last executing test programs:

19m29.79310269s ago: executing program 3 (id=205):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r0 = getpid()
r1 = socket(0x1d, 0x2, 0x6)
setsockopt$ALG_SET_KEY(r1, 0x6a, 0x1, 0x0, 0xc)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f00000003c0)={<r2=>0x0, @in={{0x2, 0x4e24, @private=0xa010101}}, 0x3, 0x8, 0x9, 0x8, 0x4}, &(0x7f0000000100)=0x98)
getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000140)={r2, 0x7ff, 0x9}, &(0x7f0000000300)=0x10)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xd40, 0xd2)
r4 = socket$phonet_pipe(0x23, 0x5, 0x2)
mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x1000000, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB="5708c5fbd66f3d30145ed949afacead4bb95ab8a04b663036dd7c3342045d9240202293dff50f07c37cba1a030ba2ba689b235b64b83f8bf2b1d6a13fb60a44d4df7f0cfde6c59ec20ad0efcde3ffbd9b6636f55884570ebdeaf9db2300e2276329327bdf95d04414d65fe09d1ebe3bab1f123c15bc4ddaaac79587c3f70d25059a52126333717a34bd2d2d37a029fa4fb19963f0d392391256df50a85da4a2b915ea9dfade3ff2c17a583c2eab871", @ANYRESHEX=r4, @ANYBLOB=',\x00'])
tgkill(r0, r0, 0x26)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r8 = userfaultfd(0x801)
ioctl$UFFDIO_API(r8, 0xc018aa3f, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
r9 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_inet_SIOCSIFBRDADDR(r9, 0x891a, &(0x7f0000000000)={'batadv_slave_1\x00', {0x2, 0x4e22, @empty}})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)}, 0x0)

19m28.115814899s ago: executing program 3 (id=211):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
close(r0)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc", 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f000001ea00)=""/102400, 0x19000)
socket$rds(0x15, 0x5, 0x0)
execve(0x0, 0x0, 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
write$vga_arbiter(r1, 0x0, 0xb)
add_key$user(0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket(0x10, 0x80003, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'vcan0\x00'})
ioctl$BLKPBSZGET(0xffffffffffffffff, 0x127b, 0x0)
syz_open_dev$dri(0x0, 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[0x0, 0x0], 0x2, 0x0, 0x0, <r3=>0xffffffffffffffff})
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x400)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x2100, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000})
sendmsg$nl_route_sched_retired(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x10000011)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)

19m26.402230206s ago: executing program 3 (id=213):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002340)={&(0x7f0000003700)=ANY=[@ANYRES64], 0x0, 0x38, 0x0, 0x9, 0x3}, 0x28)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)=@usbdevfs_disconnect={0x0, 0x5516, 0x4000000000000000})
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

19m24.006873446s ago: executing program 3 (id=215):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$igmp(0x2, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$cgroup(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSBRKP(r3, 0x5425, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, 0x0)
ioctl$TCSETSW2(r4, 0x5408, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf"})
ioctl$TIOCGPGRP(r3, 0x5437, 0x0)

19m15.594205129s ago: executing program 3 (id=234):
syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011005a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c0900030424020204240200042402"], 0x0)
epoll_create1(0x0)
syz_open_dev$dri(0x0, 0x1ff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x4c094)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0x1}}}, 0x24}}, 0x10)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r4, &(0x7f000004b680)=""/102356, 0x18fd4, 0x8)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0xa, 0x2)

19m12.84113099s ago: executing program 3 (id=243):
r0 = syz_open_dev$radio(&(0x7f0000001640), 0x0, 0x2)
preadv(r0, &(0x7f0000000e80)=[{&(0x7f00000031c0)=""/207, 0xcf}, {&(0x7f0000000b00)=""/244, 0xf4}, {&(0x7f00000004c0)=""/78, 0x4e}, {&(0x7f0000000380)=""/66, 0x42}, {&(0x7f0000000dc0)=""/177, 0xb1}, {&(0x7f0000000cc0)=""/205, 0xcd}, {&(0x7f0000000f00)=""/141, 0x8d}, {&(0x7f0000001680)=""/4096, 0x1000}], 0x8, 0x6, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000200)={&(0x7f0000000240)=[0x0, <r4=>0x0, 0x0, 0x0, 0x0], 0x5})
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x4e}]})
bind$bt_hci(r5, &(0x7f0000000080)={0x1f, 0x0, 0x3}, 0x6)
write$bt_hci(r5, &(0x7f0000000000)=ANY=[], 0x6)
ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f0000000340)={r4, r3, r2, 0x1, 0x401, 0xfb5, 0x2d, 0xbbd, 0x2, 0xf, 0x6, 0x4})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000400)=[0x0], &(0x7f0000000280), 0x1, r3})
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f00000000c0)=[r3], &(0x7f0000000280), 0x0, 0x0})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x7002})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r9, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r9, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r9, 0x6, 0x16, &(0x7f0000000000), 0x20000328)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r9, 0x6, 0x1d, &(0x7f0000000000)={0x5, 0x4, 0x2, 0x5, 0x4}, 0x14)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x20010, 0xffffffffffffffff, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast})
pread64(r6, &(0x7f0000002200)=""/89, 0x59, 0x10000)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000440)={0x0, <r10=>0x0, <r11=>0x0}, &(0x7f0000000280)=0xc)
setuid(r10)
mount$9p_tcp(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x30820, &(0x7f0000000540)=ANY=[@ANYRES8=r11, @ANYRESDEC=r7, @ANYRESHEX=r4, @ANYRESHEX, @ANYRES64=r4])

18m57.145138065s ago: executing program 32 (id=243):
r0 = syz_open_dev$radio(&(0x7f0000001640), 0x0, 0x2)
preadv(r0, &(0x7f0000000e80)=[{&(0x7f00000031c0)=""/207, 0xcf}, {&(0x7f0000000b00)=""/244, 0xf4}, {&(0x7f00000004c0)=""/78, 0x4e}, {&(0x7f0000000380)=""/66, 0x42}, {&(0x7f0000000dc0)=""/177, 0xb1}, {&(0x7f0000000cc0)=""/205, 0xcd}, {&(0x7f0000000f00)=""/141, 0x8d}, {&(0x7f0000001680)=""/4096, 0x1000}], 0x8, 0x6, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000200)={&(0x7f0000000240)=[0x0, <r4=>0x0, 0x0, 0x0, 0x0], 0x5})
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x4e}]})
bind$bt_hci(r5, &(0x7f0000000080)={0x1f, 0x0, 0x3}, 0x6)
write$bt_hci(r5, &(0x7f0000000000)=ANY=[], 0x6)
ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f0000000340)={r4, r3, r2, 0x1, 0x401, 0xfb5, 0x2d, 0xbbd, 0x2, 0xf, 0x6, 0x4})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000400)=[0x0], &(0x7f0000000280), 0x1, r3})
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f00000000c0)=[r3], &(0x7f0000000280), 0x0, 0x0})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x7002})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r9, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r9, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r9, 0x6, 0x16, &(0x7f0000000000), 0x20000328)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r9, 0x6, 0x1d, &(0x7f0000000000)={0x5, 0x4, 0x2, 0x5, 0x4}, 0x14)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x20010, 0xffffffffffffffff, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast})
pread64(r6, &(0x7f0000002200)=""/89, 0x59, 0x10000)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000440)={0x0, <r10=>0x0, <r11=>0x0}, &(0x7f0000000280)=0xc)
setuid(r10)
mount$9p_tcp(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x30820, &(0x7f0000000540)=ANY=[@ANYRES8=r11, @ANYRESDEC=r7, @ANYRESHEX=r4, @ANYRESHEX, @ANYRES64=r4])

4m19.978698893s ago: executing program 5 (id=2327):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000580)=@nat={'nat\x00', 0x2, 0x5, 0x4d8, 0x360, 0x220, 0xffffffff, 0xf0, 0x0, 0x430, 0x430, 0xffffffff, 0x430, 0x430, 0x5, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @remote, [], [], 'batadv0\x00', 'veth0_to_batadv\x00', {0xff}, {}, 0x0, 0xe}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv4=@empty, @ipv6=@remote}}}, {{@ipv6={@dev, @loopback, [0x0, 0xff000000], [], 'batadv0\x00', 'veth1_vlan\x00'}, 0x0, 0xe8, 0x130, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x8, @ipv6=@dev={0xfe, 0x80, '\x00', 0x1b}, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, @port=0x4e23, @icmp_id=0x67}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@ipv6header={{0x28}, {0x8, 0x18c}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @loopback}, @ipv6=@mcast1, @gre_key, @gre_key}}}, {{@ipv6={@remote, @mcast1, [], [], 'ipvlan0\x00', 'pim6reg\x00', {}, {}, 0x8}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x538)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f00000043c0)={0x0, @in={{0x2, 0x4e24, @multicast2}}, 0x9, 0x8, 0x2, 0xdffff43e, 0x97}, &(0x7f0000004480)=0x98)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
r4 = eventfd(0xffffffff)
syz_io_uring_setup(0x1ee6, &(0x7f0000000380)={0x0, 0xfbc6, 0x10100, 0x1, 0xe0}, &(0x7f00000002c0), &(0x7f0000000100))
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4)
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000880))
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0)
r5 = socket$pptp(0x18, 0x1, 0x2)
getpeername(r5, 0x0, &(0x7f0000001580))
openat$full(0xffffffffffffff9c, &(0x7f0000000100), 0x200980, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bond0\x00'})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1b000000000000000000006e324f72be2d9e22a957e21e24d2f634a9540c8cf29603049103314945a11be453b5dac0ba7415519fecb633c7cddb062b52036413062e37500dc700114214835391f31b9fc1e0abc5f97cb254edf0f7dc3e4fca4cd669f126e756000000000000000000000000000000af318cdd40bb39e45778476e13c32bed42cd36bd10093470aba7a69145141f1862871a9ea56b76b562f9a4018de02777580bc85362bc9aa0f076c77326035d35287789e138017e4fe4ea07e5b2cd94348ea4e2bcac2b25d8f9753a8b55b759f87b57ef59ae92", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0500"/28], 0x50)
syz_extract_tcp_res$synack(&(0x7f0000000200)={<r6=>0x41424344}, 0x1, 0x0)
syz_emit_ethernet(0x6a, &(0x7f0000000c00)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000208004500005cfffe0000fd06907864010101ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=r6, @ANYBLOB="2c04000290780932030303080a000002000000000bfe06e2d4c3d91e0aa016ffffff2adf7215d005bdeaff6746c0ff0001051600000005000000090200007f000077230000000100"], 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000200)={<r7=>0x41424344}, 0x1, 0x0)
syz_emit_ethernet(0x62, &(0x7f00000005c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x54, 0xfffe, 0x0, 0xfd, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, r7, 0x0, 0x6, 0x10, 0x4, 0x2, 0x0, 0x932, {[@window={0x3, 0x3, 0x3}, @timestamp={0x8, 0xa, 0x200, 0xb}, @exp_smc={0xfe, 0x6}, @nop, @sack={0x5, 0x16, [0x5, 0x9, 0x7f, 0x7723, 0x1]}]}}}}}}}, 0x0)
syz_emit_ethernet(0x170, &(0x7f0000000400)={@broadcast, @multicast, @val={@void, {0x8100, 0x0, 0x1, 0x1}}, {@mpls_mc={0x8848, {[{0xa}, {0x5}], @ipv6=@tcp={0x8, 0x6, "98eb70", 0x12e, 0x6, 0x1, @mcast2, @empty, {[@srh={0x33, 0x6, 0x4, 0x3, 0x0, 0x10, 0xf, [@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, @empty]}, @fragment={0x29, 0x0, 0x7, 0x0, 0x0, 0x1, 0x67}, @srh={0x87, 0x2, 0x4, 0x1, 0x9, 0x0, 0x1ff, [@empty]}, @routing={0x73, 0x2, 0x1, 0x8, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}], {{0x4e22, 0x4e23, r6, r7, 0x1, 0x0, 0xd, 0x40, 0x5, 0x0, 0x9, {[@sack={0x5, 0x1a, [0x9, 0x4, 0x6, 0xb, 0x4, 0x0]}, @exp_smc={0xfe, 0x6}]}}, {"4f7ee7a05ec9fbd4219fd18075bfe263888878e36ac6256ae4234fd38681286a499f1b38c24132e5c3dc184aeed7872e868b99cbdeabaca595c1671e8135e0f8d238a20bc90fffbf0bfb32334936fd663066e661789e0d2e4869924a9e9d6a207c343a504a9274e276dff3e950ccc47cf70d932da6f87ad88ee45da119774ef3d03c920d3ddf03837011"}}}}}}}}, &(0x7f0000000140)={0x1, 0x2, [0x167, 0x6c3, 0xd4c, 0x5f4]})

4m17.092899392s ago: executing program 5 (id=2333):
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x200, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r4, &(0x7f0000000740)={0xfffffffffffffdb0, 0x7d, 0x1, {{0x500, 0xf1, 0x0, 0x400, {0x0, 0x0, 0x4}, 0x0, 0x0, 0x2, 0x0, 0x1f, '\x04nodev{cvfox%\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x05\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00!\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00\xca_\xfeR+\x125\xa9\xc7\xefo6\xebd\x19\xec\xdf\xbaH\xb8\x90\xf9>\n\xec\x89\x18EM\xf8Y'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x232)
socket$kcm(0x21, 0x2, 0x2)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r6, 0x890b, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f00000022c0), 0xffffffffffffffff)
bind$bt_hci(r5, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="02000000040000000700"], 0x48)

4m14.656528394s ago: executing program 5 (id=2337):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00'})
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@nfs_export_on}, {@redirect_dir_on}, {@userxattr}, {@upperdir={'upperdir', 0x3d, './bus'}}]})
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000680)=""/102392, 0x18ff8)
r2 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000040), 0x43)
prctl$PR_MCE_KILL(0x21, 0x1, 0x1)
accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x80000)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
msgrcv(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl(r3, 0x8b21, &(0x7f0000000040))
r4 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r5=>0x0}, &(0x7f0000cab000)=0xc)
setresgid(r5, r5, r5)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r7)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r8 = syz_open_procfs(r6, &(0x7f0000000400)='ns\x00')
readlinkat(r8, &(0x7f0000000100)='./mnt\x00', 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f000001b280)=[{0x0, 0x0, &(0x7f0000019c00)=[{&(0x7f0000019880)="75ba2694c59270505d76e4d337d73d290bd499aa7ee6ec1db42c415e10f5cc71f1a49a5b09307cd55e0ffb729e63652702c125507dc66b3746bc1755ad256de5e814fa8f9075cae17bccad5749afe057f0fe7e6fc9ce2d9abd5e5881246a16ba325fbd3e643a7559657c743017f257b0e9023bd8765d85484710e3b027d016356c6ae266a5299e8f1f28", 0x8a}, {&(0x7f0000019940)="63aa7cf25a3e7a52a9d66d66bbf3c2469d514a5a8b20ed867dd3bb3b451b2187a2a0592f260c8c6fe2cd997c740f8aa20f95fce08e0cf37c4ab4e582f3e6c3dc5c8fe1036e39d5f66b55007cca015a79a4e4892166f6e81fff10e8f8eb2269d713c5445db0f79fc054b390a60405bb3a35c1", 0x72}, {&(0x7f00000003c0)="bd5e1d8d054d8ddec8578842ea5f205ddafa20a12b27", 0x16}, {&(0x7f00000199c0)="3562741bc9f97f145b08f9a68c3e302e3bc2d8a4d41be07938c36709f0baba882d7878f11a53fe754edcd21c87f97b2db1fa833b805f11a5d15831c17194492825582cc24a98b8134622db5db392de3f0f28c4c6f1b1fa70207a90eff237688f2aae31b59f0f38eb16774729f2fe4909af579adb5523b3f2f3d4dc73c703e7c50d6b74a1194e9e8e1ab7969693ac670ed70321ae098f4e14ae974eafc689b07412331bc034dc676b9428", 0xaa}, {&(0x7f0000019b00)="5748351fc27982b9b1e3cb5a43dd80f5db14c6add11a5661b2afde8b1c3e0db13b86a56b64c9811fe7791d5ffd9655ce1f3263922c0ff812dfd33c5004f436b8954c557a51f7664e0232db2d8d1358b860348869dce27e70ae169fb6d5c57fc3691d4282689fbeef93b13f", 0x6b}], 0x5, 0x0, 0x0, 0x400c0}, {0x0, 0x0, &(0x7f000001b1c0)=[{&(0x7f0000000600)="0a563d6626a658dc7e6ada447a8662862da1a889ed196012088b9f106faca4ca00c6fcf8d61a181e8fb1b9", 0x2b}, {&(0x7f0000019cc0)="079e2e0e1581c60c90f019a891ae7fd4185f4f4d338d6c8bd39c36420d0eff28a9c852990f8519e25be720088b6053a57f2eacb7d583653bf86a77ecdcc7993a1145dfd40fef9bb32a105338bbd7973b7f97644b2c1330334598c332311411f7080a8ddbd96d070ad800df7dd2298fbeba29dbe1222eb72a1ba05ecb8ea5b781a24c6124e44e82423d9a1d7e70c3b84510c1a4673f326d16431c69eaf016d12013d7e231cec59fe1c2436748e7e6429158a9d46557c0326d77db385617d35e73decbf2cd2226622c1f0c6bafbf1c", 0xce}, {&(0x7f0000019dc0)="6749e7d1ceb2161a1e2127d0e70bba412ab444d47350aa8d86d9f73247d942211c9e8402aa80829e5ad61c86814d8336d8157a31f647ebd1439428efbd88f5773d2f58dea6239cabde0d4ee0a5c5b4dd79460fb764d6a59c2bcbd30e4da139d214209ace2e479265149904d4e5a431267409c07d8354", 0x76}, {&(0x7f0000019e40)="1d27cb68e4d748c381667a7a54643549f7cc551bd42d914eb696aebe3f3f2b5777976f8118052dc19fda3154befe7027021259ffb7a316728a106a8b0a9aa88c4f746a457a7d0166b67e6766b622012c2dcebd7f800512a3d971", 0x5a}, {&(0x7f0000019ec0)="5346970e6ed32258eafcf4402fbf48aeac8ad786662973ebcc5d", 0x1a}, {&(0x7f0000019f00)="a53ab1e1cdf9612fb7ff9b55b24fbd4e7a88ef3445b5b720fd908aacbb3f18619d517b3ad39d005ff5ce4cd80d24e4cb4b6787cd8726f9ad06a7df4e3a1f08c98e59e8e7a845b2b29af05b92fdbc3b9ca8d39ed1d9eaa3a6317a5d986424e1f958a4a31c72c6f72bdd925fc172084124b7409430c7a66f1cd9b2a1fab7d9307081c3a2bd9c8ed24fa3da76a9cd6680a23361bd2be8759b972e3236eb7576d296e74087e4554ef2897bd5f0ed8ce19bea241a4a13dc629a85a66eaac2ce805aae5f4a3619e691308d72ada536d1c3296093cfc7030520782b3c047f8cc3e13ac56e031ae0335464e9a654bb00", 0xec}, {&(0x7f000001a000)="0684a4cb60eb0aca4083e41a61f58acf1a9dc75287ad6955588fb832a5f639e3021a5d64cc812bc4f0d46f813ea21474a19cfdca2ccf633328e4b5d69a6e60a658930b67bf573d88f075c7ef60afef56b390ea494a10ef6ee093483937f70e845f8ac1c660c3e19bca86f964395ef0895dc30affbddd449a63c236dfd300ae0bb2c80abbbd3a94edc712e84ca0eb264c159707ea22b7a19da164b3f4c216565d321a0245411773ab58d1f15dac82e3e1b1997b4d8f6e7c9d8a55b727ae28a4cfb03d0bdc32c3629dd22e4189cd66d3f0534efbc0e73ea736a9d348a87dd6ef1a28dda6dd9b2e7f96047317decbaa", 0xee}, {&(0x7f000001a100)="e3e74f595e2248449320dbc84f4448b440c268502a2b21b9057b824d4e520d9cc5c4e4f6b763a139c29cea47229464016e5bc6c3aeb07cae57465b481880494d8e25f80d58d19f2f354fec82a45893db08521fcc58fc31f1a864bbe83d48d11af0ae5eae5665ab5c13ceb2eb55f01f15fb3f97d321965597547e159739d7fb29993ba29459241052c9224f17891c3e04e5b33f4573946597f44de39b12190fa80443458e5b3bf3e2965fc05ac5cff2987d1ed57248b14ea34943022ee21f20ec8c03e9ee86c92645492c845a69bd7f8984374c277a1222cf05b3508cd20a9e2855e1274ff8ba8e7a658d02fbd5a7f7a793e32c878daec4105b74426056065f9bec8063792a00cf39dee9c0ab322a7eb709a01237cef9ba7677ca0c513f21db2ff5c7a7bd9f1cb49d8ef5680f2eea3c32b70fd7c05952e947a86d5eb9c87d43c44ba475ac54df3dee5cfc7c2d0c41e0dd1d5528fd2dd1fcdb33b5dbaf64df1e01df23335220bde6d8456365575f2b4e56bfbc0f49b821a62f402d2fa775250abddc4ec7453d77efe45086240cd01cda1687fe0824bf1d14e5c24a60f12bfdbeda01b0e00ea8a7bd494dcae751fbb871a3b36b039ccbe32b69aa85c070491b838382c669e562b792e2ec827bfa3d667eaaae5263add02293ad3fad66e24af31b439484f52a6b1575e505e486503addbd6733109e62e3e582a062b22eee2222bd8faf7e05e4282a4f28c4503759b6b4397a9e32c27aecd558a02b3b96428e13dc1733573081b46c83102e9e7835f60ed2183bd1f96a1f3cefe2de17c3cee21e3d8b2d77f616688ffbbd8f50ea34a8e2a6216a2840a32ceae3b1063ac8270890e9c3c56daf8720751590fc0f7d2af4ac945ec347745d7d4276eb53c8b0b3aa6cc8131aa3b3c7ad595a68cb2b75523cda267819a31175f5b926462babcf3c8d1a6a683b7f0b60f55f4c4a34aecc054abed8c62c217d390bda9865ae08b32599cdd36252121a590277403f375c70166069317ec21a9a8a7cb74ee6610219b4d2399018e551e6bcd1e0755ccf8fc4effe88f701f6d3c969bfd1ac6932e98099694a86c1aa789ffa9ed7c81800230cf4bd14ba3aae84f04d9577ce996bc67e1978d6a1c57d87204843131ba1cdaf96ff000e9d604f807eaa93d63b89c37e2b4b3f953627f96321f225adb65470e1139976d9c6d16e59fe84c42c9f5631d1b1413b087e92a1cea26aa3fb24c29ac6e6fa518748f264d8a47d80dbec8c5a0861bc4ccfdc89266a04137a31df05e1bbd7de9ee79f7f23f2640c1996a103d629e53dcf809e721c8e4f655533a88243a7d9dc7e6ef888be647d3931f23a80ff0f5e31e468bfb7ea60739df6f1b2dec813601251e823921f615bd27aa9a6816d6703e63b6a270ecd8960d7026b9c9f6d850fead1ac4f1716ed75a6dae6c637a63081f0ecbc63f9b2d7e171117c1afa341a3a7b52dbed3a2dad156adeca40729dc194551040973d01176a5205275abb1be7c0bc80f7804f18e134f16bd7c05b4f3392e0f21b5231e445aaeabf09bc416d4acf6628fcfc6a3898c604d7a74e19069fcf36bb3368754f743d27ae145463a6692a67f574821cc563488f3ffc9b50fd3109750e2d9e7c49945959ea04eb1b2bd33d57cb1ee7185a20d5244f6a14be1da489b9fddb72ccf61a08cc9b14533053c05e8d2076a1099b5d317b5038e4aebd0ccee26d6732bdf56deb9daf4783378f7c3a52dd78c783ff5ebdf1e06ddd05a779c70a7f19fc3e36d228092cd51272ace3ba40c162e340b1deff559028b2c74b3dc19c043c158b97224e6b052730fae67335cbaec583901a2f10ed4baae1c803e73fd449263e404c470718e21e0978ce0ed7f4bf41bf5a589ba2e60a540ebbbd359c92f5100f66a0ff9e06d2e0338fea14239069ea1c4904aeae6abb6c72ee2aeee439b0afbea7e3d79264dc9fbf4f3c12948d4b756e17f93fc2d39f7cadc0292583a23d973a00a4e6ac8ca25a9e690093300983ab8eeefcc83eed2f258daf9a561e7ded0246e17b7c12fad106be85a0313d0093c3ade126f59eccf93a6b850204029a969f0843d73dc7d57774fa7f74a3062069b55a96959aeb6c799bd4dd3ff0398621ba02edee03723823bf73bec07e5865f21e981f309bde41a0cdd8e89c91218ac060d500ce0144548838abf56f2419400afcc4d4ef145b805d40a7300a44a51a346e7d6ef08ecd07defd88aadc64fa90bc6cb95da1a81a82c1899f77dfd2f4135fe6508de4b873a452a6f37c40cc206d3f4428265316a578ec9818dabf6c040f4dcce3ce20e61fbfe6d566a708656936159deaec55f842702e1c125c11d168a4cee3b36f2e6492c7faf938c9a8eae10399bee653e2d9d7176463b5ed9c92742325d5dc7333a7b2fef6eb67fbfa69bc477aea6c7e7a4181e9a1201fc5256f67f933fc39fc56641d4ce14e9e12ef2c6cf70f19bbcda620cc07d113c4f8b07e18144e0832a42beff3d57065b7ffb17d4804a509d25d0dc327c1a2387d90634a38564064eb8f3939687956f3fe2ca9fb1f41006169705d007d948d6de768023e0686a73cbaba42dbb20ac7e07737ac45968293fbf17cccad7fad74bc033024a36f79aab8abef2fc9b14758d3fb4b5a9912b6764327016be30d03cd046d3eb9026924a954cfbf48a181ab9f1d92fe4ef538b3d4d05cfdfe31d36b69c89e6a8f473ab35d53dd36335d11258e3895e06be8c628e58e3d0b0bd04a9c1b08b4f5ff447dd714a924875280dfa9f797f2a002c023dd0d411fe121e1116d6a69da91e9dea36df638914f560da65d8961705cd8b9fdb26fa213333c1837bcc98e0fc83772cfaa8e491960b353ad6f626f7cc58ce1879cc0dcf62e6c6adc23fbfe145156cffa3606ebeb4dd91fbef9c861be1ec1a14bcc1aee461285d80661b4c1790031ab95b6e008a440ae25d5f40988ec5b0b085e6f3c02d34f542d472ba69bbeb728e6ccb83d95e9e07f3ee6a36ce77bc4ae7d08619842d8dc8b0e0b511430bb98dd7b23d3164c43f502af37963c78fadd62d34273216e29bfd4a421dfeb474d9d42f30f6c21513e4c8ccb38b269f2737ace89d8f62016b17fdf4edfd2ae2daf74b360fc250f351b21c37e749c420e84f5c21fb2bc1c3cd0789df8f8cc410f72b20c06cf70aaf1103fc841a1f843d010e2f75315b80ae124e648997dd57a9bbe812d415dcb9522124197cee032b50158b7b219766968759dfc398a6a11d2175d19570105ac729d4f2ad61f68d30f62f90fbb131774207269658f5a09601ae827e38e299a7fc853ea9d77a225e7af53d3692d9da3a5cf9cd64b617b2ca607ce809dd9241dac786ea6ff3f4803b8905d9b703470ea71c10ff2f7a4a70088dbea78de0fe7d349c684d21215f3886245135d6593fdbd24357fbca0f68044c50324e1fc1b685aeab0dc286b9b86aee9bf627efae2d976a36813ce0bfa0b78ad6f6d22971e3d0382afcb06e149919538a6aa79090ec616736836378605d18242a1b04d3ef72b445b11ecfc18191fa398ead40ec0a845b9a44107ef0e709cad0bc1e23ba02a3106720be817584459be0c0d0f7c296af36a435ad32d1e12e26afb3b6af757fb30f18b128dfdef7c183462a9c5b85fd97adf12ee917f710ce88dd23ce9f4e3ed5e800eadb1c2c07236b793c18a44ff9d8bdb0921dc8726b5af5eef75bf1b0bdcfc4732efe9fc8a9f0eea8e1683930d7f61c0de896f9d13691b6bfeb7a5aef13f2fa7f15cac5dcb1662a1c9e999083a805ab3ee370c9657ea1b553d23bf138e1029b39e2cdac06bc5cb744d4df07fed0579d897ed842c7d98e3b155857e1aa6e0ae91b33852f34d4ae0afe595ea31d114269e9cc587a791ef54e3aa696242578532992dbfac2c3a363d68bfbb9c8daf123a9f65ca3aacd0bd3bfe8edf377150b4b8b2dbf67f537bdaa84e16fe345d0a2902282688bc68f7a7232c6d3abd8430896619797975f5f19d867fad0abf5fba76adec0dc8e2059be774e575721b78c566a9eb8904ffd047b3aee0d1a34dcbeb3603178befd2980a59f00b322f7f0b7241fb57712b331e1ef596e114f0ce76ce255265afa88ce53615091fbda6749dea0e840e337bd8997333d2ef7a60b0b46a0557a4c763c612ec2520c2bbb1107d96631ad97c4122a90df90f020590f728402bb3ce823a032521e6f1727b1bcd8e59112326500693836bc59b9c42b220ee4e17cb2052c22b4997f54b698bcf0dc940b8e8706520979abc8577b728bdc6c7d6554256cfac7c4c22ba7a026ce39c98a9186c255041f3a547576c25bef15d3254292a5b1beec48b4e875256be8421cc7b472d84d8f18e9db1883c5cd217b4c692f6a0da82b0b1fcfac31fc9205e57fe57e6ba09fdf9c4fb1fba8b0dcf4a80dc200a204e2c90f30e41e360b9a2b3dfedf51d3c752374072bdc6317fd1941aca87566ab3eb1455952300060911c7ee82571fe16dd773ca57b614e496cc9825ed37665ee97fcc4fb4aa55cc0a52b635494a2c98665517926868523ddb48446f5101a223f23fb58c9495fbc58fe78c4ab03043d72e5bd6c378dc430d18089ffafdb0ebbd201afc0a3a7ed87309953e861122e7ebebc7cff20f660fa96145325d848499b6bd6a772b7ef84d7dab5dae8d154d7ff08e083a96de812ee2ec84f5c63899d23f00312d46e703d2a08c1aa3c0b041303bade946de212d52f3637eba9b5f2e1a2e6c9495f99208d066be7c5355a0b4cc590cd992eddeb32372bdf84bcec0710928520d337a595b85bb81aec07bcd191d9bcfb44ace46ee8ea3277b7d610e917f84563fee0dcfed200908437d6c5dc32dc7f25b8273a4befb77f0e9cdcdea29b1fea24a55a414063d634bfdfe5fb243a1f50779bfc9542fd543d9148792f40caa5e01154241130df762e0fe3035268521579b04f2e77e73ef59e6def463a7a2957a2228d4a516da2ce508f26fd9c99ea92c9057d885917dabf76abfa039dcc188522851f43120d1c80bc52c564a26fab6474e718ca1cc4e993dae045d211127f8bce8b1b86ce8fcf0460aae41debbd9bc049410aa658d935d9c64b74cb2b5a1bde230da0bfb67a082099c107f972f6abc9124beae1f955a505bd94a48bfc30618e1b5f79167bffa5ad3a97c32055951f7db7d662c7ddedec2580770c4a3910fabb34d7ea093733f53a40f1fbd9a28b31457c1e558d7e8e860f5c629cec9d57d3d2b702d66923350f0e80a06cf4db36885528e81e6a5661fbefe3030960c11b2f5a6d7d088e0ad6265e0ddf452867255e071b03865b50ee94f77348518facc8cefd542bf5a981a7e89e87bbecd86bac783f351a5e33c6b3bceb3b191285d013ffd82ac6ca78d3ff739a64a20e4f973f959eea74fe46c99730fa354099bb74bd91ea886f40e2137b81419252a4f1d6164ff2718cf7531493bfa184eaaa93f9f9796ec2f901ad4d456066731934d5de59d8d99aa00dc0b516749f35ece6df41bc9117a0babda1d07e2d80ba987c76dfd430696f9f08e7fe8deed47689f426aaf3b81081c9abd0371b18f5e62bb3184e4c14b599c845cc1c0d622b722c9ab1cc832d180fc57eeead0b94f1f62197f7f8e91d649f5031b354566c3aee045d58fbecc80e75fc20c4ff0fbcb409d00bc53153f4eb56b229edfcf2c059d6c5b555117f1da46a1ae4635922ee247cab1e166cdea54e230c5330f5705f68ad2497ca7a07cb6364db75a0742a89f0aa1afe0daa0b325050c5c25fbad053b02cad1c3e9062e575b03f981076a90e5f0a1844eb23c6d20b9bd89eb7c95171", 0x1000}, {&(0x7f000001b100)="99df6bff6df214ffd649c1b6620f30abe7472de38c42743f815bc52705d7116e1dd1a1f6dffa5fbae41fced29731f2fa50894fed2006ffb984da66b9120760ff6a8e885f5ffef58b25d776cd914f7f5aa7e0e446b402518b7004a96df4df415af7de72692a38c33a88fb46242efbed7a250ca7774d4064f9a77844521051869bad", 0x81}], 0x9, 0x0, 0x0, 0x1}], 0x2, 0x80)
syz_usb_connect(0x0, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000e5876e4040200514940a000000015883b2000905850100000000d600"/45], 0x0)

