last executing test programs:

7.538101827s ago: executing program 2 (id=5):
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306e53f070c0000002ad001"], 0x0}, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cgroup.controllers\x00', 0x300, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="18000000760001"], 0x1c}], 0x1, 0x0, 0x0, 0x4004000}, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = openat$rdma_cm(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x2b)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2e, 0x1, 0x0, 0x0, "", [@nested={0x101, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback={0x100000000000000}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd"]}]}, 0x114}], 0x1}, 0x0)

6.777240859s ago: executing program 2 (id=7):
syz_usb_connect$uac1(0x1, 0x8c, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7a, 0x3, 0x1, 0x1, 0xd0, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x3}, [@selector_unit={0xa, 0x24, 0x5, 0x4, 0x81, "0a49cd1704"}, @mixer_unit={0x5, 0x24, 0x4, 0x4, 0x5}, @processing_unit={0xc, 0x24, 0x7, 0x4, 0x2, 0x5, "3707000000f5"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x1, 0xcb, 0x74, {0x7, 0x25, 0x1, 0x0, 0x7, 0xfff}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x18, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x81, 0x7ff}}}}}}}]}}, &(0x7f0000000000)={0xfffffffffffffeb9, 0x0, 0x0, 0x0, 0x3})
syz_usb_connect$uac1(0x2, 0xfb, &(0x7f0000000b80)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe9, 0x3, 0x1, 0x6, 0x70, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x200, 0x8}, [@extension_unit={0xb, 0x24, 0x8, 0x5, 0x5ec, 0xf, "28122e88"}, @extension_unit={0xa, 0x24, 0x8, 0x4, 0x6, 0x10, "33191f"}, @extension_unit={0xb, 0x24, 0x8, 0x6, 0x400, 0x92, '_`pj'}, @extension_unit={0xb, 0x24, 0x8, 0x5, 0x0, 0xff, "caaa6edd"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x3, 0xfe, 0x1001}, @format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x9, 0x2, 0x6, 0x69}, @format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x7, 0x3, 0x6, 0x64, "9c3a1fd5da"}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x81, 0x9, 0x5, {0x7, 0x25, 0x1, 0x83, 0x5, 0x7fff}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x1ff, 0x5, 0x7, "310053ba36de"}, @as_header={0x7, 0x24, 0x1, 0x4, 0x8, 0x1}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x2, 0x3, 0x9, 0x9, "ab"}, @as_header={0x7, 0x24, 0x1, 0xbd, 0xb, 0x4}, @format_type_ii_discrete={0x10, 0x24, 0x2, 0x2, 0x1, 0xc6, 0x2, "8b5b6283cf0c71"}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0xfff, 0xdf31, 0x6, "2267a8f1"}]}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0xd5, 0x8, 0x80, {0x7, 0x25, 0x1, 0x80, 0xee, 0x4}}}}}}}]}}, &(0x7f0000001040)={0xa, &(0x7f0000000c80)={0xa, 0x6, 0x200, 0x0, 0x7f, 0xd, 0xff, 0xff}, 0x5, &(0x7f0000000cc0)={0x5, 0xf, 0x5}, 0xa, [{0x4, &(0x7f0000000d00)=@lang_id={0x4, 0x3, 0x416}}, {0x26, &(0x7f0000000d40)=@string={0x26, 0x3, "73d2897d5024c5c01d7b718d5fcb53e34411baf2587e5e760fb487f605a9ba9063ddeaa1"}}, {0x4, &(0x7f0000000d80)=@lang_id={0x4, 0x3, 0x2c09}}, {0x4, &(0x7f0000000dc0)=@lang_id={0x4, 0x3, 0x42b}}, {0x4, &(0x7f0000000e00)=@lang_id={0x4, 0x3, 0x843}}, {0xed, &(0x7f0000000e40)=@string={0xed, 0x3, "24f903e591ebc2bf45f3ce9a95ba3e3cb5c9218c91f374e43c12e1e590cecf6240ccbeb362ca1c34ded17f0b37ae45886c5e1e12649d7d982eee08f2fd8a6fcfa2ab47f1666c38ac70602d91c006a251e2d1f13590ca21a589d510d9af03662004775b3ab50722b8a2548c95ec5d7a31c16b5fc3e05f63a5230c6c133d90247c1f34cc66274e806410122e897030f66962382dad509deec3413549e727f1217db2d2ac067cf6db568df17309fe03a409a805ce15ffd132eb5695ed8093117c79f222d1acaef4ee58397d0b520ca5036645c1b69100e4c6fa88ec7d1b3cbbc4799936a93fe1c1706262ddd8"}}, {0x4, &(0x7f0000000f40)=@lang_id={0x4, 0x3, 0x3c01}}, {0x4, &(0x7f0000000f80)=@lang_id={0x4, 0x3, 0x43e}}, {0x14, &(0x7f0000000fc0)=@string={0x14, 0x3, "a194559c8e779dcf7a38b354da4a3f641b81"}}, {0x31, &(0x7f0000001000)=@string={0x31, 0x3, "23ba6cd0781c87aa6f260e6c2a1449c9267f67b9145240d74978985bf90c0c2bbb5c65f2894bac76499a7dc942934d"}}]})
r0 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_TTSTAMP(r0, 0x40044103, &(0x7f0000000180)=0x5)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCRSCLRRT(r1, 0x891b)
syz_usb_connect$cdc_ecm(0x2, 0x12c, &(0x7f0000001100)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x11a, 0x1, 0x1, 0x3, 0xa0, 0xb3, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x9, 0x4, 0x401, 0x78}, [@acm={0x4, 0x24, 0x2, 0x4}, @country_functional={0xe, 0x24, 0x7, 0x0, 0x8, [0x0, 0x3d, 0x9, 0x8]}, @obex={0x5, 0x24, 0x15, 0x7fff}, @mdlm_detail={0xb3, 0x24, 0x13, 0x1, "ecbb58243851c19c6424bbd7def7071d81edd60b856f6256b30de746e8ad17b2d523276f179a47307222a9137041b357724843822e85fc3e4daf968df54ec8414c6a8ca17ffa8adf9cac6a9122ab6dd09f4e582d1f51ffb5c7bb1f395094ba11fb73ebc83c1b4e62deacf315821b61816bf41e2127dac57d0b7bc13d1fc55d7a5eb11eaeac594d68563e5af48c10a2c53723abfd36595016b7788406d2589fc5ae94b1a57c608f472efd2bea315acb"}, @mdlm={0x15, 0x24, 0x12, 0x5}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x20, 0x1, 0xff, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x7f, 0x6, 0x4}}}}}]}}]}}, &(0x7f0000001440)={0xa, &(0x7f0000001240)={0xa, 0x6, 0x310, 0x80, 0x0, 0x9, 0x8, 0xc7}, 0x51, &(0x7f0000001280)={0x5, 0xf, 0x51, 0x4, [@ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf88f, 0x8, [0xff0000, 0x0, 0xc0, 0x0, 0xf, 0xcf]}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x5c, 0x6, 0xf687}, @ssp_cap={0x14, 0x10, 0xa, 0x2, 0x2, 0x4408, 0xf000, 0x0, [0x0, 0xf0]}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x7, 0x40, 0x0, 0x55}]}, 0x5, [{0x4, &(0x7f0000001300)=@string={0x4, 0x3, "fa77"}}, {0x1e, &(0x7f0000001340)=@string={0x1e, 0x3, "939216d6a1725d7c00f9511cdabb6281917b4a48ff512a66cc7e5db1"}}, {0x4, &(0x7f0000001380)=@lang_id={0x4, 0x3, 0x430}}, {0xa, &(0x7f00000013c0)=@string={0xa, 0x3, "7454523acba7c80b"}}, {0x24, &(0x7f0000001400)=@string={0x24, 0x3, "e3648d8ff730e8c0504a8c3e8652de057fdffaedbfc84828527c2d2d1ee3f0a06ef6"}}]})
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000005c0)={0x2c, &(0x7f00000003c0)={0x0, 0x23, 0xf8, {0xf8, 0x6, "62420048cec956ad594ba48e8926101c317314aaab5aade8a743cb67cfc2e4426e8790e5a94cde2b924c82ee41a8bec4e31ed8011a62558b37a40fde93841490e4ca844b858677af46ad60bc47d87a6e29895a5cc5336e5c1812973b13242b25ce7ea186e9047ed1bb9770426dbc9f194f9e0ae19fd194a45d4d069a1051a6293ad266452d6f18e6bc3d7d73fa0e6680f3029b739e20fcc49142cea8b0db3594be69d56085e57303a25a43a71f6803d014b92f1b36840d153285528304f693fb87e266f038c1533027f2bd296455785bb19fdee312b957e8aad3ee57cb0d977601f097a49e26b55f1a29c84958f7310f783ba2589b2e"}}, &(0x7f00000004c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x41b}}, &(0x7f0000000500)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000540)={0x20, 0x29, 0xf, {0xf, 0x29, 0x8, 0x18, 0x5, 0x0, "64bc63e9", "27ff2b51"}}, &(0x7f0000000580)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xea, 0x4, 0x6, 0x0, 0x1, 0x7, 0xfffe}}}, &(0x7f0000000ac0)={0x84, &(0x7f0000000600)={0x20, 0x0, 0xf5, "269f77746b9e7c49a39dc57387887d9610f5d2449d2e8b4b7c17d84e214776a1d221c377338ab06ca2af77f33fbaffcb617fd78416e2828b0ba48daaba8438c0e58805620d81ed13b4f2a0f0edb652a4bd80279a59a88b14921d4216a7077fd59c317c9038acddc91d532aff8ecc0ca36b2556dbaf4004c96a2fd4c48fba4b23eed7644126b665315b8deae44c30b91b41bc81b8c059f9a0f2a15a3e8cf6f6925b1609ba896e47915416fd7f8191120b3529397aa9e3e8285fd58f2992aeecf4dcac2dc066a99cfd83467f07ad9351def3d14f0665b795c120c10e882020368f7b900f467080e549da853107683e5a5512b895e8ad"}, &(0x7f0000000700)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000740)={0x0, 0x8, 0x1, 0xf}, &(0x7f0000000780)={0x20, 0x0, 0x4, {0x1}}, &(0x7f00000007c0)=ANY=[@ANYBLOB='\x00'/14], &(0x7f0000000800)={0x40, 0x7, 0x2, 0x9a6e}, &(0x7f0000000840)={0x40, 0x9, 0x1, 0x9}, &(0x7f0000000880)={0x40, 0xb, 0x2, "34e7"}, &(0x7f00000008c0)={0x40, 0xf, 0x2, 0x1}, &(0x7f0000000900)={0x40, 0x13, 0x6, @random="c3b0b46b3d3e"}, &(0x7f0000000940)={0x40, 0x17, 0x6, @local}, &(0x7f0000000980)={0x40, 0x19, 0x2, "94f9"}, &(0x7f00000009c0)={0x40, 0x1a, 0x2, 0x200}, &(0x7f0000000a00)={0x40, 0x1c, 0x1, 0x7}, &(0x7f0000000a40)={0x40, 0x1e, 0x1, 0x81}, &(0x7f0000000a80)={0x40, 0x21, 0x1, 0x81}})

