3=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r4, 0x0, 0x0, 0x0, 0x322, 0x1, {0x1}})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)

17m0.476348775s ago: executing program 9 (id=2876):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140)=<r1=>0x0)
move_pages(r1, 0x3, &(0x7f00000001c0)=[&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil], &(0x7f0000000340)=[0x8, 0x8, 0x6, 0xffffffff, 0x7], &(0x7f0000000380)=[0x0, 0x0], 0x2)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000000fc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r3)
openat$cgroup_freezer_state(r3, &(0x7f0000000080), 0x2, 0x0)

16m57.568879444s ago: executing program 9 (id=2881):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x6ea, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
set_mempolicy(0x1, &(0x7f0000000000)=0x2000051e2, 0x3ff)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r2 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x3}, @in=@empty, 0x0, 0x0, 0x1, 0x4, 0xa}, {0xbd1, 0x0, 0x40000003}, {0x81, 0x2}, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x8000, 0x33}, 0x0, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0xe8)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0xffe0)

16m53.808348151s ago: executing program 9 (id=2887):
sendto(0xffffffffffffffff, &(0x7f0000000600)="ae6fbee764d71bdadae47f142234c01b6e5a4ffe", 0x14, 0x800, &(0x7f00000002c0)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e21, 0x7fffffff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xffffffff}}, 0x80)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x497, &(0x7f0000000380)={0x0, 0x607b, 0x8, 0x0, 0x284}, &(0x7f0000000280)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_CLOSE={0x13, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x3516, 0x0, 0x4, 0x0, 0x0)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0)
r6 = accept4(r5, 0x0, 0x0, 0x800)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r9, 0x4138ae84, &(0x7f0000000100)={{0x10000, 0x100000, 0x8, 0x1, 0x0, 0x0, 0x0, 0x20}, {0x0, 0x2000, 0x3, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x8, 0xef, 0x8}, {0x3000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6, 0x3, 0x0, 0x4}, {0x10000, 0xffff1000, 0xf, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x2000, 0xe, 0x2, 0xfe, 0x10, 0x6, 0x1, 0x1, 0x8, 0x4, 0x6}, {0x0, 0x8000000, 0x0, 0x0, 0x5, 0xfd, 0xfc, 0x0, 0x0, 0x5}, {0x80a0000, 0x5000, 0xa, 0x0, 0x80, 0xf9, 0x0, 0x7, 0x3a, 0x2, 0xff}, {0xeeee0000, 0x3000, 0x0, 0x2, 0x0, 0x54, 0x7, 0xfc, 0x4, 0x0, 0x0, 0x5}, {0x2000, 0x401}, {}, 0xddf8ffdb, 0x0, 0x0, 0x730, 0x8, 0x8000, 0x2000, [0xff, 0x0, 0x2]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000580)=[@textreal={0x8, 0x0}], 0x1, 0x12, 0x0, 0x0)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
r10 = socket$can_raw(0x1d, 0x3, 0x1)
r11 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000040)={'lo\x00', <r12=>0x0})
sendmsg$can_raw(r10, &(0x7f0000000000)={&(0x7f0000000580)={0x1d, r12}, 0x10, &(0x7f0000000100)={0x0}, 0x2, 0x0, 0x0, 0x4904}, 0x4040005)
sendmsg$nl_route_sched(r6, 0x0, 0x20040000)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
write$binfmt_misc(r4, &(0x7f0000000240), 0xfffffecc)

16m49.256934876s ago: executing program 9 (id=2892):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x6ea, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
set_mempolicy(0x1, &(0x7f0000000000)=0x2000051e2, 0x3ff)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x3}, @in=@empty, 0x0, 0x0, 0x1, 0x4, 0xa}, {0xbd1, 0x0, 0x40000003}, {0x81, 0x2}, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x8000, 0x33}, 0x0, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0xe8)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xffe0)

16m33.332667229s ago: executing program 39 (id=2892):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x6ea, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
set_mempolicy(0x1, &(0x7f0000000000)=0x2000051e2, 0x3ff)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x3}, @in=@empty, 0x0, 0x0, 0x1, 0x4, 0xa}, {0xbd1, 0x0, 0x40000003}, {0x81, 0x2}, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x8000, 0x33}, 0x0, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0xe8)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xffe0)

12m5.509170344s ago: executing program 1 (id=3484):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b78", 0x22, 0x0, &(0x7f0000000540)={0xc9, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

12m5.279183892s ago: executing program 1 (id=3487):
r0 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_buf(r0, 0x107, 0x15, 0x0, &(0x7f0000000080))
r1 = socket$inet6(0xa, 0x2, 0x0)
ftruncate(r1, 0x0)
getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000040)=0x14)

12m4.57972432s ago: executing program 1 (id=3490):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd) (fail_nth: 3)

12m3.878249993s ago: executing program 1 (id=3495):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
preadv2(r4, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0)

12m2.280396148s ago: executing program 1 (id=3499):
socket$netlink(0x10, 0x3, 0x8000000004)
memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
brk(0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000080)="5c00000013006bec9e3be35c6e17aa31076b876c1d0000007ea60864160af36507001ac00400020208000c000300010004000000eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0000300000000000000ffffc6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000265807954df0000a44000000010100000000000080090001106d61737100000000040002800900010073797a300000000009000200737992320000000014000000110001000000000000000000000c000abee65ccbb81f35ea123b9a15b64538ce9b02e1ae9f8de25469b903799c69bc40bf997600"/149, @ANYRES32=r3, @ANYRES16=r3], 0x6c}}, 0x0)
syz_emit_ethernet(0x2e, &(0x7f00000001c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x84, 0x0, @empty, @broadcast}, "dd9dec79219eb549dbd024c7"}}}}, 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x0, 0x4)
r6 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
geteuid()
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r6, 0x84, 0xf, &(0x7f0000000340)={0x0, @in={{0x2, 0x4e22, @rand_addr=0x64010100}}, 0x9, 0x7b0, 0x9, 0x7, 0x8}, &(0x7f00000000c0)=0x98)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, 0x0, 0x0)

12m1.861960741s ago: executing program 1 (id=3502):
socket$pppl2tp(0x18, 0x1, 0x1)
syz_io_uring_setup(0x9e, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r2)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000580)={'wg1\x00'})
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
syz_init_net_socket$ax25(0x3, 0x5, 0xcf)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r4, &(0x7f00000004c0)=""/57, 0x39)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x129a82, 0x0)
sendfile(r5, r5, 0x0, 0x8)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r6, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x100}})
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7fe, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x1d}, 0x2}, 0xffffffffffffffff, 0xb}}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
ftruncate(0xffffffffffffffff, 0x10000)
r7 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r7, 0x88, 0x1b, &(0x7f0000000100)={@remote}, 0x14)

11m49.895761738s ago: executing program 4 (id=3550):
socket$pppl2tp(0x18, 0x1, 0x1)
syz_io_uring_setup(0x9e, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r2)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000580)={'wg1\x00', <r4=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100e8ffffff00000000100000002000018008000100", @ANYRES32=r4, @ANYBLOB="14000200776731"], 0x34}}, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
syz_init_net_socket$ax25(0x3, 0x5, 0xcf)
syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x129a82, 0x0)
sendfile(r6, r6, 0x0, 0x8)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x100}})
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7fe, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x1d}, 0x2}, 0xffffffffffffffff, 0xb}}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
ftruncate(0xffffffffffffffff, 0x10000)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x88, 0x1b, &(0x7f0000000100)={@remote}, 0x14)

11m48.447527437s ago: executing program 4 (id=3553):
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
setresuid(0xee01, 0xee00, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d4", 0x20)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r2, 0x2)
dup3(r1, r2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001540)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000e12020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000006fd6850000002d000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setfsgid(0xffffffffffffffff)
syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3a6}, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000007c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

11m46.633950643s ago: executing program 4 (id=3555):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x7e)

11m46.597706245s ago: executing program 40 (id=3502):
socket$pppl2tp(0x18, 0x1, 0x1)
syz_io_uring_setup(0x9e, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r2)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000580)={'wg1\x00'})
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
syz_init_net_socket$ax25(0x3, 0x5, 0xcf)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r4, &(0x7f00000004c0)=""/57, 0x39)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x129a82, 0x0)
sendfile(r5, r5, 0x0, 0x8)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r6, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x100}})
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7fe, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x1d}, 0x2}, 0xffffffffffffffff, 0xb}}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
ftruncate(0xffffffffffffffff, 0x10000)
r7 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r7, 0x88, 0x1b, &(0x7f0000000100)={@remote}, 0x14)

11m46.368323759s ago: executing program 4 (id=3557):
syz_usb_connect(0x5, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x110, 0x9, 0x28, 0xfc, 0x10, 0x5ac, 0x291, 0x4325, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x40, 0x0, [{{0x9, 0x4, 0x84, 0x0, 0x0, 0x3, 0xe1, 0x2}}]}}]}}, 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x20, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000140)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)

11m44.675007238s ago: executing program 4 (id=3562):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
setpgid(0x0, r0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10)
utimes(&(0x7f0000000000)='./file0\x00', 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)

11m43.690481938s ago: executing program 4 (id=3564):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000004c0)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b1a0100001000090455070103490200090582030004"], 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f00000003c0)={0x0, 0x0, @ioapic={0x0, 0x0, 0xffffffff, 0x0, 0x0, [{}, {}, {}, {}, {0xfc}, {}, {}, {0xff, 0x1}, {}, {0x0, 0x0, 0x0, '\x00', 0xfc}, {}, {0x0, 0x0, 0x40, '\x00', 0x87}, {0x0, 0xff}, {}, {}, {0x0, 0x0, 0x3a}, {0x0, 0xff}, {0x80, 0x0, 0x81}, {0x0, 0x6}, {0x0, 0x0, 0x0, '\x00', 0x4}, {0x0, 0x0, 0xd4}, {}, {0x0, 0xfb}]}})
syz_usb_control_io(r0, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00N\b'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x40, &(0x7f00000003c0)=ANY=[])
syz_usb_control_io(r0, 0x0, 0x0)

11m27.578855648s ago: executing program 41 (id=3564):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000004c0)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b1a0100001000090455070103490200090582030004"], 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f00000003c0)={0x0, 0x0, @ioapic={0x0, 0x0, 0xffffffff, 0x0, 0x0, [{}, {}, {}, {}, {0xfc}, {}, {}, {0xff, 0x1}, {}, {0x0, 0x0, 0x0, '\x00', 0xfc}, {}, {0x0, 0x0, 0x40, '\x00', 0x87}, {0x0, 0xff}, {}, {}, {0x0, 0x0, 0x3a}, {0x0, 0xff}, {0x80, 0x0, 0x81}, {0x0, 0x6}, {0x0, 0x0, 0x0, '\x00', 0x4}, {0x0, 0x0, 0xd4}, {}, {0x0, 0xfb}]}})
syz_usb_control_io(r0, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00N\b'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x40, &(0x7f00000003c0)=ANY=[])
syz_usb_control_io(r0, 0x0, 0x0)

9m28.473364411s ago: executing program 5 (id=4020):
syz_emit_ethernet(0x4a, &(0x7f00000001c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x14, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b78", 0x22, 0x0, &(0x7f0000000540)={0xc9, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000d40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0xd0, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_EXPR={0x30, 0x11, 0x0, 0x1, @objref={{0xb}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJREF_IMM_TYPE={0x8, 0x1, 0x1, 0x0, 0x7}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x64, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}]}, @NFTA_SET_DESC_CONCAT={0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8c}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x40}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffefc5}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}, @NFT_MSG_NEWSET={0x7c, 0x9, 0xa, 0x3, 0x0, 0x0, {0x3, 0x0, 0x9}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x9}, @NFTA_SET_EXPR={0x1c, 0x11, 0x0, 0x1, @lookup={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LOOKUP_FLAGS={0x8}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELOBJ={0x1c, 0x14, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x9}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x1ac}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

9m28.388572852s ago: executing program 5 (id=4021):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0b00000000010000fd0000000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$kcm(0x2, 0x1000000000000002, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$kcm(0x2, 0x200000000000001, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="04000000040000000400000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4000000000b00007910000000000000c310000951000000950074000000000031fb0d3a4231020004399d17d34e075fdcda533ab1aa71ab1d764152e6cb25dadc7ded5dbe11b62ac5ea9fca11027d19e93adb604a7d3deb92de3141e8ed7ac5b8902070213cdfdc5d6c4890cdeb50347c32060581172b94c6ba22a2b58eb6cbad46ed6e7965a2ba103b0b36f790bb41931f9a3d4dd127c1b4e49f7468f5e603950c4f67581c92ef8a7e8ece17d5f5b169391ef409c39c263895739e3d702c128b35d5fc23469240c61e150e2bae385f9ac9b03c22b0f7050c166b835298c5911f1053a723aee89051c24e1900ab97fa52d2e06dce0248a829ed46a520db4c1432080bbf707ad2f8af8118ee7d434a960ed6be4455ba57cb06459b64689e77ce95823a5533f5b11118906fd2fc29b3697c637d3693d4b4aade6f9202e6cfa6d7507f88af38b6109ad8f82b1d600a5447831df835d7000000218b0222004f98a7a0caddc397d8414be912b4e7536fefd951fe23a56fbf9fc643c6604268b5ccc13b996aaed0a6f6470566c8f534e5d486b2141646b35fd4472be8195fd917446a8abb1c2cd5dc09e2d75ec00ede2841e497d5178cf9445c7bb11f3c5cfdcae8c476d3fb75cac727143f92798a44864b49366b6cf228d9bc1d99ab2104e3c2e17ec46fbce102c158ff3748f1eb90b83d8be0dfcefbeed222009b41ad34d8656daf41e23322e58d91811feffc39ec11b11cc611f6fbfd999c3bef10caa2e8692259d40d69ed3d85ec2813b007b8ce6384a28798f445ad7fc451865fe45a06977f7a785f8e97544aad1f844f2a4799944e0daf6d4c3a7d30b7d89781ca607048c50945c45d5a6f2c5145416176fd64c559e6a272b92c92052a9005aaa25d09613aba2e7d429ae40c249e7996e4bc213c24699889ea320c40f32dcdaa19893e17c57d7e8c51d5f320d99e8c2521c339c33bf6c41fde029061c088"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)
syz_open_procfs$namespace(0x0, &(0x7f00000003c0)='ns/net\x00')
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x2}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x20}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0x4}}]}}, 0x0, 0x5a}, 0x20)
socket$kcm(0x29, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0x3, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80000001}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x10, 0x2, 0x10)
r0 = socket$kcm(0x2, 0x1000000000000002, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0], 0x20)

9m28.141179456s ago: executing program 5 (id=4023):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, 0x0, 0x0)
listen(r1, 0xfffffffc)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)

9m27.811091943s ago: executing program 5 (id=4027):
listen(0xffffffffffffffff, 0x802)
socket$netlink(0x10, 0x3, 0x10)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, 0x0, 0x0)
listen(r1, 0xfffffffc)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)

9m26.337623221s ago: executing program 5 (id=4030):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
setpgid(0x0, r0)
open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
utimes(&(0x7f0000000000)='./file0\x00', 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)

9m25.261077167s ago: executing program 5 (id=4034):
syz_io_uring_setup(0x9e, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'wg1\x00', <r1=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100e8ffffff00000000100000002000018008000100", @ANYRES32=r1, @ANYBLOB="14000200776731"], 0x34}}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
syz_init_net_socket$ax25(0x3, 0x5, 0xcf)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x129a82, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x100}})
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7fe, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x1d}, 0x2}, 0xffffffffffffffff, 0xb}}, 0x48)

9m9.76318569s ago: executing program 42 (id=4034):
syz_io_uring_setup(0x9e, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'wg1\x00', <r1=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100e8ffffff00000000100000002000018008000100", @ANYRES32=r1, @ANYBLOB="14000200776731"], 0x34}}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
syz_init_net_socket$ax25(0x3, 0x5, 0xcf)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x129a82, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x100}})
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7fe, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x1d}, 0x2}, 0xffffffffffffffff, 0xb}}, 0x48)

3m55.97930401s ago: executing program 7 (id=5015):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

3m55.806336371s ago: executing program 7 (id=5016):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, 0x0)

3m55.154442461s ago: executing program 7 (id=5017):
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
r4 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000002c0)={<r5=>0x0}, &(0x7f0000000340)=0xc)
syz_pidfd_open(r5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000d80)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000020000a3c000000120a09080000000000000000020000000900020073797a310000000008000440000000"], 0x64}, 0x1, 0x0, 0x0, 0x5}, 0x0)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x4000, 0x80600})
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000000314230c2abd7000ff05df250900020073797a31000000000800410072786500"], 0x38}, 0x1, 0x0, 0x0, 0x48845}, 0x4000)
mmap(&(0x7f00008ab000/0x3000)=nil, 0x3000, 0xb635773f05ebbee1, 0x8031, 0xffffffffffffffff, 0x815d3000)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r8, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={0x0, 0x58}, 0x1, 0x0, 0x0, 0x24040014}, 0xc800)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100), 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r7, 0x0, 0x0)

3m52.598772312s ago: executing program 7 (id=5020):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x1218c0, 0x0)
ioctl$RTC_AIE_ON(r0, 0x7001)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x29, 0xfffffffe, 0xffffffff85000014, 0x4, 0x8007, 0x200000, 0x0, 0x0, 0x0, 0x40, 0xc3b2}}, 0x50)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={<r6=>0x0}, &(0x7f0000000180)=0xc)
write$FUSE_LK(0xffffffffffffffff, &(0x7f00000001c0)={0x28, 0x0, r5, {{0x3, 0x2, 0x0, r6}}}, 0x28)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r7}, 0x10)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0xbb1, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x23}, {{0x18, 0x1, 0x1, 0x0, r8}, {0x7, 0x0, 0xb, 0x6}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xd00}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x6}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x80}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {0x7, 0x1, 0xb, 0x4, 0x2}, {0x7, 0x0, 0x0, 0x6}, {0x4, 0x0, 0x7}, {0x18, 0x6, 0x2, 0x0, r8}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0x541b, &(0x7f0000000040)={<r9=>0xffffffffffffffff})
close_range(r9, 0xffffffffffffffff, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
socket(0x400000000010, 0x3, 0x0)
r10 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r10, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
read$eventfd(r11, &(0x7f0000000340), 0x8)
ioctl$RTC_AIE_OFF(r0, 0x7002)

3m50.967153048s ago: executing program 7 (id=5026):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, 0x0)

3m50.524080261s ago: executing program 7 (id=5029):
socket$nl_rdma(0x10, 0x3, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003ac0)=[{{&(0x7f0000000500)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000440)=[{&(0x7f0000000580)="61f185fde137c81d696bde633ab5df8238356f69c348ee5913366103cacaf66599415e4986e36a03625f404e9241e23a0ab3ddbad6974ecf6e65fb37a4c7c7f13cc4c72387872bcc712db49a8d7549b7340c6dda3fe0ba00521310d0c849f95f91c2e10e56f498ed65adf26cb835f2ca190cee4f56e4f2e9985de3910bed4f12a742129a5b7446f44f35b8154238cad5e0a93620452e89e69ef314f815efb4", 0x9f}, {&(0x7f0000000980)="634b20cf3b6b396441dffa8c20fb9adcdae55828a3d9f6469089d08a8d913566d7627279d3613c0480816bff7213edc144bf61565129fdde5edcd58c6996cf62e77adea145905a1e866c43609778ee8f6553df23ef574e458ca3b003a040919761eea089e3eb8336eab9d3f63394d1b53e3b123f6a2e73c3d497ebecb7da4f5f280378be36b9a97dec53b036363d41e2445709fd8cbef33c3eab7e53f3959a21da68ad95af9d176751a641114aec4f93210be91318e8e387dd450a3b20ffa55815c332b260f093199e5d1d1e7363be92864cb7355e8cb63d3d9d7332fde825edd1609229152f31f0d80a9a803e632a664caddbe5ddc1eca3986e7e441fca6e5dd9202c0df7d23c8796adcb09fd8154191eecc733a182584e00f25763407f4f432fa598a4fab99a065d312b3bf94d6f4be84e93790861f56872d679bfff5e3af4c903f817b2707db14a15ebcb160f1aded9707b245e5c73ec711c15de1729c260425dedd5610aa28dcf16f17a24a597470d017968689b3ae518af1456e4590ec3a9d23ccede3cc12f84f51cf0238d408cfba1afe36db8a2a72c236bb893a84e3ed841c27f230cc8612a1ef9b9171fb88fd036422eca09657c3c073513b0abddd4910243b2308254c2ea17faeabd583514c1d90c200c7426f41c682814840ca41cdb0d302139c0ecf68bd0de556d089b02a7a8f7e0f983942d287cd161727b28f28ad43507b14eeea13d25e4c7fb53d6dc371900e60d4ae64c585ef7c4698e43362875e15f2007304bbbb8284a2e598b3e9285898b8e93177e98691e7a4da19082e643c2d96d5896ad7eb50f4395e00770150e3182fe506392aa60059f1365a27d2af940b68f97c1b5cc6ba836d9b1069d469a8590ae58503317a0a07f0b590c6eaa7f7a4dc9a4a0ba6684ae866ad21b53820b288df8dc1b200b5a828687f3f02707da42f574c8d628136f8402308137b392b764b2d672515404db219af9a9b6197d71bf25194e3f50360ffd68a782601c0fa341ade1a345285ad504b1c50cb85d173a9742d9b6f11348cd9f5e51c5efe873e50abcdf2cfc2aa10923d2ea072a756b543da77e10ebe6d3698e1c4ec10e49fd74e74df095d5cce6486004c7a0abec9f69cb60d7a16384a9767c6b272721c982dfab3fecd6446ee82feb253253465c9e24af9ebabf83ef8832ea5dde7808dc2fc1299f9b59fb2f1cfcf92e0e043de190411b29543ad7f940756a0220687fc16af12ce139e8e6c1a824cfe9b529f43542de3f8049495eae6442db9acc7ba5f4bc3df983aebf0d1391e044aee4a4c6e4567a23dbfd768d6535f7259896a1d1c99782fea051e8b44845294e9c2bf3e279117f8dc5bc79ff206af655464091f1c41af7d928c1543358ff4a66e2c2b6450aee4b7220eaa3d3ca1e77c6273f0599b3fec71e05fb7c5d1e37b3853206a004c82936642ec9a88e27489bc33bf1a397faacae8308b1e48d27ed097d3fc82b959f4b412717d04457c0e4e1321e5dfcb46dc5ac8ad8d4fe9580edd28a0077cb43fdd6b201e400d8cdd03ec785582dce56ee059605a9224fedab6b5a945cd8066a93b065c8dbed89fb395501c4f581e4e075fa912829733b862f583839d391639ea7364b514de96933a27ad06efd43416787bbcc69cd1360c7f61883bd293c5cfd8b387f1766db456d8cc8a024d98eec14dbf388fc212b610937c63b9638fe381efcc3d7388e38129e81b4ee5f274d3190281496103b1d0cac17c10b7661a04c009b449545a3cd610e9adcaed1d1b4dd09c81517d96bfc05c3df24a0fe4e1b2f2da08d40bc93cdd1a4718dbcb5b5b43e54967f8ee83ba01afc93026a36bce4a8bd156c6cd39d56f034c437ea7125c12947a5438def08bb156db296e893f82b1559cca85def648ec611de4d8d31dcc666b4b7e2e16ee111fd036ed9629970605744c242423d83ba0d35c015f977e21de74f680797b3b970c355e181b6068b952cd080dfc6f2ffcbd7bf30a6d4a361fbb22d2087e18a3e242ed81bd165f5a150899d05ac6b6a248d974f502902e19ba244392d4d621eb2c0d7748a89c2ce32ddcccda51d0eb1515b035b4aac303db7a17dfa88edf0b971761ed446a583d715504267d30753165a857cba115a9ca543dd4541bcd93d18f363db74a07b205cb6757bc2604338f2d7e28a6bf9d64a3994f0edf9c5228ce10e7b821aea9adb58e1a896b765150c53a4b4a03b678a58b0764ed56cd70d459594f18a49330f9ecd34db073336f1b6add9ab8ee08c295d0fd2fdc4c95793c662eae0ebe44991d3c0387dca2edeed471037899f244c099d9d8a13f752f070c64aee68473523c992383f0eb3879aa92fae83fdc88339c2b4d463884a9a962c6a9ec7fd6057ad0330d51a2d3eaf04d288c58b16f1fe16e256be236fa778a29bb1148d737a43bbabbd5eb9a20cd7e992163d0c3cbb10ca8b4db74f17be42c8374538258ce133b382e604cf1b3f2530d43f3da3dbaac14e1613801a56b8ca229f702029bb4c72d29417c5e1a0dad17a3cf0a3f439d1673d409ffaeba28a57b5e83f5a1e38ecc232346d8237cd0fe9bc9d5b1a1a201903ced8fa03a61339bfccfc264871b160b7fc7200ba50c34e71b16d52e962f6ff2526e1e06f8111e5cf494dcb21aadf6f6e052d28ab2b022b6456984f5930bc855c720547887476d161ae6cd682b052853226b63f598233d00dbf5d4363a1df9c0c6c0e3bb7fa685559ca2898376a996b7a1a2255adff79e21642f31bce2c8d0f3fa53a340d9c81e1f692e64169d7881a5fd8787cc61e7bb469bbe5d935ce9aa93a58b5229f7ca1f275df8045cfadcf929c928091d94d7ce83e218e294403fc4c12d9882547ff824860ad125f7d61d1b3c592b30cb5d1a4f4bd768d0a95adc10b9d9bd575b36726d9081fdc5aa364cbae5bf0ff0ed2d8b8703074c49a91b52293366e62722424b5c798d7ac56cc9139f560a951af0f54e87a0dc61f1280cded6c71119918439796040b4bee85454d3e6a9fa0473e97e4fdd446128140a204354b68444f66bc9b18fbf087e37a5dd5b2d66ff74e5d28310b2e3777bbc07b37508eecbc7f67b6a858a0a81a05f2d8542b29d01b0adb6f93029c8c4b81d672e3f979f8a4773128aac34239aa095505af187259d078fa6d8a67b0bfe4daf779f276ad6669751607d916cea5d9812fc89e15d0cc04ebee62ad30288c1f0e2fc8cd7653cc5f4754f56197167e6a8b2df0426454fa150a5d40743e324d3335d8ea9452cfc9a8e8713025791c975928a297092704c64959342f5674fdc39a351966df20dc78e73eb65ee996fa3967bafdc01e975646b85566413f63dbf86c16e9f9a83bfa4376bcd2c9650cb29dad37403c3b1a603f06295ffae472677e473c92797e1ea6a7e03f41293a6e54892f52dc5edaf0f77d9cb2d29d8aab01b78ee2fd947eeeb6a447f152033c6acbfb339d04312c97088b5fbd39b879f6c951156cee55cf54504fb2fc795c8179d1e5d916a3805153677e25cc235d2ad62799d2fa6386c13475e55e18016fe45cc85f2bba5ca7cc78a9d41da9cf993aaa238d021de4d1a73a223cdb40a2e8cb038af2b5b8469a6239f16deeb5f4536e43ae5871865a5a7e52a3fa344a18f9c25634c434749faf72aeb2a74224af90abd9e2d77c335e7032b3625c7c6cf8b1d048eadc44e005c73671bd6ff8791803dad1d51cc891fe00bc6aa930cede9c66c388c3880acb934bcb5b018cf68372a46e59ca292bb7ccedfd46b8fc147cdcc620bd7a865ba1dff6452c7997a6ee1119e1aa9fc94ec9e491806e2766e00ed6f6525243d864e4af8fce734f5ff5f701a6ecb678911a451dd21f990919247701d04e7d01153f9ab23b9339f4f196f0935e5a56bfe46719b8a7b59dbbaccd8b89bf7526c7af7c4c58383897a46d34bb40327b13933f1beb3594f85a656653845f77f1da523d92f5f638fcd10b3d47b6af36ea678fd5748b2a2a93dc3195e520dd9f17b17d5862c78b0972f1ab74722fb7a2607315189f2bee922520141b1c592c89a67a7ebc58acfbfc86028067476acea6e1f8d409ea74a8d33e893e1cb64c6e7a9bf04f3fa7f58241651064bf3a2c1f11a4f6d6f7bee2b5289d9a25aa7568b3971d8af02452cd4fd615010d015548ac323b1d8114bc7508bf1621a561d55d4cfbb0dce306834b890229d6b5e0bb4750165a2e4aafef4dde57cac8b7c51cc8c166b39f5425c95a8259ec80d80f428371e542b6fc4851d21431593ae1d430d81acdcdafdfee3743789298ac1a575ea029146a77dd55917ae1d727ef3ceb5f86bf7d9d460ec6dc1f1d622b00e5c4238c3cd86dbb2c67a9814bc58d4d20bd39c11331afbc4c69eb170b7c7dfb5a5662087d08753f4a4f52c54d4d3ee8d70a8c749f9bff29d241d2fcd3bb0acef431c5ebf26633c90781d93c7da337a83f5ba7ea5399a96ceb8ac1310e0b0c2ff72cd1aba0ddbd4949c1c6024f0194090a99095226e267d8bb0b6b5e9128d6504268ce24f95e70ff626c58b03d8189785e896d4ef97c7a25fac5f4c23c3e30d3909ddaed6127cc85f8ab97824c466dd30783be58ad149e1eb6557a8398aab2cb55ae488e6c2fc07dc880dd954880a0a47cec8c1f4a91a3bd3d57e930c85a5ed3d188c342f2fc776c782db81bd5f901bf12fa6635967c66ad50413a4009af4a764f32e3602cab3415d7280cfaf23cfb351a0a3b245c8b566ed06c025bbcdfff813eb6aecc1f6d876ea1b383a4bec11938a828e2ecc8f22e3ceec69caafd86e5e2550bc5cda61aae9268ee2d0890cb15703547b62462e34185079a76d075797442e5861157213d0139415f15ec5ba2e73ec5dc4caf4ab88e3ba2ab88510cc2f2407d7dc9c0f587557df15a365af0b748ea6b5ec2fbae9fd9efbbba1953adc48409e0a6f33bf4db754f2fe5399d957ac86ef047ea4967fc171cc5a0a119c4b157d29241b0de69510a7515753730ab3644d875cb17fb2689bab1a21a4d2c6b5e82ada6d235385286af24d1faccf2efdf7b0335a6e6103da2d95b72fc79421efed0b69fce42b64bf0aab15d3f8f1997d478023c6bfaa4c7e04a883ba0838f54debcd3455d8dac0a9f4252b6213e178c1619e1566f8fc999ed1c675dd8f7fc37566e349006c80b0032690c927f417e81257521ceb491854a4460bc59450e4a6bbbccfb3458d3f2fdcf9e6eedb01bc19502c795001e472489d0fa4da32d772068d89d429527e5c9b8c0f7d88bf571d69f4aaaca4a0af1685cf4b028bec3560a15fb853d1c314ab461e169e07095f796f7e46cc364879046d59e4861d9f11647a8a1aabf9bc2f28b27254661dd8ba2f11a58ba626c9c94d6c0d12ac58081d3c9598186864044f0105a96881c1efacb8baef4d7e03613202fb5cdacaae9c6bc093020b30ca0109447370a28d1070a7fc5888bd2d73a5d26efcbea0e6007d8c228c34aa0cdb084fa66d3875d13081836cb0ff48339c0d17dd83ead5c80aaa0520771eaeaea6919b281c61159959515f4ccf53815812ff63b5f8867e0b94eccc04b2dcc9bc453b115be307e5a38e56540008766f1e6066f7d307e543e6fdaef0cd8a19484064cafeb6791113f9b0127d235e28210456a7714adbce7fce59f289f6e5c852d00d510d798830a871816eccce6d52b6bbb84d255ad98a366717be7656d106c27514975dfb284d6d78ac1efdd71ea90df6f9ce7723c43b561e80c66ddaeb30d9938df355d895e154e1b1fb7dbc480a26cf2e5033f9eaf338644d6374e784f32fdb7862a4f150b2a1ddb8f2264", 0x1000}, {&(0x7f00000006c0)="8fa4538b59fb434f26ee71a8234376e05d6519ea3c9041d55f23d63e096d5f07221699c78020f08e39002e5644a22a91a1290cf609cf5eedd12e7a769242e7eded1f904f2aef249f6dcc920e5712cbc6eeb54f71ad864f32193ef9dee5571fa6cfd7304e56dc9e7b0795d968f594df443a3644941c87d0c1a7f590180699eeba75da75db798554ae789c74f923098c50b6a04c338315e026f48f65e1a62193d2a6fcb4679522dce3c7e05e243637a2a227a01358c5537d3711532296a9fb6fd7012770919968827e247bb8380f464a88d2749782b12afc3b8eecdd7e3c7df95ed7e342d19eb97e0e3d0ddf76c1f1bf06df89232fb7a17f1914", 0xf9}, {&(0x7f0000001980)="cd455cbbf5613e177125b3538cf7cca66a0df32eb92a664616812189b0037a14993e9c3142c901adc1fc616b9bdfa4a90862efe58e635a89d7dbb778aa57fafae1f3970171d83d2c25bf9d0a97baf53780c3639bf98e2f259761f94c7175d611d3e09e9d9d2812766178705e932016bb06a8a2bf747f5c2bb52a64fc8f0fad0f340488627efb07c16c5a342c415195e3207884d9a4dff3285c3f97ae440db169c51941a2d1e59788930b7cc1e0425b252cd4ee2f97faadc926c6a0371cac469e25be9e93892d0f918844a8bba6eb", 0xce}], 0x4, &(0x7f0000000800)=[@rights={{0x10, 0x1, 0x1, [r1]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, r0]}}], 0x24, 0x8000}}], 0x1, 0x0)
r2 = socket(0x2000000015, 0x80005, 0x0)
bind$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast1, 0x200}, 0x1c)
sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380000, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xae, 0x6, 0x7, 0x0, 0xfffffffffffff04f, 0x7, 0x80000000, 0xfffffffffffffff8, 0xffffffffffffffff, 0x2, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8})
clock_adjtime(0x7, &(0x7f0000000900)={0x6, 0x20000000e, 0xf, 0x0, 0xb, 0xfffffffc, 0x4000a, 0x2, 0x7b7, 0x4, 0x5, 0x8000000000000000, 0xc, 0x9, 0x7, 0x9, 0x8, 0x3, 0x8, 0xfffffffffffffffa, 0x0, 0x3, 0x7, 0x7, 0x3, 0x6})
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x3b4, 0xa4, 0xa4, 0xfeffffff, 0x138, 0xa4, 0x320, 0x320, 0xffffffff, 0x320, 0x320, 0x5, 0x0, {[{{@ip={@broadcast, @remote, 0x0, 0xffffffff, 'geneve1\x00', 'geneve0\x00'}, 0x0, 0x70, 0xa4}, @MASQUERADE={0x34, 'MASQUERADE\x00', 0x0, {0x7ffffffe, {0x12, @dev={0xac, 0x14, 0x14, 0x3f}, @private=0xa010102, @port=0x4e24, @gre_key=0x6}}}}, {{@uncond, 0x0, 0x70, 0x94, 0x0, {0x0, 0x7}}, @common=@unspec=@STANDARD={0x24, '\x00', 0x0, 0xa4}}, {{@uncond, 0x0, 0x110, 0x144, 0x0, {}, [@common=@osf={{0x50}, {'syz1\x00', 0x0, 0xe, 0x0, 0x2}}, @common=@osf={{0x50}, {'syz0\x00', 0x0, 0xd, 0x0, 0x1}}]}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0xd00, {0x0, @local, @local, @gre_key, @gre_key}}}}, {{@ip={@private, @local, 0x0, 0x0, 'veth1_virt_wifi\x00', 'pim6reg0\x00', {}, {0xff}, 0x29}, 0x0, 0x70, 0xa4}, @MASQUERADE={0x34, 'MASQUERADE\x00', 0x0, {0x1, {0x10, @local, @loopback, @icmp_id=0x67, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x410)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$tipc(0x1e, 0x5, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf5, 0xb206, &(0x7f0000006680))
inotify_rm_watch(0xffffffffffffffff, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)

