last executing test programs:

27m13.576306512s ago: executing program 0 (id=30):
r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1a1300)
r1 = syz_open_dev$evdev(&(0x7f00000001c0), 0x2, 0x20000)
ioctl$EVIOCSCLOCKID(r1, 0x40084504, &(0x7f0000000000)=0x1)
poll(&(0x7f00000020c0)=[{r0, 0x20c}], 0x1, 0xfffffffd)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x1d, &(0x7f00000001c0), 0x4)
write$cgroup_devices(r0, &(0x7f0000002080)={'a', ' *:* ', 'rw\x00'}, 0x9)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
r4 = semget$private(0x0, 0x4000000009, 0x208)
semop(r4, &(0x7f00000002c0)=[{0x1, 0x8698, 0x1000}], 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = semget$private(0x0, 0x4, 0x29b)
syslog(0x9, 0x0, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x6)
write(r6, &(0x7f00000000c0)="510003000000", 0x6)
semtimedop(r5, &(0x7f0000000040)=[{0x0, 0x1}], 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10800}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x15}, @IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local}]}}}]}, 0x48}}, 0x0)
semop(r5, &(0x7f0000000180)=[{}, {}], 0x2)
semctl$GETZCNT(r5, 0x0, 0xf, 0x0)
fanotify_init(0x0, 0x2)
semctl$SETALL(r4, 0x0, 0x11, &(0x7f00000000c0)=[0xa8f, 0x8])
bind$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)='5', 0x1}], 0x1}, 0x4003)
recvmmsg(r3, &(0x7f0000005dc0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1}, 0x7fc}], 0x1, 0x22, 0x0)
read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2020)

27m10.697902884s ago: executing program 0 (id=35):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0xc0c4}, 0x10)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000100005040000000000000000", @ANYBLOB="ebffffffffffffff280012800b0001"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x4e23, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}, {0xa, 0x4e24, 0x0, @local, 0x7}, 0xffffffffffffffff, {[0x6, 0x8, 0x1ff, 0x2e, 0x40, 0xffffffff, 0x2, 0x81]}}, 0x5c)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x5, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

27m5.89169535s ago: executing program 0 (id=44):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
unshare(0x22020600)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000180)={'vxcan1\x00', <r2=>0x0})
setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x2, &(0x7f0000000140)=0x1, 0x4)
bind$can_raw(r1, &(0x7f0000000200)={0x1d, r2}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, {0x1, 0x6}, {0xffff}, {0x1}}}, 0x24}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x308, 0x130, 0x12, 0x60a, 0x600, 0x202, 0x238, 0x2e8, 0x2e8, 0x238, 0x2c0, 0x4, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @dev}, @mcast2, [0x4000000], [0x4000000], 'veth1_to_bond\x00', 'xfrm0\x00'}, 0x0, 0x108, 0x130, 0x0, {}, [@common=@unspec=@statistic={{0x38}}, @common=@inet=@socket2={{0x28}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff}, {0xffffffffffffffff, 0xf9}}}}, {{@ipv6={@private2, @loopback, [], [], 'vxcan1\x00', 'geneve0\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@empty}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x368)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan1\x00'})

27m1.008550528s ago: executing program 0 (id=53):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_CQ_RING(&(0x7f00008ba000/0x4000)=nil, 0x4000, 0x2, 0x2010, 0xffffffffffffffff, 0x8000000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x81, 0x1080a422012f758f})
r1 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(r1, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

26m58.015739971s ago: executing program 0 (id=60):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = fsopen(&(0x7f0000000280)='configfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
r5 = syz_open_procfs(0x0, &(0x7f0000000140)='uid_map\x00')
r6 = fanotify_init(0x0, 0x80000)
r7 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x50)
readv(r6, &(0x7f0000000100)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1)
fanotify_mark(r6, 0x1, 0x40001019, r7, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)

26m52.149584356s ago: executing program 0 (id=68):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@broadcast, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)

26m50.879194836s ago: executing program 32 (id=68):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@broadcast, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)

20m56.766180749s ago: executing program 3 (id=974):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = syz_io_uring_setup(0x237, &(0x7f0000000380)={0x0, 0x80fd, 0x10, 0x4, 0x2c7}, &(0x7f0000000300)=<r5=>0x0, &(0x7f0000000340)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@l2tp={0x2, 0x0, @local, 0x3}})
io_uring_enter(r4, 0x47bc, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x488c0)

20m54.236052135s ago: executing program 3 (id=978):
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mincore(&(0x7f0000bfe000/0x400000)=nil, 0x400000, &(0x7f0000000200)=""/133)
mount$9p_rdma(&(0x7f00000013c0), &(0x7f0000001400)='.\x00', &(0x7f0000001440), 0x800, &(0x7f0000000080)={'trans=rdma,', {'port', 0x3d, 0x4e20}})
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
write$sndseq(r5, &(0x7f0000000040)=[{0xf, 0x0, 0x0, 0xfd, @time, {}, {0xe}, @queue}], 0x1c)

20m51.839430805s ago: executing program 3 (id=981):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
lseek(0xffffffffffffffff, 0x2, 0x4)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x11}, 0x40)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0)
ioctl$AUTOFS_IOC_FAIL(r1, 0x4c80, 0x7000000)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x7, &(0x7f0000000000), 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r3=>0x0})
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x3, 0x0, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000080)={r4, 0x0, 0x0}, 0x10)

20m50.180621816s ago: executing program 3 (id=989):
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0)

20m48.172672572s ago: executing program 3 (id=991):
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
close(0xffffffffffffffff)
socket$inet6_mptcp(0xa, 0x1, 0x106)
pipe2$watch_queue(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000200), 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f00000003c0)=""/102392, 0x18ff8)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, 0x0)
r2 = msgget(0x0, 0x2c4)
msgctl$IPC_RMID(r2, 0x0)

20m47.611022378s ago: executing program 3 (id=993):
r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1a1300)
r1 = syz_open_dev$evdev(&(0x7f00000001c0), 0x2, 0x20000)
ioctl$EVIOCSCLOCKID(r1, 0x40084504, &(0x7f0000000000)=0x1)
poll(&(0x7f00000020c0)=[{r0, 0x20c}], 0x1, 0xfffffffd)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x1d, &(0x7f00000001c0), 0x4)
write$cgroup_devices(r0, &(0x7f0000002080)={'a', ' *:* ', 'rw\x00'}, 0x9)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
r4 = semget$private(0x0, 0x4000000009, 0x208)
semop(r4, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="2c0000003d0007010000000000000000037c000018003780130003007174722834141faa532df09a"], 0x2c}}, 0x0)
r6 = semget$private(0x0, 0x4, 0x29b)
syslog(0x9, 0x0, 0x0)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x6)
write(r7, &(0x7f00000000c0)="510003000000", 0x6)
semtimedop(r6, &(0x7f0000000040)=[{0x0, 0x1}], 0x1, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10800}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x15}, @IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local}]}}}]}, 0x48}}, 0x0)
semop(r6, &(0x7f0000000180)=[{}, {}], 0x2)
semctl$GETZCNT(r6, 0x0, 0xf, 0x0)
fanotify_init(0x0, 0x2)
semctl$SETALL(r4, 0x0, 0x11, &(0x7f00000000c0)=[0xa8f, 0x8])
bind$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)='5', 0x1}], 0x1}, 0x4003)
recvmmsg(r3, &(0x7f0000005dc0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1}, 0x7fc}], 0x1, 0x22, 0x0)
read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2020)

20m46.062129795s ago: executing program 33 (id=993):
r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1a1300)
r1 = syz_open_dev$evdev(&(0x7f00000001c0), 0x2, 0x20000)
ioctl$EVIOCSCLOCKID(r1, 0x40084504, &(0x7f0000000000)=0x1)
poll(&(0x7f00000020c0)=[{r0, 0x20c}], 0x1, 0xfffffffd)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x1d, &(0x7f00000001c0), 0x4)
write$cgroup_devices(r0, &(0x7f0000002080)={'a', ' *:* ', 'rw\x00'}, 0x9)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
r4 = semget$private(0x0, 0x4000000009, 0x208)
semop(r4, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="2c0000003d0007010000000000000000037c000018003780130003007174722834141faa532df09a"], 0x2c}}, 0x0)
r6 = semget$private(0x0, 0x4, 0x29b)
syslog(0x9, 0x0, 0x0)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x6)
write(r7, &(0x7f00000000c0)="510003000000", 0x6)
semtimedop(r6, &(0x7f0000000040)=[{0x0, 0x1}], 0x1, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10800}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x15}, @IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local}]}}}]}, 0x48}}, 0x0)
semop(r6, &(0x7f0000000180)=[{}, {}], 0x2)
semctl$GETZCNT(r6, 0x0, 0xf, 0x0)
fanotify_init(0x0, 0x2)
semctl$SETALL(r4, 0x0, 0x11, &(0x7f00000000c0)=[0xa8f, 0x8])
bind$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)='5', 0x1}], 0x1}, 0x4003)
recvmmsg(r3, &(0x7f0000005dc0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1}, 0x7fc}], 0x1, 0x22, 0x0)
read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2020)

13m40.458109821s ago: executing program 4 (id=1737):
add_key$user(&(0x7f0000000200), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r0, 0x5761, &(0x7f0000000580)=ANY=[@ANYBLOB="020000000000be2f7de0fa0000ff01400000000000000000000e00000084e8323990d564b70572e11d000000000000000000000000000000000000000040000000000000000000000000000000000000000200"/110])
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
lstat(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000400)={{0x1, 0x1, 0x18, r1, {r2, <r4=>r3}}, './file0\x00'})
mount$9p_unix(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x1c2caa, &(0x7f0000000500)={'trans=unix,', {[{@dfltgid={'dfltgid', 0x3d, r4}}, {@debug={'debug', 0x3d, 0xcf}}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r3}}, {@noxattr}, {@cache_fscache}]}})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {@in=@multicast1, 0x0, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x7fffffe}, {}, 0x70bd2a, 0x0, 0xa, 0x2, 0x1, 0x20}}, 0xf0}, 0x1, 0xe}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x1)

13m37.529877399s ago: executing program 4 (id=1741):
add_key$user(&(0x7f0000000200), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r0, 0x5761, &(0x7f0000000580)=ANY=[@ANYBLOB="020000000000be2f7de0fa0000ff01400000000000000000000e00000084e8323990d564b70572e11d000000000000000000000000000000000000000040000000000000000000000000000000000000000200"/110])
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
lstat(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000400)={{0x1, 0x1, 0x18, r1, {r2, <r4=>r3}}, './file0\x00'})
mount$9p_unix(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x1c2caa, &(0x7f0000000500)={'trans=unix,', {[{@dfltgid={'dfltgid', 0x3d, r4}}, {@debug={'debug', 0x3d, 0xcf}}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r3}}, {@noxattr}, {@cache_fscache}]}})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {@in=@multicast1, 0x0, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x7fffffe}, {}, 0x70bd2a, 0x0, 0xa, 0x2, 0x1, 0x20}}, 0xf0}, 0x1, 0xe}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x1)
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)="ab", 0x1, 0x40008c4, 0x0, 0x0)

13m34.623242836s ago: executing program 4 (id=1745):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r2, 0x58, &(0x7f0000001f40)}, 0x9)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e25}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0)
shutdown(r5, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r5, 0x84, 0x7a, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, &(0x7f0000000040)=0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = io_uring_setup(0x3b69, &(0x7f0000001d80)={0x0, 0x714, 0x2, 0x1, 0x3d7})
io_uring_enter(r7, 0x5756, 0x9d76, 0x5, 0x0, 0x0)
poll(&(0x7f0000b2c000)=[{r6}], 0x2c, 0xffffffffffbffff8)
modify_ldt$write(0x1, &(0x7f0000001700), 0x10)
r8 = socket$kcm(0x11, 0x200000000000002, 0x300)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x13, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="641b152164fcb2cd640a00000007020000000f95e61e37a9d10bdc0600"/42], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000002d40)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0xa}, @hci_rp_le_read_buffer_size_v2={{0xf8}, {0x96, 0x7, 0x3, 0x8, 0xf}}}}, 0xd)
sendmsg$kcm(r8, &(0x7f0000000640)={&(0x7f0000000300)=@hci={0x1f, 0xffffffffffffffff, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x20}, 0x8000)

13m31.890042835s ago: executing program 4 (id=1751):
add_key$user(&(0x7f0000000200), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r0, 0x5761, &(0x7f0000000580)=ANY=[@ANYBLOB="020000000000be2f7de0fa0000ff01400000000000000000000e00000084e8323990d564b70572e11d000000000000000000000000000000000000000040000000000000000000000000000000000000000200"/110])
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
lstat(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000400)={{0x1, 0x1, 0x18, r1, {r2, <r4=>r3}}, './file0\x00'})
mount$9p_unix(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x1c2caa, &(0x7f0000000500)={'trans=unix,', {[{@dfltgid={'dfltgid', 0x3d, r4}}, {@debug={'debug', 0x3d, 0xcf}}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r3}}, {@noxattr}, {@cache_fscache}]}})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {@in=@multicast1, 0x0, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x7fffffe}, {}, 0x70bd2a, 0x0, 0xa, 0x2, 0x1, 0x20}}, 0xf0}, 0x1, 0xe}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x1)
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)="ab", 0x1, 0x40008c4, 0x0, 0x0)

13m27.910679208s ago: executing program 4 (id=1759):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@perf_event={0x4}}, 0x18)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f0000000580)=""/90, &(0x7f0000000480)=""/70})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c40))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x3)
syz_io_uring_setup(0x69b8, &(0x7f0000000380)={0x0, 0xaee2, 0x20, 0x2, 0x87}, 0x0, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000040)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000240)="d2a7b3", 0x3}, {&(0x7f0000000400)="e06bd3f745", 0xfcfd}, {&(0x7f0000000500)="86e9a0d8", 0x4}, {&(0x7f00000005c0)="25062456", 0x4}], 0x4}}], 0x1, 0x4000800)
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000180), 0x226300, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f00000010c0)={0x0, 0x80000})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

13m23.008470354s ago: executing program 4 (id=1767):
add_key$user(&(0x7f0000000200), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r0, 0x5761, &(0x7f0000000580)=ANY=[@ANYBLOB="020000000000be2f7de0fa0000ff01400000000000000000000e00000084e8323990d564b70572e11d000000000000000000000000000000000000000040000000000000000000000000000000000000000200"/110])
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
lstat(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000400)={{0x1, 0x1, 0x18, r1, {r2, <r4=>r3}}, './file0\x00'})
mount$9p_unix(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x1c2caa, &(0x7f0000000500)={'trans=unix,', {[{@dfltgid={'dfltgid', 0x3d, r4}}, {@debug={'debug', 0x3d, 0xcf}}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r3}}, {@noxattr}, {@cache_fscache}]}})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {@in=@multicast1, 0x0, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x7fffffe}, {}, 0x70bd2a, 0x0, 0xa, 0x2, 0x1, 0x20}}, 0xf0}, 0x1, 0xe}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x1)
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)="ab", 0x1, 0x40008c4, 0x0, 0x0)

13m7.694117629s ago: executing program 34 (id=1767):
add_key$user(&(0x7f0000000200), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r0, 0x5761, &(0x7f0000000580)=ANY=[@ANYBLOB="020000000000be2f7de0fa0000ff01400000000000000000000e00000084e8323990d564b70572e11d000000000000000000000000000000000000000040000000000000000000000000000000000000000200"/110])
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
lstat(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000400)={{0x1, 0x1, 0x18, r1, {r2, <r4=>r3}}, './file0\x00'})
mount$9p_unix(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x1c2caa, &(0x7f0000000500)={'trans=unix,', {[{@dfltgid={'dfltgid', 0x3d, r4}}, {@debug={'debug', 0x3d, 0xcf}}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r3}}, {@noxattr}, {@cache_fscache}]}})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {@in=@multicast1, 0x0, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x7fffffe}, {}, 0x70bd2a, 0x0, 0xa, 0x2, 0x1, 0x20}}, 0xf0}, 0x1, 0xe}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x1)
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)="ab", 0x1, 0x40008c4, 0x0, 0x0)

9m22.697494515s ago: executing program 6 (id=2107):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@perf_event={0x4}}, 0x18)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f0000000580)=""/90, &(0x7f0000000480)=""/70})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c40))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x3)
syz_io_uring_setup(0x69b8, &(0x7f0000000380)={0x0, 0xaee2, 0x20, 0x2, 0x87}, 0x0, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x3c, 0x0, 0x0)
sendmmsg$inet(r3, &(0x7f0000000040)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000240)="d2a7b3", 0x3}, {&(0x7f0000000400)="e06bd3f745", 0x5}, {&(0x7f0000000500)="86e9a0d8", 0x4}, {&(0x7f00000005c0)="250624", 0x3}], 0x4}}], 0x1, 0x4000800)
r4 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000180), 0x226300, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f00000010c0)={0x0, 0x80000})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

9m20.637907743s ago: executing program 6 (id=2111):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@perf_event={0x4}}, 0x18)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f0000000580)=""/90, &(0x7f0000000480)=""/70})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c40))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x3)
syz_io_uring_setup(0x69b8, &(0x7f0000000380)={0x0, 0xaee2, 0x20, 0x2, 0x87}, 0x0, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x3c, 0x0, 0x0)
sendmmsg$inet(r3, &(0x7f0000000040)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000240)="d2a7b3", 0x3}, {&(0x7f0000000400)="e06bd3f745", 0x5}, {&(0x7f0000000500)="86e9a0d8", 0x4}, {0x0}], 0x4}}], 0x1, 0x4000800)
r4 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000180), 0x226300, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f00000010c0)={0x0, 0x80000})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

9m14.917401552s ago: executing program 6 (id=2119):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
shutdown(r0, 0x1)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
prctl$PR_SET_TIMERSLACK(0x1d, 0xffffffffffffff63)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r2}, 0x18)
syz_emit_ethernet(0xfdef, &(0x7f0000000140)={@random="5b1a033f2511", @remote, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x4578, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x10, 0x0, 0x0, "fdcdae25a7a296872a8a5290e48e30acf8afc7e67d70a62c979cefa10a0028bd", "ae0000000000000000e400", {"35f3c07eeca4a20a9858ac1500", "63081fe8fe001a08ed082ad7121d696f"}}}}}}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e22, @local}, 0x10)
sendmmsg$inet_sctp(r6, &(0x7f0000004900)=[{&(0x7f00000000c0)=@in={0x2, 0x4e22, @local}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000100)="f4", 0x1}], 0x1, &(0x7f00000001c0)}], 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x400, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3b}}}, 0x1c)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

9m12.439483672s ago: executing program 6 (id=2122):
openat$ppp(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='system.posix_acl_access\x00', 0x0, 0x2)
r0 = socket(0x1d, 0x2, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x80108906, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
futimesat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={{0x77359400}})
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000280)=@generic={&(0x7f0000000240)='./file1\x00', 0x0, 0x18}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x300000f, 0x11011, r5, 0x0)
mprotect(&(0x7f00001a7000/0x1000)=nil, 0x1000, 0x6)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r6, 0xc06864a2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x7, {0x800, 0x1, 0x3, 0x4, 0x6, 0x0, 0x2, 0x9, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, "13757ddc688782636517333c0303dace01a10969cc9f4efe748fb63ea78c9aef"}})
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0xf5a, 0x3, 0x3, 0xfffffff9}, {0x9b, 0x7, 0x6, 0x6}, {0x1, 0x9, 0x0, 0xfff}, {0x0, 0x1, 0x9, 0xe}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x8, 0x1, 0x8}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x25, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000002780)={<r8=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000080)={r8, 0x3})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r7, 0x40182103, &(0x7f0000000080)={r8, 0x0, r5, 0x1})

9m11.065516767s ago: executing program 6 (id=2123):
r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1a1300)
r1 = syz_open_dev$evdev(&(0x7f00000001c0), 0x2, 0x20000)
ioctl$EVIOCSCLOCKID(r1, 0x40084504, &(0x7f0000000000)=0x1)
poll(&(0x7f00000020c0)=[{r0, 0x20c}], 0x1, 0xfffffffd)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x1d, &(0x7f00000001c0), 0x4)
write$cgroup_devices(r0, &(0x7f0000002080)={'a', ' *:* ', 'rw\x00'}, 0x9)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
r4 = semget$private(0x0, 0x4000000009, 0x208)
semop(r4, &(0x7f00000002c0)=[{0x1, 0x8698, 0x1000}], 0x1)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="2c0000003d0007010000000000000000037c000018003780130003007174722834141faa532df09a"], 0x2c}}, 0x0)
r6 = semget$private(0x0, 0x4, 0x29b)
syslog(0x9, 0x0, 0x0)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x6)
write(r7, &(0x7f00000000c0)="510003000000", 0x6)
semtimedop(r6, &(0x7f0000000040)=[{0x0, 0x1}], 0x1, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10800}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x15}, @IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local}]}}}]}, 0x48}}, 0x0)
semop(r6, &(0x7f0000000180)=[{}, {}], 0x2)
semctl$GETZCNT(r6, 0x0, 0xf, 0x0)
fanotify_init(0x0, 0x2)
semctl$SETALL(r4, 0x0, 0x11, &(0x7f00000000c0)=[0xa8f, 0x8])
bind$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)='5', 0x1}], 0x1}, 0x4003)
recvmmsg(r3, 0x0, 0x0, 0x22, 0x0)
read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2020)