4m11.879374858s ago: executing program 0 (id=2343):
r0 = socket(0x10, 0x3, 0x0)
r1 = getpgid(0x0)
r2 = gettid()
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000100000000000000040000850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18)
ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000180)=0x2000004)
r4 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f00000009c0)={'syztnl1\x00', <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @empty}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000640)={'ip6tnl0\x00', r5, 0x4, 0x2, 0x81, 0xcf57, 0xff00, @ipv4={'\x00', '\xff\xff', @local}, @loopback, 0x8000, 0x0, 0x0, 0x300}})
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
io_setup(0x7f, &(0x7f0000000940)=<r7=>0x0)
io_submit(r7, 0xfdef, &(0x7f00000002c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000080)="c3", 0x1}])
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000000)={r6, r0, 0x2})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)=@RTM_GETMDB={0x18, 0x56, 0xf23}, 0x18}}, 0x0)

4m8.829563416s ago: executing program 0 (id=2346):
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000002c0)={0x1, 0x5}, 0x2)
write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0), 0x2)
read(r0, &(0x7f00000001c0)=""/93, 0x5d)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}}, &(0x7f00000001c0)='syzkaller\x00'}, 0x80)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={0x0, 0x9c}}, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000200)={<r3=>0x41424344}, 0x1, 0x0)
syz_emit_ethernet(0x5a, &(0x7f00000005c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x4c, 0xfffe, 0x0, 0xfd, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, r3, 0x0, 0x6, 0xe, 0x4, 0x2, 0x0, 0x932, {[@timestamp={0x8, 0xa, 0x200, 0xb}, @exp_smc={0xfe, 0x6}, @sack={0x5, 0x12, [0x5, 0x7f, 0x7723, 0x1]}]}}}}}}}, 0x0)
syz_emit_ethernet(0x1291, &(0x7f0000000940)={@local, @empty, @void, {@ipv6={0x86dd, @dccp_packet={0x2, 0x6, "1c0adf", 0x125b, 0x21, 0x1, @ipv4={'\x00', '\xff\xff', @remote}, @local, {[@dstopts={0x62, 0x1a, '\x00', [@hao={0xc9, 0x10, @empty}, @hao={0xc9, 0x10, @loopback}, @hao={0xc9, 0x10, @private0}, @generic={0x0, 0x9b, "3e37976828218c4d55e8171b9c32b3c326efadb96fa840efd8b79271f5ca730e9d66c92dca45f8f1719d018cbdc78107311ec8926f8376f1da7f17a14e78b3dbcee40806baeaaaee5f51e2bbe2a1f23c03e0afb3ce5dc2cf33e512da95326ed1ae06292089bd64f80b4a9e09f88907cf4f2e5e2f224c231995eac6b39fa48713176c7eea5f6e911619d7d29ac3a80790f70bd40f15bbd619c48cf8"}, @enc_lim={0x4, 0x1, 0x1}]}, @routing={0x0, 0x6, 0x2, 0x0, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, @mcast1]}, @srh={0x1, 0x2, 0x4, 0x1, 0x8, 0x10, 0x9, [@dev={0xfe, 0x80, '\x00', 0xa}]}, @dstopts={0x21, 0x18, '\x00', [@enc_lim={0x4, 0x1, 0x43}, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}, @padn, @jumbo={0xc2, 0x4, 0x8001}, @jumbo={0xc2, 0x4, 0x3ff}, @generic={0x2, 0x9b, "9903b006ca6d1b5e0c94f29123acaba3e9408e50524dc3fbe64d5c9d1bb7efe6262435aea45043bfc5a012197d5ecb6f4c5d668e9b3fdbbe419e233c76fd006a62766609831ac1e6747169964712cfb0647cfe4433b5aa598020393e93601f47851e7d22620fd7766d3734c7217e48ef75cc28bb0ec0ef9f4042e08bf23154da2d6e380090b42c3d8de4e0296bd5baa26357d05d9a13cbdb8647c1"}]}, @hopopts={0x89, 0x200, '\x00', [@pad1, @generic={0x7, 0xffe, "451cb00c76dc8677fd55cedd81d37db28daf431b790c750040c3c9f9c6cd241ee16f35cb122dab938ca2629b819908eebf3d54b1cbf686c11553d14443fe8b7218304ed2fdb33525925c0add0c39c07725fb66b19c5ef9035ac0e83d5f9739bd231c1b11f73cca9524dde36af74a62d49bd13586e88ead3c20d1f75952e52a384764ecbcb5e85fa1d53774cb1fc02b4c77318562983327c0c593164aead8f6e485511af583402576e6b5f51493e97fb4b87bc09a860630bc403cd3a6122405d5659eac132ef5247cc6509cdcdcbcada00164b61b4d2abfd3072113282b6e64ef030e7a9c298795585363a92e0f89f2a579e1131e9b4f1aeac7503c8d56a4d4d9af886882b11d896b59e3fff335cba66619399e2986ddd1bae7f88248900b72bb9f33f89be962ec6c66f139d9f732632583f8c26853d72ce8e1db6a557b808bf86d4ce01ff8332a6fe6035b479a18f1c4674206391d71cfdb3fa1801b8b8ce15ce0ab420554ee9894accbc95169722e0ae9f7a441ed3b990fc89e135859501ed975adf8a4fa9237822305a664ceab2788ec55ba9761e26fe89d9d89d771d2592efc7efcf27ef63fbbb357b6c2f68ec13672d6a367b97e2672d383d0ad037a10a3ea662011dd46ccd0ce5aba32728170623bf43aeceeed36c39f02c799dd471f23070ae8d1dc349e303d9d6926f8dbd3e1ee484230478307b59292f70a4e570f11229b4422f512bd511e8f72bad64619a0016b962871505dcc4be4d5314810f8159e1ac95356c46ab59a11635803326eca8bfccd0c67c5e8342dfa6df4e0e60f972874cddc1ee3cf4aedc29ab4bf4c5afcff8d29fb9d1b6a435f12ab4f68df4d37e1184e7d15a4e8cc300e7f01ef083f6f0c24c7bb11caeed95875c5901f8d910f7a1ec3b66e98cf26b22a3994f1623ede17c95ec39a81544cd5f549ea63591e3fb93b28b74a97080144a87b951031497f2a632f995077fa9a7c9c94155a2f4ce5538de89aa483144b4fb6edc7f7664eab751fed099f8a82eca2c6b40c189cbab7c728b0efd44e8e0cfb14cde759089397558c6d800403f464c453e854feeebf5832093ec5706cfaed6a87a68af3ce0bc78ce335cb2826cefe8ef23584dfdc1b7f3fae7ec51e96cc231ce7c1b1edf6b1f97a5535177d159772d7ae398fc7682272d80699f793fc1d3c97d7297d7dd38c89783b93692c39cd979b2a50f15993260a846810da182786c3275f06e11a0f4667707f42d45ae75ed0c5b3560f0d62c3dea204c0b01efe3654cb914fbcc282b214083c87178e9b81b1021c7fb5157d5aac2bf7e956f6c5f03b4f313de403551d8681bf744529197348a2c5c40622f28e2a2a6c688387e90ca66645edfe87883a36dcf8cfd5d63e93dce9620f4718153fc4586dc4e79cd70da6f2492a82b83f25a70d81bf12d244362baa84ec3fb9b2368f15517feb7744bfa7bb7a15dee2c025312fd570f74497decd713b34aa050372f52eadf41311f4f79d584824a8054f3e5773799a6db254596c26e3819ef80c19b8046226124b1c46d40f40d4326a9a4911ba1b37e07a9ab2afce8ee178d48de5ae24bd5d887bea8aec260de42638733427751b90812b76f3d2a8fc904ef11224e4813ad39999c59cf8e1290b5a427b2c4fdb701027750632644f38852fa3d219da89d618a6fa5ee66e739dd13e026f795a3a54f386726009504dfb81a5c4518cfe9ed03c8ae912e6a35621c6b30f61619a4ef228794d76c3651c2bd50c8b1998b455a0ae3d6ea564450623f701a957f3578eb7305e69f023e39c3b348ddbd67edee335390aaadb457bd4251afd71033260f244ebd06371de3b44508f6f0e2fa578bf1770157b58e32e845f032b1054afe7151cb6949e94e199630d543c45c007057f24696fbc41615581f4cadaa68ca36f4472e32a163f800a28f895d32029f27c1af8e0a84d74881d377419d546e05471915a8986af4ae818de5c91c40253f273d6f3e0af17f8990fb969ae7e45a30c9e3ab75151af303774a61bb8d3c265ee05567467a3249342ca3b78b503032f5b92161c3f44dfc7f58198c38e2ad22879fdc24a2f0caef92430af53dc9bb40ab8fc7ee1a4977247e2ac57ad31d316d340049f0ea3467884cb8ef66be8988f3e2da0f0dcb73dd9ef56666286d90c7e04031f4f770e2723592c7315d91f38e2f95c009e587b62241d23e840982c3cef002d5dcd5ac872b970184581314e17f8486582718eec46530e35cd9194a61b4150190855d904526bac3bd3e38d8f0c7b6a6715873f363cb3f26d0bd96d33848ddd1cb8c1c45e5b6fd6e73c853dd77893465b22528bf025402b42fa596c1e1fd9b8d5831f866e9a7aa6e741610304971441ab66ed706192037164bff33a08a78a5e5b100160c99c6df60547b57b4d236d0c76a8208d55e23ed74311581cf18a90e8de805073a5ba2f6ab41b8f7deac69e0650ee1953cb5a82a1cbcc2c40a2ceaed9ef3937527a3d5d0e3fc4d66307744f42221b75af36194daae81ac67c9b8c6aa819b7770883b19bbf5eca0333c5db7bf75e3d7342fe80882ca97a6e967fe3896ef8fbd0dbe364750ac17909074b3c9e519a7b4ff5d416e97cd53470573eda3090fcba2320cc5becb7543cf089954f7235a7a7bf86386d438f8fd70f171b6ae2fa494a4ac049e017f86e4130f36ba587bf3e0ffdac94c2cd4e112b8c14ade6a739bf1a39c2a06b7d235ac7595c972f7389a0eb9fd51a0c2f5c404a4eb53f49571b472b8a57df1dd465c6e6b3be15af332ecea083e58be0dcee002d404a4e6e4c608891a10136a257c7f47a8572f2376ae55a70dad9f95405178392782042ed1a917a26e2f902e3521cb18436dbbfe771ba7729f188a4296e9483e6df8f36cad93d487890dd535aac907423937c809fbbc53b2fd3b64d63799141f78d925d9803f5f52187a24fac79ad5d59cd4b3134ee416b77dc757255ac57b718273bda610fde563a89f23c4c9ab40acca058efcd195e31ed97da5da54b421eb6c2c99513537654f61ecdad5cc76f02a4b12e4ffe643ffae8a2c6236dfd3be0aed95d2f5aa5b51c0b6ac51f4d32e593935ddb2ca52e0cbc30a92609f37ab2f1eb5b0078d9808c91f5c5a32785b86a2f23d8dec2bbb4be30ce6ac194921041709f53e742a28c50e78f64e141fab6c42a866b17c2e2b5a882da1c912676ce9ac24ee6a491ccf0406879f6497474fbec59e4967cb8562ec6f76897438c0654b7dca4bf3f834946cdcb7989ba25121f74dc38612db2a3d750e66806e5bf9232f0a1cd40840611879a468ba379717ccd2eacd0757859fb9f53e30e7453fdd14d44798a9a701ae00ddd7ba2c957b3cf64ec1c8d7b2faf2aa431facbeac00c89f783ced1493be45a763215a8f61a8cf965aa0c22e988a5110bb2b3c8391d4e368971e9713b3012d86c5c3acac3852b9878bfb4eab62599cdac40306c003edb08ca071a03ea9cb65d362bc6df507581f5abceeee274f04feb0e2834517bfe106b1448423e3bf349a5b5fe097b8fb4a1ac8b7e82a193be8dc962ca5fe43bf8a30e48c8f0b79b18fe6a1b74c3bb9dbdfda49a28611bab7ed40555902b074e1156a3d03c36a89ad5c60f7176f182bf7660606b1b9d9062d4eeb678146e4e5e149a020020a11c82af9bff035fe287693d87175a276a263f33bb70f6e20b20659dcd769450c024f1b865748c197ac60877364feefec9b06559588b9a85076c2b6e812164e7d2fc1cb1f98968ecaa8aa83d1bb8196ca7624dc9daa01fb262e95f437d058aa7a29ab44720a80701d33b6a88c9c7e3e6cab7bc6d64011ad8d3163f35dad7f030d7dc269086a8ac027aba5e3c8b75bcd5d4ba5cd969cfbb68195eb9ae1bcd38c985b1ac0a04a361631f531e295ad8da17edf36d8bf1ade4afe6ac41b2219fe76b2d5bfec319327e7ed5c9a95b46d6f4db5b4d93c7be2c76d8a56ce1a6b177578b14bc1b23575491e785f1ab76960f0e005f0e865d907bcea2455b43540970a1dbbbf078a5777a075fa4d2309f0e51c62ba70d34459250a7853aff1990b355b11c7551cbd0ffabb05f5b016ad911c962ed3557a1aa0e943a84821109947e8b06cba389efe8a39f5965fe90275180a095411f3429cf55d0da4e55b16f67d04da9ba39e7e654db623a653d0562d0c04b33377718120e43bffceb10488e685a170c5d706528d64d71df967b9d6df2053ec30cbd520bd6bb2bdaa6cd647a6bc683f98ba71df64034e001d0110f7846a7817745eb6f3a511c1056152b58706d5fe349c488282480645e0a1f7aaa316d4b9a5e9c56e3809890c573afebd608846311de0ede45e94924f5583db7f6e2639c5c46466d89ac6b0f667cc63800efbce1ab57513e9b02cf024679d71ed410e50094ef237d4eaf056ed9456643e0cbd4ae5619b6e2422633afaec56a41d8bc16344e7e123720d09fd6543cdc67aa13c07de2059996cf2c67b9800b2b0642886af5e9a6a35b065dde9f1bb4c7b45da5c25380c1375ea2e3c5ce5830bcd6bfeef77e2a7414e1791ba2c5d1454586a2a33047549cf45b69d07882d0d977b118c0c5b74916d60ed6be8162e7f6e603a70bee1469269609da04045f2317843075a29524dfefa0edf5e7d1e1549264b97052f64b312819dfa0b65afa23112a5096e13a3443c9147c459588817e37dd35b9e00c443bca36787c7407413dc7ee6a4a1394fa20e7b2c93a1f5318e05d719b71a4fe30d426cbf71994b10f71c99b19572a4a94bcc24445ac26f47de7f5608360873184e7001c7f7c11c938ed581b30ec3b12aaa2327404750ae45f26866bd7237e6d8e8bda92ce534427f3683bc1ce1221a9cf8be265a81c2cbde388225087499691db97c56294d3abd558a67b589ae4fdb4131aac684592e7761675de6bbbf04fa14c2f46ea65ac4a1a4e7631a147f17cb4f9aa42d14bfd13de0dbd545c88baad3e51be14ba5ffebe6220bc4df5772bf88c8faaaa45ca32a959d539716c359fdd72e3cd9a2987d349c2341bbad06a1b4113427f68a032f2affa1af60e2272dffe3c5241a03a79a51ce2f96015b27ba3ace54b0848888983522f321ce39552e4b5d917f3ab8ecfc07b53331ab06e8014b74c7fa819123a316bb0c16586f5f48ac4892ddd814a6c692d8b528707700bb5cdd2cce3835700ff14a28eab9d43f138719e2388b111baeebf2fd9b8633e61b9871acad4d1481c7bbf538e702e73c2becf035527dd2100aaec2f045d5f4024972e9626cabb42b044d91aae9e0dbe3865b9ab0b2dd18fab6bc69724dbe02043770684f0cb427e0a364c206f8a52984b5bb1f996fe43d8a17865cd5e18e95b9e1025a227f86270c0bddc5e7dd58302521ced4c0d51e108e7aef777b206f6482b23975c9c58e17ba2a3760e94796140720d4b8867de74c40a026b31caf46dbf3a32a4b6856817af1038267fcaf047185a8792c04f719e51638d88b2524aa0140af57ad9b906939883b6925ca7c67f6adfd30a037ea8c1f8b2f18c65d3d38fd68bd6c4f9ccf7f1fe9002f1af0a8a653d29ebc2110e9719fbd3740756df5699078d05cc6bbf0a3a7b4cda42d70f372afeaf05b7b7eff19fc962b02ccfc4580b47cbec0863bf176b22cd279f6917f9bde3a0abc9b37d27e73abec20e110807b93dab7478634e3da1d504b54f25bdaa47b743c1e5940fca5e10d24e5d3f88aa4c21ab6d0481847964ecf5cd364855816870a434a2003aed5af7446b923505f82e1de74fd10166b9ba269bcf240eed9171b1387bc5e38ce3424728ecbdc484c51aa9"}]}, @fragment={0x3b, 0x0, 0x10, 0x0, 0x0, 0x3, 0x68}], {{0x4e20, 0x4e21, 0x4, 0x1, 0xe, 0x0, 0x0, 0xa, 0x1, "a43a72", 0x6, "5e6a98"}, "c72e76f2bfa5ab126751365f0803d9fbcd60ed354a4d00d18f7635414162d88bfab2f1f11e6ac9996d7e9697017ee73ad3649cbca54bab761c139b"}}}}}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000440)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0xd}, @broadcast, @val={@val, {0x8100, 0x5, 0x1, 0x3}}, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x2, 0x2f, 0x3c, 0x63, 0x0, 0x49, 0x6, 0x0, @empty, @broadcast}, @name_distributor={{0x28, 0x0, 0x0, 0x0, 0x0, 0xa, 0xb, 0x2, 0x6, 0x0, 0x1, 0x0, 0x1, 0x0, 0x4e22, 0x4e22, 0x4, 0x2}}}}}}, 0x0)
r5 = syz_usb_connect$hid(0x7, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0xff, 0x5543, 0x522, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x800, 0x0, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x0, 0x0, 0x3}}}}}]}}]}}, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x1)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0xb, {[@local=@item_4={0x3, 0x2, 0x4, "9bad196b"}, @global=@item_012={0x2, 0x1, 0x3, "b686"}, @global=@item_012={0x2, 0x1, 0x4, "f885"}]}}, 0x0}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

4m8.825241739s ago: executing program 5 (id=2347):
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x200, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r4, &(0x7f0000000740)={0xfffffffffffffdb0, 0x7d, 0x1, {{0x500, 0xf1, 0x0, 0x400, {0x0, 0x0, 0x4}, 0x0, 0x0, 0x2, 0x0, 0x1f, '\x04nodev{cvfox%\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x05\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00!\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00\xca_\xfeR+\x125\xa9\xc7\xefo6\xebd\x19\xec\xdf\xbaH\xb8\x90\xf9>\n\xec\x89\x18EM\xf8Y'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x232)
socket$kcm(0x21, 0x2, 0x2)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r6, 0x890b, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f00000022c0), 0xffffffffffffffff)
bind$bt_hci(r5, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="02000000040000000700"], 0x48)

4m7.438355929s ago: executing program 5 (id=2350):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mkdir(&(0x7f0000000080)='./file1\x00', 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_REMOVE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x14, r2, 0x1, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20004004}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'vxcan0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=@getqdisc={0x38, 0x26, 0x400, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0x4, 0x3}, {0x5, 0xfff3}, {0xe, 0xe}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000004}, 0x4008000)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@can_newroute={0x3c, 0x18, 0x1, 0x0, 0x1, {}, [@CGW_MOD_XOR={0x15, 0x3, {{{}, 0x0, 0x1, 0x0, 0x0, "8ca5be073cff296e"}, 0x2}}, @CGW_CS_XOR={0x8, 0x5, {0x8, 0xffffffffffffffff, 0x3, 0x9}}, @CGW_CS_XOR={0x8, 0x5, {0x10, 0xfffffffffffffffd, 0x8, 0x2}}]}, 0x3c}}, 0x20008030)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000440)='./file0\x00', 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000780), r7)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r7, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000340)={0x28, r8, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}]}, 0x28}}, 0x40800)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r9 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
r10 = open(&(0x7f0000000240)='./file1\x00', 0x440, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r9, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29, r10}, './file0\x00'})
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, 0x0)

4m6.91564985s ago: executing program 5 (id=2352):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000240)={'bridge0\x00', &(0x7f0000000100)=@ethtool_rxnfc={0x2f, 0x3, 0xff, {0x21, @udp_ip6_spec={@loopback, @mcast1, 0x4e22, 0x4e22, 0xd}, {0x0, @multicast, 0x56bd, 0xf8d, [0x0, 0x4]}, @tcp_ip4_spec={@loopback, @multicast1, 0x4a23, 0x4e24, 0x3}, {0x0, @random="da28b1430885", 0x3, 0x3524, [0x3, 0xfff]}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10)
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsopen(&(0x7f00000000c0)='hugetlbfs\x00', 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x54}}, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

4m5.527854773s ago: executing program 0 (id=2355):
syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011005a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f01"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000300), 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32, @ANYBLOB="019800000000000020001280080001006772650014000280080001", @ANYRES32], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x4c094)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x10)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r4, &(0x7f000004b680)=""/102356, 0x18fd4, 0x8)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0xa, 0x2)

4m3.749221466s ago: executing program 0 (id=2359):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, &(0x7f0000000340)={0x1e0003, 0x0, [0x800, 0xff, 0xfffffffffffffff7, 0x3e00000000000000, 0x10004, 0x46a9, 0x9, 0x8]})
socket$nl_xfrm(0x10, 0x3, 0x6)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000180)='./file0/file0\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=@GFS2_LARGE_FH_SIZE={0x20, 0x8, {{0x9, 0x0, 0xfffffff9, 0x9}, {0x7fff, 0x7, 0x3, 0xd06a}}}, 0x0, 0x600)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1e, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x6d}}, {{0x6, 0x0, 0xb, 0x9, 0x0, 0x4, 0x12}, {0x65, 0x0, 0x6, 0x9}}, [@printk={@ld, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x2, 0xa, 0x9}, {0x4, 0x0, 0x3, 0x9}, {}, {}, {0x15}}], {{0x5, 0x1, 0x3, 0x3, 0x9, 0x0, 0x12}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={{0x14, 0x10, 0x1, 0xf5ff}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x24, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x3318eff1}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x20050800)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$NBD_SET_TIMEOUT(0xffffffffffffffff, 0xab09, 0x3)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa07, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1, 0x2})
syz_clone(0xa808000, 0x0, 0x0, 0x0, 0x0, 0x0)