6.424134332s ago: executing program 3 (id=10):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x3)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$inet_int(r1, 0x0, 0xb, 0x0, &(0x7f00000000c0))
sendfile(r0, r0, 0x0, 0x200000)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000002740)=ANY=[@ANYRES8=r3], 0x2)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r4, 0xc01064b3, 0x0)
r5 = dup(r2)
r6 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x84, &(0x7f0000000440)={0x0, @in6={{0xa, 0x4e22, 0x1, @ipv4={'\x00', '\xff\xff', @broadcast}, 0xa}}, 0xfffc, 0x86}, &(0x7f00000001c0)=0x90)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x8c, r8, 0x205, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4f, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x81}, @device_b, @device_b, @initial, {0x6}}, 0x9, @default, 0x1971, @void, @val, @val={0x3, 0x1, 0xb5}, @void, @void, @void, @void, @val={0x2a, 0x1, {0x1, 0x1, 0x1}}, @val={0x3c, 0x4, {0x1, 0x9, 0xc9, 0xb6}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0x0, 0x1, 0xffffffffffffffff, 0x82, 0xb}}, @val={0x76, 0x6, {0x4, 0x7, 0x7, 0x7}}}}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x4}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x8c}}, 0x24000080)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r5, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, r8, 0x200, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xffff, 0x4a}}}}}, 0x20}}, 0x4008814)

5.890429136s ago: executing program 3 (id=12):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/udplite\x00')
pread64(r0, &(0x7f0000000140)=""/146, 0xcc, 0x1000004)

5.714925005s ago: executing program 3 (id=13):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x20, 0x0, &(0x7f0000000040)=[@acquire={0x40046305, 0x2}, @release, @request_death={0x400c630e, 0x2}], 0x3a, 0x0, &(0x7f00000000c0)="0492f79f8ffe6964d55bafb1f1d49d9e66e4850058a2e451b6c46fc3c66684a21778f818223c1a1a0e1c6fa6629025b2d77708c87defadc71817"})
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
r3 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000080904000001020d0000052406000105240000000d240f0100000000000000000006241a0000000905810300020000000904010000020d00000904010102020d0000090582020002000000090503020002"], 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x14, 0x1010, 0x83, 0x5, 0xb, 0xa53, 0xd, 0x9, 0x5, 0x7}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) (async, rerun: 64)
syz_usb_control_io$cdc_ncm(r3, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) (rerun: 64)
add_key(&(0x7f00000003c0)='dns_resolver\x00', &(0x7f0000000400)={'syz', 0x3, 0x9}, &(0x7f0000000080)="00fe0102", 0xfffff, r2)