9m9.221545623s ago: executing program 6 (id=2129):
add_key$user(&(0x7f0000000200), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r0, 0x5761, &(0x7f0000000580)=ANY=[@ANYBLOB="020000000000be2f7de0fa0000ff01400000000000000000000e00000084e8323990d564b70572e11d000000000000000000000000000000000000000040000000000000000000000000000000000000000200"/110])
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
lstat(&(0x7f0000000340)='./file0\x00', 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000400)={{0x1, 0x1, 0x18, r1, {0x0, <r2=>0x0}}, './file0\x00'})
mount$9p_unix(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x1c2caa, &(0x7f0000000500)={'trans=unix,', {[{@dfltgid={'dfltgid', 0x3d, r2}}, {@debug={'debug', 0x3d, 0xcf}}, {@privport}, {@noxattr}, {@cache_fscache}]}})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {@in=@multicast1, 0x0, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x7fffffe}, {}, 0x70bd2a, 0x0, 0xa, 0x2, 0x1, 0x20}}, 0xf0}, 0x1, 0xe}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
r4 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4)
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x1)
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)="ab", 0x1, 0x40008c4, 0x0, 0x0)

8m54.150562171s ago: executing program 35 (id=2129):
add_key$user(&(0x7f0000000200), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r0, 0x5761, &(0x7f0000000580)=ANY=[@ANYBLOB="020000000000be2f7de0fa0000ff01400000000000000000000e00000084e8323990d564b70572e11d000000000000000000000000000000000000000040000000000000000000000000000000000000000200"/110])
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
lstat(&(0x7f0000000340)='./file0\x00', 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000400)={{0x1, 0x1, 0x18, r1, {0x0, <r2=>0x0}}, './file0\x00'})
mount$9p_unix(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x1c2caa, &(0x7f0000000500)={'trans=unix,', {[{@dfltgid={'dfltgid', 0x3d, r2}}, {@debug={'debug', 0x3d, 0xcf}}, {@privport}, {@noxattr}, {@cache_fscache}]}})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {@in=@multicast1, 0x0, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x7fffffe}, {}, 0x70bd2a, 0x0, 0xa, 0x2, 0x1, 0x20}}, 0xf0}, 0x1, 0xe}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
r4 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4)
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x1)
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)="ab", 0x1, 0x40008c4, 0x0, 0x0)

5m0.380152705s ago: executing program 2 (id=2551):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRESDEC], 0x48)
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd5e, 0x240000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000600)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000002c0)}, 0x5}], 0x1, 0xe96ad1452b97d12f, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
socket$rxrpc(0x21, 0x2, 0x4)
userfaultfd(0x801)
pipe2$9p(&(0x7f0000000080), 0x0)
r2 = getpid()
r3 = socket(0x2, 0x2, 0x1)
r4 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x800000)
ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, r3)
ioctl$NBD_DISCONNECT(r4, 0xab08)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
socket$packet(0x11, 0x2, 0x300)
prlimit64(r2, 0xd, &(0x7f0000000040)={0x3, 0x100000001}, &(0x7f0000000240))
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, &(0x7f0000000280)=0x1)

4m59.519878684s ago: executing program 2 (id=2554):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x10, 0x11, 0x2300}, @TCA_FQ_QUANTUM={0x8, 0x3, 0x4000}]}}]}, 0x40}}, 0x0)

4m59.256406157s ago: executing program 2 (id=2557):
r0 = syz_socket_connect_nvme_tcp()
close(r0)

4m59.069257603s ago: executing program 2 (id=2561):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x330, 0x0, 0x1170, 0x1398, 0x120, 0x1170, 0x260, 0x1398, 0x1398, 0x260, 0x1398, 0x3, 0x0, {[{{@ipv6={@mcast2, @mcast1, [], [], 'ip6tnl0\x00', 'veth0_to_hsr\x00', {}, {}, 0x6, 0x0, 0x0, 0x41}, 0x0, 0xf8, 0x120, 0x0, {}, [@common=@inet=@ecn={{0x28}, {0x10}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@SYNPROXY={0x28}}, {{@uncond, 0x0, 0x118, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@hbh={{0x48}}]}, @common=@unspec=@NFQUEUE0={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x390)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=ANY=[], 0x118}, 0x1, 0x0, 0x0, 0x804}, 0x40d0)
r4 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000680)={0x0, @bt={0xd805, 0x0, 0x0, 0x3, 0x4, 0x3ff, 0x3, 0x5, 0x5, 0xdcc, 0x2, 0x9, 0x0, 0x3ff, 0x14, 0x12, {0xffff, 0x9}, 0x3, 0x3}})
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x4000040)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r2, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000400000200000200080001000300000005000200030000000500020008000000240003"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r7=>0x0})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="0100", @ANYRES32=r7, @ANYBLOB], 0x1c}}, 0x0)
r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280))
move_pages(r9, 0x0, 0x0, 0x0, 0x0, 0x0)
r10 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r10, &(0x7f0000000080)=ANY=[@ANYBLOB="3c0200007d00000005fb000000000000000000000000000000000000000000000003000000000000000000000000000000002900046e6f6465767b6376666f7825ffffff8102000000000031ff0abc92fe33695aa3c2c4626d71fe00003800704a86cec602007dfa673effeb09b5351f5bde050000000000187b8200b500d5157adc2ba00a3ae11200cfc2021000000800000000000000f31362405500f8f669fb716dce315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a400b4b0b4f174a666a8529a451b3407dbdab2884baf050000000040000047ec21ca9ef20f9c1cbe36f4fd1a4cc280e8d489da649a37002c016f6465762d6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7d4626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e1c2d87fff00"/560, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x23c)
move_mount(r8, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')

4m57.828298139s ago: executing program 2 (id=2568):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000500)='./file1/file0\x00', 0x0, 0x201008, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000001180)='./bus\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, 0x0, 0x32600)

4m56.127548311s ago: executing program 2 (id=2573):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x800, 0x0, 0x103, 0x10, 0x4, 0x1}, 0x20)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000080)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a2401fd6e000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r1, @ANYBLOB="05"], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x800, 0x1c2)
getdents64(r2, &(0x7f0000007ac0)=""/4107, 0x100b)
r3 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x2000, 0x69)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r3, 0x40081271, &(0x7f0000001080))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r5)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r7=>0x0})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/notes', 0x432040, 0xa)
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x2c, r6, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}, @NL80211_ATTR_4ADDR={0x5}]}, 0x2c}}, 0x0)
r8 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000002c0), 0x82902, 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x740, 0x140)
r10 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2000004, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r9}, 0x2c, {'wfdno', 0x3d, r10}})
ioctl$TCSETS(r8, 0x5402, &(0x7f0000000200)={0x9, 0x6, 0x3, 0x3, 0xf, "59803ffbefe77a9b9ded8c2242f0bdc19b91f2"})
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000796412000000000000000001851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000106608000000001000180000000000001000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000200085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000140)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x8, r11}, 0x18)

4m55.003458905s ago: executing program 36 (id=2573):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x800, 0x0, 0x103, 0x10, 0x4, 0x1}, 0x20)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000080)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a2401fd6e000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r1, @ANYBLOB="05"], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x800, 0x1c2)
getdents64(r2, &(0x7f0000007ac0)=""/4107, 0x100b)
r3 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x2000, 0x69)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r3, 0x40081271, &(0x7f0000001080))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r5)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r7=>0x0})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/notes', 0x432040, 0xa)
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x2c, r6, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}, @NL80211_ATTR_4ADDR={0x5}]}, 0x2c}}, 0x0)
r8 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000002c0), 0x82902, 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x740, 0x140)
r10 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2000004, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r9}, 0x2c, {'wfdno', 0x3d, r10}})
ioctl$TCSETS(r8, 0x5402, &(0x7f0000000200)={0x9, 0x6, 0x3, 0x3, 0xf, "59803ffbefe77a9b9ded8c2242f0bdc19b91f2"})
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000796412000000000000000001851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000106608000000001000180000000000001000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000200085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000140)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x8, r11}, 0x18)

2m42.058926696s ago: executing program 1 (id=3056):
futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0xfffffffe, 0x6, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="e5ffffff000000004f010000000000008510000002000000850000000000000095000000000000009500a50500000000"], &(0x7f0000001080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = mq_open(&(0x7f0000000000)='&\'\x00', 0x80, 0x130, &(0x7f0000000040)={0x68, 0x0, 0x101, 0x8})
pipe2$watch_queue(&(0x7f0000001000)={<r1=>0xffffffffffffffff}, 0x80)
r2 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r1, 0x0)
pipe2$watch_queue(&(0x7f0000000380)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r3, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r3, 0xffffffffffffffff)
sendmsg$SOCK_DIAG_BY_FAMILY(r3, &(0x7f00000011c0)={&(0x7f00000010c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001180)={&(0x7f0000001100)={0x58, 0x14, 0x400, 0x70bd29, 0x25dfdbff, {0x15, 0x27}, [@INET_DIAG_REQ_BYTECODE={0x41, 0x1, "484cdeb217f9716d31cd959eaa17f66191b85c1ac21064cbdc15794f17544687fd17ed433d46a0133009608076f8f30463d34b513e29bfc03e7629464d"}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x40081)
mq_timedreceive(r0, &(0x7f0000000080)=""/4096, 0x1000, 0x8000000000000000, 0x0)

2m40.114015706s ago: executing program 1 (id=3061):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRESDEC], 0x48)
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd5e, 0x240000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000600)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58)
recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000002c0)}, 0x5}], 0x1, 0xe96ad1452b97d12f, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
socket$rxrpc(0x21, 0x2, 0x4)
userfaultfd(0x801)
pipe2$9p(&(0x7f0000000080), 0x0)
r2 = getpid()
r3 = socket(0x2, 0x2, 0x1)
r4 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x800000)
ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, r3)
ioctl$NBD_DISCONNECT(r4, 0xab08)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
socket$packet(0x11, 0x2, 0x300)
prlimit64(r2, 0xd, &(0x7f0000000040)={0x3, 0x100000001}, &(0x7f0000000240))
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, &(0x7f0000000280)=0x1)

2m37.85296848s ago: executing program 1 (id=3067):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

2m37.520117925s ago: executing program 1 (id=3070):
r0 = socket(0x1, 0x80805, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r1}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='mm_migrate_pages\x00', r2, 0x0, 0x9}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, 0x0, 0x0)

2m37.208976071s ago: executing program 1 (id=3071):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='system.posix_acl_access\x00', 0x0, 0x2)
r0 = socket(0x1d, 0x2, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x80108906, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
futimesat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={{0x77359400}})
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000280)=@generic={&(0x7f0000000240)='./file1\x00', 0x0, 0x18}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x2)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r6, 0xc06864a2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x7, {0x800, 0x1, 0x3, 0x4, 0x6, 0x0, 0x2, 0x9, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, "13757ddc688782636517333c0303dace01a10969cc9f4efe748fb63ea78c9aef"}})
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0xf5a, 0x3, 0x3, 0xfffffff9}, {0x9b, 0x7, 0x6, 0x6}, {0x1, 0x9, 0x0, 0xfff}, {0x0, 0x1, 0x9, 0xe}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x8, 0x1, 0x8}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x25, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000002780)={<r8=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000080)={r8, 0x3})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r7, 0x40182103, &(0x7f0000000080)={r8, 0x0, r5, 0x1})

2m34.073621433s ago: executing program 1 (id=3077):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x1802, 0x0)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f00000000c0)={0x1})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
syz_open_dev$MSR(0x0, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r2=>0x0})
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r2, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}}, 0x0)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=<r5=>0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6)
sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r7, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}}, 0x0)
read$nci(r4, &(0x7f0000000200)=""/100, 0x64)
write$nci(r4, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
r8 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_DBG_G_REGISTER(r8, 0xc0385650, &(0x7f0000000040)={{0x4, @name="60a86785d3266555225618d395189c4b2ef98300a11afd37735550eb0ef3581b"}, 0x8, 0x3, 0x7})
read$nci(r4, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r4, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r4, &(0x7f0000000380)=""/100, 0x64)
write$nci(r4, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000640)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100230100340400000600000008000100d9d18f224c6216ebf7c7b433fb08d0e1451932aa99254f791abc36cdb15a8c8a0594ea85ef74210e81f57d42e4557be2663f8ae367ef9e2b01e200a81e63bc8c0fddfe767f1ba65c83", @ANYRES32=r5, @ANYBLOB="08000300ffffffff"], 0x24}}, 0x0)
read$nci(r4, &(0x7f0000000500)=""/100, 0x64)
write$nci(r4, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r4, &(0x7f00000005c0)=""/100, 0x64)

2m18.80619467s ago: executing program 37 (id=3077):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x1802, 0x0)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f00000000c0)={0x1})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
syz_open_dev$MSR(0x0, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r2=>0x0})
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r2, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}}, 0x0)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=<r5=>0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6)
sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r7, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}}, 0x0)
read$nci(r4, &(0x7f0000000200)=""/100, 0x64)
write$nci(r4, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
r8 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_DBG_G_REGISTER(r8, 0xc0385650, &(0x7f0000000040)={{0x4, @name="60a86785d3266555225618d395189c4b2ef98300a11afd37735550eb0ef3581b"}, 0x8, 0x3, 0x7})
read$nci(r4, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r4, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r4, &(0x7f0000000380)=""/100, 0x64)
write$nci(r4, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000640)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100230100340400000600000008000100d9d18f224c6216ebf7c7b433fb08d0e1451932aa99254f791abc36cdb15a8c8a0594ea85ef74210e81f57d42e4557be2663f8ae367ef9e2b01e200a81e63bc8c0fddfe767f1ba65c83", @ANYRES32=r5, @ANYBLOB="08000300ffffffff"], 0x24}}, 0x0)
read$nci(r4, &(0x7f0000000500)=""/100, 0x64)
write$nci(r4, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r4, &(0x7f00000005c0)=""/100, 0x64)

2m15.263325207s ago: executing program 8 (id=3128):
prlimit64(0x0, 0xe, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000000)={@random="93fc85ff30d2", @random="2ecafcc67af2", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @multicast1}, {0x3200, 0x88be, 0x10, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x100, @void}, "f439992d"}}}}}}, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x8, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, 0x0, 0x0)
clock_getres(0x2, 0x0)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000040)='asymmetric\x00', &(0x7f0000000100)=@keyring)

2m13.968097639s ago: executing program 8 (id=3131):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@delchain={0x77c, 0x65, 0x300, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x6, 0x8}, {0x9, 0x1}, {0xfff1}}, [@filter_kind_options=@f_route={{0xa}, {0x1c, 0x2, [@TCA_ROUTE4_FROM={0x8, 0x3, 0xd6}, @TCA_ROUTE4_CLASSID={0x8, 0x1, {0x0, 0xfff3}}, @TCA_ROUTE4_IIF={0x8, 0x4, r3}]}}, @TCA_CHAIN={0x8, 0xb, 0x1}, @filter_kind_options=@f_basic={{0xa}, {0x71c, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0x9, 0x7}}, @TCA_BASIC_ACT={0x508, 0x3, [@m_nat={0x140, 0x10, 0x0, 0x0, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x2, 0x10, 0x5, 0xa, 0x1}, @multicast2, @rand_addr=0x64010102, 0xff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x2, 0x33d, 0x6, 0x119, 0x2}, @broadcast, @multicast1, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x1, 0x0, 0x6, 0x7}, @private=0xa010100, @loopback, 0xff, 0x1}}]}, {0x9e, 0x6, "802fbe960406bfe4c5328d81aff960e6ab8096191d5650cc8b2de2d8578c9384220f64a6efa983fb7c82a5920a8804f427c871a700271f550f26163c45b9bb922b5f1234becf270353b8151781be4077f3364b9c25178c51ebf34e8f3d17c61203bc1d4bc56ec5005749d984ed9e8af42701dc905d4e27ebc222fcc589f1ea32d6f80ea80922afe6dfc141c91a2a07e75606477555a3b01fd392"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}, @m_mirred={0x1b8, 0x19, 0x0, 0x0, {{0xb}, {0x104, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x4, 0x3, 0xffffffffffffffff, 0x7a36, 0xffff}, 0x1, r2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x80000001, 0xf0, 0x10000000, 0x0, 0x4}, 0x2, r2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x8, 0x101, 0x20000000, 0x0, 0x4}, 0x2, r2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3, 0x0, 0x0, 0x59a1, 0x1}, 0x2, r2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xf, 0x8, 0x4, 0x2fd8, 0x7ff}, 0x1, r2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x4, 0x3, 0x10000000, 0x8, 0x8001}, 0x3, r2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x50f, 0x127, 0x2, 0x7, 0x3}, 0x1, r2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xb, 0xfffffffd, 0x0, 0x400, 0xa}, 0x1, r2}}]}, {0x8b, 0x6, "66b8c99051f648be6a9544426cefabe80b963ccd3f6a80ed7a9ecb7aa7938115eac5ffa78eef168c09984edb85b0f959b3f5f6384d28423816d98a8ebf5cd1911343e49f1e89ba85fb13f91418b6fbe18d3a94ee052bb2299a5297538c482159dec1580ca919731ea10b1d7f6943a764b4e0bda8a506f27d6ef063e2d1076457119ffef9890781"}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}, @m_ife={0x120, 0x11, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x8000, 0x10001, 0x82f774abc7ff01ef, 0x200003, 0xc}}}]}, {0xd9, 0x6, "513ef6fa8fcf1309e921e80c845db8d36c7be5ea0df675c1ea3b53469d95365408075c4a32b572bc5c3a8f1fa2b5aad42604d31f8c5f26c0c14526bc7a6671ceb9680711cf0a1b3d699cbb98a02b43d4b3fdc4d9100aab66e63e52560ff1b66ba8c92f96159ba12b2e01f002696e9cd9794ac07cb06803bbcb439c77405e040595e3c5d7f792f391e380396ada21f1de623e8c013a0d7b66affc5671a6123f4c3a70bf5b86a4f9faf45ca3718e32ed9e82c3e326abf45d4b6ed34964fde513ea59e74b041363cc21f750ba712e510ef9009b94566d"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_skbedit={0x8c, 0x16, 0x0, 0x0, {{0xc}, {0xc, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0xff}]}, {0x57, 0x6, "c99ac0df5ffaa94ea0232f8db735ac9f0abd22a94b3a344ce8919caad71d52d737ab24aff8f4fcb63e1a6899c37615dfd24af2d0b3012ef775daca6349703a6f1148b752460005551bf805d1c90e5e6ec863c9"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_skbmod={0x60, 0x10, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @local}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x3, 0x5f, 0x6, 0x5, 0x5}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}]}, @TCA_BASIC_EMATCHES={0x208, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x9c, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x20b8, 0x3, 0x22}, {0xe0, 0x956a, 0x0, 0x2}}}, @TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x2, 0x8, 0x1}, {0xffffffffffffffff, 0x6, 0x6}}}, @TCF_EM_CANID={0x14, 0x2, 0x0, 0x0, {{0x6, 0x7, 0x3}, {{0x4, 0x0, 0x1, 0x1}, {0x3, 0x0, 0x1}}}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x0, 0x8, 0x8}, {0xffffffffffffffff, 0x3, 0x5}}}, @TCF_EM_CANID={0x14, 0x2, 0x0, 0x0, {{0x2, 0x7, 0x400}, {{0x4}, {0x3}}}}, @TCF_EM_U32={0x1c, 0x2, 0x0, 0x0, {{0x1, 0x3, 0x9}, {0x3, 0x800, 0x4}}}, @TCF_EM_NBYTE={0x18, 0x3, 0x0, 0x0, {{0x800, 0x2, 0xfffd}, {0x8, 0x6, 0x0, "0f9f894a6db5"}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xe6}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xa0d}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}, @TCA_EMATCH_TREE_LIST={0x138, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x7, 0x8, 0x9}, {0x1, 0x2, 0x2}}}, @TCF_EM_IPT={0x34, 0x3, 0x0, 0x0, {{0xb, 0x9, 0x4}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x1}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x2}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x7}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x5}]}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x108a, 0x3, 0x800}, {0x7, 0xff, 0x9, 0x7fff}}}, @TCF_EM_NBYTE={0x18, 0x1, 0x0, 0x0, {{0x7}, {0x8, 0x8, 0x1, "62f5bc0cb7f4e583"}}}, @TCF_EM_IPT={0xa4, 0x2, 0x0, 0x0, {{0x7, 0x9, 0x7}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x1}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x1}, @TCA_EM_IPT_MATCH_DATA={0x75, 0x5, "f735f5c6dbc4226b9b5dd61d8f53f26bc3830d655663b6aa90ab306c24299ae96e161e39fd2d7d62ff725535ba4a131ee245eb59bd716824a00d38d9e8849a6fd286ccc34dec8eff3fd9b959d6a54e0466ef064de181676b65ac0c1993c67c667ae3a7db53e57a8a1f3d4d9d82b7e1efe1"}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x2}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x2}]}}, @TCF_EM_CMP={0x18, 0x3, 0x0, 0x0, {{0x3}, {0x3, 0x6d, 0x1d1, 0x2, 0x7, 0x2}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xdf}}]}]}}]}, 0x77c}}, 0x0)

2m12.191619281s ago: executing program 8 (id=3136):
socket$xdp(0x2c, 0x3, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x62)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000080)={@rand_addr, @broadcast, <r1=>0x0}, &(0x7f00000000c0)=0xc)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=@newtfilter={0x88, 0x2c, 0x1, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x5, 0xf}, {0xffff, 0xfff1}, {0xd, 0x7}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x2}, {0x14, 0x5, [{0x6, 0x1, 0x7, 0x7f}, {0x4, 0x81, 0x0, 0x6}]}}]}}, @filter_kind_options=@f_matchall={{0xd}, {0x14, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xfff2, 0xe}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x4}]}}, @TCA_RATE={0x6, 0x5, {0xff, 0x3}}, @TCA_CHAIN={0x8, 0xb, 0x391}, @TCA_CHAIN={0x8, 0xb, 0x80000001}]}, 0x88}, 0x1, 0x0, 0x0, 0x20004800}, 0x0)