4m1.250207996s ago: executing program 0 (id=2364):
r0 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r1 = fcntl$dupfd(r0, 0x0, r0)
fsync(r1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000080)=[@in6={0xa, 0x4e23, 0xfffffffe, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xb}, @in={0x2, 0x4e22, @private=0xa010101}, @in6={0xa, 0x4e21, 0x1, @mcast2, 0x1}, @in6={0xa, 0x4e23, 0x9, @mcast2, 0x1}, @in6={0xa, 0x4e23, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @in={0x2, 0x4e20, @empty}], 0x90) (async)
futex(&(0x7f000000cffc)=0x4, 0x4, 0x0, 0x0, 0x0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) (async)
sched_rr_get_interval(0x0, &(0x7f0000000040))

4m1.051696582s ago: executing program 0 (id=2366):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='htcp\x00', 0x5)
sendmmsg$inet(r0, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000180)="3b52e010cfa8277d5e51027ea522343d090a9a3f0fc54bd6556e1e41a44890d0c945a313b328707c939f4eb2912ad1c9bb976cf26da04c27e4bd3ec7d559f4437d9b0e4f1b87070ddbba58d7ce9535dd1f430714c66b72e80376cbd91c0b27800176b96289429ea7c56e280e83abbda4921f076fdf59223bfc", 0x79}], 0x1}}, {{0x0, 0x0, &(0x7f0000004080)=[{&(0x7f0000000f00)="52348bf9812fc081678b5760a4c4967393fd8939aaf12a894c5424df616c4eea14fbac2dad114a75c405d89fafa5715b56abba4bbceca456d8225e3f6eb57a03287e74c7bd74e40e3fda3150f92d181e7c82cb2f8ea0416fc4c0f111161cdb9a52911925644e25f871d02f403c83214f830f93b30b874e75cab53f1ed7871f21c0d654a47fab0637868517d7e8d9915e99b4dc2dcafdcb2ef2a012ec95418a544c32181fb969e01318e00a12fd1b2a0eb57bcf7de086e320f2d4be4e1453010be849e4d7dba41558329699aacd3d1c7d97b9bf74caf8b7946647309d209558b1965ef7ea4576ec0e289b73c2089310271d0a67d88a312f4cb0194c4f28ec3c2fe269311d0cec1fe0efef17d376d183b08e392b6cb58e930e1f959dd4528ec95350fc86e5297e6d59af036b132df17833881238ba8692842a8da4d5b4a37c94915331143d9128a197495433c2f550b4455a9ae03b937305e192e861ca3a60f9b3a14288e3daeb6936593485388a4aaab39b3843ee2960d9c8728eafb904333e7b78a270480e8dd89bc4cf0b791013cff43bf314e11a44d5f9c4fdad8a2fcdb04f76de29a50a0428148f4bc3eff1e84d25ea95dabddfba6162860a3c3389ee366450b6bcf1409f920caf1be5702af0402e2cef4896d9544a26ebfab694d7a47eca55bd2f62e7d7eb1f6061f7e441df5ab31344f02179764822036ef706133ea1a6380e042f074b2b0ddcc578cb8a668a846b9d5792f8d434f8ec7b562594587c49e8e6b3450e545fc070644bd06a36106cdb63f9e8ad7ae50b5b44e47f377961f5e29392330fb40d63c911ffd13e094f0452cc5c77b0731b56211b2d8a7554f6077ae593626a54f56d6dea49058fd1d48db02a7b33d50474b58a7e14e6a4d935bfaf4865f00074d59ece4b2d5f5e768e952733ee2c34b3e4b0be230f792f8b16f872afbbd155fe5314d4f54ea7b747eb2cd2410db7464c73ecd4815cda0bcc839fb6", 0x2c1}], 0x1}}], 0x2, 0x4)

3m59.604503857s ago: executing program 33 (id=2366):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='htcp\x00', 0x5)
sendmmsg$inet(r0, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000180)="3b52e010cfa8277d5e51027ea522343d090a9a3f0fc54bd6556e1e41a44890d0c945a313b328707c939f4eb2912ad1c9bb976cf26da04c27e4bd3ec7d559f4437d9b0e4f1b87070ddbba58d7ce9535dd1f430714c66b72e80376cbd91c0b27800176b96289429ea7c56e280e83abbda4921f076fdf59223bfc", 0x79}], 0x1}}, {{0x0, 0x0, &(0x7f0000004080)=[{&(0x7f0000000f00)="52348bf9812fc081678b5760a4c4967393fd8939aaf12a894c5424df616c4eea14fbac2dad114a75c405d89fafa5715b56abba4bbceca456d8225e3f6eb57a03287e74c7bd74e40e3fda3150f92d181e7c82cb2f8ea0416fc4c0f111161cdb9a52911925644e25f871d02f403c83214f830f93b30b874e75cab53f1ed7871f21c0d654a47fab0637868517d7e8d9915e99b4dc2dcafdcb2ef2a012ec95418a544c32181fb969e01318e00a12fd1b2a0eb57bcf7de086e320f2d4be4e1453010be849e4d7dba41558329699aacd3d1c7d97b9bf74caf8b7946647309d209558b1965ef7ea4576ec0e289b73c2089310271d0a67d88a312f4cb0194c4f28ec3c2fe269311d0cec1fe0efef17d376d183b08e392b6cb58e930e1f959dd4528ec95350fc86e5297e6d59af036b132df17833881238ba8692842a8da4d5b4a37c94915331143d9128a197495433c2f550b4455a9ae03b937305e192e861ca3a60f9b3a14288e3daeb6936593485388a4aaab39b3843ee2960d9c8728eafb904333e7b78a270480e8dd89bc4cf0b791013cff43bf314e11a44d5f9c4fdad8a2fcdb04f76de29a50a0428148f4bc3eff1e84d25ea95dabddfba6162860a3c3389ee366450b6bcf1409f920caf1be5702af0402e2cef4896d9544a26ebfab694d7a47eca55bd2f62e7d7eb1f6061f7e441df5ab31344f02179764822036ef706133ea1a6380e042f074b2b0ddcc578cb8a668a846b9d5792f8d434f8ec7b562594587c49e8e6b3450e545fc070644bd06a36106cdb63f9e8ad7ae50b5b44e47f377961f5e29392330fb40d63c911ffd13e094f0452cc5c77b0731b56211b2d8a7554f6077ae593626a54f56d6dea49058fd1d48db02a7b33d50474b58a7e14e6a4d935bfaf4865f00074d59ece4b2d5f5e768e952733ee2c34b3e4b0be230f792f8b16f872afbbd155fe5314d4f54ea7b747eb2cd2410db7464c73ecd4815cda0bcc839fb6", 0x2c1}], 0x1}}], 0x2, 0x4)

3m51.511818138s ago: executing program 34 (id=2352):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000240)={'bridge0\x00', &(0x7f0000000100)=@ethtool_rxnfc={0x2f, 0x3, 0xff, {0x21, @udp_ip6_spec={@loopback, @mcast1, 0x4e22, 0x4e22, 0xd}, {0x0, @multicast, 0x56bd, 0xf8d, [0x0, 0x4]}, @tcp_ip4_spec={@loopback, @multicast1, 0x4a23, 0x4e24, 0x3}, {0x0, @random="da28b1430885", 0x3, 0x3524, [0x3, 0xfff]}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10)
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsopen(&(0x7f00000000c0)='hugetlbfs\x00', 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x54}}, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

32.27855013s ago: executing program 4 (id=2854):
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000700)={'bridge_slave_1\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32=r2, @ANYBLOB="20000100", @ANYRES32=r4, @ANYBLOB="00fe0f00e000030000000000000000000000000008"], 0x38}, 0x1, 0x0, 0x0, 0x880}, 0x0)

30.362042776s ago: executing program 4 (id=2856):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1e0000000000000001000000070000000000", @ANYRES32=0x1, @ANYBLOB="0200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000066e6000000800000000000000010000000000000020000001cb820cf250702317e47be0161b908d431ccb580e08477adf3e8ba47a79f9a486e93fd9cb29a253785fd61d9c722f8998825ac1897e3a8"], 0x50)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x1)
r1 = creat(0x0, 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x14, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700313c000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfbff}, 0x94)
write$qrtrtun(r1, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000200))
ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000000380)=0x200000000)
readv(r5, &(0x7f00000008c0)=[{&(0x7f00000003c0)=""/207, 0xcf}, {0x0}], 0x2)
r6 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000006140), 0x2, 0x0)
dup2(r5, r6)
r7 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r8 = fcntl$dupfd(r7, 0x0, r7)
ioctl$USBDEVFS_SUBMITURB(r8, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0x8, 0x5, 0x0, 0x48000000, 0x0, 0x0, 0x0})
ioctl$USBDEVFS_REAPURBNDELAY(r8, 0x4004550d, &(0x7f0000000500))
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=[0x2]}}, 0x40)
mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1f, 0x12, r0, 0x0)

29.076026699s ago: executing program 4 (id=2858):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet(0x2, 0xa, 0x20)
r0 = socket$inet6(0xa, 0x3, 0x75)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@dev={0xfe, 0x80, '\x00', 0x38}, 0x0, 0x1, 0x4, 0x0, 0x2, 0x0, 0x0, 0x2b}, {0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffff7}, {0x0, 0xfef2, 0xd, 0x40000000000}, 0x101, 0x1, 0x1, 0x0, 0x3, 0x1}, {{@in6=@empty, 0x4d4, 0x32}, 0x0, @in=@multicast1, 0xfffffffe, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x35ced141}}, 0xe8)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@remote, @in6=@mcast1, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20, 0x2f}, {0xfffffefffffffffd, 0xeca, 0x2d, 0x0, 0x0, 0x0, 0x400778e, 0xffff}, {0xfffffffffffffff7, 0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4d6, 0x3c}, 0x0, @in=@multicast1, 0x0, 0x4}}, 0xe8)
close(r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x48081)
shutdown(0xffffffffffffffff, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'macvlan1\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="44000000100003052bbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="1546040000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r3], 0x44}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000300)=ANY=[@ANYBLOB="280000001200010100000000e0ffffff07000000", @ANYRES32=0x0, @ANYBLOB="488400000040000008001d00c3000000fa0f57a54a30cdc31ed4efbccebe56193cce61caab83e21f804a175df90d07386fb3fafcea54e6aede045e0a94ace1a862639a5c6a79cdfe25853d999481e49f9373a864c7dca2d9189ee1f9dbaacbb9958ce8a3c1ec3b353d396a38b306e54c2c"], 0x28}, 0x1, 0x0, 0x0, 0x2000c840}, 0x80)
socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x28020480)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r6, &(0x7f0000000280), &(0x7f0000000000), 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001380)={r6, &(0x7f0000001300)="7f", &(0x7f0000001340)=""/3}, 0x20)

27.382703628s ago: executing program 4 (id=2863):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async, rerun: 32)
pipe2(&(0x7f0000001cc0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x800) (rerun: 32)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000cab000)=0xc) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x13}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r4, 0x0, 0x12, 0x0, &(0x7f0000000080)="c1dfb080cd21d308098e000081007e229900", 0x0, 0x8006, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[], [{@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@smackfsroot}, {@mask={'mask', 0x3d, 'MAY_WRITE'}}, {@mask={'mask', 0x3d, 'MAY_WRITE'}}]}}) (async, rerun: 64)
connect$802154_dgram(r2, &(0x7f0000000080)={0x24, @none={0x0, 0xffff}}, 0x14) (async, rerun: 64)
sendmmsg$inet(r0, &(0x7f00000029c0)=[{{&(0x7f0000000040)={0x2, 0x0, @empty}, 0x10, 0x0}}, {{&(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10, 0x0}}], 0x2, 0x4)

26.14273561s ago: executing program 4 (id=2866):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
socket(0x1e, 0x2, 0x0)
socket$kcm(0x2, 0x5, 0x84)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r2, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000880}, 0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
syz_usb_connect(0x6, 0x3b, &(0x7f0000000100)=ANY=[], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000400)=@newqdisc={0x34, 0x24, 0x3fe3aa0262d8c583, 0x2, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x28, 0xa}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}]}, 0x34}}, 0x2000400c)

19.243454449s ago: executing program 4 (id=2876):
r0 = socket$inet6(0xa, 0x5, 0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xd)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f00000000c0)={0x1000, 0x0, {}, {0xffffffffffffffff}, 0x4})
syz_open_procfs(0x0, 0x0)
mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x200000000004, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000080)={0x7, 0x0, 0xfffffffe, 0x3fffe, 0xfffffffd, 0xfefffffc})
setpriority(0x2, 0x0, 0x3b)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r2}, &(0x7f0000000240), &(0x7f0000000280)='%pS    \x00'}, 0x20)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e24, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8}], 0x1c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @private0}], 0x2c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000000)=[@in={0x2, 0x0, @loopback}, @in={0x2, 0x4e22, @remote}], 0x20)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000480), 0x8, 0x0)
r4 = syz_io_uring_setup(0x3, &(0x7f0000000580)={0x0, 0x226f, 0x13500, 0x0, 0xeffffffd}, &(0x7f0000000240), &(0x7f0000000300))
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180900000020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r5}, 0x18)
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r4, 0x21, &(0x7f0000000440)=r3, 0x1)

17.172108163s ago: executing program 2 (id=2880):
bind$alg(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f00000001c0)='X', 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0xfe, 0x2, 0x0, 0x8, 0x5, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3}, 0xe)
shutdown(r1, 0x1)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4)
recvmmsg(r1, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f00000003c0)=0x8000001, 0x4)
syz_open_dev$evdev(0x0, 0x0, 0x60000)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x690c42, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x82, 0x100)
io_setup(0x7, &(0x7f00000009c0)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000180)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0xf, r3, &(0x7f00000001c0)="464294ad", 0x4, 0x9, 0x0, 0x0, r3}])
socket(0x400000000010, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x15, 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x28}, 0x94)
r5 = socket$unix(0x1, 0x5, 0x0)
r6 = socket(0x10, 0x80003, 0x4000000)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@getchain={0x44, 0x66, 0x400, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x9}, {0x3, 0x3}, {0x1, 0x3}}, [{0x8, 0xb, 0x3}, {0x8, 0xb, 0x4}, {0x8, 0xb, 0x57}, {0x8, 0xb, 0x9}]}, 0x44}, 0x1, 0x0, 0x0, 0x4008800}, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'tunl0\x00'})

13.784016943s ago: executing program 2 (id=2884):
semctl$IPC_STAT(0x0, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
r3 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x149a82, 0x0)
write$cgroup_int(r3, &(0x7f0000000040)=0x1c9, 0x12)
ioctl$SNDCTL_SEQ_SYNC(r3, 0x5101)
r4 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000340)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000300)='/#\x00'], 0x4000000})
preadv(0xffffffffffffffff, 0x0, 0x0, 0x2b, 0x0)
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getrandom(&(0x7f0000000040)=""/133, 0xfffffffffffffdde, 0x2)

9.931165061s ago: executing program 7 (id=2892):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x40, 0x7ffc1ffb}]})
write$UHID_DESTROY(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f0000000380)={0x0}, 0x1)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x3})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
mkdir(0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r3 = socket(0x10, 0x3, 0x0)
capset(&(0x7f0000000000)={0x20080522}, 0x0)
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r4, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffffffffffe, 0x6, 0x5, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000180)="53881807001a", 0x0, 0x0, 0x12, 0x0, 0x0})
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r5=>0x0}, &(0x7f0000cab000)=0xc)
setregid(0xffffffffffffffff, r5)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
read$FUSE(r2, &(0x7f0000000480)={0x2020}, 0x2020)
timer_create(0xfffffffc, 0x0, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x88f, 0x0, 0x0, 0x0, 0x1f}, [@call={0x85, 0x0, 0x0, 0x29}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xb, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)

8.511735853s ago: executing program 7 (id=2895):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10)
socket(0x10, 0x803, 0x0)
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsopen(&(0x7f00000000c0)='hugetlbfs\x00', 0x0)
syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x40000)
r2 = socket$netlink(0x10, 0x3, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x54}}, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

7.240768096s ago: executing program 7 (id=2897):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000200)={0x1000001, "56600e1e324551c423170000000099faec52328074c1000000000000ebff0100", <r3=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27"})
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, 0x0)
poll(&(0x7f0000000300)=[{r1, 0xa}, {r1}, {r3, 0x166}, {r1, 0x4000}, {r0, 0x12}], 0x5, 0xf)
ioctl$SW_SYNC_IOC_INC(r2, 0x40045701, &(0x7f00000001c0)=0x80003)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x60, 0x0)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000280)=@generic={&(0x7f0000000200)='./file0\x00'}, 0x18)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c0800014000000002080001"], 0x122}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="48000000020601000600000600000000000000000e0003006269746d61703a6970000000050004"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfff1, 0x3}, {0x6}, {0x4, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x20040080}, 0x40004)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x834)

6.423961148s ago: executing program 6 (id=2898):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="000000000004006f1a665490d6d36aa14a00000000000000000000000000b43b4e876fe1b01224dc218673b3affbec73ef5ef990e5d69da80a5c0176f2f9f6445e09000058dab16bcdc529fa92883b707498a71f2a322b5caf7a640eaa354ab0f30a6e24e64db0242be81a8ea09dbe87fb9c124b234e0f74f82888a5efb4ffd864c029ad13c9763243a9f4400f05a7f93893e5a6331f84342778d9009e7dc979d85e5ada1fe75a11d6ede87d6b1620b7fc680737a1b9666f1aacc8adda5e688478bb1f53815bacc4db4198d6a3bbdad7b51c44fafcff8c484f83cf1931764e59ff1fe71374946c824a714f87bffc8be24a98b98dd57dfb50ef8ba013d1c71b8c3cca5802b602d7d1", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x1c, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000001509010000000000b500f8ffffff000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000a36c00850000001700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'})

6.378211284s ago: executing program 1 (id=2899):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000002080)=ANY=[@ANYBLOB="1900000004000000040000000200", @ANYRES32, @ANYBLOB="01000000000000000000000000000000000000006dd198b80b4ceced"], 0x50)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)}, 0x0)

6.325212245s ago: executing program 7 (id=2900):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000480)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x2000, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='batadv0\x00', 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000001580)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000015c0)=@allocspi={0x100, 0x16, 0x1, 0x70bd27, 0x4000000, {{{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4e20, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, {@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x33}, @in6=@remote, {0x40000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x7ff}}, 0x0, 0x8000169d}, [@XFRMA_SET_MARK_MASK={0x8, 0x1e, 0xe51}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
write(r0, &(0x7f0000000140)="076500000000000000b02872dccae05f3eb6385ef1e710d7", 0x18)

6.139722989s ago: executing program 6 (id=2901):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280), 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv4={0x800, @tcp={{0xb, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0xb, 0x48, [@private=0xa010102, @broadcast]}, @timestamp={0x44, 0x4, 0x5}, @cipso={0x86, 0x6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af13, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r2}, 0x10)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000540)={0x2, @vbi={0x1, 0x3, 0x2, 0x20303159, [0x8, 0x6], [0x3, 0xfffffffc], 0x2}})
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626", 0xa)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb34902, 0x1000006, 0x28011, r6, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0x8)
r7 = accept4(r4, 0x0, 0x0, 0x0)
read$alg(r7, &(0x7f0000000000)=""/35, 0x23)
r8 = fcntl$dupfd(r3, 0x0, r3)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r8, 0xc08c5335, &(0x7f0000000180)={0x0, 0x80, 0xfffffffd})
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)

5.123532028s ago: executing program 1 (id=2902):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000540)=0x3, 0x4)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r2 = open_tree(r1, &(0x7f0000000080)='\x00', 0x1001)
unshare(0x24060400)
move_mount(r1, 0x0, r2, 0x0, 0x46)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)

4.99487688s ago: executing program 7 (id=2903):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
clock_settime(0xe, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="1800"/12, @ANYBLOB="05"], 0x20)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x101201, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x4020aeb2, &(0x7f0000000080)={0x0, 0x2000000, @ioapic={0xeeef0000, 0x1, 0x8000, 0x0, 0x0, [{0x6, 0x7, 0xa, '\x00', 0xab}, {0x2, 0x0, 0x2, '\x00', 0x5b}, {0x60, 0x4, 0x8, '\x00', 0x3}, {0x5, 0xe, 0x7, '\x00', 0xf1}, {0xc, 0xc, 0x9, '\x00', 0x43}, {0x4, 0x78, 0xc5, '\x00', 0x9}, {0x94, 0x5, 0x9, '\x00', 0xfe}, {0xf, 0x0, 0x6, '\x00', 0xfc}, {0x1, 0x4, 0x8, '\x00', 0x33}, {0x81, 0xf, 0x57, '\x00', 0x9}, {0x5, 0x4, 0x1, '\x00', 0x6}, {0x81, 0x6, 0x6, '\x00', 0x48}, {0x3, 0x1, 0x8, '\x00', 0xff}, {0x6, 0x3, 0x2, '\x00', 0x2}, {0x6, 0x5, 0x3, '\x00', 0x50}, {0xd, 0x2, 0xd}, {0x8, 0x81, 0x81, '\x00', 0xb}, {0x3, 0x89, 0x1, '\x00', 0xf}, {0x78, 0x7, 0x2, '\x00', 0x5}, {0x3, 0x7, 0xc1, '\x00', 0x7}, {0x5, 0x26, 0x5, '\x00', 0x9}, {0x7, 0x9, 0xe4, '\x00', 0x6}, {0xc1, 0xd, 0x3, '\x00', 0x10}, {0xfd, 0x3, 0x80, '\x00', 0x6}]}})
r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000640)={0x6, 0x2, 0x3, {0x3, @pix_mp={0x2, 0x8, 0x38414261, 0x7, 0x3, [{0x5, 0x800000d8}, {0x4, 0x5}, {0x2, 0x4}, {0x1abb, 0x3}, {0x900c, 0xffff}, {0xee4, 0x2}, {0xb7, 0x5}, {0x75000000, 0x8000}], 0x3, 0x6, 0x1, 0x1, 0x7}}, 0x9})
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02000000040000000400000009"], 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d00000003000000040000000108000001000000", @ANYRES8=r0], 0x50)
socket$kcm(0x29, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xdaca7de7ff4502d4, 0xa2071, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ffc000/0x4000)=nil)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00'/19, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x8, 0xf, &(0x7f0000000480)=ANY=[@ANYRES8=r4, @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b70300000000000085bf0900000000000002720100000000009500000000000004bf91000000000000b7020048d60000008500000085000000b7000000000000009500000000000000000000000000008d5ba5b8119b532b869865c9bf4251f2e998006d409ee4292b09af"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0xfca804a0, 0x4, 0x8, &(0x7f00000002c0)="b8000005", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r4}, &(0x7f0000000840), &(0x7f0000000880)=r6}, 0x20)
getpid()
mkdir(&(0x7f00000000c0)='./file1\x00', 0x154)
r7 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
mount(&(0x7f0000000500)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0)
ioctl$NBD_CLEAR_SOCK(r7, 0xab04)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r4, 0x0}, 0x20)
r8 = io_uring_setup(0x5e92, &(0x7f0000000200)={0x0, 0x7f7b, 0x400, 0x3, 0x3e1})
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r8, 0x18, &(0x7f0000000180)={0x4, 0xffffffffffffffff, 0xa, {0x0, 0x5}, 0xf5}, 0x1)
r9 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000040b118370000000000000109022400010000000009040000010300000030f8d20c9fdb707c819d87891e43327b0921fdff000122a000090581032000000000"], 0x0)
syz_usb_control_io(r9, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz1\x00', 0x1ff)

4.544056665s ago: executing program 6 (id=2904):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000000380)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2, 0x0, 0xd17, 0x0, 0x0, 0x1}}, 0x120)
readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000240)=""/80, 0x50}, {&(0x7f00000002c0)=""/179, 0xb3}], 0x2)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/139, 0x8b}], 0x1)
write$UHID_DESTROY(r0, &(0x7f0000000200), 0x4)

4.536496297s ago: executing program 2 (id=2905):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$FUSE_DEV_IOC_BACKING_CLOSE(r1, 0x4004e502, &(0x7f00000000c0)=0x400)
r2 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r2, 0xb7ce0000)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000000)=0x2, 0x4)
fadvise64(r0, 0x18, 0x0, 0x4)

4.529781324s ago: executing program 1 (id=2906):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r3)
sendmsg$NLBL_CIPSOV4_C_REMOVE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000cc0)={0x1c, r4, 0x201, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48010}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSBRKP(r6, 0x5425, 0x0)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TIOCGPGRP(r6, 0x5437, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

3.450393304s ago: executing program 6 (id=2907):
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
ioctl$SNAPSHOT_CREATE_IMAGE(r0, 0x40043311, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, 0x0)

3.310901519s ago: executing program 1 (id=2908):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1000000009e46, &(0x7f0000006680)=0x82)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f0000000400)=@ethtool_test={0x1a, 0xc, 0x1c, 0x4, [0x463, 0x3c3, 0x3ff, 0x4e8]}})
r4 = openat$kvm(0xffffff9c, &(0x7f0000002f80), 0x80000, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x1)
unlinkat(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000040)={0x2})