5.081046188s ago: executing program 2 (id=15):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0)
socket$packet(0x11, 0xa, 0x300)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0)
bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000b80)=@migrate={0x80, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@mcast2, 0x4e21, 0x0, 0x0, 0x0, 0xa, 0x0, 0x10}}, [@migrate={0x4}, @user_kmaddress={0x2c, 0x13, {@in=@multicast1, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x2}}]}, 0x80}, 0x1, 0x0, 0x0, 0x4050}, 0x44)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4)
connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000002a00)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ccba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e0132269c182e5d0186448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a31933e40cff645d93afca045741f99a0944bf4d9d63cbfaf1cba5b3b6dd6c2edd5e6c4505ae594aa23cbc8a143512180028d9b3984a2517ac9a15154460ff0f654df3f8cf1c13455cb5f440a67de7a6dad269c76e2625c35222902a47aa3b920d97dea05c43bc906000000781f8057097ca11a9d90eea3d8ae56f0e57f3a6f32f8786e165305301a3d86367337d2651a27b8c222f349491648ba165a6ed9a1e5e5397a1ee963651c2d9c79d6d5b34941375b6b53abcc7882c4e57a63de2e32c30e41030000ae6efee9e3446eab3b5407cc20f581095dde95241e4153c4864ea7ecd07888956d9375b9ef74be4454d7693b53ed6bd0644cd93945b2eb35a6ac7c34aa11facf27ca4463e2bb1eef7126a982f0de190d54bd6f6c2c9fecf37053894f4b8001fa9902cb9544f8394c96faa2767c0af169cf7c3e0c49d962d470", 0x22c}, {&(0x7f0000000040)="d2cf4071ee038000007ad2e20539519ec6afbc0000", 0x15}], 0x2}}, {{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000700)="2575dfd4", 0x4}], 0x1}}], 0x2, 0x4040001)
r4 = dup(r1)
syz_genetlink_get_family_id$ipvs(&(0x7f00000006c0), r4)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), r4)
ioctl$EXT4_IOC_GROUP_ADD(r3, 0x40286608, &(0x7f0000000000)={0x2, 0xf, 0x9a, 0xfffffffffffffffc, 0x5, 0x8})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0})

4.836391399s ago: executing program 0 (id=17):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x20400, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
getsockopt$inet6_tcp_int(r0, 0x6, 0x6, 0x0, &(0x7f0000000700))

4.718841862s ago: executing program 0 (id=18):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x0})

4.606459419s ago: executing program 0 (id=19):
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x2)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
close(r1)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)

4.531650726s ago: executing program 1 (id=20):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000000c0), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="050000009f600000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x8800)

3.882003486s ago: executing program 1 (id=21):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c0001"], 0xdc}}, 0x0)

3.787575455s ago: executing program 0 (id=22):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mount_setattr(0xffffffffffffff9c, 0x0, 0x100, 0x0, 0x0)

3.512186111s ago: executing program 1 (id=23):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="380000000314010029bd7000ffdbdf250900020073797a3100000000080041007369770014003300"], 0x38}, 0x1, 0x0, 0x0, 0x8081}, 0x20000000)

3.377833923s ago: executing program 1 (id=24):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x208, 0x4)
sendmmsg$inet(r0, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000011c0)="93bffce623851797a8dc7901f0048678cd35ef833c350900f95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e6c4046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb600"/135, 0x87}, {&(0x7f0000000780)="029993440c7a1d95d3bb8cf353fd63c588ffa39f0ff0fced20927ea4b2a247d082247558bef6b2b2cd6a0dffece1b36526e9388c344fb7ac429e430bcb03", 0x3e}], 0x2}}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000003c0)="b1f5", 0x2}], 0x1}}], 0x2, 0xc0)
sendto$inet(r0, &(0x7f0000000580)="17", 0x501, 0x10008095, 0x0, 0x0)

3.328873164s ago: executing program 0 (id=25):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000040)=0xfffffffc, 0x4)
setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f0000000300)=0x80000009, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

3.080032292s ago: executing program 1 (id=26):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = semget$private(0x0, 0x207, 0x0)
socket$inet6(0xa, 0x3, 0x5)
semctl$GETALL(r5, 0x0, 0xd, 0xfffffffffffffffe)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r6, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000801}, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, 0x0, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
clock_gettime(0x0, 0x0)
sendmsg$can_bcm(r4, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x200000c5}, 0x24000805)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c080}, 0x0)
r8 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSIGACCEPT(r8, 0x4b4e, 0x12f)