2m11.107448631s ago: executing program 8 (id=3137):
r0 = openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_register(r0, &(0x7f0000000140)={0x3a, 'syz1', 0x3a, 'M', 0x3a, 0x1000, 0x3a, '\x94l\\\xec\xd1\xcb\x9a}\xab7\x1f\xde\xb5\x83>\fG\\x00', 0x3a, '/dev\x14bus:usb/00#/00#\x00', 0x3a, './file0'}, 0x51)

2m9.786027555s ago: executing program 8 (id=3139):
syz_socket_connect_nvme_tcp()
socket$packet(0x11, 0x3, 0x300)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x9}, 0x10, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
process_vm_writev(0x0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = dup(r6)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0xe501, 0x3, 0x208, 0xb8, 0xa, 0x1000000, 0x0, 0x0, 0x170, 0x230, 0x230, 0x170, 0x223, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x20c49a, 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x20c49a, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268)
kcmp$KCMP_EPOLL_TFD(r2, r2, 0x7, r1, &(0x7f00000001c0)={r7, r5})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)

2m8.708724395s ago: executing program 8 (id=3142):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000300))
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @tid=r2}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000280)={<r4=>0x0, 0xfd, "94adb94df04974fbb18c553c027fdf05a4be95dd7473f8f0ffd8f3bc2f882498ea86bcf75f3594d7cdc1d13d939971801e8b8b934a0634edf1aefc25005a56170ba371d4a2969dd8c7e9ce8e18386e098d539ab9239205b70f82d3bd03df51c10d4c32fae839c10dc26a30e8e8301526f0bc9a1431170cb006eecbc3b05be60fd1b4544edb81b7241b254ceca3da0f7005fb0a2159ee9f3c4fd40d04975e81dc32548614eeb03a6e053242c17bfffc6946ab64be956cec780243e9b733b66c10f999663162cb87100c50581f4d7ff4bca412576e24056fff87b3ba37bf9a065b610d1b140ba09014a563d967d56ffd3d496970fb8a88fe21bc0d2a7625"}, &(0x7f00000000c0)=0x105)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000100)={r4, 0x9b6f, 0x5a}, &(0x7f0000000140)=0x8)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
utimensat(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$sock_buf(r1, 0x1, 0x3b, 0x0, &(0x7f00000023c0))
write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)

2m7.884145769s ago: executing program 9 (id=3146):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mincore(&(0x7f0000bfe000/0x400000)=nil, 0x400000, &(0x7f0000000200)=""/133)
mount$9p_rdma(&(0x7f00000013c0), &(0x7f0000001400)='.\x00', &(0x7f0000001440), 0x800, &(0x7f0000000080)={'trans=rdma,', {'port', 0x3d, 0x4e20}})
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
write$sndseq(r7, &(0x7f0000000040)=[{0xf, 0x0, 0x0, 0xfd, @time, {}, {0xe}, @queue}], 0x1c)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

2m6.837891397s ago: executing program 9 (id=3148):
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x7f67, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f00000000c0)={0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3, 0x9, 0x5}})
r1 = socket(0x400000000010, 0x3, 0x0)
write(r1, &(0x7f0000000040)="0f03000019002551075c0165ff0ffc02802000030004000500e1000cee0203001a000000", 0x33a)

2m6.529198177s ago: executing program 9 (id=3149):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, 0x3e8, 0x1, 0x70bd28, 0x25dfdbfc, {0x7, 0x7, './file0', './file0'}}, 0x28}, 0x1, 0x0, 0x0, 0x20004001}, 0x20000040)

2m6.358315248s ago: executing program 9 (id=3150):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a000000"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r5, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x7}, '\x00', "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", '\x00\x00=*', "1202000000040030"}, 0x58)
setsockopt$inet6_tcp_int(r5, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x4e21, 0x7fff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}}, 0x0, 0x0, 0x4b, 0x0, "5d9ed5ab7ede1bcf73742bc36c0ea13d3dec33e0b7cc1ff724fe1906cf9f7945230bc5d9dfea4ffd1e48aaf9a42d97f58da594d5eb926f70f03d2d46f374a6b62ee9d04ac1bf0bef969bcbd8e4700616"}, 0xd8)
connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)

2m5.129966102s ago: executing program 9 (id=3152):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x0)
fchdir(r1)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
syz_io_uring_setup(0x83, &(0x7f0000000580)={0x0, 0xe7b7, 0x13500, 0x0, 0x352}, 0x0, 0x0)
pipe2$9p(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r5 = dup(r4)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0)
write$FUSE_BMAP(r5, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
write$FUSE_DIRENTPLUS(r5, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r5, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r5, &(0x7f00000005c0)=ANY=[@ANYBLOB="b9"], 0xb8)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}})
r6 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x22)
writev(r6, &(0x7f0000000000)=[{&(0x7f00000006c0)='\t', 0x2003f}], 0x1)
write$binfmt_script(r2, 0x0, 0x0)

2m4.804341363s ago: executing program 9 (id=3154):
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
r1 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000040), &(0x7f00000000c0)=0x60, 0x80800)
ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {0xb}}, './file0\x00'})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0x4020aeb2, &(0x7f0000000740)={0x0, 0x12c, @pic={0x0, 0x0, 0x0, 0x0, 0x1}})
r4 = syz_socket_connect_nvme_tcp()
close(r4)

1m57.808202017s ago: executing program 7 (id=3184):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0)
setrlimit(0x40000000000008, &(0x7f0000000000)={0x4848, 0xfffffffffffff006})
mlock(&(0x7f0000009000/0x2000)=nil, 0x2000)
capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000040))
mlock(&(0x7f0000007000/0x3000)=nil, 0x3000)
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47c, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000040)={0xf0f003, 0x8})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x80, 0xf9)
r2 = openat(r1, &(0x7f0000000100)='./file0\x00', 0x80181, 0x0)
getdents(r2, &(0x7f0000001480)=""/4091, 0xffb)

1m57.708268064s ago: executing program 7 (id=3185):
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_syncookies\x00', 0x1, 0x0)
prlimit64(0x0, 0x6, &(0x7f00000001c0)={0xd, 0x40000000000088}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0xb, &(0x7f0000000140)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0xd, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_open_dev$dri(0x0, 0x0, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x54)
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f00000006c0)={0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000340)={0x0, 0xfffffffc, 0x0, 0x0, 0x1, [], [0x0, 0x0, 0x0, 0x9], [0x0, 0x1, 0x2], [0x5, 0x0, 0x0, 0x1]})
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000040)=0x19)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x0, &(0x7f0000000100)=0x6)
mount$binderfs(&(0x7f0000000080), &(0x7f0000000180)='./binderfs2\x00', &(0x7f00000003c0), 0x20001, &(0x7f0000000640)={[{@stats}], [{@euid_eq}, {@dont_hash}, {@subj_user={'subj_user', 0x3d, ','}}, {@seclabel}, {@fowner_eq}, {@flag='sync'}, {@audit}]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x110, 0xffffffffffffffff, 0x15d74000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x80000)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3800005de914000429bd7000ffdbdf250900020073797a310000000008004100727865330070696d726567300000000000000000000af0b93adcfa227ce00e5cc893a46bf406146773395de45c0b62d80251ad09bd5f4f0507f6"], 0xa}, 0x1, 0x0, 0x0, 0x24040895}, 0x40800)

1m56.870989014s ago: executing program 7 (id=3186):
prlimit64(0x0, 0xe, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000000)={@random="93fc85ff30d2", @random="2ecafcc67af2", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @multicast1}, {0x3200, 0x88be, 0x10, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x100, @void}, "f439992d"}}}}}}, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x8, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, 0x0, 0x0)
clock_getres(0x2, 0x0)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000040)='asymmetric\x00', &(0x7f0000000100)=@keyring)

1m55.891776141s ago: executing program 7 (id=3187):
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r4}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mincore(&(0x7f0000bfe000/0x400000)=nil, 0x400000, &(0x7f0000000200)=""/133)
mount$9p_rdma(&(0x7f00000013c0), &(0x7f0000001400)='.\x00', &(0x7f0000001440), 0x800, &(0x7f0000000080)={'trans=rdma,', {'port', 0x3d, 0x4e20}})
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
write$sndseq(r5, &(0x7f0000000040)=[{0xf, 0x0, 0x0, 0xfd, @time, {}, {0xe}, @queue}], 0x1c)

1m54.927527802s ago: executing program 7 (id=3188):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mincore(&(0x7f0000bfe000/0x400000)=nil, 0x400000, &(0x7f0000000200)=""/133)
mount$9p_rdma(&(0x7f00000013c0), &(0x7f0000001400)='.\x00', &(0x7f0000001440), 0x800, &(0x7f0000000080)={'trans=rdma,', {'port', 0x3d, 0x4e20}})
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
write$sndseq(r6, &(0x7f0000000040)=[{0xf, 0x0, 0x0, 0xfd, @time, {}, {0xe}, @queue}], 0x1c)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

1m53.898213858s ago: executing program 7 (id=3190):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280), 0x40900, 0x0)
r0 = syz_io_uring_setup(0x6b1d, &(0x7f0000000380)={0x0, 0xffffffec, 0x800, 0x10000000, 0x13e}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8126}})
chmod(&(0x7f00000000c0)='./file0\x00', 0x6)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001800efe000000000000000000afc000000000000000000000c00090008000000", @ANYRES32=0x0, @ANYBLOB="140005"], 0x3c}, 0x1, 0x11}, 0x0)
io_uring_enter(r0, 0x38c5, 0x2000000, 0x0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x5400, 0x0)

1m52.865501151s ago: executing program 38 (id=3142):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000300))
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @tid=r2}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000280)={<r4=>0x0, 0xfd, "94adb94df04974fbb18c553c027fdf05a4be95dd7473f8f0ffd8f3bc2f882498ea86bcf75f3594d7cdc1d13d939971801e8b8b934a0634edf1aefc25005a56170ba371d4a2969dd8c7e9ce8e18386e098d539ab9239205b70f82d3bd03df51c10d4c32fae839c10dc26a30e8e8301526f0bc9a1431170cb006eecbc3b05be60fd1b4544edb81b7241b254ceca3da0f7005fb0a2159ee9f3c4fd40d04975e81dc32548614eeb03a6e053242c17bfffc6946ab64be956cec780243e9b733b66c10f999663162cb87100c50581f4d7ff4bca412576e24056fff87b3ba37bf9a065b610d1b140ba09014a563d967d56ffd3d496970fb8a88fe21bc0d2a7625"}, &(0x7f00000000c0)=0x105)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000100)={r4, 0x9b6f, 0x5a}, &(0x7f0000000140)=0x8)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
utimensat(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$sock_buf(r1, 0x1, 0x3b, 0x0, &(0x7f00000023c0))
write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)

1m49.670752832s ago: executing program 39 (id=3154):
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
r1 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000040), &(0x7f00000000c0)=0x60, 0x80800)
ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {0xb}}, './file0\x00'})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0x4020aeb2, &(0x7f0000000740)={0x0, 0x12c, @pic={0x0, 0x0, 0x0, 0x0, 0x1}})
r4 = syz_socket_connect_nvme_tcp()
close(r4)

1m38.526470732s ago: executing program 40 (id=3190):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280), 0x40900, 0x0)
r0 = syz_io_uring_setup(0x6b1d, &(0x7f0000000380)={0x0, 0xffffffec, 0x800, 0x10000000, 0x13e}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8126}})
chmod(&(0x7f00000000c0)='./file0\x00', 0x6)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001800efe000000000000000000afc000000000000000000000c00090008000000", @ANYRES32=0x0, @ANYBLOB="140005"], 0x3c}, 0x1, 0x11}, 0x0)
io_uring_enter(r0, 0x38c5, 0x2000000, 0x0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x5400, 0x0)

1.097256615s ago: executing program 5 (id=3434):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x3c00, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10800}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x15}, @IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local}]}}}]}, 0x48}}, 0x0)

968.110201ms ago: executing program 5 (id=3435):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000003c0)='dctcp-reno\x00', 0xb)
setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000000200), 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
cachestat(r1, &(0x7f0000000000)={0x9, 0x300}, &(0x7f00000000c0), 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000006c0)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f000000bc40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)=""/71, 0x47}], 0x1}, 0x9}], 0x1, 0xf0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10800}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_IPTABLES={0x5, 0x24, 0x1}, @IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local}]}}}]}, 0x48}}, 0x0)

140.629894ms ago: executing program 5 (id=3436):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x1}}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x80, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x54, 0x3, 0x0, 0x1, [{0x50, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x44, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x3}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x10}]}}}, {0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf8}}, 0x0)

99.541595ms ago: executing program 5 (id=3437):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffff16c, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000600)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB="1100"/12, @ANYRES32=r2, @ANYBLOB="8dd88ad4fba6e0d0fdfc72f6b32d93771d6819628fd58479f87a78203ec433f60601dd3f0c4c92a2c4c3757d8aa38ac2c0980e6a2a868f6c02f974a3ff163d49f3fa6fc466500b442eb1878f119ad625f896c83893a60e29f3b04196aca3fe585e9b39af28d2add1f80487bb0851f82e9dc7fb1c554586d040169463bf2774bd7fae441722a5b1ee6b41fe770552e7759bc0dccbf9ef421f31c83cd5bf5364f7417eb7c4c9b17b3416f34117da82790ff8cb2a334e4bca162a99ac68356fc9e0aa6d5e9ec6a70f85f4ab55bfb62b9f041e2938a3600c290e1d402dcba163203a7ad1", @ANYRES64=0x0], 0x20)

12.376019ms ago: executing program 5 (id=3438):
r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0xbd84, 0x0, 0x1, 0x12d}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000640)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, 0x0)
io_uring_enter(r0, 0x22d2, 0x20, 0x0, 0x0, 0x0)

0s ago: executing program 5 (id=3439):
socket$nl_route(0x10, 0x3, 0x0)
iopl(0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="300000001a000b322dbd7000000000000a008000", @ANYRES32=0x0, @ANYBLOB="000000001400010020010000000000000000000000000002"], 0x30}, 0x1, 0x0, 0x0, 0x45}, 0x20044000)

kernel console output (not intermixed with test programs):