2.930671397s ago: executing program 6 (id=2909):
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000002c0)={0x1, 0x5}, 0x2)
write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0), 0x2)
read(r0, &(0x7f00000001c0)=""/93, 0x5d)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}}, &(0x7f00000001c0)='syzkaller\x00'}, 0x80)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={0x0, 0x9c}}, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000200)={<r3=>0x41424344}, 0x1, 0x0)
syz_emit_ethernet(0x5a, &(0x7f00000005c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x4c, 0xfffe, 0x0, 0xfd, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, r3, 0x0, 0x6, 0xe, 0x4, 0x2, 0x0, 0x932, {[@timestamp={0x8, 0xa, 0x200, 0xb}, @exp_smc={0xfe, 0x6}, @sack={0x5, 0x12, [0x5, 0x7f, 0x7723, 0x1]}]}}}}}}}, 0x0)
syz_emit_ethernet(0x1289, &(0x7f0000000940)={@local, @empty, @void, {@ipv6={0x86dd, @dccp_packet={0x2, 0x6, "1c0adf", 0x1253, 0x21, 0x1, @ipv4={'\x00', '\xff\xff', @remote}, @local, {[@dstopts={0x62, 0x1d, '\x00', [@hao={0xc9, 0x10, @empty}, @hao={0xc9, 0x10, @loopback}, @hao={0xc9, 0x10, @private0}, @generic={0x0, 0xb1, "3e37976828218c4d55e8171b9c32b3c326efadb96fa840efd8b79271f5ca730e9d66c92dca45f8f1719d018cbdc78107311ec8926f8376f1da7f17a14e78b3dbcee40806baeaaaee5f51e2bbe2a1f23c03e0afb3ce5dc2cf33e512da95326ed1ae06292089bd64f80b4a9e09f88907cf4f2e5e2f224c231995eac6b39fa48713176c7eea5f6e911619d7d29ac3a80790f70bd40f15bbd619c48cf8b6aad2f1dea44e2bf6ab3ceb8e1a3adc8dc1a4ef0799"}, @enc_lim={0x4, 0x1, 0x1}]}, @routing={0x0, 0x6, 0x2, 0x0, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, @mcast1]}, @srh={0x1, 0x2, 0x4, 0x1, 0x8, 0x10, 0x9, [@dev={0xfe, 0x80, '\x00', 0xa}]}, @dstopts={0x21, 0x18, '\x00', [@enc_lim={0x4, 0x1, 0x43}, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}, @padn, @jumbo={0xc2, 0x4, 0x8001}, @jumbo={0xc2, 0x4, 0x3ff}, @generic={0x2, 0x9b, "9903b006ca6d1b5e0c94f29123acaba3e9408e50524dc3fbe64d5c9d1bb7efe6262435aea45043bfc5a012197d5ecb6f4c5d668e9b3fdbbe419e233c76fd006a62766609831ac1e6747169964712cfb0647cfe4433b5aa598020393e93601f47851e7d22620fd7766d3734c7217e48ef75cc28bb0ec0ef9f4042e08bf23154da2d6e380090b42c3d8de4e0296bd5baa26357d05d9a13cbdb8647c1"}]}, @hopopts={0x89, 0x200, '\x00', [@pad1, @generic={0x7, 0xffe, "451cb00c76dc8677fd55cedd81d37db28daf431b790c750040c3c9f9c6cd241ee16f35cb122dab938ca2629b819908eebf3d54b1cbf686c11553d14443fe8b7218304ed2fdb33525925c0add0c39c07725fb66b19c5ef9035ac0e83d5f9739bd231c1b11f73cca9524dde36af74a62d49bd13586e88ead3c20d1f75952e52a384764ecbcb5e85fa1d53774cb1fc02b4c77318562983327c0c593164aead8f6e485511af583402576e6b5f51493e97fb4b87bc09a860630bc403cd3a6122405d5659eac132ef5247cc6509cdcdcbcada00164b61b4d2abfd3072113282b6e64ef030e7a9c298795585363a92e0f89f2a579e1131e9b4f1aeac7503c8d56a4d4d9af886882b11d896b59e3fff335cba66619399e2986ddd1bae7f88248900b72bb9f33f89be962ec6c66f139d9f732632583f8c26853d72ce8e1db6a557b808bf86d4ce01ff8332a6fe6035b479a18f1c4674206391d71cfdb3fa1801b8b8ce15ce0ab420554ee9894accbc95169722e0ae9f7a441ed3b990fc89e135859501ed975adf8a4fa9237822305a664ceab2788ec55ba9761e26fe89d9d89d771d2592efc7efcf27ef63fbbb357b6c2f68ec13672d6a367b97e2672d383d0ad037a10a3ea662011dd46ccd0ce5aba32728170623bf43aeceeed36c39f02c799dd471f23070ae8d1dc349e303d9d6926f8dbd3e1ee484230478307b59292f70a4e570f11229b4422f512bd511e8f72bad64619a0016b962871505dcc4be4d5314810f8159e1ac95356c46ab59a11635803326eca8bfccd0c67c5e8342dfa6df4e0e60f972874cddc1ee3cf4aedc29ab4bf4c5afcff8d29fb9d1b6a435f12ab4f68df4d37e1184e7d15a4e8cc300e7f01ef083f6f0c24c7bb11caeed95875c5901f8d910f7a1ec3b66e98cf26b22a3994f1623ede17c95ec39a81544cd5f549ea63591e3fb93b28b74a97080144a87b951031497f2a632f995077fa9a7c9c94155a2f4ce5538de89aa483144b4fb6edc7f7664eab751fed099f8a82eca2c6b40c189cbab7c728b0efd44e8e0cfb14cde759089397558c6d800403f464c453e854feeebf5832093ec5706cfaed6a87a68af3ce0bc78ce335cb2826cefe8ef23584dfdc1b7f3fae7ec51e96cc231ce7c1b1edf6b1f97a5535177d159772d7ae398fc7682272d80699f793fc1d3c97d7297d7dd38c89783b93692c39cd979b2a50f15993260a846810da182786c3275f06e11a0f4667707f42d45ae75ed0c5b3560f0d62c3dea204c0b01efe3654cb914fbcc282b214083c87178e9b81b1021c7fb5157d5aac2bf7e956f6c5f03b4f313de403551d8681bf744529197348a2c5c40622f28e2a2a6c688387e90ca66645edfe87883a36dcf8cfd5d63e93dce9620f4718153fc4586dc4e79cd70da6f2492a82b83f25a70d81bf12d244362baa84ec3fb9b2368f15517feb7744bfa7bb7a15dee2c025312fd570f74497decd713b34aa050372f52eadf41311f4f79d584824a8054f3e5773799a6db254596c26e3819ef80c19b8046226124b1c46d40f40d4326a9a4911ba1b37e07a9ab2afce8ee178d48de5ae24bd5d887bea8aec260de42638733427751b90812b76f3d2a8fc904ef11224e4813ad39999c59cf8e1290b5a427b2c4fdb701027750632644f38852fa3d219da89d618a6fa5ee66e739dd13e026f795a3a54f386726009504dfb81a5c4518cfe9ed03c8ae912e6a35621c6b30f61619a4ef228794d76c3651c2bd50c8b1998b455a0ae3d6ea564450623f701a957f3578eb7305e69f023e39c3b348ddbd67edee335390aaadb457bd4251afd71033260f244ebd06371de3b44508f6f0e2fa578bf1770157b58e32e845f032b1054afe7151cb6949e94e199630d543c45c007057f24696fbc41615581f4cadaa68ca36f4472e32a163f800a28f895d32029f27c1af8e0a84d74881d377419d546e05471915a8986af4ae818de5c91c40253f273d6f3e0af17f8990fb969ae7e45a30c9e3ab75151af303774a61bb8d3c265ee05567467a3249342ca3b78b503032f5b92161c3f44dfc7f58198c38e2ad22879fdc24a2f0caef92430af53dc9bb40ab8fc7ee1a4977247e2ac57ad31d316d340049f0ea3467884cb8ef66be8988f3e2da0f0dcb73dd9ef56666286d90c7e04031f4f770e2723592c7315d91f38e2f95c009e587b62241d23e840982c3cef002d5dcd5ac872b970184581314e17f8486582718eec46530e35cd9194a61b4150190855d904526bac3bd3e38d8f0c7b6a6715873f363cb3f26d0bd96d33848ddd1cb8c1c45e5b6fd6e73c853dd77893465b22528bf025402b42fa596c1e1fd9b8d5831f866e9a7aa6e741610304971441ab66ed706192037164bff33a08a78a5e5b100160c99c6df60547b57b4d236d0c76a8208d55e23ed74311581cf18a90e8de805073a5ba2f6ab41b8f7deac69e0650ee1953cb5a82a1cbcc2c40a2ceaed9ef3937527a3d5d0e3fc4d66307744f42221b75af36194daae81ac67c9b8c6aa819b7770883b19bbf5eca0333c5db7bf75e3d7342fe80882ca97a6e967fe3896ef8fbd0dbe364750ac17909074b3c9e519a7b4ff5d416e97cd53470573eda3090fcba2320cc5becb7543cf089954f7235a7a7bf86386d438f8fd70f171b6ae2fa494a4ac049e017f86e4130f36ba587bf3e0ffdac94c2cd4e112b8c14ade6a739bf1a39c2a06b7d235ac7595c972f7389a0eb9fd51a0c2f5c404a4eb53f49571b472b8a57df1dd465c6e6b3be15af332ecea083e58be0dcee002d404a4e6e4c608891a10136a257c7f47a8572f2376ae55a70dad9f95405178392782042ed1a917a26e2f902e3521cb18436dbbfe771ba7729f188a4296e9483e6df8f36cad93d487890dd535aac907423937c809fbbc53b2fd3b64d63799141f78d925d9803f5f52187a24fac79ad5d59cd4b3134ee416b77dc757255ac57b718273bda610fde563a89f23c4c9ab40acca058efcd195e31ed97da5da54b421eb6c2c99513537654f61ecdad5cc76f02a4b12e4ffe643ffae8a2c6236dfd3be0aed95d2f5aa5b51c0b6ac51f4d32e593935ddb2ca52e0cbc30a92609f37ab2f1eb5b0078d9808c91f5c5a32785b86a2f23d8dec2bbb4be30ce6ac194921041709f53e742a28c50e78f64e141fab6c42a866b17c2e2b5a882da1c912676ce9ac24ee6a491ccf0406879f6497474fbec59e4967cb8562ec6f76897438c0654b7dca4bf3f834946cdcb7989ba25121f74dc38612db2a3d750e66806e5bf9232f0a1cd40840611879a468ba379717ccd2eacd0757859fb9f53e30e7453fdd14d44798a9a701ae00ddd7ba2c957b3cf64ec1c8d7b2faf2aa431facbeac00c89f783ced1493be45a763215a8f61a8cf965aa0c22e988a5110bb2b3c8391d4e368971e9713b3012d86c5c3acac3852b9878bfb4eab62599cdac40306c003edb08ca071a03ea9cb65d362bc6df507581f5abceeee274f04feb0e2834517bfe106b1448423e3bf349a5b5fe097b8fb4a1ac8b7e82a193be8dc962ca5fe43bf8a30e48c8f0b79b18fe6a1b74c3bb9dbdfda49a28611bab7ed40555902b074e1156a3d03c36a89ad5c60f7176f182bf7660606b1b9d9062d4eeb678146e4e5e149a020020a11c82af9bff035fe287693d87175a276a263f33bb70f6e20b20659dcd769450c024f1b865748c197ac60877364feefec9b06559588b9a85076c2b6e812164e7d2fc1cb1f98968ecaa8aa83d1bb8196ca7624dc9daa01fb262e95f437d058aa7a29ab44720a80701d33b6a88c9c7e3e6cab7bc6d64011ad8d3163f35dad7f030d7dc269086a8ac027aba5e3c8b75bcd5d4ba5cd969cfbb68195eb9ae1bcd38c985b1ac0a04a361631f531e295ad8da17edf36d8bf1ade4afe6ac41b2219fe76b2d5bfec319327e7ed5c9a95b46d6f4db5b4d93c7be2c76d8a56ce1a6b177578b14bc1b23575491e785f1ab76960f0e005f0e865d907bcea2455b43540970a1dbbbf078a5777a075fa4d2309f0e51c62ba70d34459250a7853aff1990b355b11c7551cbd0ffabb05f5b016ad911c962ed3557a1aa0e943a84821109947e8b06cba389efe8a39f5965fe90275180a095411f3429cf55d0da4e55b16f67d04da9ba39e7e654db623a653d0562d0c04b33377718120e43bffceb10488e685a170c5d706528d64d71df967b9d6df2053ec30cbd520bd6bb2bdaa6cd647a6bc683f98ba71df64034e001d0110f7846a7817745eb6f3a511c1056152b58706d5fe349c488282480645e0a1f7aaa316d4b9a5e9c56e3809890c573afebd608846311de0ede45e94924f5583db7f6e2639c5c46466d89ac6b0f667cc63800efbce1ab57513e9b02cf024679d71ed410e50094ef237d4eaf056ed9456643e0cbd4ae5619b6e2422633afaec56a41d8bc16344e7e123720d09fd6543cdc67aa13c07de2059996cf2c67b9800b2b0642886af5e9a6a35b065dde9f1bb4c7b45da5c25380c1375ea2e3c5ce5830bcd6bfeef77e2a7414e1791ba2c5d1454586a2a33047549cf45b69d07882d0d977b118c0c5b74916d60ed6be8162e7f6e603a70bee1469269609da04045f2317843075a29524dfefa0edf5e7d1e1549264b97052f64b312819dfa0b65afa23112a5096e13a3443c9147c459588817e37dd35b9e00c443bca36787c7407413dc7ee6a4a1394fa20e7b2c93a1f5318e05d719b71a4fe30d426cbf71994b10f71c99b19572a4a94bcc24445ac26f47de7f5608360873184e7001c7f7c11c938ed581b30ec3b12aaa2327404750ae45f26866bd7237e6d8e8bda92ce534427f3683bc1ce1221a9cf8be265a81c2cbde388225087499691db97c56294d3abd558a67b589ae4fdb4131aac684592e7761675de6bbbf04fa14c2f46ea65ac4a1a4e7631a147f17cb4f9aa42d14bfd13de0dbd545c88baad3e51be14ba5ffebe6220bc4df5772bf88c8faaaa45ca32a959d539716c359fdd72e3cd9a2987d349c2341bbad06a1b4113427f68a032f2affa1af60e2272dffe3c5241a03a79a51ce2f96015b27ba3ace54b0848888983522f321ce39552e4b5d917f3ab8ecfc07b53331ab06e8014b74c7fa819123a316bb0c16586f5f48ac4892ddd814a6c692d8b528707700bb5cdd2cce3835700ff14a28eab9d43f138719e2388b111baeebf2fd9b8633e61b9871acad4d1481c7bbf538e702e73c2becf035527dd2100aaec2f045d5f4024972e9626cabb42b044d91aae9e0dbe3865b9ab0b2dd18fab6bc69724dbe02043770684f0cb427e0a364c206f8a52984b5bb1f996fe43d8a17865cd5e18e95b9e1025a227f86270c0bddc5e7dd58302521ced4c0d51e108e7aef777b206f6482b23975c9c58e17ba2a3760e94796140720d4b8867de74c40a026b31caf46dbf3a32a4b6856817af1038267fcaf047185a8792c04f719e51638d88b2524aa0140af57ad9b906939883b6925ca7c67f6adfd30a037ea8c1f8b2f18c65d3d38fd68bd6c4f9ccf7f1fe9002f1af0a8a653d29ebc2110e9719fbd3740756df5699078d05cc6bbf0a3a7b4cda42d70f372afeaf05b7b7eff19fc962b02ccfc4580b47cbec0863bf176b22cd279f6917f9bde3a0abc9b37d27e73abec20e110807b93dab7478634e3da1d504b54f25bdaa47b743c1e5940fca5e10d24e5d3f88aa4c21ab6d0481847964ecf5cd364855816870a434a2003aed5af7446b923505f82e1de74fd10166b9ba269bcf240eed9171b1387bc5e38ce3424728ecbdc484c51aa9"}]}, @fragment={0x3b, 0x0, 0x10, 0x0, 0x0, 0x3, 0x68}], {{0x4e20, 0x4e21, 0x4, 0x1, 0xe, 0x0, 0x0, 0xa, 0x1, "a43a72", 0x6, "5e6a98"}, "c72e76f2bfa5ab126751365f0803d9fbcd60ed354a4d00d18f7635"}}}}}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000440)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0xd}, @broadcast, @val={@val, {0x8100, 0x5, 0x1, 0x3}}, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x2, 0x2f, 0x3c, 0x63, 0x0, 0x49, 0x6, 0x0, @empty, @broadcast}, @name_distributor={{0x28, 0x0, 0x0, 0x0, 0x0, 0xa, 0xb, 0x2, 0x6, 0x0, 0x1, 0x0, 0x1, 0x0, 0x4e22, 0x4e22, 0x4, 0x2}}}}}}, 0x0)
r5 = syz_usb_connect$hid(0x7, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0xff, 0x5543, 0x522, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x800, 0x0, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x0, 0x0, 0x3}}}}}]}}]}}, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x1)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0xb, {[@local=@item_4={0x3, 0x2, 0x4, "9bad196b"}, @global=@item_012={0x2, 0x1, 0x3, "b686"}, @global=@item_012={0x2, 0x1, 0x4, "f885"}]}}, 0x0}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

2.180153858s ago: executing program 2 (id=2910):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000000140), 0x62}, 0x2}], 0x1, 0x40000000, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x2409c8c9, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2, 0x7}, 0x1c)
sendto$inet6(r1, &(0x7f0000000e80)="0d0ad7c36d6617110e434332d6ac582208222cfb7c37ce1148f448455bc37f5f70c92774dcb201629979039d7c8943b207e5bdf9ab8eed9ace110469c51f4f211dd9fad815eb5b273ac04e1edc679bcdf0a0d24482de5454be9003cb80714a95e136bb", 0x63, 0x6d91fb6102d8910c, 0x0, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
r6 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r6, 0x33, 0x8000000f11, 0x1000ef)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001fc0)=@newqdisc={0x14c, 0x24, 0x100, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_STAB={0x104, 0x2, "8dd37291b6cab868f69bd24ed100a7c21426fb7ff343133ff4159173819b0931dacfba19526fd270f202056fb102ff8ca2b17216e32aade2a325cf7e292dac5ffe24b2a130057d88c253fbe2d292eaaa630dcbdc8662a30ec668fb156e06c1d898b555453d88dbf88b7c2f4493c31133ababe218407381c61339e539bac6946c05b7be3f452e4d52eb2453d08647d83b9563d8064ed05cc23455f4e437872793e2146a096daaaf389527a6147c83591011f5a4dd32c43d61a66437127e5f7a1c7732802d750573596233aa1d4fcbd206640ca05e136d7e75db6d0c8706844bf077516d55125e004b6b9d6d2730beddd783d1ed9bfbf5da79c9e0b36d7099de12"}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x6, 0x401, 0x1a3d, 0x1e, 0x3, 0x7, 0x17}}]}}]}, 0x14c}}, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
r7 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000300)='/sys/fs/smackfs/direct\x00', 0x2, 0x0)
writev(r7, &(0x7f0000002680)=[{&(0x7f00000025c0)='8', 0x1}, {0x0, 0x2}], 0x2)
recvmmsg(r2, &(0x7f0000002d00)=[{{0x0, 0x0, 0x0}, 0x8103}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1000001}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/179, 0xb3}, {&(0x7f0000000440)=""/245, 0xf5}, {&(0x7f0000003d40)=""/4097, 0x1001}, {&(0x7f00000016c0)=""/217, 0xd9}], 0x4}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x3764}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000940)=""/134, 0x57}, {&(0x7f0000001900)=""/229, 0xe5}, {&(0x7f0000005080)=""/4090, 0x1000}, {&(0x7f0000001ac0)=""/4120, 0x1018}, {&(0x7f0000000540)=""/211, 0xd3}, {&(0x7f00000000c0)=""/36, 0x24}, {&(0x7f0000000100)=""/39, 0x27}], 0x7}, 0xac}, {{0x0, 0x0, 0x0}, 0x6}], 0x8, 0x20, 0x0)

1.794892309s ago: executing program 1 (id=2911):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f00000001c0)=0x2, 0x4)
getsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, 0x0, &(0x7f0000000240))
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0xffffffffffffff08, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r6], 0x54}}, 0x0)
set_mempolicy(0x3, &(0x7f00000002c0)=0x1ff, 0x5)
mlock2(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETVNETBE(r7, 0x400454de, &(0x7f0000000000))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x43}, 0x94)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000840)=@generic={0x0, 0xffffffffffffffff, 0x0, 0x1000000}, 0x18)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300002095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='percpu_alloc_percpu\x00', r9}, 0x10)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020200600000000000000bfa100000000000007010000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
syz_emit_ethernet(0x7a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd6015690900442f"], 0x0)
r11 = socket(0x18, 0x800, 0x2)
getsockname$packet(r11, 0x0, &(0x7f0000000240))
ioctl$BTRFS_IOC_BALANCE_V2(r8, 0xc4009420, &(0x7f0000000b00)={0x1a, 0x1, {0x3, @struct={0x1, 0x10000}, 0x0, 0x9, 0x9, 0x5, 0x1, 0x5, 0xb4, @usage=0x8, 0xa4d, 0x7, [0xfffffffffffffffa, 0x8000000000000000, 0x8, 0xfffffffffffffffe, 0x547e, 0xe7]}, {0x0, @struct={0xc, 0x3}, 0x0, 0x8, 0xa, 0x0, 0x100000000, 0xfffffffffffffffe, 0xbb, @usage=0x4, 0x4, 0x6, [0x8c25, 0x80000001, 0x6, 0xffff, 0x1, 0xfffffffe]}, {0x787, @struct={0x259, 0x8}, 0x0, 0x8, 0x7, 0xb90, 0x2, 0x8000000000000000, 0x88, @struct={0x814}, 0xa57, 0x4, [0x4, 0x0, 0x8001, 0x0, 0x7af, 0x2]}, {0x2ba, 0x80000001, 0x2}})

1.347644141s ago: executing program 2 (id=2912):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000002080)=ANY=[@ANYBLOB="1900000004000000040000000200", @ANYRES32, @ANYBLOB="01000000000000000000000000000000000000006dd198b80b4ceced"], 0x50)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)}, 0x0)

1.255944533s ago: executing program 1 (id=2913):
socket$kcm(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000001380)={0x11, 0x13, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
syz_io_uring_setup(0xd2, &(0x7f0000000440)={0x0, 0x4, 0x80, 0x0, 0x8003b5}, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x3b8, 0x250, 0xffffffff, 0xffffffff, 0x250, 0xffffffff, 0x320, 0xffffffff, 0xffffffff, 0x320, 0xffffffff, 0x3, 0x0, {[{{@ip={@multicast1, @local, 0x0, 0x0, 'veth1_to_batadv\x00', 'wg1\x00'}, 0x0, 0x228, 0x250, 0x0, {}, [@common=@inet=@hashlimit2={{0x150}, {'vcan0\x00', {0x4386, 0x0, 0x6d, 0x0, 0x0, 0xfe5, 0x20}}}, @common=@unspec=@rateest={{0x68}, {'netpci0\x00', 'batadv_slave_0\x00', 0xa, 0x2, 0x0, 0x8, 0xf, 0x81, {0x9}, {0x6}}}]}, @common=@inet=@SYNPROXY={0x28}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x0, [0x0, 0x0, 0x0, 0x3]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x5393, 0x0)
mkdirat(0xffffffffffffffff, 0x0, 0x1ec)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x1a80000, &(0x7f0000000400))
chdir(&(0x7f00000000c0)='./bus\x00')
setuid(0xee00)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x400000f2, 0x0, 0x3}]})
fsetxattr$system_posix_acl(r3, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000580)=ANY=[@ANYBLOB="020004000400000000001000060000000000200000000000000000000000000000000000e7431f20a53ca5066506394dc57d3f4e7fb64000a66f2c80ca935f5c31deec9c8b922099b135ab76284737676677d3b82d83e15a19b237dea7685ec915eef42f936671658ef3bfea8d8d5477e8abb3a32eac03a23d05000000000000009438b2ec124a524a25c5931eb66461fce6543cc0f9e845462eda41b019ba623c44c59d183fa5b4c51df9168df2165083237fa660d6e475ba8d2813c952c5146734bdf4f16b5dad669b3a23b05ae6302797ab1fcb2873d28d000e1710de19c84ee646ce5bfc437f02c6f78d938a21ccafdbfc5a9781cdb838ab8df1466b536b80f5d7622ab0aaa997df0c49947b7c1b1019f2b119ef7636aadd56cf760b02130fad8683e39a848ba3039c10734b25894fe1d94fea440d45f2140efeada66d1cfba740a846a46d"], 0x24, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

151.930262ms ago: executing program 2 (id=2914):
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e23, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
r2 = socket(0x2, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000300)=@base={0x12, 0x80, 0x8, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r3}, &(0x7f0000000140), &(0x7f00000003c0)=r2}, 0x20)
unshare(0x8040600)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000240)={0x1f}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1}, 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={r5, &(0x7f0000001b00)='G'}, 0x20)
recvmmsg(r1, &(0x7f0000000600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=""/70, 0x46}}], 0x1, 0x2, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000780)=ANY=[@ANYBLOB="2800000003b200000000e9178fa8c5000000000000020000060904020073797a3000f6ffff080020007296ada407040000995f9d9274b63172fee635188d78dad948833bd02938b667317bcfc968e9a39e918ec81546c8605f09ac16d7bfdb487e2d1ac3827a2d33e04541cd63ee7d2854202753520b0f813afb86d6e21eeac84491b7ad18d116efca20846b48b4009b889fe286ed611c7179281feb9c9dd2cdf9a7b6505c2992f269c74be38b49713df27eb197f5abade3196c9f2ed09fac42d408703388e65dfaba47fa7ed1891590d97dd54690016248b0eaf2fd1b1446eec0c7295b7cfa7a5a0ad90362e4b0e6d34d79807ee7ddeb700aad082f283a4ad34018915e4ad0020d77d9747daa8adf83eb834c7a91dad07e2c6ef9ba47735a3c12225ab1"], 0x28}, 0x1, 0x0, 0x0, 0x4044000}, 0x14004)
socket$inet6(0xa, 0x2, 0x0)
r7 = fsmount(r0, 0x0, 0x5)
fchdir(r7)
r8 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002520702500000000690000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$MAP_CREATE(0x100000000000000, &(0x7f00000006c0)=ANY=[@ANYBLOB="0a00000007000000b30000007f00000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000007b4969e116356000700e80000000002605b4b2379e29301a21f639a28220735d6fe4165cb59bc1620b107a361e09a4990baeddaeadf877fa447462a4e2944825761a0e9f9690c1", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
getdents64(r8, &(0x7f0000000040)=""/40, 0x28)
getdents64(r8, 0xfffffffffffffffe, 0x29)

64.515105ms ago: executing program 7 (id=2915):
r0 = fsopen(&(0x7f0000000000)='udf\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000003c0)='iocharset', &(0x7f0000000400)='io#harsetY\\\b\x17T=-\x01\xcb\xdenAb\x87\xac\xe8$\xdb4\xde\x01\xaeR\x19\xb3\xcc\x89G\xf9\xe2\xc5\xeae\xd2\xc9\xdb\xb4EDOC\xe6y\xc8 \xa0\x87\x82xO\xacMjL\xe6\\\x83\xef^\x032\'\'^\xeb\xbf\xbdy\xe1\x8e\x01\xcc\x0e\xfc\xa3\"\xf1d\xce\x05\xe1%\x95\x1d\x88\xeb\xde\xd7\x82Nz\x06k\xcen\v\xce\x193\x05\xbe\xf6\x00\x16R\x83j^\xf4\xaf\xbeq{\x92q\xc9\x96$\xb7\xc7\x8f\xce\x05J\x927\x01\xdf\xc6\'\x9c\xcb\xad\xfa\xd3\x9a\xb6\x02\x97%\x03|\x94^N\x19Q^}\x97\xa9\xdb\x83\xd2\x95\xe8\x03\xecR\xdc\x00\x00', 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40000000}, 0x0) (async, rerun: 64)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000003"], 0x64}}, 0x0) (rerun: 64)

0s ago: executing program 6 (id=2916):
openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000003c0)={0x1, @pix_mp={0xe, 0x2, 0x32344d59, 0x5, 0xc, [{0x1152, 0x3deb}, {0x8, 0x9}, {0x0, 0x401}, {0x8, 0x400000d}, {0xd}, {0x1000, 0xffffffff}, {0x7, 0x7}, {0x8, 0x100005}], 0x3, 0x7, 0x8, 0x2, 0x5}})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000002e80)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x14, 0x2, 0x6, 0x201}, 0x14}}, 0x0)

kernel console output (not intermixed with test programs):

 Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1089.871115][T15299] overlayfs: conflicting options: userxattr,redirect_dir=on
[ 1091.582694][T15310] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1092.549275][T15317] netlink: 'syz.2.2340': attribute type 29 has an invalid length.
[ 1092.558132][T15317] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2340'.
[ 1092.742208][T13717] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[ 1093.431692][T15333] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2344'.
[ 1094.097927][T13717] usb 6-1: device descriptor read/all, error -71
[ 1094.838732][T15343] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1096.081610][ T6131] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1096.237667][T15351] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2346'.
[ 1097.623940][   T30] kauditd_printk_skb: 34 callbacks suppressed
[ 1097.623960][   T30] audit: type=1326 audit(1754099647.946:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15366 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f761138eb69 code=0x7ffc0000
[ 1097.716761][T15369] overlayfs: failed to resolve './file1': -2
[ 1097.796582][   T30] audit: type=1326 audit(1754099647.946:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15366 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f761138eb69 code=0x7ffc0000
[ 1098.687608][   T30] audit: type=1326 audit(1754099647.966:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15366 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f761138eb69 code=0x7ffc0000
[ 1098.844096][   T30] audit: type=1326 audit(1754099647.966:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15366 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f761138eb69 code=0x7ffc0000
[ 1098.884508][   T30] audit: type=1326 audit(1754099647.966:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15366 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f761138eb69 code=0x7ffc0000
[ 1098.937699][   T30] audit: type=1326 audit(1754099647.966:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15366 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f761138eb69 code=0x7ffc0000
[ 1098.981142][   T30] audit: type=1326 audit(1754099647.966:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15366 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f761138eb69 code=0x7ffc0000
[ 1099.034682][   T30] audit: type=1326 audit(1754099647.966:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15366 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f761138eb69 code=0x7ffc0000
[ 1099.096246][   T30] audit: type=1326 audit(1754099647.966:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15366 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f761138eb69 code=0x7ffc0000
[ 1099.228522][T15383] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2355'.
[ 1099.351060][   T30] audit: type=1326 audit(1754099647.966:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15366 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f761138eb69 code=0x7ffc0000
[ 1100.518349][T15390] overlayfs: conflicting options: userxattr,redirect_dir=on
[ 1103.298167][   T43] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[ 1103.337376][T15426] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check.
[ 1103.738211][T15430] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1104.629624][T15436] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2367'.
[ 1104.705558][   T43] usb 3-1: device descriptor read/all, error -71
[ 1104.790010][T15437] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2367'.
[ 1104.818894][T14429] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1104.853029][T14429] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1106.633366][T14429] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1106.665927][T14429] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1108.099070][T15470] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1108.370209][T15470] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2375'.
[ 1108.942407][T14429] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1108.954837][T14429] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1109.450754][T15479] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1109.565374][T15479] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2376'.
[ 1109.983093][T14429] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1110.174986][T15486] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1110.765560][T14429] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1111.239995][T10633] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1111.277473][T10633] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1111.286705][T10633] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1111.464883][T10633] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1111.482790][T10633] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1111.491298][  T925] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[ 1111.914731][  T925] usb 3-1: Using ep0 maxpacket: 8
[ 1111.931531][  T925] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1111.947492][  T925] usb 3-1: config 7 has an invalid interface number: 6 but max is 0
[ 1111.973690][  T925] usb 3-1: config 7 has no interface number 0
[ 1111.983594][  T925] usb 3-1: No eUSB2 isoc ep 15 companion for config 7 interface 6 altsetting 254
[ 1111.995848][  T925] usb 3-1: config 7 interface 6 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1112.007605][T15487] wg1 speed is unknown, defaulting to 1000
[ 1112.039559][  T925] usb 3-1: config 7 interface 6 has no altsetting 0
[ 1112.040715][T15487] lo speed is unknown, defaulting to 1000
[ 1112.067182][  T925] usb 3-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=30.9e
[ 1112.093860][  T925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1112.117951][  T925] usb 3-1: Product: syz
[ 1112.119089][T14429] bridge_slave_1: left allmulticast mode
[ 1112.128880][  T925] usb 3-1: Manufacturer: syz
[ 1112.138177][  T925] usb 3-1: SerialNumber: syz
[ 1112.138923][T14429] bridge_slave_1: left promiscuous mode
[ 1112.154305][T14429] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1112.174451][T14429] bridge_slave_0: left allmulticast mode
[ 1112.180159][T14429] bridge_slave_0: left promiscuous mode
[ 1112.192921][T14429] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1112.370233][T15493] loop2: detected capacity change from 0 to 7
[ 1112.382918][T13854] Dev loop2: unable to read RDB block 7
[ 1112.391044][T13854]  loop2: AHDI p1 p2
[ 1112.400422][T13854] loop2: partition table partially beyond EOD, truncated
[ 1112.410884][T13854] loop2: p1 size 4244635647 extends beyond EOD, truncated
[ 1112.466583][T15493] Dev loop2: unable to read RDB block 7
[ 1112.473172][T15493]  loop2: AHDI p1 p2
[ 1112.482359][T15493] loop2: partition table partially beyond EOD, truncated
[ 1112.493420][T15493] loop2: p1 size 4244635647 extends beyond EOD, truncated
[ 1112.529271][  T925] option 3-1:7.6: GSM modem (1-port) converter detected
[ 1112.573144][  T925] usb 3-1: USB disconnect, device number 63
[ 1112.592159][  T925] option 3-1:7.6: device disconnected
[ 1112.598582][T13854] udevd[13854]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[ 1112.640617][T13854] udevd[13854]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[ 1112.764118][T14429] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1112.777415][T14429] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1112.788124][T14429] bond0 (unregistering): Released all slaves
[ 1112.900667][T14429] bond1 (unregistering): Released all slaves
[ 1113.348065][T14429] bond2 (unregistering): (slave veth0_to_bond): Releasing active interface
[ 1113.594322][T15509] netlink: 'syz.2.2383': attribute type 4 has an invalid length.
[ 1113.616170][T10633] Bluetooth: hci3: command tx timeout
[ 1113.851839][T14429] bond2 (unregistering): Released all slaves
[ 1114.757430][T15050] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1114.773702][T15050] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1114.794984][T15050] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1114.803148][T15050] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1114.814825][T15050] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1114.937117][T14429] bond3 (unregistering): (slave batadv1): Releasing active interface
[ 1114.961432][T14429] bond3 (unregistering): Released all slaves
[ 1115.247364][T15516] wg1 speed is unknown, defaulting to 1000
[ 1115.440590][T15528] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1115.629944][T15516] lo speed is unknown, defaulting to 1000
[ 1115.694881][T15050] Bluetooth: hci3: command tx timeout
[ 1116.590197][T14429] IPVS: stopping master sync thread 14427 ...
[ 1116.904832][T15050] Bluetooth: hci0: command tx timeout
[ 1117.774774][T15050] Bluetooth: hci3: command tx timeout
[ 1117.792749][   T30] kauditd_printk_skb: 11 callbacks suppressed
[ 1117.792799][   T30] audit: type=1804 audit(1754099668.116:123): pid=15544 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.2390" name="/newroot/488/file0" dev="tmpfs" ino=2611 res=1 errno=0
[ 1117.819836][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1118.299292][T15558] CIFS: Unable to determine destination address
[ 1118.973132][T15487] chnl_net:caif_netlink_parms(): no params data found
[ 1118.974500][T15050] Bluetooth: hci0: command tx timeout
[ 1119.854970][T15050] Bluetooth: hci3: command tx timeout
[ 1120.129860][T14429] hsr_slave_0: left promiscuous mode
[ 1120.153490][T14429] hsr_slave_1: left promiscuous mode
[ 1120.169158][T14429] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1120.191667][T14429] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1120.265525][T14429] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1120.293411][T14429] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1120.371923][T14429] veth1_macvtap: left promiscuous mode
[ 1120.377738][T14429] veth0_macvtap: left promiscuous mode
[ 1120.383509][T14429] veth1_vlan: left promiscuous mode
[ 1120.390841][T14429] veth0_vlan: left promiscuous mode
[ 1121.065683][T15050] Bluetooth: hci0: command tx timeout
[ 1121.073529][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1121.082825][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1121.397040][ T6130] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1122.410909][T14429] team0 (unregistering): Port device team_slave_1 removed
[ 1122.462311][T14429] team0 (unregistering): Port device team_slave_0 removed
[ 1122.869808][T15600] veth1_macvtap: left promiscuous mode
[ 1122.875493][T15600] macsec0: entered promiscuous mode
[ 1122.883158][T15603] veth1_macvtap: entered promiscuous mode
[ 1122.889383][T15603] macsec0: left promiscuous mode
[ 1123.082504][T15516] chnl_net:caif_netlink_parms(): no params data found
[ 1123.134485][T15050] Bluetooth: hci0: command tx timeout
[ 1124.318632][T15487] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1124.345105][T15487] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1124.388050][T15487] bridge_slave_0: entered allmulticast mode
[ 1124.429510][T15487] bridge_slave_0: entered promiscuous mode
[ 1124.591217][T15487] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1124.628252][T15487] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1124.649636][T15487] bridge_slave_1: entered allmulticast mode
[ 1124.724336][T15487] bridge_slave_1: entered promiscuous mode
[ 1125.075621][T14429] IPVS: stop unused estimator thread 0...
[ 1125.322573][T15487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1125.374031][T15487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1125.385656][T15516] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1125.393236][T15516] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1125.403030][T15516] bridge_slave_0: entered allmulticast mode
[ 1125.411782][T15516] bridge_slave_0: entered promiscuous mode
[ 1125.545843][T15657] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2411'.
[ 1125.578002][T15657] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2411'.
[ 1125.621131][T15657] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2411'.
[ 1125.621550][T15660] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2411'.
[ 1125.643014][T15516] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1125.651498][T15516] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1125.660419][T15661] overlayfs: conflicting options: userxattr,redirect_dir=on
[ 1125.699004][T15516] bridge_slave_1: entered allmulticast mode
[ 1125.833937][T15516] bridge_slave_1: entered promiscuous mode
[ 1125.915562][  T925] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[ 1125.961540][T15487] team0: Port device team_slave_0 added
[ 1126.078163][  T925] usb 5-1: device descriptor read/64, error -71
[ 1126.196354][T15487] team0: Port device team_slave_1 added
[ 1126.344886][  T925] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[ 1126.634638][  T925] usb 5-1: device descriptor read/64, error -71
[ 1126.648785][T15516] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1126.761369][  T925] usb usb5-port1: attempt power cycle
[ 1126.844575][   T24] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[ 1126.940216][T14429] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1127.071791][   T24] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1127.123499][   T24] usb 3-1: can't read configurations, error -61
[ 1127.144749][  T925] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[ 1127.170042][  T925] usb 5-1: device descriptor read/8, error -71
[ 1127.334566][T15516] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1127.344587][   T24] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[ 1127.475438][  T925] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[ 1127.506700][  T925] usb 5-1: device descriptor read/8, error -71
[ 1127.521759][T14429] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1127.542852][   T24] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1127.563283][T15516] team0: Port device team_slave_0 added
[ 1127.570481][   T24] usb 3-1: can't read configurations, error -61
[ 1127.573984][T15516] team0: Port device team_slave_1 added
[ 1127.594861][   T24] usb usb3-port1: attempt power cycle
[ 1127.596034][T15487] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1127.618843][  T925] usb usb5-port1: unable to enumerate USB device
[ 1127.636913][T15487] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1127.668565][T15487] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1127.714796][T14429] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1127.900883][   T30] audit: type=1804 audit(1754099678.206:124): pid=15691 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.2416" name="/newroot/511/file0" dev="tmpfs" ino=2733 res=1 errno=0
[ 1127.921542][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1128.015284][   T24] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[ 1128.110758][   T24] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1128.160472][   T24] usb 3-1: can't read configurations, error -61
[ 1128.354940][   T24] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[ 1128.412518][   T24] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1128.442486][   T24] usb 3-1: can't read configurations, error -61
[ 1128.471579][   T24] usb usb3-port1: unable to enumerate USB device
[ 1128.648013][T15487] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1128.664473][T15487] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1128.716240][T15487] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1128.886353][T14429] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1128.960712][T15516] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1128.985133][T15516] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1129.069912][T15516] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1129.176833][T15516] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1129.223217][T15516] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1129.304949][T15707] 9pnet_fd: Insufficient options for proto=fd
[ 1129.381628][T15516] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1130.490411][T15487] hsr_slave_0: entered promiscuous mode
[ 1130.505636][T15487] hsr_slave_1: entered promiscuous mode
[ 1130.614167][T15516] hsr_slave_0: entered promiscuous mode
[ 1130.626536][T15516] hsr_slave_1: entered promiscuous mode
[ 1130.670910][T15516] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1130.719254][T15516] Cannot create hsr debugfs directory
[ 1130.767488][T15707] wg1 speed is unknown, defaulting to 1000
[ 1130.922271][T15707] lo speed is unknown, defaulting to 1000
[ 1130.922310][T15710] wg1 speed is unknown, defaulting to 1000
[ 1131.118019][   T30] audit: type=1804 audit(1754099681.406:125): pid=15726 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.2425" name="/newroot/486/file0" dev="tmpfs" ino=2621 res=1 errno=0
[ 1131.938223][T15710] lo speed is unknown, defaulting to 1000
[ 1132.144514][T13717] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[ 1132.318552][T15747] overlayfs: conflicting options: userxattr,redirect_dir=on
[ 1132.329183][T13717] usb 2-1: Using ep0 maxpacket: 16
[ 1132.357753][T13717] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1132.401844][T13717] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1132.482258][T13717] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1132.620899][T13717] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1132.694813][T13717] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1132.759322][T13717] usb 2-1: config 0 descriptor??
[ 1133.294500][T12388] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[ 1133.313653][T15733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1133.330428][T15733] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1133.367114][T13717] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.000E/input/input47
[ 1133.398647][T13717] microsoft 0003:045E:07DA.000E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[ 1133.451570][T12388] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1133.466302][T12388] usb 3-1: can't read configurations, error -61
[ 1133.577892][T13717] usb 2-1: USB disconnect, device number 58
[ 1133.597182][T12388] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[ 1133.776793][T12388] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1133.795007][T12388] usb 3-1: can't read configurations, error -61
[ 1133.806826][T12388] usb usb3-port1: attempt power cycle
[ 1133.917846][T15487] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1133.982694][T15487] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1134.032571][T15487] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1134.144623][T12388] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[ 1134.209125][T15487] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1134.219234][T12388] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1134.258007][T12388] usb 3-1: can't read configurations, error -61
[ 1135.074513][T12388] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[ 1135.109544][T12388] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1135.154630][T12388] usb 3-1: can't read configurations, error -61
[ 1135.187160][T15516] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1135.196461][T12388] usb usb3-port1: unable to enumerate USB device
[ 1135.205683][T15781] loop6: detected capacity change from 0 to 524287999
[ 1135.226871][T15783] overlayfs: conflicting options: userxattr,redirect_dir=on
[ 1135.244100][T13772] Buffer I/O error on dev loop6, logical block 65535999, async page read
[ 1135.439180][T15785] binder: BINDER_SET_CONTEXT_MGR already set
[ 1135.445552][T15785] binder: 15782:15785 ioctl 4018620d 2000000002c0 returned -16
[ 1135.457730][T15785] binder: 15782:15785 ioctl c0306201 200000000240 returned -11
[ 1135.469917][T15785] FAULT_INJECTION: forcing a failure.
[ 1135.469917][T15785] name failslab, interval 1, probability 0, space 0, times 0
[ 1135.482804][T15785] CPU: 0 UID: 0 PID: 15785 Comm: syz.4.2432 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1135.482829][T15785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1135.482842][T15785] Call Trace:
[ 1135.482849][T15785]  <TASK>
[ 1135.482855][T15785]  dump_stack_lvl+0x189/0x250
[ 1135.482875][T15785]  ? __pfx____ratelimit+0x10/0x10
[ 1135.482890][T15785]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1135.482905][T15785]  ? __pfx__printk+0x10/0x10
[ 1135.482923][T15785]  ? __pfx___might_resched+0x10/0x10
[ 1135.482943][T15785]  should_fail_ex+0x414/0x560
[ 1135.482961][T15785]  should_failslab+0xa8/0x100
[ 1135.482976][T15785]  __kmalloc_noprof+0xcb/0x4f0
[ 1135.482988][T15785]  ? tomoyo_encode+0x28b/0x550
[ 1135.483009][T15785]  tomoyo_encode+0x28b/0x550
[ 1135.483029][T15785]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1135.483057][T15785]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1135.483077][T15785]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1135.483100][T15785]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1135.483125][T15785]  ? __lock_acquire+0xab9/0xd20
[ 1135.483150][T15785]  ? __fget_files+0x2a/0x420
[ 1135.483167][T15785]  ? __fget_files+0x2a/0x420
[ 1135.483181][T15785]  ? __fget_files+0x3a0/0x420
[ 1135.483194][T15785]  ? __fget_files+0x2a/0x420
[ 1135.483212][T15785]  security_file_ioctl+0xcb/0x2d0
[ 1135.483228][T15785]  __se_sys_ioctl+0x47/0x170
[ 1135.483249][T15785]  do_syscall_64+0xfa/0x3b0
[ 1135.483265][T15785]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1135.483278][T15785]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1135.483291][T15785]  ? clear_bhb_loop+0x60/0xb0
[ 1135.483306][T15785]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1135.483319][T15785] RIP: 0033:0x7f1330b8eb69
[ 1135.483331][T15785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1135.483342][T15785] RSP: 002b:00007f132e9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1135.483358][T15785] RAX: ffffffffffffffda RBX: 00007f1330db6080 RCX: 00007f1330b8eb69
[ 1135.483368][T15785] RDX: 0000200000000300 RSI: 00000000c0306201 RDI: 0000000000000009
[ 1135.483376][T15785] RBP: 00007f132e9f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1135.483385][T15785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1135.483393][T15785] R13: 0000000000000000 R14: 00007f1330db6080 R15: 00007ffe5766f4c8
[ 1135.483424][T15785]  </TASK>
[ 1135.483637][T15785] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1136.191001][T15516] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1136.222749][T15516] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1136.261038][T15792] sp0: Synchronizing with TNC
[ 1136.299133][T15516] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1136.480188][   T30] audit: type=1804 audit(1754099686.786:126): pid=15800 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.2434" name="/newroot/490/file0" dev="tmpfs" ino=2643 res=1 errno=0
[ 1137.149604][T15790] [U] è
[ 1137.552299][T15817] netlink: 'syz.4.2437': attribute type 21 has an invalid length.
[ 1137.879326][T15817] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2437'.
[ 1137.954565][T14429] hsr_slave_0: left promiscuous mode
[ 1137.998082][T14429] hsr_slave_1: left promiscuous mode
[ 1138.010283][T14429] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1138.018697][T14429] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1138.030596][T14429] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1138.066492][T14429] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1138.174044][T14429] veth1_macvtap: left promiscuous mode
[ 1138.179048][T15824] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1138.180770][T14429] veth1_vlan: left promiscuous mode
[ 1138.193828][T14429] veth0_vlan: left promiscuous mode
[ 1138.910042][T15832] netlink: 11120 bytes leftover after parsing attributes in process `syz.2.2441'.
[ 1139.995016][   T30] audit: type=1804 audit(1754099690.276:127): pid=15839 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.2444" name="/newroot/505/file0" dev="tmpfs" ino=2705 res=1 errno=0
[ 1141.183627][T15841] hsr0: entered promiscuous mode
[ 1141.590492][T15487] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1141.828954][T15516] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1141.855166][T15487] 8021q: adding VLAN 0 to HW filter on device team0
[ 1142.028812][T15516] 8021q: adding VLAN 0 to HW filter on device team0
[ 1142.488836][T10859] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1142.496123][T10859] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1142.757580][T10859] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1142.765031][T10859] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1142.873131][T10859] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1142.880384][T10859] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1142.902278][T10859] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1142.909676][T10859] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1143.047409][T15867] fuse: Unknown parameter 'fd0xffffffffffffffff0000000000000000000000000000000000000000'
[ 1143.263647][T15487] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1143.801877][T15516] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1143.880369][T15487] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1144.432366][   T30] audit: type=1804 audit(1754099694.746:128): pid=15906 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.2453" name="/newroot/509/file0" dev="tmpfs" ino=2727 res=1 errno=0
[ 1144.453042][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1147.271866][   T24] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[ 1147.326498][T15487] veth0_vlan: entered promiscuous mode
[ 1147.338911][T15487] veth1_vlan: entered promiscuous mode
[ 1148.094088][T15487] veth0_macvtap: entered promiscuous mode
[ 1148.189435][T15487] veth1_macvtap: entered promiscuous mode
[ 1148.268489][   T24] usb 2-1: Using ep0 maxpacket: 8
[ 1148.272582][T15516] veth0_vlan: entered promiscuous mode
[ 1148.287451][   T24] usb 2-1: config 0 has an invalid interface number: 77 but max is 0
[ 1148.298006][   T24] usb 2-1: config 0 has no interface number 0
[ 1148.312487][   T24] usb 2-1: New USB device found, idVendor=1b1f, idProduct=c006, bcdDevice=df.ab
[ 1148.334775][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1148.342921][   T24] usb 2-1: Product: syz
[ 1148.356391][T15516] veth1_vlan: entered promiscuous mode
[ 1148.362169][   T24] usb 2-1: Manufacturer: syz
[ 1148.376883][   T24] usb 2-1: SerialNumber: syz
[ 1148.382108][T15487] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1148.391074][   T24] usb 2-1: config 0 descriptor??
[ 1148.411302][T15943] binder: 15942:15943 ioctl c0306201 0 returned -14
[ 1148.418869][   T24] ftdi_sio 2-1:0.77: FTDI USB Serial Device converter detected
[ 1148.421900][T15487] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1148.443641][   T24] ftdi_sio ttyUSB0: unknown device type: 0xdfab
[ 1148.651917][  T925] usb 2-1: USB disconnect, device number 59
[ 1148.662418][T15516] veth0_macvtap: entered promiscuous mode
[ 1148.681643][  T925] ftdi_sio 2-1:0.77: device disconnected
[ 1148.716337][T15487] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1148.735846][T15487] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1148.751369][T15487] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1148.772811][T15487] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1148.800457][T15516] veth1_macvtap: entered promiscuous mode
[ 1148.812599][T15950] netlink: 'syz.1.2461': attribute type 29 has an invalid length.
[ 1148.832277][T15950] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2461'.
[ 1148.987256][   T24] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[ 1149.039109][ T6131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1149.069114][ T6131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1149.141841][T15516] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1149.195556][   T24] usb 5-1: Using ep0 maxpacket: 8
[ 1149.203769][ T6131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1149.227622][T15516] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1149.240256][ T6131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1149.243209][   T24] usb 5-1: config 1 interface 0 altsetting 9 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1149.301117][   T24] usb 5-1: config 1 interface 0 has no altsetting 0
[ 1149.310810][T15516] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1149.332916][   T24] usb 5-1: New USB device found, idVendor=056a, idProduct=003f, bcdDevice= 0.40
[ 1149.348109][T15516] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1149.360299][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1149.379284][T15516] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1149.388261][   T24] usb 5-1: Product: �
[ 1149.398390][   T24] usb 5-1: Manufacturer: ꖴ쿭뭶󘀕�傶ꎎ�줎�㾊醔룾ᠷᘱ��䰡쯑Ÿ⃋䔃ᖘ�韷롨펤�惃㖒煹㧹⃥炒�₠ᥔ囨ꄞ�쎱�䊃쥃㢇ꤾﵫ⒤᤻븣⯓ಸ龔▄魺꾆ꋘ飇醴칸㧕꠨虡經⮗�ᄩ�챱敬�럱Ṳ䤨⇚䭔섅뿌他쫆蟤�ꙫ朧㎸毾뒤Ớ쒋蘘뛾寰믅☬
[ 1149.429351][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1149.436384][T15516] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1149.492275][   T24] usb 5-1: SerialNumber: 著�䘫淹�嚕좮뤳媧��罩ᄩ⬭ꛩ���잎몷�⑩᩾鲃³鴡眻៛즫�디쒫⫂뿠毞巵틲㷱㶵渜�委Ӡ꾠늼�㚽LJ矹奣㺾絓㼕⧻⾬
[ 1149.549830][   T30] audit: type=1804 audit(1754099699.866:129): pid=15968 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.2465" name="/newroot/528/cgroup.controllers" dev="tmpfs" ino=2823 res=1 errno=0
[ 1149.571594][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1149.604262][T15968] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2465'.
[ 1149.694436][   T30] audit: type=1800 audit(1754099699.866:130): pid=15968 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.2465" name="cgroup.controllers" dev="tmpfs" ino=2823 res=0 errno=0
[ 1149.875358][ T6131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1149.916667][ T6131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1150.054159][T15945] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1150.082654][T15978] bio_check_eod: 2 callbacks suppressed
[ 1150.082787][T15978] syz.2.2466: attempt to access beyond end of device
[ 1150.082787][T15978] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1150.123538][T15978] (syz.2.2466,15978,0):ocfs2_get_sector:1714 ERROR: status = -5
[ 1150.132069][T15978] (syz.2.2466,15978,0):ocfs2_sb_probe:753 ERROR: status = -5
[ 1150.133732][T15945] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1150.148094][T15978] (syz.2.2466,15978,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[ 1150.157642][T15978] (syz.2.2466,15978,0):ocfs2_fill_super:1177 ERROR: status = -5
[ 1150.707551][ T7131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1150.729593][   T24] usbhid 5-1:1.0: can't add hid device: -71
[ 1150.736870][   T24] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[ 1150.759684][ T7131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1150.832932][   T24] usb 5-1: USB disconnect, device number 40
[ 1151.510537][T15995] netlink: 'syz.2.2470': attribute type 29 has an invalid length.
[ 1151.575257][T15995] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2470'.
[ 1151.945424][T16002] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1153.412087][T16021] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2473'.
[ 1154.056440][T16032] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.2478'.
[ 1154.233361][T16032] delete_channel: no stack
[ 1154.302028][T16046] FAULT_INJECTION: forcing a failure.
[ 1154.302028][T16046] name failslab, interval 1, probability 0, space 0, times 0
[ 1154.315360][T16046] CPU: 1 UID: 0 PID: 16046 Comm: syz.6.2481 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1154.315387][T16046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1154.315400][T16046] Call Trace:
[ 1154.315407][T16046]  <TASK>