2.152063333s ago: executing program 2 (id=27):
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000100)=0xfff, 0x4)
listen(0xffffffffffffffff, 0x7f)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='net/connector\x00')
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'dummy0\x00', <r6=>0x0})
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000100)={@loopback, 0xa, r6})
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000580)={&(0x7f0000002e80)=ANY=[@ANYBLOB="c0050000", @ANYRES16=0x0, @ANYBLOB="200025bd7000fbdbdf250c0000009c00038046000400ab8135b3515544ebd54606a9aded1cab12109cea98845ffcbc4a81cc6bdb598ab98b53eae106fec797d3fdb34b85b3968fde9ad02b26bffeefdc7e9dcc07c8096fcc0000400003801800018009000200633a3a3a00000000080001001000000014000180080001000f936d1b050002000000000010000180040003000400030004000300080002000900000008000200810000002401038057000500b41f069f1abf4a8d21a242155b3c0b4ff39718f28e2159f9abf2e1e8da8d8970c839ec63b8bedeec4b8542e3caa59664f3373f5081a3e674262fca8f90fbd957477779fa63c6d704938d5595cdff4f2aa9939000c50005006dfa637c40c16fc8dd50b9454d66b0c9fb277db8a9a9692d473ed69d9eddaec67f44a6347559475593ae488b19516d9bd8a400530e702cb2bb3616ef04dd0b3375d9919ffc22e89d92163ece2f431c366caa0fb8955e6e151941a887ef115512f3b615b3bf96a5128779333d829a62e45c42e4bc182ee474fceab3fbce662218546311871dca8f720746547ed5527c7084e04e092cb927186466199799e5f06d2f5ba5dec82264cb19f2ae54c7d19ff8e74940153be7972c73aedb407d610f9c45000000bc030380040001001a000400beb404d5135e693da0061cbdbc88789f9fcc429e95a8000098030380b4000180040003000500020000000000a3000200623a3a3a00efdf42fa3de3d19de1bf556c4a345d792d2c8a039178759c50dce595a2409c98a4d2d47dc85d374ef30e27a078fb6474b41f57e7beaf012e7a54ab924910348c18161c8a8efd8b7b5a56485a32d3d62d7e968023ee292b4cf100d570e7208cd2071eaeb4e8d1e1edb894b22a1cae471edbc051b9604bff47c0a2b431ac9801de7d3a08a04f71eca8f08fe3a137e3d79c5e90fa6cbe819aa4004b00240001800a000200736f757263650000080001000010000004000300040003000400030024000180080001000b0000000400030004000300050002000000000008000100060000001c0001800900020062656673000000000b00020064756d6d79300000d80001800a00020028232b242d0000000800010003000000a3000200623a3a3a00efdf42fa3de3d19de1bf556c4a345d792d2c8a039178759c50dce595a2409c98a4d2d47dc85d374ef30e27a078fb6474b41f57e7beaf012e7a54ab924910348c18161c8a8efd8b7b5a56485a32d3d62d7e968023ee292b4cf100d570e7208cd2071eaeb4e8d1e1edb894b22a1cae471edbc051b9604bff47c0a2b431ac9801de7d3a08a04f71eca8f08fe3a137e3d79c5e90fa6cbe819aa4004b0008000100050000000b000200252b282d2a2c000008000200253a2d000c00018004000300040003005801018009000200633a3a3a00000000a3000200623a3a3a00efdf42fa3de3d19de1bf556c4a345d792d2c8a039178759c50dce595a2409c98a4d2d47dc85d374ef30e27a078fb6474b41f57e7beaf012e7a54ab924910348c18161c8a8efd8b7b5a56485a32d3d62d7e968023ee292b4cf100d570e7208cd2071eaeb4e8d1e1edb894b22a1cae471edbc051b9604bff47c0a2b431ac9801de7d3a08a04f71eca8f08fe3a137e3d79c5e90fa6cbe819aa4004b00a3000200623a3a3a00efdf42fa3de3d19de1bf556c4a345d792d2c8a039178759c50dce595a2409c98a4d2d47dc85d374ef30e27a078fb6474b41f57e7beaf012e7a54ab924910348c18161c8a8efd8b7b5a56485a32d3d62d7e968023ee292b4cf100d570e7208cd2071eaeb4e8d1e1edb894b22a1cae471edbc051b9604bff47c0a2b431ac9801de7d3a08a04f71eca8f08fe3a137e3d79c5e90fa6cbe819aa4004b0040000180090002002c2f2b230000000008000100a500000004000300080001000900000009000200633a3a3a0000000008000100ff03000005000200000000003000018008000100", @ANYRES32=0x0, @ANYBLOB="1a0002006c6f0000000000000000000000005eb2a557f689ae90ea3cf4ecbba0e588373faa3ba812df2b4aaf5e0f8e8e91e1203d80e458787acd699bea2aeb49b16fc26397721deb95e6c3d1257ad2519097cc85edb17118e26aad140c86f621e18fe47c649f905fce1d2c6502406acb91e682884f", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB], 0x5c0}}, 0x810)
close(0xffffffffffffffff)
read$FUSE(r4, &(0x7f0000000640)={0x2020}, 0x2020)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\x05j\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0e\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']})
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000080)='source', &(0x7f0000000180)='b:::\x00\xef\xdfB\xfa=\xe3\xd1\x9d\xe1\xbfUlJ4]y-,\x8a\x03\x91xu\x9cP\xdc\xe5\x95\xa2@\x9c\x98\xa4\xd2\xd4}\xc8]7N\xf3\x0e\'\xa0x\xfbdt\xb4\x1fW\xe7\xbe\xaf\x01.zT\xab\x92I\x104\x8c\x18\x16\x1c\x8a\x8e\xfd\x8b{ZVHZ2\xd3\xd6-~\x96\x80#\xee)+L\xf1\x00\xd5p\xe7 \x8c\xd2\a\x1e\xae\xb4\xe8\xd1\xe1\xed\xb8\x94\xb2*\x1c\xaeG\x1e\xdb\xc0Q\xb9`K\xffG\xc0\xa2\xb41\xac\x98\x01\xde}:\b\xa0Oq\xec\xa8\xf0\x8f\xe3\xa17\xe3\xd7\x9c^\x90\xfal\xbe\x81\x9a\xa4\x00K', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)

2.033287656s ago: executing program 1 (id=28):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000056544820e105080411250102030109021b000100000000090436cd8601", @ANYRESOCT=r0], 0x0)

1.624411326s ago: executing program 3 (id=29):
r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0)
lseek(r0, 0x8000000000000001, 0x4)

1.250601174s ago: executing program 3 (id=30):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xe3}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
capget(&(0x7f00000001c0)={0x20071026, r0}, &(0x7f0000000300)={0x7, 0x4b0116bd, 0x63b, 0xae09, 0x2, 0x8})
r3 = openat$vcsa(0xffffff9c, 0x0, 0x400, 0x0)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, 0x0, &(0x7f0000000380))
r4 = memfd_create(0x0, 0x1)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r3)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0)

1.18631082s ago: executing program 2 (id=31):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a98000000060a0b040000000000000000020000006c000480680001800a000100696e6e65720000005800028008000240000000840800034000000007080004400000000f0800014000000000340005800c0001007061796c6f61640024000280080004010000002708020340000000b9080002400000000208000140000000080900010073797a30000000000900020073797a32"], 0xc0}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

216.250198ms ago: executing program 2 (id=32):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x136)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000340)={r4, 0x0, 0x0, 0x0, 0x1, [<r5=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6})

216.058818ms ago: executing program 3 (id=33):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