 interface: batadv_slave_0
[ 1227.167128][ T1102] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1229.411474][T15550] nvme_fabrics: missing parameter 'transport=%s'
[ 1229.418242][T15550] nvme_fabrics: missing parameter 'nqn=%s'
[ 1230.649539][ T1102] team0 (unregistering): Port device team_slave_1 removed
[ 1230.770047][ T1102] team0 (unregistering): Port device team_slave_0 removed
[ 1232.290342][T15365] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1232.297990][T15365] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1232.311325][T15365] bridge_slave_0: entered allmulticast mode
[ 1232.320233][T15365] bridge_slave_0: entered promiscuous mode
[ 1232.342064][T15365] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1232.358078][T15365] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1232.371856][T15365] bridge_slave_1: entered allmulticast mode
[ 1232.391493][T15365] bridge_slave_1: entered promiscuous mode
[ 1232.539458][T15393] chnl_net:caif_netlink_parms(): no params data found
[ 1232.688048][T15365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1232.714430][T15365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1233.064233][T15584] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2180'.
[ 1234.557810][T15365] team0: Port device team_slave_0 added
[ 1234.928270][T15365] team0: Port device team_slave_1 added
[ 1235.932997][T15393] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1235.956459][T15393] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1236.004604][T15393] bridge_slave_0: entered allmulticast mode
[ 1236.018674][T15393] bridge_slave_0: entered promiscuous mode
[ 1236.037644][T15393] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1236.048589][T15393] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1236.061363][T15393] bridge_slave_1: entered allmulticast mode
[ 1236.082870][T15393] bridge_slave_1: entered promiscuous mode
[ 1238.807257][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.814994][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1238.871834][T15365] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1239.219676][T15365] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1239.261729][T15365] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1239.333488][T15393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1239.529498][T15365] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1239.754639][T15365] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1239.784413][T15365] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1240.784797][T15393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1241.777973][ T3490] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1242.378132][T15641] netlink: 'syz.5.2188': attribute type 10 has an invalid length.
[ 1242.386158][T15641] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2188'.
[ 1243.142558][T15365] hsr_slave_0: entered promiscuous mode
[ 1243.413069][T15365] hsr_slave_1: entered promiscuous mode
[ 1244.265546][T15365] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1244.302384][T15365] Cannot create hsr debugfs directory
[ 1244.603570][T15393] team0: Port device team_slave_0 added
[ 1244.838459][T15393] team0: Port device team_slave_1 added
[ 1245.389958][T15393] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1245.452005][T15393] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1245.602805][T15393] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1246.336089][T15674] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2194'.
[ 1246.568091][T15393] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1246.575297][T15393] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1246.604384][T15393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1246.812934][T15661] nvme_fabrics: missing parameter 'transport=%s'
[ 1246.840038][T15661] nvme_fabrics: missing parameter 'nqn=%s'
[ 1247.907202][T15393] hsr_slave_0: entered promiscuous mode
[ 1248.391171][T15393] hsr_slave_1: entered promiscuous mode
[ 1248.412849][T15393] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1248.422557][T15393] Cannot create hsr debugfs directory
[ 1248.440150][T15686] overlay: Unknown parameter '/dev/cpu/#/msr'
[ 1252.579276][T15726] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2202'.
[ 1256.057420][T15365] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1256.297788][T15365] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1256.338770][T15365] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1256.815965][T15365] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1257.344974][T15393] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1257.390809][T15393] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1257.446050][T15393] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1257.480778][T15393] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1257.840578][T15365] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1257.919762][T15365] 8021q: adding VLAN 0 to HW filter on device team0
[ 1257.973383][ T5985] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1257.980681][ T5985] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1258.021286][ T5985] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1258.028527][ T5985] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1259.731771][T15365] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1259.776532][T15365] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1259.827919][T15393] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1259.956124][T15393] 8021q: adding VLAN 0 to HW filter on device team0
[ 1260.018692][ T6696] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1260.026116][ T6696] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1260.101337][T15798] nvme_fabrics: missing parameter 'transport=%s'
[ 1260.147172][T15798] nvme_fabrics: missing parameter 'nqn=%s'
[ 1260.156118][ T6696] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1260.163683][ T6696] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1261.472067][T15365] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1264.580137][T15393] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1265.510543][    C1] vcan0: j1939_tp_rxtimer: 0xffff888033927400: rx timeout, send abort
[ 1265.634982][T14923] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1265.661826][T14923] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1265.672995][T14923] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1265.681731][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805541fc00: rx timeout, send abort
[ 1265.686076][T14923] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1265.692194][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805541fc00: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1265.698204][T14923] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1266.018915][    C1] vcan0: j1939_tp_rxtimer: 0xffff888033927400: abort rx timeout. Force session deactivation
[ 1266.086016][T15877] netlink: 'syz.2.2221': attribute type 10 has an invalid length.
[ 1266.094006][T15877] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2221'.
[ 1266.979744][T15870] lo speed is unknown, defaulting to 1000
[ 1267.027779][T15393] veth0_vlan: entered promiscuous mode
[ 1267.864862][ T5823] Bluetooth: hci1: command tx timeout
[ 1269.515386][ T1141] bridge_slave_1: left allmulticast mode
[ 1269.537051][ T1141] bridge_slave_1: left promiscuous mode
[ 1269.588917][ T1141] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1269.996550][ T5823] Bluetooth: hci1: command tx timeout
[ 1270.495009][ T1141] bridge_slave_0: left allmulticast mode
[ 1270.500807][ T1141] bridge_slave_0: left promiscuous mode
[ 1270.520884][ T1141] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1272.074914][ T5823] Bluetooth: hci1: command tx timeout
[ 1272.682822][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802827cc00: rx timeout, send abort
[ 1272.691556][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88802827cc00: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1273.296644][T14923] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1273.311796][T14923] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1273.320652][T14923] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1273.330903][T14923] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1273.339434][T14923] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1274.142800][ T5823] Bluetooth: hci1: command tx timeout
[ 1274.497275][ T1141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1274.516609][ T1141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1274.532596][ T1141] bond0 (unregistering): Released all slaves
[ 1276.872077][ T5823] Bluetooth: hci3: command tx timeout
[ 1276.908522][T14128] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1277.518157][ T1141] hsr_slave_0: left promiscuous mode
[ 1277.603664][ T1141] hsr_slave_1: left promiscuous mode
[ 1277.610338][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1277.635196][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1279.508644][ T5823] Bluetooth: hci3: command tx timeout
[ 1280.417160][ T1141] team0 (unregistering): Port device team_slave_1 removed
[ 1280.596610][ T1141] team0 (unregistering): Port device team_slave_0 removed
[ 1280.966359][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802fe57c00: rx timeout, send abort
[ 1280.975127][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88802fe57c00: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1281.180810][T15991] nvme_fabrics: missing parameter 'transport=%s'
[ 1281.198931][T15991] nvme_fabrics: missing parameter 'nqn=%s'
[ 1282.090241][T14923] Bluetooth: hci3: command tx timeout
[ 1282.680620][T15925] lo speed is unknown, defaulting to 1000
[ 1283.513461][T15870] chnl_net:caif_netlink_parms(): no params data found
[ 1284.242011][T14923] Bluetooth: hci3: command tx timeout
[ 1284.804755][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880551e0000: rx timeout, send abort
[ 1284.813223][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880551e0000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1286.597416][T16065] Bluetooth: MGMT ver 1.23
[ 1286.661638][T15870] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1286.713403][T15870] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1286.765136][T15870] bridge_slave_0: entered allmulticast mode
[ 1286.795360][T15870] bridge_slave_0: entered promiscuous mode
[ 1287.059873][T15870] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1287.076380][T15870] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1287.103177][T15870] bridge_slave_1: entered allmulticast mode
[ 1287.993382][T15870] bridge_slave_1: entered promiscuous mode
[ 1288.026826][T15925] chnl_net:caif_netlink_parms(): no params data found
[ 1289.466973][T16082] block nbd2: NBD_DISCONNECT
[ 1291.092233][T15870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1291.147703][T15870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1291.917424][T15870] team0: Port device team_slave_0 added
[ 1292.460831][T15870] team0: Port device team_slave_1 added
[ 1293.417936][    C0] vcan0: j1939_tp_rxtimer: 0xffff888021fc1000: rx timeout, send abort
[ 1293.427148][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888021fc1000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1293.849196][T15925] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1293.904299][T15925] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1293.934851][T15925] bridge_slave_0: entered allmulticast mode
[ 1294.005751][T15925] bridge_slave_0: entered promiscuous mode
[ 1294.047158][T15925] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1294.077852][T15925] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1294.129276][T15925] bridge_slave_1: entered allmulticast mode
[ 1294.162967][T15925] bridge_slave_1: entered promiscuous mode
[ 1294.262715][T15870] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1294.348241][T15870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1294.374358][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1295.043668][T15870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1295.259844][T15925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1295.294539][T15870] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1295.301754][T15870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1295.352026][T15870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1295.542235][T15925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1295.590861][    C1] vcan0: j1939_tp_rxtimer: 0xffff888064baa400: rx timeout, send abort
[ 1295.599588][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888064baa400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1297.569997][T15925] team0: Port device team_slave_0 added
[ 1297.690398][T15870] hsr_slave_0: entered promiscuous mode
[ 1297.716836][T15870] hsr_slave_1: entered promiscuous mode
[ 1297.723204][T15870] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1297.734294][T15870] Cannot create hsr debugfs directory
[ 1297.740502][ T1141] bridge_slave_1: left allmulticast mode
[ 1297.747612][ T1141] bridge_slave_1: left promiscuous mode
[ 1297.753448][ T1141] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1297.773206][ T1141] bridge_slave_0: left allmulticast mode
[ 1297.783083][ T1141] bridge_slave_0: left promiscuous mode
[ 1297.789231][ T1141] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1297.997549][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802827dc00: rx timeout, send abort
[ 1298.006639][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88802827dc00: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1299.753218][ T1141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1299.788445][ T1141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1299.799839][ T1141] bond0 (unregistering): Released all slaves
[ 1299.857016][T15925] team0: Port device team_slave_1 added
[ 1300.193174][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.200179][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1301.474347][T15925] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1301.498370][T15925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1301.526409][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1301.540324][T15925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1302.169987][T15925] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1302.267824][T15925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1302.548175][T15925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1302.593533][ T1141] hsr_slave_0: left promiscuous mode
[ 1302.933208][ T1141] hsr_slave_1: left promiscuous mode
[ 1303.225077][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1303.264406][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1303.311253][ T1141] veth0_vlan: left promiscuous mode
[ 1304.848744][ T1141] team0 (unregistering): Port device team_slave_1 removed
[ 1304.913230][ T1141] team0 (unregistering): Port device team_slave_0 removed
[ 1306.052999][T15925] hsr_slave_0: entered promiscuous mode
[ 1306.088945][T15925] hsr_slave_1: entered promiscuous mode
[ 1306.121911][T15925] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1306.176931][T15925] Cannot create hsr debugfs directory
[ 1307.424454][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880554d5800: rx timeout, send abort
[ 1307.434717][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880554d5800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1308.840497][T16275] nvme_fabrics: missing parameter 'transport=%s'
[ 1308.858973][T16275] nvme_fabrics: missing parameter 'nqn=%s'
[ 1309.711890][    C1] vcan0: j1939_tp_rxtimer: 0xffff888057cecc00: rx timeout, send abort
[ 1309.723780][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888057cecc00: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1309.831364][ T5985] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1310.891314][T15925] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1310.927742][T15925] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1310.957285][T15925] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1311.055437][T15925] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1311.153558][T15870] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1311.193011][T15870] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1311.207174][    C1] vcan0: j1939_tp_rxtimer: 0xffff88806e56c800: rx timeout, send abort
[ 1311.324257][T15870] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1311.345821][T15870] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1311.575541][T15925] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1311.614858][T15925] 8021q: adding VLAN 0 to HW filter on device team0
[ 1311.646110][T15870] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1311.660658][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1311.667902][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1311.688791][ T6696] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1311.696149][ T6696] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1311.715473][    C1] vcan0: j1939_tp_rxtimer: 0xffff88806e56c800: abort rx timeout. Force session deactivation
[ 1311.749851][T15870] 8021q: adding VLAN 0 to HW filter on device team0
[ 1311.798386][ T5985] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1311.805761][ T5985] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1311.840476][ T5985] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1311.847853][ T5985] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1312.592343][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880690acc00: rx timeout, send abort
[ 1313.100807][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880690acc00: abort rx timeout. Force session deactivation
[ 1314.197916][T15870] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1314.581815][T15925] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1314.772265][T16365] block nbd1: NBD_DISCONNECT
[ 1315.222838][    C0] vcan0: j1939_tp_rxtimer: 0xffff88806d091400: rx timeout, send abort
[ 1315.398321][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805f923400: rx timeout, send abort
[ 1315.406976][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805f923400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1315.731315][    C0] vcan0: j1939_tp_rxtimer: 0xffff88806d091400: abort rx timeout. Force session deactivation
[ 1316.222268][T15925] veth0_vlan: entered promiscuous mode
[ 1316.316978][T15925] veth1_vlan: entered promiscuous mode
[ 1316.624910][T15870] veth0_vlan: entered promiscuous mode
[ 1316.643275][T15870] veth1_vlan: entered promiscuous mode
[ 1316.701815][T15925] veth0_macvtap: entered promiscuous mode
[ 1316.854520][T15925] veth1_macvtap: entered promiscuous mode
[ 1317.090816][T16416] block nbd2: NBD_DISCONNECT
[ 1317.506346][T15925] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1317.582877][T15925] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1317.653030][T15870] veth0_macvtap: entered promiscuous mode
[ 1317.686575][T15925] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1317.713874][T15925] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1317.743041][T15925] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1317.788706][T15925] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1317.919060][T15870] veth1_macvtap: entered promiscuous mode
[ 1318.210004][T16427] block nbd1: NBD_DISCONNECT
[ 1318.670017][T15870] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1318.747625][T15870] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1318.956382][T15870] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1318.994087][T15870] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1319.017972][T15870] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1319.047877][T15870] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1319.227482][ T5985] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1319.249049][ T5985] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1319.441171][ T5985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1319.478958][ T5985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1319.666286][ T5985] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1319.684865][ T5985] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1319.903034][ T5985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1320.071778][ T5985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1323.468767][T16502] block nbd7: NBD_DISCONNECT
[ 1326.981036][T16543] block nbd2: NBD_DISCONNECT
[ 1327.774223][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805766a000: rx timeout, send abort
[ 1328.282695][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805766a000: abort rx timeout. Force session deactivation
[ 1329.255898][T16575] block nbd8: NBD_DISCONNECT
[ 1330.004414][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805f920400: rx timeout, send abort
[ 1330.512857][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805f920400: abort rx timeout. Force session deactivation
[ 1331.222669][T16593] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes
[ 1333.769341][    C1] vcan0: j1939_tp_rxtimer: 0xffff888021ef3400: rx timeout, send abort
[ 1333.777924][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888021ef3400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1335.779856][    C0] vcan0: j1939_tp_rxtimer: 0xffff888064ba9400: rx timeout, send abort
[ 1335.788792][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888064ba9400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1340.228684][T16690] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes
[ 1341.245393][T14128] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1342.874535][T16720] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes
[ 1346.040692][T16752] netlink: 'syz.8.2361': attribute type 10 has an invalid length.
[ 1346.048739][T16752] netlink: 40 bytes leftover after parsing attributes in process `syz.8.2361'.
[ 1346.837480][T16752] team0: Port device geneve0 added
[ 1348.230803][T16770] netlink: 'syz.8.2365': attribute type 10 has an invalid length.
[ 1348.238992][T16770] netlink: 40 bytes leftover after parsing attributes in process `syz.8.2365'.
[ 1351.936725][T16826] netlink: 'syz.5.2375': attribute type 10 has an invalid length.
[ 1351.945329][T16826] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2375'.
[ 1353.273477][T16828] block nbd1: NBD_DISCONNECT
[ 1357.267277][T16876] netlink: 'syz.8.2386': attribute type 10 has an invalid length.
[ 1357.275314][T16876] netlink: 40 bytes leftover after parsing attributes in process `syz.8.2386'.
[ 1359.225899][T16898] netlink: 'syz.8.2388': attribute type 10 has an invalid length.
[ 1359.237593][T16898] netlink: 40 bytes leftover after parsing attributes in process `syz.8.2388'.
[ 1360.375026][T16905] netlink: 'syz.5.2392': attribute type 10 has an invalid length.
[ 1360.382960][T16905] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2392'.
[ 1361.430848][T16913] netlink: 'syz.7.2394': attribute type 10 has an invalid length.
[ 1361.438883][T16913] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2394'.
[ 1361.588090][T16913] team0: Port device geneve0 added
[ 1362.144740][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1362.151393][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1364.478641][T16933] netlink: 'syz.2.2398': attribute type 10 has an invalid length.
[ 1364.486642][T16933] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2398'.
[ 1371.074787][T16971] netlink: 'syz.1.2407': attribute type 10 has an invalid length.
[ 1371.082766][T16971] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2407'.
[ 1372.105595][T16978] netlink: 'syz.5.2406': attribute type 10 has an invalid length.
[ 1372.114584][T16978] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2406'.
[ 1373.154131][ T5946] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1373.498894][T16990] netlink: 'syz.8.2411': attribute type 10 has an invalid length.
[ 1373.506934][T16990] netlink: 40 bytes leftover after parsing attributes in process `syz.8.2411'.
[ 1374.178637][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880559af800: rx timeout, send abort
[ 1374.187690][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880559af800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1381.421352][T17040] netlink: 'syz.8.2422': attribute type 10 has an invalid length.
[ 1381.429961][T17040] netlink: 40 bytes leftover after parsing attributes in process `syz.8.2422'.
[ 1381.862337][T17048] netlink: 'syz.5.2425': attribute type 10 has an invalid length.
[ 1381.871820][T17048] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2425'.
[ 1383.244011][T17065] netlink: 'syz.5.2427': attribute type 10 has an invalid length.
[ 1383.252151][T17065] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2427'.
[ 1385.715761][T17083] netlink: 'syz.7.2434': attribute type 10 has an invalid length.
[ 1385.723746][T17083] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2434'.
[ 1389.469671][T14923] Bluetooth: hci1: command 0x0406 tx timeout
[ 1391.621603][T17135] netlink: 'syz.1.2443': attribute type 10 has an invalid length.
[ 1391.629635][T17135] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2443'.
[ 1395.408993][T17175] netlink: 'syz.5.2452': attribute type 10 has an invalid length.
[ 1395.417168][T17175] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2452'.
[ 1397.948973][T17172] netlink: 'syz.2.2453': attribute type 10 has an invalid length.
[ 1397.958015][T17172] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2453'.
[ 1399.743729][T14923] Bluetooth: hci3: command 0x0406 tx timeout
[ 1406.586814][ T6696] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1409.337563][T17247] netlink: 'syz.1.2468': attribute type 10 has an invalid length.
[ 1409.345518][T17247] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2468'.
[ 1410.384909][ T5823] Bluetooth: hci1: unexpected event for opcode 0x2060
[ 1412.315566][ T5823] Bluetooth: hci3: unexpected event for opcode 0x2060
[ 1415.008694][T17304] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes
[ 1416.139233][T17300] block nbd2: NBD_DISCONNECT
[ 1418.196982][T17326] netlink: 'syz.7.2484': attribute type 10 has an invalid length.
[ 1418.205162][T17326] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2484'.
[ 1421.880878][T17363] netlink: 'syz.2.2493': attribute type 10 has an invalid length.