3m35.040757574s ago: executing program 43 (id=5029):
socket$nl_rdma(0x10, 0x3, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003ac0)=[{{&(0x7f0000000500)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000440)=[{&(0x7f0000000580)="61f185fde137c81d696bde633ab5df8238356f69c348ee5913366103cacaf66599415e4986e36a03625f404e9241e23a0ab3ddbad6974ecf6e65fb37a4c7c7f13cc4c72387872bcc712db49a8d7549b7340c6dda3fe0ba00521310d0c849f95f91c2e10e56f498ed65adf26cb835f2ca190cee4f56e4f2e9985de3910bed4f12a742129a5b7446f44f35b8154238cad5e0a93620452e89e69ef314f815efb4", 0x9f}, {&(0x7f0000000980)="634b20cf3b6b396441dffa8c20fb9adcdae55828a3d9f6469089d08a8d913566d7627279d3613c0480816bff7213edc144bf61565129fdde5edcd58c6996cf62e77adea145905a1e866c43609778ee8f6553df23ef574e458ca3b003a040919761eea089e3eb8336eab9d3f63394d1b53e3b123f6a2e73c3d497ebecb7da4f5f280378be36b9a97dec53b036363d41e2445709fd8cbef33c3eab7e53f3959a21da68ad95af9d176751a641114aec4f93210be91318e8e387dd450a3b20ffa55815c332b260f093199e5d1d1e7363be92864cb7355e8cb63d3d9d7332fde825edd1609229152f31f0d80a9a803e632a664caddbe5ddc1eca3986e7e441fca6e5dd9202c0df7d23c8796adcb09fd8154191eecc733a182584e00f25763407f4f432fa598a4fab99a065d312b3bf94d6f4be84e93790861f56872d679bfff5e3af4c903f817b2707db14a15ebcb160f1aded9707b245e5c73ec711c15de1729c260425dedd5610aa28dcf16f17a24a597470d017968689b3ae518af1456e4590ec3a9d23ccede3cc12f84f51cf0238d408cfba1afe36db8a2a72c236bb893a84e3ed841c27f230cc8612a1ef9b9171fb88fd036422eca09657c3c073513b0abddd4910243b2308254c2ea17faeabd583514c1d90c200c7426f41c682814840ca41cdb0d302139c0ecf68bd0de556d089b02a7a8f7e0f983942d287cd161727b28f28ad43507b14eeea13d25e4c7fb53d6dc371900e60d4ae64c585ef7c4698e43362875e15f2007304bbbb8284a2e598b3e9285898b8e93177e98691e7a4da19082e643c2d96d5896ad7eb50f4395e00770150e3182fe506392aa60059f1365a27d2af940b68f97c1b5cc6ba836d9b1069d469a8590ae58503317a0a07f0b590c6eaa7f7a4dc9a4a0ba6684ae866ad21b53820b288df8dc1b200b5a828687f3f02707da42f574c8d628136f8402308137b392b764b2d672515404db219af9a9b6197d71bf25194e3f50360ffd68a782601c0fa341ade1a345285ad504b1c50cb85d173a9742d9b6f11348cd9f5e51c5efe873e50abcdf2cfc2aa10923d2ea072a756b543da77e10ebe6d3698e1c4ec10e49fd74e74df095d5cce6486004c7a0abec9f69cb60d7a16384a9767c6b272721c982dfab3fecd6446ee82feb253253465c9e24af9ebabf83ef8832ea5dde7808dc2fc1299f9b59fb2f1cfcf92e0e043de190411b29543ad7f940756a0220687fc16af12ce139e8e6c1a824cfe9b529f43542de3f8049495eae6442db9acc7ba5f4bc3df983aebf0d1391e044aee4a4c6e4567a23dbfd768d6535f7259896a1d1c99782fea051e8b44845294e9c2bf3e279117f8dc5bc79ff206af655464091f1c41af7d928c1543358ff4a66e2c2b6450aee4b7220eaa3d3ca1e77c6273f0599b3fec71e05fb7c5d1e37b3853206a004c82936642ec9a88e27489bc33bf1a397faacae8308b1e48d27ed097d3fc82b959f4b412717d04457c0e4e1321e5dfcb46dc5ac8ad8d4fe9580edd28a0077cb43fdd6b201e400d8cdd03ec785582dce56ee059605a9224fedab6b5a945cd8066a93b065c8dbed89fb395501c4f581e4e075fa912829733b862f583839d391639ea7364b514de96933a27ad06efd43416787bbcc69cd1360c7f61883bd293c5cfd8b387f1766db456d8cc8a024d98eec14dbf388fc212b610937c63b9638fe381efcc3d7388e38129e81b4ee5f274d3190281496103b1d0cac17c10b7661a04c009b449545a3cd610e9adcaed1d1b4dd09c81517d96bfc05c3df24a0fe4e1b2f2da08d40bc93cdd1a4718dbcb5b5b43e54967f8ee83ba01afc93026a36bce4a8bd156c6cd39d56f034c437ea7125c12947a5438def08bb156db296e893f82b1559cca85def648ec611de4d8d31dcc666b4b7e2e16ee111fd036ed9629970605744c242423d83ba0d35c015f977e21de74f680797b3b970c355e181b6068b952cd080dfc6f2ffcbd7bf30a6d4a361fbb22d2087e18a3e242ed81bd165f5a150899d05ac6b6a248d974f502902e19ba244392d4d621eb2c0d7748a89c2ce32ddcccda51d0eb1515b035b4aac303db7a17dfa88edf0b971761ed446a583d715504267d30753165a857cba115a9ca543dd4541bcd93d18f363db74a07b205cb6757bc2604338f2d7e28a6bf9d64a3994f0edf9c5228ce10e7b821aea9adb58e1a896b765150c53a4b4a03b678a58b0764ed56cd70d459594f18a49330f9ecd34db073336f1b6add9ab8ee08c295d0fd2fdc4c95793c662eae0ebe44991d3c0387dca2edeed471037899f244c099d9d8a13f752f070c64aee68473523c992383f0eb3879aa92fae83fdc88339c2b4d463884a9a962c6a9ec7fd6057ad0330d51a2d3eaf04d288c58b16f1fe16e256be236fa778a29bb1148d737a43bbabbd5eb9a20cd7e992163d0c3cbb10ca8b4db74f17be42c8374538258ce133b382e604cf1b3f2530d43f3da3dbaac14e1613801a56b8ca229f702029bb4c72d29417c5e1a0dad17a3cf0a3f439d1673d409ffaeba28a57b5e83f5a1e38ecc232346d8237cd0fe9bc9d5b1a1a201903ced8fa03a61339bfccfc264871b160b7fc7200ba50c34e71b16d52e962f6ff2526e1e06f8111e5cf494dcb21aadf6f6e052d28ab2b022b6456984f5930bc855c720547887476d161ae6cd682b052853226b63f598233d00dbf5d4363a1df9c0c6c0e3bb7fa685559ca2898376a996b7a1a2255adff79e21642f31bce2c8d0f3fa53a340d9c81e1f692e64169d7881a5fd8787cc61e7bb469bbe5d935ce9aa93a58b5229f7ca1f275df8045cfadcf929c928091d94d7ce83e218e294403fc4c12d9882547ff824860ad125f7d61d1b3c592b30cb5d1a4f4bd768d0a95adc10b9d9bd575b36726d9081fdc5aa364cbae5bf0ff0ed2d8b8703074c49a91b52293366e62722424b5c798d7ac56cc9139f560a951af0f54e87a0dc61f1280cded6c71119918439796040b4bee85454d3e6a9fa0473e97e4fdd446128140a204354b68444f66bc9b18fbf087e37a5dd5b2d66ff74e5d28310b2e3777bbc07b37508eecbc7f67b6a858a0a81a05f2d8542b29d01b0adb6f93029c8c4b81d672e3f979f8a4773128aac34239aa095505af187259d078fa6d8a67b0bfe4daf779f276ad6669751607d916cea5d9812fc89e15d0cc04ebee62ad30288c1f0e2fc8cd7653cc5f4754f56197167e6a8b2df0426454fa150a5d40743e324d3335d8ea9452cfc9a8e8713025791c975928a297092704c64959342f5674fdc39a351966df20dc78e73eb65ee996fa3967bafdc01e975646b85566413f63dbf86c16e9f9a83bfa4376bcd2c9650cb29dad37403c3b1a603f06295ffae472677e473c92797e1ea6a7e03f41293a6e54892f52dc5edaf0f77d9cb2d29d8aab01b78ee2fd947eeeb6a447f152033c6acbfb339d04312c97088b5fbd39b879f6c951156cee55cf54504fb2fc795c8179d1e5d916a3805153677e25cc235d2ad62799d2fa6386c13475e55e18016fe45cc85f2bba5ca7cc78a9d41da9cf993aaa238d021de4d1a73a223cdb40a2e8cb038af2b5b8469a6239f16deeb5f4536e43ae5871865a5a7e52a3fa344a18f9c25634c434749faf72aeb2a74224af90abd9e2d77c335e7032b3625c7c6cf8b1d048eadc44e005c73671bd6ff8791803dad1d51cc891fe00bc6aa930cede9c66c388c3880acb934bcb5b018cf68372a46e59ca292bb7ccedfd46b8fc147cdcc620bd7a865ba1dff6452c7997a6ee1119e1aa9fc94ec9e491806e2766e00ed6f6525243d864e4af8fce734f5ff5f701a6ecb678911a451dd21f990919247701d04e7d01153f9ab23b9339f4f196f0935e5a56bfe46719b8a7b59dbbaccd8b89bf7526c7af7c4c58383897a46d34bb40327b13933f1beb3594f85a656653845f77f1da523d92f5f638fcd10b3d47b6af36ea678fd5748b2a2a93dc3195e520dd9f17b17d5862c78b0972f1ab74722fb7a2607315189f2bee922520141b1c592c89a67a7ebc58acfbfc86028067476acea6e1f8d409ea74a8d33e893e1cb64c6e7a9bf04f3fa7f58241651064bf3a2c1f11a4f6d6f7bee2b5289d9a25aa7568b3971d8af02452cd4fd615010d015548ac323b1d8114bc7508bf1621a561d55d4cfbb0dce306834b890229d6b5e0bb4750165a2e4aafef4dde57cac8b7c51cc8c166b39f5425c95a8259ec80d80f428371e542b6fc4851d21431593ae1d430d81acdcdafdfee3743789298ac1a575ea029146a77dd55917ae1d727ef3ceb5f86bf7d9d460ec6dc1f1d622b00e5c4238c3cd86dbb2c67a9814bc58d4d20bd39c11331afbc4c69eb170b7c7dfb5a5662087d08753f4a4f52c54d4d3ee8d70a8c749f9bff29d241d2fcd3bb0acef431c5ebf26633c90781d93c7da337a83f5ba7ea5399a96ceb8ac1310e0b0c2ff72cd1aba0ddbd4949c1c6024f0194090a99095226e267d8bb0b6b5e9128d6504268ce24f95e70ff626c58b03d8189785e896d4ef97c7a25fac5f4c23c3e30d3909ddaed6127cc85f8ab97824c466dd30783be58ad149e1eb6557a8398aab2cb55ae488e6c2fc07dc880dd954880a0a47cec8c1f4a91a3bd3d57e930c85a5ed3d188c342f2fc776c782db81bd5f901bf12fa6635967c66ad50413a4009af4a764f32e3602cab3415d7280cfaf23cfb351a0a3b245c8b566ed06c025bbcdfff813eb6aecc1f6d876ea1b383a4bec11938a828e2ecc8f22e3ceec69caafd86e5e2550bc5cda61aae9268ee2d0890cb15703547b62462e34185079a76d075797442e5861157213d0139415f15ec5ba2e73ec5dc4caf4ab88e3ba2ab88510cc2f2407d7dc9c0f587557df15a365af0b748ea6b5ec2fbae9fd9efbbba1953adc48409e0a6f33bf4db754f2fe5399d957ac86ef047ea4967fc171cc5a0a119c4b157d29241b0de69510a7515753730ab3644d875cb17fb2689bab1a21a4d2c6b5e82ada6d235385286af24d1faccf2efdf7b0335a6e6103da2d95b72fc79421efed0b69fce42b64bf0aab15d3f8f1997d478023c6bfaa4c7e04a883ba0838f54debcd3455d8dac0a9f4252b6213e178c1619e1566f8fc999ed1c675dd8f7fc37566e349006c80b0032690c927f417e81257521ceb491854a4460bc59450e4a6bbbccfb3458d3f2fdcf9e6eedb01bc19502c795001e472489d0fa4da32d772068d89d429527e5c9b8c0f7d88bf571d69f4aaaca4a0af1685cf4b028bec3560a15fb853d1c314ab461e169e07095f796f7e46cc364879046d59e4861d9f11647a8a1aabf9bc2f28b27254661dd8ba2f11a58ba626c9c94d6c0d12ac58081d3c9598186864044f0105a96881c1efacb8baef4d7e03613202fb5cdacaae9c6bc093020b30ca0109447370a28d1070a7fc5888bd2d73a5d26efcbea0e6007d8c228c34aa0cdb084fa66d3875d13081836cb0ff48339c0d17dd83ead5c80aaa0520771eaeaea6919b281c61159959515f4ccf53815812ff63b5f8867e0b94eccc04b2dcc9bc453b115be307e5a38e56540008766f1e6066f7d307e543e6fdaef0cd8a19484064cafeb6791113f9b0127d235e28210456a7714adbce7fce59f289f6e5c852d00d510d798830a871816eccce6d52b6bbb84d255ad98a366717be7656d106c27514975dfb284d6d78ac1efdd71ea90df6f9ce7723c43b561e80c66ddaeb30d9938df355d895e154e1b1fb7dbc480a26cf2e5033f9eaf338644d6374e784f32fdb7862a4f150b2a1ddb8f2264", 0x1000}, {&(0x7f00000006c0)="8fa4538b59fb434f26ee71a8234376e05d6519ea3c9041d55f23d63e096d5f07221699c78020f08e39002e5644a22a91a1290cf609cf5eedd12e7a769242e7eded1f904f2aef249f6dcc920e5712cbc6eeb54f71ad864f32193ef9dee5571fa6cfd7304e56dc9e7b0795d968f594df443a3644941c87d0c1a7f590180699eeba75da75db798554ae789c74f923098c50b6a04c338315e026f48f65e1a62193d2a6fcb4679522dce3c7e05e243637a2a227a01358c5537d3711532296a9fb6fd7012770919968827e247bb8380f464a88d2749782b12afc3b8eecdd7e3c7df95ed7e342d19eb97e0e3d0ddf76c1f1bf06df89232fb7a17f1914", 0xf9}, {&(0x7f0000001980)="cd455cbbf5613e177125b3538cf7cca66a0df32eb92a664616812189b0037a14993e9c3142c901adc1fc616b9bdfa4a90862efe58e635a89d7dbb778aa57fafae1f3970171d83d2c25bf9d0a97baf53780c3639bf98e2f259761f94c7175d611d3e09e9d9d2812766178705e932016bb06a8a2bf747f5c2bb52a64fc8f0fad0f340488627efb07c16c5a342c415195e3207884d9a4dff3285c3f97ae440db169c51941a2d1e59788930b7cc1e0425b252cd4ee2f97faadc926c6a0371cac469e25be9e93892d0f918844a8bba6eb", 0xce}], 0x4, &(0x7f0000000800)=[@rights={{0x10, 0x1, 0x1, [r1]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, r0]}}], 0x24, 0x8000}}], 0x1, 0x0)
r2 = socket(0x2000000015, 0x80005, 0x0)
bind$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast1, 0x200}, 0x1c)
sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380000, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xae, 0x6, 0x7, 0x0, 0xfffffffffffff04f, 0x7, 0x80000000, 0xfffffffffffffff8, 0xffffffffffffffff, 0x2, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8})
clock_adjtime(0x7, &(0x7f0000000900)={0x6, 0x20000000e, 0xf, 0x0, 0xb, 0xfffffffc, 0x4000a, 0x2, 0x7b7, 0x4, 0x5, 0x8000000000000000, 0xc, 0x9, 0x7, 0x9, 0x8, 0x3, 0x8, 0xfffffffffffffffa, 0x0, 0x3, 0x7, 0x7, 0x3, 0x6})
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x3b4, 0xa4, 0xa4, 0xfeffffff, 0x138, 0xa4, 0x320, 0x320, 0xffffffff, 0x320, 0x320, 0x5, 0x0, {[{{@ip={@broadcast, @remote, 0x0, 0xffffffff, 'geneve1\x00', 'geneve0\x00'}, 0x0, 0x70, 0xa4}, @MASQUERADE={0x34, 'MASQUERADE\x00', 0x0, {0x7ffffffe, {0x12, @dev={0xac, 0x14, 0x14, 0x3f}, @private=0xa010102, @port=0x4e24, @gre_key=0x6}}}}, {{@uncond, 0x0, 0x70, 0x94, 0x0, {0x0, 0x7}}, @common=@unspec=@STANDARD={0x24, '\x00', 0x0, 0xa4}}, {{@uncond, 0x0, 0x110, 0x144, 0x0, {}, [@common=@osf={{0x50}, {'syz1\x00', 0x0, 0xe, 0x0, 0x2}}, @common=@osf={{0x50}, {'syz0\x00', 0x0, 0xd, 0x0, 0x1}}]}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0xd00, {0x0, @local, @local, @gre_key, @gre_key}}}}, {{@ip={@private, @local, 0x0, 0x0, 'veth1_virt_wifi\x00', 'pim6reg0\x00', {}, {0xff}, 0x29}, 0x0, 0x70, 0xa4}, @MASQUERADE={0x34, 'MASQUERADE\x00', 0x0, {0x1, {0x10, @local, @loopback, @icmp_id=0x67, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x410)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$tipc(0x1e, 0x5, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf5, 0xb206, &(0x7f0000006680))
inotify_rm_watch(0xffffffffffffffff, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)

2m31.41774449s ago: executing program 8 (id=5273):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = dup(0xffffffffffffffff)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
unlink(0x0)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, 0x0, 0x0)

2m26.493332425s ago: executing program 8 (id=5287):
syz_open_procfs$namespace(0xffffffffffffffff, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000a80)='ns/pid\x00')
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x180, 0x0)
ioctl$TIOCGSOFTCAR(r0, 0x5414, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
r3 = syz_io_uring_setup(0x837, &(0x7f0000000180)={0x0, 0x2b94, 0x80, 0x4, 0x3cf}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000100)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x8, 0x0, 0x5d, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r6}})
io_uring_enter(r3, 0x3516, 0xd66e, 0x0, 0x0, 0x0)