[ 1154.315416][T16046]  dump_stack_lvl+0x189/0x250
[ 1154.315444][T16046]  ? __pfx____ratelimit+0x10/0x10
[ 1154.315466][T16046]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1154.315489][T16046]  ? __pfx__printk+0x10/0x10
[ 1154.315520][T16046]  ? __pfx___might_resched+0x10/0x10
[ 1154.315548][T16046]  should_fail_ex+0x414/0x560
[ 1154.315574][T16046]  should_failslab+0xa8/0x100
[ 1154.315598][T16046]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1154.315626][T16046]  ? __alloc_skb+0x112/0x2d0
[ 1154.315659][T16046]  __alloc_skb+0x112/0x2d0
[ 1154.315691][T16046]  netlink_sendmsg+0x5c6/0xb30
[ 1154.315730][T16046]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1154.315768][T16046]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1154.315788][T16046]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1154.315818][T16046]  __sock_sendmsg+0x21c/0x270
[ 1154.315845][T16046]  ____sys_sendmsg+0x505/0x830
[ 1154.315883][T16046]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1154.315924][T16046]  ? import_iovec+0x74/0xa0
[ 1154.315956][T16046]  ___sys_sendmsg+0x21f/0x2a0
[ 1154.315989][T16046]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1154.316062][T16046]  ? __fget_files+0x2a/0x420
[ 1154.316084][T16046]  ? __fget_files+0x3a0/0x420
[ 1154.316118][T16046]  __x64_sys_sendmsg+0x19b/0x260
[ 1154.316152][T16046]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1154.316194][T16046]  ? __pfx_ksys_write+0x10/0x10
[ 1154.316211][T16046]  ? rcu_is_watching+0x15/0xb0
[ 1154.316238][T16046]  ? do_syscall_64+0xbe/0x3b0
[ 1154.316265][T16046]  do_syscall_64+0xfa/0x3b0
[ 1154.316286][T16046]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1154.316308][T16046]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1154.316328][T16046]  ? clear_bhb_loop+0x60/0xb0
[ 1154.316352][T16046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1154.316372][T16046] RIP: 0033:0x7f5c3818eb69
[ 1154.316389][T16046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1154.316407][T16046] RSP: 002b:00007f5c3906d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1154.316427][T16046] RAX: ffffffffffffffda RBX: 00007f5c383b6080 RCX: 00007f5c3818eb69
[ 1154.316442][T16046] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000005
[ 1154.316454][T16046] RBP: 00007f5c3906d090 R08: 0000000000000000 R09: 0000000000000000
[ 1154.316466][T16046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1154.316478][T16046] R13: 0000000000000000 R14: 00007f5c383b6080 R15: 00007ffedb99f678
[ 1154.316509][T16046]  </TASK>
[ 1154.577359][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1154.641591][T16032] delete_channel: no stack
[ 1156.035820][T16055] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1156.793095][T16065] netlink: 'syz.1.2485': attribute type 29 has an invalid length.
[ 1158.154922][T16084] veth0_macvtap: left promiscuous mode
[ 1160.001054][T16102] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1160.136805][T16102] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2494'.
[ 1161.538099][   T30] audit: type=1804 audit(1754099710.986:131): pid=16109 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.2497" name="/newroot/518/file0" dev="tmpfs" ino=2778 res=1 errno=0
[ 1163.742941][T16141] FAULT_INJECTION: forcing a failure.
[ 1163.742941][T16141] name failslab, interval 1, probability 0, space 0, times 0
[ 1163.792611][T16141] CPU: 1 UID: 0 PID: 16141 Comm: syz.7.2506 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1163.792644][T16141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1163.792656][T16141] Call Trace:
[ 1163.792664][T16141]  <TASK>
[ 1163.792673][T16141]  dump_stack_lvl+0x189/0x250
[ 1163.792700][T16141]  ? __pfx____ratelimit+0x10/0x10
[ 1163.792722][T16141]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1163.792755][T16141]  ? __pfx__printk+0x10/0x10
[ 1163.792786][T16141]  ? __pfx___might_resched+0x10/0x10
[ 1163.792813][T16141]  should_fail_ex+0x414/0x560
[ 1163.792840][T16141]  should_failslab+0xa8/0x100
[ 1163.792864][T16141]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1163.792885][T16141]  ? __alloc_skb+0x112/0x2d0
[ 1163.792918][T16141]  __alloc_skb+0x112/0x2d0
[ 1163.792950][T16141]  netlink_sendmsg+0x5c6/0xb30
[ 1163.792989][T16141]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1163.793026][T16141]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1163.793046][T16141]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1163.793076][T16141]  __sock_sendmsg+0x21c/0x270
[ 1163.793103][T16141]  ____sys_sendmsg+0x505/0x830
[ 1163.793140][T16141]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1163.793180][T16141]  ? import_iovec+0x74/0xa0
[ 1163.793212][T16141]  ___sys_sendmsg+0x21f/0x2a0
[ 1163.793245][T16141]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1163.793313][T16141]  ? __fget_files+0x2a/0x420
[ 1163.793335][T16141]  ? __fget_files+0x3a0/0x420
[ 1163.793369][T16141]  __x64_sys_sendmsg+0x19b/0x260
[ 1163.793412][T16141]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1163.793451][T16141]  ? __pfx_ksys_write+0x10/0x10
[ 1163.793466][T16141]  ? rcu_is_watching+0x15/0xb0
[ 1163.793492][T16141]  ? do_syscall_64+0xbe/0x3b0
[ 1163.793518][T16141]  do_syscall_64+0xfa/0x3b0
[ 1163.793537][T16141]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1163.793556][T16141]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1163.793575][T16141]  ? clear_bhb_loop+0x60/0xb0
[ 1163.793598][T16141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1163.793615][T16141] RIP: 0033:0x7f591fd8eb69
[ 1163.793632][T16141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1163.793648][T16141] RSP: 002b:00007f5920ba7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1163.793668][T16141] RAX: ffffffffffffffda RBX: 00007f591ffb5fa0 RCX: 00007f591fd8eb69
[ 1163.793682][T16141] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[ 1163.793693][T16141] RBP: 00007f5920ba7090 R08: 0000000000000000 R09: 0000000000000000
[ 1163.793705][T16141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1163.793716][T16141] R13: 0000000000000000 R14: 00007f591ffb5fa0 R15: 00007ffcceb02728
[ 1163.793751][T16141]  </TASK>
[ 1164.055004][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1166.136485][T16162] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2509'.
[ 1166.459641][T16165] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2510'.
[ 1166.857548][T16183] fuse: Unknown parameter 'fd0xffffffffffffffff0000000000000000000000000000000000000000'
[ 1167.907675][   T30] audit: type=1326 audit(1754099718.236:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16192 comm="syz.4.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1330b8eb69 code=0x7ffc0000
[ 1167.994569][   T24] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[ 1168.061105][   T30] audit: type=1326 audit(1754099718.266:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16192 comm="syz.4.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1330b8eb69 code=0x7ffc0000
[ 1168.082912][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1168.218472][   T24] usb 3-1: device descriptor read/64, error -71
[ 1168.347881][   T30] audit: type=1326 audit(1754099718.266:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16192 comm="syz.4.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1330b8eb69 code=0x7ffc0000
[ 1168.369686][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1168.427362][   T30] audit: type=1326 audit(1754099718.276:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16192 comm="syz.4.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1330b8eb69 code=0x7ffc0000
[ 1168.494088][   T30] audit: type=1326 audit(1754099718.276:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16192 comm="syz.4.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f1330b8eb69 code=0x7ffc0000
[ 1168.516180][   T24] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[ 1168.614397][   T30] audit: type=1326 audit(1754099718.276:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16192 comm="syz.4.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1330b8eb69 code=0x7ffc0000
[ 1168.635979][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1168.694480][   T24] usb 3-1: device descriptor read/64, error -71
[ 1168.723913][   T30] audit: type=1326 audit(1754099718.276:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16192 comm="syz.4.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7f1330b8eb69 code=0x7ffc0000
[ 1168.781088][T16202] netlink: 'syz.7.2519': attribute type 29 has an invalid length.
[ 1168.803675][T16202] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2519'.
[ 1168.816763][   T24] usb usb3-port1: attempt power cycle
[ 1168.831222][   T30] audit: type=1326 audit(1754099718.276:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16192 comm="syz.4.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1330b8eb69 code=0x7ffc0000
[ 1168.852838][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1168.906207][   T30] audit: type=1326 audit(1754099718.276:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16192 comm="syz.4.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=91 compat=0 ip=0x7f1330b8eb69 code=0x7ffc0000
[ 1169.036814][   T30] audit: type=1326 audit(1754099718.276:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16192 comm="syz.4.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1330b8eb69 code=0x7ffc0000
[ 1169.914411][   T24] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[ 1170.081743][T16224] FAULT_INJECTION: forcing a failure.
[ 1170.081743][T16224] name failslab, interval 1, probability 0, space 0, times 0
[ 1170.094919][T16224] CPU: 0 UID: 0 PID: 16224 Comm: syz.7.2523 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1170.094945][T16224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1170.094957][T16224] Call Trace:
[ 1170.094965][T16224]  <TASK>
[ 1170.094974][T16224]  dump_stack_lvl+0x189/0x250
[ 1170.095001][T16224]  ? __pfx____ratelimit+0x10/0x10
[ 1170.095024][T16224]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1170.095046][T16224]  ? __pfx__printk+0x10/0x10
[ 1170.095079][T16224]  ? __pfx___might_resched+0x10/0x10
[ 1170.095100][T16224]  ? fs_reclaim_acquire+0x7d/0x100
[ 1170.095130][T16224]  should_fail_ex+0x414/0x560
[ 1170.095156][T16224]  should_failslab+0xa8/0x100
[ 1170.095179][T16224]  __kmalloc_noprof+0xcb/0x4f0
[ 1170.095198][T16224]  ? io_cache_alloc_new+0x40/0x100
[ 1170.095229][T16224]  io_cache_alloc_new+0x40/0x100
[ 1170.095256][T16224]  __io_prep_rw+0x23f/0xd80
[ 1170.095285][T16224]  ? __pfx___io_prep_rw+0x10/0x10
[ 1170.095304][T16224]  ? __pfx___io_alloc_req_refill+0x10/0x10
[ 1170.095341][T16224]  io_prep_read+0x22/0xd0
[ 1170.095373][T16224]  io_submit_sqes+0x90c/0x1c50
[ 1170.095442][T16224]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 1170.095471][T16224]  ? rcu_is_watching+0x15/0xb0
[ 1170.095495][T16224]  ? trace_sched_exit_tp+0x38/0x120
[ 1170.095525][T16224]  ? __schedule+0x16c8/0x4c90
[ 1170.095554][T16224]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1170.095579][T16224]  ? schedule+0x165/0x360
[ 1170.095603][T16224]  ? __pfx___schedule+0x10/0x10
[ 1170.095649][T16224]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 1170.095673][T16224]  do_syscall_64+0xfa/0x3b0
[ 1170.095695][T16224]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1170.095715][T16224]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1170.095735][T16224]  ? clear_bhb_loop+0x60/0xb0
[ 1170.095759][T16224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1170.095779][T16224] RIP: 0033:0x7f591fd8eb69
[ 1170.095796][T16224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1170.095813][T16224] RSP: 002b:00007f5920b86038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1170.095833][T16224] RAX: ffffffffffffffda RBX: 00007f591ffb6080 RCX: 00007f591fd8eb69
[ 1170.095848][T16224] RDX: 00000000000004c3 RSI: 00000000000074d1 RDI: 0000000000000007
[ 1170.095860][T16224] RBP: 00007f5920b86090 R08: 0000000000000000 R09: fffffffffffffd1d
[ 1170.095873][T16224] R10: 0000000000000043 R11: 0000000000000246 R12: 0000000000000001
[ 1170.095885][T16224] R13: 0000000000000000 R14: 00007f591ffb6080 R15: 00007ffcceb02728
[ 1170.095916][T16224]  </TASK>
[ 1170.164874][   T24] usb 3-1: device not accepting address 74, error -71
[ 1171.655242][T16240] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1172.618667][T16237] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2527'.
[ 1173.529918][T15050] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[ 1173.541622][T15050] CPU: 0 UID: 0 PID: 15050 Comm: kworker/u9:3 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1173.541647][T15050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1173.541661][T15050] Workqueue: hci0 hci_rx_work
[ 1173.541684][T15050] Call Trace:
[ 1173.541691][T15050]  <TASK>
[ 1173.541700][T15050]  dump_stack_lvl+0x189/0x250
[ 1173.541724][T15050]  ? kernfs_path_from_node+0x2c/0x260
[ 1173.541749][T15050]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1173.541771][T15050]  ? __pfx__printk+0x10/0x10
[ 1173.541798][T15050]  ? kernfs_path_from_node+0x2c/0x260
[ 1173.541841][T15050]  ? kernfs_path_from_node+0x2c/0x260
[ 1173.541884][T15050]  ? kernfs_path_from_node+0x22c/0x260
[ 1173.541909][T15050]  ? kernfs_path_from_node+0x2c/0x260
[ 1173.541939][T15050]  sysfs_create_dir_ns+0x259/0x280
[ 1173.541969][T15050]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1173.541999][T15050]  ? do_raw_spin_unlock+0x122/0x240
[ 1173.542035][T15050]  kobject_add_internal+0x59f/0xb40
[ 1173.542074][T15050]  kobject_add+0x155/0x220
[ 1173.542108][T15050]  ? __pfx_kobject_add+0x10/0x10
[ 1173.542136][T15050]  ? _raw_spin_unlock+0x28/0x50
[ 1173.542185][T15050]  ? get_device_parent+0x366/0x3a0
[ 1173.542239][T15050]  device_add+0x408/0xb50
[ 1173.542277][T15050]  hci_conn_add_sysfs+0xd5/0x1e0
[ 1173.542316][T15050]  le_conn_complete_evt+0xc3a/0x1220
[ 1173.542361][T15050]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1173.542392][T15050]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1173.542416][T15050]  ? __asan_memcpy+0x40/0x70
[ 1173.542449][T15050]  ? __pfx___mutex_lock+0x10/0x10
[ 1173.542474][T15050]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1173.542497][T15050]  ? skb_pull_data+0xfb/0x200
[ 1173.542527][T15050]  hci_le_conn_complete_evt+0x187/0x450
[ 1173.542565][T15050]  hci_event_packet+0x78c/0x1200
[ 1173.542591][T15050]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1173.542623][T15050]  ? __pfx_hci_event_packet+0x10/0x10
[ 1173.542648][T15050]  ? kcov_remote_start+0x4d3/0x7f0
[ 1173.542680][T15050]  ? lockdep_hardirqs_on+0x90/0x150
[ 1173.542710][T15050]  ? hci_send_to_monitor+0xe2/0x570
[ 1173.542745][T15050]  hci_rx_work+0x46a/0xe80
[ 1173.542778][T15050]  ? process_scheduled_works+0x9ef/0x17b0
[ 1173.542805][T15050]  process_scheduled_works+0xade/0x17b0
[ 1173.542879][T15050]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1173.542922][T15050]  worker_thread+0x8a0/0xda0
[ 1173.542949][T15050]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1173.542992][T15050]  ? __kthread_parkme+0x7b/0x200
[ 1173.543028][T15050]  kthread+0x70e/0x8a0
[ 1173.543069][T15050]  ? __pfx_worker_thread+0x10/0x10
[ 1173.543090][T15050]  ? __pfx_kthread+0x10/0x10
[ 1173.543119][T15050]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1173.543137][T15050]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1173.543154][T15050]  ? __pfx_kthread+0x10/0x10
[ 1173.543181][T15050]  ret_from_fork+0x3fc/0x770
[ 1173.543204][T15050]  ? __pfx_ret_from_fork+0x10/0x10
[ 1173.543229][T15050]  ? __switch_to_asm+0x39/0x70
[ 1173.543253][T15050]  ? __switch_to_asm+0x33/0x70
[ 1173.543275][T15050]  ? __pfx_kthread+0x10/0x10
[ 1173.543302][T15050]  ret_from_fork_asm+0x1a/0x30
[ 1173.543343][T15050]  </TASK>
[ 1173.614501][T15050] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1173.824707][T16254] netlink: 14 bytes leftover after parsing attributes in process `syz.7.2531'.
[ 1173.833638][T15050] Bluetooth: hci0: failed to register connection device
[ 1174.371207][T15759] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1174.664527][T15759] usb 7-1: Using ep0 maxpacket: 8
[ 1174.672858][T15759] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1174.708499][T15759] usb 7-1: config 7 has an invalid interface number: 6 but max is 0
[ 1174.726907][T15759] usb 7-1: config 7 has no interface number 0
[ 1174.757521][T15759] usb 7-1: No eUSB2 isoc ep 15 companion for config 7 interface 6 altsetting 254
[ 1174.787614][T15759] usb 7-1: config 7 interface 6 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1174.862673][T15759] usb 7-1: config 7 interface 6 has no altsetting 0
[ 1174.913044][T15759] usb 7-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=30.9e
[ 1174.947015][T15759] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1175.135130][T15759] usb 7-1: Product: syz
[ 1175.153433][T15759] usb 7-1: Manufacturer: syz
[ 1176.531372][T16279] netlink: 'syz.1.2538': attribute type 11 has an invalid length.
[ 1176.563717][T15759] usb 7-1: SerialNumber: syz
[ 1176.822639][T15759] option 7-1:7.6: GSM modem (1-port) converter detected
[ 1178.864586][T15759] usb 7-1: USB disconnect, device number 2
[ 1178.872669][T15759] option 7-1:7.6: device disconnected
[ 1179.696724][T16301] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1179.712176][T16301] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2540'.
[ 1180.113716][T16315] fuse: Unknown parameter 'fd0xffffffffffffffff0000000000000000000000000000000000000000'
[ 1180.904662][T10633] Bluetooth: hci0: command 0x0406 tx timeout
[ 1181.515209][T15759] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[ 1181.644656][T12388] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[ 1181.664615][T15759] usb 3-1: device descriptor read/64, error -71
[ 1181.805197][T12388] usb 8-1: Using ep0 maxpacket: 8
[ 1181.815442][T12388] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1181.834076][T12388] usb 8-1: config 7 has an invalid interface number: 6 but max is 0
[ 1182.442436][T15759] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[ 1182.454863][T12388] usb 8-1: config 7 has no interface number 0
[ 1182.489882][T12388] usb 8-1: No eUSB2 isoc ep 15 companion for config 7 interface 6 altsetting 254
[ 1182.505859][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1182.512275][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1182.539964][T12388] usb 8-1: config 7 interface 6 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1182.559676][T12388] usb 8-1: config 7 interface 6 has no altsetting 0
[ 1182.581895][T12388] usb 8-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=30.9e
[ 1182.600190][T15759] usb 3-1: device descriptor read/64, error -71
[ 1182.647331][T12388] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1182.850356][T15759] usb usb3-port1: attempt power cycle
[ 1182.865959][T12388] usb 8-1: Product: syz
[ 1182.870186][T12388] usb 8-1: Manufacturer: syz
[ 1182.877732][T12388] usb 8-1: SerialNumber: syz
[ 1183.594513][T15759] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[ 1183.779763][T15759] usb 3-1: device descriptor read/8, error -71
[ 1183.804414][  T925] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[ 1183.837333][T12388] option 8-1:7.6: GSM modem (1-port) converter detected
[ 1183.931935][T12388] usb 8-1: USB disconnect, device number 2
[ 1184.094415][  T925] usb 2-1: Using ep0 maxpacket: 8
[ 1184.105640][T15759] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[ 1184.168577][T16361] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1184.212693][T12388] option 8-1:7.6: device disconnected
[ 1184.445752][  T925] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1184.467771][  T925] usb 2-1: config 7 has an invalid interface number: 6 but max is 0
[ 1184.476707][  T925] usb 2-1: config 7 has no interface number 0
[ 1184.483309][  T925] usb 2-1: No eUSB2 isoc ep 15 companion for config 7 interface 6 altsetting 254
[ 1184.492629][  T925] usb 2-1: config 7 interface 6 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1184.506064][  T925] usb 2-1: config 7 interface 6 has no altsetting 0
[ 1184.512643][T15759] usb 3-1: device descriptor read/8, error -71
[ 1184.526256][  T925] usb 2-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=30.9e
[ 1184.540663][T16364] tun0: tun_chr_ioctl cmd 1074025694
[ 1184.597129][  T925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1184.656124][T15759] usb usb3-port1: unable to enumerate USB device
[ 1184.667724][T16366] fuse: Bad value for 'fd'
[ 1184.667724][T16365] fuse: Bad value for 'fd'
[ 1185.358658][  T925] usb 2-1: Product: syz
[ 1185.363164][  T925] usb 2-1: Manufacturer: syz
[ 1185.409758][  T925] usb 2-1: SerialNumber: syz
[ 1185.800380][T16377] fuse: Unknown parameter 'fd0xffffffffffffffff0000000000000000000000000000000000000000'
[ 1186.481237][  T925] option 2-1:7.6: GSM modem (1-port) converter detected
[ 1186.578050][T16383] Invalid source name
[ 1186.583049][T16383] UBIFS error (pid: 16383): cannot open "usrquota", error -22
[ 1186.592341][  T925] usb 2-1: USB disconnect, device number 60
[ 1186.820757][  T925] option 2-1:7.6: device disconnected
[ 1189.656321][T12388] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[ 1189.721159][T16429] fuse: Unknown parameter 'fd0xffffffffffffffff0000000000000000000000000000000000000000'
[ 1189.747359][T15760] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[ 1189.834786][T12388] usb 2-1: Using ep0 maxpacket: 8
[ 1189.956287][T15760] usb 3-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad
[ 1189.987857][T12388] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1190.092448][T15760] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1190.165814][T12388] usb 2-1: config 7 has an invalid interface number: 6 but max is 0
[ 1190.376036][T15760] usb 3-1: config 0 descriptor??
[ 1190.381227][T12388] usb 2-1: config 7 has no interface number 0
[ 1190.528764][T12388] usb 2-1: No eUSB2 isoc ep 15 companion for config 7 interface 6 altsetting 254
[ 1190.540526][T12388] usb 2-1: config 7 interface 6 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1190.560425][T12388] usb 2-1: config 7 interface 6 has no altsetting 0
[ 1190.570382][T12388] usb 2-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=30.9e
[ 1190.598806][T12388] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1190.635457][T12388] usb 2-1: Product: syz
[ 1190.647104][T12388] usb 2-1: Manufacturer: syz
[ 1190.652746][T12388] usb 2-1: SerialNumber: syz
[ 1190.774278][T15760] snd-usb-hiface 3-1:0.0: probe with driver snd-usb-hiface failed with error -22
[ 1190.864547][T15759] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[ 1190.953893][ T5961] usb 3-1: USB disconnect, device number 80
[ 1191.006610][T12388] option 2-1:7.6: GSM modem (1-port) converter detected
[ 1191.034658][T15759] usb 8-1: Using ep0 maxpacket: 8
[ 1191.053543][T15759] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1191.070030][T12388] usb 2-1: USB disconnect, device number 61
[ 1191.083428][T15759] usb 8-1: config 7 has an invalid interface number: 6 but max is 0
[ 1191.097024][T12388] option 2-1:7.6: device disconnected
[ 1191.102681][T15759] usb 8-1: config 7 has no interface number 0
[ 1191.128380][T15759] usb 8-1: No eUSB2 isoc ep 15 companion for config 7 interface 6 altsetting 254
[ 1191.154545][T15759] usb 8-1: config 7 interface 6 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1191.174472][T15760] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1191.203249][T15759] usb 8-1: config 7 interface 6 has no altsetting 0
[ 1191.241660][T15759] usb 8-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=30.9e
[ 1191.261474][T15759] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1191.281773][T15759] usb 8-1: Product: syz
[ 1191.292075][T15759] usb 8-1: Manufacturer: syz
[ 1191.302245][T15759] usb 8-1: SerialNumber: syz
[ 1191.359685][T15760] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1191.401892][T15760] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1191.419641][T15760] usb 7-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[ 1191.429491][T15760] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1191.445571][T15760] usb 7-1: config 0 descriptor??
[ 1191.530383][T15759] option 8-1:7.6: GSM modem (1-port) converter detected
[ 1191.600452][T15759] usb 8-1: USB disconnect, device number 3
[ 1191.659705][T15759] option 8-1:7.6: device disconnected
[ 1192.959312][T16457] veth0_to_team: entered promiscuous mode
[ 1192.965227][T16457] veth0_to_team: entered allmulticast mode
[ 1196.284098][T16480] fuse: Unknown parameter 'fd0xffffffffffffffff0000000000000000000000000000000000000000'
[ 1197.173056][T16486] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1197.302964][T15760] usbhid 7-1:0.0: can't add hid device: -71
[ 1197.330050][T15760] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 1197.504726][T15760] usb 7-1: USB disconnect, device number 3
[ 1198.022139][   T30] kauditd_printk_skb: 7 callbacks suppressed
[ 1198.022156][   T30] audit: type=1804 audit(1754099748.346:149): pid=16493 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.2587" name="/newroot/554/file0" dev="tmpfs" ino=2962 res=1 errno=0
[ 1198.798478][T16497] 9pnet_fd: Insufficient options for proto=fd
[ 1199.087923][T16500] loop6: detected capacity change from 0 to 64
[ 1199.699571][T13772] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1199.709092][T13772] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1199.718596][T13772] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1199.797820][T13772] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1199.833117][T13772] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1200.025827][T16508] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1200.055216][T16510] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2591'.
[ 1200.247218][T16514] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1200.692427][T16504] IPVS: set_ctl: invalid protocol: 5780 11.26.194.15:45840
[ 1200.752521][T13717] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[ 1200.889898][T16520] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1200.945218][T13717] usb 7-1: Using ep0 maxpacket: 8
[ 1201.054405][T13717] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1201.105416][T13717] usb 7-1: config 7 has an invalid interface number: 6 but max is 0
[ 1201.113775][T13717] usb 7-1: config 7 has no interface number 0
[ 1201.169498][T13717] usb 7-1: No eUSB2 isoc ep 15 companion for config 7 interface 6 altsetting 254
[ 1201.331165][T13717] usb 7-1: config 7 interface 6 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1201.470248][T16522] 9pnet_fd: Insufficient options for proto=fd
[ 1201.476766][T13717] usb 7-1: config 7 interface 6 has no altsetting 0
[ 1201.489831][T13717] usb 7-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=30.9e
[ 1201.509522][T13717] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1201.676433][T13717] usb 7-1: Product: syz
[ 1201.680716][T13717] usb 7-1: Manufacturer: syz
[ 1201.909423][T16522] wg1 speed is unknown, defaulting to 1000
[ 1201.927898][T16522] lo speed is unknown, defaulting to 1000
[ 1201.946722][T13717] usb 7-1: SerialNumber: syz
[ 1202.230905][T16527] wg1 speed is unknown, defaulting to 1000
[ 1202.253909][T16527] lo speed is unknown, defaulting to 1000
[ 1202.756063][T16544] fuse: Unknown parameter 'fd0xffffffffffffffff0000000000000000000000000000000000000000'
[ 1203.437452][T13717] option 7-1:7.6: GSM modem (1-port) converter detected
[ 1203.573197][T13717] usb 7-1: USB disconnect, device number 4
[ 1203.810044][T16550] binder: BINDER_SET_CONTEXT_MGR already set
[ 1203.816665][T16550] binder: 16549:16550 ioctl 4018620d 200000000040 returned -16
[ 1203.822189][T13717] option 7-1:7.6: device disconnected
[ 1204.802628][   T30] audit: type=1804 audit(1754099755.126:150): pid=16566 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.2603" name="/newroot/25/file0" dev="tmpfs" ino=152 res=1 errno=0
[ 1206.059551][T16572] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1206.191750][T16578] netlink: 'syz.6.2606': attribute type 2 has an invalid length.
[ 1207.642109][T16595] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2611'.
[ 1207.702502][T16598] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2611'.
[ 1207.882150][T16601] FAULT_INJECTION: forcing a failure.
[ 1207.882150][T16601] name failslab, interval 1, probability 0, space 0, times 0
[ 1207.971534][T16601] CPU: 1 UID: 0 PID: 16601 Comm: syz.6.2612 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1207.971564][T16601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1207.971578][T16601] Call Trace:
[ 1207.971586][T16601]  <TASK>
[ 1207.971595][T16601]  dump_stack_lvl+0x189/0x250
[ 1207.971625][T16601]  ? __pfx____ratelimit+0x10/0x10
[ 1207.971648][T16601]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1207.971672][T16601]  ? __pfx__printk+0x10/0x10
[ 1207.971706][T16601]  ? __pfx___might_resched+0x10/0x10
[ 1207.971728][T16601]  ? fs_reclaim_acquire+0x7d/0x100
[ 1207.971759][T16601]  should_fail_ex+0x414/0x560
[ 1207.971787][T16601]  should_failslab+0xa8/0x100
[ 1207.971813][T16601]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1207.971833][T16601]  ? getname_flags+0xb8/0x540
[ 1207.971863][T16601]  getname_flags+0xb8/0x540
[ 1207.971893][T16601]  do_sys_openat2+0xbc/0x1c0
[ 1207.971947][T16601]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1207.971974][T16601]  ? ksys_write+0x22a/0x250
[ 1207.971995][T16601]  ? __pfx_ksys_write+0x10/0x10
[ 1207.972011][T16601]  ? rcu_is_watching+0x15/0xb0
[ 1207.972040][T16601]  __x64_sys_openat+0x138/0x170
[ 1207.972072][T16601]  do_syscall_64+0xfa/0x3b0
[ 1207.972093][T16601]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1207.972115][T16601]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1207.972134][T16601]  ? clear_bhb_loop+0x60/0xb0
[ 1207.972158][T16601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1207.972178][T16601] RIP: 0033:0x7f5c3818eb69
[ 1207.972195][T16601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1207.972212][T16601] RSP: 002b:00007f5c3908e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1207.972234][T16601] RAX: ffffffffffffffda RBX: 00007f5c383b5fa0 RCX: 00007f5c3818eb69
[ 1207.972249][T16601] RDX: 0000000000000000 RSI: 0000200000000580 RDI: ffffffffffffff9c
[ 1207.972263][T16601] RBP: 00007f5c3908e090 R08: 0000000000000000 R09: 0000000000000000
[ 1207.972275][T16601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1207.972287][T16601] R13: 0000000000000000 R14: 00007f5c383b5fa0 R15: 00007ffedb99f678
[ 1207.972317][T16601]  </TASK>
[ 1208.184712][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1210.178665][T16621] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1210.845133][   T30] audit: type=1804 audit(1754099760.716:151): pid=16627 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.2616" name="/newroot/558/file0" dev="tmpfs" ino=2984 res=1 errno=0
[ 1210.865821][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1211.289503][T16635] syz.7.2619: attempt to access beyond end of device
[ 1211.289503][T16635] loop15: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1211.303109][T16635] FAT-fs (loop15): unable to read boot sector
[ 1212.141516][T16640] 9pnet_fd: Insufficient options for proto=fd
[ 1212.587694][T16641] wg1 speed is unknown, defaulting to 1000
[ 1212.603892][T16641] lo speed is unknown, defaulting to 1000
[ 1213.072418][T16640] wg1 speed is unknown, defaulting to 1000
[ 1213.127148][T16640] lo speed is unknown, defaulting to 1000
[ 1214.314816][T12388] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[ 1214.587218][T12388] usb 7-1: config 0 has an invalid descriptor of length 250, skipping remainder of the config