0s ago: executing program 0 (id=34):
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write(r0, &(0x7f0000000340), 0x11000)
io_setup(0x3ff, &(0x7f0000000500)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.245' (ED25519) to the list of known hosts.
[   68.382787][ T5848] cgroup: Unknown subsys name 'net'
[   68.537920][ T5848] cgroup: Unknown subsys name 'cpuset'
[   68.546846][ T5848] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   69.933048][ T5848] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   71.407717][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[   71.414073][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[   72.370747][ T5870] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   72.409793][ T5871] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   72.415606][ T5873] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   72.425528][ T5873] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   72.433521][ T5873] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   72.435088][ T5871] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   72.442812][ T5873] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   72.455507][ T5870] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   72.460139][ T5876] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   72.463966][ T5873] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   72.470169][ T5871] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   72.477335][ T5870] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   72.487286][ T5873] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   72.499791][ T5873] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   72.499836][ T5870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   72.515453][ T5870] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   72.516492][ T5182] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   72.525446][ T5870] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   72.531544][ T5182] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   72.537292][ T5870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   73.053130][ T5857] chnl_net:caif_netlink_parms(): no params data found
[   73.086436][ T5858] chnl_net:caif_netlink_parms(): no params data found
[   73.295668][ T5860] chnl_net:caif_netlink_parms(): no params data found
[   73.320319][ T5859] chnl_net:caif_netlink_parms(): no params data found
[   73.388435][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.396007][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.403412][ T5857] bridge_slave_0: entered allmulticast mode
[   73.411631][ T5857] bridge_slave_0: entered promiscuous mode
[   73.429284][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.436495][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.443915][ T5858] bridge_slave_0: entered allmulticast mode
[   73.451819][ T5858] bridge_slave_0: entered promiscuous mode
[   73.481107][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.488352][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.495573][ T5857] bridge_slave_1: entered allmulticast mode
[   73.502729][ T5857] bridge_slave_1: entered promiscuous mode
[   73.521264][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.528450][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.536130][ T5858] bridge_slave_1: entered allmulticast mode
[   73.543896][ T5858] bridge_slave_1: entered promiscuous mode
[   73.639128][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.652903][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.676765][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.689433][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.722335][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.730565][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.737850][ T5860] bridge_slave_0: entered allmulticast mode
[   73.745200][ T5860] bridge_slave_0: entered promiscuous mode
[   73.789488][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.796817][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.803961][ T5860] bridge_slave_1: entered allmulticast mode
[   73.812273][ T5860] bridge_slave_1: entered promiscuous mode
[   73.832161][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.839426][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.847296][ T5859] bridge_slave_0: entered allmulticast mode
[   73.854316][ T5859] bridge_slave_0: entered promiscuous mode
[   73.865502][ T5858] team0: Port device team_slave_0 added
[   73.883947][ T5857] team0: Port device team_slave_0 added
[   73.893121][ T5857] team0: Port device team_slave_1 added
[   73.899438][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.906652][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.913794][ T5859] bridge_slave_1: entered allmulticast mode
[   73.920990][ T5859] bridge_slave_1: entered promiscuous mode
[   73.929938][ T5858] team0: Port device team_slave_1 added
[   73.951006][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.009267][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.033052][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.040197][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.066522][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.120643][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.128082][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.154019][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.175615][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.189419][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.199196][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.206498][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.232926][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.245534][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.252495][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.278435][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.306255][ T5860] team0: Port device team_slave_0 added
[   74.315248][ T5860] team0: Port device team_slave_1 added
[   74.410601][ T5859] team0: Port device team_slave_0 added
[   74.437543][ T5857] hsr_slave_0: entered promiscuous mode
[   74.445152][ T5857] hsr_slave_1: entered promiscuous mode
[   74.452160][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.459217][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.485180][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.498241][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.505934][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.532567][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.545746][ T5859] team0: Port device team_slave_1 added
[   74.567644][ T5858] hsr_slave_0: entered promiscuous mode
[   74.574086][ T5858] hsr_slave_1: entered promiscuous mode
[   74.580998][ T5858] debugfs: 'hsr0' already exists in 'hsr'
[   74.586901][ T5858] Cannot create hsr debugfs directory
[   74.605241][ T5182] Bluetooth: hci3: command tx timeout
[   74.605529][ T5869] Bluetooth: hci2: command tx timeout
[   74.611106][ T5182] Bluetooth: hci0: command tx timeout
[   74.617080][ T5870] Bluetooth: hci1: command tx timeout
[   74.654603][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.661586][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.687613][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.722088][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.729084][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.755047][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.856913][ T5860] hsr_slave_0: entered promiscuous mode
[   74.863203][ T5860] hsr_slave_1: entered promiscuous mode
[   74.869552][ T5860] debugfs: 'hsr0' already exists in 'hsr'
[   74.875852][ T5860] Cannot create hsr debugfs directory
[   74.951166][ T5859] hsr_slave_0: entered promiscuous mode
[   74.958768][ T5859] hsr_slave_1: entered promiscuous mode
[   74.965127][ T5859] debugfs: 'hsr0' already exists in 'hsr'
[   74.970852][ T5859] Cannot create hsr debugfs directory
[   75.343230][ T5857] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   75.356774][ T5857] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   75.368929][ T5857] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   75.389443][ T5857] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   75.438012][ T5858] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   75.450190][ T5858] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   75.463009][ T5858] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   75.481486][ T5858] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   75.562306][ T5860] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   75.581024][ T5860] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   75.591438][ T5860] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   75.602575][ T5860] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   75.738169][ T5859] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   75.748884][ T5859] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   75.773318][ T5859] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   75.783332][ T5859] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   75.803899][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.868602][ T5857] 8021q: adding VLAN 0 to HW filter on device team0