2m26.245876481s ago: executing program 6 (id=5290):
socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
r5 = landlock_create_ruleset(&(0x7f0000000140)={0x4080, 0x1}, 0x18, 0x0)
landlock_restrict_self(r5, 0x1)
r6 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
write$6lowpan_enable(r1, &(0x7f00000000c0)='1', 0x1)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r6, 0x40045542, &(0x7f00000001c0))
r7 = syz_open_dev$dmmidi(&(0x7f0000001580), 0x200, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000380), 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r8 = io_uring_setup(0x30f9, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r9)
rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file5\x00')
r10 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
ioctl$SG_SET_RESERVED_SIZE(r10, 0x2275, &(0x7f0000000080)=0x2e9aa845)
io_submit(0x0, 0x7, &(0x7f00000018c0)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x2, 0x6, r8, &(0x7f0000000400)="ec1b8fb3fa9c1e620ba4593108091163a452d667751dcf9ab14befbf2442f7bd092a8a51c138f09570a6fc6b24b1eee7259abc34793c243bd4509a9917ff54d9bf22e97aef4447d7a004dddbe09323c66c9e539eab4a6591708d95155233e7732fc856888e4caf909814f58aa6b26effe12d7a7b362595944f529cb50cb72a4efcfe213f2570b392c114859d591981434cd9ddac1fc17e12c3d9b1f1b7a184b414db38181b64a5350a5151045d4c5996c895e1940cfedd0fb5c4fee9e2eb100c451317221aeaa27f46a1c03488c1454b86450b14e3d37b1dde0080355730296431cd255ddc176e4f82850c934c47236089b3d322389fd56b55835a9735ab971d208c8cf446da98d481b09a31e2c736c2ec39f674ba819cb22d62d6526d57e5df9536fd1d1f77dc1f522234b27232ce7507dab2802555da17c8a087d4df1f825f970da86f2d39d04a11d28c1dfa11ca1933a468f528566dcbcb86eac475cf5d9674338714edd70e32aec0bbfef0c222dda8270b18eab229c8997c0236073cef47b76884bc658f9eac03206f73e4e640ba74e8edd104003494f8dd16ede7655408ed670cfc7c19b0dd0ef25a2e00be12a83a1e8ce6b5f9c0c34d669d380de66e1f53c2409f33954c2282639525b78e76f2f6028af4fc7b17a47fd1dadb76c48b469119fa1368797300dfa8000a1087e247d9ad816c099fc77eb6871162d23e8e5f268dc0b5e04dcef005b2985d8850749704fa81319d4156a1f3b61d08fb05c7e3ccdca1d6fe6888302ce16087b805d02ea3f49c2fe63f44b7a5757ad0f699a68585472235a06fe61d0476d8a4648ecd4c93240f3b9f980f81ac291518c2675fb635c258639147b9786f24b7f3ce873202e84a9afc32bd71bf7e9d80df40e7802c073378cd50db479a6e95e726e8f52314e2749cfdf889cb73fc9eb9867339c000dd5e62dd154bd7d599d6b9f6810b2cc1a64106b847e1aa206aa407ad62e731427191a71a32648958d842f144ea7be54f4dce3d77c5c9299c741f18a2dce2dc73f11741b065b00dd9b9056f33f4f807d81f6ec61ad4e68b37d9909ab8ab943cf72311c59cd1afd4d2d0088b6faf2cd557f40722ccb4bd5d83b5049c7a49985cb9aa1b1d9c1c3fc19c42b4eba5c941504e28d7f184a979866631ad16b7b8e16901fcc8517847558ec73db208c61719f93038586a5bd475da3ba05f0d0d50fcaceed820185616376c9031465bf8dff82a4cf02c3712e52efae6db4577254ab366c838e668ba740eddc4e2b250f2110f5d8807b9b39d222af2103af66ac7456b54ba228be4ca36c8d4dc4588bbb3973d53f4a446548b348317a35b839b2ec6dea2a0f52d56f48f551458e025a2f87084c4da697ca992cc5c2c22d4da79f880dac39db8d18aa30663752dbce492fd891d9d515cdfe946b0994406b7cff357984900f5402c6b423384c49a2934bf9a76be3d7716aff77a96917321386d4099561d4c291935a7566100dfdfe64b2a5409c08b53bc34101a1733e3406e1d8f616a5588e26722eb5afd1c7a650f31b7273e9b2943ae7d355b180ed3454e4f15db05a6781fbef80e4aa8a266e0ee38bc965dc493b0e95a52b6976cd960474e4f57fda7dbf6299102357a6d5f27c73bcd302a1be109bdd5164ef9b9c6833a5d82468bb895e2d029ee530c0948f786129acf5513b7e8de31c78363454980065ba17e1bf7f488b6fca9e5d2edfc87c8127769b5f8e18beb902a88b2001592f66005e3e0f0b1cb0de249fa6d14f69bb8bc0062eea3efa61254ce832cd1d772cc756a0636491d7bafbebdff92886edddc70c67463c50aa63647e4b224dda42f3e31e12182a800ae09bdca2adf1fe94b642ab12b153b6d99f757ac6c1f8b9d54ffffed0737e5337c6bfee475ca250c9d46dd508359722ea8502d3cbf41895453f6a9e963bb7a924d54741a060bece0a34ed9bec508dbfd6d27e0c5c30705261ce48bb3052fba7e3ecc07f66ef558091c1432f418994ef603ce1b15abaf01d390d4def28512931cddd10e4e5da48880043543249a6085e9cd3b3a85c3c9e745e9579420ebcb02029009f787ddbbcfd67bc7615381764543e4b5ee0e8e14ccd4d7cc4038c21c1bc11971534a9f978fc5f844465317f23e78b885c1806c2560243191238346cd435d1131f61f054b01ad1cfb88290143893dc2c1034af182aa2bca61779e8c53056500d48c3b730838368555e12a51a647826a2bb35097870b42bd25dd233205d8d9266a82fab2cf95b8593892fc7725d436905b5444950f0f2bc36d3935e9cd5a676fd4bc706f4305247d87b6446021f9f2a8fd4cefb0977e0e19108f7314e2540417a3ce3626c3e7e50d670fdfbcc5ba0d3a72dd210ea2d9997739a3945e6e21305d26b97513c82a67e2c28c0531203cd7cb5b066a666c77cdce534b1e2940d9a5a7c649842e6530c73322132a7eb05eb2ebea5cad1f49952f1dc916b95129513c6c76b72489fb73f49b129a7062ddfd247eee88a244585e12ff55c78ddfd0872048e273158d756d58ab442cf2d85a852c3c42f87a824a9582b4779c0644f93812f4bf6ae91ddf7f31f4ddd9e0538534905190ff15ee741dcb2de65ac40b4257128f4c74adbdac7ea7fb79263f11d5f47eeb7b39052784a60785cfa39833c1434fe54f1954d71d7eed083433ad98afd7009eb6b86f944de83563af69d7c70822a7fb66c777ced080c97344c2ba885050eefc6e4f3a56b1613ce40c551616a2f93678385752ec34af76e0558a27eed09cc9818b6379b69d1c7d5d8cacefc0abb3892c3f750c75534c1a1ba8111027053e47cc878b0c8c338c4cacbed61959382e9c7ff2e1cba37752b14450bd2e529f1f550b878c63d48ace04c879051f83f6f9daf68d3de546cdd86248437962ed65b9555b836736de74bb57af3f6418bdda5c153634cad6365220104915cb1e7c8a3c1dc7e3cef8fde9b356fe34159bfc6f474e02a4db9ead7d3a150f743a71b749bb0f9750cde1d21ed0b0381efc6d0d553306b0e29a3e512832c3030df8a5dbbdff0510e9990ad78149484e7fd2c0019d14d7d52bf22c77cc836e8a44d9bb7d0e8a8cd3aeb65fffda133eef5067f5c0612a76587e68020aec6aba747609cd3bebd98a92cd7dec62fb5f73e3198a74f448380b9e3dfcd3bdbcc19a0513d00c11ba9e5c86782f26a4f361662baa1b26f37b0a55ea9bbeb2d0731999b4bb9e93df1445680f5c14f06d7c11caebe7e51c9c74d07d7cc4fda02bfef1b1c6557e3640bfcdc535fdf8a351bd9ba6b59461a3a3c60a611ca507959c0f3cee7ac36ae2c81c8d470092e2e91fcc823eda5fcf1c47cec6a9937f0857f371dd4e6998a57779fa93c63d8a4620f60b903a6bd70119413e6a04f20b655a5740777cf46510d5c792816f48a95d1d88e6aae63ba0143d9e14cff3c57bd2b6ea56b33d2528602646352e6568d440e0a09597b155e409e5fdd5201ad9485b740b7d810eb8159079cab4e016f191839086b1f3ef89180e3c8e7e3abfd9ab21550ae0e868a717c72223cc49d6c257ad9020a5f124496eeb9814336299c24ef0fef624bdd5abee65a477436906c439d5146331b0fda50ad2b536d94bbea166af01241df2f11f760fd3ec393d5208df3db33d487c4f3d72443fe2f348f904ab0a6df69ed8b74fc7a589a8e10dd7e9a8b293c9295ce9ad50ddc41bf6b80d3ae25d8561727dc68f988e21bc6624d1311fe3dce2c276a6c86eb8286d73d48a537a708dedcf6dd97de53aee7ffb94c687594244cf129726bb597dcdb023a8b7a4137f936fa9f7f4fc06be90c7db3197d79373d0a09dadb1723ac45d958d83300a4372ee5edbaaa7258f56c02eb9e5b86ba6292e93dc2dba2cb5829ecffebb90f88bd0d4b8b974f7fd82bdeafa8d844ba872b6f8d7532837e87ad8c8c038a41e01b483245da4147b69232a69a69fbf354779adefd80963ac2512e32505a1b9c2842c3cdf00ceec2574afd70ea00f63dd8b1f5311fc8491d50baaea041c2545dc9004b2fa70ffe281620e7f56f9804fce7234d1ae61580504616bed9804b237f872a75a8307e2c211a44be4bcd8615fc8694fd2cb01723c69ae74b42a958de3a0962ebf0fdbd4733cfb47a5f8e73a380a874c1dc14b8876226ddf88ddb5895cb06b8eefdf540b0112ea263c45ea3e6ba94986fc9f60f1e8d253cb23055f8e84c517dfeb67417eec174917b23d572954c0bb516469f9ef15167f26a997fe98bdd7c4d100806e0a5822203c8a4a31506e033a56a858bb639fb09711bf5bfec98149c67a28a04f8a914e6048a01efeee9e0cf3429524b9f55569607208273ec6b9987da3edb86d5a181bc2b68caedae5b7ab5408bcc291f4bd753d83ec658cdace3c89ac745df1e5ec38edd2cc0ed065fb07333d95d2a061242cf04ea694895c19121c6232c8d31f2db0f2c70f64db6eb9fb3148bcbeb5b7e0681b77001a96231f002f1950f6e9f3645cdfbe48a164d3dfec7fd4e2fd575723b1af408787ec2f333db691b91360233fc5e9126831bfc36145591e22b908b0f4ae62c7ea573ca24ba58ba70b5d11deb8776ae1eddf6c8360b6e5fabcce2ab724b586013f20b12cb3a73b2bde513866c992fbba152893935e44310716cf930630147b9d0a3b6dd9081216b9e91802b3579bb655a28636306158dd3a4ac93efc3c048924a636ac811fa8506630f4ff649d7af9b63237e1237f253fa7d180949b1544d045555bac9576b03624dd757b06ecbaf8fa6de6f3112676ae40a54bb11a1dd4b3c59a8d467583fdbcb761f377b5dd8d501ab74c334991618bc9520bd236cc53c2d6ec140695303d286d28bd8ca1dd5517f385a129f901aa1f822a4d7b7ac96f07cac264c6a9b06ff132cf53fc3ad986bf2e9781073cfea57188401b6c6528a130d7ab6de4f7bbd4edb4a12a9bcac199fa4683c2b89b6bb5f55d720cd04e4766ec1f0c826c4f24f6e5a50997a29ef420fc2bfa275ae9373bf458ed29daae8937718397cbb2ef44cad321e66adb94181a3ab7e3f47ad882529813584a0aeb85ab67d95b0115bbf57938c9a28c472a13861c3b62fd600042dafab5cf2ae3147a1da0a34e31d09efb44f63f27408aecbd35815b8f86ac1b99b006df7d99d91bb683cbb7566cb0745becf1d7e0f4d643687d1d53e3987be482774051db1be8cc1f3e005942f613ede10e047882c066eb518e0a4f85c7fabd408446e530b9b24a171ad80359127bf7368b5794df1c3267b3b642d4d893c9c2b0e3ac860570b52066c9d565c220dd214e1a08a451133a99151a693f3c87db9df3ed1caa7256e27c33dd11fa601ae5d79c9ace45545c0034ab272534c070564b3ca3cbc8a261efc64fa46183b2e6568e26edcdad6c4e4d1a73734ad9b5578e14359de9f6daef1acf427be2240e2097c67e0ef9a4706a28c262ef8c54b9c7857572da73f497cc446cdf99885b5b132a14a87d06d8060790ada775d7b6cce1c52fe32d4b0c0fbb46bb0039d38c97fc60b42db06af0f87f4c31b66cd86d3d8d9c11cc38273ca01ff01247f1a2c48a901a9a8dd3dd7145db80854618f43390231a931221b6d6f9165b7b2f22d35faa325d706e77a9235bacbf9e040f1546e94c24a16ee4cbfddf9136503c667cdd611f084dc06c9a0e797c2592aeb6e48cb2f6696e82d9e45baf244907edd8f15654421c0cdb1b5b4467fff8bfd14ad1969b8a13e782bb1cf992cfd6caa4b2f2e799871906bb2dd69a1b9f9bc84d0ed2f804ba23553498760dc9d8b375bca44af546994e49e82351", 0x1000, 0x1ff, 0x0, 0x2}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x6, r8, &(0x7f0000001400)="8283b6fc614f9cd6f402e1b619e418f96e817ed109f9b64e3176ea4f5fd63bf0b78111d5e306c6c3c33a026bd1dc1e46346f5348928a0501c9c8e8490498632d04c1ea905d758788ac9b29f0faa3e7bc436460c215d70860dd16840319b0b17d63e5564df621745726bc35c77521d0c66bb399c07f8e60bcacf1b6d49fce5aba6075dc038bc401be762a624844d1ae0f2782c5e34b7d8652661b160f9b96f727761d4e005d9021018bfd19490fdaaa4e2aa917824972da4ffc16c5378980e686cb7b624a", 0xc4, 0x81, 0x0, 0x0, r1}, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x0, 0x2, r7, &(0x7f0000001500)="f2", 0x1, 0x7000000, 0x0, 0x2}, &(0x7f00000015c0)={0x0, 0x0, 0x0, 0x7, 0x9, r8, &(0x7f0000001580), 0x0, 0xa1, 0x0, 0x3, r1}, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x2, 0x400, 0xffffffffffffffff, 0x0, 0x0, 0x7, 0x0, 0x1, r1}, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x1, 0x3, 0xffffffffffffffff, &(0x7f00000016c0)="bbd9b3eb2fe94d97fcfb7b5df2eedea1156f4def11f8f1668acf348346f5c4192ca75558ee8bfa971f4f898e3d97b05ab340a99f8fc3564d1a914a6d97f40ec6c65ac1d38847bc", 0x47, 0x8, 0x0, 0x3, r1}, &(0x7f0000001880)={0x0, 0x0, 0x0, 0x6, 0x7af4, r7, 0x0, 0x0, 0x0, 0x0, 0x1, r1}])
accept4(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x100000)

2m24.155398988s ago: executing program 8 (id=5291):
syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
syz_open_dev$sndmidi(0x0, 0x5, 0x141101)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r2, 0x2)
close(r2)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201010200000010f3b100000000010203010902240001010330050904000801030101000921"], 0x0)
mlock2(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)}, 0x0)

2m23.831605593s ago: executing program 6 (id=5293):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r0, 0x0, 0x1}, 0x18)
add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2200, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
write$tcp_mem(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x2d, 0x0, 0x3a, 0xfffffffffffffffe, 0x2c}, 0x48)
getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xd, 0x0, &(0x7f0000000280))
execve(&(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000500))
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

2m19.740164402s ago: executing program 6 (id=5296):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, 0x9, 0x6, 0x201}, 0x14}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)

2m19.592687746s ago: executing program 6 (id=5298):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006d80)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x7}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xfff2, 0x9}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)

2m19.272175313s ago: executing program 8 (id=5300):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1d, 0x2, 0x6)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000140)={'vxcan1\x00', <r3=>0x0})
bind$can_j1939(r1, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x20, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x11000}}, 0x20}, 0x1, 0x0, 0x0, 0x101b97d1ae26809d}, 0x0)
sendmsg$IPSET_CMD_DEL(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)=ANY=[], 0x158}, 0x1, 0x0, 0x0, 0x20004004}, 0x20040080)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, 0x0, 0x8, 0x70bd2c, 0x25dfdbff}, 0x14}}, 0x200000d9)

2m18.956134113s ago: executing program 6 (id=5302):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r1, 0x114, 0x5, &(0x7f0000000740), 0x4)

2m18.92624214s ago: executing program 8 (id=5303):
socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
r5 = landlock_create_ruleset(&(0x7f0000000140)={0x4080, 0x1}, 0x18, 0x0)
landlock_restrict_self(r5, 0x1)
r6 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
write$6lowpan_enable(r1, &(0x7f00000000c0)='1', 0x1)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r6, 0x40045542, &(0x7f00000001c0))
r7 = syz_open_dev$dmmidi(&(0x7f0000001580), 0x200, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000380), 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r8 = io_uring_setup(0x30f9, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r9)
rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file5\x00')
r10 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
ioctl$SG_SET_RESERVED_SIZE(r10, 0x2275, &(0x7f0000000080)=0x2e9aa845)
io_submit(0x0, 0x7, &(0x7f00000018c0)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x2, 0x6, r8, &(0x7f0000000400)="ec1b8fb3fa9c1e620ba4593108091163a452d667751dcf9ab14befbf2442f7bd092a8a51c138f09570a6fc6b24b1eee7259abc34793c243bd4509a9917ff54d9bf22e97aef4447d7a004dddbe09323c66c9e539eab4a6591708d95155233e7732fc856888e4caf909814f58aa6b26effe12d7a7b362595944f529cb50cb72a4efcfe213f2570b392c114859d591981434cd9ddac1fc17e12c3d9b1f1b7a184b414db38181b64a5350a5151045d4c5996c895e1940cfedd0fb5c4fee9e2eb100c451317221aeaa27f46a1c03488c1454b86450b14e3d37b1dde0080355730296431cd255ddc176e4f82850c934c47236089b3d322389fd56b55835a9735ab971d208c8cf446da98d481b09a31e2c736c2ec39f674ba819cb22d62d6526d57e5df9536fd1d1f77dc1f522234b27232ce7507dab2802555da17c8a087d4df1f825f970da86f2d39d04a11d28c1dfa11ca1933a468f528566dcbcb86eac475cf5d9674338714edd70e32aec0bbfef0c222dda8270b18eab229c8997c0236073cef47b76884bc658f9eac03206f73e4e640ba74e8edd104003494f8dd16ede7655408ed670cfc7c19b0dd0ef25a2e00be12a83a1e8ce6b5f9c0c34d669d380de66e1f53c2409f33954c2282639525b78e76f2f6028af4fc7b17a47fd1dadb76c48b469119fa1368797300dfa8000a1087e247d9ad816c099fc77eb6871162d23e8e5f268dc0b5e04dcef005b2985d8850749704fa81319d4156a1f3b61d08fb05c7e3ccdca1d6fe6888302ce16087b805d02ea3f49c2fe63f44b7a5757ad0f699a68585472235a06fe61d0476d8a4648ecd4c93240f3b9f980f81ac291518c2675fb635c258639147b9786f24b7f3ce873202e84a9afc32bd71bf7e9d80df40e7802c073378cd50db479a6e95e726e8f52314e2749cfdf889cb73fc9eb9867339c000dd5e62dd154bd7d599d6b9f6810b2cc1a64106b847e1aa206aa407ad62e731427191a71a32648958d842f144ea7be54f4dce3d77c5c9299c741f18a2dce2dc73f11741b065b00dd9b9056f33f4f807d81f6ec61ad4e68b37d9909ab8ab943cf72311c59cd1afd4d2d0088b6faf2cd557f40722ccb4bd5d83b5049c7a49985cb9aa1b1d9c1c3fc19c42b4eba5c941504e28d7f184a979866631ad16b7b8e16901fcc8517847558ec73db208c61719f93038586a5bd475da3ba05f0d0d50fcaceed820185616376c9031465bf8dff82a4cf02c3712e52efae6db4577254ab366c838e668ba740eddc4e2b250f2110f5d8807b9b39d222af2103af66ac7456b54ba228be4ca36c8d4dc4588bbb3973d53f4a446548b348317a35b839b2ec6dea2a0f52d56f48f551458e025a2f87084c4da697ca992cc5c2c22d4da79f880dac39db8d18aa30663752dbce492fd891d9d515cdfe946b0994406b7cff357984900f5402c6b423384c49a2934bf9a76be3d7716aff77a96917321386d4099561d4c291935a7566100dfdfe64b2a5409c08b53bc34101a1733e3406e1d8f616a5588e26722eb5afd1c7a650f31b7273e9b2943ae7d355b180ed3454e4f15db05a6781fbef80e4aa8a266e0ee38bc965dc493b0e95a52b6976cd960474e4f57fda7dbf6299102357a6d5f27c73bcd302a1be109bdd5164ef9b9c6833a5d82468bb895e2d029ee530c0948f786129acf5513b7e8de31c78363454980065ba17e1bf7f488b6fca9e5d2edfc87c8127769b5f8e18beb902a88b2001592f66005e3e0f0b1cb0de249fa6d14f69bb8bc0062eea3efa61254ce832cd1d772cc756a0636491d7bafbebdff92886edddc70c67463c50aa63647e4b224dda42f3e31e12182a800ae09bdca2adf1fe94b642ab12b153b6d99f757ac6c1f8b9d54ffffed0737e5337c6bfee475ca250c9d46dd508359722ea8502d3cbf41895453f6a9e963bb7a924d54741a060bece0a34ed9bec508dbfd6d27e0c5c30705261ce48bb3052fba7e3ecc07f66ef558091c1432f418994ef603ce1b15abaf01d390d4def28512931cddd10e4e5da48880043543249a6085e9cd3b3a85c3c9e745e9579420ebcb02029009f787ddbbcfd67bc7615381764543e4b5ee0e8e14ccd4d7cc4038c21c1bc11971534a9f978fc5f844465317f23e78b885c1806c2560243191238346cd435d1131f61f054b01ad1cfb88290143893dc2c1034af182aa2bca61779e8c53056500d48c3b730838368555e12a51a647826a2bb35097870b42bd25dd233205d8d9266a82fab2cf95b8593892fc7725d436905b5444950f0f2bc36d3935e9cd5a676fd4bc706f4305247d87b6446021f9f2a8fd4cefb0977e0e19108f7314e2540417a3ce3626c3e7e50d670fdfbcc5ba0d3a72dd210ea2d9997739a3945e6e21305d26b97513c82a67e2c28c0531203cd7cb5b066a666c77cdce534b1e2940d9a5a7c649842e6530c73322132a7eb05eb2ebea5cad1f49952f1dc916b95129513c6c76b72489fb73f49b129a7062ddfd247eee88a244585e12ff55c78ddfd0872048e273158d756d58ab442cf2d85a852c3c42f87a824a9582b4779c0644f93812f4bf6ae91ddf7f31f4ddd9e0538534905190ff15ee741dcb2de65ac40b4257128f4c74adbdac7ea7fb79263f11d5f47eeb7b39052784a60785cfa39833c1434fe54f1954d71d7eed083433ad98afd7009eb6b86f944de83563af69d7c70822a7fb66c777ced080c97344c2ba885050eefc6e4f3a56b1613ce40c551616a2f93678385752ec34af76e0558a27eed09cc9818b6379b69d1c7d5d8cacefc0abb3892c3f750c75534c1a1ba8111027053e47cc878b0c8c338c4cacbed61959382e9c7ff2e1cba37752b14450bd2e529f1f550b878c63d48ace04c879051f83f6f9daf68d3de546cdd86248437962ed65b9555b836736de74bb57af3f6418bdda5c153634cad6365220104915cb1e7c8a3c1dc7e3cef8fde9b356fe34159bfc6f474e02a4db9ead7d3a150f743a71b749bb0f9750cde1d21ed0b0381efc6d0d553306b0e29a3e512832c3030df8a5dbbdff0510e9990ad78149484e7fd2c0019d14d7d52bf22c77cc836e8a44d9bb7d0e8a8cd3aeb65fffda133eef5067f5c0612a76587e68020aec6aba747609cd3bebd98a92cd7dec62fb5f73e3198a74f448380b9e3dfcd3bdbcc19a0513d00c11ba9e5c86782f26a4f361662baa1b26f37b0a55ea9bbeb2d0731999b4bb9e93df1445680f5c14f06d7c11caebe7e51c9c74d07d7cc4fda02bfef1b1c6557e3640bfcdc535fdf8a351bd9ba6b59461a3a3c60a611ca507959c0f3cee7ac36ae2c81c8d470092e2e91fcc823eda5fcf1c47cec6a9937f0857f371dd4e6998a57779fa93c63d8a4620f60b903a6bd70119413e6a04f20b655a5740777cf46510d5c792816f48a95d1d88e6aae63ba0143d9e14cff3c57bd2b6ea56b33d2528602646352e6568d440e0a09597b155e409e5fdd5201ad9485b740b7d810eb8159079cab4e016f191839086b1f3ef89180e3c8e7e3abfd9ab21550ae0e868a717c72223cc49d6c257ad9020a5f124496eeb9814336299c24ef0fef624bdd5abee65a477436906c439d5146331b0fda50ad2b536d94bbea166af01241df2f11f760fd3ec393d5208df3db33d487c4f3d72443fe2f348f904ab0a6df69ed8b74fc7a589a8e10dd7e9a8b293c9295ce9ad50ddc41bf6b80d3ae25d8561727dc68f988e21bc6624d1311fe3dce2c276a6c86eb8286d73d48a537a708dedcf6dd97de53aee7ffb94c687594244cf129726bb597dcdb023a8b7a4137f936fa9f7f4fc06be90c7db3197d79373d0a09dadb1723ac45d958d83300a4372ee5edbaaa7258f56c02eb9e5b86ba6292e93dc2dba2cb5829ecffebb90f88bd0d4b8b974f7fd82bdeafa8d844ba872b6f8d7532837e87ad8c8c038a41e01b483245da4147b69232a69a69fbf354779adefd80963ac2512e32505a1b9c2842c3cdf00ceec2574afd70ea00f63dd8b1f5311fc8491d50baaea041c2545dc9004b2fa70ffe281620e7f56f9804fce7234d1ae61580504616bed9804b237f872a75a8307e2c211a44be4bcd8615fc8694fd2cb01723c69ae74b42a958de3a0962ebf0fdbd4733cfb47a5f8e73a380a874c1dc14b8876226ddf88ddb5895cb06b8eefdf540b0112ea263c45ea3e6ba94986fc9f60f1e8d253cb23055f8e84c517dfeb67417eec174917b23d572954c0bb516469f9ef15167f26a997fe98bdd7c4d100806e0a5822203c8a4a31506e033a56a858bb639fb09711bf5bfec98149c67a28a04f8a914e6048a01efeee9e0cf3429524b9f55569607208273ec6b9987da3edb86d5a181bc2b68caedae5b7ab5408bcc291f4bd753d83ec658cdace3c89ac745df1e5ec38edd2cc0ed065fb07333d95d2a061242cf04ea694895c19121c6232c8d31f2db0f2c70f64db6eb9fb3148bcbeb5b7e0681b77001a96231f002f1950f6e9f3645cdfbe48a164d3dfec7fd4e2fd575723b1af408787ec2f333db691b91360233fc5e9126831bfc36145591e22b908b0f4ae62c7ea573ca24ba58ba70b5d11deb8776ae1eddf6c8360b6e5fabcce2ab724b586013f20b12cb3a73b2bde513866c992fbba152893935e44310716cf930630147b9d0a3b6dd9081216b9e91802b3579bb655a28636306158dd3a4ac93efc3c048924a636ac811fa8506630f4ff649d7af9b63237e1237f253fa7d180949b1544d045555bac9576b03624dd757b06ecbaf8fa6de6f3112676ae40a54bb11a1dd4b3c59a8d467583fdbcb761f377b5dd8d501ab74c334991618bc9520bd236cc53c2d6ec140695303d286d28bd8ca1dd5517f385a129f901aa1f822a4d7b7ac96f07cac264c6a9b06ff132cf53fc3ad986bf2e9781073cfea57188401b6c6528a130d7ab6de4f7bbd4edb4a12a9bcac199fa4683c2b89b6bb5f55d720cd04e4766ec1f0c826c4f24f6e5a50997a29ef420fc2bfa275ae9373bf458ed29daae8937718397cbb2ef44cad321e66adb94181a3ab7e3f47ad882529813584a0aeb85ab67d95b0115bbf57938c9a28c472a13861c3b62fd600042dafab5cf2ae3147a1da0a34e31d09efb44f63f27408aecbd35815b8f86ac1b99b006df7d99d91bb683cbb7566cb0745becf1d7e0f4d643687d1d53e3987be482774051db1be8cc1f3e005942f613ede10e047882c066eb518e0a4f85c7fabd408446e530b9b24a171ad80359127bf7368b5794df1c3267b3b642d4d893c9c2b0e3ac860570b52066c9d565c220dd214e1a08a451133a99151a693f3c87db9df3ed1caa7256e27c33dd11fa601ae5d79c9ace45545c0034ab272534c070564b3ca3cbc8a261efc64fa46183b2e6568e26edcdad6c4e4d1a73734ad9b5578e14359de9f6daef1acf427be2240e2097c67e0ef9a4706a28c262ef8c54b9c7857572da73f497cc446cdf99885b5b132a14a87d06d8060790ada775d7b6cce1c52fe32d4b0c0fbb46bb0039d38c97fc60b42db06af0f87f4c31b66cd86d3d8d9c11cc38273ca01ff01247f1a2c48a901a9a8dd3dd7145db80854618f43390231a931221b6d6f9165b7b2f22d35faa325d706e77a9235bacbf9e040f1546e94c24a16ee4cbfddf9136503c667cdd611f084dc06c9a0e797c2592aeb6e48cb2f6696e82d9e45baf244907edd8f15654421c0cdb1b5b4467fff8bfd14ad1969b8a13e782bb1cf992cfd6caa4b2f2e799871906bb2dd69a1b9f9bc84d0ed2f804ba23553498760dc9d8b375bca44af546994e49e82351", 0x1000, 0x1ff, 0x0, 0x2}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x6, r8, &(0x7f0000001400)="8283b6fc614f9cd6f402e1b619e418f96e817ed109f9b64e3176ea4f5fd63bf0b78111d5e306c6c3c33a026bd1dc1e46346f5348928a0501c9c8e8490498632d04c1ea905d758788ac9b29f0faa3e7bc436460c215d70860dd16840319b0b17d63e5564df621745726bc35c77521d0c66bb399c07f8e60bcacf1b6d49fce5aba6075dc038bc401be762a624844d1ae0f2782c5e34b7d8652661b160f9b96f727761d4e005d9021018bfd19490fdaaa4e2aa917824972da4ffc16c5378980e686cb7b624a", 0xc4, 0x81, 0x0, 0x0, r1}, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x0, 0x2, r7, &(0x7f0000001500)="f2", 0x1, 0x7000000, 0x0, 0x2}, &(0x7f00000015c0)={0x0, 0x0, 0x0, 0x7, 0x9, r8, &(0x7f0000001580), 0x0, 0xa1, 0x0, 0x3, r1}, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x2, 0x400, 0xffffffffffffffff, 0x0, 0x0, 0x7, 0x0, 0x1, r1}, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x1, 0x3, 0xffffffffffffffff, &(0x7f00000016c0)="bbd9b3eb2fe94d97fcfb7b5df2eedea1156f4def11f8f1668acf348346f5c4192ca75558ee8bfa971f4f898e3d97b05ab340a99f8fc3564d1a914a6d97f40ec6c65ac1d38847bc", 0x47, 0x8, 0x0, 0x3, r1}, &(0x7f0000001880)={0x0, 0x0, 0x0, 0x6, 0x7af4, r7, 0x0, 0x0, 0x0, 0x0, 0x1, r1}])
accept4(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x100000)