[ 1421.888933][T17363] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2493'.
[ 1422.901024][T17374] netlink: 'syz.5.2494': attribute type 10 has an invalid length.
[ 1422.909208][T17374] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2494'.
[ 1423.075971][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1423.082843][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1425.475268][T17393] netlink: 'syz.2.2500': attribute type 10 has an invalid length.
[ 1425.483233][T17393] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2500'.
[ 1426.744479][T17402] netlink: 'syz.7.2502': attribute type 10 has an invalid length.
[ 1426.752378][T17402] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2502'.
[ 1427.021242][T17404] netlink: 'syz.2.2503': attribute type 10 has an invalid length.
[ 1427.030310][T17404] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2503'.
[ 1428.294087][T17417] netlink: 'syz.8.2504': attribute type 10 has an invalid length.
[ 1428.302042][T17417] netlink: 40 bytes leftover after parsing attributes in process `syz.8.2504'.
[ 1429.677063][T17428] netlink: 'syz.8.2508': attribute type 10 has an invalid length.
[ 1429.685114][T17428] netlink: 40 bytes leftover after parsing attributes in process `syz.8.2508'.
[ 1430.063417][T17430] netlink: 'syz.2.2509': attribute type 10 has an invalid length.
[ 1430.072206][T17430] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2509'.
[ 1432.546105][T17456] netlink: 'syz.1.2515': attribute type 10 has an invalid length.
[ 1432.554185][T17456] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2515'.
[ 1433.406258][ T5823] Bluetooth: hci1: unexpected event for opcode 0x2060
[ 1433.818173][T17462] netlink: 'syz.1.2519': attribute type 10 has an invalid length.
[ 1433.826169][T17462] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2519'.
[ 1434.393988][T13904] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[ 1434.486028][T17487] FAULT_INJECTION: forcing a failure.
[ 1434.486028][T17487] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 1434.508593][T17487] CPU: 0 UID: 0 PID: 17487 Comm: syz.1.2523 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[ 1434.508626][T17487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1434.508640][T17487] Call Trace:
[ 1434.508649][T17487]  <TASK>
[ 1434.508659][T17487]  dump_stack_lvl+0x189/0x250
[ 1434.508698][T17487]  ? __pfx____ratelimit+0x10/0x10
[ 1434.508731][T17487]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1434.508763][T17487]  ? __pfx__printk+0x10/0x10
[ 1434.508785][T17487]  ? __might_fault+0xb0/0x130
[ 1434.508828][T17487]  should_fail_ex+0x414/0x560
[ 1434.508860][T17487]  _copy_from_user+0x2d/0xb0
[ 1434.508882][T17487]  __sys_bpf+0x1ed/0x860
[ 1434.508912][T17487]  ? __pfx___sys_bpf+0x10/0x10
[ 1434.508953][T17487]  ? ksys_write+0x22a/0x250
[ 1434.508988][T17487]  ? __pfx_ksys_write+0x10/0x10
[ 1434.509010][T17487]  ? rcu_is_watching+0x15/0xb0
[ 1434.509049][T17487]  __x64_sys_bpf+0x7c/0x90
[ 1434.509074][T17487]  do_syscall_64+0xfa/0x3b0
[ 1434.509105][T17487]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1434.509135][T17487]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1434.509157][T17487]  ? clear_bhb_loop+0x60/0xb0
[ 1434.509183][T17487]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1434.509204][T17487] RIP: 0033:0x7f02a898e929
[ 1434.509224][T17487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1434.509242][T17487] RSP: 002b:00007f02a98a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1434.509266][T17487] RAX: ffffffffffffffda RBX: 00007f02a8bb5fa0 RCX: 00007f02a898e929
[ 1434.509278][T17487] RDX: 0000000000000048 RSI: 0000200000000180 RDI: 000000000000000a
[ 1434.509288][T17487] RBP: 00007f02a98a7090 R08: 0000000000000000 R09: 0000000000000000
[ 1434.509297][T17487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1434.509306][T17487] R13: 0000000000000000 R14: 00007f02a8bb5fa0 R15: 00007fffd7e36858
[ 1434.509330][T17487]  </TASK>
[ 1434.780316][T13904] usb 9-1: New USB device found, idVendor=1397, idProduct=00bd, bcdDevice=c5.66
[ 1434.789694][T13904] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1434.804617][T13904] usb 9-1: config 0 descriptor??
[ 1434.817565][T13904] usb 9-1: invalid MIDI EP
[ 1434.822459][T13904] usb 9-1: snd-bcd2000: error during probing
[ 1434.830336][T13904] snd-bcd2000 9-1:0.0: probe with driver snd-bcd2000 failed with error -22
[ 1435.032286][T17489] netlink: 'syz.1.2524': attribute type 10 has an invalid length.
[ 1435.040214][T17489] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2524'.
[ 1435.129647][T13904] usb 9-1: USB disconnect, device number 2
[ 1435.651479][T17470] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1435.670073][T17470] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[ 1435.781989][T17501] netlink: 'syz.2.2525': attribute type 10 has an invalid length.
[ 1435.789975][T17501] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2525'.
[ 1436.554854][T17470] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1436.607717][T17504] FAULT_INJECTION: forcing a failure.
[ 1436.607717][T17504] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1436.611762][T17470] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[ 1436.683074][T17504] CPU: 1 UID: 0 PID: 17504 Comm: syz.2.2526 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[ 1436.683107][T17504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1436.683121][T17504] Call Trace:
[ 1436.683130][T17504]  <TASK>
[ 1436.683143][T17504]  dump_stack_lvl+0x189/0x250
[ 1436.683180][T17504]  ? __pfx____ratelimit+0x10/0x10
[ 1436.683211][T17504]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1436.683243][T17504]  ? __pfx__printk+0x10/0x10
[ 1436.683264][T17504]  ? __might_fault+0xb0/0x130
[ 1436.683302][T17504]  should_fail_ex+0x414/0x560
[ 1436.683332][T17504]  _copy_from_user+0x2d/0xb0
[ 1436.683353][T17504]  ___sys_sendmsg+0x158/0x2a0
[ 1436.683382][T17504]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1436.683445][T17504]  ? __fget_files+0x2a/0x420
[ 1436.683473][T17504]  ? __fget_files+0x3a0/0x420
[ 1436.683513][T17504]  __x64_sys_sendmsg+0x19b/0x260
[ 1436.683542][T17504]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1436.683577][T17504]  ? __pfx_ksys_write+0x10/0x10
[ 1436.683597][T17504]  ? rcu_is_watching+0x15/0xb0
[ 1436.683634][T17504]  ? do_syscall_64+0xbe/0x3b0
[ 1436.683671][T17504]  do_syscall_64+0xfa/0x3b0
[ 1436.683702][T17504]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1436.683733][T17504]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1436.683755][T17504]  ? clear_bhb_loop+0x60/0xb0
[ 1436.683780][T17504]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1436.683802][T17504] RIP: 0033:0x7efe9418e929
[ 1436.683822][T17504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1436.683841][T17504] RSP: 002b:00007efe94fc0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1436.683865][T17504] RAX: ffffffffffffffda RBX: 00007efe943b5fa0 RCX: 00007efe9418e929
[ 1436.683881][T17504] RDX: 0000000000000000 RSI: 0000200000001200 RDI: 0000000000000003
[ 1436.683894][T17504] RBP: 00007efe94fc0090 R08: 0000000000000000 R09: 0000000000000000
[ 1436.683909][T17504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1436.683921][T17504] R13: 0000000000000000 R14: 00007efe943b5fa0 R15: 00007fffbf745258
[ 1436.683955][T17504]  </TASK>
[ 1437.269616][T17511] macvlan2: entered allmulticast mode
[ 1437.287170][T17511] bond_slave_0: entered promiscuous mode
[ 1437.293388][T17511] bond_slave_1: entered promiscuous mode
[ 1437.334120][T17511] bond0: entered allmulticast mode
[ 1437.348148][T17511] bond_slave_0: entered allmulticast mode
[ 1437.362460][T17511] bond_slave_1: entered allmulticast mode
[ 1437.436274][T17519] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2530'.
[ 1437.459563][T17511] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1438.306048][T17511] team0: Port device macvlan2 added
[ 1439.704867][   T10] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[ 1439.744479][T17559] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1439.870645][   T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD6, changing to 0x86
[ 1439.931674][   T10] usb 2-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[ 1439.965952][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1439.982697][   T10] usb 2-1: Product: syz
[ 1439.987950][   T10] usb 2-1: Manufacturer: syz
[ 1439.994286][   T10] usb 2-1: SerialNumber: syz
[ 1440.012875][   T10] usb 2-1: config 0 descriptor??
[ 1440.137248][T17579] FAULT_INJECTION: forcing a failure.
[ 1440.137248][T17579] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1440.152541][T17579] CPU: 1 UID: 0 PID: 17579 Comm: syz.2.2547 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[ 1440.152573][T17579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1440.152587][T17579] Call Trace:
[ 1440.152596][T17579]  <TASK>
[ 1440.152604][T17579]  dump_stack_lvl+0x189/0x250
[ 1440.152642][T17579]  ? __pfx____ratelimit+0x10/0x10
[ 1440.152674][T17579]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1440.152707][T17579]  ? __pfx__printk+0x10/0x10
[ 1440.152744][T17579]  should_fail_ex+0x414/0x560
[ 1440.152777][T17579]  _copy_to_user+0x31/0xb0
[ 1440.152807][T17579]  simple_read_from_buffer+0xe1/0x170
[ 1440.152839][T17579]  proc_fail_nth_read+0x1df/0x250
[ 1440.152875][T17579]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1440.152911][T17579]  ? rw_verify_area+0x258/0x650
[ 1440.152935][T17579]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1440.152969][T17579]  vfs_read+0x200/0x980
[ 1440.153000][T17579]  ? __pfx___mutex_lock+0x10/0x10
[ 1440.153035][T17579]  ? __pfx_vfs_read+0x10/0x10
[ 1440.153061][T17579]  ? __fget_files+0x2a/0x420
[ 1440.153096][T17579]  ? __fget_files+0x3a0/0x420
[ 1440.153124][T17579]  ? __fget_files+0x2a/0x420
[ 1440.153164][T17579]  ksys_read+0x145/0x250
[ 1440.153186][T17579]  ? __fget_files+0x2a/0x420
[ 1440.153217][T17579]  ? __pfx_ksys_read+0x10/0x10
[ 1440.153249][T17579]  ? do_syscall_64+0xbe/0x3b0
[ 1440.153287][T17579]  do_syscall_64+0xfa/0x3b0
[ 1440.153319][T17579]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1440.153361][T17579]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1440.153392][T17579]  ? clear_bhb_loop+0x60/0xb0
[ 1440.153416][T17579]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1440.153436][T17579] RIP: 0033:0x7efe9418d33c
[ 1440.153454][T17579] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1440.153471][T17579] RSP: 002b:00007efe94fc0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1440.153492][T17579] RAX: ffffffffffffffda RBX: 00007efe943b5fa0 RCX: 00007efe9418d33c
[ 1440.153507][T17579] RDX: 000000000000000f RSI: 00007efe94fc00a0 RDI: 0000000000000004
[ 1440.153519][T17579] RBP: 00007efe94fc0090 R08: 0000000000000000 R09: 0000000000000000
[ 1440.153532][T17579] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[ 1440.153544][T17579] R13: 0000000000000000 R14: 00007efe943b5fa0 R15: 00007fffbf745258
[ 1440.153575][T17579]  </TASK>
[ 1440.387138][T13904] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[ 1440.424761][   T10] powermate: unknown product id 0240
[ 1440.459743][   T10] input: Griffin SoundKnob as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input15
[ 1440.596372][T13904] usb 9-1: Using ep0 maxpacket: 8
[ 1440.634773][T13904] usb 9-1: config 1 has an invalid interface number: 133 but max is 0
[ 1440.669240][T13904] usb 9-1: config 1 has no interface number 0
[ 1440.701141][    C0] powermate: config urb returned -71
[ 1440.707507][    C0] powermate: config urb returned -71
[ 1440.713322][    C0] powermate: config urb returned -71
[ 1440.720682][    C0] powermate: config urb returned -71
[ 1440.741623][T13904] usb 9-1: config 1 interface 133 has no altsetting 0
[ 1440.769326][   T10] usb 2-1: USB disconnect, device number 25
[ 1440.775561][    C0] powermate 2-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[ 1440.780897][T17591] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2548'.
[ 1440.794442][T13904] usb 9-1: language id specifier not provided by device, defaulting to English
[ 1440.839277][T13904] usb 9-1: New USB device found, idVendor=1199, idProduct=6812, bcdDevice=7a.33
[ 1440.879064][T13904] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1440.936001][T13904] usb 9-1: Product: syz
[ 1440.985782][T13904] usb 9-1: SerialNumber: syz
[ 1441.063984][ T5906] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[ 1441.124493][T17597] block nbd2: NBD_DISCONNECT
[ 1441.324288][ T5906] usb 8-1: config index 0 descriptor too short (expected 4114, got 18)
[ 1441.517794][T17572] netlink: 60 bytes leftover after parsing attributes in process `syz.8.2545'.
[ 1441.543471][T17572] netlink: 60 bytes leftover after parsing attributes in process `syz.8.2545'.
[ 1441.582558][ T5906] usb 8-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice= 0.09
[ 1441.666962][ T5906] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1441.710031][ T5906] usb 8-1: Product: syz
[ 1441.729064][T13904] sierra 9-1:1.133: Sierra USB modem converter detected
[ 1441.745048][ T5906] usb 8-1: Manufacturer: syz
[ 1441.774085][ T5906] usb 8-1: SerialNumber: syz
[ 1441.851585][T13904] usb 9-1: Sierra USB modem converter now attached to ttyUSB0
[ 1441.852243][ T5906] usb 8-1: config 0 descriptor??
[ 1441.922840][T17616] binder: 17613:17616 ioctl c0306201 200000000080 returned -14
[ 1441.933556][T13904] usb 9-1: USB disconnect, device number 3
[ 1441.959072][T17616] binder: BINDER_SET_CONTEXT_MGR already set
[ 1441.968966][T13904] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[ 1441.999876][T17616] binder: 17613:17616 ioctl 4018620d 200000000040 returned -16
[ 1442.021049][T13904] sierra 9-1:1.133: device disconnected
[ 1442.167427][T17625] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2558'.
[ 1442.215428][ T5906] usb 8-1: USB disconnect, device number 2
[ 1442.553558][T17634] xt_ecn: cannot match TCP bits for non-tcp packets
[ 1442.565588][T17634] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2561'.
[ 1443.199390][T13904] IPVS: starting estimator thread 0...
[ 1443.367757][T17660] IPVS: using max 27 ests per chain, 64800 per kthread
[ 1445.089918][T17694] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2572'.
[ 1445.670195][T17694] vlan2: entered promiscuous mode
[ 1445.708211][T17694] gretap0: entered promiscuous mode
[ 1450.043818][T17748] fuse: Bad value for 'group_id'
[ 1450.043908][T14923] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1450.048885][T17748] fuse: Bad value for 'group_id'
[ 1450.093752][ T5906] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[ 1450.120954][T17756] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2585'.
[ 1450.177642][T14923] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1450.191603][T14923] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1450.206405][T14923] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1450.221339][T14923] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1450.293367][ T5906] usb 9-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1450.323851][ T5906] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1450.333001][ T5906] usb 9-1: Product: syz
[ 1450.337441][ T5906] usb 9-1: Manufacturer: syz
[ 1450.342168][ T5906] usb 9-1: SerialNumber: syz
[ 1450.351819][ T5906] usb 9-1: config 0 descriptor??
[ 1450.369206][ T5823] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1450.376409][ T9683] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[ 1450.574591][ T5823] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1450.582274][ T5823] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1450.592193][ T5823] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1450.600638][ T5823] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1451.006421][ T9683] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1451.030763][ T9683] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[ 1451.053269][ T9683] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1451.071588][ T9683] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[ 1451.091197][ T9683] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1451.121384][ T9683] usb 2-1: SerialNumber: syz
[ 1451.173559][T17754] lo speed is unknown, defaulting to 1000
[ 1451.368225][ T9683] usbtest 2-1:1.0: Linux user mode ISO test driver
[ 1451.400127][ T9683] usbtest 2-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[ 1451.456765][ T9683] usb 2-1: USB disconnect, device number 27
[ 1452.165364][ T5906] peak_usb 9-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[ 1452.183684][ T5906] peak_usb 9-1:0.0: unable to read PCAN-USB FD firmware info (err -71)
[ 1452.338233][ T5906] peak_usb 9-1:0.0: probe with driver peak_usb failed with error -71
[ 1452.385372][ T5906] usb 9-1: USB disconnect, device number 4
[ 1452.395923][T17754] chnl_net:caif_netlink_parms(): no params data found
[ 1452.664172][T14923] Bluetooth: hci4: command tx timeout
[ 1452.778691][ T5906] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[ 1452.835081][T17754] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1452.852065][T17754] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1452.994281][ T5906] usb 9-1: Using ep0 maxpacket: 32
[ 1453.028837][T17754] bridge_slave_0: entered allmulticast mode
[ 1453.398013][T17754] bridge_slave_0: entered promiscuous mode
[ 1453.420364][T17754] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1453.430908][T17754] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1453.451206][T17754] bridge_slave_1: entered allmulticast mode
[ 1453.466229][T17754] bridge_slave_1: entered promiscuous mode
[ 1453.534853][ T5906] usb 9-1: config 8 has an invalid interface number: 72 but max is 0
[ 1453.543097][ T5906] usb 9-1: config 8 has no interface number 0
[ 1453.569824][ T5906] usb 9-1: config 8 interface 72 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83
[ 1453.583721][ T5906] usb 9-1: config 8 interface 72 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024
[ 1453.600482][ T5906] usb 9-1: config 8 interface 72 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023
[ 1453.612095][ T5906] usb 9-1: config 8 interface 72 altsetting 1 endpoint 0xD has invalid maxpacket 1023, setting to 64
[ 1453.643636][ T5906] usb 9-1: config 8 interface 72 has no altsetting 0
[ 1453.649141][T17754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1453.667503][ T5906] usb 9-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=b7.98
[ 1453.685520][T17823] netlink: 'syz.7.2598': attribute type 4 has an invalid length.
[ 1453.693417][ T5906] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1453.707714][ T5906] usb 9-1: Product: syz
[ 1453.712237][ T5906] usb 9-1: Manufacturer: syz
[ 1453.720219][ T5906] usb 9-1: SerialNumber: syz
[ 1453.762646][T17808] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[ 1453.764438][T17754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1453.771116][T17808] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[ 1453.966148][T17754] team0: Port device team_slave_0 added
[ 1453.992689][T17754] team0: Port device team_slave_1 added
[ 1454.056786][ T5906] smsc75xx v1.0.0
[ 1454.064124][ T5906] smsc75xx 9-1:8.72 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71
[ 1454.080388][ T5906] smsc75xx 9-1:8.72: probe with driver smsc75xx failed with error -71
[ 1454.101486][ T5906] usb 9-1: USB disconnect, device number 5
[ 1454.111284][   T30] audit: type=1326 audit(1750578222.735:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.7.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7baa58e929 code=0x7ffc0000
[ 1454.136127][   T30] audit: type=1326 audit(1750578222.735:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.7.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7baa58e929 code=0x7ffc0000
[ 1454.172113][   T30] audit: type=1326 audit(1750578222.755:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.7.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f7baa58e929 code=0x7ffc0000
[ 1454.205263][   T30] audit: type=1326 audit(1750578222.755:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.7.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7baa58e929 code=0x7ffc0000
[ 1454.234371][   T30] audit: type=1326 audit(1750578222.755:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.7.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7baa58e929 code=0x7ffc0000
[ 1454.268152][   T30] audit: type=1326 audit(1750578222.765:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.7.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7f7baa58e929 code=0x7ffc0000
[ 1454.303426][   T30] audit: type=1326 audit(1750578222.765:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.7.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7baa58e929 code=0x7ffc0000
[ 1454.334944][   T30] audit: type=1326 audit(1750578222.765:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.7.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7baa58e929 code=0x7ffc0000
[ 1454.373239][   T30] audit: type=1326 audit(1750578222.765:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.7.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7baa58e929 code=0x7ffc0000
[ 1454.377719][T17754] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1454.402241][T17754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1454.744022][T14923] Bluetooth: hci4: command tx timeout
[ 1454.819348][T17754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1455.086199][T17754] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1455.093232][T17754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1455.181419][   T30] audit: type=1326 audit(1750578222.965:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.7.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7baa58e929 code=0x7ffc0000
[ 1455.204274][T17754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1455.448783][T17851] binder: 17841:17851 ioctl c0306201 200000000080 returned -14
[ 1456.173148][T17754] hsr_slave_0: entered promiscuous mode
[ 1456.224450][T17754] hsr_slave_1: entered promiscuous mode
[ 1456.239340][T17754] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1456.272254][T17754] Cannot create hsr debugfs directory
[ 1456.826968][T14923] Bluetooth: hci4: command tx timeout
[ 1457.108264][T17866] lo speed is unknown, defaulting to 1000
[ 1458.905903][T14923] Bluetooth: hci4: command tx timeout
[ 1459.031927][T17886] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2616'.
[ 1459.227605][T17754] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1459.250479][T17754] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1459.275297][T17754] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1459.309823][T17754] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1459.344890][T17898] loop8: detected capacity change from 0 to 16384
[ 1459.636262][T17895] loop8: detected capacity change from 16384 to 16383
[ 1459.781529][T17754] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1459.862568][T17754] 8021q: adding VLAN 0 to HW filter on device team0
[ 1459.899948][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1459.907177][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1459.960421][ T5985] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1459.967748][ T5985] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1460.560093][T17754] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1462.028175][T17952] kernel read not supported for file / 
œ7³ÏüâW)ës“§Ç!Q�öì¥fsõl{T‡rÒ)r§ÖOš˜õ2:"ôÀT+ÍŸv|�Õ²DvcŽ“ØÖ Å6Òxãc: (pid: 17952 comm: syz.7.2630)
[ 1462.064262][   T30] kauditd_printk_skb: 5 callbacks suppressed
[ 1462.064281][   T30] audit: type=1800 audit(1750578230.685:123): pid=17952 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.7.2630" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=48536 res=0 errno=0
[ 1463.209149][T17966] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2635'.
[ 1463.352155][T17754] veth0_vlan: entered promiscuous mode
[ 1463.422918][T17754] veth1_vlan: entered promiscuous mode
[ 1463.511737][T17974] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[ 1463.755632][T17754] veth0_macvtap: entered promiscuous mode
[ 1463.824397][T17754] veth1_macvtap: entered promiscuous mode
[ 1463.942814][T17754] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1463.974442][T17754] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1463.990532][T17754] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1464.008018][T17754] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1464.018761][T17754] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1464.029789][T17754] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1464.451861][ T5946] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1464.468529][ T5946] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1466.189717][T14128] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1466.234727][T14128] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1469.211534][T18038] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2649'.
[ 1469.359704][T18043] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1469.864554][T13904] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[ 1470.970761][T13904] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1471.074840][T13904] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1471.121809][T13904] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1471.169585][T13904] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1471.198203][T13904] usb 8-1: SerialNumber: syz
[ 1474.710927][T13904] usb 8-1: 0:2 : does not exist
[ 1474.735473][T13904] usb 8-1: unit 5 not found!
[ 1475.815804][T13904] usb 8-1: USB disconnect, device number 3
[ 1476.190397][T17261] udevd[17261]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1476.734000][ T9683] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[ 1476.903772][ T9683] usb 2-1: device descriptor read/64, error -71
[ 1477.154302][ T9683] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[ 1477.488018][ T9683] usb 2-1: device descriptor read/64, error -71
[ 1477.568056][T18141] netlink: 'syz.8.2678': attribute type 10 has an invalid length.
[ 1477.576228][T18141] netlink: 40 bytes leftover after parsing attributes in process `syz.8.2678'.
[ 1477.589468][ T5824] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[ 1477.609154][ T9683] usb usb2-port1: attempt power cycle