[   75.903583][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.910918][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.938626][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.945828][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.960965][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.018430][ T5858] 8021q: adding VLAN 0 to HW filter on device team0
[   76.041796][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.050359][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.057488][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.083743][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.090931][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.171466][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.187691][ T5860] 8021q: adding VLAN 0 to HW filter on device team0
[   76.207392][ T5858] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   76.219324][ T5858] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   76.253881][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.261105][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.284014][ T5859] 8021q: adding VLAN 0 to HW filter on device team0
[   76.314376][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.321536][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.340630][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.347856][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.419808][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.427077][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.477200][ T5860] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   76.488579][ T5860] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   76.685984][ T5870] Bluetooth: hci0: command tx timeout
[   76.687075][ T5182] Bluetooth: hci1: command tx timeout
[   76.691420][ T5870] Bluetooth: hci2: command tx timeout
[   76.699620][ T5182] Bluetooth: hci3: command tx timeout
[   76.710849][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.752693][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.884176][ T5858] veth0_vlan: entered promiscuous mode
[   76.899200][ T5857] veth0_vlan: entered promiscuous mode
[   76.921790][ T5858] veth1_vlan: entered promiscuous mode
[   76.949231][ T5857] veth1_vlan: entered promiscuous mode
[   77.038045][ T5858] veth0_macvtap: entered promiscuous mode
[   77.058560][ T5858] veth1_macvtap: entered promiscuous mode
[   77.086807][ T5857] veth0_macvtap: entered promiscuous mode
[   77.097856][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.110928][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.123973][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.145152][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.152998][ T5857] veth1_macvtap: entered promiscuous mode
[   77.198633][ T1099] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.208605][ T1099] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.230470][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.239451][ T1099] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.261267][ T1099] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.286150][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.346741][ T5859] veth0_vlan: entered promiscuous mode
[   77.352601][ T5860] veth0_vlan: entered promiscuous mode
[   77.367382][ T1099] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.380937][ T1099] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.392873][ T1099] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.412241][ T5859] veth1_vlan: entered promiscuous mode
[   77.421945][ T1099] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.450023][ T5860] veth1_vlan: entered promiscuous mode
[   77.498215][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.513973][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.556738][ T5860] veth0_macvtap: entered promiscuous mode
[   77.597817][ T1099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.610566][ T5860] veth1_macvtap: entered promiscuous mode
[   77.616731][ T1099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.620128][ T5859] veth0_macvtap: entered promiscuous mode
[   77.691257][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.702541][ T5859] veth1_macvtap: entered promiscuous mode
[   77.723823][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.742217][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.744671][ T5858] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   77.752205][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.826431][ T1099] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.859267][ T1099] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.871720][ T1099] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.889160][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.890350][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.899162][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.921270][ T1099] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.951683][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.022144][ T3580] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.075647][ T3580] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.096750][ T3580] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.112409][ T3580] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.165170][ T5949] netlink: 'syz.2.5': attribute type 1 has an invalid length.
[   78.173168][ T5949] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5'.
[   78.182229][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.192792][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.265438][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.273369][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.304038][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.318786][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.347777][ T5928] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   78.382335][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.390458][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.507576][ T5955] netlink: 'syz.1.2': attribute type 6 has an invalid length.
[   78.522927][ T5928] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   78.543843][ T5928] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   78.557135][ T5928] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   78.581054][ T5928] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.610205][ T5951] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   78.640723][ T5928] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[   78.765098][ T5182] Bluetooth: hci2: command tx timeout
[   78.770549][ T5182] Bluetooth: hci1: command tx timeout
[   78.776857][ T5870] Bluetooth: hci0: command tx timeout
[   78.782068][ T5861] Bluetooth: hci3: command tx timeout
[   79.003186][  T122] usb 1-1: USB disconnect, device number 2
[   79.074493][ T5928] usb 3-1: new low-speed USB device number 2 using dummy_hcd
[   79.154013][ T5972] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   79.267489][ T5928] usb 3-1: unable to get BOS descriptor or descriptor too short
[   79.287339][ T5928] usb 3-1: config 1 has an invalid descriptor of length 7, skipping remainder of the config
[   79.318673][ T5928] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[   79.344429][ T5928] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 32, setting to 0
[   79.368747][ T5928] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 24, changing to 4
[   79.393733][ T5928] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 8, setting to 0
[   79.413660][ T5928] usb 3-1: config 1 interface 1 has no altsetting 0
[   79.446846][ T5928] usb 3-1: string descriptor 0 read error: -22
[   79.456412][ T5928] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   79.494422][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.527603][ T5928] usb 3-1: low speed audio streaming not supported
[   79.731684][ T5965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   79.753110][ T5965] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   79.770767][ T5965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   79.781653][ T5965] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   79.823148][ T5953] usb 3-1: USB disconnect, device number 2
[   80.105048][   T24] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   80.256496][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   80.274089][   T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   80.304611][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.321528][   T24] usb 4-1: Product: syz
[   80.338125][   T24] usb 4-1: Manufacturer: syz
[   80.342768][   T24] usb 4-1: SerialNumber: syz
[   80.715379][ T5945] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   80.844976][ T5869] Bluetooth: hci1: command tx timeout
[   80.850602][ T5861] Bluetooth: hci0: command tx timeout
[   80.850628][ T5182] Bluetooth: hci2: command tx timeout
[   80.856084][ T5861] Bluetooth: hci3: command tx timeout
[   80.902596][ T5945] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[   80.912969][ T5945] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   80.966224][ T5945] usb 3-1: config 0 descriptor??