2m17.985466676s ago: executing program 6 (id=5307):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1000, 0x4, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
quotactl_fd$Q_GETNEXTQUOTA(0xffffffffffffffff, 0xffffffff80000901, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000680)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYBLOB="6a20ab8250921330db6fbba5f1391acad5540e52e89c8f5a615b3f9a7d3f414828ddb86f995c86e9777fef40ad492bef6cc39fff9c78b49212412b80ebbb33b331e5c4e760ec48f91f0bfd721b41ed53d20a8ab6073b1ff23ab5b1631daa26196e3239b917134c2aa21c556593778a6938ebf987b6af0a13e43133a10e1db7fde150dc7eec3f9bed942c36101a1b604667376042eef105af66eef17bc6a80df04ce99026dc8b3da95677c2c73f2a7a5a0125288da89ff164afd9151bd188", @ANYRES16, @ANYRES32=r3, @ANYRESHEX], 0x4c}, 0x1, 0x0, 0x0, 0x20040090}, 0x24044814)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRESOCT=r5], &(0x7f0000000100)='syzkaller\x00'}, 0x94)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x6)
write(r7, &(0x7f00000000c0)="510003000000", 0x6)
write$rfkill(r6, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
r8 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r8, 0x541c, &(0x7f0000000240))
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
socket$inet_udp(0x2, 0x2, 0x0)
r9 = syz_open_dev$vbi(0x0, 0x3, 0x2)
ioctl$VIDIOC_G_STD(r9, 0x80085617, 0x0)

2m17.887577664s ago: executing program 8 (id=5308):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
syz_open_dev$sg(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xffffffff, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x37}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$udambuf(0xffffff9c, 0x0, 0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x14, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000003240)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000040), &(0x7f0000005b40), 0x0, 0x0, 0x0, 0x0, r5})
close_range(r3, 0xffffffffffffffff, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)

2m2.08731301s ago: executing program 44 (id=5308):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
syz_open_dev$sg(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xffffffff, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x37}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$udambuf(0xffffff9c, 0x0, 0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x14, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000003240)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000040), &(0x7f0000005b40), 0x0, 0x0, 0x0, 0x0, r5})
close_range(r3, 0xffffffffffffffff, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)

2m1.972818907s ago: executing program 45 (id=5307):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1000, 0x4, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
quotactl_fd$Q_GETNEXTQUOTA(0xffffffffffffffff, 0xffffffff80000901, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000680)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYBLOB="6a20ab8250921330db6fbba5f1391acad5540e52e89c8f5a615b3f9a7d3f414828ddb86f995c86e9777fef40ad492bef6cc39fff9c78b49212412b80ebbb33b331e5c4e760ec48f91f0bfd721b41ed53d20a8ab6073b1ff23ab5b1631daa26196e3239b917134c2aa21c556593778a6938ebf987b6af0a13e43133a10e1db7fde150dc7eec3f9bed942c36101a1b604667376042eef105af66eef17bc6a80df04ce99026dc8b3da95677c2c73f2a7a5a0125288da89ff164afd9151bd188", @ANYRES16, @ANYRES32=r3, @ANYRESHEX], 0x4c}, 0x1, 0x0, 0x0, 0x20040090}, 0x24044814)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRESOCT=r5], &(0x7f0000000100)='syzkaller\x00'}, 0x94)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x6)
write(r7, &(0x7f00000000c0)="510003000000", 0x6)
write$rfkill(r6, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
r8 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r8, 0x541c, &(0x7f0000000240))
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
socket$inet_udp(0x2, 0x2, 0x0)
r9 = syz_open_dev$vbi(0x0, 0x3, 0x2)
ioctl$VIDIOC_G_STD(r9, 0x80085617, 0x0)

27.155326399s ago: executing program 0 (id=5635):
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000007c0)='ns/pid\x00')
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000a80)='ns/pid\x00')
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x180, 0x0)
ioctl$TIOCGSOFTCAR(r0, 0x5414, &(0x7f0000000000))

27.026413812s ago: executing program 0 (id=5636):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}}], 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff)
syz_open_dev$dri(&(0x7f0000000480), 0x0, 0x8000)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002880)='.\x00', &(0x7f00000028c0), 0x0, &(0x7f0000000180)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x1000}})
mount$fuse(0x0, &(0x7f0000002880)='.\x00', &(0x7f00000028c0), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), 0xffffffffffffffff)
socket$packet(0x11, 0x2, 0x300)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000340)={0x50, r4, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0xe}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x9}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x20040080}, 0x55)
socket$netlink(0x10, 0x3, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

22.972224122s ago: executing program 0 (id=5646):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f00000003c0), r3, 0x2}}, 0x18)
close(r1)
sigaltstack(&(0x7f0000000000)={0x0, 0x80000002}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, '\x00', 0x18}}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r5, 0xfffffffd, 0x0, 0x30, 0x0, @in6={0x1b, 0x0, 0x40000007, @loopback}, @ib={0x1b, 0x0, 0x0, {"7d0300"}, 0x0, 0x0, 0x2}}}, 0x118)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
lseek(r8, 0x1000, 0x1)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="00020000000000000000010000001b001d0081000000"], 0x1c}}, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x7)
landlock_restrict_self(0xffffffffffffffff, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)

21.858412441s ago: executing program 0 (id=5648):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="1c0008000103"], 0x42)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)

21.677100604s ago: executing program 0 (id=5650):
r0 = creat(&(0x7f00000000c0)='./file1\x00', 0xc5)
close(r0)
r1 = socket$unix(0x1, 0x2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000001200), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

21.514579354s ago: executing program 0 (id=5651):
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x40, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7})
ioctl$sock_netdev_private(0xffffffffffffffff, 0x8949, &(0x7f0000000000))
rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x400000000, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0x9, 0x0, 0x0, @binary="38eac21a"}]}, 0x1c}}, 0x20000000)

18.659894564s ago: executing program 2 (id=5655):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x180, 0x0)
ioctl$TIOCGSOFTCAR(r0, 0x5414, &(0x7f0000000000))

18.441134916s ago: executing program 2 (id=5656):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x21)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)={{0x0, 0x0, 0xffffffffffffff7f}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c2371371b77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e27c3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc2456a72fabb16b47da71624d2e9081de748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d749cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc3016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55bdd46e5bcb3330c7edefd31c33f61275e516"})

18.238800256s ago: executing program 2 (id=5657):
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
r4 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000002c0)={<r5=>0x0}, &(0x7f0000000340)=0xc)
syz_pidfd_open(r5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000d80)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000020000a3c000000120a09080000000000000000020000000900020073797a310000000008000440000000"], 0x64}, 0x1, 0x0, 0x0, 0x5}, 0x0)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x4000, 0x80600})
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000000314230c2abd7000ff05df250900020073797a31000000000800410072786500"], 0x38}, 0x1, 0x0, 0x0, 0x48845}, 0x4000)
mmap(&(0x7f00008ab000/0x3000)=nil, 0x3000, 0xb635773f05ebbee1, 0x8031, 0xffffffffffffffff, 0x815d3000)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r7, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={0x0, 0x58}, 0x1, 0x0, 0x0, 0x24040014}, 0xc800)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100), 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r6, 0x0, 0x0)

16.796591351s ago: executing program 2 (id=5659):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000640)='\xf0\x891\xb8R\xe6\x8d\x12\xe5\xe3+\xcd24\x01\x80\x1a\xc9A\x93\xb1@\xbf\x89K\xd0\x86\xd9\x86\x18\xc4:\xc3\xe0\xac\xed~\x97\a\xbe\xfb1d\xbe\xa1\xc1N\xd2p\xf0\xc6\xf3\x8eD\x1b\xc7q\x99?9\xf1\xe6\f\xa9\x90\xec:\x037\xe8\x0f\rX6\xf2\x88\x8d\r\xd2\xfc+\x19\x9a}\x9c\xd9\x1a\xef\xf1\x16d>ah\xa2\xa7\x02U\x06\xe1\xe1PY\x90\x17\xf0p\x01*!I\xd3$\xd00C\x88*NA\xc3\x95`\xb2\xf1\xb1\xed\x91\xe4\x87\xcf_9\x1eIpAfN\x99\xa9\v)\x98p\xea[\xc5&D\xe7\xf3\xba/\xcd\xdb\x9dz\xb2\xbf\xc6\xea?\x13(\x15\xc1\tm\xe7t,[\x14|bM\xfa\xeb\x91\xb0\xdfAR\xf3\xe2\xdf', &(0x7f00000007c0)='{\xe0e%m\"\x92\xb5\xcb\x00\x01\x0e!5\xd8\xf2\x92\x97\x86\xf9\xa8\xe7;\xdff3\x83\xb1a\xf2j\t\x7f??,\xd9\xe28\xae\xd6>\xbaN\x1d_N\xcbdIP2$\xbc\xc9\x89\xb5\n\x90-i%\xe2\x94\fH\xf1\xed\r\b\x1c\x81>\t\xc30-\xe2\xb3\xb0<m\x8ePDhx\x04\xd8\x17\xbcP\x8bl\xd5\x00\x00\x00\x00\x00\x00\xa3E\x9a_\x9b\x98#\xb2\x03\x18!V\x1b\xcbk\xf8\xd6JE4,\xdf\x96\x80j#\xf9\xd8\x13,\x89\x10\x90:l/\xb9T\x9a', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r1 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
readv(r0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/161, 0xd8}], 0x1)
tkill(r1, 0xb)

16.462327159s ago: executing program 2 (id=5660):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1d, 0x2, 0x6)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000140)={'vxcan1\x00', <r3=>0x0})
bind$can_j1939(r1, &(0x7f0000000000)={0x1d, r3, 0x3}, 0x18)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x101b97d1ae26809d}, 0x0)
sendmsg$IPSET_CMD_DEL(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)=ANY=[], 0x158}, 0x1, 0x0, 0x0, 0x20004004}, 0x20040080)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x200000d9)

15.835251274s ago: executing program 3 (id=5663):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
write$tun(r1, &(0x7f0000000200)={@val={0xa, 0x10}, @void, @eth={@multicast, @multicast, @void, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00 \x00', 0x8, 0x11, 0xff, @empty, @mcast2, {[], {0x4e24, 0x4e20, 0x8}}}}}}}, 0x42)

15.745634358s ago: executing program 3 (id=5664):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x180, 0x0)
ioctl$TIOCGSOFTCAR(r0, 0x5414, &(0x7f0000000000))

15.699886089s ago: executing program 3 (id=5665):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r0, 0xffffffffffffffff, 0x0)

15.618374801s ago: executing program 3 (id=5666):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x40}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0xb}]}}}]}]}], {0x14}}, 0x94}}, 0x0)

15.5711451s ago: executing program 3 (id=5667):
request_key(&(0x7f0000000000)='ceph\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='\x00', 0xfffffffffffffffb)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, 0x0, &(0x7f0000000300)="8c", 0x37db}, 0x38)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x40000)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x707b, 0x100, 0x4, 0x80288}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB='('], 0x28}, 0x0, 0x2000c000})
io_uring_enter(r2, 0x3516, 0x0, 0x4, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)

15.494850227s ago: executing program 3 (id=5668):
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreqsrc(r2, 0x0, 0x27, &(0x7f0000000000)={@multicast1=0xe000bb00, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r4, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2=0xe000002f}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)

15.375506592s ago: executing program 2 (id=5669):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000bbbbbbbbbbbbaaaaaaaaaaaa080045190014006400000111909e1d2d8a115c7864010102e00000014f224e1f000c907841ff5c01"], 0x32)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_usbip_server_init(0x3)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d4b64e6295701000f2ddb265547112c800000006e8072f654261b02c6b3c5a05a1db5a33d", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRES8, @ANYBLOB="0e00"])
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'dummy0\x00'})
openat$ubi_ctrl(0xffffff9c, &(0x7f0000000240), 0x22040, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
syz_emit_ethernet(0x13e, &(0x7f0000000640)=ANY=[@ANYBLOB="aaaaaaaaaaaa6e6755aad5c50800423401300068000021069078640101000a01010144242c33e000000100000008ac1e010100000005e000000100000000e000000200000040832389ac1e0001ac14142c7f000001e0000002e000000264010101e0000001e000000201442c41437f00000100000008ac1414bb0000093cac1414bb000000080a01010000000000ac1e01010000000794040000864100000003070b50de888ed4083bacffda12a0745dcdba74615acc190688a8a24cce9ffe3bf0c9103f45ef0109c2ee15ab925d5d0704b426010b963ad54abd1ddb55120706b1db0136862f000000010208294c67f2320e00122dc8912c83e2ad12cb6eb186c37dc5b3000b4c4d299bfe62ad99950704b2cd890b13ffffffff64010102000000000000000000000000000000000300004e2300004e200000000400"/327], 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

6.081573657s ago: executing program 46 (id=5651):
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x40, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7})
ioctl$sock_netdev_private(0xffffffffffffffff, 0x8949, &(0x7f0000000000))
rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x400000000, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0x9, 0x0, 0x0, @binary="38eac21a"}]}, 0x1c}}, 0x20000000)

54.51453ms ago: executing program 47 (id=5668):
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreqsrc(r2, 0x0, 0x27, &(0x7f0000000000)={@multicast1=0xe000bb00, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r4, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2=0xe000002f}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)

0s ago: executing program 48 (id=5669):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000bbbbbbbbbbbbaaaaaaaaaaaa080045190014006400000111909e1d2d8a115c7864010102e00000014f224e1f000c907841ff5c01"], 0x32)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_usbip_server_init(0x3)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d4b64e6295701000f2ddb265547112c800000006e8072f654261b02c6b3c5a05a1db5a33d", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRES8, @ANYBLOB="0e00"])
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'dummy0\x00'})
openat$ubi_ctrl(0xffffff9c, &(0x7f0000000240), 0x22040, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
syz_emit_ethernet(0x13e, &(0x7f0000000640)=ANY=[@ANYBLOB="aaaaaaaaaaaa6e6755aad5c50800423401300068000021069078640101000a01010144242c33e000000100000008ac1e010100000005e000000100000000e000000200000040832389ac1e0001ac14142c7f000001e0000002e000000264010101e0000001e000000201442c41437f00000100000008ac1414bb0000093cac1414bb000000080a01010000000000ac1e01010000000794040000864100000003070b50de888ed4083bacffda12a0745dcdba74615acc190688a8a24cce9ffe3bf0c9103f45ef0109c2ee15ab925d5d0704b426010b963ad54abd1ddb55120706b1db0136862f000000010208294c67f2320e00122dc8912c83e2ad12cb6eb186c37dc5b3000b4c4d299bfe62ad99950704b2cd890b13ffffffff64010102000000000000000000000000000000000300004e2300004e200000000400"/327], 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

kernel console output (not intermixed with test programs):