[ 1477.784734][ T5824] usb 10-1: Using ep0 maxpacket: 16
[ 1477.809287][ T5824] usb 10-1: config 0 has an invalid descriptor of length 173, skipping remainder of the config
[ 1477.854157][ T5824] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1477.914600][ T5824] usb 10-1: New USB device found, idVendor=17ef, idProduct=5c09, bcdDevice= 0.00
[ 1477.979456][ T5824] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1478.024451][ T9683] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[ 1478.136823][T18139] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1478.163192][T18139] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[ 1478.184082][ T5824] usb 10-1: config 0 descriptor??
[ 1478.194982][ T9683] usb 2-1: device descriptor read/8, error -71
[ 1478.424254][T18149] netlink: 36 bytes leftover after parsing attributes in process `syz.8.2681'.
[ 1478.624489][ T9683] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[ 1478.730116][ T9683] usb 2-1: device descriptor read/8, error -71
[ 1478.909824][ T9683] usb usb2-port1: unable to enumerate USB device
[ 1479.357563][T18147] binder: 18145:18147 ioctl c0306201 2000000001c0 returned -22
[ 1479.374197][ T5899] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[ 1479.553602][ T5899] usb 8-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64
[ 1479.578674][ T5899] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1479.600095][ T5899] usb 8-1: Product: syz
[ 1479.610661][ T5899] usb 8-1: Manufacturer: syz
[ 1479.627971][ T5899] usb 8-1: SerialNumber: syz
[ 1479.645184][ T5899] usb 8-1: config 0 descriptor??
[ 1479.656746][ T5899] hub 8-1:0.0: bad descriptor, ignoring hub
[ 1479.670130][ T5899] hub 8-1:0.0: probe with driver hub failed with error -5
[ 1479.689763][ T5899] f81232 8-1:0.0: f81534a converter detected
[ 1479.864795][ T5899] usb 8-1: f81534a converter now attached to ttyUSB0
[ 1479.971138][T18174] netlink: 'syz.5.2685': attribute type 10 has an invalid length.
[ 1479.979233][T18174] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2685'.
[ 1480.145815][ T5824] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[ 1480.496985][ T5824] usb 2-1: device descriptor read/64, error -71
[ 1480.743854][ T5824] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[ 1480.746690][T17482] usb 10-1: USB disconnect, device number 2
[ 1480.775340][T18181] netlink: 'syz.5.2688': attribute type 21 has an invalid length.
[ 1480.776455][T13904] usb 8-1: USB disconnect, device number 4
[ 1480.812902][T18181] netlink: 'syz.5.2688': attribute type 10 has an invalid length.
[ 1480.842804][T18181] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2688'.
[ 1480.858129][T13904] f81534a ttyUSB0: f81534a converter now disconnected from ttyUSB0
[ 1480.899011][ T5824] usb 2-1: device descriptor read/64, error -71
[ 1480.935568][T13904] f81232 8-1:0.0: device disconnected
[ 1481.169182][ T5824] usb usb2-port1: attempt power cycle
[ 1481.326012][T18196] netlink: 'syz.9.2691': attribute type 10 has an invalid length.
[ 1481.334159][T18196] netlink: 40 bytes leftover after parsing attributes in process `syz.9.2691'.
[ 1481.449771][T18196] team0: Port device geneve0 added
[ 1481.584341][ T5824] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[ 1481.893848][ T5824] usb 2-1: device descriptor read/8, error -71
[ 1482.343930][ T5824] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[ 1482.474368][ T5824] usb 2-1: device descriptor read/8, error -71
[ 1482.593886][ T5824] usb usb2-port1: unable to enumerate USB device
[ 1482.941736][T18219] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2699'.
[ 1483.330817][T18218] netlink: 'syz.5.2698': attribute type 10 has an invalid length.
[ 1483.338749][T18218] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2698'.
[ 1484.273003][T18235] binder: 18234:18235 ioctl c0306201 200000000080 returned -14
[ 1484.483685][ T5824] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[ 1484.512570][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.526718][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1485.363930][ T5824] usb 9-1: config 0 has an invalid interface number: 235 but max is 0
[ 1485.372266][ T5824] usb 9-1: config 0 has no interface number 0
[ 1485.412785][ T5824] usb 9-1: New USB device found, idVendor=0451, idProduct=5416, bcdDevice= 1.00
[ 1485.432403][ T5824] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1485.630032][ T5824] usb 9-1: config 0 descriptor??
[ 1485.651826][T18254] overlay: ./file0 is not a directory
[ 1485.754399][ T5824] usb-storage 9-1:0.235: USB Mass Storage device detected
[ 1485.962021][ T5824] usb-storage 9-1:0.235: Quirks match for vid 0451 pid 5416: 2
[ 1487.350007][ T5906] usb 9-1: USB disconnect, device number 6
[ 1487.453986][   T10] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[ 1487.882732][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1488.106832][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1488.338386][   T10] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[ 1488.355012][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1488.414268][   T10] usb 2-1: config 0 descriptor??
[ 1488.858692][   T10] kye 0003:0458:5011.0005: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[ 1488.910275][   T10] kye 0003:0458:5011.0005: hidraw0: USB HID vff.fe Device [HID 0458:5011] on usb-dummy_hcd.1-1/input0
[ 1488.937320][   T10] kye 0003:0458:5011.0005: tablet-enabling feature report not found
[ 1488.957492][   T10] kye 0003:0458:5011.0005: tablet enabling failed
[ 1489.307170][ T9683] usb 2-1: USB disconnect, device number 36
[ 1490.776561][   T30] audit: type=1400 audit(1750578259.385:124): lsm=SMACK fn=smack_inode_setattr action=denied subject="w" object="_" requested=w pid=18313 comm="syz.9.2725" name="current" dev="proc" ino=51210
[ 1491.712060][   T30] audit: type=1400 audit(1750578260.335:125): lsm=SMACK fn=smack_file_ioctl action=denied subject="w" object="_" requested=w pid=18313 comm="syz.9.2725" path="/dev/swradio9" dev="devtmpfs" ino=1073
[ 1492.948233][T18331] netlink: 76 bytes leftover after parsing attributes in process `syz.9.2728'.
[ 1493.187257][T18335] binder: 18334:18335 ioctl c0306201 200000000080 returned -14
[ 1493.504400][ T5899] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[ 1493.683305][ T5899] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1493.695696][ T5899] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1493.709900][ T5899] usb 10-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[ 1493.726505][ T5899] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1493.746134][ T5899] usb 10-1: config 0 descriptor??
[ 1494.033522][T18343] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1494.464262][T18337] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1494.634138][T18337] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1494.751942][ T5899] steelseries 0003:1038:12B6.0006: item fetching failed at offset 5/7
[ 1494.768836][ T5899] steelseries 0003:1038:12B6.0006: probe with driver steelseries failed with error -22
[ 1494.791506][ T5899] usb 10-1: USB disconnect, device number 3
[ 1494.926294][T18354] netlink: 'syz.5.2736': attribute type 21 has an invalid length.
[ 1495.184089][ T5899] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[ 1496.030036][ T5899] usb 10-1: Using ep0 maxpacket: 32
[ 1496.060332][ T5899] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1496.153592][ T5899] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1496.303844][ T5899] usb 10-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1496.324285][ T5899] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1496.342887][ T5899] usb 10-1: config 0 descriptor??
[ 1497.550494][T18373] block nbd1: NBD_DISCONNECT
[ 1497.873738][T18352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1497.935123][T18352] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1498.144087][ T5899] usbhid 10-1:0.0: can't add hid device: -71
[ 1498.153707][ T5899] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[ 1498.181805][ T5899] usb 10-1: USB disconnect, device number 4
[ 1498.840049][   T30] audit: type=1800 audit(1750578267.465:126): pid=18396 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.8.2749" name="bus" dev="ramfs" ino=51420 res=0 errno=0
[ 1499.015789][T18400] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1499.694308][T18402] netlink: 'syz.5.2751': attribute type 21 has an invalid length.
[ 1500.293892][ T5914] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[ 1500.450750][T18423] bridge0: port 4(gretap0) entered blocking state
[ 1500.458124][T18423] bridge0: port 4(gretap0) entered disabled state
[ 1500.466084][T18423] gretap0: entered allmulticast mode
[ 1500.485141][T18423] gretap0: entered promiscuous mode
[ 1500.494698][T18423] bridge0: port 4(gretap0) entered blocking state
[ 1500.501281][T18423] bridge0: port 4(gretap0) entered forwarding state
[ 1500.743861][ T5914] usb 9-1: Using ep0 maxpacket: 16
[ 1500.904346][ T5914] usb 9-1: too many configurations: 137, using maximum allowed: 8
[ 1500.936818][ T5914] usb 9-1: unable to read config index 0 descriptor/start: -61
[ 1501.076134][ T5914] usb 9-1: can't read configurations, error -61
[ 1501.395720][ T5914] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[ 1502.423776][ T5914] usb 9-1: Using ep0 maxpacket: 16
[ 1502.431956][ T5914] usb 9-1: too many configurations: 137, using maximum allowed: 8
[ 1502.443367][ T5914] usb 9-1: unable to read config index 0 descriptor/start: -61
[ 1502.451566][ T5914] usb 9-1: can't read configurations, error -61
[ 1502.655707][ T5914] usb usb9-port1: attempt power cycle
[ 1502.825620][T18445] rdma_rxe: rxe_newlink: failed to add bond_slave_1
[ 1502.994188][ T5899] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[ 1503.009107][T18452] netlink: 'syz.5.2766': attribute type 21 has an invalid length.
[ 1503.133734][ T5906] usb 10-1: new full-speed USB device number 5 using dummy_hcd
[ 1503.305699][T18454] overlayfs: failed to resolve './file1': -2
[ 1503.333172][ T5899] usb 2-1: too many configurations: 36, using maximum allowed: 8
[ 1503.344093][ T5899] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1503.357927][ T5899] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1503.377227][ T5899] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1503.389188][ T5899] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1503.401928][ T5899] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1503.420945][ T5899] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1503.436253][ T5906] usb 10-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[ 1503.455042][ T5906] usb 10-1: config 2 interface 0 has no altsetting 0
[ 1503.455136][ T5899] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1503.468291][ T5906] usb 10-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[ 1503.482066][ T5899] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1503.484782][T18457] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2769'.
[ 1503.495573][ T5899] usb 2-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c
[ 1503.508035][ T5906] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1503.510510][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1503.520795][ T5906] usb 10-1: Product: syz
[ 1503.531951][ T5899] usb 2-1: config 0 descriptor??
[ 1503.540839][ T5899] usb 2-1: bad CDC descriptors
[ 1503.561051][ T5906] usb 10-1: Manufacturer: syz
[ 1503.575040][ T5906] usb 10-1: SerialNumber: syz
[ 1503.606788][ T5906] usb 10-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[ 1503.616619][ T5906] usb 10-1: selecting invalid altsetting 0
[ 1503.628345][ T5906] usb 10-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[ 1503.739157][ T5914] usb 2-1: USB disconnect, device number 37
[ 1503.808676][ T5899] usb 10-1: USB disconnect, device number 5
[ 1505.300488][T18481] netlink: 'syz.9.2778': attribute type 21 has an invalid length.
[ 1505.732306][T18491] netlink: 'syz.9.2781': attribute type 2 has an invalid length.
[ 1506.119697][T18497] netlink: 'syz.8.2780': attribute type 10 has an invalid length.
[ 1506.127902][T18497] netlink: 40 bytes leftover after parsing attributes in process `syz.8.2780'.
[ 1507.912167][T18512] IPv4: Oversized IP packet from 127.202.26.0
[ 1510.403712][   T10] usb 9-1: new full-speed USB device number 10 using dummy_hcd
[ 1510.662172][   T10] usb 9-1: config 0 has no interfaces?
[ 1510.673660][   T10] usb 9-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.00
[ 1510.705022][   T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1510.771720][   T10] usb 9-1: config 0 descriptor??
[ 1512.117796][ T5899] usb 9-1: USB disconnect, device number 10
[ 1514.102757][T18575] bridge0: port 3(gretap0) entered blocking state
[ 1514.110646][T18575] bridge0: port 3(gretap0) entered disabled state
[ 1514.117629][T18575] gretap0: entered allmulticast mode
[ 1514.127284][T18575] bridge0: port 3(gretap0) entered blocking state
[ 1514.134104][T18575] bridge0: port 3(gretap0) entered forwarding state
[ 1515.583755][T18585] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2804'.
[ 1515.605798][T18585] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2804'.
[ 1515.884038][ T5914] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[ 1516.186493][ T5914] usb 8-1: device descriptor read/64, error -71
[ 1517.163710][ T5914] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[ 1517.334229][ T5914] usb 8-1: device descriptor read/64, error -71
[ 1517.464702][ T5914] usb usb8-port1: attempt power cycle
[ 1519.068275][ T5914] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[ 1519.114534][ T5914] usb 8-1: device descriptor read/8, error -71
[ 1519.383777][ T5914] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[ 1519.553908][   T10] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[ 1519.584425][ T5914] usb 8-1: device descriptor read/8, error -71
[ 1519.714359][ T5914] usb usb8-port1: unable to enumerate USB device
[ 1520.324568][   T10] usb 2-1: Using ep0 maxpacket: 16
[ 1520.341105][   T10] usb 2-1: config 7 has an invalid interface number: 46 but max is 0
[ 1520.386820][   T10] usb 2-1: config 7 has no interface number 0
[ 1520.443661][   T10] usb 2-1: config 7 interface 46 has no altsetting 0
[ 1520.473048][   T10] usb 2-1: New USB device found, idVendor=9fdb, idProduct=cfba, bcdDevice=f1.37
[ 1520.505552][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1520.530988][   T10] usb 2-1: Product: syz
[ 1520.553677][   T10] usb 2-1: Manufacturer: syz
[ 1520.576404][   T10] usb 2-1: SerialNumber: syz
[ 1520.887146][T18632] delete_channel: no stack
[ 1521.581632][   T10] usb 2-1: USB disconnect, device number 38
[ 1522.864735][T18678] FAULT_INJECTION: forcing a failure.
[ 1522.864735][T18678] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1522.995621][T18678] CPU: 0 UID: 0 PID: 18678 Comm: syz.8.2831 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[ 1522.995654][T18678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1522.995669][T18678] Call Trace:
[ 1522.995677][T18678]  <TASK>
[ 1522.995687][T18678]  dump_stack_lvl+0x189/0x250
[ 1522.995724][T18678]  ? __pfx____ratelimit+0x10/0x10
[ 1522.995755][T18678]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1522.995786][T18678]  ? __pfx__printk+0x10/0x10
[ 1522.995806][T18678]  ? __might_fault+0xb0/0x130
[ 1522.995845][T18678]  should_fail_ex+0x414/0x560
[ 1522.995875][T18678]  _copy_from_user+0x2d/0xb0
[ 1522.995896][T18678]  bm_register_write+0x184/0x1750
[ 1522.995928][T18678]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 1522.995963][T18678]  ? __pfx_bm_register_write+0x10/0x10
[ 1522.995995][T18678]  ? __pfx_bm_register_write+0x10/0x10
[ 1522.996023][T18678]  vfs_write+0x27e/0xa90
[ 1522.996058][T18678]  ? __pfx_vfs_write+0x10/0x10
[ 1522.996085][T18678]  ? __fget_files+0x2a/0x420
[ 1522.996118][T18678]  ? __fget_files+0x3a0/0x420
[ 1522.996144][T18678]  ? __fget_files+0x2a/0x420
[ 1522.996181][T18678]  ksys_write+0x145/0x250
[ 1522.996207][T18678]  ? __pfx_ksys_write+0x10/0x10
[ 1522.996228][T18678]  ? rcu_is_watching+0x15/0xb0
[ 1522.996266][T18678]  ? do_syscall_64+0xbe/0x3b0
[ 1522.996302][T18678]  do_syscall_64+0xfa/0x3b0
[ 1522.996331][T18678]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1522.996373][T18678]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1522.996393][T18678]  ? clear_bhb_loop+0x60/0xb0
[ 1522.996417][T18678]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1522.996436][T18678] RIP: 0033:0x7f1659b8e929
[ 1522.996454][T18678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1522.996473][T18678] RSP: 002b:00007f165a911038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1522.996494][T18678] RAX: ffffffffffffffda RBX: 00007f1659db5fa0 RCX: 00007f1659b8e929
[ 1522.996509][T18678] RDX: 0000000000000105 RSI: 0000200000000180 RDI: 0000000000000003
[ 1522.996522][T18678] RBP: 00007f165a911090 R08: 0000000000000000 R09: 0000000000000000
[ 1522.996534][T18678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1522.996546][T18678] R13: 0000000000000000 R14: 00007f1659db5fa0 R15: 00007ffc605d1728
[ 1522.996578][T18678]  </TASK>
[ 1524.631876][T18693] syz.7.2835: attempt to access beyond end of device
[ 1524.631876][T18693] loop7: rw=0, sector=1, nr_sectors = 1 limit=0
[ 1524.699346][T18693] qnx4: unable to read the superblock
[ 1526.109833][T18715] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2842'.
[ 1526.132836][T18715] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2842'.
[ 1526.753315][T18733] netlink: 'syz.9.2847': attribute type 10 has an invalid length.
[ 1526.761374][T18733] netlink: 40 bytes leftover after parsing attributes in process `syz.9.2847'.
[ 1527.543969][T18735] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1530.444122][ T5906] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[ 1530.644265][ T5906] usb 8-1: Using ep0 maxpacket: 16
[ 1530.666910][ T5906] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1530.713797][ T5906] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1530.836277][ T5906] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1530.894858][ T5906] usb 8-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1530.906370][ T5906] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1531.166194][ T5906] usb 8-1: config 0 descriptor??
[ 1532.132031][T18789] lo speed is unknown, defaulting to 1000
[ 1532.734062][ T5906] shield 0003:0955:7214.0007: unknown main item tag 0x0
[ 1532.787156][ T5906] shield 0003:0955:7214.0007: unknown main item tag 0x0
[ 1532.924518][ T5906] shield 0003:0955:7214.0007: unknown main item tag 0x0
[ 1532.957050][ T5906] shield 0003:0955:7214.0007: unknown main item tag 0x0
[ 1532.971002][T18798] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2867'.
[ 1532.975297][ T5906] shield 0003:0955:7214.0007: unknown main item tag 0x0
[ 1533.018034][ T5906] input: HID 0955:7214 Haptics as /devices/virtual/input/input16
[ 1533.337279][   T30] audit: type=1400 audit(1750578301.965:127): lsm=SMACK fn=smack_inode_setattr action=denied subject="w" object="_" requested=w pid=18804 comm="syz.7.2870" name="current" dev="proc" ino=52276
[ 1534.271364][ T5906] shield 0003:0955:7214.0007: Registered Thunderstrike controller
[ 1534.293876][ T5906] shield 0003:0955:7214.0007: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.7-1/input0
[ 1534.398217][ T5914] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[ 1534.429350][ T5906] usb 8-1: USB disconnect, device number 9
[ 1534.480568][ T5914] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[ 1534.544878][ T5914] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[ 1534.577339][ T5914] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[ 1534.942094][T18832] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2879'.
[ 1535.399015][T18834] Set syz0 is full, maxelem 0 reached
[ 1536.037731][T18845] netlink: 'syz.8.2881': attribute type 10 has an invalid length.
[ 1536.088468][T18847] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2881'.
[ 1536.133343][T18845] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1536.270168][T18845] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1536.403803][   T30] audit: type=1400 audit(1750578305.015:128): lsm=SMACK fn=smack_inode_setattr action=denied subject="w" object="_" requested=w pid=18848 comm="syz.1.2884" name="current" dev="proc" ino=53301
[ 1537.413381][T18864] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2890'.
[ 1539.382368][T18888] netlink: 'syz.9.2893': attribute type 10 has an invalid length.
[ 1539.390476][T18888] netlink: 40 bytes leftover after parsing attributes in process `syz.9.2893'.
[ 1539.773069][T17482] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[ 1540.169444][T17482] usb 2-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[ 1540.224987][T17482] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1540.237725][T17482] usb 2-1: Product: syz
[ 1540.243455][T17482] usb 2-1: Manufacturer: syz
[ 1540.263734][T13904] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[ 1540.274249][T17482] usb 2-1: SerialNumber: syz
[ 1540.305432][T17482] usb 2-1: config 0 descriptor??
[ 1540.355321][T14923] Bluetooth: hci5: urb ffff888077f31f00 submission failed (2)
[ 1540.447488][T13904] usb 8-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1540.474429][T13904] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1540.493241][T13904] usb 8-1: Product: syz
[ 1540.503091][T13904] usb 8-1: Manufacturer: syz
[ 1540.524619][T13904] usb 8-1: SerialNumber: syz
[ 1540.547792][T18889] input: syz1 as /devices/virtual/input/input17
[ 1540.558023][T13904] usb 8-1: config 0 descriptor??
[ 1540.753654][T18914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1541.118992][T18914] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1541.186378][T13904] ch341 8-1:0.0: ch341-uart converter detected
[ 1541.525044][ T5899] usb 2-1: USB disconnect, device number 39
[ 1541.551012][T18925] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2903'.
[ 1542.755760][T13904] usb 8-1: failed to receive control message: -110
[ 1542.762385][T13904] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[ 1543.204426][ T5906] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[ 1543.230203][T13904] usb 8-1: USB disconnect, device number 10
[ 1543.294341][T13904] ch341 8-1:0.0: device disconnected
[ 1543.567782][ T5906] usb 9-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1543.603746][ T5906] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1543.611812][ T5906] usb 9-1: Product: syz
[ 1543.634099][ T5906] usb 9-1: Manufacturer: syz
[ 1543.651886][ T5906] usb 9-1: SerialNumber: syz
[ 1544.422456][ T5906] usb 9-1: config 0 descriptor??
[ 1544.483914][ T5906] ch341 9-1:0.0: ch341-uart converter detected
[ 1544.493851][T18962] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2910'.
[ 1544.555825][T18962] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2910'.
[ 1545.795148][ T5906] usb 9-1: failed to receive control message: -110
[ 1546.035861][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1546.043175][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1546.058850][ T5906] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[ 1546.396534][ T5906] usb 9-1: USB disconnect, device number 11
[ 1546.419337][ T5906] ch341 9-1:0.0: device disconnected
[ 1546.611661][T18985] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2916'.
[ 1548.363792][T19003] netdevsim netdevsim9 netdevsim0: entered allmulticast mode
[ 1548.400844][T19003] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1549.136137][T19021] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2927'.
[ 1549.147602][T19021] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2927'.
[ 1549.525763][T19028] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2929'.
[ 1550.927445][T19046] netlink: 'syz.9.2931': attribute type 10 has an invalid length.
[ 1550.935443][T19046] netlink: 40 bytes leftover after parsing attributes in process `syz.9.2931'.
[ 1552.324306][   T30] audit: type=1400 audit(1750578320.955:129): lsm=SMACK fn=smack_inode_setattr action=denied subject="w" object="_" requested=w pid=19061 comm="syz.9.2938" name="current" dev="proc" ino=53610
[ 1555.532505][T19097] netlink: 'syz.8.2944': attribute type 29 has an invalid length.
[ 1555.552231][T19097] netlink: 'syz.8.2944': attribute type 29 has an invalid length.
[ 1555.581313][T19097] netlink: 508 bytes leftover after parsing attributes in process `syz.8.2944'.
[ 1556.105103][T19114] netlink: 'syz.9.2948': attribute type 10 has an invalid length.
[ 1556.130433][T19114] netlink: 40 bytes leftover after parsing attributes in process `syz.9.2948'.
[ 1556.403936][T13904] usb 10-1: new full-speed USB device number 6 using dummy_hcd
[ 1556.643248][T19131] overlayfs: failed to clone lowerpath
[ 1557.579676][T13904] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1557.590328][T13904] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1557.606874][T13904] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1557.616946][T13904] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1557.625634][T13904] usb 10-1: Product: syz
[ 1557.629969][T13904] usb 10-1: Manufacturer: syz
[ 1557.634772][T13904] usb 10-1: SerialNumber: syz
[ 1558.277128][T13904] usb 10-1: 0:2 : does not exist
[ 1558.394973][T13904] usb 10-1: 5:0: failed to get current value for ch 0 (-22)
[ 1558.443934][T13904] usb 10-1: USB disconnect, device number 6
[ 1558.556636][T17261] udevd[17261]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1560.682616][T19165] syzkaller1: entered promiscuous mode
[ 1560.701742][T19165] syzkaller1: entered allmulticast mode
[ 1560.722447][T19165] debugfs: Invalid gid '0x00000000ffffffff'
[ 1560.998198][ T5906] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[ 1561.194230][ T5906] usb 9-1: Using ep0 maxpacket: 16
[ 1561.261473][ T5906] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[ 1561.327063][ T5906] usb 9-1: config 0 has no interface number 0
[ 1561.390622][ T5906] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1561.583800][T13904] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[ 1561.641211][ T5906] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1561.652034][ T5906] usb 9-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[ 1561.668017][ T5906] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1561.684748][ T5906] usb 9-1: config 0 descriptor??
[ 1561.774739][T13904] usb 8-1: Using ep0 maxpacket: 16