[ 1214.664950][T12388] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1214.712027][T12388] usb 7-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[ 1214.751201][T12388] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=4
[ 1214.779719][T12388] usb 7-1: SerialNumber: syz
[ 1214.801799][T12388] usb 7-1: config 0 descriptor??
[ 1214.868709][T12388] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[ 1215.709108][T16690] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1215.951708][  T925] usb 7-1: USB disconnect, device number 5
[ 1217.607100][T16707] overlayfs: conflicting options: userxattr,redirect_dir=on
[ 1218.055124][T16719] 9pnet_fd: Insufficient options for proto=fd
[ 1219.429223][T16726] netlink: 'syz.4.2636': attribute type 1 has an invalid length.
[ 1219.445955][T16719] wg1 speed is unknown, defaulting to 1000
[ 1219.525894][T15760] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[ 1219.681427][T16726] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1219.746450][T15760] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1219.757387][T16721] wg1 speed is unknown, defaulting to 1000
[ 1219.831926][T15760] usb 7-1: can't read configurations, error -61
[ 1220.319987][T16728] bond0: (slave veth0_to_bond): Releasing active interface
[ 1220.374874][T15760] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[ 1220.781114][T16728] bond2: (slave veth0_to_bond): Enslaving as an active interface with a down link
[ 1221.041278][T16719] lo speed is unknown, defaulting to 1000
[ 1221.408495][T16721] lo speed is unknown, defaulting to 1000
[ 1222.439990][   T30] audit: type=1400 audit(1754099772.196:152): lsm=SMACK fn=smack_inode_remove_acl action=denied subject="w" object="_" requested=w pid=16744 comm="syz.2.2639" name="file1" dev="tmpfs" ino=2872
[ 1223.814184][T16757] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2642'.
[ 1223.848133][T16761] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1223.965419][T16762] binder: 16756:16762 ioctl c0306201 200000000080 returned -14
[ 1224.084527][T16761] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2641'.
[ 1225.495034][T15759] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[ 1225.799393][T15759] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[ 1225.829746][T15759] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1225.843544][T16783] overlayfs: conflicting options: userxattr,redirect_dir=on
[ 1225.878043][T15759] usb 2-1: Product: syz
[ 1225.934972][   T24] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[ 1225.945484][T15759] usb 2-1: Manufacturer: syz
[ 1225.950165][T15759] usb 2-1: SerialNumber: syz
[ 1226.229546][   T24] usb 5-1: device descriptor read/64, error -71
[ 1226.347263][T15759] usb 2-1: config 0 descriptor??
[ 1226.567983][T15759] gspca_main: sunplus-2.14.0 probing 04fc:504a
[ 1226.621225][T16788] CIFS mount error: No usable UNC path provided in device string!
[ 1226.621225][T16788] 
[ 1226.672082][T16788] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1226.692309][T15760] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[ 1226.698273][   T24] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[ 1226.996189][   T24] usb 5-1: device descriptor read/64, error -71
[ 1227.208311][T15759] gspca_sunplus: reg_r err -110
[ 1227.398127][T15760] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1227.406286][T15760] usb 7-1: can't read configurations, error -61
[ 1227.453139][   T24] usb usb5-port1: attempt power cycle
[ 1227.574476][T15760] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[ 1227.728010][T15760] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1227.737661][T15760] usb 7-1: can't read configurations, error -61
[ 1227.782987][T15760] usb usb7-port1: attempt power cycle
[ 1227.916481][T15759] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[ 1228.088409][T15759] usb 8-1: Using ep0 maxpacket: 8
[ 1228.276338][T15759] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1228.324603][T15760] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[ 1228.591274][T16811] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1228.789339][T15759] usb 8-1: config 7 has an invalid interface number: 6 but max is 0
[ 1228.815684][T15759] usb 8-1: config 7 has no interface number 0
[ 1228.821891][T15759] usb 8-1: No eUSB2 isoc ep 15 companion for config 7 interface 6 altsetting 254
[ 1228.839300][T15760] usb 7-1: device descriptor read/8, error -71
[ 1228.851097][T15759] usb 8-1: config 7 interface 6 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1228.864199][T15759] usb 8-1: config 7 interface 6 has no altsetting 0
[ 1228.873479][T15759] usb 8-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=30.9e
[ 1228.895111][T15759] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1228.903133][T15759] usb 8-1: Product: syz
[ 1228.922081][   T24] usb 2-1: USB disconnect, device number 62
[ 1228.931875][T15759] usb 8-1: Manufacturer: syz
[ 1229.007178][T15759] usb 8-1: SerialNumber: syz
[ 1229.284929][T15759] option 8-1:7.6: GSM modem (1-port) converter detected
[ 1229.985788][T15759] usb 8-1: USB disconnect, device number 4
[ 1230.011593][T15759] option 8-1:7.6: device disconnected
[ 1230.104928][T16823] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2658'.
[ 1230.274410][ T5928] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[ 1230.540664][T16836] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1230.723421][ T5928] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1230.846181][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1230.983550][ T5928] usb 2-1: Product: syz
[ 1231.004351][ T5928] usb 2-1: Manufacturer: syz
[ 1231.049430][ T5928] usb 2-1: SerialNumber: syz
[ 1231.097574][ T5928] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1231.148843][   T24] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1231.260193][T16843] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2662'.
[ 1231.695530][  T925] usb 2-1: USB disconnect, device number 63
[ 1231.852246][T16856] overlayfs: conflicting options: userxattr,redirect_dir=on
[ 1232.276648][   T24] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[ 1232.301682][   T24] ath9k_htc: Failed to initialize the device
[ 1232.449340][  T925] usb 2-1: ath9k_htc: USB layer deinitialized
[ 1232.749384][   T30] audit: type=1804 audit(1754099783.076:153): pid=16872 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.2667" name="/newroot/42/file0" dev="tmpfs" ino=245 res=1 errno=0
[ 1232.984794][   T43] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 1233.318820][   T43] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1233.348960][   T43] usb 5-1: can't read configurations, error -61
[ 1233.524838][   T43] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[ 1233.664591][T15760] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[ 1233.824478][T15760] usb 8-1: Using ep0 maxpacket: 8
[ 1233.833386][T15760] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1233.882109][T15760] usb 8-1: config 7 has an invalid interface number: 6 but max is 0
[ 1233.929582][T15760] usb 8-1: config 7 has no interface number 0
[ 1233.961034][T15760] usb 8-1: No eUSB2 isoc ep 15 companion for config 7 interface 6 altsetting 254
[ 1234.004461][T15760] usb 8-1: config 7 interface 6 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1234.067043][T15760] usb 8-1: config 7 interface 6 has no altsetting 0
[ 1234.128251][T15760] usb 8-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=30.9e
[ 1234.172778][T15760] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1234.219223][T15760] usb 8-1: Product: syz
[ 1234.244073][T15760] usb 8-1: Manufacturer: syz
[ 1234.281681][T15760] usb 8-1: SerialNumber: syz
[ 1234.554190][   T43] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1234.577314][   T43] usb 5-1: can't read configurations, error -61
[ 1234.594405][   T43] usb usb5-port1: attempt power cycle
[ 1234.826472][T15760] option 8-1:7.6: GSM modem (1-port) converter detected
[ 1235.041360][   T43] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[ 1235.134145][T15760] usb 8-1: USB disconnect, device number 5
[ 1235.252382][T15760] option 8-1:7.6: device disconnected
[ 1235.273505][   T43] usb 5-1: device descriptor read/8, error -71
[ 1235.554464][ T5961] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[ 1235.688600][ T5961] usb 2-1: device descriptor read/64, error -71
[ 1235.706156][T16912] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2675'.
[ 1235.781043][T10633] Bluetooth: hci3: command 0x0406 tx timeout
[ 1235.959872][T16927] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1236.025795][ T5961] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[ 1236.264486][ T5961] usb 2-1: device descriptor read/64, error -71
[ 1236.406550][ T5961] usb usb2-port1: attempt power cycle
[ 1237.505106][ T5961] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[ 1237.542036][ T5961] usb 2-1: device descriptor read/8, error -71
[ 1237.828292][ T5961] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[ 1237.869355][ T5961] usb 2-1: device descriptor read/8, error -71
[ 1237.995368][T16952] 9pnet_fd: Insufficient options for proto=fd
[ 1237.995972][ T5961] usb usb2-port1: unable to enumerate USB device
[ 1238.060527][T16954] overlayfs: conflicting options: userxattr,redirect_dir=on
[ 1238.199432][T16952] wg1 speed is unknown, defaulting to 1000
[ 1238.272067][T16952] lo speed is unknown, defaulting to 1000
[ 1238.529372][T16955] wg1 speed is unknown, defaulting to 1000
[ 1238.604771][   T43] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[ 1238.711038][T16967] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1238.770347][T16967] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2688'.
[ 1238.843181][T16955] lo speed is unknown, defaulting to 1000
[ 1238.914802][  T925] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[ 1239.404558][   T43] usb 5-1: Using ep0 maxpacket: 8
[ 1239.413332][   T43] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1239.455181][  T925] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1239.474064][   T43] usb 5-1: config 7 has an invalid interface number: 6 but max is 0
[ 1239.494499][  T925] usb 8-1: can't read configurations, error -61
[ 1239.502466][   T43] usb 5-1: config 7 has no interface number 0
[ 1239.524958][   T43] usb 5-1: No eUSB2 isoc ep 15 companion for config 7 interface 6 altsetting 254
[ 1239.615607][   T43] usb 5-1: config 7 interface 6 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1239.644438][  T925] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[ 1239.713790][   T43] usb 5-1: config 7 interface 6 has no altsetting 0
[ 1239.787835][   T43] usb 5-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=30.9e
[ 1239.804467][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1239.828095][   T43] usb 5-1: Product: syz
[ 1239.863300][   T43] usb 5-1: Manufacturer: syz
[ 1239.888619][  T925] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1239.937387][   T43] usb 5-1: SerialNumber: syz
[ 1239.984050][  T925] usb 8-1: can't read configurations, error -61
[ 1240.077767][  T925] usb usb8-port1: attempt power cycle
[ 1240.836989][   T43] option 5-1:7.6: GSM modem (1-port) converter detected
[ 1240.854832][   T43] usb 5-1: USB disconnect, device number 48
[ 1240.863507][   T43] option 5-1:7.6: device disconnected
[ 1240.869218][  T925] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[ 1240.905369][T10633] Bluetooth: hci0: command 0x0406 tx timeout
[ 1240.953249][  T925] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1240.974487][  T925] usb 8-1: can't read configurations, error -61
[ 1241.274530][  T925] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[ 1241.946521][  T925] usb 8-1: device descriptor read/8, error -71
[ 1242.112163][  T925] usb usb8-port1: unable to enumerate USB device
[ 1242.179049][T16999] binder: 16995:16999 ioctl c0306201 200000000540 returned -14
[ 1242.789693][  T925] libceph: connect (1)[c::]:6789 error -101
[ 1242.821659][T16997] ceph: No mds server is up or the cluster is laggy
[ 1242.863899][  T925] libceph: mon0 (1)[c::]:6789 connect error
[ 1242.927626][T17008] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2695'.
[ 1243.942550][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1243.949138][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1244.583382][T16990] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[ 1244.796218][T16990] usb 7-1: config index 0 descriptor too short (expected 65069, got 45)
[ 1244.916514][T16990] usb 7-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0
[ 1245.135572][T16990] usb 7-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255
[ 1245.363262][T16990] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1245.374548][T16990] usb 7-1: config 0 has no interfaces?
[ 1245.380688][T16990] usb 7-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[ 1245.394421][T16990] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1245.415454][T16990] usb 7-1: config 0 descriptor??
[ 1245.660343][T17048] overlayfs: conflicting options: userxattr,redirect_dir=on
[ 1247.404273][ T9535] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[ 1247.416025][T17064] comedi comedi0: dt2815: I/O port conflict (0x9,2)
[ 1247.724291][T17066] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2709'.
[ 1247.738503][ T9535] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1247.762061][ T9535] usb 5-1: can't read configurations, error -61
[ 1247.831828][T15760] usb 7-1: USB disconnect, device number 12
[ 1247.895193][ T9535] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[ 1248.089340][ T9535] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1248.113846][ T9535] usb 5-1: can't read configurations, error -61
[ 1248.154169][ T9535] usb usb5-port1: attempt power cycle
[ 1248.259798][T17086] 9pnet_fd: Insufficient options for proto=fd
[ 1248.314579][   T43] usb 8-1: new full-speed USB device number 10 using dummy_hcd
[ 1248.316164][T17091] random: crng reseeded on system resumption
[ 1248.447889][T17097] wg1 speed is unknown, defaulting to 1000
[ 1248.476852][T17097] lo speed is unknown, defaulting to 1000
[ 1248.523473][   T43] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1248.532429][   T43] usb 8-1: can't read configurations, error -61
[ 1248.544685][ T9535] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[ 1248.579956][ T9535] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1248.593459][ T9535] usb 5-1: can't read configurations, error -61
[ 1248.664651][   T43] usb 8-1: new full-speed USB device number 11 using dummy_hcd
[ 1248.718961][T17086] wg1 speed is unknown, defaulting to 1000
[ 1248.725286][ T9535] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[ 1248.739742][T17086] lo speed is unknown, defaulting to 1000
[ 1248.779009][ T9535] usb 5-1: device descriptor read/8, error -71
[ 1248.894951][ T9535] usb usb5-port1: unable to enumerate USB device
[ 1248.929322][   T43] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1248.941861][   T43] usb 8-1: can't read configurations, error -61
[ 1248.956864][   T43] usb usb8-port1: attempt power cycle
[ 1249.362603][   T43] usb 8-1: new full-speed USB device number 12 using dummy_hcd
[ 1249.451466][   T43] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1249.476766][   T43] usb 8-1: can't read configurations, error -61
[ 1249.644455][   T43] usb 8-1: new full-speed USB device number 13 using dummy_hcd
[ 1249.736212][   T43] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1249.758597][   T43] usb 8-1: can't read configurations, error -61
[ 1250.556906][   T43] usb usb8-port1: unable to enumerate USB device
[ 1250.914460][ T5961] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[ 1251.074580][ T5961] usb 7-1: Using ep0 maxpacket: 32
[ 1251.100034][ T5961] usb 7-1: config 0 has an invalid interface number: 85 but max is 0
[ 1251.142694][ T5961] usb 7-1: config 0 has no interface number 0
[ 1251.189583][ T5961] usb 7-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1251.253992][ T5961] usb 7-1: config 0 interface 85 has no altsetting 0
[ 1251.312207][ T5961] usb 7-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1251.346201][ T5961] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1251.368958][ T5961] usb 7-1: Product: syz
[ 1251.381092][ T5961] usb 7-1: Manufacturer: syz
[ 1251.393433][ T5961] usb 7-1: SerialNumber: syz
[ 1251.443128][ T5961] usb 7-1: config 0 descriptor??
[ 1252.115634][ T5961] appletouch 7-1:0.85: Failed to request geyser raw mode
[ 1252.241572][ T5961] appletouch 7-1:0.85: probe with driver appletouch failed with error -5
[ 1252.622260][ T5961] usb 7-1: USB disconnect, device number 13
[ 1253.373372][T17142] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2721'.
[ 1254.567345][T17165] overlayfs: conflicting options: userxattr,redirect_dir=on
[ 1255.749821][T17172] Bluetooth: MGMT ver 1.23
[ 1256.664108][T16990] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[ 1256.837118][T16990] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1257.204503][T17195] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1257.300583][T16990] usb 5-1: can't read configurations, error -61
[ 1257.332914][T17196] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1257.444667][T16990] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[ 1258.023295][T16990] usb 5-1: device descriptor read/all, error -71
[ 1258.066755][T16990] usb usb5-port1: attempt power cycle
[ 1258.087642][T17202] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2733'.
[ 1264.839148][T17259] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2746'.
[ 1264.997041][T17265] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1265.735786][T17270] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1267.535503][T15760] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[ 1267.937602][T15760] usb 8-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[ 1267.948747][T15760] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1267.961910][T15760] usb 8-1: config 0 descriptor??
[ 1267.983627][T17300] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2760'.
[ 1268.013977][T15760] gspca_main: spca508-2.14.0 probing 8086:0110
[ 1268.174566][ T5961] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[ 1268.220802][T15760] gspca_spca508: reg_read err -71
[ 1268.241660][T15760] gspca_spca508: reg_read err -71
[ 1268.300784][T15760] gspca_spca508: reg_read err -71
[ 1270.284715][T15760] gspca_spca508: reg_read err -71
[ 1270.303391][T15760] gspca_spca508: reg_read err -71
[ 1270.316032][ T5961] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1270.354439][ T5961] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1270.368758][T15760] gspca_spca508: reg write: error -71
[ 1270.375836][T15760] spca508 8-1:0.0: probe with driver spca508 failed with error -71
[ 1270.581236][T15760] usb 8-1: USB disconnect, device number 14
[ 1271.070540][ T5961] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[ 1271.129368][ T5961] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1271.179016][ T5961] usb 3-1: config 0 descriptor??
[ 1271.245985][T17323] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1271.417031][ T5961] usb 3-1: can't set config #0, error -71
[ 1271.493013][ T5961] usb 3-1: USB disconnect, device number 81
[ 1271.814361][T17334] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1272.031606][T17335] overlayfs: conflicting options: userxattr,redirect_dir=on
[ 1272.706759][T17333] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2769'.
[ 1272.744562][T16990] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[ 1272.802963][T17330] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2768'.
[ 1272.835433][T17345] overlayfs: failed to resolve './file0': -2
[ 1272.935443][T16990] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1272.977770][T16990] usb 8-1: can't read configurations, error -61
[ 1273.052704][T17353] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2772'.
[ 1273.159918][T16990] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[ 1273.322289][T16990] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1273.350951][T17358] netlink: 25 bytes leftover after parsing attributes in process `syz.6.2774'.
[ 1273.394520][T16990] usb 8-1: can't read configurations, error -61
[ 1273.405322][T16990] usb usb8-port1: attempt power cycle
[ 1274.211848][T16990] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[ 1274.349372][T16990] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1274.371387][T16990] usb 8-1: can't read configurations, error -61
[ 1274.514444][T16990] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[ 1274.546669][T16990] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1274.563017][T16990] usb 8-1: can't read configurations, error -61
[ 1274.573549][T16990] usb usb8-port1: unable to enumerate USB device
[ 1274.634764][T13717] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[ 1274.731297][T17385] lo: entered allmulticast mode
[ 1274.827477][T13717] usb 7-1: Using ep0 maxpacket: 8
[ 1274.850377][T13717] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1274.869449][T17384] lo: left allmulticast mode
[ 1274.878795][T13717] usb 7-1: config 7 has an invalid interface number: 6 but max is 0
[ 1274.897063][T13717] usb 7-1: config 7 has no interface number 0
[ 1274.912664][T13717] usb 7-1: No eUSB2 isoc ep 15 companion for config 7 interface 6 altsetting 254
[ 1274.936246][T13717] usb 7-1: config 7 interface 6 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1274.965848][T13717] usb 7-1: config 7 interface 6 has no altsetting 0
[ 1274.986270][T13717] usb 7-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=30.9e
[ 1275.008523][T13717] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1275.031080][T13717] usb 7-1: Product: syz
[ 1275.045663][T13717] usb 7-1: Manufacturer: syz
[ 1275.055798][T13717] usb 7-1: SerialNumber: syz
[ 1275.228636][T17396] fuse: Unknown parameter 'fd0xffffffffffffffff0000000000000000000000000000000000000000'
[ 1275.301972][T13717] option 7-1:7.6: GSM modem (1-port) converter detected
[ 1275.418742][T13717] usb 7-1: USB disconnect, device number 14
[ 1275.526477][T13717] option 7-1:7.6: device disconnected
[ 1275.849482][T17405] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2784'.
[ 1276.134657][T13717] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[ 1276.238446][T13717] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1277.254436][T16990] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[ 1277.468449][T16990] usb 8-1: Using ep0 maxpacket: 32
[ 1277.527851][T16990] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1277.565332][T16990] usb 8-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[ 1277.598242][T16990] usb 8-1: config 0 interface 0 has no altsetting 0
[ 1277.655578][T16990] usb 8-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[ 1277.694446][T16990] usb 8-1: New USB device strings: Mfr=229, Product=1, SerialNumber=3
[ 1277.734827][T16990] usb 8-1: Product: syz
[ 1277.739917][T16990] usb 8-1: Manufacturer: syz
[ 1278.097455][T17436] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2790'.
[ 1278.588487][T16990] usb 8-1: SerialNumber: syz
[ 1278.616521][T16990] usb 8-1: config 0 descriptor??
[ 1280.419376][T16990] gs_usb 8-1:0.0: Couldn't send data format (err=-71)
[ 1280.443563][T16990] gs_usb 8-1:0.0: probe with driver gs_usb failed with error -71
[ 1280.469336][T16990] usb 8-1: USB disconnect, device number 19
[ 1282.198260][T15760] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 1282.329677][T17461] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2797'.
[ 1282.418589][T15760] usb 5-1: Using ep0 maxpacket: 8
[ 1282.432897][T15760] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1282.481980][T15760] usb 5-1: config 7 has an invalid interface number: 6 but max is 0
[ 1282.508910][T15760] usb 5-1: config 7 has no interface number 0
[ 1282.586737][T15760] usb 5-1: No eUSB2 isoc ep 15 companion for config 7 interface 6 altsetting 254
[ 1282.634348][T15760] usb 5-1: config 7 interface 6 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1282.683387][T15760] usb 5-1: config 7 interface 6 has no altsetting 0
[ 1282.727939][T15760] usb 5-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=30.9e
[ 1282.790165][T15760] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1282.824450][T15760] usb 5-1: Product: syz
[ 1282.837836][T15760] usb 5-1: Manufacturer: syz
[ 1282.873000][T15760] usb 5-1: SerialNumber: syz
[ 1282.945969][T10633] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1282.977245][T10633] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1282.986773][T10633] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1282.996257][T10633] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1283.005572][T10633] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1283.092907][T17476] wg1 speed is unknown, defaulting to 1000
[ 1283.104230][T17476] lo speed is unknown, defaulting to 1000
[ 1283.251885][T15760] option 5-1:7.6: GSM modem (1-port) converter detected
[ 1283.297338][T15760] usb 5-1: USB disconnect, device number 56
[ 1284.213925][T15760] option 5-1:7.6: device disconnected
[ 1285.063791][T10633] Bluetooth: hci5: command tx timeout
[ 1285.708067][T10859] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1285.786682][T17476] chnl_net:caif_netlink_parms(): no params data found
[ 1286.081120][T17516] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2808'.
[ 1286.871314][T10859] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1287.016678][   T30] audit: type=1107 audit(2000000049.390:154): pid=17524 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=''
[ 1287.134601][T10633] Bluetooth: hci5: command tx timeout
[ 1287.212594][T10859] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1288.596845][T10859] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1289.214473][T10633] Bluetooth: hci5: command tx timeout
[ 1289.397371][T17476] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1289.448079][T17476] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1289.552545][T17476] bridge_slave_0: entered allmulticast mode
[ 1289.628109][   T30] audit: type=1804 audit(2000000051.960:155): pid=17560 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.2816" name="/newroot/71/file0" dev="tmpfs" ino=392 res=1 errno=0
[ 1289.746391][T17476] bridge_slave_0: entered promiscuous mode
[ 1290.615028][T17476] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1290.622226][T17476] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1290.675498][   T30] audit: type=1804 audit(2000000052.830:156): pid=17566 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.2815" name="/newroot/560/file0" dev="tmpfs" ino=3023 res=1 errno=0
[ 1290.910359][T17571] delete_channel: no stack
[ 1291.230104][T17476] bridge_slave_1: entered allmulticast mode
[ 1291.272247][T17476] bridge_slave_1: entered promiscuous mode
[ 1291.297730][T10633] Bluetooth: hci5: command tx timeout
[ 1292.919459][T17476] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1293.004100][T17585] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1293.369173][T17476] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1293.483675][T17586] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2821'.
[ 1293.923037][T17476] team0: Port device team_slave_0 added
[ 1294.617575][T17476] team0: Port device team_slave_1 added
[ 1294.927644][T10859] bridge_slave_1: left allmulticast mode
[ 1295.115314][T10859] bridge_slave_1: left promiscuous mode
[ 1295.122296][T10859] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1296.065530][T10859] bridge_slave_0: left allmulticast mode
[ 1296.072171][T10859] bridge_slave_0: left promiscuous mode
[ 1296.228414][T17618] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1296.459234][T17618] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2826'.
[ 1296.526770][T10859] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1298.154866][T12388] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[ 1298.405460][T12388] usb 5-1: config index 0 descriptor too short (expected 12306, got 18)
[ 1298.413934][T12388] usb 5-1: config 48 has too many interfaces: 120, using maximum allowed: 32
[ 1298.577811][T12388] usb 5-1: config 48 has an invalid descriptor of length 48, skipping remainder of the config
[ 1298.682595][T12388] usb 5-1: config 48 has 0 interfaces, different from the descriptor's value: 120
[ 1298.869239][T12388] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1298.884509][T12388] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1298.892611][T12388] usb 5-1: Product: syz
[ 1298.904820][T12388] usb 5-1: Manufacturer: syz
[ 1298.909479][T12388] usb 5-1: SerialNumber: syz
[ 1299.478527][ T5961] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[ 1299.644008][T17639] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1299.690802][T17639] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1299.762714][ T5961] usb 8-1: config 0 interface 0 has no altsetting 0
[ 1299.770403][ T5961] usb 8-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[ 1299.799008][ T5961] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1299.933737][ T5961] usb 8-1: config 0 descriptor??
[ 1299.934997][T10859] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1300.145827][T10859] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1300.167006][T10859] bond0 (unregistering): Released all slaves
[ 1300.222706][T12388] usb 5-1: USB disconnect, device number 57
[ 1300.359427][T10859] bond1 (unregistering): (slave batadv1): Releasing active interface
[ 1300.371619][T10859] bond1 (unregistering): Released all slaves
[ 1300.398345][T10859] bond2 (unregistering): Released all slaves
[ 1300.550422][T10859] bond3 (unregistering): (slave veth0_to_bond): Releasing active interface
[ 1300.563577][T10859] bond3 (unregistering): (slave vlan2): Releasing active interface
[ 1300.574164][T10859] bond3 (unregistering): Released all slaves
[ 1300.721692][T10859] bond4 (unregistering): (slave vcan1): Releasing backup interface
[ 1300.729829][T10859] vcan1: left promiscuous mode
[ 1300.742705][T10859] bond4 (unregistering): Released all slaves
[ 1300.762159][ T5961] video4linux radio48: keene_cmd_set failed (-71)
[ 1300.771540][ T5961] radio-keene 8-1:0.0: V4L2 device registered as radio48
[ 1300.792763][ T5961] usb 8-1: USB disconnect, device number 20
[ 1300.803109][T17476] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1300.874572][T17476] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1300.986369][T17476] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1301.046554][T10859] tipc: Left network mode
[ 1301.064969][T17476] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1301.071988][T17476] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1301.172416][T17476] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1301.309633][   T30] audit: type=1804 audit(2000000063.680:157): pid=17645 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.2832" name="/newroot/591/file0" dev="tmpfs" ino=3163 res=1 errno=0
[ 1301.363735][T10859] IPVS: stopping backup sync thread 11809 ...
[ 1302.484572][  T925] usb 3-1: new full-speed USB device number 82 using dummy_hcd
[ 1302.647281][T17476] hsr_slave_0: entered promiscuous mode
[ 1302.649779][  T925] usb 3-1: config 7 has an invalid interface number: 192 but max is 0
[ 1302.656778][T17476] hsr_slave_1: entered promiscuous mode
[ 1302.874904][  T925] usb 3-1: config 7 has no interface number 0
[ 1302.942181][  T925] usb 3-1: config 7 interface 192 has no altsetting 0
[ 1303.207404][  T925] usb 3-1: New USB device found, idVendor=09fb, idProduct=ebbe, bcdDevice=d4.8d
[ 1303.317834][  T925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1303.327044][T17476] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1303.357104][  T925] usb 3-1: Product: syz
[ 1303.361450][T17476] Cannot create hsr debugfs directory
[ 1303.373532][  T925] usb 3-1: Manufacturer: syz