tooth: hci1: Opcode 0x0406 failed: -4
[ 2737.084877][T16513] usb 7-1: new high-speed USB device number 52 using dummy_hcd
[ 2737.630745][T16513] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2737.650512][T16513] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2737.747898][T23440] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4403'.
[ 2737.771770][T16513] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 2737.801537][T16513] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 2737.819982][T23440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2737.834911][T15987] Bluetooth: hci2: command 0x0406 tx timeout
[ 2737.842054][T16513] usb 7-1: SerialNumber: syz
[ 2737.853658][T23440] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2738.004508][T15987] Bluetooth: hci3: command 0x0406 tx timeout
[ 2738.151126][T16513] usb 7-1: 0:2 : does not exist
[ 2738.394417][T15987] Bluetooth: hci1: command 0x0c1a tx timeout
[ 2738.671549][T16513] usb 7-1: USB disconnect, device number 52
[ 2739.309457][T23453] FAULT_INJECTION: forcing a failure.
[ 2739.309457][T23453] name failslab, interval 1, probability 0, space 0, times 0
[ 2739.322464][T23453] CPU: 0 UID: 0 PID: 23453 Comm: syz.0.4406 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 2739.322495][T23453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2739.322506][T23453] Call Trace:
[ 2739.322514][T23453]  <TASK>
[ 2739.322521][T23453]  dump_stack_lvl+0x189/0x250
[ 2739.322541][T23453]  ? irqentry_exit+0x74/0x90
[ 2739.322565][T23453]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2739.322602][T23453]  should_fail_ex+0x414/0x560
[ 2739.322635][T23453]  should_failslab+0xa8/0x100
[ 2739.322673][T23453]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 2739.322700][T23453]  ? xfrm_state_alloc+0x24/0x2f0
[ 2739.322734][T23453]  xfrm_state_alloc+0x24/0x2f0
[ 2739.322764][T23453]  xfrm_state_find+0x380d/0x5450
[ 2739.322793][T23453]  ? __pfx___find_rr_leaf+0x10/0x10
[ 2739.322821][T23453]  ? __pfx_fib6_node_lookup+0x10/0x10
[ 2739.322842][T23453]  ? rcu_is_watching+0x15/0xb0
[ 2739.322872][T23453]  ? xfrm_state_find+0x229/0x5450
[ 2739.322896][T23453]  ? __pfx_xfrm_state_find+0x10/0x10
[ 2739.322913][T23453]  ? __rt6_find_exception_rcu+0x127/0x4c0
[ 2739.322948][T23453]  ? __pfx___rt6_find_exception_rcu+0x10/0x10
[ 2739.322985][T23453]  xfrm_resolve_and_create_bundle+0x768/0x2f90
[ 2739.323023][T23453]  ? ip6_pol_route+0x162/0x1180
[ 2739.323052][T23453]  ? __pfx_ip6_pol_route+0x10/0x10
[ 2739.323071][T23453]  ? rcu_is_watching+0x15/0xb0
[ 2739.323094][T23453]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[ 2739.323117][T23453]  ? __lock_acquire+0xab9/0xd20
[ 2739.323155][T23453]  ? xfrm_sk_policy_lookup+0x9d/0x750
[ 2739.323194][T23453]  ? xfrm_sk_policy_lookup+0x9d/0x750
[ 2739.323223][T23453]  ? xfrm_expand_policies+0x41f/0x6a0
[ 2739.323254][T23453]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[ 2739.323281][T23453]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[ 2739.323308][T23453]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[ 2739.323327][T23453]  ? txopt_get+0x335/0x3f0
[ 2739.323350][T23453]  ? __pfx_txopt_get+0x10/0x10
[ 2739.323375][T23453]  xfrm_lookup_route+0x3c/0x1c0
[ 2739.323396][T23453]  rawv6_sendmsg+0xd97/0x17f0
[ 2739.323428][T23453]  ? __pfx_rawv6_sendmsg+0x10/0x10
[ 2739.323454][T23453]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[ 2739.323486][T23453]  ? sock_rps_record_flow+0x19/0x410
[ 2739.323502][T23453]  ? inet_sendmsg+0x2f4/0x370
[ 2739.323514][T23453]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2739.323537][T23453]  __sock_sendmsg+0x19c/0x270
[ 2739.323562][T23453]  ____sys_sendmsg+0x52d/0x830
[ 2739.323584][T23453]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2739.323609][T23453]  ? import_iovec+0x74/0xa0
[ 2739.323629][T23453]  ___sys_sendmsg+0x21f/0x2a0
[ 2739.323657][T23453]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2739.323702][T23453]  ? __fget_files+0x2a/0x420
[ 2739.323715][T23453]  ? __fget_files+0x3a0/0x420
[ 2739.323736][T23453]  __sys_sendmmsg+0x227/0x430
[ 2739.323759][T23453]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 2739.323776][T23453]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 2739.323810][T23453]  ? ksys_write+0x22a/0x250
[ 2739.323832][T23453]  ? __pfx_ksys_write+0x10/0x10
[ 2739.323857][T23453]  __x64_sys_sendmmsg+0xa0/0xc0
[ 2739.323877][T23453]  do_syscall_64+0xfa/0x3b0
[ 2739.323891][T23453]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2739.323905][T23453]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 2739.323919][T23453]  ? clear_bhb_loop+0x60/0xb0
[ 2739.323955][T23453]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2739.323970][T23453] RIP: 0033:0x7f50e078e929
[ 2739.323985][T23453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2739.323999][T23453] RSP: 002b:00007f50de5d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2739.324016][T23453] RAX: ffffffffffffffda RBX: 00007f50e09b6080 RCX: 00007f50e078e929
[ 2739.324028][T23453] RDX: 00000000000002e9 RSI: 0000200000000480 RDI: 0000000000000005
[ 2739.324038][T23453] RBP: 00007f50de5d5090 R08: 0000000000000000 R09: 0000000000000000
[ 2739.324048][T23453] R10: 000000000000ffe0 R11: 0000000000000246 R12: 0000000000000001
[ 2739.324057][T23453] R13: 0000000000000000 R14: 00007f50e09b6080 R15: 00007ffefa4eedc8
[ 2739.324081][T23453]  </TASK>
[ 2740.149722][T15987] Bluetooth: hci2: command 0x0406 tx timeout
[ 2740.525017][T15987] Bluetooth: hci1: command 0x0c1a tx timeout
[ 2742.554291][T15987] Bluetooth: hci1: command 0x0c1a tx timeout
[ 2742.557170][T23474] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2742.649700][T23474] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2742.691956][T23474] netlink: 260 bytes leftover after parsing attributes in process `syz.2.4413'.
[ 2742.709791][T23474] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4413'.
[ 2743.273446][T23482] macvtap1: entered allmulticast mode
[ 2743.279220][T23482] veth0_macvtap: entered allmulticast mode
[ 2743.948271][T23487] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4417'.
[ 2747.727334][T23520] macvtap40: entered allmulticast mode
[ 2748.577655][T23524] xt_recent: hitcount (16777216) is larger than allowed maximum (65535)
[ 2748.602889][T23528] FAULT_INJECTION: forcing a failure.
[ 2748.602889][T23528] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2749.463901][T23528] CPU: 0 UID: 0 PID: 23528 Comm: syz.2.4431 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 2749.463934][T23528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2749.463948][T23528] Call Trace:
[ 2749.463957][T23528]  <TASK>
[ 2749.463967][T23528]  dump_stack_lvl+0x189/0x250
[ 2749.463997][T23528]  ? __pfx____ratelimit+0x10/0x10
[ 2749.464029][T23528]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2749.464054][T23528]  ? __pfx__printk+0x10/0x10
[ 2749.464096][T23528]  should_fail_ex+0x414/0x560
[ 2749.464131][T23528]  _copy_from_user+0x2d/0xb0
[ 2749.464156][T23528]  __copy_msghdr+0x3c5/0x5b0
[ 2749.464189][T23528]  ___sys_sendmsg+0x1a5/0x2a0
[ 2749.464218][T23528]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2749.464285][T23528]  ? __fget_files+0x2a/0x420
[ 2749.464305][T23528]  ? __fget_files+0x3a0/0x420
[ 2749.464337][T23528]  __sys_sendmmsg+0x227/0x430
[ 2749.464370][T23528]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 2749.464394][T23528]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 2749.464444][T23528]  ? ksys_write+0x22a/0x250
[ 2749.464475][T23528]  ? __pfx_ksys_write+0x10/0x10
[ 2749.464501][T23528]  ? rcu_is_watching+0x15/0xb0
[ 2749.464532][T23528]  __x64_sys_sendmmsg+0xa0/0xc0
[ 2749.464561][T23528]  do_syscall_64+0xfa/0x3b0
[ 2749.464580][T23528]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2749.464610][T23528]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2749.464631][T23528]  ? clear_bhb_loop+0x60/0xb0
[ 2749.464657][T23528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2749.464677][T23528] RIP: 0033:0x7ff9c4f8e929
[ 2749.464697][T23528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2749.464714][T23528] RSP: 002b:00007ff9c5ddc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2749.464738][T23528] RAX: ffffffffffffffda RBX: 00007ff9c51b5fa0 RCX: 00007ff9c4f8e929
[ 2749.464754][T23528] RDX: 0000000000000001 RSI: 0000200000005c40 RDI: 0000000000000003
[ 2749.464768][T23528] RBP: 00007ff9c5ddc090 R08: 0000000000000000 R09: 0000000000000000
[ 2749.464781][T23528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2749.464801][T23528] R13: 0000000000000000 R14: 00007ff9c51b5fa0 R15: 00007fff3bf52408
[ 2749.464832][T23528]  </TASK>
[ 2750.991904][T23549] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4439'.
[ 2752.063842][T21245] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[ 2752.255638][T23558] netlink: 'syz.2.4441': attribute type 1 has an invalid length.
[ 2752.373574][T21245] usb 4-1: Using ep0 maxpacket: 8
[ 2752.383901][T23558] netlink: 244 bytes leftover after parsing attributes in process `syz.2.4441'.
[ 2752.449459][T21245] usb 4-1: config 2 has an invalid interface number: 206 but max is 0
[ 2752.498698][T21245] usb 4-1: config 2 has no interface number 0
[ 2752.587190][T21245] usb 4-1: config 2 interface 206 has no altsetting 0
[ 2752.648904][T21245] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10b2, bcdDevice=b1.2a
[ 2752.673161][T21245] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2753.838898][T21307] usb 4-1: USB disconnect, device number 45
[ 2754.823610][ T5890] usb 7-1: new high-speed USB device number 53 using dummy_hcd
[ 2755.063696][ T5890] usb 7-1: Using ep0 maxpacket: 16
[ 2755.119824][ T5890] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 2755.202484][ T5890] usb 7-1: config 0 has no interface number 0
[ 2755.249720][ T5890] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2755.532518][ T5890] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2755.532578][ T5890] usb 7-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[ 2755.532603][ T5890] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2755.535664][ T5890] usb 7-1: config 0 descriptor??
[ 2756.170845][ T5890] usbhid 7-1:0.1: can't add hid device: -71
[ 2756.222558][ T5890] usbhid 7-1:0.1: probe with driver usbhid failed with error -71
[ 2756.432460][ T5890] usb 7-1: USB disconnect, device number 53
[ 2757.670668][T23612] netlink: 'syz.2.4458': attribute type 4 has an invalid length.
[ 2757.678735][T23612] netlink: 199828 bytes leftover after parsing attributes in process `syz.2.4458'.
[ 2758.764344][T21245] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[ 2759.707506][T21245] usb 4-1: config index 0 descriptor too short (expected 45955, got 36)
[ 2759.790366][T21245] usb 4-1: config 95 has too many interfaces: 101, using maximum allowed: 32
[ 2759.891345][T21245] usb 4-1: config 95 has an invalid descriptor of length 203, skipping remainder of the config
[ 2759.902279][T21245] usb 4-1: config 95 has 0 interfaces, different from the descriptor's value: 101
[ 2759.912471][T21245] usb 4-1: New USB device found, idVendor=2133, idProduct=0018, bcdDevice= 0.00
[ 2759.923721][T21245] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2762.783634][T23648] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2762.792452][T23648] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2764.248379][T23666] macvtap19: entered allmulticast mode
[ 2765.600299][T21245] usb 4-1: string descriptor 0 read error: -32
[ 2767.453607][T16513] usb 7-1: new high-speed USB device number 54 using dummy_hcd
[ 2768.302868][T16513] usb 7-1: Using ep0 maxpacket: 32
[ 2768.776620][T16513] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 2768.863158][T16513] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 2769.055216][T16513] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 2769.910693][T16513] usb 7-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 2769.971968][T16513] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2770.050269][T16513] usb 7-1: config 0 descriptor??
[ 2770.094851][T16513] usb 7-1: can't set config #0, error -71
[ 2770.112585][T16513] usb 7-1: USB disconnect, device number 54
[ 2770.241774][T23714] netlink: 104 bytes leftover after parsing attributes in process `syz.6.4492'.
[ 2770.663388][T23640] delete_channel: no stack
[ 2770.724054][ T5890] usb 4-1: USB disconnect, device number 46
[ 2773.579505][T23737] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4497'.
[ 2774.287838][T10573] usb 7-1: new high-speed USB device number 55 using dummy_hcd
[ 2774.699064][T10573] usb 7-1: Using ep0 maxpacket: 8
[ 2774.859741][T23751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2774.880818][T23751] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2774.889936][T10573] usb 7-1: config 2 has an invalid interface number: 206 but max is 0
[ 2774.912392][T10573] usb 7-1: config 2 has no interface number 0
[ 2774.934888][T10573] usb 7-1: config 2 interface 206 has no altsetting 0
[ 2774.941772][T10573] usb 7-1: New USB device found, idVendor=0ccd, idProduct=10b2, bcdDevice=b1.2a
[ 2774.971417][T10573] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2775.109665][T23759] netlink: 'syz.7.4505': attribute type 4 has an invalid length.
[ 2775.120485][T23759] netlink: 199836 bytes leftover after parsing attributes in process `syz.7.4505'.
[ 2775.294916][T10573] usb 7-1: USB disconnect, device number 55
[ 2779.252376][T16513] usb 7-1: new high-speed USB device number 56 using dummy_hcd
[ 2779.319694][T23796] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4517'.
[ 2779.472322][T16513] usb 7-1: Using ep0 maxpacket: 8
[ 2779.511703][T16513] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64
[ 2779.564790][T23796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2779.592909][T16513] usb 7-1: config 0 interface 0 has no altsetting 0
[ 2779.623059][T16513] usb 7-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76
[ 2779.640282][T16513] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2779.642322][T23796] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2779.651632][T16513] usb 7-1: Product: syz
[ 2779.661333][T16513] usb 7-1: Manufacturer: syz
[ 2779.750833][T16513] usb 7-1: SerialNumber: syz
[ 2779.981858][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 2779.988431][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 2780.062258][T16513] usb 7-1: config 0 descriptor??
[ 2780.096881][T16513] snd_usb_toneport 7-1:0.0: Line 6 TonePort UX2 found
[ 2780.117652][T23810] overlayfs: failed to resolve './file1': -2
[ 2780.291490][T16513] snd_usb_toneport 7-1:0.0: cannot get proper max packet size
[ 2780.324426][T16513] snd_usb_toneport 7-1:0.0: Line 6 TonePort UX2 now disconnected
[ 2780.370321][T16513] snd_usb_toneport 7-1:0.0: probe with driver snd_usb_toneport failed with error -22
[ 2780.537286][T23789] netlink: 260 bytes leftover after parsing attributes in process `syz.6.4515'.
[ 2780.573679][T23789] netlink: 40 bytes leftover after parsing attributes in process `syz.6.4515'.
[ 2780.607270][T21245] usb 7-1: USB disconnect, device number 56
[ 2782.383129][T23823] netlink: 'syz.6.4526': attribute type 10 has an invalid length.
[ 2782.502263][T23823] syz_tun: entered promiscuous mode
[ 2782.856658][T23823] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 2783.195577][T23824] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 2783.203751][T23824] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2783.209867][T23824] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2785.211786][T15987] Bluetooth: hci3: command 0x0406 tx timeout
[ 2785.322603][T15987] Bluetooth: hci1: command 0x0c1a tx timeout
[ 2785.328695][T15987] Bluetooth: hci2: command 0x0406 tx timeout
[ 2785.536048][T23867] loop2: detected capacity change from 0 to 7
[ 2785.537546][T23866] qnx6: unable to read the first superblock
[ 2785.565110][T23867] Dev loop2: unable to read RDB block 7
[ 2785.588517][T23867]  loop2: AHDI p1 p2 p3
[ 2785.593057][T23867] loop2: partition table partially beyond EOD, truncated
[ 2785.604678][T23867] loop2: p1 start 1601398130 is beyond EOD, truncated
[ 2785.630088][T23867] loop2: p2 start 1702059890 is beyond EOD, truncated
[ 2787.134212][T23894] netlink: 1688 bytes leftover after parsing attributes in process `syz.7.4553'.
[ 2787.256654][T23898] FAULT_INJECTION: forcing a failure.
[ 2787.256654][T23898] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2787.297819][T23898] CPU: 0 UID: 0 PID: 23898 Comm: syz.3.4554 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 2787.297854][T23898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2787.297867][T23898] Call Trace:
[ 2787.297877][T23898]  <TASK>
[ 2787.297887][T23898]  dump_stack_lvl+0x189/0x250
[ 2787.297917][T23898]  ? __pfx____ratelimit+0x10/0x10
[ 2787.297949][T23898]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2787.297973][T23898]  ? __pfx__printk+0x10/0x10
[ 2787.298002][T23898]  ? fs_reclaim_acquire+0x7d/0x100
[ 2787.298033][T23898]  should_fail_ex+0x414/0x560
[ 2787.298080][T23898]  prepare_alloc_pages+0x213/0x610
[ 2787.298109][T23898]  __alloc_frozen_pages_noprof+0x123/0x370
[ 2787.298137][T23898]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 2787.298178][T23898]  alloc_pages_mpol+0x232/0x4a0
[ 2787.298214][T23898]  alloc_pages_noprof+0xa9/0x190
[ 2787.298246][T23898]  get_zeroed_page_noprof+0x1a/0x90
[ 2787.298275][T23898]  machine_kexec_prepare+0xc06/0x1860
[ 2787.298313][T23898]  ? __pfx_machine_kexec_prepare+0x10/0x10
[ 2787.298340][T23898]  ? __pfx_alloc_pgt_page+0x10/0x10
[ 2787.298386][T23898]  do_kexec_load+0x5f2/0x820
[ 2787.298411][T23898]  ? __pfx_do_kexec_load+0x10/0x10
[ 2787.298436][T23898]  ? _copy_from_user+0x94/0xb0
[ 2787.298463][T23898]  __se_sys_kexec_load+0x134/0x160
[ 2787.298488][T23898]  do_syscall_64+0xfa/0x3b0
[ 2787.298506][T23898]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2787.298534][T23898]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2787.298554][T23898]  ? clear_bhb_loop+0x60/0xb0
[ 2787.298579][T23898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2787.298598][T23898] RIP: 0033:0x7f49ba38e929
[ 2787.298617][T23898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2787.298634][T23898] RSP: 002b:00007f49bb21d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6
[ 2787.298656][T23898] RAX: ffffffffffffffda RBX: 00007f49ba5b5fa0 RCX: 00007f49ba38e929
[ 2787.298671][T23898] RDX: 00002000000000c0 RSI: 0000000000000001 RDI: 0000000000000000
[ 2787.298683][T23898] RBP: 00007f49bb21d090 R08: 0000000000000000 R09: 0000000000000000
[ 2787.298696][T23898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2787.298720][T23898] R13: 0000000000000001 R14: 00007f49ba5b5fa0 R15: 00007ffed94587d8
[ 2787.298750][T23898]  </TASK>
[ 2789.111881][T14902] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[ 2789.183850][T14902] hid-generic 0000:0000:0000.0019: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 2789.441559][T21245] usb 8-1: new high-speed USB device number 46 using dummy_hcd
[ 2789.607238][T23933] fuse: Unknown parameter '00000000000000000000003'
[ 2789.621704][T21245] usb 8-1: Using ep0 maxpacket: 8
[ 2789.645201][T21245] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64
[ 2789.671695][T21245] usb 8-1: config 0 interface 0 has no altsetting 0
[ 2789.712484][T21245] usb 8-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76
[ 2789.726717][T21245] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2789.745685][T21245] usb 8-1: Product: syz
[ 2789.749941][T21245] usb 8-1: Manufacturer: syz
[ 2789.758940][T21245] usb 8-1: SerialNumber: syz
[ 2789.772128][T21245] usb 8-1: config 0 descriptor??
[ 2789.789221][T21245] snd_usb_toneport 8-1:0.0: Line 6 TonePort UX2 found
[ 2789.886011][T23943] netlink: 'syz.3.4567': attribute type 25 has an invalid length.
[ 2790.241058][T21245] snd_usb_toneport 8-1:0.0: cannot get proper max packet size
[ 2790.285651][T21245] snd_usb_toneport 8-1:0.0: Line 6 TonePort UX2 now disconnected
[ 2790.496539][T23910] netlink: 260 bytes leftover after parsing attributes in process `syz.7.4558'.
[ 2790.503645][T21245] snd_usb_toneport 8-1:0.0: probe with driver snd_usb_toneport failed with error -22
[ 2790.507491][T23910] netlink: 40 bytes leftover after parsing attributes in process `syz.7.4558'.
[ 2790.571537][T21245] usb 8-1: USB disconnect, device number 46
[ 2790.851687][T23951] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2790.882414][T23951] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2793.353025][T23975] fuse: Unknown parameter '00000000000000000000003'
[ 2794.002403][T23978] fuse: Unknown parameter 'group_i00000000000000000000'
[ 2794.104481][T23980] netlink: 'syz.0.4580': attribute type 4 has an invalid length.
[ 2794.112466][T23980] netlink: 199828 bytes leftover after parsing attributes in process `syz.0.4580'.
[ 2794.122471][T21307] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[ 2794.791536][T21307] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[ 2794.816199][T21307] usb 4-1: config 0 has no interface number 0
[ 2794.865094][T21307] usb 4-1: config 0 interface 255 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 2794.915764][T21307] usb 4-1: config 0 interface 255 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 2795.432769][T21307] usb 4-1: string descriptor 0 read error: -71
[ 2795.439210][T21307] usb 4-1: New USB device found, idVendor=10cf, idProduct=8065, bcdDevice=91.79
[ 2795.463399][T21307] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2795.494339][T21307] usb 4-1: config 0 descriptor??
[ 2795.523046][T21307] usb 4-1: can't set config #0, error -71
[ 2795.544969][T21307] usb 4-1: USB disconnect, device number 47
[ 2796.962644][T24008] fuse: Unknown parameter 'group_i00000000000000000000'
[ 2797.435377][T24021] netlink: 'syz.2.4593': attribute type 4 has an invalid length.
[ 2797.443232][T24021] netlink: 199828 bytes leftover after parsing attributes in process `syz.2.4593'.
[ 2798.609902][T24022] netlink: 'syz.7.4594': attribute type 4 has an invalid length.
[ 2798.769566][T24035] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4598'.
[ 2799.792947][T24057] netlink: 'syz.7.4606': attribute type 4 has an invalid length.
[ 2799.801105][T24057] netlink: 199828 bytes leftover after parsing attributes in process `syz.7.4606'.
[ 2800.360897][ T5890] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[ 2800.873128][ T5890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 2801.503374][ T5890] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 2801.515402][ T5890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2801.525999][ T5890] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 2801.535949][ T5890] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 2801.545141][ T5890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2801.558559][ T5890] usb 4-1: config 0 descriptor??
[ 2801.827514][T24080] netlink: 'syz.2.4615': attribute type 1 has an invalid length.
[ 2801.835435][T24080] netlink: 244 bytes leftover after parsing attributes in process `syz.2.4615'.
[ 2801.928842][ T5890] hdpvr 4-1:0.0: firmware version 0x69 dated Ģ
[ 2802.001883][ T5890] hdpvr 4-1:0.0: untested firmware, the driver might not work.
[ 2804.910447][ T5890] hdpvr 4-1:0.0: device init failed
[ 2804.925142][ T5890] hdpvr 4-1:0.0: probe with driver hdpvr failed with error -12
[ 2804.967320][ T5890] usb 4-1: USB disconnect, device number 48
[ 2807.143096][T24126] No control pipe specified
[ 2807.350690][T24130] netlink: 104 bytes leftover after parsing attributes in process `syz.7.4631'.
[ 2810.203376][T24161] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4643'.
[ 2810.560439][ T5890] usb 7-1: new high-speed USB device number 57 using dummy_hcd
[ 2811.032732][ T5890] usb 7-1: Using ep0 maxpacket: 8
[ 2811.360974][T24170] autofs: Bad value for 'fd'
[ 2811.365735][ T5890] usb 7-1: config 2 has an invalid interface number: 206 but max is 0
[ 2811.422913][ T5890] usb 7-1: config 2 has no interface number 0
[ 2811.437912][ T5890] usb 7-1: config 2 interface 206 has no altsetting 0
[ 2811.460315][ T5890] usb 7-1: New USB device found, idVendor=0ccd, idProduct=10b2, bcdDevice=b1.2a
[ 2811.479688][ T5890] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2811.584511][T24178] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4647'.
[ 2811.714156][T24180] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 2811.775841][ T5890] usb 7-1: USB disconnect, device number 57
[ 2812.236026][T24195] bio_check_eod: 2 callbacks suppressed
[ 2812.236050][T24195] syz.7.4654: attempt to access beyond end of device
[ 2812.236050][T24195] nbd7: rw=0, sector=6, nr_sectors = 2 limit=0
[ 2812.255493][T24195] ADFS-fs (nbd7): error: unable to read block 3, try 0
[ 2813.437096][T24203] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2813.487660][T24203] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2814.030585][T24203] FAULT_INJECTION: forcing a failure.
[ 2814.030585][T24203] name failslab, interval 1, probability 0, space 0, times 0
[ 2814.072308][T24203] CPU: 0 UID: 0 PID: 24203 Comm: syz.2.4657 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 2814.072341][T24203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2814.072354][T24203] Call Trace:
[ 2814.072363][T24203]  <TASK>
[ 2814.072372][T24203]  dump_stack_lvl+0x189/0x250
[ 2814.072400][T24203]  ? __pfx____ratelimit+0x10/0x10
[ 2814.072432][T24203]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2814.072455][T24203]  ? __pfx__printk+0x10/0x10
[ 2814.072487][T24203]  ? __pfx___might_resched+0x10/0x10
[ 2814.072508][T24203]  ? fs_reclaim_acquire+0x7d/0x100
[ 2814.072533][T24203]  should_fail_ex+0x414/0x560
[ 2814.072568][T24203]  should_failslab+0xa8/0x100
[ 2814.072600][T24203]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 2814.072627][T24203]  ? alloc_empty_file+0x55/0x1d0
[ 2814.072654][T24203]  alloc_empty_file+0x55/0x1d0
[ 2814.072691][T24203]  path_openat+0x107/0x3830
[ 2814.072714][T24203]  ? arch_stack_walk+0xfc/0x150
[ 2814.072768][T24203]  ? kasan_save_track+0x4f/0x80
[ 2814.072794][T24203]  ? kasan_save_track+0x3e/0x80
[ 2814.072819][T24203]  ? __kasan_slab_alloc+0x6c/0x80
[ 2814.072845][T24203]  ? getname_flags+0xb8/0x540
[ 2814.072864][T24203]  ? __pfx_path_openat+0x10/0x10
[ 2814.072887][T24203]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2814.072949][T24203]  do_filp_open+0x1fa/0x410
[ 2814.072973][T24203]  ? __lock_acquire+0xab9/0xd20
[ 2814.072995][T24203]  ? __pfx_do_filp_open+0x10/0x10
[ 2814.073046][T24203]  ? _raw_spin_unlock+0x28/0x50
[ 2814.073072][T24203]  ? alloc_fd+0x64c/0x6c0
[ 2814.073116][T24203]  do_sys_openat2+0x121/0x1c0
[ 2814.073143][T24203]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2814.073167][T24203]  ? ksys_write+0x22a/0x250
[ 2814.073198][T24203]  ? __pfx_ksys_write+0x10/0x10
[ 2814.073222][T24203]  ? rcu_is_watching+0x15/0xb0
[ 2814.073249][T24203]  __x64_sys_openat+0x138/0x170
[ 2814.073280][T24203]  do_syscall_64+0xfa/0x3b0
[ 2814.073298][T24203]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2814.073328][T24203]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2814.073348][T24203]  ? clear_bhb_loop+0x60/0xb0
[ 2814.073373][T24203]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2814.073393][T24203] RIP: 0033:0x7ff9c4f8d290
[ 2814.073412][T24203] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[ 2814.073430][T24203] RSP: 002b:00007ff9c5ddbb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 2814.073453][T24203] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff9c4f8d290
[ 2814.073468][T24203] RDX: 0000000000000000 RSI: 00007ff9c5ddbc10 RDI: 00000000ffffff9c
[ 2814.073482][T24203] RBP: 00007ff9c5ddbc10 R08: 0000000000000000 R09: 0000000000000000
[ 2814.073495][T24203] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
[ 2814.073508][T24203] R13: 0000000000000000 R14: 00007ff9c51b5fa0 R15: 00007fff3bf52408
[ 2814.073541][T24203]  </TASK>
[ 2814.407105][T24213] autofs: Bad value for 'fd'
[ 2814.516359][T24218] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4662'.
[ 2814.891361][T24235] netlink: 'syz.7.4667': attribute type 3 has an invalid length.
[ 2817.148887][T24252] autofs: Bad value for 'fd'
[ 2817.407922][T24259] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4677'.
[ 2817.566250][T24263] trusted_key: encrypted_key: insufficient parameters specified
[ 2822.564389][T24304] autofs: Unknown parameter '0x0000000000000000'
[ 2827.041700][T10573] usb 8-1: new high-speed USB device number 47 using dummy_hcd
[ 2827.733510][T10573] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2827.749075][T10573] usb 8-1: config 0 interface 0 has no altsetting 0
[ 2827.771648][T10573] usb 8-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[ 2828.069352][T10573] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2828.134368][T10573] usb 8-1: Product: syz
[ 2828.138573][T10573] usb 8-1: Manufacturer: syz
[ 2828.231766][T10573] usb 8-1: SerialNumber: syz
[ 2828.250148][T10573] usb 8-1: config 0 descriptor??
[ 2828.273811][T10573] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[ 2828.544662][T24340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2828.566290][T24340] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2828.597245][T24360] syz.2.4705: attempt to access beyond end of device
[ 2828.597245][T24360] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[ 2828.610437][T24360] ADFS-fs (nbd2): error: unable to read block 3, try 0
[ 2828.827999][T10573] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 2828.864354][T24366] syz.3.4707: attempt to access beyond end of device
[ 2828.864354][T24366] nbd3: rw=0, sector=6, nr_sectors = 2 limit=0
[ 2828.877306][T24366] ADFS-fs (nbd3): error: unable to read block 3, try 0
[ 2829.605815][T24362] sch_tbf: burst 4393 is lower than device lo mtu (65550) !
[ 2829.849863][T10573] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[ 2829.858525][T10573] usb 8-1: media controller created
[ 2831.238045][T10573] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 2831.343364][T24380] sp0: Synchronizing with TNC
[ 2831.608148][T10573] DVB: Unable to find symbol tda10046_attach()
[ 2831.624413][T10573] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[ 2831.664626][T10573] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[ 2831.943574][T24340] m920x_read = error: -110
[ 2832.433175][T10573] dvb_usb_m920x 8-1:0.0: probe with driver dvb_usb_m920x failed with error -32
[ 2832.678022][ T1210] usb 8-1: USB disconnect, device number 47
[ 2833.697024][T24425] fuse: Bad value for 'fd'
[ 2840.798312][T24479] syz.7.4738: attempt to access beyond end of device
[ 2840.798312][T24479] nbd7: rw=0, sector=6, nr_sectors = 2 limit=0
[ 2840.811297][T24479] ADFS-fs (nbd7): error: unable to read block 3, try 0
[ 2841.079090][T21245] usb 4-1: new full-speed USB device number 49 using dummy_hcd
[ 2841.353733][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 2841.360222][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 2841.551709][T21245] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[ 2841.679420][T21245] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[ 2841.717755][T21245] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[ 2841.883064][T21245] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 2841.905639][T21245] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2841.940440][T21245] usb 4-1: Product: syz
[ 2841.958567][T21245] usb 4-1: Manufacturer: syz
[ 2841.963244][T21245] usb 4-1: SerialNumber: syz
[ 2842.003891][T21245] usb 4-1: config 0 descriptor??
[ 2842.029775][T24478] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 2842.047522][T24478] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 2842.067738][T21245] usb 4-1: ucan: probing device on interface #0
[ 2842.236509][T19346] Bluetooth: hci2: SCO packet for unknown connection handle 200
[ 2842.473752][T21245] usb 4-1: ucan: device reported invalid device info
[ 2842.488735][T21245] usb 4-1: ucan: probe failed; try to update the device firmware
[ 2842.679964][T21245] usb 4-1: USB disconnect, device number 49
[ 2844.295454][T24525] FAULT_INJECTION: forcing a failure.
[ 2844.295454][T24525] name failslab, interval 1, probability 0, space 0, times 0
[ 2844.439083][T24525] CPU: 1 UID: 0 PID: 24525 Comm: syz.3.4755 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 2844.439116][T24525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2844.439136][T24525] Call Trace:
[ 2844.439145][T24525]  <TASK>
[ 2844.439154][T24525]  dump_stack_lvl+0x189/0x250
[ 2844.439183][T24525]  ? __pfx____ratelimit+0x10/0x10
[ 2844.439214][T24525]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2844.439237][T24525]  ? __pfx__printk+0x10/0x10
[ 2844.439265][T24525]  ? __pfx___might_resched+0x10/0x10
[ 2844.439288][T24525]  ? fs_reclaim_acquire+0x7d/0x100
[ 2844.439314][T24525]  should_fail_ex+0x414/0x560
[ 2844.439347][T24525]  should_failslab+0xa8/0x100
[ 2844.439380][T24525]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 2844.439408][T24525]  ? getname_flags+0xb8/0x540
[ 2844.439432][T24525]  getname_flags+0xb8/0x540
[ 2844.439457][T24525]  __x64_sys_rename+0x5d/0x90
[ 2844.439492][T24525]  do_syscall_64+0xfa/0x3b0
[ 2844.439510][T24525]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2844.439539][T24525]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2844.439560][T24525]  ? clear_bhb_loop+0x60/0xb0
[ 2844.439584][T24525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2844.439604][T24525] RIP: 0033:0x7f49ba38e929
[ 2844.439622][T24525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2844.439640][T24525] RSP: 002b:00007f49bb1fc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[ 2844.439662][T24525] RAX: ffffffffffffffda RBX: 00007f49ba5b6080 RCX: 00007f49ba38e929
[ 2844.439677][T24525] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000200000000100
[ 2844.439690][T24525] RBP: 00007f49bb1fc090 R08: 0000000000000000 R09: 0000000000000000
[ 2844.439702][T24525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2844.439714][T24525] R13: 0000000000000001 R14: 00007f49ba5b6080 R15: 00007ffed94587d8
[ 2844.439746][T24525]  </TASK>
[ 2845.346132][ T1210] usb 8-1: new high-speed USB device number 48 using dummy_hcd
[ 2845.370818][T24534] FAULT_INJECTION: forcing a failure.
[ 2845.370818][T24534] name failslab, interval 1, probability 0, space 0, times 0
[ 2845.393141][T24534] CPU: 1 UID: 0 PID: 24534 Comm: syz.3.4759 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 2845.393173][T24534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2845.393187][T24534] Call Trace:
[ 2845.393196][T24534]  <TASK>
[ 2845.393206][T24534]  dump_stack_lvl+0x189/0x250
[ 2845.393237][T24534]  ? __pfx____ratelimit+0x10/0x10
[ 2845.393270][T24534]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2845.393292][T24534]  ? __pfx__printk+0x10/0x10
[ 2845.393309][T24534]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 2845.393333][T24534]  ? sctp_get_port_local+0xe4c/0x1610
[ 2845.393356][T24534]  should_fail_ex+0x414/0x560
[ 2845.393381][T24534]  should_failslab+0xa8/0x100
[ 2845.393406][T24534]  __kmalloc_cache_noprof+0x70/0x3d0
[ 2845.393428][T24534]  ? sctp_add_bind_addr+0x8c/0x370
[ 2845.393446][T24534]  sctp_add_bind_addr+0x8c/0x370
[ 2845.393460][T24534]  ? sctp_auto_asconf_init+0x15c/0x1e0
[ 2845.393482][T24534]  sctp_do_bind+0x5ab/0x940
[ 2845.393511][T24534]  sctp_connect_new_asoc+0x25c/0x690
[ 2845.393532][T24534]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 2845.393550][T24534]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 2845.393571][T24534]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 2845.393584][T24534]  ? security_sctp_bind_connect+0x7e/0x2e0
[ 2845.393610][T24534]  sctp_sendmsg+0x155c/0x2810
[ 2845.393638][T24534]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 2845.393672][T24534]  ? sock_rps_record_flow+0x19/0x410
[ 2845.393688][T24534]  ? inet_sendmsg+0x2f4/0x370
[ 2845.393706][T24534]  __sock_sendmsg+0x19c/0x270
[ 2845.393732][T24534]  ____sys_sendmsg+0x505/0x830
[ 2845.393755][T24534]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2845.393781][T24534]  ? import_iovec+0x74/0xa0
[ 2845.393801][T24534]  ___sys_sendmsg+0x21f/0x2a0
[ 2845.393822][T24534]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2845.393871][T24534]  ? __fget_files+0x2a/0x420
[ 2845.393884][T24534]  ? __fget_files+0x3a0/0x420
[ 2845.393907][T24534]  __x64_sys_sendmsg+0x19b/0x260
[ 2845.393928][T24534]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 2845.393955][T24534]  ? __pfx_ksys_write+0x10/0x10
[ 2845.393974][T24534]  ? rcu_is_watching+0x15/0xb0
[ 2845.393995][T24534]  ? do_syscall_64+0xbe/0x3b0
[ 2845.394013][T24534]  do_syscall_64+0xfa/0x3b0
[ 2845.394025][T24534]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2845.394048][T24534]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2845.394063][T24534]  ? clear_bhb_loop+0x60/0xb0
[ 2845.394082][T24534]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2845.394103][T24534] RIP: 0033:0x7f49ba38e929
[ 2845.394118][T24534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2845.394137][T24534] RSP: 002b:00007f49bb21d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2845.394160][T24534] RAX: ffffffffffffffda RBX: 00007f49ba5b5fa0 RCX: 00007f49ba38e929
[ 2845.394176][T24534] RDX: 0000000000000c20 RSI: 0000200000000c80 RDI: 0000000000000003
[ 2845.394190][T24534] RBP: 00007f49bb21d090 R08: 0000000000000000 R09: 0000000000000000
[ 2845.394206][T24534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2845.394215][T24534] R13: 0000000000000000 R14: 00007f49ba5b5fa0 R15: 00007ffed94587d8
[ 2845.394247][T24534]  </TASK>
[ 2845.848376][ T1210] usb 8-1: Using ep0 maxpacket: 32
[ 2845.896533][ T1210] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 2845.923598][ T1210] usb 8-1: config 7 has an invalid interface number: 187 but max is 0
[ 2845.974109][ T1210] usb 8-1: config 7 has an invalid descriptor of length 117, skipping remainder of the config
[ 2846.098559][ T1210] usb 8-1: config 7 has no interface number 0
[ 2846.104789][ T1210] usb 8-1: config 7 interface 187 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 2846.117989][ T1210] usb 8-1: config 7 interface 187 has no altsetting 0
[ 2846.138114][ T1210] usb 8-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[ 2846.172269][ T1210] usb 8-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[ 2846.188279][ T1210] usb 8-1: Product: syz
[ 2846.193424][ T1210] usb 8-1: Manufacturer: syz
[ 2846.215335][ T1210] usb 8-1: SerialNumber: syz
[ 2846.449126][ T1210] usb 8-1: Limiting number of CPorts to U8_MAX
[ 2846.501551][ T1210] usb 8-1: Not enough endpoints found in device, aborting!
[ 2850.271545][T21245] usb 8-1: USB disconnect, device number 48
[ 2853.675917][T24581] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2853.687323][T24581] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2854.462418][T24594] loop8: detected capacity change from 0 to 79
[ 2867.046762][T24683] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2867.097872][T24683] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2867.598930][T24689] ocfs2: Unknown parameter 'barrier)'
[ 2868.447040][T14902] usb 7-1: new high-speed USB device number 58 using dummy_hcd
[ 2868.632502][T14902] usb 7-1: config 0 has an invalid interface number: 255 but max is 0
[ 2868.649992][T14902] usb 7-1: config 0 has no interface number 0
[ 2869.596648][T14902] usb 7-1: config 0 interface 255 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 2869.689637][T14902] usb 7-1: config 0 interface 255 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 2869.703566][T14902] usb 7-1: New USB device found, idVendor=10cf, idProduct=8065, bcdDevice=91.79
[ 2869.713269][T14902] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2869.721681][T14902] usb 7-1: Product: syz
[ 2869.726078][T14902] usb 7-1: Manufacturer: syz
[ 2869.737803][T14902] usb 7-1: SerialNumber: syz
[ 2869.896659][T14902] usb 7-1: config 0 descriptor??
[ 2869.907763][T14902] vmk80xx 7-1:0.255: driver 'vmk80xx' failed to auto-configure device.
[ 2869.919203][T14902] vmk80xx 7-1:0.255: probe with driver vmk80xx failed with error -22
[ 2870.810448][T14902] usb 7-1: USB disconnect, device number 58
[ 2870.984385][T24717] fuse: Bad value for 'group_id'
[ 2870.989549][T24717] fuse: Bad value for 'group_id'
[ 2871.307090][T14902] usb 7-1: new full-speed USB device number 59 using dummy_hcd
[ 2871.800070][T14902] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 2871.816043][T14902] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2871.851473][T14902] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 2871.870175][T14902] usb 7-1: New USB device strings: Mfr=145, Product=0, SerialNumber=0
[ 2871.917902][T14902] usb 7-1: Manufacturer: syz
[ 2871.949981][T14902] usb 7-1: config 0 descriptor??
[ 2871.986181][T14902] hub 7-1:0.0: USB hub found
[ 2872.303488][T14902] hub 7-1:0.0: 1 port detected
[ 2872.567666][T24737] netlink: 384 bytes leftover after parsing attributes in process `syz.0.4822'.
[ 2872.578430][T24737] netlink: 'syz.0.4822': attribute type 2 has an invalid length.
[ 2874.543826][T24743] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2874.571171][T14902] usb 7-1: USB disconnect, device number 59
[ 2874.642195][T24743] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2874.740525][T24743] ocfs2: Unknown parameter 'barrier)'
[ 2875.598458][T24760] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2875.717542][T24760] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2876.757534][ T5890] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[ 2876.917260][ T5890] usb 4-1: Using ep0 maxpacket: 8
[ 2877.587294][ T5890] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64
[ 2877.601788][ T5890] usb 4-1: config 0 interface 0 has no altsetting 0
[ 2877.681954][ T5890] usb 4-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76
[ 2877.782571][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2877.807900][ T5890] usb 4-1: Product: syz
[ 2877.812232][ T5890] usb 4-1: Manufacturer: syz
[ 2877.854394][ T5890] usb 4-1: SerialNumber: syz
[ 2877.884099][ T5890] usb 4-1: config 0 descriptor??
[ 2877.889860][T24775] fuse: Unknown parameter 'use00000000000000000000'
[ 2877.973709][ T5890] usb 4-1: can't set config #0, error -71
[ 2878.005400][ T5890] usb 4-1: USB disconnect, device number 50
[ 2878.281680][T24790] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4837'.
[ 2880.584567][T24818] netlink: 68 bytes leftover after parsing attributes in process `syz.6.4844'.
[ 2881.652690][T24857] fuse: Unknown parameter 'use00000000000000000000'
[ 2882.537535][T24864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2882.558000][T24864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2882.906804][T10573] usb 7-1: new high-speed USB device number 60 using dummy_hcd
[ 2883.716391][T10573] usb 7-1: Using ep0 maxpacket: 16
[ 2883.932367][T10573] usb 7-1: config 0 has an invalid interface number: 148 but max is 0
[ 2883.967873][T10573] usb 7-1: config 0 has no interface number 0
[ 2883.974069][T10573] usb 7-1: config 0 interface 148 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[ 2884.017253][T10573] usb 7-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[ 2884.031504][T10573] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2884.492726][T10573] usb 7-1: config 0 descriptor??
[ 2886.169741][T24893] fuse: Unknown parameter 'use00000000000000000000'
[ 2886.863458][T16506] usb 7-1: USB disconnect, device number 60
[ 2887.996389][ T5890] usb 7-1: new high-speed USB device number 61 using dummy_hcd
[ 2888.201666][ T5890] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2888.294635][ T5890] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2888.344595][ T5890] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 2888.425496][ T5890] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2888.636682][ T5890] usb 7-1: config 0 descriptor??
[ 2889.718775][T16506] usb 3-1: USB disconnect, device number 29
[ 2889.795017][T15987] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2889.806401][T15987] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2889.817612][T15987] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2889.825994][T15987] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2889.835614][T15987] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2889.964600][ T5890] usb 7-1: string descriptor 0 read error: -22
[ 2890.266568][T10573] usb 8-1: new high-speed USB device number 49 using dummy_hcd
[ 2890.303376][T24921] chnl_net:caif_netlink_parms(): no params data found
[ 2890.382797][ T5890] input: HID 256c:006d as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:256C:006D.001A/input/input34
[ 2890.417904][T10573] usb 8-1: Using ep0 maxpacket: 16
[ 2890.439803][T10573] usb 8-1: config 0 has an invalid interface number: 148 but max is 0
[ 2890.455357][T10573] usb 8-1: config 0 has no interface number 0
[ 2890.462510][T10573] usb 8-1: config 0 interface 148 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[ 2890.514983][ T5890] uclogic 0003:256C:006D.001A: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.6-1/input0
[ 2890.621388][T10573] usb 8-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[ 2890.624691][ T5890] usb 7-1: USB disconnect, device number 61
[ 2890.648492][T10573] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2890.687263][T10573] usb 8-1: config 0 descriptor??
[ 2890.863332][T24921] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2890.883686][T24932] udevd[24932]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.148/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2890.887935][T24931] fido_id[24931]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory
[ 2890.923429][T24921] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2890.932703][T24921] bridge_slave_0: entered allmulticast mode
[ 2890.956208][T24934] fuse: Unknown parameter 'user_i00000000000000000000'
[ 2891.195567][T24921] bridge_slave_0: entered promiscuous mode
[ 2891.906431][T19346] Bluetooth: hci4: command tx timeout
[ 2891.928260][T24921] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2891.953070][T24921] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2891.970738][T24921] bridge_slave_1: entered allmulticast mode
[ 2892.006315][T24921] bridge_slave_1: entered promiscuous mode
[ 2892.166155][T24921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2892.200188][T24921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2892.298503][T24921] team0: Port device team_slave_0 added
[ 2892.309051][T24921] team0: Port device team_slave_1 added
[ 2892.351976][T24921] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2892.359810][T24921] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2892.388309][T24921] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2892.402416][T24921] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2892.409653][T24921] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2892.436891][T24921] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2892.529326][T24921] hsr_slave_0: entered promiscuous mode
[ 2892.539550][T24921] hsr_slave_1: entered promiscuous mode
[ 2892.546044][T24921] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2892.553817][T24921] Cannot create hsr debugfs directory
[ 2892.820528][T24921] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2892.941986][T24921] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2893.095001][T14902] usb 8-1: USB disconnect, device number 49
[ 2893.177297][T24921] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2893.267440][T24921] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2893.478407][T24921] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 2893.488709][T24921] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 2893.505193][T24921] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 2893.516858][T24921] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 2893.601292][T24921] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2893.631168][T24921] 8021q: adding VLAN 0 to HW filter on device team0
[ 2893.645147][T21571] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2893.652363][T21571] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2893.674291][T24845] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2893.681507][T24845] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2893.915385][T24921] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2893.965734][T24921] veth0_vlan: entered promiscuous mode
[ 2893.980106][T24921] veth1_vlan: entered promiscuous mode
[ 2893.986091][T19346] Bluetooth: hci4: command tx timeout
[ 2894.018703][T24921] veth0_macvtap: entered promiscuous mode
[ 2894.030560][T24921] veth1_macvtap: entered promiscuous mode
[ 2894.052394][T24921] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2894.073526][T24921] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2894.085263][T24921] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2894.094498][T24921] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2894.104146][T24921] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2894.113082][T24921] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2894.213630][T21571] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2894.232835][T21571] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2894.263574][T18032] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2894.271873][T18032] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2896.067160][T19346] Bluetooth: hci4: command tx timeout
[ 2898.145602][T19346] Bluetooth: hci4: command tx timeout
[ 2899.106082][T14902] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[ 2900.040278][T14902] usb 4-1: Using ep0 maxpacket: 16
[ 2900.088458][T14902] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 2900.125995][T14902] usb 4-1: config 0 has no interface number 0
[ 2900.150639][T14902] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2900.205382][T14902] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2900.376416][T14902] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[ 2900.386193][T14902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2900.413424][T14902] usb 4-1: config 0 descriptor??
[ 2901.173631][T14902] usbhid 4-1:0.1: can't add hid device: -71
[ 2901.293095][T14902] usbhid 4-1:0.1: probe with driver usbhid failed with error -71
[ 2901.613680][T15987] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2901.643677][T15987] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2901.655748][T15987] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2901.664079][T15987] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2901.672829][T15987] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2901.709052][T14902] usb 4-1: USB disconnect, device number 51
[ 2902.811277][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 2902.841045][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 2903.745141][T19346] Bluetooth: hci0: command tx timeout
[ 2903.746538][T24953] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[ 2903.941332][T24953] usb 3-1: config 0 has an invalid interface number: 255 but max is 0
[ 2903.969235][T24953] usb 3-1: config 0 has no interface number 0
[ 2903.982235][T24953] usb 3-1: config 0 interface 255 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 2904.036268][T24953] usb 3-1: config 0 interface 255 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 2904.086674][T24978] chnl_net:caif_netlink_parms(): no params data found
[ 2904.107660][T24953] usb 3-1: New USB device found, idVendor=10cf, idProduct=8065, bcdDevice=91.79
[ 2904.122175][T24953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2904.142892][T24953] usb 3-1: Product: syz
[ 2904.168629][T24953] usb 3-1: Manufacturer: syz
[ 2904.173270][T24953] usb 3-1: SerialNumber: syz
[ 2904.208152][T24953] usb 3-1: config 0 descriptor??
[ 2904.254790][T24953] vmk80xx 3-1:0.255: driver 'vmk80xx' failed to auto-configure device.
[ 2904.292248][T24953] vmk80xx 3-1:0.255: probe with driver vmk80xx failed with error -22
[ 2904.454064][T24978] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2904.473522][T24978] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2904.481170][T24978] bridge_slave_0: entered allmulticast mode
[ 2904.500994][T24978] bridge_slave_0: entered promiscuous mode
[ 2904.520754][T24978] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2904.641389][T24978] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2905.368903][T24978] bridge_slave_1: entered allmulticast mode
[ 2905.384625][T24978] bridge_slave_1: entered promiscuous mode
[ 2905.601506][T24978] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2905.628577][T24978] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2905.671975][ T5890] usb 3-1: USB disconnect, device number 30
[ 2905.804643][T24978] team0: Port device team_slave_0 added
[ 2905.823644][T24978] team0: Port device team_slave_1 added
[ 2905.825130][T19346] Bluetooth: hci0: command tx timeout
[ 2905.887359][T24978] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2905.905094][T24978] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2905.976612][T24978] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2906.031864][T24978] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2906.060492][T24978] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2906.248066][T24978] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2906.333329][T25018] macvtap1: entered allmulticast mode
[ 2906.372937][T25018] veth0_macvtap: entered allmulticast mode
[ 2906.860325][T24978] hsr_slave_0: entered promiscuous mode
[ 2906.875229][T24978] hsr_slave_1: entered promiscuous mode
[ 2906.900856][T24978] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2906.908650][T24978] Cannot create hsr debugfs directory
[ 2907.909146][T19346] Bluetooth: hci0: command tx timeout
[ 2908.300724][T24978] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2908.938557][T24978] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2909.228411][T24978] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2909.642565][T15987] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[ 2909.651572][T15987] Bluetooth: hci4: Injecting HCI hardware error event
[ 2909.661326][T19346] Bluetooth: hci4: hardware error 0x00
[ 2910.088009][T15987] Bluetooth: hci0: command tx timeout
[ 2913.085380][T24978] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2913.254911][ T1210] usb 7-1: new high-speed USB device number 62 using dummy_hcd
[ 2913.454450][ T1210] usb 7-1: Using ep0 maxpacket: 16
[ 2913.475013][ T1210] usb 7-1: config 0 has an invalid interface number: 148 but max is 0
[ 2913.475061][ T1210] usb 7-1: config 0 has no interface number 0
[ 2913.475182][ T1210] usb 7-1: config 0 interface 148 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[ 2913.475280][ T1210] usb 7-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[ 2913.475305][ T1210] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2913.484645][ T1210] usb 7-1: config 0 descriptor??
[ 2915.114623][T19346] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[ 2915.268790][T24978] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 2915.336324][T24978] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 2915.374494][T24978] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 2915.404438][T24978] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 2915.695112][T24978] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2915.769185][T24978] 8021q: adding VLAN 0 to HW filter on device team0
[ 2915.791865][T24845] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2915.799134][T24845] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2915.851395][ T7723] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2915.858678][ T7723] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2916.204439][T21245] usb 7-1: USB disconnect, device number 62
[ 2916.627353][T25094] macvtap2: entered allmulticast mode
[ 2917.070150][T24978] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2918.075408][T24978] veth0_vlan: entered promiscuous mode
[ 2918.129208][T24978] veth1_vlan: entered promiscuous mode
[ 2918.236817][T25112] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4909'.
[ 2918.415693][T24978] veth0_macvtap: entered promiscuous mode
[ 2918.448502][T24978] veth1_macvtap: entered promiscuous mode
[ 2918.525710][T24978] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2918.569788][T24978] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2918.635391][T24978] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2918.670522][T24978] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2918.711634][T24978] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2918.722560][T24978] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2919.050002][T24847] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2919.088843][T24847] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2919.208645][ T7723] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2919.232849][T25131] batman_adv: batadv0: Adding interface: dummy0
[ 2919.242539][ T7723] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2919.273466][T25131] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2919.314340][T25131] batman_adv: batadv0: Interface activated: dummy0
[ 2919.358680][T25131] batadv0: mtu less than device minimum
[ 2919.413952][T25136] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 2919.424419][T25131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 2919.437105][T25131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 2919.449204][T25131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 2919.461239][T25131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 2919.473302][T25131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 2919.485391][T25131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 2919.497480][T25131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 2919.509564][T25131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 2920.622209][T25148] hub 9-0:1.0: USB hub found
[ 2920.629922][T25148] hub 9-0:1.0: 1 port detected
[ 2920.881573][T25155] pim6reg: entered allmulticast mode
[ 2921.293398][T25172] netlink: 'syz.2.4921': attribute type 1 has an invalid length.
[ 2921.394059][T25172] netlink: 'syz.2.4921': attribute type 4 has an invalid length.
[ 2921.459550][T25172] netlink: 15334 bytes leftover after parsing attributes in process `syz.2.4921'.
[ 2922.005974][T19346] Bluetooth: hci1: unexpected event for opcode 0x2040
[ 2922.112765][T22410] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 2922.124285][T22410] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 2922.152115][T22410] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 2922.164881][T22410] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 2922.191861][T12321] bond0: (slave syz_tun): Releasing backup interface
[ 2922.199873][T22410] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 2923.888963][T25205] team0 (unregistering): Port device team_slave_0 removed
[ 2923.923047][T25205] team0 (unregistering): Port device team_slave_1 removed
[ 2924.179218][T25229] batadv_slave_0: entered promiscuous mode
[ 2924.217166][T25229] syz_tun: entered promiscuous mode
[ 2924.334809][T19346] Bluetooth: hci3: command tx timeout
[ 2928.162231][T19346] Bluetooth: hci3: command tx timeout
[ 2928.200023][T10784] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2928.799459][T10784] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2929.086861][T16513] usb 8-1: new low-speed USB device number 50 using dummy_hcd
[ 2929.163922][T10784] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2929.246122][T16513] usb 8-1: config 0 has an invalid interface number: 55 but max is 0
[ 2929.293631][T16513] usb 8-1: config 0 has no interface number 0
[ 2929.299874][T16513] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 2929.311800][T16513] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[ 2929.329024][T16513] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 2929.351448][T16513] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[ 2929.373696][T16513] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[ 2929.388470][T16513] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 2929.410145][T16513] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 2929.418305][T25255] bridge_slave_0: left allmulticast mode
[ 2929.431689][T16513] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2929.457315][T16513] usb 8-1: config 0 descriptor??
[ 2929.460141][T25255] bridge_slave_0: left promiscuous mode
[ 2929.471351][T25262] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9)
[ 2929.471944][T25255] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2929.478001][T25262] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 2929.482763][T25247] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[ 2929.504938][T25247] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[ 2929.519557][T25262] vhci_hcd vhci_hcd.0: Device attached
[ 2929.525992][T16513] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 2929.598538][T25255] bridge_slave_1: left allmulticast mode
[ 2929.608291][T25255] bridge_slave_1: left promiscuous mode
[ 2929.616971][T25255] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2929.668502][T25263] vhci_hcd: connection closed
[ 2929.669021][T24845] vhci_hcd: stop threads
[ 2929.678275][T24845] vhci_hcd: release socket
[ 2929.688443][T24845] vhci_hcd: disconnect device
[ 2929.699744][T25255] bond0: (slave bond_slave_0): Releasing backup interface
[ 2929.721157][T25255] bond0: (slave bond_slave_1): Releasing backup interface
[ 2929.743685][ T5890] usb 37-1: new high-speed USB device number 2 using vhci_hcd
[ 2929.752554][ T5890] usb 37-1: enqueue for inactive port 0
[ 2929.839476][ T5890] vhci_hcd: vhci_device speed not set
[ 2929.914681][T25255] team0: Port device team_slave_0 removed
[ 2930.037224][T25255] team0: Port device team_slave_1 removed
[ 2930.128229][T25255] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2930.181148][T25255] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2930.223702][T22410] Bluetooth: hci3: command tx timeout
[ 2930.257939][T22410] Bluetooth: hci1: unexpected event for opcode 0x2039
[ 2930.310933][T25255] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2930.327980][T25255] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2930.658637][T10784] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2930.874246][T25195] chnl_net:caif_netlink_parms(): no params data found
[ 2931.553847][T25195] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2931.624144][T25195] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2931.634296][T25195] bridge_slave_0: entered allmulticast mode
[ 2931.662901][T25195] bridge_slave_0: entered promiscuous mode
[ 2931.704638][T25195] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2931.712370][T25195] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2931.740843][T25195] bridge_slave_1: entered allmulticast mode
[ 2931.805559][T25195] bridge_slave_1: entered promiscuous mode
[ 2932.303570][T22410] Bluetooth: hci3: command tx timeout
[ 2932.510770][T25288] syzkaller1: entered promiscuous mode
[ 2932.520196][T25288] syzkaller1: entered allmulticast mode
[ 2932.857597][T21245] usb 8-1: USB disconnect, device number 50
[ 2932.892555][T21245] ldusb 8-1:0.55: LD USB Device #0 now disconnected
[ 2933.019160][T25195] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2933.178138][T25195] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2933.430532][T25195] team0: Port device team_slave_0 added
[ 2933.461463][T25195] team0: Port device team_slave_1 added
[ 2933.478453][T10784] bridge_slave_1: left allmulticast mode
[ 2933.513398][T10784] bridge_slave_1: left promiscuous mode
[ 2933.531958][T10784] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2933.593656][T10784] bridge_slave_0: left allmulticast mode
[ 2933.599383][T10784] bridge_slave_0: left promiscuous mode
[ 2933.627965][T10784] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2934.081619][T25323] vxfs: WRONG superblock magic 00000000 at 1
[ 2934.090364][T25323] vxfs: WRONG superblock magic 00000000 at 8
[ 2934.096593][T25323] vxfs: can't find superblock.
[ 2934.604540][T22410] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[ 2934.613712][T22410] Bluetooth: hci1: Injecting HCI hardware error event
[ 2934.624307][T22410] Bluetooth: hci1: hardware error 0x00
[ 2936.708177][T22410] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[ 2937.843178][T14902] usb 3-1: new full-speed USB device number 31 using dummy_hcd
[ 2938.017652][T14902] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 2938.032067][T14902] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2938.042181][T14902] usb 3-1: config 0 interface 0 has no altsetting 0
[ 2938.061933][T14902] usb 3-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 2938.071261][T14902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2938.164861][T14902] usb 3-1: config 0 descriptor??
[ 2939.320828][T14902] hid-steam 0003:28DE:1102.001B: unknown main item tag 0x0
[ 2939.335121][T14902] hid-steam 0003:28DE:1102.001B: unknown main item tag 0x0
[ 2939.343994][T14902] hid-steam 0003:28DE:1102.001B: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.2-1/input0
[ 2939.365162][T10784] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2939.380098][T10784] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2939.391611][T10784] bond0 (unregistering): Released all slaves
[ 2939.410421][T10784] bond1 (unregistering): Released all slaves
[ 2939.417058][T14902] hid-steam 0003:28DE:1102.001B: Steam Controller 'XXXXXXXXXX' connected
[ 2939.456689][T14902] input: Steam Controller as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:28DE:1102.001B/input/input35
[ 2939.542633][T14902] hid-steam 0003:28DE:1102.001C: unknown main item tag 0x0
[ 2939.615255][T25362] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[ 2939.624714][T25362] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[ 2939.634366][T25362] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 2939.796688][T14902] hid-steam 0003:28DE:1102.001C: unknown main item tag 0x0
[ 2939.860403][T14902] hid-steam 0003:28DE:1102.001C: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.2-1/input0
[ 2940.048106][T14902] usb 3-1: USB disconnect, device number 31
[ 2940.083785][T25195] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2940.200358][T25195] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2940.226421][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2940.533602][T25195] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2940.558548][T10784] _ŠZ`Ō€@’Ć: left promiscuous mode
[ 2940.620106][T14902] hid-steam 0003:28DE:1102.001B: Steam Controller 'XXXXXXXXXX' disconnected
[ 2940.660231][T25195] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2940.685268][T25195] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2940.711269][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2940.785047][T25195] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2940.934763][T10784] tipc: Left network mode
[ 2941.252278][T25195] hsr_slave_0: entered promiscuous mode
[ 2941.261751][T25195] hsr_slave_1: entered promiscuous mode
[ 2941.295331][T25195] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2941.349239][T25195] Cannot create hsr debugfs directory
[ 2942.655752][T10784] hsr_slave_0: left promiscuous mode
[ 2942.675540][T10784] hsr_slave_1: left promiscuous mode
[ 2942.681734][T10784] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2942.697411][T10784] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2942.718743][T10784] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2942.740845][T10784] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2942.842461][T10784] veth0_macvtap: left allmulticast mode
[ 2942.867852][T10784] veth0_macvtap: left promiscuous mode
[ 2942.880558][T10784] veth1_vlan: left promiscuous mode
[ 2942.897919][T10784] veth0_vlan: left promiscuous mode
[ 2944.849314][T22410] Bluetooth: hci2: SCO packet for unknown connection handle 200
[ 2945.864776][T10784] team0 (unregistering): Port device team_slave_1 removed
[ 2945.942224][T10784] team0 (unregistering): Port device team_slave_0 removed
[ 2947.516576][T25456] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5005'.
[ 2947.843693][T10784] IPVS: stop unused estimator thread 0...
[ 2948.107671][T25464] block nbd0: NBD_DISCONNECT
[ 2948.185137][T25463] block nbd0: Disconnected due to user request.
[ 2948.191711][T25463] block nbd0: shutting down sockets
[ 2948.209673][T25464] block nbd0: Send disconnect failed -32
[ 2948.890297][T25195] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 2949.027102][T25195] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 2949.106110][T25195] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 2949.952696][T25195] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 2950.150359][T25497] netlink: 20 bytes leftover after parsing attributes in process `syz.7.5017'.
[ 2951.269881][T25195] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2951.676199][T19346] Bluetooth: hci2: command 0x0406 tx timeout
[ 2951.699288][T25195] 8021q: adding VLAN 0 to HW filter on device team0
[ 2951.755167][T25195] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 2951.767934][T25195] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 2951.800782][T10784] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2951.808062][T10784] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2951.818366][T10784] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2951.825608][T10784] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2952.418003][T25195] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2953.063731][T25522] 9pnet_virtio: no channels available for device syz
[ 2954.443288][T25195] veth0_vlan: entered promiscuous mode
[ 2954.489729][T25195] veth1_vlan: entered promiscuous mode
[ 2957.640188][T25195] veth0_macvtap: entered promiscuous mode
[ 2957.738643][T25195] veth1_macvtap: entered promiscuous mode
[ 2957.826489][T25195] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2957.870364][T25195] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2958.185328][   T30] audit: type=1800 audit(2000002456.427:238): pid=25549 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.5030" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 2958.219067][T25195] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2958.232642][T25195] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2958.481907][T25195] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2958.515395][T25195] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2959.036423][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2959.093232][T10685] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2959.143040][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2959.169346][T10685] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2959.574593][ T5206] udevd[5206]: worker [25553] terminated by signal 33 (Unknown signal 33)
[ 2959.596221][ T5206] udevd[5206]: worker [25553] failed while handling '/devices/virtual/block/loop2'
[ 2959.842335][T21245] usb 3-1: new low-speed USB device number 32 using dummy_hcd
[ 2959.963187][T25567] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 2960.028526][T21245] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[ 2960.321921][T21245] usb 3-1: config 0 has no interface number 0
[ 2960.353115][T21245] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 2960.373040][T21245] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[ 2960.402127][T21245] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 2960.425973][T21245] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[ 2960.499095][T21245] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[ 2961.001868][T21245] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 2961.044433][T21245] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 2961.072676][T25577] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22)
[ 2961.091838][T21245] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2961.117239][T21245] usb 3-1: config 0 descriptor??
[ 2961.136837][T25564] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 2961.144699][T25564] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 2961.170496][T21245] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 2961.394430][T21245] usb 3-1: USB disconnect, device number 32
[ 2961.431311][T21245] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[ 2962.777101][T25591] binder: 25588:25591 ioctl c0306201 200000000240 returned -14
[ 2964.242069][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 2964.248442][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 2964.603649][T25369] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[ 2965.474481][T25369] usb 3-1: Using ep0 maxpacket: 8
[ 2965.492534][T25369] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2965.511404][T25369] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2965.538211][T25369] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2965.569919][T25369] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2965.661586][T25369] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 2965.698453][T25369] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2966.109911][T25369] usb 3-1: GET_CAPABILITIES returned 0
[ 2967.127511][T25369] usbtmc 3-1:16.0: can't read capabilities
[ 2967.499985][T25369] usb 3-1: USB disconnect, device number 33
[ 2975.543906][   T30] audit: type=1326 audit(2000002473.798:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25693 comm="syz.3.5084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49ba38e929 code=0x7ffc0000
[ 2975.574958][   T30] audit: type=1326 audit(2000002473.828:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25693 comm="syz.3.5084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f49ba38e929 code=0x7ffc0000
[ 2975.611979][   T30] audit: type=1326 audit(2000002473.828:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25693 comm="syz.3.5084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49ba38e929 code=0x7ffc0000
[ 2975.712825][T19346] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 2975.764138][   T30] audit: type=1326 audit(2000002473.828:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25693 comm="syz.3.5084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49ba38e929 code=0x7ffc0000
[ 2975.811205][T19346] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 2975.821189][T19346] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 2975.835255][T19346] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 2975.844312][T19346] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 2977.901102][T19346] Bluetooth: hci5: command tx timeout
[ 2978.519443][T25701] chnl_net:caif_netlink_parms(): no params data found
[ 2978.900845][T25369] usb 4-1: new low-speed USB device number 52 using dummy_hcd
[ 2979.063055][T25369] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[ 2979.084324][T25369] usb 4-1: config 0 has no interface number 0
[ 2979.113208][T25543] net_ratelimit: 12 callbacks suppressed
[ 2979.113225][T25543] Set syz1 is full, maxelem 65536 reached
[ 2979.120389][T25369] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 2979.198086][T25369] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[ 2979.231322][T25369] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 2979.243767][T25369] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[ 2979.275005][T25369] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[ 2979.292512][T25369] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 2979.305850][T25369] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 2979.327545][T25369] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2979.345592][T25369] usb 4-1: config 0 descriptor??
[ 2979.358433][T25724] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 2979.366727][T25724] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 2979.389277][T25701] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2979.397138][T25369] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 2979.418763][T25701] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2979.437109][T25701] bridge_slave_0: entered allmulticast mode
[ 2979.459283][T25701] bridge_slave_0: entered promiscuous mode
[ 2979.686238][T25701] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2979.769807][T25701] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2979.993668][T19346] Bluetooth: hci5: command tx timeout
[ 2980.031042][T25701] bridge_slave_1: entered allmulticast mode
[ 2980.052256][T25701] bridge_slave_1: entered promiscuous mode
[ 2981.260729][T19346] Bluetooth: hci2: command 0x0406 tx timeout
[ 2981.266849][T25737] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[ 2981.432338][T25701] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2981.604509][T25701] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2981.901884][T25737] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 2981.968707][T25730] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2982.310555][T19346] Bluetooth: hci5: command tx timeout
[ 2982.341015][T25737] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 2982.360628][T25730] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[ 2982.570790][ T5889] usb 4-1: USB disconnect, device number 52
[ 2982.617071][ T5889] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[ 2982.850684][T25737] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 2982.888488][T25701] team0: Port device team_slave_0 added
[ 2982.905359][T25737] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2982.921578][T25737] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 2982.946092][T25737] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 2982.985174][T25701] team0: Port device team_slave_1 added
[ 2983.370604][T19346] Bluetooth: hci3: command 0x0c1a tx timeout
[ 2984.050796][T25701] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2984.062169][T25701] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2984.088742][T25701] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2984.102457][T25701] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2984.109429][T25701] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2984.148192][T25701] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2984.415139][T25730] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 2984.436221][T25701] hsr_slave_0: entered promiscuous mode
[ 2984.442102][T25730] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[ 2984.461940][T25701] hsr_slave_1: entered promiscuous mode
[ 2984.477028][T25701] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2984.493901][T25701] Cannot create hsr debugfs directory
[ 2984.621880][T25730] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2984.627848][T25730] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[ 2985.204512][T25788] netlink: 56 bytes leftover after parsing attributes in process `syz.2.5107'.
[ 2985.222840][T25788] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5107'.
[ 2985.254279][T25788] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5107'.
[ 2987.801496][T25819] can0: slcan on pty24.
[ 2988.205726][T25811] can0 (unregistered): slcan off pty24.
[ 2989.168960][T25701] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 2989.463631][T25701] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 2990.025194][T25701] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 2990.055897][T25701] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 2992.177234][T25701] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2992.303785][T25701] 8021q: adding VLAN 0 to HW filter on device team0
[ 2992.465158][ T7722] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2992.472519][ T7722] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2992.553968][ T7722] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2992.561224][ T7722] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2993.419666][T25866] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5128'.
[ 2993.447316][T25866] netlink: 'syz.6.5128': attribute type 15 has an invalid length.
[ 2993.603735][T25866] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 2993.614130][T25866] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 2993.623663][T25866] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 2993.634914][T25866] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 2993.746166][T25866] vxlan0: entered promiscuous mode
[ 2993.841992][T25701] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 2994.905492][T25701] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2995.439845][T21307] usb 3-1: new full-speed USB device number 34 using dummy_hcd
[ 2995.623911][T21307] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 2995.645174][T21307] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2995.658427][T21307] usb 3-1: config 0 interface 0 has no altsetting 0
[ 2995.686822][T21307] usb 3-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 2995.706618][T21307] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2995.727767][T21307] usb 3-1: config 0 descriptor??
[ 2996.764693][T21307] usbhid 3-1:0.0: can't add hid device: -71
[ 2996.773725][T21307] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 2996.784361][T21307] usb 3-1: USB disconnect, device number 34
[ 2997.021483][T25909] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(3)
[ 2997.028092][T25909] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 2997.099241][T25909] vhci_hcd vhci_hcd.0: Device attached
[ 2997.113981][T25701] veth0_vlan: entered promiscuous mode
[ 2998.112337][T25915] team0: No ports can be present during mode change
[ 2998.138602][T21307] usb 45-1: new high-speed USB device number 2 using vhci_hcd
[ 2998.314127][T25701] veth1_vlan: entered promiscuous mode
[ 3000.458330][T25701] veth0_macvtap: entered promiscuous mode
[ 3000.534510][T25912] vhci_hcd: connection reset by peer
[ 3000.570612][T25926] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5142'.
[ 3000.580164][T25926] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5142'.
[ 3000.811619][ T7723] vhci_hcd: stop threads
[ 3001.764000][ T7723] vhci_hcd: release socket
[ 3001.768645][ T7723] vhci_hcd: disconnect device
[ 3002.282731][T25701] veth1_macvtap: entered promiscuous mode
[ 3002.304819][T25701] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 3002.317811][T25701] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 3002.344920][T25930] block nbd3: NBD_DISCONNECT
[ 3002.350513][T25701] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3002.391151][T25701] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3002.472050][T25701] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3002.515923][T25701] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3002.954793][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 3002.986823][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 3003.021277][T21571] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 3003.034778][T21571] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 3003.361849][T25945] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5150'.
[ 3003.828575][ T5890] usb 7-1: new full-speed USB device number 63 using dummy_hcd
[ 3003.992594][ T5890] usb 7-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 3004.161040][ T5890] usb 7-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3004.170921][ T5890] usb 7-1: config 0 interface 0 has no altsetting 0
[ 3004.177625][ T5890] usb 7-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 3004.190975][ T5890] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3004.202945][ T5890] usb 7-1: config 0 descriptor??
[ 3004.623877][ T5890] usbhid 7-1:0.0: can't add hid device: -71
[ 3004.648363][ T5890] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 3005.017215][T25973] random: crng reseeded on system resumption
[ 3005.675536][T21307] vhci_hcd: vhci_device speed not set
[ 3005.712432][ T5890] usb 7-1: USB disconnect, device number 63
[ 3006.867485][T25993] netlink: 20 bytes leftover after parsing attributes in process `syz.6.5163'.
[ 3008.022666][T26012] can0: slcan on pty20.
[ 3008.113104][   T30] audit: type=1804 audit(2000002506.320:243): pid=26012 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.5168" name="/newroot/331/bus" dev="tmpfs" ino=1772 res=1 errno=0
[ 3008.258845][T26016] netlink: 20 bytes leftover after parsing attributes in process `syz.8.5169'.
[ 3010.855976][T26006] can0 (unregistered): slcan off pty20.
[ 3012.935104][T12988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 3012.946482][T12988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 3014.237434][T26083] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3014.247204][T26083] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3014.643608][T26083] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 3014.657676][T26083] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 3015.235108][T26096] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5194'.
[ 3016.132768][T26083] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 3016.146372][T26083] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 3016.146410][T26083] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 3016.167591][T26083] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 3016.653105][T26107] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5198'.
[ 3016.682303][T26083] netdevsim netdevsim6 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[ 3016.695779][T26083] netdevsim netdevsim6 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[ 3016.708783][T26083] netdevsim netdevsim6 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[ 3016.717689][T26083] netdevsim netdevsim6 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[ 3016.735111][T26083] vxlan0: left promiscuous mode
[ 3016.994152][T26097] syzkaller1: entered promiscuous mode
[ 3017.003393][T26097] syzkaller1: entered allmulticast mode
[ 3017.339108][T21245] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[ 3017.569320][T21245] usb 9-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 3017.661384][T21245] usb 9-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 3017.727843][T21245] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 3017.747980][T21245] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3017.823224][T21245] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[ 3017.902211][T21245] snd-usb-audio 9-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 3020.117707][T26141] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5207'.
[ 3022.378357][T10573] usb 9-1: USB disconnect, device number 13
[ 3023.105202][T26179] 9pnet_virtio: no channels available for device syz
[ 3025.663563][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 3027.266891][T26238] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[ 3027.273648][T26238] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 3027.281690][T26238] vhci_hcd vhci_hcd.0: Device attached
[ 3027.632941][T26239] vhci_hcd: connection closed
[ 3027.688538][ T7723] vhci_hcd: stop threads
[ 3027.752520][ T7723] vhci_hcd: release socket
[ 3027.807546][ T7723] vhci_hcd: disconnect device
[ 3027.828483][ T5889] usb 37-1: new high-speed USB device number 3 using vhci_hcd
[ 3027.915439][ T5889] usb 37-1: enqueue for inactive port 0
[ 3028.068282][ T5889] vhci_hcd: vhci_device speed not set
[ 3032.176710][T26308] overlayfs: overlapping lowerdir path
[ 3036.662769][T10685] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3037.969304][T10685] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3038.506656][T10685] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3040.107810][T26392] 9pnet: Could not find request transport: Kdę)W