[ 1561.788933][T13904] usb 8-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1561.804087][T13904] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1561.818075][T13904] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1561.831234][T13904] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1561.841617][T13904] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1561.851422][T13904] usb 8-1: Product: syz
[ 1561.860094][T13904] usb 8-1: Manufacturer: syz
[ 1561.865958][T13904] usb 8-1: SerialNumber: syz
[ 1562.119174][T19193] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2969'.
[ 1562.142318][T19193] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2969'.
[ 1562.163453][T19163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1562.182937][T19163] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1562.304898][T13904] usb 8-1: 0:2 : does not exist
[ 1562.591131][ T5906] uclogic 0003:28BD:0071.0008: pen parameters not found
[ 1562.611743][T19171] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1562.685555][ T5906] uclogic 0003:28BD:0071.0008: interface is invalid, ignoring
[ 1562.722565][T19171] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1562.945308][ T5906] usb 9-1: USB disconnect, device number 12
[ 1563.197771][T13904] usb 8-1: 1:0: cannot get min/max values for control 4 (id 1)
[ 1563.242000][T19205] netlink: 'syz.5.2970': attribute type 2 has an invalid length.
[ 1563.360423][T13904] usb 8-1: USB disconnect, device number 11
[ 1563.547488][T19221] netlink: 'syz.8.2977': attribute type 2 has an invalid length.
[ 1564.649781][T19232] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2981'.
[ 1565.010449][T19246] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2988'.
[ 1565.019212][T19248] netlink: 'syz.1.2989': attribute type 21 has an invalid length.
[ 1565.035342][T19248] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2989'.
[ 1565.044808][T13904] usb 10-1: new full-speed USB device number 7 using dummy_hcd
[ 1565.788360][T13904] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1565.808505][T13904] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1565.832852][T13904] usb 10-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1565.853065][T13904] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1566.154344][T13904] usb 10-1: config 0 descriptor??
[ 1566.171082][T13904] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1566.187762][T13904] dvb-usb: bulk message failed: -22 (3/0)
[ 1566.212602][T13904] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1566.230968][T13904] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1566.240397][T13904] usb 10-1: media controller created
[ 1566.249430][T13904] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1566.301464][T13904] dvb-usb: bulk message failed: -22 (6/0)
[ 1566.311069][T19268] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2995'.
[ 1566.332568][T13904] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1566.359036][T13904] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.9/usb10/10-1/input/input18
[ 1566.392975][T19238] dvb-usb: bulk message failed: -22 (2/0)
[ 1566.443261][T13904] dvb-usb: schedule remote query interval to 150 msecs.
[ 1566.468919][T13904] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1566.510702][T13904] usb 10-1: USB disconnect, device number 7
[ 1566.626067][T19246] team0 (unregistering): Port device team_slave_0 removed
[ 1566.638168][T13904] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1566.663399][T19246] team0 (unregistering): Failed to send options change via netlink (err -105)
[ 1566.686662][T19246] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105)
[ 1566.701342][T19246] team0 (unregistering): Port device team_slave_1 removed
[ 1566.710557][T19246] team0 (unregistering): Failed to send options change via netlink (err -105)
[ 1566.720965][T19246] team0 (unregistering): Failed to send port change of device geneve0 via netlink (err -105)
[ 1566.732420][T19246] team0 (unregistering): Port device geneve0 removed
[ 1566.763806][ T5906] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[ 1566.802992][T19272] lo speed is unknown, defaulting to 1000
[ 1567.083693][ T5906] usb 8-1: Using ep0 maxpacket: 32
[ 1567.091204][ T5906] usb 8-1: config 0 has an invalid interface number: 88 but max is 0
[ 1567.099845][ T5906] usb 8-1: config 0 has no interface number 0
[ 1567.106730][ T5906] usb 8-1: config 0 interface 88 altsetting 0 has an endpoint descriptor with address 0x1A, changing to 0xA
[ 1567.121918][ T5906] usb 8-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=7d.12
[ 1567.131498][ T5906] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1567.141097][ T5906] usb 8-1: Product: syz
[ 1567.151483][ T5906] usb 8-1: Manufacturer: syz
[ 1567.158532][ T5906] usb 8-1: SerialNumber: syz
[ 1567.477817][ T5906] usb 8-1: config 0 descriptor??
[ 1568.104092][   T30] audit: type=1326 audit(1750578336.715:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19286 comm="syz.5.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1568.245970][   T30] audit: type=1326 audit(1750578336.715:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19286 comm="syz.5.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1568.313679][   T30] audit: type=1326 audit(1750578336.725:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19286 comm="syz.5.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1568.362493][T19276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1568.385049][T19300] debugfs: Invalid gid '0x00000000ffffffff'
[ 1568.412685][T19276] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1568.426117][   T30] audit: type=1326 audit(1750578336.725:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19286 comm="syz.5.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1568.494969][   T30] audit: type=1326 audit(1750578336.725:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19286 comm="syz.5.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1568.800000][ T9683] usb 8-1: USB disconnect, device number 12
[ 1569.026182][   T30] audit: type=1326 audit(1750578336.755:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19286 comm="syz.5.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1569.156619][   T30] audit: type=1326 audit(1750578336.755:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19286 comm="syz.5.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1569.272884][ T9683] f81534a_ctrl 8-1:0.88: failed to set register 0x116: -19
[ 1569.293971][ T9683] f81534a_ctrl 8-1:0.88: failed to enable ports: -19
[ 1569.298859][   T30] audit: type=1326 audit(1750578336.755:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19286 comm="syz.5.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1569.419849][   T30] audit: type=1326 audit(1750578336.775:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19286 comm="syz.5.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1569.472200][   T30] audit: type=1326 audit(1750578336.775:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19286 comm="syz.5.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1570.754433][ T9683] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[ 1570.904912][ T9683] usb 8-1: Using ep0 maxpacket: 16
[ 1570.926343][ T9683] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1570.948370][ T9683] usb 8-1: New USB device found, idVendor=1b1c, idProduct=1c07, bcdDevice= 0.00
[ 1570.959210][ T9683] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1570.960817][T19345] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1570.985919][ T9683] usb 8-1: config 0 descriptor??
[ 1571.113917][ T5914] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[ 1571.155375][T19349] lo speed is unknown, defaulting to 1000
[ 1571.315692][ T5914] usb 9-1: Using ep0 maxpacket: 32
[ 1571.356456][ T5914] usb 9-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[ 1571.366770][ T5906] usb 2-1: new full-speed USB device number 40 using dummy_hcd
[ 1571.644398][ T5914] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1571.692582][ T9683] corsair-psu 0003:1B1C:1C07.0009: collection stack underflow
[ 1571.717679][ T5914] usb 9-1: config 0 descriptor??
[ 1571.744089][ T9683] corsair-psu 0003:1B1C:1C07.0009: item 0 4 0 12 parsing failed
[ 1571.765304][ T9683] corsair-psu 0003:1B1C:1C07.0009: probe with driver corsair-psu failed with error -22
[ 1571.778107][ T5914] gspca_main: sunplus-2.14.0 probing 041e:400b
[ 1571.794930][ T5906] usb 2-1: device descriptor read/64, error -71
[ 1572.002816][T19331] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1572.034158][T19331] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1572.037782][ T5906] usb 2-1: new full-speed USB device number 41 using dummy_hcd
[ 1572.183695][ T5906] usb 2-1: device descriptor read/64, error -71
[ 1572.279042][T19360] netlink: 'syz.9.3021': attribute type 10 has an invalid length.
[ 1572.287523][T19359] netlink: 28 bytes leftover after parsing attributes in process `syz.9.3021'.
[ 1572.294350][ T5906] usb usb2-port1: attempt power cycle
[ 1572.297295][T19360] bridge0: port 3(team0) entered blocking state
[ 1572.308386][T19359] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3021'.
[ 1572.318062][T19360] bridge0: port 3(team0) entered disabled state
[ 1572.325490][T19360] team0: entered allmulticast mode
[ 1572.330671][T19360] team_slave_0: entered allmulticast mode
[ 1572.338004][T19360] team_slave_1: entered allmulticast mode
[ 1572.344119][T19360] geneve0: entered allmulticast mode
[ 1572.352355][T19360] team0: entered promiscuous mode
[ 1572.358828][T19360] team_slave_0: entered promiscuous mode
[ 1572.366808][T19360] team_slave_1: entered promiscuous mode
[ 1572.372816][T19360] geneve0: entered promiscuous mode
[ 1572.379252][T19360] bridge0: port 3(team0) entered blocking state
[ 1572.386525][T19360] bridge0: port 3(team0) entered forwarding state
[ 1572.575106][ T5914] gspca_sunplus: reg_w_riv err -71
[ 1572.590716][ T5914] sunplus 9-1:0.0: probe with driver sunplus failed with error -71
[ 1572.604866][ T5914] usb 9-1: USB disconnect, device number 13
[ 1572.643701][ T5906] usb 2-1: new full-speed USB device number 42 using dummy_hcd
[ 1572.683807][T13904] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[ 1572.689495][ T5906] usb 2-1: device descriptor read/8, error -71
[ 1572.845707][T13904] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1572.859955][T13904] usb 10-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00
[ 1572.870347][T13904] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1572.885126][T13904] usb 10-1: config 0 descriptor??
[ 1572.953772][ T5906] usb 2-1: new full-speed USB device number 43 using dummy_hcd
[ 1572.974498][ T5906] usb 2-1: device descriptor read/8, error -71
[ 1573.086323][ T5906] usb usb2-port1: unable to enumerate USB device
[ 1573.179622][T17482] usb 8-1: USB disconnect, device number 13
[ 1573.240284][T19370] syz_tun: entered promiscuous mode
[ 1573.262722][T19370] syz_tun: left promiscuous mode
[ 1573.899690][T13904] playstation 0003:054C:0BA0.000A: hidraw0: USB HID v0.00 Device [HID 054c:0ba0] on usb-dummy_hcd.9-1/input0
[ 1574.003842][T13904] playstation 0003:054C:0BA0.000A: Invalid reportID received, expected 18 got 203
[ 1574.054236][T13904] playstation 0003:054C:0BA0.000A: Failed to retrieve DualShock4 pairing info: -22
[ 1574.113738][T13904] playstation 0003:054C:0BA0.000A: Failed to get MAC address from DualShock4
[ 1574.271782][T13904] playstation 0003:054C:0BA0.000A: Failed to create dualshock4.
[ 1574.290555][T13904] playstation 0003:054C:0BA0.000A: probe with driver playstation failed with error -22
[ 1574.336123][T13904] usb 10-1: USB disconnect, device number 8
[ 1574.391693][T19381] fido_id[19381]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.9/usb10/report_descriptor': No such file or directory
[ 1574.815937][ T5899] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[ 1575.062256][T19401] block nbd7: NBD_DISCONNECT
[ 1575.143770][ T5899] usb 2-1: Using ep0 maxpacket: 16
[ 1575.255043][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1575.285824][ T5899] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1575.301860][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1575.311505][ T5899] usb 2-1: Product: syz
[ 1575.323922][ T5899] usb 2-1: Manufacturer: syz
[ 1575.332392][ T5899] usb 2-1: SerialNumber: syz
[ 1575.413191][T19408] netlink: 'syz.9.3038': attribute type 21 has an invalid length.
[ 1575.420057][ T5899] usb 2-1: config 0 descriptor??
[ 1575.446870][T19408] netlink: 'syz.9.3038': attribute type 10 has an invalid length.
[ 1575.460732][T19408] netlink: 40 bytes leftover after parsing attributes in process `syz.9.3038'.
[ 1575.463371][ T5899] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1575.544458][ T5899] em28xx 2-1:0.0: DVB interface 0 found: bulk
[ 1576.144811][ T5899] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[ 1576.153901][ T5914] usb 10-1: new full-speed USB device number 9 using dummy_hcd
[ 1576.363998][ T5914] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1576.390729][ T5914] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1576.404905][ T5914] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1576.423905][ T5914] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1576.444917][ T5914] usb 10-1: Product: syz
[ 1576.453856][ T5914] usb 10-1: Manufacturer: syz
[ 1576.464294][ T5914] usb 10-1: SerialNumber: syz
[ 1576.585164][T19394] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1576.634429][T19427] netlink: 28 bytes leftover after parsing attributes in process `syz.8.3045'.
[ 1576.645374][T19394] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1576.662284][T19427] netlink: 108 bytes leftover after parsing attributes in process `syz.8.3045'.
[ 1576.711015][ T5914] usb 10-1: 0:2 : does not exist
[ 1576.724705][T19427] netlink: 28 bytes leftover after parsing attributes in process `syz.8.3045'.
[ 1576.751276][T19427] netlink: 108 bytes leftover after parsing attributes in process `syz.8.3045'.
[ 1576.763990][ T5914] usb 10-1: 5:0: failed to get current value for ch 0 (-22)
[ 1576.781186][T19427] netlink: 84 bytes leftover after parsing attributes in process `syz.8.3045'.
[ 1576.825949][T19421] pimreg: entered allmulticast mode
[ 1576.839286][ T5914] usb 10-1: USB disconnect, device number 9
[ 1576.933677][T13982] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[ 1576.943941][   T10] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[ 1576.948033][T19421] pimreg: left allmulticast mode
[ 1576.967877][T17261] udevd[17261]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1577.076455][ T5899] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 1577.093650][T13982] usb 9-1: device descriptor read/64, error -71
[ 1577.104237][   T10] usb 8-1: device descriptor read/64, error -71
[ 1577.122318][ T5899] em28xx 2-1:0.0: board has no eeprom
[ 1577.224357][ T5899] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[ 1577.249018][ T5899] em28xx 2-1:0.0: dvb set to bulk mode.
[ 1577.262829][T17482] em28xx 2-1:0.0: Binding DVB extension
[ 1577.288240][ T5899] usb 2-1: USB disconnect, device number 44
[ 1577.308979][ T5899] em28xx 2-1:0.0: Disconnecting em28xx
[ 1577.345034][T13982] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[ 1577.364520][   T10] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[ 1577.524491][   T10] usb 8-1: device descriptor read/64, error -71
[ 1577.637673][T17482] em28xx 2-1:0.0: Registering input extension
[ 1577.652774][   T10] usb usb8-port1: attempt power cycle
[ 1577.664337][ T5899] em28xx 2-1:0.0: Closing input extension
[ 1577.666212][T13982] usb 9-1: device descriptor read/64, error -71
[ 1577.727553][ T5899] em28xx 2-1:0.0: Freeing device
[ 1577.785127][T13982] usb usb9-port1: attempt power cycle
[ 1578.013752][   T10] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[ 1578.074910][   T10] usb 8-1: device descriptor read/8, error -71
[ 1578.163942][T13982] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[ 1578.214201][T13982] usb 9-1: device descriptor read/8, error -71
[ 1578.463994][T13982] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[ 1578.470730][   T10] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[ 1578.558011][T13982] usb 9-1: device descriptor read/8, error -71
[ 1578.694476][T13982] usb usb9-port1: unable to enumerate USB device
[ 1578.763695][   T10] usb 8-1: device descriptor read/8, error -71
[ 1578.884948][   T10] usb usb8-port1: unable to enumerate USB device
[ 1579.271814][T19465] netlink: 'syz.9.3057': attribute type 21 has an invalid length.
[ 1579.280632][T19465] netlink: 'syz.9.3057': attribute type 10 has an invalid length.
[ 1579.289273][T19465] netlink: 40 bytes leftover after parsing attributes in process `syz.9.3057'.
[ 1579.539798][   T10] usb 10-1: new full-speed USB device number 10 using dummy_hcd
[ 1579.891230][   T10] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1580.011732][   T10] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1580.034431][ T5899] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[ 1580.197941][   T10] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1580.329156][   T10] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1580.360984][ T5899] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1580.463434][   T10] usb 10-1: Product: syz
[ 1580.525688][ T5899] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 255, changing to 11
[ 1580.569379][   T10] usb 10-1: Manufacturer: syz
[ 1580.682543][   T10] usb 10-1: SerialNumber: syz
[ 1580.760382][ T5899] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 59391, setting to 1024
[ 1580.967300][ T5899] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1581.167712][ T5899] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1581.292304][   T10] usb 10-1: 0:2 : does not exist
[ 1581.519102][T19469] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[ 1581.550317][   T10] usb 10-1: 5:0: failed to get current value for ch 0 (-22)
[ 1582.514063][T19473] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3059'.
[ 1582.744799][ T5899] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[ 1582.753827][   T10] usb 10-1: USB disconnect, device number 10
[ 1582.988153][T19474] netlink: 'syz.8.3060': attribute type 6 has an invalid length.
[ 1583.009942][T19477] block nbd1: NBD_DISCONNECT
[ 1583.441854][ T5899] usb 8-1: USB disconnect, device number 18
[ 1583.496012][T17261] udevd[17261]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1584.304082][T19505] lo speed is unknown, defaulting to 1000
[ 1585.396815][T19499] netlink: 'syz.5.3069': attribute type 3 has an invalid length.
[ 1586.854277][T19522] lo speed is unknown, defaulting to 1000
[ 1586.924434][T19525] netlink: 'syz.7.3074': attribute type 6 has an invalid length.
[ 1587.406938][T19536] binder: 19535:19536 ioctl c018620c 2000000000c0 returned -1
[ 1588.851371][T19534] block nbd9: NBD_DISCONNECT
[ 1588.921681][T19545] lo speed is unknown, defaulting to 1000
[ 1590.938060][T19540] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1591.532362][T19573] tipc: Failed to remove unknown binding: 66,1,1/0:927932966/927932968
[ 1591.593382][T19573] tipc: Failed to remove unknown binding: 66,1,1/0:927932966/927932968
[ 1592.111507][T19586] uprobe: syz.8.3087:19586 failed to unregister, leaking uprobe
[ 1592.137319][T19586] uprobe: syz.8.3087:19586 failed to unregister, leaking uprobe
[ 1593.692210][T19604] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1594.100359][T19607] block nbd8: NBD_DISCONNECT
[ 1594.654544][T19611] netlink: 14 bytes leftover after parsing attributes in process `syz.8.3093'.
[ 1596.214368][T19611] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1596.256756][T19611] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1596.468533][T19611] bond0 (unregistering): (slave batadv0): Releasing backup interface
[ 1596.494447][T19622] 9pnet_fd: Insufficient options for proto=fd
[ 1597.215571][T19611] bond0 (unregistering): Released all slaves
[ 1597.431407][ T5906] IPVS: starting estimator thread 0...
[ 1597.544414][T19629] IPVS: using max 27 ests per chain, 64800 per kthread
[ 1598.610389][T19645] netlink: 28 bytes leftover after parsing attributes in process `syz.8.3100'.
[ 1598.682858][T19645] netlink: 'syz.8.3100': attribute type 4 has an invalid length.
[ 1599.340941][T19653] block nbd8: NBD_DISCONNECT
[ 1602.993746][   T30] kauditd_printk_skb: 11 callbacks suppressed
[ 1602.993775][   T30] audit: type=1400 audit(1750578371.605:151): lsm=SMACK fn=smack_inode_setattr action=denied subject="w" object="_" requested=w pid=19686 comm="syz.8.3116" name="current" dev="proc" ino=54636
[ 1603.607633][T19699] block nbd9: NBD_DISCONNECT
[ 1604.257034][T19706] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3119'.
[ 1604.398482][T19711] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3121'.
[ 1604.419960][T19711] bridge0: port 3(team0) entered disabled state
[ 1605.479595][T19711] team0 (unregistering): left allmulticast mode
[ 1605.492028][T19711] team_slave_0: left allmulticast mode
[ 1605.499463][T19711] team_slave_1: left allmulticast mode
[ 1605.505578][T19711] geneve0: left allmulticast mode
[ 1605.510753][T19711] team0 (unregistering): left promiscuous mode
[ 1605.517200][T19711] team_slave_0: left promiscuous mode
[ 1605.522908][T19711] team_slave_1: left promiscuous mode
[ 1605.529372][T19711] geneve0: left promiscuous mode
[ 1605.536250][T19711] bridge0: port 3(team0) entered disabled state
[ 1605.560153][T19711] team0 (unregistering): Port device team_slave_0 removed
[ 1605.584403][T19711] team0 (unregistering): Port device team_slave_1 removed
[ 1605.599762][T19711] team0 (unregistering): Port device geneve0 removed
[ 1605.631798][T19722] bridge0: port 4(gretap0) entered blocking state
[ 1605.638741][T19722] bridge0: port 4(gretap0) entered disabled state
[ 1605.645540][T19722] gretap0: entered allmulticast mode
[ 1605.652043][T19722] gretap0: entered promiscuous mode
[ 1605.659062][T19722] bridge0: port 4(gretap0) entered blocking state
[ 1605.665643][T19722] bridge0: port 4(gretap0) entered forwarding state
[ 1605.807309][T19715] lo speed is unknown, defaulting to 1000
[ 1607.391053][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.397629][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1607.445632][T19748] block nbd7: NBD_DISCONNECT
[ 1609.018547][T19771] lo speed is unknown, defaulting to 1000
[ 1611.254804][T13904] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[ 1611.381406][T19778] lo speed is unknown, defaulting to 1000
[ 1612.809512][T19808] block nbd9: NBD_DISCONNECT
[ 1613.294426][   T30] audit: type=1326 audit(1750578381.915:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19805 comm="syz.8.3142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1659b8e929 code=0x7ffc0000
[ 1613.376213][   T30] audit: type=1326 audit(1750578381.915:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19805 comm="syz.8.3142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1659b8e929 code=0x7ffc0000
[ 1613.440772][   T30] audit: type=1326 audit(1750578381.915:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19805 comm="syz.8.3142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=280 compat=0 ip=0x7f1659b8e929 code=0x7ffc0000
[ 1613.827690][T19819] netlink: 'syz.9.3146': attribute type 10 has an invalid length.
[ 1613.835797][T19819] netlink: 40 bytes leftover after parsing attributes in process `syz.9.3146'.
[ 1614.424526][   T30] audit: type=1326 audit(1750578381.915:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19805 comm="syz.8.3142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1659b8e929 code=0x7ffc0000
[ 1614.547158][T19821] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3147'.
[ 1614.556302][   T30] audit: type=1326 audit(1750578381.915:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19805 comm="syz.8.3142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1659b8e929 code=0x7ffc0000
[ 1614.564794][T19824] netlink: 'syz.9.3148': attribute type 3 has an invalid length.
[ 1614.589828][T19824] netlink: 3 bytes leftover after parsing attributes in process `syz.9.3148'.
[ 1614.623815][   T30] audit: type=1326 audit(1750578381.915:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19805 comm="syz.8.3142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f1659b8e929 code=0x7ffc0000
[ 1614.673964][   T30] audit: type=1326 audit(1750578381.915:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19805 comm="syz.8.3142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1659b8e929 code=0x7ffc0000
[ 1614.760408][   T30] audit: type=1326 audit(1750578381.915:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19805 comm="syz.8.3142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1659b8e929 code=0x7ffc0000
[ 1614.812530][   T30] audit: type=1326 audit(1750578381.925:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19805 comm="syz.8.3142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f1659b8e929 code=0x7ffc0000
[ 1614.869867][   T30] audit: type=1326 audit(1750578381.925:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19805 comm="syz.8.3142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1659b8e929 code=0x7ffc0000
[ 1616.967417][T19846] lo speed is unknown, defaulting to 1000
[ 1618.063679][T19855] block nbd7: NBD_DISCONNECT
[ 1618.303071][T19863] netlink: 'syz.5.3159': attribute type 27 has an invalid length.
[ 1618.313398][T19863] netlink: 'syz.5.3159': attribute type 2 has an invalid length.
[ 1618.377632][T19865] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3160'.
[ 1619.483293][T19876] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[ 1620.807474][T19900] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3172'.
[ 1622.998568][T19917] block nbd7: NBD_DISCONNECT
[ 1626.667232][T19955] netlink: 'syz.7.3188': attribute type 10 has an invalid length.
[ 1626.675280][T19955] netlink: 40 bytes leftover after parsing attributes in process `syz.7.3188'.
[ 1631.992932][T19989] netlink: 'syz.5.3198': attribute type 10 has an invalid length.
[ 1632.000938][T19989] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3198'.
[ 1632.010159][T19989] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1640.000725][T20023] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3207'.
[ 1645.163912][T20059] lo speed is unknown, defaulting to 1000
[ 1648.057323][T20076] tipc: Failed to remove unknown binding: 66,1,1/0:756372944/756372946