[ 1303.404627][  T925] usb 3-1: SerialNumber: syz
[ 1303.525203][T15760] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[ 1303.707360][T15760] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1303.727090][T15760] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1303.833284][T17675] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1303.913495][T15760] usb 5-1: config 0 descriptor??
[ 1303.926456][T17675] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2839'.
[ 1304.146265][T15760] cp210x 5-1:0.0: cp210x converter detected
[ 1304.398893][T17658] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1304.574975][T17658] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1304.799877][T15760] cp210x 5-1:0.0: failed to get vendor val 0x0010 size 3: -32
[ 1304.843260][  T925] usb 3-1: USB disconnect, device number 82
[ 1304.870200][T15760] usb 5-1: cp210x converter now attached to ttyUSB0
[ 1305.144413][  T925] usb 5-1: USB disconnect, device number 58
[ 1305.453017][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1305.460292][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1305.577762][  T925] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1305.599034][T17684] wg1 speed is unknown, defaulting to 1000
[ 1305.696020][  T925] cp210x 5-1:0.0: device disconnected
[ 1305.722037][T17684] lo speed is unknown, defaulting to 1000
[ 1308.377593][   T30] audit: type=1804 audit(2000000069.950:158): pid=17719 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.2845" name="/newroot/83/file0" dev="tmpfs" ino=462 res=1 errno=0
[ 1309.683257][T17733] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2849'.
[ 1310.641724][T17750] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2850'.
[ 1311.509026][T10859] hsr_slave_0: left promiscuous mode
[ 1311.667183][T10859] hsr_slave_1: left promiscuous mode
[ 1311.734672][T10859] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1311.751105][T17758] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1311.764534][T10859] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1311.851969][T10859] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1311.883509][T10859] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1312.136956][T10859] veth1_macvtap: left promiscuous mode
[ 1312.142630][T10859] veth1_vlan: left promiscuous mode
[ 1313.529617][T10859] team0 (unregistering): Port device team_slave_1 removed
[ 1313.581651][T10859] team0 (unregistering): Port device team_slave_0 removed
[ 1314.133210][T17767] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2852'.
[ 1314.461904][   T30] audit: type=1804 audit(2000000076.770:159): pid=17783 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.2856" name="/newroot/597/file0" dev="tmpfs" ino=3195 res=1 errno=0
[ 1315.144467][T17476] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1315.195405][T17476] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1315.219584][T17476] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1315.485611][T17476] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1315.755358][T10859] IPVS: stop unused estimator thread 0...
[ 1315.890436][T17802] macsec2: entered allmulticast mode
[ 1315.896269][T17802] macvlan1: entered allmulticast mode
[ 1315.924660][T17802] veth1_vlan: entered allmulticast mode
[ 1316.187536][T17802] macvlan1: left allmulticast mode
[ 1316.701377][T17802] veth1_vlan: left allmulticast mode
[ 1317.185832][T17476] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1317.363375][T17476] 8021q: adding VLAN 0 to HW filter on device team0
[ 1317.645961][T10859] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1317.653218][T10859] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1317.719871][T17830] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2864'.
[ 1317.735698][T17831] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1318.031517][ T1159] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1318.038801][ T1159] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1319.101880][T17476] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1319.390953][   T30] audit: type=1804 audit(2000000081.760:160): pid=17859 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.2867" name="/newroot/569/file0" dev="tmpfs" ino=3070 res=1 errno=0
[ 1320.019108][T17476] veth0_vlan: entered promiscuous mode
[ 1320.406050][T17476] veth1_vlan: entered promiscuous mode
[ 1320.527950][T17476] veth0_macvtap: entered promiscuous mode
[ 1320.580646][T17476] veth1_macvtap: entered promiscuous mode
[ 1320.676456][T17476] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1320.726661][T17476] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1320.761462][T17476] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1320.791637][T17476] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1320.810440][T17476] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1320.831921][T17476] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1322.345485][T17895] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1323.361122][T17899] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1324.355287][T17253] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1324.426098][T17253] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1325.174145][T10859] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1325.197079][T10859] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1326.519333][T17931] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1328.100946][T17951] syz.7.2881(17951): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[ 1328.118567][T17951] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2881'.
[ 1331.214858][T15050] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1331.234661][T15050] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1331.243348][T15050] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1331.253505][T15050] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1331.261755][T15050] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1332.466888][T17976] wg1 speed is unknown, defaulting to 1000
[ 1332.483369][T17976] lo speed is unknown, defaulting to 1000
[ 1332.619173][T17997] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1333.294503][T15050] Bluetooth: hci2: command tx timeout
[ 1335.192530][   T30] audit: type=1326 audit(2000000097.560:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18020 comm="syz.7.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591fd8eb69 code=0x7ffc0000
[ 1335.386720][T15050] Bluetooth: hci2: command tx timeout
[ 1335.451263][T18021] overlayfs: failed to resolve './file1': -2
[ 1335.464383][   T30] audit: type=1326 audit(2000000097.560:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18020 comm="syz.7.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591fd8eb69 code=0x7ffc0000
[ 1335.559251][T17976] chnl_net:caif_netlink_parms(): no params data found
[ 1335.580998][   T30] audit: type=1326 audit(2000000097.600:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18020 comm="syz.7.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f591fd8eb69 code=0x7ffc0000
[ 1335.652855][   T30] audit: type=1326 audit(2000000097.600:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18020 comm="syz.7.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591fd8eb69 code=0x7ffc0000
[ 1335.692949][   T30] audit: type=1326 audit(2000000097.610:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18020 comm="syz.7.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591fd8eb69 code=0x7ffc0000
[ 1335.762643][   T30] audit: type=1326 audit(2000000097.780:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18020 comm="syz.7.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f591fd8eb69 code=0x7ffc0000
[ 1335.784946][   T30] audit: type=1326 audit(2000000097.780:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18020 comm="syz.7.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591fd8eb69 code=0x7ffc0000
[ 1335.806931][   T30] audit: type=1326 audit(2000000097.780:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18020 comm="syz.7.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591fd8eb69 code=0x7ffc0000
[ 1335.830116][   T30] audit: type=1326 audit(2000000097.790:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18020 comm="syz.7.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f591fd8eb69 code=0x7ffc0000
[ 1335.852724][   T30] audit: type=1326 audit(2000000097.790:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18020 comm="syz.7.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591fd8eb69 code=0x7ffc0000
[ 1336.164414][T12388] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[ 1336.303919][T18043] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2896'.
[ 1336.344582][T12388] usb 7-1: Using ep0 maxpacket: 8
[ 1336.372842][T12388] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[ 1336.381318][T12388] usb 7-1: config 0 has no interface number 0
[ 1336.387987][T12388] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1336.429121][T12388] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1336.444208][T12388] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1336.456373][T12388] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1336.469789][T12388] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1336.479149][T12388] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1336.520030][T12388] usb 7-1: config 0 descriptor??
[ 1336.554046][T12388] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1336.820070][T18035] openvswitch: netlink: Tunnel attr 16383 out of range max 16
[ 1336.949187][T12388] usb 7-1: USB disconnect, device number 15
[ 1336.960487][T17976] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1336.990335][T12388] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[ 1337.019165][T17976] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1337.038700][T17976] bridge_slave_0: entered allmulticast mode
[ 1337.076899][T17976] bridge_slave_0: entered promiscuous mode
[ 1337.117159][T17976] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1337.127568][T17976] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1337.174037][T17976] bridge_slave_1: entered allmulticast mode
[ 1337.215773][T17976] bridge_slave_1: entered promiscuous mode
[ 1337.454623][T15050] Bluetooth: hci2: command tx timeout
[ 1338.103282][T18050] openvswitch: netlink: IPv4 tun info is not correct
[ 1338.298204][T17976] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1338.514851][T17976] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1339.543667][T15050] Bluetooth: hci2: command tx timeout
[ 1339.810476][T17976] team0: Port device team_slave_0 added
[ 1339.838093][T17976] team0: Port device team_slave_1 added
[ 1339.961432][   T43] hid-generic 0000:0D17:0000.0010: unknown main item tag 0x0
[ 1339.980763][   T43] hid-generic 0000:0D17:0000.0010: unknown main item tag 0x0
[ 1340.005543][   T43] hid-generic 0000:0D17:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[ 1340.055945][T18074] syz.7.2903: attempt to access beyond end of device
[ 1340.055945][T18074] nbd7: rw=0, sector=64, nr_sectors = 1 limit=0
[ 1340.095095][T18074] syz.7.2903: attempt to access beyond end of device
[ 1340.095095][T18074] nbd7: rw=0, sector=256, nr_sectors = 1 limit=0
[ 1340.134403][T18074] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256
[ 1340.169995][T18074] syz.7.2903: attempt to access beyond end of device
[ 1340.169995][T18074] nbd7: rw=0, sector=512, nr_sectors = 1 limit=0
[ 1340.212960][T18074] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512
[ 1340.275955][T18074] syz.7.2903: attempt to access beyond end of device
[ 1340.275955][T18074] nbd7: rw=0, sector=64, nr_sectors = 2 limit=0
[ 1340.361003][T18074] syz.7.2903: attempt to access beyond end of device
[ 1340.361003][T18074] nbd7: rw=0, sector=512, nr_sectors = 2 limit=0
[ 1340.723521][T18074] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256
[ 1340.838888][T18074] syz.7.2903: attempt to access beyond end of device
[ 1340.838888][T18074] nbd7: rw=0, sector=1024, nr_sectors = 2 limit=0
[ 1341.000160][T18074] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512
[ 1341.042007][T18074] syz.7.2903: attempt to access beyond end of device
[ 1341.042007][T18074] nbd7: rw=0, sector=64, nr_sectors = 4 limit=0
[ 1341.110291][T18074] syz.7.2903: attempt to access beyond end of device
[ 1341.110291][T18074] nbd7: rw=0, sector=1024, nr_sectors = 4 limit=0
[ 1341.144128][T18074] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256
[ 1341.169278][T18097] random: crng reseeded on system resumption
[ 1341.204863][T18074] syz.7.2903: attempt to access beyond end of device
[ 1341.204863][T18074] nbd7: rw=0, sector=2048, nr_sectors = 4 limit=0
[ 1341.218812][T12388] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[ 1341.227349][T18074] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512
[ 1341.238089][T18074] syz.7.2903: attempt to access beyond end of device
[ 1341.238089][T18074] nbd7: rw=0, sector=64, nr_sectors = 8 limit=0
[ 1341.252313][T18074] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256
[ 1341.273888][T18074] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512
[ 1341.287339][T18074] UDF-fs: warning (device nbd7): udf_fill_super: No partition found (1)
[ 1341.623187][T12388] usb 8-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[ 1341.672067][T12388] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1341.773059][T12388] usb 8-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[ 1341.841116][T12388] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1341.938543][T12388] usb 8-1: config 0 descriptor??
[ 1342.037120][T12388] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[ 1342.251607][T17976] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1342.262983][T17976] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1342.289075][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1342.297832][T17976] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1342.310713][T17976] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1342.318008][T17976] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1342.343993][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1342.350345][T17976] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1342.482927][T18114] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2909'.
[ 1342.770505][T17976] hsr_slave_0: entered promiscuous mode
[ 1342.788216][T18122] netlink: 'syz.1.2911': attribute type 1 has an invalid length.
[ 1342.798388][T17976] hsr_slave_1: entered promiscuous mode
[ 1342.806081][T17976] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1342.813952][T17976] Cannot create hsr debugfs directory
[ 1344.377302][  T925] usb 8-1: USB disconnect, device number 21
[ 1344.577827][T17976] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1344.601010][T18142] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2915'.
[ 1344.631351][T17976] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1344.651871][T18142] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2915'.
[ 1344.751405][T18142] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2915'.
[ 1344.782673][T18142] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2915'.
[ 1344.807521][T18142] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2915'.
[ 1344.827936][T18142] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2915'.
[ 1344.842348][T17976] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1344.854809][T17976] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1345.010434][T12388] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[ 1345.195334][T12388] usb 7-1: Using ep0 maxpacket: 8
[ 1345.309116][T12388] usb 7-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1345.334972][T18150] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1345.383501][T12388] usb 7-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1345.431153][T12388] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1345.536542][T12388] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1345.564667][T12388] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1345.621446][T12388] usb 7-1: Product: syz
[ 1345.649715][T12388] usb 7-1: Manufacturer: syz
[ 1345.683788][T12388] usb 7-1: SerialNumber: syz
[ 1346.029465][T17976] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1346.061806][T17976] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1346.092792][T12388] usb 7-1: 0:2 : does not exist
[ 1346.112474][T12388] usb 7-1: USB disconnect, device number 16
[ 1346.327991][T13772] udevd[13772]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1347.007555][T17976] : (slave netdevsim0): Releasing backup interface
[ 1347.037922][T17976] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1347.118426][T17976] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1348.622537][T18163] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2919'.
[ 1348.859363][T18170] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2924'.
[ 1349.871834][T14429]  (unregistering): Released all slaves
[ 1349.994546][T14429] bond1 (unregistering): Released all slaves
[ 1350.116920][T14429] bond0 (unregistering): Released all slaves
[ 1350.243180][T14429] bond2 (unregistering): (slave veth0_to_bond): Releasing active interface
[ 1350.253724][T14429] bond2 (unregistering): Released all slaves
[ 1350.415525][T17976] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1350.427670][T17976] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1350.440637][T17976] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1350.451030][T17976] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1350.537945][T17976] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1350.561996][T17976] 8021q: adding VLAN 0 to HW filter on device team0
[ 1350.579528][T10861] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1350.586751][T10861] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1350.604691][T10861] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1350.611812][T10861] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1350.827981][T17976] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1351.087001][T17976] veth0_vlan: entered promiscuous mode
[ 1351.102496][T17976] veth1_vlan: entered promiscuous mode
[ 1351.133503][T17976] veth0_macvtap: entered promiscuous mode
[ 1351.145389][T17976] veth1_macvtap: entered promiscuous mode
[ 1351.166941][T17976] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1351.181935][T17976] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1351.194562][T17976] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1351.204010][T17976] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1351.213673][T17976] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1351.223716][T17976] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1351.310449][T10861] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1351.334186][T10861] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1351.364063][T10861] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1351.372072][T10861] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1351.579362][T18191] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1351.668740][T18191] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2882'.
[ 1366.819293][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1366.825967][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1409.856631][T10633] Bluetooth: hci5: command 0x0406 tx timeout
[ 1428.260257][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1428.267062][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1455.934545][T15050] Bluetooth: hci2: command 0x0406 tx timeout
[ 1489.699173][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1489.707006][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1497.374755][   T31] INFO: task kworker/u8:2:14429 blocked for more than 143 seconds.
[ 1497.382749][   T31]       Not tainted 6.16.0-syzkaller #0
[ 1497.390425][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1497.399202][   T31] task:kworker/u8:2    state:D stack:21144 pid:14429 tgid:14429 ppid:2      task_flags:0x4208060 flags:0x00004000
[ 1497.411305][   T31] Workqueue: netns cleanup_net
[ 1497.416539][   T31] Call Trace:
[ 1497.419843][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=-1 (errno 104: Connection reset by peer)
[ 1497.422783][   T31]  __schedule+0x16aa/0x4c90
[ 1497.427465][   T31]  ? schedule+0x165/0x360
[ 1497.432572][   T31]  ? __pfx___schedule+0x10/0x10
[ 1497.437768][   T31]  ? schedule+0x91/0x360
[ 1497.442049][   T31]  schedule+0x165/0x360
[ 1497.446609][   T31]  afs_cell_purge+0x3d9/0x540
[ 1497.451325][   T31]  ? __pfx_afs_cell_purge+0x10/0x10
[ 1497.456948][   T31]  ? __pfx_var_wake_function+0x10/0x10
[ 1497.462483][   T31]  ? afs_net+0x45/0x270
[ 1497.467010][   T31]  ? afs_net+0x45/0x270
[ 1497.471214][   T31]  afs_net_exit+0x50/0x100
[ 1497.524248][   T31]  ops_undo_list+0x497/0x990
[ 1497.528976][   T31]  ? __pfx_ops_undo_list+0x10/0x10
[ 1497.589218][   T31]  cleanup_net+0x4c5/0x800
[ 1497.593829][   T31]  ? __pfx_cleanup_net+0x10/0x10
[ 1497.637598][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1497.642964][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1497.674260][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1497.680087][   T31]  process_scheduled_works+0xade/0x17b0
[ 1497.699231][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1497.714245][   T31]  worker_thread+0x8a0/0xda0
[ 1497.718899][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1497.734559][   T31]  ? __kthread_parkme+0x7b/0x200
[ 1497.739958][   T31]  kthread+0x70e/0x8a0
[ 1497.744074][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1497.784243][   T31]  ? __pfx_kthread+0x10/0x10
[ 1497.788923][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1497.794172][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1497.819471][   T31]  ? __pfx_kthread+0x10/0x10
[ 1497.844251][   T31]  ret_from_fork+0x3fc/0x770
[ 1497.848946][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1497.854107][   T31]  ? __switch_to_asm+0x39/0x70
[ 1497.884242][   T31]  ? __switch_to_asm+0x33/0x70
[ 1497.889087][   T31]  ? __pfx_kthread+0x10/0x10
[ 1497.893726][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1497.934434][   T31]  </TASK>
[ 1497.937606][   T31] 
[ 1497.937606][   T31] Showing all locks held in the system:
[ 1497.974263][   T31] 2 locks held by ksoftirqd/0/15:
[ 1497.979384][   T31] 1 lock held by khungtaskd/31:
[ 1498.034288][   T31]  #0: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1498.074470][   T31] 2 locks held by getty/5595:
[ 1498.079236][   T31]  #0: ffff88814d5280a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1498.124243][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1498.163815][   T31] 3 locks held by kworker/0:6/5961:
[ 1498.184334][   T31] 3 locks held by kworker/0:0/12388:
[ 1498.189727][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1498.244526][   T31]  #1: ffffc9000ac6fbc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1498.284258][   T31]  #2: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1498.322112][   T31] 3 locks held by kworker/u8:2/14429:
[ 1498.345946][   T31]  #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1498.378722][   T31]  #1: ffffc90003ccfbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1498.395613][   T31]  #2: ffffffff8f4fd310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[ 1498.414441][   T31] 1 lock held by syz-executor/15487:
[ 1498.419763][   T31] 3 locks held by syz-executor/15516:
[ 1498.435264][   T31]  #0: ffff8880636c0dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[ 1498.445832][   T31]  #1: ffff8880636c00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[ 1498.460960][   T31]  #2: ffffffff8f672108 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[ 1498.471438][   T31] 4 locks held by syz-executor/17476:
[ 1498.487599][   T31]  #0: ffff888034cb4dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[ 1498.507135][   T31]  #1: ffff888034cb40b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[ 1498.518180][   T31]  #2: ffffffff8f672108 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[ 1498.532296][   T31]  #3: ffff88805744fb38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[ 1498.543725][   T31] 3 locks held by syz-executor/17976:
[ 1498.556571][   T31]  #0: ffff88807cde0dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[ 1498.566936][   T31]  #1: ffff88807cde00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[ 1498.577081][   T31]  #2: ffffffff8f672108 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[ 1498.587442][   T31] 2 locks held by dhcpcd/18243:
[ 1498.592368][   T31]  #0: ffff888028282258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[ 1498.603422][   T31]  #1: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1498.623105][   T31] 1 lock held by dhcpcd/18244:
[ 1498.628200][   T31]  #0: ffff8880450ca258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[ 1498.638960][   T31] 1 lock held by dhcpcd/18245:
[ 1498.647277][   T31]  #0: ffff88806658e258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[ 1498.668611][   T31] 1 lock held by dhcpcd/18246:
[ 1498.673432][   T31]  #0: ffff8880327ae258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[ 1498.684892][   T31] 
[ 1498.687255][   T31] =============================================
[ 1498.687255][   T31] 
[ 1498.708734][   T31] NMI backtrace for cpu 1
[ 1498.708752][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1498.708775][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1498.708787][   T31] Call Trace:
[ 1498.708795][   T31]  <TASK>
[ 1498.708826][   T31]  dump_stack_lvl+0x189/0x250
[ 1498.708851][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1498.708881][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1498.708903][   T31]  ? __pfx__printk+0x10/0x10
[ 1498.708941][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1498.708974][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1498.709000][   T31]  ? _printk+0xcf/0x120
[ 1498.709029][   T31]  ? __pfx__printk+0x10/0x10
[ 1498.709056][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1498.709089][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1498.709121][   T31]  watchdog+0xfee/0x1030
[ 1498.709153][   T31]  ? watchdog+0x1de/0x1030
[ 1498.709190][   T31]  kthread+0x70e/0x8a0
[ 1498.709219][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1498.709246][   T31]  ? __pfx_kthread+0x10/0x10
[ 1498.709274][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1498.709291][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1498.709309][   T31]  ? __pfx_kthread+0x10/0x10
[ 1498.709336][   T31]  ret_from_fork+0x3fc/0x770
[ 1498.709358][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1498.709383][   T31]  ? __switch_to_asm+0x39/0x70
[ 1498.709407][   T31]  ? __switch_to_asm+0x33/0x70
[ 1498.709429][   T31]  ? __pfx_kthread+0x10/0x10
[ 1498.709456][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1498.709495][   T31]  </TASK>
[ 1498.709502][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1498.867217][    C0] NMI backtrace for cpu 0
[ 1498.867234][    C0] CPU: 0 UID: 0 PID: 10871 Comm: kworker/u8:22 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1498.867255][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1498.867267][    C0] Workqueue: events_unbound cfg80211_wiphy_work
[ 1498.867295][    C0] RIP: 0010:ieee802_11_parse_elems_full+0xe04/0x2aa0
[ 1498.867319][    C0] Code: 42 0f b6 04 20 84 c0 0f 85 6f 02 00 00 45 0f b6 26 4d 8d 74 24 02 48 89 df 4c 89 f6 e8 55 d8 d5 f6 4c 39 f3 0f 82 a5 0a 00 00 <4c> 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84
[ 1498.867335][    C0] RSP: 0018:ffffc900033e74a0 EFLAGS: 00000246
[ 1498.867349][    C0] RAX: ffffffff8aea4fcb RBX: 0000000000000009 RCX: ffff88806deb0000
[ 1498.867363][    C0] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000009
[ 1498.867373][    C0] RBP: ffffc900033e76b0 R08: 0000000000000002 R09: 0000000000000006
[ 1498.867385][    C0] R10: ffff8880537f6aae R11: ffffed100a6fed58 R12: 0000000000000007
[ 1498.867397][    C0] R13: ffff8880537f6b30 R14: 0000000000000009 R15: ffff88807d7f7153
[ 1498.867410][    C0] FS:  0000000000000000(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000
[ 1498.867424][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1498.867437][    C0] CR2: 00005558d7263e78 CR3: 000000003170e000 CR4: 00000000003526f0
[ 1498.867452][    C0] Call Trace:
[ 1498.867458][    C0]  <TASK>
[ 1498.867467][    C0]  ? do_raw_spin_unlock+0x122/0x240
[ 1498.867493][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1498.867522][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1498.867556][    C0]  ? debug_object_activate+0x2e2/0x420
[ 1498.867591][    C0]  ? __pfx_ieee802_11_parse_elems_full+0x10/0x10
[ 1498.867618][    C0]  ieee80211_ibss_rx_queued_mgmt+0x462/0x2ae0
[ 1498.867654][    C0]  ? __lock_acquire+0xab9/0xd20
[ 1498.867674][    C0]  ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10
[ 1498.867712][    C0]  ? __lock_acquire+0xab9/0xd20
[ 1498.867748][    C0]  ieee80211_iface_work+0x806/0xfe0
[ 1498.867772][    C0]  cfg80211_wiphy_work+0x2dc/0x460
[ 1498.867801][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[ 1498.867821][    C0]  process_scheduled_works+0xade/0x17b0
[ 1498.867855][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1498.867884][    C0]  worker_thread+0x8a0/0xda0
[ 1498.867917][    C0]  kthread+0x70e/0x8a0
[ 1498.867941][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1498.867960][    C0]  ? __pfx_kthread+0x10/0x10
[ 1498.867983][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1498.867999][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1498.868015][    C0]  ? __pfx_kthread+0x10/0x10
[ 1498.868038][    C0]  ret_from_fork+0x3fc/0x770
[ 1498.868058][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1498.868078][    C0]  ? __switch_to_asm+0x39/0x70
[ 1498.868099][    C0]  ? __switch_to_asm+0x33/0x70
[ 1498.868120][    C0]  ? __pfx_kthread+0x10/0x10
[ 1498.868143][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1498.868174][    C0]  </TASK>
[ 1499.150747][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1499.167299][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1499.174207][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1499.183972][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1499.194054][   T31] Call Trace:
[ 1499.197343][   T31]  <TASK>
[ 1499.200287][   T31]  dump_stack_lvl+0x99/0x250
[ 1499.204921][   T31]  ? __asan_memcpy+0x40/0x70
[ 1499.209612][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1499.214826][   T31]  ? __pfx__printk+0x10/0x10
[ 1499.219436][   T31]  panic+0x2db/0x790
[ 1499.223344][   T31]  ? __pfx_panic+0x10/0x10
[ 1499.227779][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1499.233600][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1499.239004][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1499.245182][   T31]  watchdog+0x102d/0x1030
[ 1499.249534][   T31]  ? watchdog+0x1de/0x1030
[ 1499.253971][   T31]  kthread+0x70e/0x8a0
[ 1499.258057][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1499.262773][   T31]  ? __pfx_kthread+0x10/0x10
[ 1499.267397][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1499.272615][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1499.277829][   T31]  ? __pfx_kthread+0x10/0x10
[ 1499.282440][   T31]  ret_from_fork+0x3fc/0x770
[ 1499.287049][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1499.292185][   T31]  ? __switch_to_asm+0x39/0x70
[ 1499.296968][   T31]  ? __switch_to_asm+0x33/0x70
[ 1499.301743][   T31]  ? __pfx_kthread+0x10/0x10
[ 1499.306354][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1499.311148][   T31]  </TASK>
[ 1499.314560][   T31] Kernel Offset: disabled
[ 1499.318901][   T31] Rebooting in 86400 seconds..