[   80.999632][ T5945] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[   81.421308][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   81.490053][   T24] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[   81.535785][   T24] cdc_ncm 4-1:1.0: dwNtbInMaxSize=20 is too small. Using 2048
[   81.602847][   T24] cdc_ncm 4-1:1.0: setting rx_max = 2048
[   81.619810][ T6012] dns_resolver: Unsupported content type (254)
[   81.662127][   T24] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[   81.774475][ T6017] netlink: 64 bytes leftover after parsing attributes in process `syz.1.21'.
[   81.866181][   T30] audit: type=1326 audit(1757222574.613:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.0.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8e7d8ebe9 code=0x7ffc0000
[   81.947687][   T30] audit: type=1326 audit(1757222574.673:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.0.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8e7d8ebe9 code=0x7ffc0000
[   82.006010][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   82.022882][   T30] audit: type=1326 audit(1757222574.673:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.0.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8e7d8ebe9 code=0x7ffc0000
[   82.084181][   T30] audit: type=1326 audit(1757222574.673:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.0.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd8e7d2adb9 code=0x7ffc0000
[   82.178733][   T30] audit: type=1326 audit(1757222574.673:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.0.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd8e7d2adb9 code=0x7ffc0000
[   82.230670][   T30] audit: type=1326 audit(1757222574.673:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.0.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd8e7d2adb9 code=0x7ffc0000
[   82.356977][   T30] audit: type=1326 audit(1757222574.673:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.0.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd8e7d2adb9 code=0x7ffc0000
[   82.437390][   T30] audit: type=1326 audit(1757222574.673:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.0.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8e7d8ebe9 code=0x7ffc0000
[   82.682100][ T5945] gp8psk: usb in 128 operation failed.
[   82.690609][   T30] audit: type=1326 audit(1757222574.673:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.0.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8e7d8ebe9 code=0x7ffc0000
[   82.712835][ T5945] gp8psk: usb in 137 operation failed.
[   82.718413][ T5945] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   82.728954][   T30] audit: type=1326 audit(1757222574.673:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.0.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd8e7d2adb9 code=0x7ffc0000
[   83.273166][ T5945] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver)
[   83.283811][ T5945] usb 3-1: media controller created
[   83.312062][ T5945] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   83.562001][ T5953] usb 4-1: USB disconnect, device number 2
[   83.576416][ T5953] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP)
[   83.618757][ T5945] gp8psk_fe: Frontend attached
[   83.629371][ T5945] usb 3-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[   83.687263][ T5945] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[   83.720026][ T6048] process 'syz.2.27' launched './file0' with NULL argv: empty string added
[   84.074616][   T24] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   84.395198][   T24] usb 2-1: Using ep0 maxpacket: 32
[   84.420665][   T24] usb 2-1: config 0 has an invalid interface number: 54 but max is 0
[   84.443390][ T5945] gp8psk: usb in 138 operation failed.
[   84.475059][ T5945] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected.
[   84.502459][   T24] usb 2-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[   84.538709][ T5945] gp8psk: found Genpix USB device pID = 203 (hex)
[   84.555548][ T6057] netlink: 24 bytes leftover after parsing attributes in process `syz.2.31'.
[   84.566362][   T24] usb 2-1: config 0 has no interface number 0
[   84.603599][   T24] usb 2-1: too many endpoints for config 0 interface 54 altsetting 205: 134, using maximum allowed: 30
[   84.646733][ T5945] usb 3-1: USB disconnect, device number 3
[   84.687560][ T6059] capability: warning: `syz.3.30' uses deprecated v2 capabilities in a way that may be insecure
[   84.932971][   T24] usb 2-1: config 0 interface 54 altsetting 205 has 0 endpoint descriptors, different from the interface descriptor's value: 134
[   85.274769][   T24] usb 2-1: config 0 interface 54 has no altsetting 0
[   85.286308][   T24] usb 2-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[   85.299444][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.339822][   T24] usb 2-1: Product: syz
[   85.344075][   T24] usb 2-1: Manufacturer: syz
[   85.368619][   T24] usb 2-1: SerialNumber: syz
[   85.425392][   T24] usb 2-1: config 0 descriptor??
[   85.474009][ T5945] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected.
[   85.547396][ T6064] ==================================================================
[   85.555492][ T6064] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0
[   85.563926][ T6064] Read of size 8 at addr ffff8880322b2408 by task syz.2.32/6064
[   85.571542][ T6064] 
[   85.573899][ T6064] CPU: 0 UID: 0 PID: 6064 Comm: syz.2.32 Not tainted syzkaller #0 PREEMPT(full) 
[   85.573922][ T6064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   85.573941][ T6064] Call Trace:
[   85.573951][ T6064]  <TASK>
[   85.573958][ T6064]  dump_stack_lvl+0x189/0x250
[   85.573971][ T6064]  ? __kasan_check_byte+0x12/0x40
[   85.573985][ T6064]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.573994][ T6064]  ? lock_release+0x4b/0x3e0
[   85.574007][ T6064]  ? __virt_addr_valid+0x4a5/0x5c0
[   85.574030][ T6064]  print_report+0xca/0x240
[   85.574050][ T6064]  ? change_page_attr_set_clr+0x625/0xfc0
[   85.574072][ T6064]  kasan_report+0x118/0x150
[   85.574094][ T6064]  ? change_page_attr_set_clr+0x625/0xfc0
[   85.574113][ T6064]  change_page_attr_set_clr+0x625/0xfc0
[   85.574127][ T6064]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[   85.574138][ T6064]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[   85.574153][ T6064]  ? memtype_reserve+0x874/0xb30
[   85.574179][ T6064]  _set_pages_array+0x145/0x270
[   85.574205][ T6064]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[   85.574238][ T6064]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[   85.574263][ T6064]  drm_gem_shmem_pin_locked+0x22c/0x460
[   85.574278][ T6064]  ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10
[   85.574294][ T6064]  ? ww_mutex_lock+0x3f/0x1c0
[   85.574306][ T6064]  drm_gem_map_attach+0x19c/0x1f0
[   85.574333][ T6064]  dma_buf_dynamic_attach+0x1ea/0x3d0
[   85.574356][ T6064]  ? __fget_files+0x3a0/0x420
[   85.574381][ T6064]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[   85.574397][ T6064]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[   85.574416][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[   85.574413][ T6064]  ? drm_gem_prime_fd_to_handle+0x185/0x4d0
[   85.574441][ T6064]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[   85.574457][ T6064]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[   85.574486][ T6064]  drm_ioctl_kernel+0x2cc/0x390
[   85.574510][ T6064]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[   85.574538][ T6064]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   85.574567][ T6064]  drm_ioctl+0x67f/0xb10
[   85.574590][ T6064]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[   85.574621][ T6064]  ? __pfx_drm_ioctl+0x10/0x10
[   85.574650][ T6064]  ? __fget_files+0x3a0/0x420
[   85.574673][ T6064]  ? __fget_files+0x2a/0x420
[   85.574699][ T6064]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.574716][ T6064]  ? __pfx_drm_ioctl+0x10/0x10
[   85.574739][ T6064]  __se_sys_ioctl+0xf9/0x170
[   85.574759][ T6064]  do_syscall_64+0xfa/0xfa0
[   85.574776][ T6064]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.574793][ T6064]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.574811][ T6064]  ? clear_bhb_loop+0x60/0xb0
[   85.574832][ T6064]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.574850][ T6064] RIP: 0033:0x7f4f8a78ebe9
[   85.574883][ T6064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.574901][ T6064] RSP: 002b:00007f4f8b65d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.574920][ T6064] RAX: ffffffffffffffda RBX: 00007f4f8a9c5fa0 RCX: 00007f4f8a78ebe9
[   85.574935][ T6064] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000007
[   85.574948][ T6064] RBP: 00007f4f8a811e19 R08: 0000000000000000 R09: 0000000000000000
[   85.574960][ T6064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.574972][ T6064] R13: 00007f4f8a9c6038 R14: 00007f4f8a9c5fa0 R15: 00007ffc716945b8
[   85.574994][ T6064]  </TASK>
[   85.575001][ T6064] 
[   85.604475][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   85.604511][ T6064] Allocated by task 6064:
[   85.654381][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[   85.656220][ T6064]  kasan_save_track+0x3e/0x80
[   85.722500][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   85.722764][ T6064]  __kasan_kmalloc+0x93/0xb0
[   85.734370][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[   85.737133][ T6064]  __kvmalloc_node_noprof+0x5cd/0x910
[   85.824403][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[   85.826550][ T6064]  drm_gem_get_pages+0x166/0xa20
[   85.831737][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   85.837088][ T6064]  drm_gem_shmem_get_pages_locked+0x201/0x440
[   85.926837][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   85.927049][ T6064]  drm_gem_shmem_pin_locked+0x22c/0x460
[   86.007596][ T6064]  drm_gem_map_attach+0x19c/0x1f0
[   86.012638][ T6064]  dma_buf_dynamic_attach+0x1ea/0x3d0
[   86.018026][ T6064]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[   86.024264][ T6064]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[   86.029985][ T6064]  drm_ioctl_kernel+0x2cc/0x390
[   86.034828][ T6064]  drm_ioctl+0x67f/0xb10
[   86.039084][ T6064]  __se_sys_ioctl+0xf9/0x170
[   86.043659][ T6064]  do_syscall_64+0xfa/0xfa0
[   86.048169][ T6064]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.054063][ T6064] 
[   86.056373][ T6064] The buggy address belongs to the object at ffff8880322b2000
[   86.056373][ T6064]  which belongs to the cache kmalloc-2k of size 2048
[   86.070429][ T6064] The buggy address is located 0 bytes to the right of
[   86.070429][ T6064]  allocated 1032-byte region [ffff8880322b2000, ffff8880322b2408)
[   86.085019][ T6064] 
[   86.087351][ T6064] The buggy address belongs to the physical page:
[   86.093760][ T6064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x322b0
[   86.102523][ T6064] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   86.111013][ T6064] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   86.118571][ T6064] page_type: f5(slab)
[   86.122552][ T6064] raw: 00fff00000000040 ffff88801a842000 ffffea0001b8fa00 0000000000000002
[   86.131138][ T6064] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[   86.139732][ T6064] head: 00fff00000000040 ffff88801a842000 ffffea0001b8fa00 0000000000000002
[   86.148411][ T6064] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[   86.157098][ T6064] head: 00fff00000000003 ffffea0000c8ac01 00000000ffffffff 00000000ffffffff
[   86.165779][ T6064] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   86.174455][ T6064] page dumped because: kasan: bad access detected
[   86.180886][ T6064] page_owner tracks the page as allocated
[   86.186598][ T6064] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5845, tgid 5845 (sshd-session), ts 65671256929, free_ts 64995122633
[   86.207969][ T6064]  post_alloc_hook+0x240/0x2a0
[   86.212741][ T6064]  get_page_from_freelist+0x21e4/0x22c0
[   86.218291][ T6064]  __alloc_frozen_pages_noprof+0x181/0x370
[   86.224117][ T6064]  alloc_pages_mpol+0x232/0x4a0
[   86.228993][ T6064]  allocate_slab+0x8a/0x330
[   86.233510][ T6064]  ___slab_alloc+0xbd1/0x13f0
[   86.238182][ T6064]  __slab_alloc+0x55/0xa0
[   86.242503][ T6064]  __kmalloc_noprof+0x471/0x7f0
[   86.247332][ T6064]  sk_prot_alloc+0xe7/0x220
[   86.251823][ T6064]  sk_alloc+0x3a/0x370
[   86.255894][ T6064]  __netlink_create+0x65/0x260
[   86.260657][ T6064]  netlink_create+0x3ca/0x590
[   86.265321][ T6064]  __sock_create+0x4b0/0x9f0
[   86.269922][ T6064]  __sys_socket+0xd7/0x1b0
[   86.274343][ T6064]  __x64_sys_socket+0x7a/0x90
[   86.279026][ T6064]  do_syscall_64+0xfa/0xfa0
[   86.283524][ T6064] page last free pid 5525 tgid 5525 stack trace:
[   86.289830][ T6064]  __free_frozen_pages+0xbc4/0xd30
[   86.294940][ T6064]  __put_partials+0x146/0x170
[   86.299607][ T6064]  put_cpu_partial+0x17c/0x250
[   86.304374][ T6064]  __slab_free+0x2b9/0x390
[   86.308799][ T6064]  qlist_free_all+0x97/0x140
[   86.313383][ T6064]  kasan_quarantine_reduce+0x148/0x160
[   86.318829][ T6064]  __kasan_slab_alloc+0x22/0x80
[   86.323678][ T6064]  kmem_cache_alloc_node_noprof+0x433/0x710
[   86.329562][ T6064]  __alloc_skb+0x112/0x2d0
[   86.333973][ T6064]  alloc_skb_with_frags+0xca/0x890
[   86.339095][ T6064]  sock_alloc_send_pskb+0x857/0x990
[   86.344306][ T6064]  unix_dgram_sendmsg+0x461/0x1850
[   86.349420][ T6064]  __sock_sendmsg+0x219/0x270
[   86.354089][ T6064]  sock_write_iter+0x258/0x330
[   86.358860][ T6064]  vfs_write+0x5c9/0xb30
[   86.363106][ T6064]  ksys_write+0x145/0x250
[   86.367418][ T6064] 
[   86.369733][ T6064] Memory state around the buggy address:
[   86.375356][ T6064]  ffff8880322b2300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.383419][ T6064]  ffff8880322b2380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.391479][ T6064] >ffff8880322b2400: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.399524][ T6064]                       ^
[   86.403832][ T6064]  ffff8880322b2480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.411875][ T6064]  ffff8880322b2500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.419918][ T6064] ==================================================================
[   86.429797][ T6064] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   86.437014][ T6064] CPU: 0 UID: 0 PID: 6064 Comm: syz.2.32 Not tainted syzkaller #0 PREEMPT(full) 
[   86.446119][ T6064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   86.456162][ T6064] Call Trace:
[   86.459438][ T6064]  <TASK>
[   86.462363][ T6064]  dump_stack_lvl+0x99/0x250
[   86.466944][ T6064]  ? __asan_memcpy+0x40/0x70
[   86.471525][ T6064]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.476727][ T6064]  ? __pfx__printk+0x10/0x10
[   86.481329][ T6064]  vpanic+0x237/0x6d0
[   86.485323][ T6064]  ? __pfx_vpanic+0x10/0x10
[   86.489840][ T6064]  panic+0xb9/0xc0
[   86.493552][ T6064]  ? __pfx_panic+0x10/0x10
[   86.497957][ T6064]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[   86.503863][ T6064]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   86.509752][ T6064]  ? change_page_attr_set_clr+0x625/0xfc0
[   86.515468][ T6064]  check_panic_on_warn+0x89/0xb0
[   86.520413][ T6064]  ? change_page_attr_set_clr+0x625/0xfc0
[   86.526131][ T6064]  end_report+0x78/0x160
[   86.530379][ T6064]  kasan_report+0x129/0x150
[   86.534887][ T6064]  ? change_page_attr_set_clr+0x625/0xfc0
[   86.540611][ T6064]  change_page_attr_set_clr+0x625/0xfc0
[   86.546170][ T6064]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[   86.552246][ T6064]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[   86.558394][ T6064]  ? memtype_reserve+0x874/0xb30
[   86.563335][ T6064]  _set_pages_array+0x145/0x270
[   86.568185][ T6064]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[   86.574245][ T6064]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[   86.580840][ T6064]  drm_gem_shmem_pin_locked+0x22c/0x460
[   86.586388][ T6064]  ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10
[   86.592442][ T6064]  ? ww_mutex_lock+0x3f/0x1c0
[   86.597134][ T6064]  drm_gem_map_attach+0x19c/0x1f0
[   86.602190][ T6064]  dma_buf_dynamic_attach+0x1ea/0x3d0
[   86.607570][ T6064]  ? __fget_files+0x3a0/0x420
[   86.612238][ T6064]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[   86.619088][ T6064]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[   86.625320][ T6064]  ? drm_gem_prime_fd_to_handle+0x185/0x4d0
[   86.631218][ T6064]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[   86.638065][ T6064]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[   86.643787][ T6064]  drm_ioctl_kernel+0x2cc/0x390
[   86.648653][ T6064]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[   86.655066][ T6064]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   86.660440][ T6064]  drm_ioctl+0x67f/0xb10
[   86.664678][ T6064]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[   86.671106][ T6064]  ? __pfx_drm_ioctl+0x10/0x10
[   86.675879][ T6064]  ? __fget_files+0x3a0/0x420
[   86.680551][ T6064]  ? __fget_files+0x2a/0x420
[   86.685141][ T6064]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.690067][ T6064]  ? __pfx_drm_ioctl+0x10/0x10
[   86.694848][ T6064]  __se_sys_ioctl+0xf9/0x170
[   86.699450][ T6064]  do_syscall_64+0xfa/0xfa0
[   86.703955][ T6064]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.709176][ T6064]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.715235][ T6064]  ? clear_bhb_loop+0x60/0xb0
[   86.719907][ T6064]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.725803][ T6064] RIP: 0033:0x7f4f8a78ebe9
[   86.730222][ T6064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.749830][ T6064] RSP: 002b:00007f4f8b65d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.758254][ T6064] RAX: ffffffffffffffda RBX: 00007f4f8a9c5fa0 RCX: 00007f4f8a78ebe9
[   86.766215][ T6064] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000007
[   86.774175][ T6064] RBP: 00007f4f8a811e19 R08: 0000000000000000 R09: 0000000000000000
[   86.782137][ T6064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.790105][ T6064] R13: 00007f4f8a9c6038 R14: 00007f4f8a9c5fa0 R15: 00007ffc716945b8
[   86.798094][ T6064]  </TASK>
[   86.801370][ T6064] Kernel Offset: disabled
[   86.805682][ T6064] Rebooting in 86400 seconds..