[ 3040.135771][T10685] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3040.879496][T10685] bridge_slave_1: left allmulticast mode
[ 3040.912799][T10685] bridge_slave_1: left promiscuous mode
[ 3040.936310][T10685] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3041.169038][T10685] bridge_slave_0: left allmulticast mode
[ 3041.188004][T10685] bridge_slave_0: left promiscuous mode
[ 3041.195365][T10685] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3041.507642][T26418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5292'.
[ 3042.100623][T10573] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[ 3042.417242][T10573] usb 9-1: Using ep0 maxpacket: 16
[ 3045.694436][T10573] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 3045.703211][T10573] usb 9-1: unable to read config index 0 descriptor/start: -71
[ 3045.727098][T10573] usb 9-1: can't read configurations, error -71
[ 3045.912979][T10685] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3045.926108][T10685] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3045.940813][T10685] bond0 (unregistering): Released all slaves
[ 3048.120425][T10685] hsr_slave_0: left promiscuous mode
[ 3048.179092][T10685] hsr_slave_1: left promiscuous mode
[ 3048.364530][T10685] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 3048.400265][T10685] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 3048.454746][T26472] Bluetooth: MGMT ver 1.23
[ 3048.497996][T10685] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 3048.505482][T10685] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 3048.737624][T10685] veth1_macvtap: left promiscuous mode
[ 3048.762743][T10685] veth0_macvtap: left promiscuous mode
[ 3048.793052][T10685] veth1_vlan: left promiscuous mode
[ 3048.815341][T10685] veth0_vlan: left promiscuous mode
[ 3051.942619][T10685] team0 (unregistering): Port device team_slave_1 removed
[ 3052.000638][T10685] team0 (unregistering): Port device team_slave_0 removed
[ 3053.250398][T26520] random: crng reseeded on system resumption
[ 3061.623601][T26589] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[ 3061.630165][T26589] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 3061.638042][T26589] vhci_hcd vhci_hcd.0: Device attached
[ 3061.711035][T26591] 9pnet: Could not find request transport: Kdę)W