[ 1648.065812][T20076] tipc: Failed to remove unknown binding: 66,1,1/0:756372944/756372946
[ 1648.798469][T20084] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3224'.
[ 1649.730612][T20088] netlink: 'syz.5.3225': attribute type 10 has an invalid length.
[ 1649.738652][T20088] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3225'.
[ 1649.747928][T20088] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1653.573912][T20113] netlink: 'syz.5.3232': attribute type 10 has an invalid length.
[ 1653.581843][T20113] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3232'.
[ 1653.591113][T20113] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1663.127767][T20191] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3252'.
[ 1663.766831][T20195] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3253'.
[ 1666.592110][   T30] kauditd_printk_skb: 2 callbacks suppressed
[ 1666.592129][   T30] audit: type=1326 audit(1750578435.215:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20208 comm="syz.5.3257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1666.629592][   T30] audit: type=1326 audit(1750578435.215:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20208 comm="syz.5.3257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1666.651978][   T30] audit: type=1326 audit(1750578435.215:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20208 comm="syz.5.3257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1666.675060][   T30] audit: type=1326 audit(1750578435.215:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20208 comm="syz.5.3257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1666.696954][   T30] audit: type=1326 audit(1750578435.215:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20208 comm="syz.5.3257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1666.719266][   T30] audit: type=1326 audit(1750578435.215:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20208 comm="syz.5.3257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1666.753021][   T30] audit: type=1326 audit(1750578435.225:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20208 comm="syz.5.3257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1666.775087][   T30] audit: type=1326 audit(1750578435.225:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20208 comm="syz.5.3257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1666.797327][   T30] audit: type=1326 audit(1750578435.225:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20208 comm="syz.5.3257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1666.819529][   T30] audit: type=1326 audit(1750578435.225:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20208 comm="syz.5.3257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1668.942238][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1668.949016][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1669.112361][T20235] macvlan1: entered promiscuous mode
[ 1669.121001][T20235] ipvlan0: entered promiscuous mode
[ 1669.127419][T20235] ipvlan0: left promiscuous mode
[ 1669.137630][T20235] macvlan1: left promiscuous mode
[ 1674.137199][T20253] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3271'.
[ 1674.151163][T20253] openvswitch: netlink: nsh attribute has 5260 unknown bytes.
[ 1674.160674][T20253] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1675.566540][T20259] lo speed is unknown, defaulting to 1000
[ 1677.109146][T20267] lo speed is unknown, defaulting to 1000
[ 1679.871956][T20284] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3279'.
[ 1681.066179][T20294] trusted_key: encrypted_key: insufficient parameters specified
[ 1681.096536][T20294] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3282'.
[ 1688.268994][T20362] overlay: Unknown parameter '/dev/cpu/#/msr'
[ 1688.289666][T20362] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3305'.
[ 1688.298978][T20362] netlink: 152 bytes leftover after parsing attributes in process `syz.5.3305'.
[ 1690.301409][T20377] netlink: 'syz.5.3309': attribute type 10 has an invalid length.
[ 1690.309411][T20377] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3309'.
[ 1690.318651][T20377] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1692.540084][T20388] lo speed is unknown, defaulting to 1000
[ 1693.764157][   T30] kauditd_printk_skb: 27 callbacks suppressed
[ 1693.764178][   T30] audit: type=1326 audit(1750578462.395:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20398 comm="syz.5.3315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1693.792627][   T30] audit: type=1326 audit(1750578462.395:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20398 comm="syz.5.3315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1693.814779][   T30] audit: type=1326 audit(1750578462.415:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20398 comm="syz.5.3315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1693.836861][   T30] audit: type=1326 audit(1750578462.415:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20398 comm="syz.5.3315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1693.858785][   T30] audit: type=1326 audit(1750578462.415:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20398 comm="syz.5.3315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1693.881441][   T30] audit: type=1326 audit(1750578462.415:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20398 comm="syz.5.3315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1693.903747][   T30] audit: type=1326 audit(1750578462.425:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20398 comm="syz.5.3315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1693.926622][   T30] audit: type=1326 audit(1750578462.425:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20398 comm="syz.5.3315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1693.956836][   T30] audit: type=1326 audit(1750578462.425:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20398 comm="syz.5.3315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01438e929 code=0x7ffc0000
[ 1697.766059][T20408] overlayfs: failed to clone upperpath
[ 1699.029663][T20427] overlayfs: failed to clone upperpath
[ 1705.694951][T20454] overlayfs: failed to clone upperpath
[ 1706.924485][T20464] overlayfs: missing 'lowerdir'
[ 1707.043100][T20468] netlink: 76 bytes leftover after parsing attributes in process `syz.5.3338'.
[ 1707.104107][T20472] overlayfs: failed to clone upperpath
[ 1707.398843][T20483] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3344'.
[ 1710.497072][T20488] overlayfs: failed to clone upperpath
[ 1712.566060][T20506] lo speed is unknown, defaulting to 1000
[ 1713.717228][T20514] overlayfs: failed to clone upperpath
[ 1715.416333][T20529] overlayfs: failed to clone upperpath
[ 1715.979262][T20534] lo speed is unknown, defaulting to 1000
[ 1717.451673][T20542] lo speed is unknown, defaulting to 1000
[ 1720.010190][T20558] overlayfs: failed to clone upperpath
[ 1721.131171][T20564] 9pnet_fd: p9_fd_create_unix (20564): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[ 1722.358206][T20572] netlink: 'syz.5.3372': attribute type 10 has an invalid length.
[ 1722.458373][T20572] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3372'.
[ 1722.467563][T20572] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1723.078436][T20577] overlayfs: failed to clone upperpath
[ 1724.383118][T20590] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3378'.
[ 1724.536961][T20596] overlayfs: failed to clone upperpath
[ 1725.437047][T20610] overlayfs: failed to clone upperpath
[ 1725.644407][T20619] netlink: 'syz.5.3391': attribute type 21 has an invalid length.
[ 1725.653039][T20619] netlink: 'syz.5.3391': attribute type 10 has an invalid length.
[ 1725.661333][T20619] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3391'.
[ 1725.670515][T20619] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1727.410149][T20627] lo speed is unknown, defaulting to 1000
[ 1728.494781][T20634] overlayfs: failed to clone upperpath
[ 1730.271268][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1730.278138][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1731.086760][T20655] overlayfs: failed to clone upperpath
[ 1732.232378][T20673] overlayfs: failed to clone upperpath
[ 1733.428547][T20688] overlayfs: failed to clone upperpath
[ 1739.319579][T20742] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3433'.
[ 1741.784143][   T31] INFO: task kworker/0:5:5899 blocked for more than 143 seconds.
[ 1741.791944][   T31]       Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0
[ 1741.813617][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1741.822805][   T31] task:kworker/0:5     state:D stack:20840 pid:5899  tgid:5899  ppid:2      task_flags:0x4208060 flags:0x00004000
[ 1741.922467][   T31] Workqueue: events rfkill_sync_work
[ 1741.938810][   T31] Call Trace:
[ 1741.950979][   T31]  <TASK>
[ 1741.964395][   T31]  __schedule+0x16a2/0x4cb0
[ 1741.984236][   T31]  ? schedule+0x165/0x360
[ 1741.993112][   T31]  ? __pfx___schedule+0x10/0x10
[ 1742.015569][   T31]  ? schedule+0x91/0x360
[ 1742.043536][   T31]  schedule+0x165/0x360
[ 1742.058855][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1742.095789][   T31]  __mutex_lock+0x724/0xe80
[ 1742.121995][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1742.127254][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1742.132830][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[ 1742.155699][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1742.160813][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1742.167724][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1742.173888][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1742.180421][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[ 1742.186471][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[ 1742.191625][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[ 1742.197889][   T31]  rfkill_set_block+0x1cf/0x440
[ 1742.202797][   T31]  rfkill_sync_work+0x114/0x200
[ 1742.207849][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1742.213954][   T31]  process_scheduled_works+0xade/0x17b0
[ 1742.219582][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1742.225922][   T31]  worker_thread+0x8a0/0xda0
[ 1742.230601][   T31]  kthread+0x70e/0x8a0
[ 1742.240981][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1742.246942][   T31]  ? __pfx_kthread+0x10/0x10
[ 1742.251577][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1742.257515][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1742.262762][   T31]  ? __pfx_kthread+0x10/0x10
[ 1742.267951][   T31]  ret_from_fork+0x3f9/0x770
[ 1742.272594][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1742.278203][   T31]  ? __switch_to_asm+0x39/0x70
[ 1742.283092][   T31]  ? __switch_to_asm+0x33/0x70
[ 1742.288663][   T31]  ? __pfx_kthread+0x10/0x10
[ 1742.293300][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1742.298589][   T31]  </TASK>
[ 1742.301735][   T31] INFO: task kworker/0:4:17482 blocked for more than 143 seconds.
[ 1742.312338][   T31]       Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0
[ 1742.336510][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1742.349425][   T31] task:kworker/0:4     state:D stack:22872 pid:17482 tgid:17482 ppid:2      task_flags:0x4208060 flags:0x00004000
[ 1742.367233][   T31] Workqueue: events rfkill_global_led_trigger_worker
[ 1742.374124][   T31] Call Trace:
[ 1742.377511][   T31]  <TASK>
[ 1742.380443][   T31]  __schedule+0x16a2/0x4cb0
[ 1742.385434][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1742.390839][   T31]  ? schedule+0x165/0x360
[ 1742.395320][   T31]  ? __pfx___schedule+0x10/0x10
[ 1742.400224][   T31]  ? schedule+0x91/0x360
[ 1742.404554][   T31]  schedule+0x165/0x360
[ 1742.408744][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1742.414734][   T31]  __mutex_lock+0x724/0xe80
[ 1742.419283][   T31]  ? look_up_lock_class+0x74/0x170
[ 1742.425041][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1742.430101][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[ 1742.436719][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1742.441887][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1742.448018][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1742.454023][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[ 1742.460221][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1742.466206][   T31]  process_scheduled_works+0xade/0x17b0
[ 1742.471842][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1742.478051][   T31]  worker_thread+0x8a0/0xda0
[ 1742.482692][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1742.489232][   T31]  ? __kthread_parkme+0x7b/0x200
[ 1742.494395][   T31]  kthread+0x70e/0x8a0
[ 1742.498518][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1742.504050][   T31]  ? __pfx_kthread+0x10/0x10
[ 1742.508676][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1742.514021][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1742.519260][   T31]  ? __pfx_kthread+0x10/0x10
[ 1742.524282][   T31]  ret_from_fork+0x3f9/0x770
[ 1742.528917][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1742.534295][   T31]  ? __switch_to_asm+0x39/0x70
[ 1742.539177][   T31]  ? __switch_to_asm+0x33/0x70
[ 1742.544101][   T31]  ? __pfx_kthread+0x10/0x10
[ 1742.548718][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1742.553614][   T31]  </TASK>
[ 1742.556713][   T31] INFO: task syz.1.3077:19557 blocked for more than 144 seconds.
[ 1742.564497][   T31]       Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0
[ 1742.572164][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1742.580979][   T31] task:syz.1.3077      state:D stack:28072 pid:19557 tgid:19535 ppid:5816   task_flags:0x400040 flags:0x00004006
[ 1742.593968][   T31] Call Trace:
[ 1742.597277][   T31]  <TASK>
[ 1742.600231][   T31]  __schedule+0x16a2/0x4cb0
[ 1742.604862][   T31]  ? schedule+0x165/0x360
[ 1742.609240][   T31]  ? __pfx___schedule+0x10/0x10
[ 1742.614333][   T31]  ? schedule+0x91/0x360
[ 1742.618626][   T31]  schedule+0x165/0x360
[ 1742.622828][   T31]  schedule_timeout+0x9a/0x270
[ 1742.628274][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[ 1742.634272][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1742.639512][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1742.645028][   T31]  ? wait_for_completion+0x267/0x5d0
[ 1742.650372][   T31]  wait_for_completion+0x2bf/0x5d0
[ 1742.655914][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[ 1742.661601][   T31]  ? __flush_work+0xd2/0xbc0
[ 1742.666954][   T31]  ? __flush_work+0xd2/0xbc0
[ 1742.671583][   T31]  __flush_work+0x9b9/0xbc0
[ 1742.676380][   T31]  ? __flush_work+0xd2/0xbc0
[ 1742.681006][   T31]  ? __pfx___flush_work+0x10/0x10
[ 1742.687210][   T31]  ? __pfx_wq_barrier_func+0x10/0x10
[ 1742.692565][   T31]  ? __pfx___cancel_work+0x10/0x10
[ 1742.699814][   T31]  ? nfc_genl_device_removed+0x23c/0x330
[ 1742.705884][   T31]  __cancel_work_sync+0xbe/0x110
[ 1742.710866][   T31]  rfkill_unregister+0x92/0x220
[ 1742.716142][   T31]  nfc_unregister_device+0x96/0x2a0
[ 1742.721379][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[ 1742.727465][   T31]  virtual_ncidev_close+0x56/0x90
[ 1742.732532][   T31]  __fput+0x449/0xa70
[ 1742.736908][   T31]  task_work_run+0x1d1/0x260
[ 1742.741539][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1742.748336][   T31]  get_signal+0x11c5/0x1310
[ 1742.752886][   T31]  ? kick_process+0xeb/0x160
[ 1742.758420][   T31]  ? task_work_add+0x377/0x420
[ 1742.763651][   T31]  ? __pfx_task_work_add+0x10/0x10
[ 1742.768844][   T31]  ? __pfx_vfs_read+0x10/0x10
[ 1742.773924][   T31]  arch_do_signal_or_restart+0x9a/0x750
[ 1742.779510][   T31]  ? __pfx___fput_deferred+0x10/0x10
[ 1742.786248][   T31]  ? __fget_files+0x2a/0x420
[ 1742.790995][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1742.798839][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[ 1742.805908][   T31]  exit_to_user_mode_loop+0x75/0x110
[ 1742.811271][   T31]  do_syscall_64+0x2bd/0x3b0
[ 1742.816445][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1742.821702][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1742.828477][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1742.833221][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1742.839584][   T31] RIP: 0033:0x7f02a898e929
[ 1742.849307][   T31] RSP: 002b:00007f02a9844038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1742.858582][   T31] RAX: fffffffffffffff2 RBX: 00007f02a8bb6240 RCX: 00007f02a898e929
[ 1742.871499][   T31] RDX: 0000000000000064 RSI: 0000200000000380 RDI: 0000000000000007
[ 1742.881230][   T31] RBP: 00007f02a8a10b39 R08: 0000000000000000 R09: 0000000000000000
[ 1742.896851][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1742.909810][   T31] R13: 0000000000000000 R14: 00007f02a8bb6240 R15: 00007fffd7e36858
[ 1742.918089][   T31]  </TASK>
[ 1742.921363][   T31] 
[ 1742.921363][   T31] Showing all locks held in the system:
[ 1742.929477][   T31] 2 locks held by kworker/u8:1/13:
[ 1742.935047][   T31]  #0: ffff8880b8639e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[ 1742.946984][   T31]  #1: ffff8880b8623f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39e/0x6d0
[ 1742.959573][   T31] 1 lock held by khungtaskd/31:
[ 1742.964866][   T31]  #0: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1742.974934][   T31] 2 locks held by getty/5580:
[ 1742.979624][   T31]  #0: ffff88814d3400a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1742.989882][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1743.000149][   T31] 4 locks held by kworker/0:5/5899:
[ 1743.005469][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1743.016604][   T31]  #1: ffffc90004dffbc0 ((work_completion)(&rfkill->sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1743.029239][   T31]  #2: ffffffff8f7d8968 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_sync_work+0x2e/0x200
[ 1743.039484][   T31]  #3: ffff88806369d100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[ 1743.049294][   T31] 3 locks held by kworker/0:4/17482:
[ 1743.054689][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1743.066032][   T31]  #1: ffffc90003aefbc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1743.080137][   T31]  #2: ffffffff8f7d8968 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[ 1743.091613][   T31] 1 lock held by syz.1.3077/19557:
[ 1743.096789][   T31]  #0: ffff88806369d100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[ 1743.106780][   T31] 2 locks held by syz-executor/19704:
[ 1743.112177][   T31]  #0: ffff88806cf55118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 1743.122368][   T31]  #1: ffffffff8f7d8968 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1743.132483][   T31] 2 locks held by syz.8.3142/19806:
[ 1743.137788][   T31]  #0: ffffffff8e9b0488 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1743.146497][   T31]  #1: ffffffff8f7d8968 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820
[ 1743.156634][   T31] 1 lock held by syz.9.3154/19842:
[ 1743.161758][   T31]  #0: ffffffff8e9b0488 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1743.170312][   T31] 1 lock held by syz.9.3154/19843:
[ 1743.175521][   T31]  #0: ffffffff8e9b0488 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1743.184556][   T31] 1 lock held by syz.7.3190/19959:
[ 1743.189683][   T31]  #0: ffffffff8e9b0488 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1743.198283][   T31] 1 lock held by syz.7.3190/19960:
[ 1743.203481][   T31]  #0: ffffffff8e9b0488 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1743.211995][   T31] 1 lock held by syz-executor/19972:
[ 1743.217360][   T31]  #0: ffffffff8e9b0488 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1743.226039][   T31] 1 lock held by syz-executor/19992:
[ 1743.231336][   T31]  #0: ffffffff8e9b0488 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1743.239930][   T31] 1 lock held by syz-executor/20047:
[ 1743.245290][   T31]  #0: ffffffff8e9b0488 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1743.253866][   T31] 1 lock held by syz-executor/20193:
[ 1743.259182][   T31]  #0: ffffffff8e9b0488 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1743.267845][   T31] 1 lock held by syz-executor/20368:
[ 1743.273153][   T31]  #0: ffffffff8e9b0488 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1743.281864][   T31] 1 lock held by syz-executor/20392:
[ 1743.288069][   T31]  #0: ffffffff8e9b0488 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1743.297038][   T31] 1 lock held by syz-executor/20452:
[ 1743.302340][   T31]  #0: ffffffff8e9b0488 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1743.311046][   T31] 1 lock held by syz-executor/20582:
[ 1743.316399][   T31]  #0: ffffffff8e9b0488 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1743.324969][   T31] 1 lock held by syz.5.3439/20758:
[ 1743.330099][   T31]  #0: ffffffff8f7d8968 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 1743.340338][   T31] 
[ 1743.342682][   T31] =============================================
[ 1743.342682][   T31] 
[ 1743.351262][   T31] NMI backtrace for cpu 1
[ 1743.351278][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[ 1743.351301][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1743.351314][   T31] Call Trace:
[ 1743.351322][   T31]  <TASK>
[ 1743.351330][   T31]  dump_stack_lvl+0x189/0x250
[ 1743.351362][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1743.351398][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1743.351427][   T31]  ? __pfx__printk+0x10/0x10
[ 1743.351476][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1743.351506][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1743.351527][   T31]  ? _printk+0xcf/0x120
[ 1743.351553][   T31]  ? __pfx__printk+0x10/0x10
[ 1743.351576][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1743.351606][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1743.351635][   T31]  watchdog+0xfee/0x1030
[ 1743.351663][   T31]  ? watchdog+0x1de/0x1030
[ 1743.351699][   T31]  kthread+0x70e/0x8a0
[ 1743.351725][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1743.351751][   T31]  ? __pfx_kthread+0x10/0x10
[ 1743.351776][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1743.351805][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1743.351833][   T31]  ? __pfx_kthread+0x10/0x10
[ 1743.351856][   T31]  ret_from_fork+0x3f9/0x770
[ 1743.351888][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1743.351922][   T31]  ? __switch_to_asm+0x39/0x70
[ 1743.351941][   T31]  ? __switch_to_asm+0x33/0x70
[ 1743.351960][   T31]  ? __pfx_kthread+0x10/0x10
[ 1743.351991][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1743.352029][   T31]  </TASK>
[ 1743.352037][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1743.509720][    C0] NMI backtrace for cpu 0
[ 1743.509737][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[ 1743.509759][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1743.509770][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1743.509801][    C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 e6 28 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1743.509818][    C0] RSP: 0000:ffffffff8de07d80 EFLAGS: 000002c6
[ 1743.509834][    C0] RAX: 07b69fe68fb00e00 RBX: ffffffff81975c68 RCX: 07b69fe68fb00e00
[ 1743.509849][    C0] RDX: 0000000000000001 RSI: ffffffff8d96ea93 RDI: ffffffff8be1b740
[ 1743.509862][    C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb
[ 1743.509876][    C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8f9fdef0
[ 1743.509890][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50
[ 1743.509902][    C0] FS:  0000000000000000(0000) GS:ffff888125c85000(0000) knlGS:0000000000000000
[ 1743.509917][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1743.509929][    C0] CR2: 00005563fc8e5840 CR3: 000000000df38000 CR4: 00000000003526f0
[ 1743.509945][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1743.509956][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1743.509980][    C0] Call Trace:
[ 1743.509986][    C0]  <TASK>
[ 1743.509992][    C0]  default_idle+0x13/0x20
[ 1743.510009][    C0]  default_idle_call+0x74/0xb0
[ 1743.510026][    C0]  do_idle+0x1e8/0x510
[ 1743.510056][    C0]  ? __pfx_do_idle+0x10/0x10
[ 1743.510092][    C0]  cpu_startup_entry+0x44/0x60
[ 1743.510118][    C0]  rest_init+0x2de/0x300
[ 1743.510136][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[ 1743.510157][    C0]  start_kernel+0x47d/0x500
[ 1743.510183][    C0]  x86_64_start_reservations+0x24/0x30
[ 1743.510202][    C0]  x86_64_start_kernel+0x143/0x1c0
[ 1743.510235][    C0]  common_startup_64+0x13e/0x147
[ 1743.510262][    C0]  </TASK>
[ 1743.510769][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1743.715296][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[ 1743.727092][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1743.737138][   T31] Call Trace:
[ 1743.740424][   T31]  <TASK>
[ 1743.743352][   T31]  dump_stack_lvl+0x99/0x250
[ 1743.747946][   T31]  ? __asan_memcpy+0x40/0x70
[ 1743.752535][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1743.757755][   T31]  ? __pfx__printk+0x10/0x10
[ 1743.762350][   T31]  panic+0x2db/0x790
[ 1743.766265][   T31]  ? __pfx_panic+0x10/0x10
[ 1743.770682][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1743.776494][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1743.781867][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1743.788031][   T31]  watchdog+0x102d/0x1030
[ 1743.792363][   T31]  ? watchdog+0x1de/0x1030
[ 1743.796780][   T31]  kthread+0x70e/0x8a0
[ 1743.800845][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1743.805533][   T31]  ? __pfx_kthread+0x10/0x10
[ 1743.810153][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1743.815383][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1743.820588][   T31]  ? __pfx_kthread+0x10/0x10
[ 1743.825181][   T31]  ret_from_fork+0x3f9/0x770
[ 1743.829778][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1743.834898][   T31]  ? __switch_to_asm+0x39/0x70
[ 1743.839657][   T31]  ? __switch_to_asm+0x33/0x70
[ 1743.844413][   T31]  ? __pfx_kthread+0x10/0x10
[ 1743.849002][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1743.853860][   T31]  </TASK>
[ 1743.857313][   T31] Kernel Offset: disabled
[ 1743.861636][   T31] Rebooting in 86400 seconds..