[ 3061.916915][T25369] usb 39-1: new high-speed USB device number 3 using vhci_hcd
[ 3062.454566][T26590] vhci_hcd: connection reset by peer
[ 3062.618701][T21571] vhci_hcd: stop threads
[ 3062.660545][T21571] vhci_hcd: release socket
[ 3062.695148][T21571] vhci_hcd: disconnect device
[ 3063.332112][T26611] loop6: detected capacity change from 0 to 524287999
[ 3063.440030][T26612] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5345'.
[ 3063.981161][T26606] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5341'.
[ 3065.446037][T14902] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[ 3065.595968][T14902] usb 4-1: Using ep0 maxpacket: 32
[ 3065.608017][T14902] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3065.637485][T14902] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3065.674180][T14902] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 3065.691400][T14902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3065.723531][T14902] usb 4-1: config 0 descriptor??
[ 3066.210248][T14902] savu 0003:1E7D:2D5A.001D: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[ 3066.469821][T14902] usb 4-1: USB disconnect, device number 53
[ 3067.088742][T25369] vhci_hcd: vhci_device speed not set
[ 3067.875790][T25744] usb 3-1: new full-speed USB device number 35 using dummy_hcd
[ 3068.830801][T25744] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[ 3068.846963][T25744] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[ 3068.858433][T25744] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[ 3068.869711][T25744] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[ 3068.887501][T25744] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[ 3068.901180][T25744] usb 3-1: config 0 interface 0 has no altsetting 0
[ 3068.911941][T25744] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[ 3068.922191][T25744] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[ 3068.931232][T25744] usb 3-1: Product: syz
[ 3068.935436][T25744] usb 3-1: Manufacturer: syz
[ 3068.940150][T26660] block nbd3: NBD_DISCONNECT
[ 3068.947668][T25744] usb 3-1: SerialNumber: syz
[ 3068.953681][T26660] block nbd3: Disconnected due to user request.
[ 3068.961017][T25744] usb 3-1: config 0 descriptor??
[ 3068.966802][T26660] block nbd3: shutting down sockets
[ 3068.976030][T26646] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 3068.985013][T25744] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[ 3069.002997][T25744] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 3069.310985][T25744] usb 3-1: USB disconnect, device number 35
[ 3069.403051][T25744] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[ 3070.130901][T26669] tipc: Started in network mode
[ 3070.136566][T26669] tipc: Node identity 7f000001, cluster identity 4711
[ 3070.148495][T26669] tipc: Enabled bearer <udp:syz2>, priority 10
[ 3070.234418][T26674] netlink: 256 bytes leftover after parsing attributes in process `syz.0.5366'.
[ 3070.252258][T26674] ksmbd: Unknown IPC event: 0, ignore.
[ 3071.353562][ T5890] tipc: Node number set to 2130706433
[ 3071.402085][T26682] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[ 3071.517399][T26684] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5369'.
[ 3072.681376][T26690] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[ 3073.882707][T26707] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5377'.
[ 3074.354843][T26712] tipc: Started in network mode
[ 3074.363787][T26712] tipc: Node identity 7f000001, cluster identity 4711
[ 3074.393844][T26712] tipc: Enabled bearer <udp:syz2>, priority 10
[ 3075.025664][T26721] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[ 3075.387667][T19646] tipc: Node number set to 2130706433
[ 3077.481050][T26737] hub 2-0:1.0: USB hub found
[ 3077.504771][T26737] hub 2-0:1.0: 1 port detected
[ 3078.840659][T10685] bridge_slave_1: left allmulticast mode
[ 3078.851990][T10685] bridge_slave_1: left promiscuous mode
[ 3078.888662][T10685] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3078.939688][T10685] bridge_slave_0: left allmulticast mode
[ 3078.972507][T10685] bridge_slave_0: left promiscuous mode
[ 3078.984167][T10685] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3080.958087][T26764] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5394'.
[ 3082.136927][T26780] 9pnet_virtio: no channels available for device syz
[ 3082.842308][T10685] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3082.854001][T10685] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3082.866050][T10685] bond0 (unregistering): Released all slaves
[ 3082.953497][T26763] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5394'.
[ 3084.187906][T26793] block nbd2: NBD_DISCONNECT
[ 3084.200272][T26793] block nbd2: Disconnected due to user request.
[ 3084.219575][T26793] block nbd2: shutting down sockets
[ 3087.098122][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 3087.785449][T25369] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[ 3087.925093][T25369] usb 4-1: device descriptor read/64, error -71
[ 3087.937783][T26835] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[ 3087.944955][T26835] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 3087.954026][T26835] vhci_hcd vhci_hcd.0: Device attached
[ 3088.616460][T25369] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[ 3089.464665][T26836] vhci_hcd: connection closed
[ 3089.554789][T24672] vhci_hcd: stop threads
[ 3089.573398][T24672] vhci_hcd: release socket
[ 3089.600530][T24672] vhci_hcd: disconnect device
[ 3089.655224][T25367] usb 33-1: new high-speed USB device number 2 using vhci_hcd
[ 3089.662887][T25367] usb 33-1: enqueue for inactive port 0
[ 3090.045195][T25367] vhci_hcd: vhci_device speed not set
[ 3090.114591][T25369] usb 4-1: device descriptor read/64, error -71
[ 3090.225833][T25369] usb usb4-port1: attempt power cycle
[ 3090.564479][T25369] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[ 3090.839679][T25369] usb 4-1: device not accepting address 56, error -71
[ 3091.184642][T25369] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[ 3091.205442][T25369] usb 4-1: Using ep0 maxpacket: 32
[ 3091.212117][T25369] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3091.223306][T25369] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3091.235890][T25369] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 3091.257833][T25369] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3091.269206][T25369] usb 4-1: config 0 descriptor??
[ 3091.688511][T25369] savu 0003:1E7D:2D5A.001E: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[ 3092.002913][ T5889] usb 4-1: USB disconnect, device number 57
[ 3093.014816][T25367] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[ 3093.164425][T25367] usb 4-1: Using ep0 maxpacket: 8
[ 3093.170967][T25367] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 3093.179706][T25367] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 3093.193330][T25367] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 3093.203349][T25367] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 3093.213340][T25367] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 3093.226441][T25367] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 3093.235604][T25367] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3093.450121][T25367] usb 4-1: usb_control_msg returned -32
[ 3093.456166][T25367] usbtmc 4-1:16.0: can't read capabilities
[ 3094.390483][T26902] Invalid source name
[ 3094.400116][T26902] UBIFS error (pid: 26902): cannot open "y", error -22
[ 3095.561767][T26910] can0: slcan on pty24.
[ 3095.851031][T25367] usb 4-1: USB disconnect, device number 58
[ 3096.424143][T26907] can0 (unregistered): slcan off pty24.
[ 3098.893066][T26931] syz_tun: entered allmulticast mode
[ 3099.037577][   T30] audit: type=1326 audit(2000002603.297:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26930 comm="syz.0.5446" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f50e078e929 code=0x0
[ 3099.164081][T25367] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[ 3099.304599][T25367] usb 3-1: device descriptor read/64, error -71
[ 3099.544162][T25367] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[ 3099.683962][T25367] usb 3-1: device descriptor read/64, error -71
[ 3099.717172][T26930] syz_tun: left allmulticast mode
[ 3099.795493][T25367] usb usb3-port1: attempt power cycle
[ 3100.162863][T25367] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[ 3100.552983][   T30] audit: type=1804 audit(2000002604.377:245): pid=26943 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.5448" name="/newroot/403/bus/bus" dev="overlay" ino=2169 res=1 errno=0
[ 3100.585959][T25367] usb 3-1: device descriptor read/8, error -71
[ 3100.603145][   T30] audit: type=1804 audit(2000002604.407:246): pid=26943 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.5448" name="/newroot/403/bus/bus" dev="overlay" ino=2169 res=1 errno=0
[ 3100.669385][T26945] : entered promiscuous mode
[ 3100.834212][T25367] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[ 3100.872938][T25367] usb 3-1: device descriptor read/8, error -71
[ 3101.014000][T25367] usb usb3-port1: unable to enumerate USB device
[ 3102.654058][T26957] netlink: 'syz.3.5454': attribute type 1 has an invalid length.
[ 3102.661851][T26957] netlink: 224 bytes leftover after parsing attributes in process `syz.3.5454'.
[ 3103.112545][T26963] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[ 3106.993735][T25367] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[ 3107.807305][T25367] usb 3-1: Using ep0 maxpacket: 32
[ 3107.844685][T25367] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3107.883593][T25367] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3107.924940][T25367] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 3107.959977][T25367] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3108.027602][T25367] usb 3-1: config 0 descriptor??
[ 3108.271347][T26990] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[ 3108.277903][T26990] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 3108.293138][T26990] vhci_hcd vhci_hcd.0: Device attached
[ 3108.530289][T25369] usb 33-1: new high-speed USB device number 3 using vhci_hcd
[ 3108.651550][T25367] savu 0003:1E7D:2D5A.001F: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[ 3108.872189][T19646] usb 3-1: USB disconnect, device number 40
[ 3109.713663][T26991] vhci_hcd: connection reset by peer
[ 3109.756316][ T7722] vhci_hcd: stop threads
[ 3109.789764][ T7722] vhci_hcd: release socket
[ 3109.843802][ T7722] vhci_hcd: disconnect device
[ 3111.746725][   T30] audit: type=1804 audit(2000002616.007:247): pid=27015 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.5473" name="/newroot/300/bus/bus" dev="overlay" ino=1595 res=1 errno=0
[ 3111.816464][   T30] audit: type=1804 audit(2000002616.077:248): pid=27015 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.5473" name="/newroot/300/bus/bus" dev="overlay" ino=1595 res=1 errno=0
[ 3113.644515][T25369] vhci_hcd: vhci_device speed not set
[ 3114.236986][   T30] audit: type=1326 audit(2000002618.497:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27043 comm="syz.2.5482" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90cb8e929 code=0x0
[ 3115.268491][T27067] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 3115.601510][T27072] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5489'.
[ 3116.977816][T27080] virtio-fs: tag <c:::> not found
[ 3117.683155][   T30] audit: type=1804 audit(2000002621.928:250): pid=27090 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.5496" name="/newroot/307/bus/bus" dev="overlay" ino=1641 res=1 errno=0
[ 3118.047266][T27094] overlayfs: missing 'lowerdir'
[ 3119.475609][T27115] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 3119.485194][T27115] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 3121.117064][T27128] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:16x16 (0x38414261, 8, 0, 0, 0)
[ 3121.287446][T27130] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 3121.296478][T27130] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 3123.722624][ T5889] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[ 3123.835049][T27160] netlink: 'syz.0.5522': attribute type 1 has an invalid length.
[ 3123.859098][T27160] netlink: 224 bytes leftover after parsing attributes in process `syz.0.5522'.
[ 3123.902992][ T5889] usb 3-1: Using ep0 maxpacket: 32
[ 3123.915828][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3123.928192][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3123.938091][ T5889] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 3123.947782][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3123.998287][ T5889] usb 3-1: config 0 descriptor??
[ 3124.024525][T27167] syz_tun: entered allmulticast mode
[ 3124.141346][   T30] audit: type=1326 audit(2000002628.398:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27166 comm="syz.0.5524" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f50e078e929 code=0x0
[ 3124.243894][T27169] syz_tun: left allmulticast mode
[ 3124.441289][ T5889] savu 0003:1E7D:2D5A.0020: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[ 3126.513296][T25367] usb 3-1: reset high-speed USB device number 41 using dummy_hcd
[ 3127.356792][T19646] usb 3-1: USB disconnect, device number 41
[ 3127.549775][T27202] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 3128.001414][   T30] audit: type=1326 audit(2000002632.188:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27210 comm="syz.2.5538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3128.193913][   T30] audit: type=1326 audit(2000002632.188:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27210 comm="syz.2.5538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3128.194114][   T30] audit: type=1326 audit(2000002632.208:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27210 comm="syz.2.5538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3128.194313][   T30] audit: type=1326 audit(2000002632.208:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27210 comm="syz.2.5538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3128.194498][   T30] audit: type=1326 audit(2000002632.208:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27210 comm="syz.2.5538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3128.194691][   T30] audit: type=1326 audit(2000002632.208:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27210 comm="syz.2.5538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3128.194867][   T30] audit: type=1326 audit(2000002632.208:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27210 comm="syz.2.5538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3128.195015][   T30] audit: type=1326 audit(2000002632.208:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27210 comm="syz.2.5538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3128.195144][   T30] audit: type=1326 audit(2000002632.218:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27210 comm="syz.2.5538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3129.166703][T27227] overlayfs: failed to resolve './file1/file0': -2
[ 3129.256520][T25744] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[ 3129.313585][T27230] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5543'.
[ 3129.472443][T25744] usb 4-1: Using ep0 maxpacket: 32
[ 3129.498486][T25744] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3129.511841][T25744] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3129.535127][T25744] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 3129.550259][T25744] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3129.575456][T25744] usb 4-1: config 0 descriptor??
[ 3130.043138][T25744] savu 0003:1E7D:2D5A.0021: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[ 3131.261225][T27254] overlayfs: failed to resolve './file1/file0': -2
[ 3131.464234][T19646] usb 4-1: reset high-speed USB device number 59 using dummy_hcd
[ 3131.788560][T27263] 9pnet_fd: Insufficient options for proto=fd
[ 3132.257591][T27268] 9pnet_virtio: no channels available for device syz
[ 3133.323087][T27279] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:16x16 (0x38414261, 8, 0, 0, 0)
[ 3134.296136][T25367] usb 4-1: USB disconnect, device number 59
[ 3134.421619][T27287] overlayfs: failed to resolve './file1/file0': -2
[ 3135.162110][T27289] syz.0.5562 (27289): drop_caches: 2
[ 3135.170316][T27289] syz.0.5562 (27289): drop_caches: 2
[ 3135.828160][T27297] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5567'.
[ 3135.855692][T27297] netlink: 'syz.0.5567': attribute type 7 has an invalid length.
[ 3135.872983][T27297] netlink: 'syz.0.5567': attribute type 8 has an invalid length.
[ 3135.880848][T27297] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5567'.
[ 3135.927572][T27297] ip6gretap0: entered promiscuous mode
[ 3135.934934][T27297] syz_tun: entered promiscuous mode
[ 3135.942168][T27297] ip6gretap0: left promiscuous mode
[ 3135.962214][T27297] syz_tun: left promiscuous mode
[ 3136.421956][T25367] usb 3-1: new low-speed USB device number 42 using dummy_hcd
[ 3136.479223][T27307] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5568'.
[ 3137.304195][T25367] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[ 3137.317735][T25367] usb 3-1: config 0 has no interface number 0
[ 3137.358936][T25367] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 3137.391927][T25367] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[ 3137.403286][T25367] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 3137.415046][T25367] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[ 3137.430369][T25367] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[ 3137.449806][T25367] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 3137.463215][T25367] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 3137.472911][T25367] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3137.488586][T25367] usb 3-1: config 0 descriptor??
[ 3137.494810][T27304] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 3137.502264][T27304] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 3137.512300][T25367] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 3137.719060][ T5889] usb 3-1: USB disconnect, device number 42
[ 3137.729698][ T5889] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[ 3137.738131][T27316] overlayfs: overlapping lowerdir path
[ 3137.811841][ T5890] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[ 3137.971866][ T5890] usb 4-1: Using ep0 maxpacket: 8
[ 3137.978694][ T5890] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 3137.992196][ T5890] usb 4-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 3138.010927][ T5890] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 3138.021088][ T5890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3138.043959][ T5890] usbtmc 4-1:16.0: bulk endpoints not found
[ 3140.886952][T27334] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5578'.
[ 3141.007529][T27334] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5578'.
[ 3141.180443][T27334] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5578'.
[ 3141.227342][ T5890] usb 4-1: USB disconnect, device number 60
[ 3141.563062][T27343] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[ 3141.570085][T27343] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 3141.579281][T27343] vhci_hcd vhci_hcd.0: Device attached
[ 3141.852652][ T5890] usb 33-1: new high-speed USB device number 4 using vhci_hcd
[ 3142.812978][T27344] vhci_hcd: connection reset by peer
[ 3142.826723][T24854] vhci_hcd: stop threads
[ 3142.831152][T24854] vhci_hcd: release socket
[ 3142.835842][T24854] vhci_hcd: disconnect device
[ 3142.986656][T27350] overlayfs: overlapping lowerdir path
[ 3143.545209][T27357] 9pnet_virtio: no channels available for device syz
[ 3145.405628][T27381] overlayfs: overlapping lowerdir path
[ 3146.739244][T27395] dvmrp1: entered allmulticast mode
[ 3147.013869][ T5890] vhci_hcd: vhci_device speed not set
[ 3147.054128][T27410] overlayfs: overlapping lowerdir path
[ 3147.289765][T27421] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5606'.
[ 3148.226891][T27425] 9pnet: Could not find request transport: Kdę)W

[ 3148.259112][T27429] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5608'.
[ 3148.268427][T27429] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5608'.
[ 3148.389191][T27431] No source specified
[ 3148.539752][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 3148.604478][T27440] overlayfs: overlapping lowerdir path
[ 3148.898642][T27446] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5615'.
[ 3148.947379][T27447] block nbd3: NBD_DISCONNECT
[ 3149.759975][T27447] block nbd3: Disconnected due to user request.
[ 3149.782987][T27447] block nbd3: shutting down sockets
[ 3150.169945][T27452] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10)
[ 3150.176616][T27452] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 3150.184840][T27452] vhci_hcd vhci_hcd.0: Device attached
[ 3150.368009][T27454] vhci_hcd: connection closed
[ 3150.385472][T24672] vhci_hcd: stop threads
[ 3150.525691][T24672] vhci_hcd: release socket
[ 3150.551479][T19646] usb 33-1: new high-speed USB device number 5 using vhci_hcd
[ 3150.592171][T24672] vhci_hcd: disconnect device
[ 3151.340556][T27456] 9pnet: Could not find request transport: Kdę)W

[ 3153.641119][T27486] block nbd2: NBD_DISCONNECT
[ 3153.695719][T27486] block nbd2: Disconnected due to user request.
[ 3153.705072][T27486] block nbd2: shutting down sockets
[ 3154.075665][T27488] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5627'.
[ 3154.087779][T27488] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5627'.
[ 3154.100921][T27488] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5627'.
[ 3155.871374][T19646] vhci_hcd: vhci_device speed not set
[ 3162.434997][T27551] TCP: TCP_TX_DELAY enabled
[ 3162.440709][T27551] program syz.3.5645 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 3163.429214][T27561] 9pnet: Could not find request transport: fd0x0000000000000003
[ 3164.860299][   T30] kauditd_printk_skb: 130 callbacks suppressed
[ 3164.860354][   T30] audit: type=1326 audit(2000002670.118:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27570 comm="syz.2.5652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3165.640292][   T30] audit: type=1326 audit(2000002670.158:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27570 comm="syz.2.5652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3165.719409][   T30] audit: type=1326 audit(2000002670.158:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27570 comm="syz.2.5652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3165.743091][   T30] audit: type=1326 audit(2000002670.158:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27570 comm="syz.2.5652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3165.764840][   T30] audit: type=1326 audit(2000002670.158:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27570 comm="syz.2.5652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3165.787000][   T30] audit: type=1326 audit(2000002670.158:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27570 comm="syz.2.5652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3165.906692][T27573] hub 2-0:1.0: USB hub found
[ 3165.914863][T27573] hub 2-0:1.0: 1 port detected
[ 3165.933960][   T30] audit: type=1326 audit(2000002670.158:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27570 comm="syz.2.5652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3166.250064][   T30] audit: type=1326 audit(2000002670.158:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27570 comm="syz.2.5652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3166.454723][   T30] audit: type=1326 audit(2000002670.158:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27570 comm="syz.2.5652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3166.723150][   T30] audit: type=1326 audit(2000002670.158:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27570 comm="syz.2.5652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90cb8e929 code=0x7ffc0000
[ 3168.286048][T25367] libceph: connect (1)[c::]:6789 error -101
[ 3168.296155][T25367] libceph: mon0 (1)[c::]:6789 connect error
[ 3168.384952][T27595] ceph: No mds server is up or the cluster is laggy
[ 3169.778742][T27624] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10)
[ 3169.785421][T27624] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 3169.793668][T27624] vhci_hcd vhci_hcd.0: Device attached
[ 3170.004540][T27625] vhci_hcd: connection closed
[ 3170.013569][T27624] 9pnet: Could not find request transport: Kdę)W

[ 3170.047192][   T49] vhci_hcd: stop threads
[ 3170.052864][   T49] vhci_hcd: release socket
[ 3170.057892][   T49] vhci_hcd: disconnect device
[ 3170.110175][T19646] usb 37-1: new high-speed USB device number 4 using vhci_hcd
[ 3170.120160][T19646] usb 37-1: enqueue for inactive port 0
[ 3170.190098][T19646] vhci_hcd: vhci_device speed not set
[ 3201.648665][   T31] INFO: task kworker/0:3:10573 blocked for more than 143 seconds.
[ 3201.656544][   T31]       Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0
[ 3201.664578][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 3201.673500][   T31] task:kworker/0:3     state:D stack:20328 pid:10573 tgid:10573 ppid:2      task_flags:0x4208060 flags:0x00004000
[ 3201.685821][   T31] Workqueue: events rfkill_global_led_trigger_worker
[ 3201.692612][   T31] Call Trace:
[ 3201.695986][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 3201.698980][   T31]  __schedule+0x16a2/0x4cb0
[ 3201.703663][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 3201.709643][   T31]  ? schedule+0x165/0x360
[ 3201.714328][   T31]  ? __pfx___schedule+0x10/0x10
[ 3201.719328][   T31]  ? schedule+0x91/0x360
[ 3201.723622][   T31]  schedule+0x165/0x360
[ 3201.727850][   T31]  schedule_preempt_disabled+0x13/0x30
[ 3201.733426][   T31]  __mutex_lock+0x724/0xe80
[ 3201.737962][   T31]  ? look_up_lock_class+0x74/0x170
[ 3201.743200][   T31]  ? __mutex_lock+0x51b/0xe80
[ 3201.747926][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[ 3201.754557][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 3201.784353][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 3201.808965][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 3201.814783][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[ 3201.839069][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 3201.844871][   T31]  process_scheduled_works+0xade/0x17b0
[ 3201.850624][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 3201.856675][   T31]  worker_thread+0x8a0/0xda0
[ 3201.861387][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 3201.868322][   T31]  ? __kthread_parkme+0x7b/0x200
[ 3201.873325][   T31]  kthread+0x711/0x8a0
[ 3201.877426][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 3201.882643][   T31]  ? __pfx_kthread+0x10/0x10
[ 3201.887249][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 3201.892832][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 3201.898048][   T31]  ? __pfx_kthread+0x10/0x10
[ 3201.902737][   T31]  ret_from_fork+0x3f9/0x770
[ 3201.907365][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 3201.912649][   T31]  ? __switch_to_asm+0x39/0x70
[ 3201.917436][   T31]  ? __switch_to_asm+0x33/0x70
[ 3201.922257][   T31]  ? __pfx_kthread+0x10/0x10
[ 3201.926862][   T31]  ret_from_fork_asm+0x1a/0x30
[ 3201.931767][   T31]  </TASK>
[ 3201.934921][   T31] INFO: task syz.8.5308:26473 blocked for more than 143 seconds.
[ 3201.942800][   T31]       Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0
[ 3201.950541][   T31]       Blocked by coredump.
[ 3201.955255][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 3201.964015][   T31] task:syz.8.5308      state:D stack:26888 pid:26473 tgid:26467 ppid:25701  task_flags:0x40044c flags:0x00004006
[ 3201.976258][   T31] Call Trace:
[ 3201.979669][   T31]  <TASK>
[ 3201.982634][   T31]  __schedule+0x16a2/0x4cb0
[ 3201.987171][   T31]  ? schedule+0x165/0x360
[ 3201.991649][   T31]  ? __pfx___schedule+0x10/0x10
[ 3201.996540][   T31]  ? schedule+0x91/0x360
[ 3202.001205][   T31]  schedule+0x165/0x360
[ 3202.005430][   T31]  schedule_preempt_disabled+0x13/0x30
[ 3202.011166][   T31]  __mutex_lock+0x724/0xe80
[ 3202.015811][   T31]  ? kobject_put+0x43f/0x480
[ 3202.020553][   T31]  ? __mutex_lock+0x51b/0xe80
[ 3202.025267][   T31]  ? rfkill_unregister+0xc8/0x220
[ 3202.030455][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 3202.035512][   T31]  ? __pfx_device_del+0x10/0x10
[ 3202.040475][   T31]  rfkill_unregister+0xc8/0x220
[ 3202.045375][   T31]  nfc_unregister_device+0x96/0x2a0
[ 3202.051200][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[ 3202.056961][   T31]  virtual_ncidev_close+0x56/0x90
[ 3202.062230][   T31]  __fput+0x44c/0xa70
[ 3202.066256][   T31]  task_work_run+0x1d4/0x260
[ 3202.071001][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 3202.076160][   T31]  do_exit+0x6b5/0x22e0
[ 3202.080390][   T31]  ? do_raw_spin_lock+0x121/0x290
[ 3202.085464][   T31]  ? __pfx_do_exit+0x10/0x10
[ 3202.090180][   T31]  do_group_exit+0x21c/0x2d0
[ 3202.094843][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 3202.100145][   T31]  get_signal+0x125e/0x1310
[ 3202.104729][   T31]  arch_do_signal_or_restart+0x9a/0x750
[ 3202.110463][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 3202.116673][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[ 3202.122196][   T31]  exit_to_user_mode_loop+0x75/0x110
[ 3202.127498][   T31]  do_syscall_64+0x2bd/0x3b0
[ 3202.134700][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 3202.140060][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3202.146158][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 3202.151235][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3202.157194][   T31] RIP: 0033:0x7fdc2ab8e929
[ 3202.161683][   T31] RSP: 002b:00007fdc2b91b038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 3202.171377][   T31] RAX: 0000000000010106 RBX: 00007fdc2adb6080 RCX: 00007fdc2ab8e929
[ 3202.179462][   T31] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000005
[ 3202.187460][   T31] RBP: 00007fdc2ac10b39 R08: 0000000000000000 R09: 0000000000000000
[ 3202.195492][   T31] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[ 3202.203504][   T31] R13: 0000000000000000 R14: 00007fdc2adb6080 R15: 00007fff8e455b18
[ 3202.211812][   T31]  </TASK>
[ 3202.214902][   T31] INFO: task syz.6.5307:26472 blocked for more than 143 seconds.
[ 3202.225225][   T31]       Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0
[ 3202.233075][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 3202.241969][   T31] task:syz.6.5307      state:D stack:25288 pid:26472 tgid:26470 ppid:25195  task_flags:0x400140 flags:0x00004006
[ 3202.254025][   T31] Call Trace:
[ 3202.257316][   T31]  <TASK>
[ 3202.260481][   T31]  __schedule+0x16a2/0x4cb0
[ 3202.265048][   T31]  ? __lock_acquire+0xa01/0xd20
[ 3202.269998][   T31]  ? schedule+0x165/0x360
[ 3202.274371][   T31]  ? __pfx___schedule+0x10/0x10
[ 3202.279367][   T31]  ? schedule+0x91/0x360
[ 3202.283672][   T31]  schedule+0x165/0x360
[ 3202.287860][   T31]  schedule_preempt_disabled+0x13/0x30
[ 3202.293522][   T31]  __mutex_lock+0x724/0xe80
[ 3202.298106][   T31]  ? __lock_acquire+0xab9/0xd20
[ 3202.303136][   T31]  ? __mutex_lock+0x51b/0xe80
[ 3202.307992][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[ 3202.313442][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 3202.318573][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 3202.323829][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 3202.330217][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 3202.336585][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[ 3202.342372][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[ 3202.347494][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[ 3202.353343][   T31]  rfkill_set_block+0x1cf/0x440
[ 3202.358333][   T31]  rfkill_fop_write+0x44b/0x570
[ 3202.363225][   T31]  ? __lock_acquire+0xab9/0xd20
[ 3202.368286][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[ 3202.373695][   T31]  ? security_kernfs_init_security+0x280/0x290
[ 3202.379939][   T31]  ? rw_verify_area+0x258/0x650
[ 3202.384833][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[ 3202.390307][   T31]  vfs_write+0x27e/0xa90
[ 3202.394698][   T31]  ? __pfx_vfs_write+0x10/0x10
[ 3202.399602][   T31]  ? __fget_files+0x2a/0x420
[ 3202.404229][   T31]  ? __fget_files+0x2a/0x420
[ 3202.408870][   T31]  ? __fget_files+0x3a0/0x420
[ 3202.413579][   T31]  ? __fget_files+0x2a/0x420
[ 3202.418267][   T31]  ksys_write+0x145/0x250
[ 3202.422659][   T31]  ? __pfx_ksys_write+0x10/0x10
[ 3202.427564][   T31]  ? rcu_is_watching+0x15/0xb0
[ 3202.432396][   T31]  ? arch_syscall_is_vdso_sigreturn+0x120/0x1a0
[ 3202.439063][   T31]  ? syscall_user_dispatch+0x4f/0x90
[ 3202.444381][   T31]  do_syscall_64+0xfa/0x3b0
[ 3202.448963][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 3202.454196][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3202.460372][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 3202.465080][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3202.471030][   T31] RIP: 0033:0x7f8d58b8e929
[ 3202.475451][   T31] RSP: 002b:00007f8d59adf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 3202.483949][   T31] RAX: ffffffffffffffda RBX: 00007f8d58db5fa0 RCX: 00007f8d58b8e929
[ 3202.491987][   T31] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000009
[ 3202.500104][   T31] RBP: 00007f8d58c10b39 R08: 0000000000000000 R09: 0000000000000000
[ 3202.508154][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3202.516159][   T31] R13: 0000000000000000 R14: 00007f8d58db5fa0 R15: 00007ffe28e64598
[ 3202.524266][   T31]  </TASK>
[ 3202.527363][   T31] 
[ 3202.527363][   T31] Showing all locks held in the system:
[ 3202.543407][   T31] 1 lock held by khungtaskd/31:
[ 3202.548611][   T31]  #0: ffffffff8e13f160 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 3202.558600][   T31] 2 locks held by getty/5595:
[ 3202.563295][   T31]  #0: ffff88803111b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 3202.573155][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 3202.583400][   T31] 3 locks held by kworker/0:3/10573:
[ 3202.589011][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 3202.600134][   T31]  #1: ffffc9000b8b7bc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 3202.613816][   T31]  #2: ffffffff8f7e6668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[ 3202.625440][   T31] 4 locks held by kworker/u8:1/10685:
[ 3202.630883][   T31]  #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 3202.641892][   T31]  #1: ffffc90004abfbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 3202.652605][   T31]  #2: ffffffff8f4fe950 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[ 3202.662257][   T31]  #3: ffffffff8f7e6668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 3202.672462][   T31] 2 locks held by kworker/u8:11/21571:
[ 3202.677943][   T31]  #0: ffff8880b8639e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[ 3202.688516][   T31]  #1: ffff8880b8623f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39e/0x6d0
[ 3202.700124][   T31] 1 lock held by syz-executor/24921:
[ 3202.705430][   T31]  #0: ffffffff8f7e6668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 3202.715635][   T31] 1 lock held by syz-executor/25701:
[ 3202.721014][   T31]  #0: ffffffff8f7e6668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 3202.731208][   T31] 2 locks held by syz.8.5308/26473:
[ 3202.736410][   T31]  #0: ffff88802848a100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[ 3202.746249][   T31]  #1: ffffffff8f7e6668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 3202.756420][   T31] 2 locks held by syz.6.5307/26472:
[ 3202.761723][   T31]  #0: ffffffff8f7e6668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570
[ 3202.772412][   T31]  #1: ffff88802848a100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[ 3202.782182][   T31] 2 locks held by syz-executor/26623:
[ 3202.787559][   T31]  #0: ffff888048141918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 3202.797893][   T31]  #1: ffffffff8f7e6668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 3202.807941][   T31] 2 locks held by syz-executor/26628:
[ 3202.813354][   T31]  #0: ffff88807c04a118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 3202.823498][   T31]  #1: ffffffff8f7e6668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 3202.833621][   T31] 2 locks held by syz-executor/27162:
[ 3202.839146][   T31]  #0: ffff8880321cb118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 3202.849374][   T31]  #1: ffffffff8f7e6668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 3202.859421][   T31] 2 locks held by syz-executor/27163:
[ 3202.864807][   T31]  #0: ffff8880566fc118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 3202.874865][   T31]  #1: ffffffff8f7e6668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 3202.885098][   T31] 3 locks held by syz.0.5651/27568:
[ 3202.890365][   T31]  #0: ffffffff8f5716f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 3202.898680][   T31]  #1: ffffffff8f571508 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[ 3202.907716][   T31]  #2: ffffffff8f7e6668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 3202.917734][   T31] 2 locks held by syz.3.5668/27620:
[ 3202.923001][   T31]  #0: ffffffff8f5716f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 3202.931435][   T31]  #1: ffffffff8f571508 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[ 3202.940536][   T31] 2 locks held by syz.2.5669/27629:
[ 3202.945739][   T31]  #0: ffffffff8f5716f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 3202.954047][   T31]  #1: ffffffff8f571508 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[ 3202.963135][   T31] 2 locks held by syz-executor/27631:
[ 3202.968587][   T31]  #0: ffff88807ce13918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 3202.978694][   T31]  #1: ffffffff8f7e6668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 3202.989065][   T31] 2 locks held by syz-executor/27634:
[ 3202.994449][   T31]  #0: ffff888079a42118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 3203.004559][   T31]  #1: ffffffff8f7e6668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 3203.014569][   T31] 2 locks held by syz-executor/27635:
[ 3203.020033][   T31]  #0: ffff8880227e3118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 3203.030176][   T31]  #1: ffffffff8f7e6668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 3203.040225][   T31] 2 locks held by syz-executor/27638:
[ 3203.045598][   T31]  #0: ffff888034e5f118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 3203.055716][   T31]  #1: ffffffff8f7e6668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 3203.065706][   T31] 2 locks held by syz-executor/27639:
[ 3203.071131][   T31]  #0: ffff888034e5e918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 3203.081244][   T31]  #1: ffffffff8f7e6668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 3203.091319][   T31] 
[ 3203.093662][   T31] =============================================
[ 3203.093662][   T31] 
[ 3203.102510][   T31] NMI backtrace for cpu 1
[ 3203.102528][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 3203.102553][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 3203.102565][   T31] Call Trace:
[ 3203.102574][   T31]  <TASK>
[ 3203.102584][   T31]  dump_stack_lvl+0x189/0x250
[ 3203.102609][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 3203.102640][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3203.102663][   T31]  ? __pfx__printk+0x10/0x10
[ 3203.102702][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 3203.102738][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 3203.102762][   T31]  ? _printk+0xcf/0x120
[ 3203.102792][   T31]  ? __pfx__printk+0x10/0x10
[ 3203.102820][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 3203.102853][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 3203.102883][   T31]  watchdog+0xfee/0x1030
[ 3203.102915][   T31]  ? watchdog+0x1de/0x1030
[ 3203.102953][   T31]  kthread+0x711/0x8a0
[ 3203.102984][   T31]  ? __pfx_watchdog+0x10/0x10
[ 3203.103010][   T31]  ? __pfx_kthread+0x10/0x10
[ 3203.103037][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 3203.103064][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 3203.103092][   T31]  ? __pfx_kthread+0x10/0x10
[ 3203.103120][   T31]  ret_from_fork+0x3f9/0x770
[ 3203.103143][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 3203.103170][   T31]  ? __switch_to_asm+0x39/0x70
[ 3203.103194][   T31]  ? __switch_to_asm+0x33/0x70
[ 3203.103217][   T31]  ? __pfx_kthread+0x10/0x10
[ 3203.103245][   T31]  ret_from_fork_asm+0x1a/0x30
[ 3203.103287][   T31]  </TASK>
[ 3203.103295][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 3203.261692][    C0] NMI backtrace for cpu 0
[ 3203.261709][    C0] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 3203.261730][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 3203.261742][    C0] Workqueue: bat_events batadv_mcast_mla_update
[ 3203.261774][    C0] RIP: 0010:ttwu_do_wakeup+0x134/0x150
[ 3203.261800][    C0] Code: c6 08 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 1e c6 8f 00 49 8b 3e 48 89 de e8 13 e6 35 00 65 ff 0d fc 58 0b 11 <0f> 85 f4 fe ff ff e8 71 ef a1 ff e9 ea fe ff ff 90 0f 0b 90 eb 85
[ 3203.261815][    C0] RSP: 0018:ffffc90000b97928 EFLAGS: 00000083
[ 3203.261829][    C0] RAX: ffffffff81c7906d RBX: ffff888030ab9e00 RCX: ffff88801beb5a00
[ 3203.261842][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 3203.261853][    C0] RBP: ffff888030ab9e00 R08: ffffffff8fa0c5f7 R09: 1ffffffff1f418be
[ 3203.261866][    C0] R10: dffffc0000000000 R11: fffffbfff1f418bf R12: dffffc0000000000
[ 3203.261879][    C0] R13: ffff8880b8639e00 R14: ffff888022bd6618 R15: dffffc0000000000
[ 3203.261893][    C0] FS:  0000000000000000(0000) GS:ffff888125c4f000(0000) knlGS:0000000000000000
[ 3203.261907][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3203.261919][    C0] CR2: 000055d3ea114000 CR3: 000000000df38000 CR4: 00000000003526f0
[ 3203.261934][    C0] Call Trace:
[ 3203.261942][    C0]  <TASK>
[ 3203.261951][    C0]  ttwu_do_activate+0x219/0x8b0
[ 3203.261979][    C0]  try_to_wake_up+0x745/0x1290
[ 3203.262006][    C0]  kick_pool+0x47d/0x640
[ 3203.262028][    C0]  process_scheduled_works+0x7a1/0x17b0
[ 3203.262062][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 3203.262090][    C0]  worker_thread+0x8a0/0xda0
[ 3203.262122][    C0]  kthread+0x711/0x8a0
[ 3203.262146][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 3203.262164][    C0]  ? __pfx_kthread+0x10/0x10
[ 3203.262187][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 3203.262210][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 3203.262233][    C0]  ? __pfx_kthread+0x10/0x10
[ 3203.262256][    C0]  ret_from_fork+0x3f9/0x770
[ 3203.262274][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 3203.262294][    C0]  ? __switch_to_asm+0x39/0x70
[ 3203.262315][    C0]  ? __switch_to_asm+0x33/0x70
[ 3203.262334][    C0]  ? __pfx_kthread+0x10/0x10
[ 3203.262357][    C0]  ret_from_fork_asm+0x1a/0x30
[ 3203.262387][    C0]  </TASK>
[ 3203.263314][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 3203.263339][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 3203.263367][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 3203.263383][   T31] Call Trace:
[ 3203.263394][   T31]  <TASK>
[ 3203.263406][   T31]  dump_stack_lvl+0x99/0x250
[ 3203.263436][   T31]  ? __asan_memcpy+0x40/0x70
[ 3203.263466][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3203.263494][   T31]  ? __pfx__printk+0x10/0x10
[ 3203.263546][   T31]  panic+0x2db/0x790
[ 3203.263579][   T31]  ? __pfx_panic+0x10/0x10
[ 3203.263605][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 3203.263638][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 3203.263674][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 3203.263714][   T31]  watchdog+0x102d/0x1030
[ 3203.263751][   T31]  ? watchdog+0x1de/0x1030
[ 3203.263795][   T31]  kthread+0x711/0x8a0
[ 3203.263831][   T31]  ? __pfx_watchdog+0x10/0x10
[ 3203.263864][   T31]  ? __pfx_kthread+0x10/0x10
[ 3203.263897][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 3203.263930][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 3203.263963][   T31]  ? __pfx_kthread+0x10/0x10
[ 3203.263998][   T31]  ret_from_fork+0x3f9/0x770
[ 3203.264043][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 3203.264076][   T31]  ? __switch_to_asm+0x39/0x70
[ 3203.264105][   T31]  ? __switch_to_asm+0x33/0x70
[ 3203.264135][   T31]  ? __pfx_kthread+0x10/0x10
[ 3203.264167][   T31]  ret_from_fork_asm+0x1a/0x30
[ 3203.264218][   T31]  </TASK>
[ 3203.633709][   T31] Kernel Offset: disabled
[ 3203.638043][   T31] Rebooting in 86400 seconds..